JP6094255B2 - Cryptographic processing apparatus and information processing apparatus - Google Patents

Description

  The present invention relates to an encryption processing apparatus that performs encryption processing for encryption or decryption on input original data and outputs processed data, and an information processing apparatus using the same.

  In the modern society, various information processing devices such as personal computers, smartphones, electronic tablets, and IC cards are widely used as electronic devices indispensable for social life. In this way, information processing devices incorporated and used in social life have become an indispensable function for ensuring security, and many information processing devices have an encryption processing function. It has been incorporated.

  Many information processing apparatuses basically execute desired information processing by executing a computer program, and the functions of the cryptographic processing apparatus incorporated in the information processing apparatus are also realized by the computer program. . A general information processing apparatus incorporates a cryptographic processing subroutine for performing a function as a cryptographic processing apparatus separately from a main program for performing its original function. When necessary, a format is adopted in which an encryption processing subroutine is called to request encryption processing.

  For example, when it is necessary to perform encryption in the main program, the plain text data is transferred from the main program to the encryption processing subroutine, and the encryption processing subroutine converts the plain text data into encryption data. Processing to deliver the encrypted data to the main program is performed. When it is necessary to perform decryption in the main program, the encrypted data is transferred from the main program to the encryption processing subroutine, and the encryption processing subroutine converts the encryption data into the original plaintext data. Processing to transfer the plain text data to the main program is performed.

  In order to maintain the confidentiality of encryption, it is necessary to keep the processing executed in the encryption processing subroutine secret. For this reason, a unique secret encryption algorithm is adopted in the encryption processing subroutine, and encryption processing using a unique encryption key is executed. Therefore, as long as the encryption key and the algorithm used to perform the encryption process are kept secret, the confidentiality of the encryption is maintained.

  In order to perform encryption processing using an arbitrary encryption key, the encryption key is transferred from the main program to the encryption processing subroutine together with the original data to be processed, and the encryption processing subroutine performs encryption processing using the encryption key. In this case, processing for returning processed data to the main program is performed. At this time, consideration must be given to maintaining the confidentiality of the encryption key. That is, if the cryptographic key used for cryptographic processing is leaked due to an illegal act of a cracker, the content of the cryptographic processing executed in the cryptographic processing subroutine may be analyzed, and the tamper resistance of the cryptographic processing device Will be damaged.

  Therefore, for example, in Patent Document 1 below, a memory module is incorporated instead of storing an encryption key required when performing encryption processing in a communication device such as a mobile communication terminal. A technique is disclosed in which an encryption key is stored in a ring and an encryption key is read from the ring when encryption processing is necessary. If this technology is adopted, even if the communication device is stolen, the encryption key will not leak and the tamper resistance can be ensured unless the ring is stolen together.

  On the other hand, in Patent Document 2, when performing encryption processing in a communication device such as a mobile communication terminal, a necessary encryption key is downloaded from an external management server. A technique for preventing leakage of an encryption key and ensuring tamper resistance by erasing the encryption key from the information processing apparatus is disclosed. In Patent Document 3, the encryption key is divided into a plurality of pieces, one of the divided encryption keys is stored in the information processing apparatus, and the other divided encryption key is stored in an external management server. A method has been proposed in which the other divided encryption key is downloaded from the management server and the original encryption key is restored when it is necessary.

JP 2000-68997 A JP 2011-77740 A JP2012-65123A

  As described above, in an information processing apparatus having an encryption processing function, if an encryption key used for encryption processing is stored inside the apparatus, the encryption key may be leaked due to an illegal act of a cracker. It becomes a factor that impairs tampering. Therefore, in Patent Document 1 described above, a method of storing an encryption key in a ring incorporating a memory module is proposed, but the user must always carry the ring when using a communication device. In practical use, convenience of use is significantly reduced.

  On the other hand, Patent Documents 2 and 3 listed above propose a method of downloading an encryption key or a partial encryption key thereof from an external management server, and if this method is adopted, information processing will be performed. Although it is possible to prevent the encryption key from being stolen directly from the device, the cracker can indirectly steal the encryption key from the download path, and the information processing device itself has been obtained. Since the cracker can also steal the encryption key after downloading from the management server, it cannot secure sufficient tamper resistance.

  Accordingly, the present invention provides an encryption processing apparatus capable of ensuring tamper resistance without impairing convenience when executing encryption processing using an encryption key, and an information processing apparatus incorporating the encryption processing apparatus. For the purpose.

(1) A first aspect of the present invention is an encryption processing apparatus that performs encryption processing for encryption or decryption on input original data and outputs processed data.
A data input unit for inputting the original data to be encrypted and the code data necessary for the encryption from the outside;
Based on a predetermined encryption algorithm using a predetermined encryption key, an encryption processing unit that performs encryption processing on the original data input by the data input unit and generates processed data;
A data output unit for outputting the generated processed data to the outside;
A random number table storage unit for storing a random number table containing N (M ≧ N) numerical values randomly in a plurality of M cells each having a unique cell number;
By referring to the random number table, a conversion process is performed in which each numeric value included in the code data input by the data input unit is replaced with a numeric value stored in a cell having the numeric value as the cell number. A code conversion unit that gives the obtained data to the encryption processing unit as an encryption key;
Is provided.

(2) According to a second aspect of the present invention, in the cryptographic processing device according to the first aspect described above,
The cryptographic processing unit performs cryptographic processing using an encryption key in which integers having values in the range of 0 to (N−1) are enumerated;
The random number table storage unit overlaps a plurality of M cells assigned consecutive cell numbers in the range of 0 to (M−1) with N consecutive integers in the range of 0 to (N−1). Stores a random number table that allows and accommodates randomly,
Conversion in which the code conversion unit replaces code data in which integers having values in the range of 0 to (M-1) are listed with encryption keys in which integers having values in the range of 0 to (N-1) are listed. Processing is performed.

(3) According to a third aspect of the present invention, in the cryptographic processing device according to the second aspect described above,
Set M = N,
In the random number table storage unit, a random number table storing N integers in N cells is stored.

(4) According to a fourth aspect of the present invention, in the cryptographic processing device according to the third aspect described above,
Set M = N = 256,
The random number table storage unit stores a random number table in which 256 integers each assigned with a continuous cell number from 0 to 255 are randomly stored, each having an integer from 0 to 255,
The code conversion unit performs conversion processing in which L bytes of code data obtained by arranging L bytes of 1-byte data are replaced for each individual byte, and 1 byte of data is replaced by L bytes of encryption keys. ,
The cryptographic processing unit performs cryptographic processing using an L-byte cryptographic key.

(5) According to a fifth aspect of the present invention, in the cryptographic processing device according to the second aspect described above,
Set M> N,
The random number table storage unit stores a random number table in which at least one of N kinds of integers is accommodated in each of M cells, and some of the same integers as other cells are accommodated in some cells. It is what you have done.

(6) According to a sixth aspect of the present invention, in the cryptographic processing device according to the fifth aspect described above,
Set N = 256, M> 256,
The random number table storage unit stores a random number table in which at least one integer of 0 to 255 is randomly stored in M cells to which consecutive cell numbers of 0 to (M−1) are assigned,
The code conversion unit performs a conversion process of replacing the code data obtained by enumerating L pieces of data having a predetermined bit length for each piece of data, and replacing the 1-byte data with L pieces of L-byte encryption keys,
The cryptographic processing unit performs cryptographic processing using an L-byte cryptographic key.

(7) According to a seventh aspect of the present invention, in the cryptographic processing device according to the first to sixth aspects described above,
The random number table storage unit stores a plurality of K random number tables,
The data input unit inputs a table designator for specifying a specific random number table from the outside together with the original data and the code data,
The code conversion unit performs the conversion process by referring to the random number table specified by the table designator.

(8) According to an eighth aspect of the present invention, in the cryptographic processing device according to the seventh aspect described above,
The data input unit includes original data, L-byte code data obtained by arranging L 1-byte data, and each byte constituting the L-byte code data, or each byte group including a plurality of bytes. For each, a unique table designator that specifies a specific random number table is entered from the outside,
The code conversion unit performs the conversion process by referring to the random number table specified by the unique table designator for each byte of the code data or for each byte group consisting of a plurality of bytes. It is a thing.

(9) According to a ninth aspect of the present invention, in the cryptographic processing device according to the first to sixth aspects described above,
The random number table storage unit stores a plurality of K random number tables,
The code conversion unit stores a plurality of table designation patterns for sequentially designating the K random number tables according to a predetermined rule,
The data input unit externally inputs the original data, L-byte code data obtained by arranging L 1-byte data, and a pattern selector for selecting a specific table designating pattern,
The code conversion unit specifies a random number table for each byte of code data based on the table specification pattern selected by the pattern selector, and performs conversion processing by referring to the specified random number table Is.

(10) According to a tenth aspect of the present invention, in the cryptographic processing device according to the first to ninth aspects described above,
The data input unit inputs a shift indicator indicating the rule for shifting the numerical value in each cell of the random number table together with the original data and the code data from the outside,
The code conversion unit shifts each numerical value in the random number table based on the rule indicated by the shift indicator, and performs conversion processing using the shifted numerical value.

(11) According to an eleventh aspect of the present invention, in the cryptographic processing device according to the tenth aspect described above,
The data input unit inputs a shift indicator indicating either a positive or negative shift direction and a shift amount d,
When the sign conversion unit has a positive shift direction, the numerical value in the cell having the i-th cell number in the random number table is shifted to the cell having the (i + d) -th cell number, and the shift direction is negative. In this case, a shift process for shifting the numerical value in the cell having the i-th cell number in the random number table to the cell having the (id) cell number (however, the cell after the shift has the cell number If the cell number is out of the range, the total cell number M is added to or subtracted from the shifted cell number so as to be within the cell number range.

(12) According to a twelfth aspect of the present invention, in the cryptographic processing device according to the tenth aspect described above,
The random number table storage unit stores a plurality of K random number tables,
The data input unit inputs from the outside a table designator that designates a specific random number table together with the original data and code data, and a shift indicator that indicates a rule for shifting across a plurality of random number tables,
The code conversion unit performs a shift process based on the rule indicated by the shift indicator, and performs the conversion process by referring to the random number table specified by the table specifier after the shift process.

(13) According to a thirteenth aspect of the present invention, in the cryptographic processing device according to the first to twelfth aspects described above,
The code conversion unit rearranges individual numerical values included in the code data input by the data input unit according to a predetermined sorting rule, performs conversion processing by referring to the random number table using the rearranged numerical values, and performs conversion The later data is given to the encryption processing unit as an encryption key.

(14) According to a fourteenth aspect of the present invention, in the cryptographic processing device according to the first to twelfth aspects described above,
After the code conversion unit obtains data after conversion by conversion processing with reference to the random number table, the numerical values included in the converted data are rearranged according to a predetermined rearrangement rule, and the rearranged data Is given to the encryption processing unit as an encryption key.

(15) According to a fifteenth aspect of the present invention, in the cryptographic processing device according to the first to fourteenth aspects described above,
The cryptographic processing unit has a function of performing cryptographic processing using an arbitrary cryptographic algorithm among a plurality of cryptographic algorithms,
The data input unit inputs an algorithm specifier that specifies one of a plurality of cryptographic algorithms,
The cryptographic processing unit performs cryptographic processing using the cryptographic algorithm specified by the algorithm specifier.

(16) According to a sixteenth aspect of the present invention, in the cryptographic processing device according to the first to fifteenth aspects described above,
A code data decoding unit for decoding the encrypted code data encrypted by a predetermined method and obtaining the original code data;
The data input unit inputs the encrypted code data from the outside,
The code data decoding unit decodes the encrypted code data input by the data input unit, and provides the decoded code data to the code conversion unit.
The code conversion unit performs a conversion process for converting the decrypted code data into an encryption key.

(17) According to a seventeenth aspect of the present invention, in the cryptographic processing device according to the sixteenth aspect described above,
The code data decryption unit stores a plurality of H kinds of decryption keys,
The data input unit designates the encrypted code data encrypted in a state where the decryption is possible using the i-th decryption key of the plurality of H types of decryption keys, and the i-th decryption key Input the key specifier from the outside,
The code data decryption unit performs decryption using the decryption key designated by the decryption key specifier.

(18) According to an eighteenth aspect of the present invention, in the cryptographic processing device according to the seventeenth aspect described above,
The code data decryption unit stores one of the public key and the private key for each of a plurality of H pairs of public keys and private keys that can be used in the public key cryptosystem;
The data input unit designates the encrypted code data encrypted using the other key of the i-th key pair of the H key pairs and the decryption key designation for designating the i-th key pair Child and input from the outside,
The code data decryption unit performs decryption using the one key as a decryption key for the key pair designated by the decryption key specifier.

(19) According to a nineteenth aspect of the present invention, an information processing apparatus includes the cryptographic processing apparatus according to the first to fifteenth aspects described above, and a main apparatus that requests the cryptographic processing apparatus to perform cryptographic processing,
In the main unit,
An information processing unit for executing predetermined information processing;
The original data delivered from the information processing unit, code data stored in advance or received from the outside, and, if necessary, a table specifier, pattern selector, shift indicator, algorithm indicator group An encryption processing requesting unit that gives one or more items selected from the data input unit of the cryptographic processing device;
Receiving the processed data output from the data output unit of the cryptographic processing device, and delivering the processed data to the information processing unit; and
Is provided.

(20) According to a twentieth aspect of the present invention, an information processing apparatus includes the cryptographic processing apparatus according to the sixteenth or seventeenth aspect described above and a main apparatus that requests the cryptographic processing apparatus to perform cryptographic processing,
In the main unit,
An information processing unit for executing predetermined information processing;
The original data delivered from the information processing unit, the encrypted code data stored in advance or received from the outside, and, if necessary, a table specifier, pattern selector, shift indicator, algorithm indicator A cryptographic processing requesting unit that gives one or more items selected from the group to the data input unit of the cryptographic processing device;
Receiving the processed data output from the data output unit of the cryptographic processing device, and delivering the processed data to the information processing unit; and
Is provided.

(21) According to a twenty-first aspect of the present invention, an information processing apparatus includes the cryptographic processing apparatus according to the eighteenth aspect described above and a main apparatus that requests the cryptographic processing apparatus to perform cryptographic processing,
In the main unit,
An information processing unit for executing predetermined information processing;
Original data delivered from the information processing unit, encrypted code data stored in advance or received from the outside, a decryption key specifier, and a table specifier, pattern selector, shift instruction as necessary A cryptographic processing requesting unit that gives one or more items selected from the group of children and algorithm indicators to the data input unit of the cryptographic processing device;
Receiving the processed data output from the data output unit of the cryptographic processing device, and delivering the processed data to the information processing unit; and
So that
The decryption key specifier is information for designating the i-th of “one key used as the decryption key for the H key pairs” stored in the code data decryption unit of the cryptographic processing device,
The encrypted code data is data obtained by encrypting predetermined code data using the other key corresponding to the i-th key.
Is provided.

(22) According to a twenty-second aspect of the present invention, in the code data generation device for cryptographic processing that generates code data to be given to the cryptographic processing device according to the first to fifteenth aspects described above,
A random number table storage unit storing the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the code corresponding to the encryption key input by the encryption key input unit A code data generation unit for generating data;
Is provided.

(23) According to a twenty-third aspect of the present invention, in the code data generation device for cryptographic processing that generates the encrypted code data to be given to the cryptographic processing device according to the sixteenth or seventeenth aspect described above,
A random number table storage unit storing the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the code corresponding to the encryption key input by the encryption key input unit A code data generation unit for generating data;
An encrypted code data generation unit that generates encrypted code data by encrypting the code data generated by the code data generation unit by a method that can be decrypted by the code data decoding unit in the encryption processing device;
Is provided.

(24) According to a twenty-fourth aspect of the present invention, in the code data generation device for cryptographic processing for generating the encrypted code data to be given to the cryptographic processing device according to the eighteenth aspect described above,
A random number table storage unit storing the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the code corresponding to the encryption key input by the encryption key input unit A code data generation unit for generating data;
“The other key of the H key pairs” corresponding to the “one key of the H key pairs” stored in the code data decrypting unit in the encryption processing device is stored. Encrypted code data generated by the data generation unit is encrypted using an arbitrary i-th key in “the other key of the H key pairs” to generate encrypted code data An encrypted code data generation unit,
Is provided.

  (25) In a twenty-fifth aspect of the present invention, the cryptographic processing apparatus according to the first to eighteenth aspects described above is configured by incorporating a program into a computer.

  (26) In a twenty-sixth aspect of the present invention, the cryptographic processing apparatus according to the nineteenth to twenty-first aspects described above is configured by incorporating a program into a computer.

(27) According to a twenty-seventh aspect of the present invention, in the cryptographic processing device according to the twenty-sixth aspect described above,
A main program for causing the computer to function as a main device and a cryptographic processing subroutine program for causing the computer to function as a cryptographic processing device are incorporated into the computer, and the main program is described in a high-level language or an intermediate language, and the encryption is performed. A processing subroutine program is written in machine language.

  (28) According to a twenty-eighth aspect of the present invention, the code data generating apparatus for cryptographic processing according to the twenty-second to twenty-fourth aspects is configured by incorporating a program into a computer.

(29) According to a twenty-ninth aspect of the present invention, in a cryptographic processing method in which a computer in which a main program and a cryptographic processing subroutine program are incorporated performs cryptographic processing for encryption or decryption,
A pre-processing stage in which the computer executes the main program to deliver the original data to be subjected to encryption processing and the code data necessary for encryption processing to the encryption processing subroutine program;
By executing a cryptographic processing subroutine program, the computer refers to a random number table in which N (M ≧ N) numerical values are randomly stored in a plurality of M cells each having a unique cell number. A conversion process is performed in which each numerical value included in the code data is replaced with a numerical value contained in a cell having the numerical value as a cell number, and the data obtained through the conversion process is used as a predetermined encryption algorithm. On the basis of the cryptographic processing for the original data, and the cryptographic processing stage for passing the processed data to the main program,
A post-processing stage in which the computer executes predetermined processing using the processed data by executing the main program;
Is to do.

(30) According to a thirty aspect of the present invention, in the cryptographic processing method according to the twenty-ninth aspect described above,
In the pre-processing stage, a process of delivering code data enclosing integers having values in the range of 0 to (M−1) to the cryptographic processing subroutine program is performed.
In the cryptographic processing stage, N consecutive integers in the range of 0 to (N-1) are randomly accommodated in a plurality of M cells assigned consecutive cell numbers in the range of 0 to (M-1). Using the random number table, conversion processing is performed in which the code data is replaced with an encryption key in which integers having values in the range of 0 to (N-1) are enumerated.

(31) According to a thirty-first aspect of the present invention, in the cryptographic processing method according to the twenty-ninth or thirtieth aspect described above,
In the preprocessing stage, instead of the code data, a process of transferring the encrypted code data generated by encrypting the code data by a predetermined method to the encryption subroutine program,
In the encryption processing stage, a conversion process for converting the original code data obtained by decrypting the encrypted code data into an encryption key is performed.

  Since the cryptographic processing apparatus according to the present invention includes a random number table and a code conversion unit that converts given code data into an encryption key using the random number table, the cryptographic key necessary for cryptographic processing is provided. A request for cryptographic processing can be made using code data created using the random number table instead of the random number table. The cryptographic processing apparatus that has received the processing request performs the cryptographic processing after converting the given code data into the cryptographic key using the random number table. For this reason, it is sufficient to prepare the code data in place of the encryption key in the information processing apparatus configured by incorporating the encryption processing apparatus, and the encryption key is leaked even if an illegal act by a cracker is performed. Can be prevented. Thus, tamper resistance can be secured without impairing convenience.

  Further, if the code data generation device for encryption processing according to the present invention is used, code data corresponding to an arbitrary encryption key can be generated using the random number table. The convenience of the information processing apparatus according to the present invention can be improved.

FIG. 11 is a block diagram illustrating a form in which a cryptographic process is executed by calling a subroutine from a main program in a general information processing apparatus. It is a block diagram which shows the form of the encryption process and decryption process using an encryption key in the subroutine shown in FIG. It is a schematic diagram which shows JAVA (trademark) execution environment in Android OS. In the JAVA (registered trademark) execution environment shown in FIG. 3, the main program M prepared as a JAVA (registered trademark) application is a block showing a form of requesting encryption processing to the encryption processing subroutine R prepared as “Shared Object” FIG. It is a block diagram which shows the structure of the encryption processing apparatus 120 which concerns on the 1st Embodiment of this invention, and the information processing apparatus 100 containing this. It is a table | surface which shows the specific example of the random number table T shown in FIG. It is a figure which shows the example which performed the mutual conversion between the encryption key K and the code data F with reference to the random number table T shown in FIG. It is a figure which shows an example of the concrete numerical value range of the data which comprises the encryption key K used for this invention, and the data which comprises the code data F. FIG. It is a figure which shows the relationship between the cell number attached | subjected to each cell which comprises the random number table T used for this invention, and the numerical value accommodated in the said cell. It is a block diagram which shows the structure of encryption processing apparatus 120A which concerns on the 2nd Embodiment of this invention, and information processing apparatus 100A containing this. It is a figure which shows the specific example of the table designator t utilized in 2nd Embodiment shown in FIG. It is a block diagram which shows the structure of the encryption processing apparatus 120B which concerns on the 3rd Embodiment of this invention, and information processing apparatus 100B containing this. It is a figure which shows an example of the designation | designated rule defined by the table designation | designated pattern utilized in 3rd Embodiment shown in FIG. It is a figure which shows the specific example of the designation | designated result by the table designation | designated pattern utilized in 3rd Embodiment shown in FIG. It is a block diagram which shows the structure of the encryption processing apparatus 120C which concerns on the 4th Embodiment of this invention, and information processing apparatus 100C containing this. It is a figure which shows the specific example of the shift indicator s utilized in 4th Embodiment shown in FIG. It is a figure which shows an example of the shift process performed with respect to the random number table T based on the shift indicator s shown in FIG. It is a block diagram which shows the structure of encryption processing apparatus 120D which concerns on the 5th Embodiment of this invention, and information processing apparatus 100D containing this. It is a block diagram which shows the structure of the encryption processing apparatus 120E which concerns on the 6th Embodiment of this invention, and the information processing apparatus 100E containing this. It is a table | surface which shows the pair key which can be used for a general public key cryptosystem. It is a block diagram which shows the basic composition of the code data generation apparatus which concerns on this invention. It is a block diagram which shows the modification of the code data generation apparatus which concerns on this invention.

  Hereinafter, the present invention will be described based on the illustrated embodiments.

<<< §0. Encryption processing form in information processing apparatus >>
First, an encryption processing form used in a general information processing apparatus will be briefly described. As described above, general information processing apparatuses such as a personal computer, a smartphone, an electronic tablet, and an IC card are apparatuses that execute desired information processing by executing a computer program, and are incorporated in the information processing apparatus. The function of the cryptographic processing apparatus is usually realized by a cryptographic processing subroutine provided separately from the main program.

  FIG. 1 is a block diagram showing a form in which encryption processing is executed by calling a subroutine from a main program in a general information processing apparatus. Here, the main program is a program for performing the original function of the information processing apparatus, and the subroutine program is called from the main program as needed, and executes individual processing requested from the main program. It is.

  In FIG. 1 (a), when the main program M needs to encrypt the plaintext data P to obtain the encrypted data C, the encryption program is executed by calling the encryption processing subroutine R1. It is shown. That is, when it becomes necessary to encrypt the plaintext data P, the main program M performs a process of calling the encryption processing subroutine R1 and delivering the plaintext data P. The encryption processing subroutine R1 performs an encryption process on the plaintext data P based on a predetermined algorithm, and then performs a process of delivering the obtained encrypted data C to the main program M. The main program M executes subsequent processing using the received encrypted data C.

  Similarly, in FIG. 1B, when the main program M needs to decrypt the encrypted data C to obtain the original plaintext data P, the decryption processing is executed by calling the decryption processing subroutine R2. The processing form to be performed is shown. That is, when it becomes necessary to decrypt the encrypted data C, the main program M performs a process of calling the decryption processing subroutine R2 and delivering the encrypted data C. The decryption process subroutine R2 performs a process of delivering the obtained plaintext data P to the main program M after performing a decryption process based on a predetermined algorithm for the encrypted data C. The main program M executes subsequent processing using the received plaintext data P.

  When the encryption processing subroutine R1 performs encryption processing, or when the decryption processing subroutine R2 performs decryption processing, a unique encryption key K is used together with a unique encryption algorithm A (the encryption key K is only encrypted). Not used for decryption). For example, when performing an encryption process using English alphabets consisting of 26 alphabetic characters as plain text data, an encryption algorithm A “shifts n characters according to the alphabetical order and creates a cipher” and “ By using the encryption key K of “n = + 2”, the English word “DOG” is converted to the encryption of “FQI” by shifting each character in alphabetical order by two. The encryption “FQI” is decrypted into the English word “DOG”. In this case, the encryption algorithm A and the encryption key K are essential for encryption and decryption.

  FIG. 2 is a block diagram showing a form in the case where the encryption process and the decryption process using the encryption key K are performed in each of the subroutines R1 and R2 shown in FIG. The encryption processing subroutine R1 shown in FIG. 2 (a) encrypts the input plaintext data P and performs encryption processing to output the encrypted data C. The encryption processing includes a predetermined encryption algorithm A and A predetermined encryption key K is used. On the other hand, the decryption processing subroutine R2 shown in FIG. 2 (b) performs decryption processing in which the encrypted data C output by the subroutine R1 is input, decrypted, and returned to the original plaintext data P for output. However, a predetermined encryption algorithm A and a predetermined encryption key K are also used for the decryption process.

  Here, in the subroutines R1 and R2, the same encryption algorithm A and the same encryption key K are used (of course, the procedure for performing the encryption process based on the encryption algorithm A and the decryption process based on the same encryption algorithm A are performed). The procedure to be performed is the procedure in which the algorithm is applied in reverse).

  In other words, in order to return the encrypted data C obtained by the encryption process using the encryption algorithm A and the encryption key K to the original plaintext data P, the decryption using the same encryption algorithm A and the encryption key K is performed. Since it is necessary to perform processing, the decryption processing cannot be performed on the encrypted data C without knowing what encryption algorithm A is used and what encryption key K is used for encryption. . After all, in order to ensure tamper resistance of cryptographic processing, it is only necessary to maintain the confidentiality of the cryptographic algorithm A and the cryptographic key K used.

  As shown in FIG. 1, in a general information processing apparatus, encryption or decryption processing is performed by calling an encryption processing subroutine R1 or a decryption processing subroutine R2 from a main program M for performing an original function. . Usually, a program written in a high-level language or an intermediate language is used as the main program M, and a program written in a machine language is used as each of the subroutines R1 and R2. This is because the encryption processing subroutine R1 and the decryption processing subroutine R2 need to execute a fixed logic operation based on a predetermined encryption algorithm at a high speed, and are therefore preferably described in machine language. Further, as described later, if described in machine language, reverse engineering (program analysis) is difficult, and therefore, there is an advantage that it is difficult to receive unauthorized analysis. On the other hand, the main program M needs to execute various and complicated processes according to demands, and needs to be updated frequently and improved accordingly. Is suitable.

  For example, in the case of a smartphone incorporating an Android OS (registered trademark), a JAVA (registered trademark) application adopting an intermediate language is usually used as a main program, and various subroutines described in machine language are used as subroutines. A program is used. FIG. 3 is a schematic diagram showing a JAVA (registered trademark) execution environment in an Android OS. As shown in the figure, an information processing apparatus incorporating an Android OS ("Android OS") includes "JAVA (registered trademark) Virtual Machine" which is the execution environment of JAVA (registered trademark) and a collection of various subroutine groups. A “Shared Object” is prepared, and a main program installed as a JAVA (registered trademark) application, as indicated by a process execution route x shown in the figure, passes through “JAVA (registered trademark) Virtual Machine”. It is also possible to transmit a command to “Android OS” to execute a desired process and receive a processing result, or to call a subroutine prepared as “Shared Object” by calling a desired subroutine as shown by a process execution route y shown in the figure. It is also possible to execute processing and receive processing results.

  Therefore, in the case of a smartphone incorporating an Android OS, normally, the encryption processing subroutine R1 and the decryption processing subroutine R2 are prepared as “Shared Object” and used by being called from the JAVA (registered trademark) application as the main program M. Is done.

  As shown in FIG. 2 (a), the encryption process is a process of converting plaintext data P into encrypted data C, and the decryption process is performed by converting the encrypted data C into plaintext as shown in FIG. 2 (b). The process of returning to the data P is a process of performing an operation based on a predetermined encryption algorithm A using a predetermined encryption key K, and there is no fundamental difference in its substance. Therefore, in the present application, “encryption processing” and “decryption processing” are collectively referred to as “encryption processing”. In other words, “encryption processing” in the present application does not mean only “encryption processing” for converting plaintext data P into encrypted data C, but “decryption processing” for returning encrypted data C to plaintext data P. It also includes processing.

  Therefore, in the present application, the encryption processing subroutine R1 and the decryption processing subroutine R2 are collectively referred to as an encryption processing subroutine R. Accordingly, in the present application, the encryption processing subroutine R may refer only to the encryption processing subroutine R1, may refer only to the decryption processing subroutine R2, or may refer to a subroutine having both functions. There is also. However, for the sake of convenience, in the following description, the case where the encryption processing subroutine R is the encryption processing subroutine R1 is taken as an example, and the encryption processing subroutine R executes encryption processing for converting the plaintext data P into encrypted data C. Will be described.

  FIG. 4 illustrates a cryptographic process subroutine R prepared as “Shared Object” from a main program M prepared as a JAVA (registered trademark) application in the JAVA (registered trademark) execution environment shown in FIG. It is a block diagram which shows two forms in the case of requesting.

  The first form shown in FIG. 4A is an example in which both the encryption algorithm A and the encryption key K are incorporated in the encryption processing subroutine R. In the case of adopting the first form, the plain text data P may be delivered from the main program M to the encryption processing subroutine R to request encryption processing. The encryption processing subroutine R performs encryption processing on the received plaintext data P based on the embedded encryption algorithm A using the embedded encryption key K, and the obtained encryption data C is stored in the main program. Processing to return to M is performed.

  On the other hand, the second form shown in FIG. 4B is an example in which the encryption algorithm A is incorporated in the encryption processing subroutine R and the encryption key K is incorporated in the main program M. In the case of adopting the second form, the main program M sends the encryption key K together with the plaintext data P to the encryption processing subroutine R to request the encryption processing. The encryption processing subroutine R performs encryption processing based on the incorporated encryption algorithm A on the received plaintext data P using the received encryption key K, and the obtained encryption data C is transferred to the main program M. The process to return will be performed.

  As described above, in the case of an electronic device that employs an Android OS, a JAVA (registered trademark) application that employs an intermediate language is typically used as the main program M, and the encryption processing subroutine R is described in machine language. “Shared Object” is used. In general, it is difficult to analyze a program written in a machine language, but it is easy to analyze a program written in an intermediate language. For this reason, in the case of an electronic device adopting the above configuration, the main program M (JAVA (registered trademark) application written in an intermediate language) can be easily returned to the source code and analyzed (reverse engineering). On the other hand, it is difficult to analyze the contents of the cryptographic processing subroutine R (Shared Object described in machine language). Therefore, in consideration of tamper resistance, the first mode (FIG. 4 (a)) in which the encryption key K is incorporated in the encryption processing subroutine R is the second in which the encryption key K is incorporated in the main program M. Compared to this form (FIG. 4 (b)), it is preferable because it is less susceptible to cracker fraud analysis. That is, in the second embodiment, the encryption key K is easily stolen by a cracker.

  However, in consideration of convenience, the first form shown in FIG. 4A is not easy to use, and the second form shown in FIG. 4B is often used in practice. This is a program in which the cryptographic processing subroutine R is incorporated in an electronic device as a “Shared Object” and is commonly used by a large number of application programs (main programs). This is because there is a desire to increase the degree of freedom by specifying a key.

  For example, when the first form shown in FIG. 4A is adopted, the application program Mx (main program) provided by the trader X and the application program My (main program) provided by the trader Y are both “Shared Object”. Encryption processing is performed using the common encryption algorithm A and the common encryption key K in the encryption processing subroutine R prepared as follows. As described above, encryption processing using the same encryption key K as that of other companies is not preferable in terms of security. Further, when the first form shown in FIG. 4A is adopted, the same encryption key K is used every time, and this also causes a decrease in security.

  If the 2nd form shown in FIG.4 (b) is employ | adopted, encryption key Kx will be used in the application program Mx which the trader X provides, and encryption key Ky will be used in the application program My which the trader Y provides, and so on. Individual companies can use individual encryption keys. Even in the same application program Mx, different encryption keys can be used every time, such as encryption keys Kx1, Kx2, Kx3,.

  Thus, practically, the convenience is improved if the second mode is adopted and the encryption key K used for the encryption process has a degree of freedom. However, as described above, the second form has a problem in tamper resistance, and the encryption key K incorporated in the main program M is likely to leak outside.

  Therefore, in the above-mentioned Patent Document 1, a method for storing an encryption key in a ring instead of in the main program M has been proposed, but the user must always carry the ring and the convenience is significantly reduced. Resulting in. Also, in Patent Documents 2 and 3 listed above, a method of downloading and obtaining an encryption key from an external management server has been proposed, but the cracker can steal the encryption key from the download path. Tamper resistance cannot be ensured.

  In view of such circumstances, the present invention incorporates an encryption processing apparatus capable of ensuring tamper resistance without impairing convenience when executing encryption processing using an encryption key, and the same. An object of the present invention is to provide an information processing apparatus. Hereinafter, the present invention will be described in detail with reference to several embodiments.

<<< §1. First embodiment of the present invention >>>
FIG. 5 is a block diagram showing the configuration of the information processing apparatus 100 according to the first embodiment of the present invention. This first embodiment is the most basic embodiment of the present invention. As illustrated, the information processing apparatus 100 includes a main apparatus 110 and a cryptographic processing apparatus 120.

  However, in practice, the information processing apparatus 100 is configured by incorporating a predetermined program into an electronic device including a computer, such as a personal computer, a smartphone, an electronic tablet, or an IC card. In the case of the illustrated example, the function of the main device 110 is obtained by executing a main program M incorporated as an application program (or an OS program) in this electronic device, and the function of the cryptographic processing device 120 is It is obtained by executing a cryptographic processing subroutine R incorporated as one of subroutine programs in this electronic device.

  For example, when a smartphone incorporating the Android OS described in §0 is used as the information processing apparatus 100, the function of the main apparatus 110 is realized by the main program M installed as a JAVA (registered trademark) application, and is subjected to cryptographic processing. The function of the device 120 is realized by a cryptographic processing subroutine R prepared as “Shared Object”. Thus, in the case of the embodiment shown here, the individual blocks shown in FIG. 5 are actually realized as software functions utilizing the hardware resources of the computer.

  That is, when encryption processing (encryption processing or decryption processing) is required in the main program M functioning as the main device 110, the encryption processing subroutine R functioning as the encryption processing device 120 is called to request the necessary encryption processing. Will do. At that time, as shown in the drawing, the original data D and the code data F are delivered to the cryptographic processing device 120 (cryptographic processing subroutine R). The cryptographic processing device 120 executes cryptographic processing based on this request, and returns the processed data E obtained as a result to the main device 110 (main program M). The main apparatus 110 continues the necessary processing using the processed data E.

  As illustrated, the main apparatus 110 realized by the main program M includes an information processing unit 111, an encryption processing request unit 112, and an encryption processing result reception unit 113. Here, the information processing unit 111 is a component that executes predetermined information processing that is the purpose of the main program M, and the content of the information processing that is executed varies depending on the purpose of the main program M. For example, when the main program M is an application program that performs some kind of payment processing, communication with an external payment server is performed based on an instruction from the information processing unit 111, and user authentication, payment amount payment, and the like are performed. Information processing is executed.

  When the information processing unit 111 performs information processing, if encryption processing is necessary for some data, the data to be subjected to encryption processing is transferred to the encryption processing request unit 112 to instruct to perform encryption processing. Here, data to be subjected to encryption processing is referred to as original data D. As described above, “encryption processing” in the present application means “encryption processing (processing to convert plaintext data P into encrypted data C)” and “decryption processing (processing to return encrypted data C to plaintext data P)”. "Means both. Therefore, the “encryption process” performed when the original data D is the plaintext data P is called “encryption process”, and the “encryption process” performed when the original data D is the encrypted data C is “decryption process”. It turns out that.

  The cryptographic processing request unit 112 performs processing for providing the original data D delivered from the information processing unit 111 and the code data F stored in advance to the data input unit 121 in the cryptographic processing device 120. The substance of the code data F will be described in detail later. The processing performed by the encryption processing request unit 112 is actually processing for calling the encryption processing subroutine R from the main program M and delivering the original data D and the code data F to the encryption processing subroutine R.

  On the other hand, the cryptographic processing result receiving unit 113 receives the processed data E output from the data output unit 125 of the cryptographic processing device 120 and performs a process of delivering it to the information processing unit 111. The processed data E is a result of processing by the cryptographic processing device 120. If the original data D is plaintext data P, it is encrypted data C obtained by encrypting the original data D, and the original data D is encrypted. If it is data C, it is plaintext data P obtained by decrypting it. The processing performed by the cryptographic processing result receiving unit 113 actually takes the processed data E returned from the cryptographic processing subroutine R as a variable and pulls it to the subsequent processing step (command following the subroutine call command) of the main program M. It will be processing. The information processing unit 111 continues subsequent information processing using the obtained processed data E.

  Next, the configuration of the cryptographic processing device 120 (cryptographic processing subroutine R) will be described. As illustrated, the cryptographic processing device 120 includes a data input unit 121, a code conversion unit 122, a random number table storage unit 123, a cryptographic processing unit 124, and a data output unit 125, and encrypts the input original data D. A function of performing encryption processing for conversion or decryption and outputting processed data E is achieved.

  The data input unit 121 is a component that inputs the original data D to be subjected to encryption processing and the code data F necessary for encryption processing from the outside (main device 110), and from the main program M in the encryption processing subroutine R. This corresponds to the part that performs the process of receiving the original data D and the code data F. Here, the code data F input by the data input unit 121 is provided to the code conversion unit 122, and the original data D is provided to the encryption processing unit 124.

  The code conversion unit 122 performs a process of converting the code data F input by the data input unit 121 into an encryption key K. The random number table storage unit 123 is a component that stores a random number table T that is referred to when performing this conversion process. The result of the conversion process performed by the code conversion unit 122 is uniquely based on the contents of the random number table T. To be determined. The encryption key K obtained by the conversion process by the code conversion unit 122 is given to the encryption processing unit 124.

  The encryption processing unit 124 uses the encryption key K given from the code conversion unit 122 for the original data D given from the data input unit 121 to perform encryption processing based on a predetermined encryption algorithm A incorporated in advance. To generate processed data E. As described above, since various methods are already known as specific processing methods for performing encryption processing on the original data D based on a predetermined encryption algorithm using a predetermined encryption key, here, Detailed description is omitted. The processed data E generated by the encryption processing unit 124 is given to the data output unit 125.

  The data output unit 125 is a component that outputs the processed data E generated in this way to the outside (main device 110). In the encryption processing subroutine R, the data output unit 125 is a part that performs processing for passing the processed data E to the main program M. Equivalent to. As shown in the figure, the processed data E is delivered to the encryption processing result receiving unit 113 of the main device 110 (main program M). As described above, the processed data E is the encrypted data C obtained by encrypting the original data D when the original data D is the plain text data P, and the processed data E when the original data is the encrypted data C. This is plain text data P obtained by decrypting this.

  Next, the relationship between the substance of the random number table T and the code data F and the encryption key K will be described. The random number table T used in the present invention is a table in which N (M ≧ N) numerical values are randomly stored in a plurality of M cells each having a unique cell number. Stored. In other words, it is incorporated as a table in the cryptographic processing subroutine R.

  FIG. 6 is a table showing a specific example of such a random number table T. In this table, solid rectangles indicate individual cells, and a total of 256 cells of 16 rows and 16 columns are provided. That is, the example shown in FIG. 6 is an example in which M = 256 is set and a random number table T having 256 cells is defined. Each cell is divided into two upper and lower levels by a broken line, but the upper numerical value indicates a unique cell number (No. 0 to 255) assigned to the cell, and the lower numerical value is assigned to the cell. Shows the number contained. In the figure, for convenience, the upper cell number and the lower numerical value are shown in hexadecimal notation.

  The cell numbers shown in the upper row are incremented in the order of “01”, “02”,... In the right direction from “0F” to the second row, with the cell in the first row and first column being “00”. Continuing on to “10” in the first column of the row, in the same manner, numbers are assigned in order from the left to the right for the columns, and from the top to the bottom for the rows, and finally, the 16th row and the 16th column. The number of the cell (cell in the lower right corner) is “FF”.

Meanwhile, in this example, numerical values contained in the lower part of each cell also has an integral 256 of 0~255 (N = 256), 16 hexadecimal value 256 consisting "00" to "FF" in the display Is contained in one of the cells. However, the storage locations are random, and the entire table forms a random number table. For example, in this example, the cell number 0 (“00”) contains a numeric value “5B”, and the cell number 1 (“01”) contains a numeric value “D3”. The cell number 2 (“02”) contains a numerical value “8A”.

  Eventually, this random number table T includes a predetermined integer (upper stage) of 0 to 255 given as a cell number, and a predetermined integer (lower stage) of 0 to 255 given as a numerical value accommodated in the cell. It is a table that defines 256 pairs that correspond to each other. For this reason, if an arbitrary cell number is specified, only one numerical value corresponding to this is determined. Conversely, if an arbitrary numerical value is specified, only one cell number corresponding thereto is determined. For example, if the cell number “00” is specified, the numerical value “5B” is uniquely determined, and if the numerical value “D3” is specified, the cell number “01” is uniquely determined.

  In FIG. 6, for convenience of explanation, cell numbers are assigned to the upper stages of individual cells. However, in an actual random number table, it is not always necessary to store cell numbers as data. For example, if an individual cell can be specified as an address value, the address value functions as a cell number. Therefore, the random number table simply lists a total of 256 bytes contained in the cell. Data may be used.

  By using such a random number table T, it is possible to convert an L-byte encryption key K in which L 1-byte data is enumerated into L-byte code data F in which L 1-byte data is enumerated, The reverse conversion can also be performed. FIG. 7 is a diagram illustrating an example in which mutual conversion between the encryption key K and the code data F is performed by referring to the random number table T illustrated in FIG. 6.

  In this example, the encryption key K is composed of 8 bytes (L = 8) of “26, 5C, 08, 3A, D8, 55, 2B, 10”, but each byte is composed. When the cell number of the cell containing the numerical value is specified from the random number table T shown in FIG. 6, the numerical value “26” is the cell with the cell number “AD”, the numerical value “5C” is the cell with the cell number “31”, and the numerical value “ Since “08” is the cell number “63”, the cell number can be specified, etc., if each numerical value of the encryption key K is replaced with the cell number, the 8-byte data shown as the code data F in FIG. “AD, 31, 63, 1D, 12, 60, EE, 1B” is uniquely determined.

  On the other hand, if the data “AD, 31, 63, 1D, 12, 60, EE, 1B” is given as the code data F, the numerical values accommodated in the respective cells having these data as cell numbers are arranged. Thus, an 8-byte encryption key K of “26, 5C, 08, 3A, D8, 55, 2B, 10” is uniquely determined.

  Eventually, if the random number table T shown in FIG. 6 is prepared in advance, mutual conversion can be performed between the encryption key K and the code data F as illustrated in FIG. Therefore, in the present invention, instead of delivering the encryption key K from the main device 110 to the encryption processing device 120, by adopting a method of delivering the code data F corresponding to the encryption key K, the encryption key K is obtained. Prevents leakage.

  As described above, in the information processing apparatus 100 illustrated in FIG. 5, the encryption processing request unit 112 transmits the original data D given from the information processing unit 111 and the code data F stored in advance to the encryption processing apparatus 120. The code data F stored in advance in the encryption processing request unit 112 is an encryption key that is actually used when the encryption processing unit 124 in the encryption processing device 120 performs encryption processing. The code data is obtained by converting K using the random number table T stored in the random number table storage unit 123.

  In other words, in the cryptographic processing subroutine R functioning as the cryptographic processing device 120, an 8-byte cryptographic key K “26, 5C, 08, 3A, D8, 55, 2B, 10” as shown in the upper part of FIG. In order to execute the encryption processing used, the creator of the main program M functioning as the main device 110 uses a random number table T (a table stored in the random number table storage unit 123) as shown in FIG. Referring to FIG. 7, the 8-byte code data F “AD, 31, 63, 1D, 12, 60, EE, 1B” as shown in the lower part of FIG. 7 is created and incorporated in the main program M. Just keep it.

  In this case, when a request for encryption processing is made from the main device 110 to the encryption processing device 120 (that is, when the encryption processing subroutine R is called from the main program M), the original data D and “AD, 31” , 63, 1D, 12, 60, EE, 1B "is delivered, but the code conversion unit 122 converts the code data F into the encryption key K. The cryptographic process is performed using the cryptographic key K “26, 5C, 08, 3A, D8, 55, 2B, 10” obtained after the conversion. Thus, the encryption process as intended by the creator of the main program M can be executed.

  As described above, according to the present invention, since the desired code data F is prepared in the encryption processing request unit 112 and the code data F can be delivered to the encryption processing device 120 to perform encryption processing. The encryption key K used for the process can be freely specified, and convenience is improved. Moreover, since it is not necessary to prepare the encryption key K itself in the information processing apparatus 100, even if the cracker analyzes the main apparatus 110 (reverse engineering is performed by returning the main program M to the source code). The encryption key K cannot be stolen.

  Of course, the code data F itself may be stolen by cracker analysis, but since the random number table T is required to convert the code data F into the encryption key K, even if the code data F leaks, The key K is not immediately detected. The random number table T is incorporated in the cryptographic processing device 120. As described above, the cryptographic processing device 120 is realized as a function of the cryptographic processing subroutine R in the “Shared Object” described in the machine language. Therefore, the work of analyzing this and extracting the random number table T is extremely difficult compared to the work of analyzing the main program M.

  In order to convert an arbitrary encryption key K into code data F, a random number table T is required. Therefore, if the creator of the main program M desires, the data of the random number table T is disclosed to the desired person. There is a need to. Therefore, the person who has received the disclosure needs to strictly manage so that the contents of the random number table T are not leaked. Note that a method for enabling encryption processing using an arbitrary encryption key K without disclosing the contents of the random number table T will be described in §7.

  As described above, the code data F is stored in advance in the encryption processing request unit 112, and when requesting encryption processing, the encryption processing request unit 112 stores the original data D given from the information processing unit 111 in advance. In the above example, the code data F is given to the cryptographic processing device 120. However, the code data F is not necessarily stored in the cryptographic processing requesting unit 112, and is received from an external device or an external server. It doesn't matter.

  For example, it is possible to store the code data F in an external device different from the information processing device 100 and read it out by the encryption processing request unit 112 and use it when necessary. . Alternatively, the code data F can be prepared in an external server, and can be downloaded and used by the encryption processing request unit 112 when necessary. Of course, the code data F may be generated from the encryption key K by referring to the random number table T in an external server whenever necessary. Further, the data input unit 121 may directly input the code data F from an external device or an external server without using the encryption processing request unit 112.

  In addition, in FIG. 6, as an example of the random number table T used in the present invention, a table in which 256 numbers from 0 to 255 are randomly stored in a total of 256 cells assigned cell numbers from 0 to 255. Of course, the random number table usable in the present invention is not limited to such a table.

  The random number table used in the present invention is any table as long as it is a table that accommodates N (M ≧ N) numerical values in a plurality of M cells each having a unique cell number. It doesn't matter. The code conversion unit 122 refers to such a random number table, and converts each numerical value included in the code data F input by the data input unit 121 into a numerical value stored in a cell having the numerical value as a cell number. A replacement conversion process may be performed, and a process of giving the converted data to the encryption processing unit 124 as the encryption key K may be performed.

  More specifically, the general encryption algorithm A incorporated in the encryption processing unit 124 has a function of performing encryption processing using an encryption key K that enumerates integers having values ranging from 0 to (N−1). Therefore, as the random number table T, a range of 0 to (N-1) is continuously added to a plurality of M cells assigned consecutive cell numbers in the range of 0 to (M-1). What is necessary is just to prepare the table which accommodated N types of integers at random. Then, the code conversion unit 122 enumerates the code data F in which the integers having a value in the range of 0 to (M−1) are enumerated, and the integer having the values in the range of 0 to (N−1). It is possible to perform conversion processing to replace the encrypted key K.

  In particular, if M = N is set and a random number table in which N integers are stored in N cells is used, individual data constituting the encryption key K as shown in FIG. In addition, since the individual data constituting the code data F are all N integers having values in the range of 0 to (N−1), the convenience is improved. The random number table T shown in FIG. 6 is an example in which M = N = 256. In practical use, since data processing of a computer handles 1-byte data as one unit, an example in which M = N = 256 can be said to be the most practical example.

  That is, if M = N = 256 is set, random number table T (in FIG. 6) that randomly stores an integer of 0-255 in 256 cells assigned consecutive cell numbers of 0-255. For example, the code conversion unit 122 replaces the L byte code data F obtained by arranging L bytes of 1-byte data for each byte, and converts L bytes of 1-byte data. The L-byte encryption key K can be converted into the conversion process (in the example of FIG. 7, L = 8), and the encryption processing unit 124 performs the encryption process using the L-byte encryption key K. It can be carried out.

  However, in the random number table used in the present invention, the relationship of M = N does not necessarily hold for the number M of cells and the number N of numerical variations accommodated in the cells. That is, as shown in FIG. 9, the number of cells is M, cell numbers within a range of 0 to (M−1) are assigned, and numerical values accommodated in individual cells are set to 0 to (N−1). ), It is only necessary that the relationship of M ≧ N be maintained. In other words, the relationship may be M> N. When M> N, at least one N number of integers are accommodated in each of the M cells, and some cells contain the same integer as that of other cells. . After all, the random number table used in the present invention may be a table in which a plurality of M (M ≧ N) cells are randomly accommodated by allowing an integer in the range of 0 to (N−1) to overlap. .

  In particular, when N = 256 and M> 256 are set, the random number table storage unit 123 assigns integers of 0 to 255 to M cells to which consecutive cell numbers of 0 to (M−1) are assigned. At least one random number table stored at random is stored, but even when such a random number table is used, the code conversion unit 122 stores code data obtained by enumerating L pieces of data having a predetermined bit length, It is possible to perform conversion processing by replacing each piece of data and replacing the 1-byte data with an L-byte encryption key K arranged in L, and the encryption processing unit 124 uses the L-byte encryption key K. Cryptographic processing can be performed.

  For example, when N = 256 and M = 512 are set, a random number table in which each integer is randomly stored so that at least one integer from 0 to 255 is included in 512 cells is obtained. In this case, a specific integer may be accommodated in only one cell, or may be accommodated in a plurality of cells. On the other hand, each piece of data constituting the code data F indicates a cell number that identifies 512 cells from 0 to 511, so 1 byte (8 bits) is not sufficient, and it has a bit length of 9 bits. Data. Still, the code conversion unit 122 uniquely replaces the code data F by performing a process of replacing individual data constituting the code data F with an integer accommodated in the cell having the cell number specified by the data. It can be converted into an encryption key K.

  However, when M> N is set, an integer is accommodated redundantly in a plurality of cells, so there are a plurality of cell numbers of cells in which the integer is accommodated. . In that case, any cell number may be used. As a result, a plurality of types of code data F can be defined for the same encryption key K, and redundancy is added to the determination of the code data F. Such redundancy is beneficial in improving tamper resistance. That is, since the same encryption key K can be generated using a plurality of different types of code data F, an effect of making unauthorized analysis using statistical means difficult can be obtained.

<<< §2. Second embodiment of the present invention >>>
Subsequently, a second embodiment of the present invention will be described. FIG. 10 is a block diagram showing the configuration of the information processing apparatus 100A according to the second embodiment. Most of the configuration of the second embodiment is the same as the configuration of the first embodiment described in section 1 with reference to FIG. Therefore, the reference numerals of the constituent elements of the second embodiment shown in FIG. 10 are indicated by using the reference numerals with “A” added to the end of the reference numerals of the corresponding constituent elements of the first embodiment shown in FIG. Only the differences from the corresponding components of the first embodiment shown in FIG. 5 will be described here.

  A feature of the second embodiment shown in FIG. 10 is that the cryptographic processing device 120A uses a plurality of random number tables. As illustrated, the random number table storage unit 123A stores a plurality of K random number tables T0 to T15 (K = 16 in the illustrated example). As with the random number table T illustrated in FIG. 6, each of the individual random number tables T0 to T15 is a table that randomly stores one integer from 0 to 255 in a total of 256 cells. However, since the random state is different for each of the 16 random number tables T0 to T15, the contents of the 16 random number tables T0 to T15 are different from each other.

  On the other hand, in addition to the original data D given from the information processing unit 111A and the code data F stored in advance or received from the outside, the encryption processing request unit 112A in the main device 110A further includes a plurality of K types. It has a function of giving a table designator t for designating one of the random number tables to the data input unit 121A. For this reason, the data input unit 121A performs a process of inputting a table designator t for designating a specific random number table together with the original data D and the code data F. Here, the original data D is given to the encryption processing unit 124A, and the code data F and the table designator t are given to the code conversion unit 122A.

  Then, the code conversion unit 122A converts the code data F into the encryption key K by referring to a specific random number table designated by the given table designator t among a plurality of K random number tables. I do. The functions of the other constituent elements are the same as the corresponding constituent elements of the first embodiment shown in FIG.

  FIG. 11 is a diagram showing a specific example of the table designator t used in the second embodiment shown in FIG. Here, as in the example shown in FIG. 7, the case where the code data F composed of 8-byte data is converted into the encryption key K composed of 8-byte data is taken as an example.

  The example shown in FIG. 11A shows a form in which a 1-byte table designator t is added to the head of 8-byte code data F. That is, in this example, the random number table T6 is specified by a 1-byte table designator “06” (hexadecimal display). The subsequent 8-byte data “AD, 31, 63, 1D, 12, 60, EE, 1B” is code data F shown in the lower part of FIG. Here, the 8-byte data is indicated by codes f1 to f8, respectively. After all, the data shown in FIG. 11A is composed of a 1-byte table designator t and 8-byte code data F (bytes f1 to f8).

  When such data is given to the code conversion unit 122A, first, the random number table T6 designated by the table designator t from the plurality of random number tables T0 to T15 stored in the random number table storage unit 123A. And using this random number table T6, a process of converting 8-byte code data F (bytes f1 to f8) into an 8-byte encryption key K is performed.

  Of course, if a different random number table is designated by the table designator t, the contents of the encryption key K obtained by the conversion by the code conversion unit 122A also differ. Accordingly, the creator of the main program M first selects one random number table from the random number tables T0 to T15 in order to cause the cryptographic processing unit 124A to perform cryptographic processing using the intended cryptographic key K. The selected random number table is used to convert the encryption key K as intended into the code data F, and the obtained code data F is attached with a table designator t for specifying the selected random number table. It may be stored in the encryption processing request unit 112A (or may be downloaded from an external server).

  As described above, in the second embodiment, a plurality of random number tables are prepared in the random number table storage unit 123A, and the table designator t for designating a specific random number table is given together with the code data F. There are a plurality of types of code data that can be converted into the encryption key K. For this reason, unauthorized analysis by a cracker can be made more difficult, and tamper resistance can be improved.

  Further, the second embodiment also contributes to maintaining security between vendors when a plurality of different program providers are allowed to use the same cryptographic processing subroutine R. For example, let us consider a case where the program providers X, Y, and Z have developed main programs Mx, My, and Mz as application programs that can be used in the information processing apparatus 100A. Here, it is assumed that these main programs Mx, My, and Mz all perform cryptographic processing using the same cryptographic processing subroutine R.

  In order to perform processing using a desired encryption key K when performing encryption processing in the encryption processing unit 124A, the code data F corresponding to the encryption key K is previously used using a specific random number table. Need to create. For this reason, it is necessary to disclose the contents of the random number table to the program providers X, Y, and Z. In the case of the second embodiment, since a plurality of random number tables T0 to T15 are prepared in the random number table storage unit 123A, if a specific random number table is assigned to each individual supplier, each supplier Only the contents of the assigned specific random number table need be disclosed.

  For example, if the random number table T0 is assigned to the trader X, the random number table T1 is assigned to the trader Y, and the random number table T2 is assigned to the trader Z, only the random number table T0 is disclosed to the trader X, and the random number table is assigned to the trader Y. It is sufficient to disclose only T1 and disclose only the random number table T2 to the trader Z. Then, for example, since the contents of the random number tables T1 and T2 are not disclosed to the trader X, even if the contents of the code data F handled by the main programs My and Mz provided by the traders Y and Z are exposed to the trader X, The trader X cannot convert this into the encryption key K. Therefore, even if the same cryptographic processing subroutine R is shared by the three parties X, Y, and Z, there is no problem in maintaining the security among the contractors.

  Of course, in the case of the above example, the code data F delivered from the main program Mx to the encryption processing subroutine R is given a table designator tx for specifying the random number table T0, and the encryption processing subroutine R from the main program My. Is assigned a table designator ty for designating the random number table T1, and for the code data F delivered from the main program Mz to the encryption processing subroutine R, the random number table T2 is designated. A table designator tz is attached. Therefore, in such a usage mode, the table designators tx, ty, and tz function as trader designators indicating individual traders X, Y, and Z.

  As described above, a plurality of pieces of data constituting one code data F (for example, eight pieces of data f1 to f8 in the case of the example shown in FIG. 11A) are referred to the same random number table as the encryption key K. Although an example of conversion has been described, a plurality of data constituting one code data F may be converted to the encryption key K with reference to different random number tables. FIGS. 11B and 11C show such an example.

  For example, in the case of the example shown in FIG. 11B, the code data F is similar to the example shown in FIG. Immediately before the individual bytes f1 to f8, independent table specifiers t1 to t8 are inserted. That is, the i-th table designator ti is a specific random number table to be referred to in order to convert the subsequent i-th data fi (1-byte data) into 1-byte data constituting the encryption key K. Plays the role of specifying. For example, the first byte f1 constituting the code data F is converted into the first byte constituting the encryption key K by referring to a specific random number table designated by the table designator t1. become.

  On the other hand, the example shown in FIG. 11C is similar to the example shown in FIG. 11B in that the code data F is composed of 8-byte data. Instead of inserting the table specifiers t1 to t8 immediately before, the table specifier is inserted only when the random number table to be referred to is switched. Specifically, in this example, four types of table designators t1 to t4 are inserted at predetermined locations, and the random number table to be referred to is switched each time the table designator is inserted.

  That is, first, a random table to be referred to first is designated by the head table designator t1, and the subsequent three bytes of data f1, f2, and f3 are all random number tables designated by the table designator t1. The conversion is performed using. Next, since a new table designator t2 is inserted, the subsequent 2-byte data f4 and f5 are both converted using the random number table designated by the table designator t2. Further, a new table designator t3 is inserted, and the subsequent data f6 is converted using the random number table designated by the table designator t3, and the remaining new table designator t4 is inserted by the subsequent insertion of the new table designator t4. The 2-byte data f7 and f8 are converted using the random number table specified by the table designator t4.

  In short, in the example shown in FIG. 11C, the byte group “f1, f2, f3” is designated by the table designator t1, and the byte group “f4, f5” is designated by the table designator t2. Thus, the byte f6 is designated by the table designator t3, and the byte group “f7, f8” is designated by the table designator t4.

  As described above, when the second embodiment is implemented, the original data D and L-byte code data F obtained by arranging L 1-byte data into the data input unit 121A (example shown in FIG. 11). In this case, L = 8) and a unique table for designating a specific random number table for each byte constituting the L-byte code data F or for each byte group composed of a plurality of bytes. The code conversion unit 122A is designated by a unique table designator t for each byte of the code data F or for each byte group composed of a plurality of bytes. The conversion process may be performed by referring to the random number table.

<<< §3. Third embodiment of the present invention >>>
Here, a third embodiment of the present invention will be described. FIG. 12 is a block diagram showing the configuration of the information processing apparatus 100B according to the third embodiment. Most of the configuration of the third embodiment is the same as the configuration of the first embodiment described in section 1 with reference to FIG. Accordingly, the reference numerals of the constituent elements of the third embodiment shown in FIG. 12 are indicated by the reference numerals with “B” added to the end of the corresponding constituent elements of the first embodiment shown in FIG. Only the differences from the corresponding components of the first embodiment shown in FIG. 5 will be described here.

  The feature of the third embodiment shown in FIG. 12 is that the cryptographic processing device 120B uses a plurality of random number tables, like the feature of the second embodiment described in §2. The illustrated random number table storage unit 123B is the same component as the random number table storage unit 123A shown in FIG. 10, and stores a plurality of K types (K = 16 in the illustrated example) of random number tables T0 to T15. Yes. However, in the case of the second embodiment, the table designator t is used to designate a specific random number table among the plurality of random number tables. However, in the case of this third embodiment, the table designator is used. A pattern selector p is used instead of t.

  On the other hand, the code conversion unit 122B has a function of performing processing for converting the code data F into the encryption key K with reference to a specific random number table, similarly to the code conversion unit 122A illustrated in FIG. A plurality of table designation patterns for sequentially designating the K random number tables stored in the random number table storage unit 123B in accordance with a predetermined rule are stored in advance. FIG. 12 shows a state in which three table designation patterns P1 to P3 are stored.

  The encryption processing requesting unit 112B in the main apparatus 110B has the original data D given from the information processing unit 111B and L-byte code data F obtained by arranging L 1-byte data (data stored in advance). Or the data received from the outside) and the pattern selector p may be provided to the data input unit 121B. Here, the pattern selector p is data indicating which of a plurality of table designation patterns (three table designation patterns P1 to P3 in the illustrated example) stored in the code conversion unit 122B is selected. .

  Accordingly, the data input unit 121B performs a process of inputting the original data D, L-byte code data F obtained by arranging L 1-byte data, and a pattern selector p for selecting a specific table designation pattern. It will be. Here, the original data D is provided to the encryption processing unit 124B, and the code data F and the pattern selector p are provided to the code conversion unit 122B.

  The code converting unit 122B specifies a random number table for each byte of the code data F based on the table specifying pattern selected by the pattern selector p, and performs conversion processing by referring to the specified random number table. The encryption key K is generated. The functions of the other constituent elements are the same as the corresponding constituent elements of the first embodiment shown in FIG.

  Here, the table designating patterns P1 to P3 define the rules for designating the random number table for the L-byte data constituting the code data F. FIG. 13 is a diagram showing an example of a designation rule defined by these three table designation patterns P1 to P3. Each square described in the designation rule column corresponds to each byte constituting the code data, and the codes T0 to T15 entered in each square are codes indicating a random number table to be designated. . FIG. 13 shows a rule when L = 8, and it is assumed that the code data F is composed of 8-byte data.

  For example, the table designation pattern P1 of FIG. 13 shows a rule for sequentially designating the random number table in the order of “T0, T1, T2,..., T7”. Therefore, when the pattern selector p is for selecting the table designating pattern P1, the code conversion unit 122B converts the first byte f1 of the code data F with reference to the random number table T0, and The second byte f2 of the code data F is converted with reference to the random number table T1, the third byte f3 of the code data F is converted with reference to the random number table T2, and so on. The eighth byte f8 of the code data F is converted with reference to the random number table T7. FIG. 14A is a diagram showing a random number table that is designated based on the table designation pattern P1 for each of the bytes f1 to f8 constituting the code data F. FIG.

  On the other hand, the table specification pattern P2 of FIG. 13 shows a rule for sequentially specifying the random number table in the order of “T1, T3, T5,..., T15”. Therefore, when the pattern selector p selects the table designation pattern P2, the code conversion unit 122B converts the first byte f1 of the code data F with reference to the random number table T1, The second byte f2 of the code data F is converted with reference to the random number table T3, the third byte f3 of the code data F is converted with reference to the random number table T5,... The eighth byte f8 of the code data F is converted with reference to the random number table T15. FIG. 14B is a diagram showing a random number table that is designated based on the table designation pattern P2 for the individual bytes f1 to f8 that constitute the code data F. FIG.

  Further, the table designation pattern P3 of FIG. 13 shows a rule for sequentially designating the random number table in the order of “T2, T5, T8, T2, T5, T8, T2, T5”. Therefore, when the pattern selector p is for selecting the table designating pattern P3, the code conversion unit 122B converts the first byte f1 of the code data F with reference to the random number table T2, The second byte f2 of the code data F is converted with reference to the random number table T5, the third byte f3 of the code data F is converted with reference to the random number table T8,... The eighth byte f8 of the code data F is converted with reference to the random number table T5. FIG. 14 (c) is a diagram showing a random number table that is designated based on the table designation pattern P3 for the individual bytes f1 to f8 constituting the code data F.

  Here, specific examples of the three table designation patterns P1 to P3 have been shown. Of course, as the table designation pattern, a plurality of random number tables stored in the random number table storage unit 123B are sequentially applied according to a predetermined rule. A pattern based on any rule may be adopted as long as it is specified.

  As described above, in the third embodiment, a plurality of random number tables are prepared in the random number table storage unit 123B, a plurality of table designation patterns are prepared in the code conversion unit 122B, and specified together with the code data F. Since the table selector p for selecting the table designation pattern is provided, the correspondence relationship between the code data F and the encryption key K becomes more complicated. For this reason, unauthorized analysis by a cracker can be made more difficult, and tamper resistance can be improved.

  Of course, it is also possible to adopt an operation in which a specific table designation pattern is assigned to each supplier providing the main program. For example, the table designation pattern P1 may be assigned to the trader X, the table designation pattern P2 may be assigned to the trader Y, and the table designation pattern P3 may be assigned to the trader Z. In this case, the pattern selector p functions as a trader designator indicating individual traders X, Y, and Z.

<<< §4. Fourth embodiment of the present invention >>>
Here, a fourth embodiment of the present invention will be described. FIG. 15 is a block diagram showing a configuration of an information processing apparatus 100C according to the fourth embodiment. Most of the configuration of the fourth embodiment is the same as the configuration of the first embodiment described in section 1 with reference to FIG. Therefore, the reference numerals of the constituent elements of the fourth embodiment shown in FIG. 15 are indicated by using the reference numerals with “C” added to the end of the reference numerals of the corresponding constituent elements of the first embodiment shown in FIG. Only the differences from the corresponding components of the first embodiment shown in FIG. 5 will be described here.

  In the second embodiment shown in FIG. 10 and the third embodiment shown in FIG. 12, a device for further improving tamper resistance is used by using a plurality of random number tables. In the fourth embodiment shown in FIG. 15, only a single random number table T (for example, a random number table as shown in FIG. 6) is prepared in the random number table storage unit 123C. By shifting the numerical value accommodated in each cell according to a predetermined rule, a device that produces the same effect as using a plurality of pseudo random number tables is provided.

  First, in addition to the original data D given from the information processing unit 111C and the code data F stored in advance or received from the outside, the encryption processing request unit 112C in the main device 110C further stores the random number table T. The data input unit 121C is provided with a shift indicator s indicating a rule for shifting the numerical value in each cell. For this reason, the data input unit 121C performs a process of inputting the shift indicator s together with the original data D and the code data F. Here, the original data D is given to the encryption processing unit 124C, and the code data F and the shift indicator s are given to the code conversion unit 122C.

  On the other hand, the code conversion unit 122C shifts each numerical value in the random number table T stored in the random number table storage unit 123C based on the rule indicated by the shift indicator s, and converts it using the shifted numerical value. And a conversion process for generating the encryption key K is performed. The functions of the other constituent elements are the same as the corresponding constituent elements of the first embodiment shown in FIG.

  FIG. 16 is a diagram showing a specific example of the shift indicator s used in the fourth embodiment shown in FIG. In this example, the shift indicator s is composed of data indicating either a positive or negative shift direction and a shift amount d. For example, a shift indicator s “+5” indicates that the shift is shifted by 5 in the positive direction, and a shift indicator s “−3” indicates that the shift is shifted by 3 in the negative direction. .

  When the shift direction indicated by the given shift indicator s is positive, the code conversion unit 122C converts the numerical value in the cell having the i-th cell number of the random number table T to the (i + d) -th cell number. If the shift direction is negative, the value in the cell having the i-th cell number in the random number table T is shifted to the cell having the (id) cell number. It has a function to perform processing, performs conversion using the shifted numerical value, and generates an encryption key K. However, when the shifted cell is out of the cell number range, a correction process is performed so that the total number M of cells is added to or subtracted from the shifted cell number to be within the cell number range.

  The shift process is a so-called rotation shift method. FIG. 17 is a diagram illustrating an example in which such a rotation shift is performed on a random number table including a total of 64 cells (cell numbers 1 to 64 in this example) arranged in 8 rows and 8 columns. It is. The random number table shown on the left side of FIGS. 17A and 17B is the original random number table stored in the random number table storage unit 123C. Here, for convenience of explanation, an example in which numbers 1 to 64 are sequentially accommodated in each cell is shown, but in reality, numerical values are randomly accommodated in each cell.

  The table shown on the right side of FIG. 17A is a table obtained by performing shift processing based on the shift indicator s “+5” on the original random number table. The numerical value in each cell is shifted by 5 cells in the positive direction, and the numerical value in the cell having the i-th cell number is moved to the cell having the (i + 5) -th cell number. However, since the numerical values “60” to “64” to be shifted to the 65th to 69th cells are out of the cell number range (1 to 64), the total number of cells 64 is subtracted to obtain the first to first values. It is moved to the fifth cell.

  On the other hand, the table shown on the right side of FIG. 17B is a table obtained by performing shift processing based on the shift indicator s “−3” on the original random number table. The numerical value in each cell is shifted by 3 cells in the negative direction, and the numerical value in the cell having the i-th cell number is moved to the cell having the (i-3) -th cell number. Yes. However, since the numerical values “1” to “3” to be shifted to the −2nd to 0th cells are out of the cell number range (1 to 64), the total number of cells 64 is added to the 62nd cell. It is moved to the ˜64th cell.

  Of course, the shift method shown in FIG. 17 is shown as an example, and any rule can be adopted as the shift method indicated by the shift indicator s. In practice, it is not necessary to create a new table in which numerical values are actually shifted with respect to the random number table T stored in the random number table storage unit 123C. When referring to a specific cell, it is sufficient to shift the position of the cell to be referenced. For example, when the shift indicator s “+5” is given, the sign conversion unit 122C may refer to the numerical value in the (i + 5) th cell instead of referring to the numerical value in the i-th cell. Good.

  As described above, each numerical value in the random number table stored in the random number table storage unit 123C is shifted by the predetermined shift method indicated by the shift indicator s, and the converted numerical value is used for conversion. If the key K is generated, the correspondence between the code data F and the encryption key K becomes more complicated. For this reason, unauthorized analysis by a cracker can be made more difficult, and tamper resistance can be improved.

<<< §5. Fifth embodiment of the present invention >>>
Next, a fifth embodiment of the present invention will be described. FIG. 18 is a block diagram showing the configuration of the information processing apparatus 100D according to the fifth embodiment. Most of the configuration of the fifth embodiment is the same as the configuration of the first embodiment described in section 1 with reference to FIG. Therefore, the reference numerals of the constituent elements of the fifth embodiment shown in FIG. 18 are indicated by using the reference numerals with “D” added to the end of the reference numerals of the corresponding constituent elements of the first embodiment shown in FIG. Only the differences from the corresponding components of the first embodiment shown in FIG. 5 will be described here.

  The feature of the fifth embodiment shown in FIG. 18 is that the cryptographic processing unit 124D has a function of performing cryptographic processing using an arbitrary cryptographic algorithm among a plurality of cryptographic algorithms. In the figure, an example in which four cryptographic algorithms A1 to A4 are incorporated in the cryptographic processing unit 124D is shown, and the cryptographic processing unit 124D can select an algorithm from the four cryptographic algorithms A1 to A4. Encryption processing can be performed using a specific encryption algorithm specified by the specifier a.

  On the other hand, in addition to the original data D given from the information processing unit 111D and the code data F stored in advance or received from the outside, the encryption processing request unit 112D in the main device 110D further includes a plurality of encryptions. The data input unit 121D has a function of giving an algorithm designator a for designating one of the algorithms (in the example shown, four encryption algorithms A1 to A4). For this reason, the data input unit 121D performs a process of inputting an algorithm designator a for designating a specific encryption algorithm together with the original data D and the code data F. Here, the original data D and the algorithm specifier a are given to the encryption processing unit 124D, and the code data F is given to the code conversion unit 122D.

  Then, the cryptographic processing unit 124D performs cryptographic processing using the given cryptographic key K on the given original data D using the cryptographic algorithm designated by the given algorithm specifier a, Processed data E is generated. The functions of the other constituent elements are the same as the corresponding constituent elements of the first embodiment shown in FIG.

  Thus, in the fifth embodiment, since a plurality of encryption algorithms are prepared in the encryption processing unit 124D, the processed data E obtained is used even if the same encryption key K is used. It depends on the encryption algorithm. For this reason, unauthorized analysis by a cracker can be made more difficult, and tamper resistance can be improved.

  In order to further improve the tamper resistance, the algorithm specifier a can be transferred to the cryptographic processing device 120D in an encoded form. In the case of the above example, the algorithm designator a is information for designating one of the four cryptographic algorithms A1 to A4. For example, the four cryptographic algorithms are “01”, “02”, If the algorithm specifiers “03” and “04” are associated with each other, the encryption algorithm A2 can be specified by the algorithm specifier a = “02”. However, since the algorithm specifier a can be stolen by analyzing the main program M, if the cracker performs analysis by an unauthorized means, there is a possibility that the specified encryption algorithm can be recognized. There is.

  Therefore, in order to further improve tamper resistance, it is also possible to deliver an encoded algorithm specifier instead of directly delivering the algorithm specifier a from the main apparatus 110D to the cryptographic processing apparatus 120D. . For example, as described above, the algorithm specifier a indicating any one of the four numerical values “01”, “02”, “03”, and “04” is used, and among the four cryptographic algorithms A1 to A4. Are designated by using the random number table T shown in FIG. 6, and “68”, “67”, The numerical values “AB” and “96” may be used as encoded algorithm specifiers. Here, “68” is the cell number of the cell containing the numerical value “01” in the random number table T shown in FIG. 6, and “67” is the cell of the cell containing the numerical value “02”. “AB” is the cell number of the cell containing the numerical value “03”, and “96” is the cell number of the cell containing the numerical value “04”.

  Therefore, for example, when specifying the encryption algorithm A2, instead of using the algorithm specifier a “02”, data “67” obtained by encoding this is used as the encoded algorithm specifier. . The main device 110D substitutes the information “67” for the algorithm specifier a. However, even if the data “67” leaks, as long as there is no random number table T, the main device 110D is information that specifies the encryption algorithm A2. There is no recognition.

  On the other hand, in the cryptographic processing device 120D, the data input unit 121D inputs this encoded algorithm specifier instead of the algorithm specifier a. The conversion to the algorithm specifier a is performed. Specifically, the code conversion unit 122D refers to the random number table T, identifies the cell having the cell number indicated by the data “67” given as the encoded algorithm specifier, and stores the cell in the cell. A process of transmitting the stored numerical value “02” as the algorithm designator a to the cryptographic processing unit 124D is performed.

  In this way, processing for converting the encoded algorithm specifier into the original algorithm specifier a is added via the code conversion unit 122D, but the main device 110D stores the algorithm specifier a. It is not necessary to receive the algorithm specifier a from the outside, so even if the main program M is analyzed by the cracker, the algorithm specifier a itself is not stolen.

<<< §6. Sixth embodiment of the present invention >>>
Subsequently, a sixth embodiment of the present invention will be described. FIG. 19 is a block diagram showing the configuration of the information processing apparatus 100E according to the sixth embodiment. Most of the configuration of the sixth embodiment is the same as the configuration of the first embodiment described in section 1 with reference to FIG. Accordingly, the reference numerals of the constituent elements of the sixth embodiment shown in FIG. 19 are indicated by the reference numerals with “E” added to the end of the corresponding constituent elements of the first embodiment shown in FIG. Only the differences from the corresponding components of the first embodiment shown in FIG. 5 will be described here.

  The feature of the sixth embodiment shown in FIG. 19 is that the code data F delivered from the main device 110E to the encryption processing device 120E is encrypted by a predetermined method. In other words, instead of the code data F delivered in the first embodiment, encrypted code data G obtained by encrypting the code data F by a predetermined method is prepared and transferred from the main device 110E to the encryption processing device 120E. On the other hand, the encrypted code data G is delivered together with the original data D (the decryption key designator w shown in the figure will be described later). Therefore, the encrypted code data G is stored in the encryption processing request unit 112E in the main device 110E instead of the code data F. Of course, the encryption code data G may be prepared in an external server or the like, and the encryption processing request unit 112E may receive the encryption code data G from the outside.

  On the other hand, in the cryptographic processing device 120E, a code data decrypting unit 126E that performs processing for decrypting the given encrypted code data G and obtaining the original code data F is provided as a new component. To do. The data input unit 121E performs a process of inputting the original data D and the encrypted code data G. Here, the original data D is provided to the encryption processing unit 124E, and the encrypted code data G is provided to the code data decryption unit 126E. The code data decoding unit 126E decodes the given encrypted code data G and provides the decoded code data F to the code conversion unit 122E. The code conversion unit 122E converts the decrypted code data F into the encryption key K using the random number table T stored in the random number table storage unit 123E, and provides this to the encryption processing unit 124E. This is the same as the embodiment. The functions of the other constituent elements are the same as the corresponding constituent elements of the first embodiment shown in FIG.

  Thus, in the sixth embodiment, since the code data F is encrypted and handled as the encrypted code data G, a state where even the code data F does not exist in the main device 110E can be realized. For this reason, it is possible to further reduce the possibility of the encryption key K being stolen by unauthorized analysis by a cracker, and to improve tamper resistance.

  In the embodiment shown in FIG. 19, a plurality of H types of decryption keys (in the example shown, four public keys W1 to W4) are stored in the code data decryption unit 126E, and the encryption processing request unit 112E Along with the original data D, the encrypted code data G encrypted in a state where the decryption is possible using the i-th decryption key of the plurality of H decryption keys, and the i-th decryption key The decryption key designator w to be designated is given to the data input unit 121E.

  Therefore, the data input unit 121E includes the original data D, the encrypted code data G that is encrypted using the i-th decryption key, and the decryption designating the i-th decryption key. Processing for inputting the key designator w is performed. Here, the original data D is provided to the encryption processing unit 124E, and the encrypted code data G and the decryption key specifier w are provided to the code data decryption unit 126E. The code data decryption unit 126E performs the decryption process on the encrypted code data G using the decryption key designated by the decryption key designator w to obtain the code data F.

  Here, an example using a public key and a private key that can be used in a public key cryptosystem will be described more specifically. FIG. 20 is a table showing key pairs that can be used in a general public key cryptosystem. In the public key cryptosystem, a key pair of a public key and a secret key is used. Here, when the public key and the private key constituting a pair of key pairs are encrypted with respect to predetermined data using one key as an encryption key to generate encrypted data, It has a special relationship that the decryption process can be performed on the encrypted data using the key as a decryption key.

  In the example shown in FIG. 20, a total of H key pairs having such a relationship are prepared. For example, when encryption processing is performed using the i-th secret key Vi, the corresponding i-th key pair is provided. The decryption process can be performed using the public key Wi as the decryption key. Therefore, the code data decryption unit 126E includes one of the public key and the private key for each of a plurality of H pairs of public keys and private keys that can be used in such a public key cryptosystem. Is stored as a decryption key. In the case of the example shown in FIG. 19, an example is shown in which the code data decryption unit 126E stores four sets of public keys W1 to W4 as decryption keys.

  On the other hand, the encrypted code data G stored in advance in the encryption processing request unit 112E (or received from the outside) is the i-th one of the H key pairs with respect to the original code data F. Data obtained by performing encryption using the other key corresponding to the key (the key stored in the code data decryption unit 126E). The encryption processing request unit 112E gives the data input unit 121E a decryption key designator w for designating a decryption key that can be used for the decryption process together with the encrypted code data G. That is, the decryption key designator w is information that specifies the i-th item of “one key used as the decryption key for the H key pairs” stored in the code data decryption unit 126E of the cryptographic processing device 120E. It will be.

  Eventually, the data input unit 121E designates the encrypted code data G encrypted using the other key of the i-th key pair of the H key pairs and the i-th key pair. Since the decryption key designator w is input, the code data decryption unit 126E decrypts the key using one key of the i-th key pair designated by the decryption key designator w as a decryption key. It can be performed.

  As shown in FIG. 19, when the public keys W1 to W4 are stored in the code data decryption unit 126E as four sets of decryption keys, the encryption of the code data F corresponds to these public keys W1 to W4. Any one of the secret keys V1 to V4 may be used. For example, when the encrypted code data G is prepared by encrypting the encoded data F using the secret key V3, the encryption processing request unit 112E specifies the public key W3 that is a decryption key together with the encrypted code data G A process of giving the decryption key designator w to be performed to the data input unit 121E is performed. As a result, the code data decryption unit 126E performs a process of decrypting the encrypted code data G and obtaining the original code data F using the public key W3 specified by the decryption key designator w.

  As described above, in the embodiment in which a plurality of H sets of public keys and secret keys that can be used for the public key cryptosystem are used, when the same cryptographic processing subroutine R is used by a plurality of different program providers, It is effective to maintain security in For example, as described above, when the program providers X, Y, and Z develop main programs Mx, My, and Mz as application programs that can be used in the information processing apparatus 100E, respectively, the sixth Consider the case of applying the embodiment. These main programs Mx, My, and Mz are all application programs that perform cryptographic processing using the same cryptographic processing subroutine R, and pass the encrypted code data Gx, Gy, and Gz to the cryptographic processing subroutine R, respectively. Therefore, it is assumed that each has a function of performing encryption processing using desired encryption keys Kx, Ky, and Kz.

  In this case, the secret keys V1, V2, and V3 are given to the traders X, Y, and Z, respectively, and the code data Fx, Fy, and Fz are encrypted using these secret keys V1, V2, and V3, respectively. The encoded code data Gx, Gy, and Gz are prepared. Then, when making a cryptographic processing request from the main program Mx to the cryptographic processing subroutine R, the decryption key designator wx for designating the public key W1 is delivered together with the encrypted code data Gx. Then, the code data decryption unit 126E can perform a process of decrypting the encrypted code data Gx using the public key W1 and returning it to the original code data Fx. The same applies when a cryptographic process request is made from the main programs My and Mz.

  If such an embodiment is adopted, the same encryption processing subroutine is shared by the traders X, Y, and Z, but the secret keys V1, V2, and V3 to be passed to the traders X, Y, and Z are different. , Security between vendors will be sufficiently maintained. Of course, the roles of the public key and the secret key are reversed, the secret keys V1, V2, and V3 are stored in the code data decryption unit 126E, and the public keys W1, W2, and W3 are transferred to the traders X, Y, and Z. It does not matter if encryption is performed.

<<< §7. Code data generation apparatus used in the present invention >>
In practicing the present invention, it is necessary to create code data F corresponding to a desired encryption key K (an encryption key that should actually be used in encryption processing) using a predetermined random number table in advance. For example, in the case of the first embodiment shown in FIG. 5, the encryption processing unit 124 obtains a desired encryption key K “26, 5C, 08, 3A, D8, 55, 2B, 10” as shown in the upper part of FIG. In order to perform the encryption processing used, it corresponds to the encryption key K “26, 5C, 08, 3A, D8, 55, 2B, 10” in advance using a random number table T as shown in FIG. It is necessary to prepare the code data to be generated, that is, the code data F “AD, 31, 63, 1D, 12, 60, EE, 1B” as shown in the lower part of FIG.

  The operation of creating the code data F corresponding to the desired encryption key K can be performed manually if the random number table T is available. Therefore, if the same random number table as the random number table T incorporated in the encryption processing subroutine R is given to the creator of the main program M, the creator can generate the code data F corresponding to the desired encryption key K. Is prepared in advance and stored in the encryption processing request unit 112 (actually, the code data F is written in the main program M), or the code data is stored in an external device or server. F can be stored, and the encryption processing request unit 112 can be procured as necessary (in practice, a processing program for reading the code data F from the outside is included in the main program M). Will be prepared).

  However, in practice, instead of having the creator of the main program M create the code data F manually, use the code data generation device having the function of automatically generating the code data F. In addition, it is preferable that the code data F is generated by the code data generation device from the viewpoint of keeping the encryption key K secret. Therefore, here, a configuration example of such a code data generation apparatus will be described.

  FIG. 21 is a block diagram showing a basic configuration of such a code data generation device 300 for cryptographic processing. This device is a code data generation device suitable for generating code data F to be given to the encryption processing device 120 according to the first embodiment described in §1, and as shown in the figure, an encryption key input unit 310, A code data generation unit 320 and a random number table storage unit 330 are included. Actually, the code data generation apparatus 300 can be configured by, for example, incorporating an application program in a general-purpose personal computer. Alternatively, the code data generation device 300 may be configured by a server device connected to a network so that it can be used via the network.

  Here, the encryption key input unit 310 is a component that inputs an encryption key K to be used for encryption processing by the encryption processing unit 124 in the encryption processing device 120. When the code data generating apparatus 300 is configured by a personal computer, the encryption key input unit 310 can be configured by a keyboard provided in the personal computer.

  On the other hand, the random number table storage unit 330 is a component for storing the same random number table T as the random number table T stored in the random number table storage unit 123 in the cryptographic processing device 120. When 300 is configured, the random number table storage unit 330 can be configured by a memory provided in the personal computer or various storage devices connected to the personal computer.

  Then, the code data generation unit 320 uses the random number table T stored in the random number table storage unit 330 to perform a conversion process opposite to the conversion process performed by the code conversion unit 122 in the cryptographic processing device 120. The code key F corresponding to the encryption key K input by the encryption key input unit 310 is generated. When the code data generation device 300 is configured by a personal computer, the code data generation unit 320 can be configured by a CPU and a conversion processing program provided in the personal computer.

  Eventually, the code data generation device 300 for cryptographic processing fulfills the function of generating the corresponding code data F for the given arbitrary encryption key K using the random number table T and outputting it. . For example, when performing conversion using the random number table T illustrated in FIG. 6 with respect to the encryption key K “26, 5C, 08, 3A, D8, 55, 2B, 10” as shown in the upper part of FIG. First, a cell containing a numerical value “26” in the first byte is found from the random number table T, and the original numerical value “26” is replaced with the cell number “AD” of the cell. If the same processing is performed for the second to eighth bytes, the code data F “AD, 31, 63, 1D, 12, 60, EE, 1B” as shown in the lower part of FIG. 7 is obtained.

  The creator of the main program M can automatically obtain the code data F corresponding to the desired encryption key K by using the code data generation device 300 when performing the work of creating the main program M. The obtained code data F can be incorporated into the main program M, or stored and provided in an external device or server. Since the creator of the main program M does not need to manually create the code data F, it is not necessary to disclose the contents of the random number table T to the creator.

  Note that the random number table storage unit 330 that stores the random number table T can also be configured by an external storage device connected to a personal computer, such as an IC card or a USB memory. In particular, if the random number table storage unit 330 is configured with an IC card, the confidentiality of the random number table T stored therein can be ensured. Of course, the entire code data generation apparatus 300 may be configured by an IC card.

  Moreover, the part of the random number table storage unit 330 can be configured by an external server. In this case, the code data generation unit 320 accesses the server via the network and refers to the random number table T. Of course, the entire code data generation apparatus 300 may be configured by an external server. In this case, the creator of the main program M transmits the encryption key K to the code data generation device 300 via the network and receives the code data F via the network.

  The configuration of the code data generation device 300 suitable for generating the code data F to be given to the cryptographic processing device 120 according to the first embodiment described in §1 has been described above with reference to FIG. The code data generation devices 300A to 300D suitable for generating the code data F to be given to the cryptographic processing devices 120A to 120D according to the second to fifth embodiments described in 2 to §5 are also realized with substantially the same configuration. it can.

  For example, since a plurality of random number tables T0 to T15 are used in the cryptographic processing device 120A according to the second embodiment, a plurality of random number tables T0 to T15 are also stored in the random number table storage unit 330A in the code data generation device 300A. The code data F may be generated by selecting an arbitrary random number table. Of course, in order to maintain the security between the vendors by using the same cryptographic processing subroutine R for a plurality of different program vendors, a specific random number table is assigned to each vendor as described in §2. Since the allocation operation is adopted, it is sufficient that the code data generation device 300A provided to each vendor stores only the random number table allocated to the vendor.

  For example, when the operation of assigning the random numbers tables T0, T1, and T2 to the program providers X, Y, and Z, respectively, only the random number table T0 is stored in the code data generation device provided to the vendor X. It is sufficient that only the random number table T1 is stored in the code data generating device provided to the supplier Y, and only the random number table T2 is stored in the code data generating device provided to the supplier Z. When the random number table storage unit 330 is provided on the server, the trader X is given access rights to the random number table T0, the trader Y is given access rights to the random number table T1, and the trader Z is accessed to the random number table T2. The operation that grants the right should be taken.

  On the other hand, in the cryptographic processing device 120B according to the third embodiment, the code conversion unit 122B performs processing for designating a plurality of random number tables based on the table designating patterns P1 to P3. The random number table storage unit 330B stores a plurality of random number tables T0 to T15, and the code data generation unit 320B also stores the same table designating patterns P1 to P3 so that the selected specific table is stored. A predetermined random number table may be designated for each byte constituting the encryption key K based on the table designation pattern.

  Of course, when the operation of assigning a specific table designation pattern for each trader is employed, it is sufficient to store only the table designation pattern assigned to the trader in the code data generation device 300B provided to each trader.

  In addition, in the cryptographic processing device 120C according to the fourth embodiment, the code conversion unit 122C performs a shift process based on the shift indicator s, so that the code data generation unit 320C in the code data generation device 300C also A function for performing a shift process based on a desired shift indicator s may be provided.

  The function of the code conversion unit 122D in the cryptographic processing device 120D according to the fifth embodiment is the same as the function of the code conversion unit 122 in the cryptographic processing device 120 according to the first embodiment. In order to generate the code data F to be given to the encryption processing device 120D, the code data generation device 300 shown in FIG. 21 may be used as it is.

  On the other hand, since it is necessary to deliver the encrypted code data G instead of the code data F for the cryptographic processing device 120E according to the sixth embodiment, an encryption function for the code data F is added to the code data generation device. It is preferable that the encrypted code data G can be generated.

  The code data generation device 300E shown in FIG. 22 is a code data generation device suitable for generating the encrypted code data G to be given to the encryption processing device 120E according to the sixth embodiment. An input unit 310E, a code data generation unit 320E, a random number table storage unit 330E, and an encrypted code data generation unit 340E are provided. Actually, the code data generation device 300E can also be configured by, for example, incorporating an application program in a general-purpose personal computer.

  Here, the functions of the encryption key input unit 310E, the code data generation unit 320E, and the random number table storage unit 330E are the encryption key input unit 310, the code data generation unit 320, and the constituent elements of the code data generation device 300 shown in FIG. The function of the random number table storage unit 330 is exactly the same. In other words, the code data generation device 300E shown in FIG. 22 is configured by adding an encrypted code data generation unit 340E to the code data generation device 300 shown in FIG. Here, the encrypted code data generation unit 340E encrypts the code data F generated by the code data generation unit 320E by a method that can be decoded by the code data decoding unit 126E in the encryption processing device 120E shown in FIG. To generate encrypted code data G and output it. Therefore, if the desired encryption key K is given to the code data generation device 300E, the encrypted code data G is output.

  More specifically, the encrypted code data generation unit 340E performs “one key (in the figure) of“ H key pairs ”stored in the code data decryption unit 126E in the encryption processing device 120E shown in FIG. In the example, “the other key of the H key pairs (the secret keys V1 to V4 in the illustrated example)” respectively corresponding to the public keys W1 to W4) ”is stored, and the code data generating unit 320E The generated code data F is encrypted using an arbitrary i-th key in the “other key of the H key pairs (the secret keys V1 to V4 in the illustrated example)”. To generate encrypted code data G. Here, the i-th key used for encryption is a decryption key and is designated by the decryption key designator w.

  Of course, the encrypted code data generation unit 340E may be configured by an external storage device connected to a personal computer such as an IC card or a USB memory, or the encryption code data generation unit 340E is configured by an external server. May be. Alternatively, the entire code data generation device 300E may be configured by an external server.

  In order to maintain the security between the vendors by using the same cryptographic processing subroutine R for a plurality of different program providers, an operation of assigning a specific key pair to each vendor is adopted. The encrypted code data generation unit 340E of the code data generation device 300E provided to each individual company only needs to store the key assigned to the company.

  For example, as described in §6, when the operator X, Y, Z uses the secret keys V1, V2, V3 to encrypt the code data F, the supplier X uses it. Only the secret key V1 is stored in the encrypted code data generation unit 340E in the code data generation device 300E, and only the secret key V2 is stored in the encryption code data generation unit 340E in the code data generation device 300E used by the vendor Y. Only the secret key V3 may be stored in the encrypted code data generation unit 340E in the code data generation device 300E that is stored and used by the trader Z.

  However, if the code data generation device 300E is configured by an IC card instead of a personal computer, the secret key used by the encrypted code data generation unit 340E is also recorded in the IC card. Reading out to the outside is extremely difficult. Therefore, when the code data generation device 300E is configured with an IC card, it is not necessary to use a different key pair for each vendor, and even if a common single key pair is used, there is practical security between vendors. The problem does not occur. Specifically, in this case, the secret key of the common key pair is stored in the encrypted code data generation unit 340E shown in FIG. 22, and the code data decryption unit 126E shown in FIG. It is enough to store the public key of a common key pair.

  The code data generation apparatus described here is also used when executing the process of generating “encoded algorithm specifier” by encoding “algorithm specifier a” as described in §5. Is possible. In this case, when “algorithm specifier a” is input, “encoded algorithm specifier” is automatically output. As described above, when a mechanism for automatically generating an “encoded algorithm specifier” using a code data generation device is employed, the same encryption processing device 120 (encryption processing subroutine) is shared by a plurality of operators. Even in the case of adopting a form, sufficient security can be ensured. In other words, if an individual data provider is provided with a code data generation device in which only the minimum necessary data for designating an algorithm used by the business is provided, an algorithm used by another It is not possible to generate an “encoded algorithm specifier” for designating “”, and it is possible to reduce the possibility of an illegal act.

<<< §8. Other variations >>
So far, six embodiments of the information processing apparatus (main apparatus and cryptographic processing apparatus) according to the present invention have been described, and further, the cryptographic processing code data generation apparatus that can be used for them has been described. Here, finally, some other modifications will be described.

(1) Encryption Process and Decryption Process As described above, in this application, “encryption process” and “decryption process” are collectively referred to as “encryption process”. Therefore, “encryption processing” executed using the encryption key K in the encryption processing units 124, 124A, 124B, 124C, 124D, and 124E in each embodiment refers to the original data D given as the plaintext data P as encrypted data. This includes not only “encryption processing” for converting to C, but also “decryption processing” for converting original data D given as encrypted data C into plaintext data P. Therefore, the encryption processing subroutine R may be the encryption processing subroutine R1, the decryption processing subroutine R2, or a subroutine including both of them.

(2) Rearrangement related to code data The basic functions of the code conversion units 122, 122A, 122B, 122C, 122D, and 122E are included in the input code data by referring to the random number table as described in each embodiment. The purpose is to obtain an encryption key by performing a conversion process in which each numerical value is replaced with a numerical value contained in a cell having the numerical value as a cell number. FIG. 7 shows an example of mutual conversion performed between the encryption key K and the code data F using the specific random number table T shown in FIG. 6 as its basic form.

  In the modification described here, when such conversion processing is performed, numerical value rearrangement processing based on a predetermined rearrangement rule set in advance is performed. For example, in FIG. 7, the encryption key K “26, 5C, 08, 3A, D8, 55, 2B, 10” is converted by using the random number table T shown in FIG. An example of obtaining “AD, 31, 63, 1D, 12, 60, EE, 1B” is shown. In the case of the embodiment described in §1, the code data F obtained in this way is transferred to the cryptographic processing device 120, and the code conversion unit 122 performs a process of obtaining the original cryptographic key K by performing reverse conversion. On the other hand, in the modified example described here, numerical value rearrangement processing based on a predetermined rearrangement rule is further performed on the code data F shown in FIG. 7, and the rearranged code data F ′ is obtained. The data is delivered to the cryptographic processing device 120.

  For example, when a simple rule of “reverse numerical values” is set as the rearrangement rule, the numerical values of the code data F “AD, 31, 63, 1D, 12, 60, EE, 1B” are reversed. As a result, the code data F ′ “1B, EE, 60, 12, 1D, 63, 31, AD” is obtained. Therefore, instead of delivering the code data F to the cryptographic processing device 120, the code data F ′ is delivered.

  In this case, the code conversion unit 122 converts each numerical value “1B, EE, 60, 12, 1D, 63, 31, AD” included in the code data F ′ input by the data input unit 121 into a predetermined rearrangement rule ( In the case of the above example, rearrangement is performed according to the rule of “reverse numerical values”, and the random number table T is referred to using the rearranged numerical values “AD, 31, 63, 1D, 12, 60, EE, 1B”. Thus, the conversion process is performed, and the converted data “26, 5C, 08, 3A, D8, 55, 2B, 10” is given to the encryption processing unit 124 as the encryption key K. Eventually, there is no difference from the first embodiment described in §1 in that the encryption key K shown in the upper part of FIG. 7 is given to the encryption processing unit 124. The correspondence relationship between the data F ′ and the encryption key K becomes more complicated, and the tamper resistance can be further improved.

  Naturally, the rearrangement rule is not limited to the rule of “reversing the numerical values”, and an arbitrary rule can be set. For example, if a rule of “changing the first numerical value and the last numerical value” is set, the code data F is based on the code data F “AD, 31, 63, 1D, 12, 60, EE, 1B”. “1B, 31, 63, 1D, 12, 60, EE, AD” is obtained. Of course, as a more complicated rule, for example, a rule that “the first numerical value and the last numerical value are interchanged and then the numerical values are reversed in order” can be set. Alternatively, a rule for rearranging by so-called rotation shift may be set. For example, if the code data F “AD, 31, 63, 1D, 12, 60, EE, 1B” is rearranged by setting a shift amount of “+3” (shifted by 3 in the right direction). , Code data F ′ “60, EE, 1B, AD, 31, 63, 1D, 12” is obtained. In short, any sort rule may be set as long as the code conversion unit 122 can perform processing for converting the given code data into the encryption key K.

  Further, in the above modification, the code data F shown in the lower part of FIG. 7 is rearranged, and the code data F ′ after the rearrangement is delivered to the cryptographic processing device 120, but the encryption key K shown in the upper part of FIG. Are rearranged based on a predetermined rearrangement rule to create a rearranged encryption key K ′, and refer to the random number table T for each numerical value constituting the rearranged encryption key K ′ The code data F ″ may be obtained by performing the above replacement. In short, in the above-described modified example, rearrangement is performed on the converted data using the random number table T. In the example, rearrangement is performed on the data before conversion using the random number table T.

  For example, when the rule “reverse numerical values” is set, this is reversed for the encryption key K “26, 5C, 08, 3A, D8, 55, 2B, 10” shown in the upper part of FIG. Processing is performed to create data (10, 2B, 55, D8, 3A, 08, 5C, 26) (reordered encryption key K ′), and for these numerical values, the random number table shown in FIG. By performing replacement using T, code data F ″ “1B, EE, 60, 12, 1D, 63, 31, AD” may be generated and delivered to the cryptographic processor 120.

  In this case, the code conversion unit 122 first refers to the random number table T shown in FIG. 6 and each numerical value of the given code data F ”“ 1B, EE, 60, 12, 1D, 63, 31, AD ”. Is converted to obtain converted data “10, 2B, 55, D8, 3A, 08, 5C, 26” (rearranged encryption key K ′). Subsequently, the individual numerical values included in the converted data are rearranged according to a predetermined rearrangement rule (in the above example, the rule “reverse numerical values”), and the rearranged data “26, 5C, The process of giving 08, 3A, D8, 55, 2B, 10 "to the encryption processing unit 124 as the encryption key K may be performed.

  Of course, by combining the above-described two modifications, the first rearrangement is performed on the data before conversion using the random number table T, and the second rearrangement is performed on the data after conversion using the random number table T. May be performed.

(3) Combinations of Embodiments In §1 to §6, the first to sixth embodiments having unique features are individually described. However, these embodiments can be combined with each other. Can be executed. For example, the second embodiment that uses a plurality of random number tables, the fourth embodiment that shifts the random number table, and the fifth embodiment that uses a plurality of cryptographic algorithms may be used in combination. In this case, original data D, code data F, table designator t, shift designator s, and algorithm designator a are delivered from the main device (main program M) to the cryptographic processing device (encryption processing subroutine R). It will be.

  Of course, it is also possible to deliver the encrypted code data G instead of the code data F by combining the sixth embodiment. In short, some of the embodiments described so far can be combined with each other as long as no contradiction arises, and the main apparatus (main program M) is changed to the encryption processing apparatus (encryption processing subroutine R). On the other hand, necessary information may be handed over according to the adopted embodiment.

  When the second or third embodiment using a plurality of random number tables is combined with the fourth embodiment that performs a shift with respect to the random number table, the shift across the plurality of random number tables should be performed. You can also. That is, when a plurality of random number tables are used, a combined table is created by temporarily combining the plurality of random number tables, and, for example, a rotation shift is performed on the combined table. What is necessary is just to perform the process to isolate | separate. The shift process performed on the combined table is a shift process across a plurality of random number tables, and a merit of further improving tamper resistance can be obtained.

  For example, FIG. 17 shows an example in which a rotation shift is performed on a random number table T composed of a total of 64 cells arranged in 8 rows and 8 columns. On the other hand, if two tables of 64 random cells are combined to create a combined table, a shift process is performed on the combined table of 128 cells in total. Thus, when the shift for the numerical values in the cells on the combined table is completed, it can be separated into two sets of random number tables consisting of 64 cells.

  Specifically, if the cell numbers of 64 cells constituting the first random number table Ta are 1 to 64, and the cell numbers of 64 cells constituting the second random number table Tb are 65 to 128, , Temporarily create a join table made up of 128 cells with cell numbers 1 to 128, and perform a rotation shift as illustrated in FIG. What is necessary is just to perform the process which isolate | separates into two random number tables with a cell. In this case, the numerical value pushed out from the first random number table Ta moves to the second random number table Tb, and the numerical value pushed out from the second random number table Tb moves to the first random number table Ta.

  For example, in the state where the numerical value “1 to 64” is stored in the first random number table Ta before the shift and the numerical value “65 to 128” is stored in the second random number table Tb before the shift, these 2 When a rotation shift based on the shift indicator s “+5” is performed across the two random number tables, the numerical values in the first random number table Ta after the shift are “124, 125, 126, 127, 128, 1, 2”. , 3, ..., 57, 58, 59 ", and the numerical values in the second random number table Ta after the shift are" 60, 61, 62, 63, 64, 65, 66, 67, ..., 121 ". , 122, 123 ". Since the shift across the two random number tables is performed, the tamper resistance is further improved.

  The example in which the two random number tables Ta and Tb are combined to create the combined table has been described above. Of course, three or more random number tables may be combined. In short, when a plurality of K kinds of random number tables are stored in the random number table storage unit, the data input unit straddles the table designator for designating a specific random number table together with the original data and the code data, and the plurality of random number tables. And a shift indicator indicating the rule to be shifted in the input from the outside, the code conversion unit performs a shift process across a plurality of random number tables based on the rule indicated by the shift indicator, the shift After the processing, the conversion processing may be performed by referring to the random number table specified by the table designator.

(4) Grasping as a method invention The present invention can be grasped as a cryptographic processing device, can be grasped as an information processing device configured by adding a main device to the cryptographic processing device, and It can also be understood as a code data generation device for encryption processing for generating code data F or encryption code data G to be delivered to the encryption processing device. Thus far, the description so far regards the present invention as various device inventions. On the other hand, the present invention can also be understood as a method invention called a cryptographic processing method.

  When viewed as a method invention, the present invention is an encryption processing method in which a computer in which the main program M and the encryption processing subroutine program R are incorporated performs encryption processing for encryption or decryption. It consists of the following three processing stages.

  First, in the first processing stage, the computer executes the main program M, so that the original data D to be subjected to encryption processing and the code data F necessary for encryption processing are delivered to the encryption processing subroutine program R. It is a stage.

  In the subsequent second processing stage, when the computer executes the cryptographic processing subroutine program R, N (M ≧ N) numerical values are randomly assigned to a plurality of M cells each having a unique cell number. Is converted into a numerical value stored in a cell having the numerical value as a cell number, and the converted data is encrypted. This is a cryptographic processing stage in which cryptographic processing is performed on the original data D based on a predetermined cryptographic algorithm A used as the key K, and the processed data E is delivered to the main program.

  The third processing stage is a post-processing stage in which the computer executes the main program M to continue predetermined processing using the processed data E.

  More specifically, in the pre-processing stage, a process of handing over code data F in which integers having values in the range of 0 to (M-1) are transferred to the cryptographic processing subroutine program R is performed. A random number table T in which N consecutive integers in the range of 0 to (N-1) are randomly stored in a plurality of M cells assigned consecutive cell numbers in the range of ~ (M-1) is used. The code data may be converted into an encryption key K in which integers having values in the range of 0 to (N-1) are enumerated.

  Further, when the sixth embodiment described above is adopted, encrypted code data generated by encrypting the code data F by a predetermined method instead of the code data F in the preprocessing stage. G is transferred to the encryption processing subroutine program R, and at the encryption processing stage, conversion processing for converting the original code data F obtained by decrypting the encrypted code data G into the encryption key K is performed. Good.

100, 100A, 100B, 100C, 100D, 100E: Information processing apparatus 110, 110A, 110B, 110C, 110D, 110E: Main apparatus (main program)
111, 111A, 111B, 111C, 111D, 111E: Information processing unit 112, 112A, 112B, 112C, 112D, 112E: Encryption processing request unit 113, 113A, 113B, 113C, 113D, 113E: Encryption processing result receiving unit 120, 120A, 120B, 120C, 120D, 120E: Cryptographic processing device (cryptographic processing subroutine)
121, 121A, 121B, 121C, 121D, 121E: Data input units 122, 122A, 122B, 122C, 122D, 122E: Code conversion units 123, 123A, 123B, 123C, 123D, 123E: Random number table storage units 124, 124A, 124B, 124C, 124D, 124E: encryption processing units 125, 125A, 125B, 125C, 125D, 125E: data output unit 126E: code data decryption unit 300, 300E: code data generation device 310, 310E: encryption key input unit 320, 320E: Code data generation unit 330, 330E: Random number table storage unit 340E: Encrypted data generation unit A, A1 to A4: Encryption algorithm a: Algorithm specifier C: Encryption data D: Original data d: Shift amount E: Processed Data F: Code data F : Code data F "after rearrangement: Code data f1 to f8 created based on the encryption key after rearrangement: Each byte G of code data F: Encrypted code data K: Encryption key K ': After rearrangement Encryption key M: main program P: plaintext data P1-P3: table designation pattern p: pattern selector R: encryption processing subroutine R1: encryption processing subroutine R2: decryption processing subroutine s: shift indicators T, T0 to T15: Random number tables t, t1 to t8: Table designators V1 to VH: Private keys W1 to WH: Public keys w: Decryption key designators X, Y, Z: Providers x, y of application program (main program M) Execution route

Claims (11)

An encryption processing device that performs encryption processing for encryption or decryption on input original data and outputs processed data,
A data input unit for inputting the original data to be encrypted and the code data necessary for the encryption from the outside;
Based on a predetermined encryption algorithm using a predetermined encryption key, an encryption process is performed on the original data input by the data input unit to generate processed data;
A data output unit for outputting the generated processed data to the outside;
A random number table storage unit for storing a random number table containing N (M ≧ N) numerical values randomly in a plurality of M cells each having a unique cell number;
By referring to the random number table, a conversion process is performed in which each numerical value included in the code data input by the data input unit is replaced with a numerical value contained in a cell having the numerical value as a cell number. A code conversion unit that gives the data obtained through the above as an encryption key to the encryption processing unit,
Equipped with a,
The data input unit inputs from the outside a shift indicator indicating a rule for shifting a numerical value in each cell of the random number table together with the original data and the code data,
An encryption processing apparatus , wherein the code conversion unit shifts each numerical value in a random number table based on a rule indicated by the shift indicator, and performs conversion processing using the shifted numerical value . The cryptographic processing device according to claim 1 ,
The data input unit inputs a shift indicator indicating either a positive or negative shift direction and a shift amount d,
When the shift direction is positive, the code conversion unit shifts the numerical value in the cell having the i-th cell number of the random number table to the cell having the (i + d) -th cell number, and the shift direction Is negative, a shift process for shifting the numerical value in the cell having the i-th cell number in the random number table to the cell having the (id) cell number (where the cell after the shift is An encryption processing apparatus that performs a process of adding or subtracting the total number M of cells to the cell number after the shift so that the cell number is within the range of the cell number). The cryptographic processing device according to claim 1 ,
The random number table storage unit stores a plurality of K random number tables;
The data input unit inputs from the outside a table designator that designates a specific random number table together with the original data and code data, and a shift indicator that indicates a rule for shifting across a plurality of random number tables,
The code conversion unit performs a shift process based on a rule indicated by the shift indicator, and performs the conversion process by referring to the random number table specified by the table specifier after the shift process. Cryptographic processing device. The cryptographic processing device according to any one of claims 1 to 3 ,
The code conversion unit rearranges individual numerical values included in the code data input by the data input unit according to a predetermined rearrangement rule, performs conversion processing by referring to the random number table using the rearranged numerical values, An encryption processing apparatus, wherein the converted data is given to the encryption processing unit as an encryption key. The cryptographic processing device according to any one of claims 1 to 3 ,
After the code conversion unit obtains data after conversion by conversion processing referring to a random number table, the numerical values included in the converted data are rearranged according to a predetermined rearrangement rule, An encryption processing apparatus, wherein data is given to the encryption processing unit as an encryption key. In the cryptographic processing device according to any one of claims 1 to 5 ,
The cryptographic processing unit has a function of performing cryptographic processing using an arbitrary cryptographic algorithm among a plurality of cryptographic algorithms,
The data input unit inputs an algorithm designator that designates one of the plurality of encryption algorithms,
The cryptographic processing apparatus, wherein the cryptographic processing unit performs cryptographic processing using a cryptographic algorithm designated by the algorithm designator. An encryption processing device that performs encryption processing for encryption or decryption on input original data and outputs processed data, and includes original data to be subjected to encryption processing and code data necessary for encryption processing Cryptographic processing for generating processed data by performing cryptographic processing on the original data input by the data input unit based on a data input unit input from the outside and a predetermined encryption algorithm using a predetermined encryption key Unit, a data output unit for outputting the generated processed data to the outside, and a plurality of M cells each having a unique cell number, and randomly storing N numbers (M ≧ N). By referring to the random number table storage unit that stores the random number table and the random number table, each numerical value included in the code data input by the data input unit is converted into a cell number. Performs conversion processing for replacing the numerical value contained in that cell, it generates code data providing data obtained through the conversion process to the encryption processing apparatus and a code converting unit that gives the encryption processing section as an encryption key A code data generation device,
A random number table storage unit that stores the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the encryption key input by the encryption key input unit A code data generation unit for generating corresponding code data;
A code data generation device for cryptographic processing, comprising: An encryption processing device that performs encryption processing for encryption or decryption on input original data and outputs processed data, and includes original data to be subjected to encryption processing and code data necessary for encryption processing Cryptographic processing for generating processed data by performing cryptographic processing on the original data input by the data input unit based on a data input unit input from the outside and a predetermined encryption algorithm using a predetermined encryption key Unit, a data output unit for outputting the generated processed data to the outside, and a plurality of M cells each having a unique cell number, and randomly storing N numbers (M ≧ N). By referring to the random number table storage unit that stores the random number table and the random number table, each numerical value included in the code data input by the data input unit is converted into a cell number. Performs conversion processing for replacing the numerical value contained in that cell, and the code converting unit that gives the data obtained through the conversion process to the encryption processing section as an encryption key, encrypted encryption code data in a predetermined manner A code data decoding unit for obtaining original code data, wherein the data input unit inputs the encrypted code data from the outside, and the code data decoding unit inputs the data input unit The encrypted code data is decrypted, the decrypted code data is provided to the code conversion unit, and the code conversion unit provides a cryptographic processing device that performs a conversion process of converting the decrypted code data into an encryption key. A code data generation device for generating encoded code data,
A random number table storage unit that stores the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the encryption key input by the encryption key input unit A code data generation unit for generating corresponding code data;
An encrypted code data generation unit that generates encrypted code data by encrypting the code data generated by the code data generation unit by a method that can be decrypted by the code data decoding unit in the encryption processing device; ,
A code data generation device for cryptographic processing, comprising: An encryption processing device that performs encryption processing for encryption or decryption on input original data and outputs processed data, and includes original data to be subjected to encryption processing and code data necessary for encryption processing Cryptographic processing for generating processed data by performing cryptographic processing on the original data input by the data input unit based on a data input unit input from the outside and a predetermined encryption algorithm using a predetermined encryption key Unit, a data output unit for outputting the generated processed data to the outside, and a plurality of M cells each having a unique cell number, and randomly storing N numbers (M ≧ N). By referring to the random number table storage unit that stores the random number table and the random number table, each numerical value included in the code data input by the data input unit is converted into a cell number. Performs conversion processing for replacing the numerical value contained in that cell, and the code converting unit that gives the data obtained through the conversion process to the encryption processing section as an encryption key, encrypted encryption code data in a predetermined manner A code data decoding unit for obtaining original code data, wherein the data input unit inputs the encrypted code data from the outside, and the code data decoding unit inputs the data input unit The encrypted code data is decoded, the decoded code data is supplied to the code conversion unit, and the code conversion unit performs a conversion process of converting the decoded code data into an encryption key, and the code data decoding unit Stores a plurality of H types of decryption keys, and the data input unit is encrypted in such a manner that it can be decrypted using the i-th decryption key of the plurality of H types of decryption keys. Code data And a decryption key designator designating the i-th decryption key, and the code data decryption unit performs decryption using the decryption key designated by the decryption key designator, The code data decryption unit stores one of a public key and a private key for each of a plurality of H pairs of public keys and private keys that can be used in a public key cryptosystem, and A data input unit that encrypts encrypted data using the other key of the i-th key pair of the H key pairs and a decryption key that specifies the i-th key pair; An encryption code that is input from the outside, and the code data decryption unit gives to a cryptographic processing device that performs decryption using the one key of the key pair designated by the decryption key designator as a decryption key Generate code data to generate data A device,
A random number table storage unit that stores the same random number table as the random number table stored in the random number table storage unit in the cryptographic processing device;
An encryption key input unit for inputting an encryption key to be used for encryption processing by the encryption processing unit in the encryption processing device;
Using the random number table stored in the random number table storage unit, a conversion process opposite to the conversion process performed by the code conversion unit in the encryption processing device is performed, and the encryption key input by the encryption key input unit A code data generation unit for generating corresponding code data;
Storing “the other key of the H key pairs” corresponding to the “one key of the H key pairs” stored in the code data decryption unit in the encryption processing device, The code data generated by the code data generation unit is encrypted by using an arbitrary i-th key in the “other key of the H key pairs” to generate an encrypted code An encrypted code data generation unit for generating data;
A code data generation device for cryptographic processing, comprising: Program for causing a computer to function as a cryptographic processing apparatus according to claim 1. A program for causing a computer to function as the code data generation device for cryptographic processing according to any one of claims 7 to 9 .

Images