JP6249687B2 - Information processing apparatus, protected data utilization program, protected data decoding program, protected data utilization method, read-only storage medium, encoded data generation apparatus, and encoded data generation program - Google Patents

Description

  The present invention relates to a technique for using protected data by preventing falsification of protected data to be protected.

Most of the commercially available security devices (for example, firewalls) have a structure in which setting data can be easily changed by storing a program and its setting data in a hard disk. Also, the operability for changing the setting data is a feature of the product.
For this reason, although the setting data is protected by a password, it can be falsified based on malicious intent. Similarly, the risk of program tampering cannot be ruled out.

Patent Document 1 discloses a technique for allowing information stored in a storage medium to be browsed only by a specific terminal device.
Patent Document 2 discloses a technique for preventing unauthorized tampering and erasure of data by making it possible to use an optical recording medium on which data is backed up only in a backup environment or between authorized persons.
Patent Document 3 discloses a technique for preventing unauthorized use of content without impeding user convenience.

JP 2010-225251 A JP 2007-080339 A JP 2006-195740 A

  An object of the present invention is to make it possible to use protected data by preventing falsification of protected data (for example, a program and a setting file) to be protected.

The information processing apparatus of the present invention
An OS reading unit that reads the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protection data to be protected are stored; ,
An encoded data reading unit that reads the encoded data from the read-only storage medium into the main memory;
An OS execution unit for starting execution of the OS read into the main memory by the OS read unit;
A protection data decoding unit that decodes the protection data from the encoded data read into the main memory by the encoded data reading unit after the OS execution unit starts execution of the OS;
A protection data utilization unit that utilizes the protection data decrypted by the protection data decryption unit.

The read-only storage medium is a storage medium in which a medium identifier for identifying the read-only storage medium is stored.
The protection data decryption unit obtains the medium identifier from the read-only storage medium, and decrypts the protection data using the obtained medium identifier.

The encoded data is data generated using a regular identifier that identifies a regular storage medium.
The protection data decryption unit can decrypt the protection data when the medium identifier matches the regular identifier, but cannot decrypt the protection data when the medium identifier does not match the regular identifier.

  The protection data decryption unit acquires a device identifier for identifying the information processing device, and decrypts the protection data using the acquired device identifier.

The encoded data is data generated using a computer identifier that identifies a legitimate computer.
The protection data decryption unit can decrypt the protection data when the device identifier matches the computer identifier, but cannot decrypt the protection data when the device identifier does not match the computer identifier.

The read-only storage medium is a storage medium that stores a public key.
The protected data decryption unit acquires the public key from the read-only storage medium, and decrypts the protected data using the acquired public key.

The encoded data is data generated using a regular secret key.
The protected data decryption unit can decrypt the protected data when the public key is a regular public key paired with the regular secret key, but when the public key is not the regular public key The protected data cannot be decrypted.

  The information processing apparatus includes an OS stopping unit that stops the execution of the OS when the protected data decrypting unit cannot decrypt the protected data.

The read-only storage medium is a storage medium that stores a public key and a medium identifier that identifies the read-only storage medium.
The protected data decryption unit acquires a device identifier for identifying the information processing device, acquires the public key and the medium identifier from the read-only storage medium, and acquires the device identifier, the public key, and the medium identifier. And decrypting the protected data.

  The protected data utilization program of the present invention causes a computer to function as the information processing apparatus.

The protection data decryption program of the present invention
A medium identifier for identifying a read-only storage medium in which encoded data generated by encoding the protection data is stored, and a device identifier for identifying a computer that reads the encoded data from the read-only storage medium; A decoding step of decoding compressed data from the encoded data using:
The decompression step of decrypting the protection data by decompressing the compressed data decrypted by the decryption step is caused to be executed by the computer.

The protected data utilization method of the present invention is as follows.
An information processing apparatus including an OS reading unit, an encoded data reading unit, an OS execution unit, a protected data decoding unit, and a protected data using unit is used.
The protected data utilization method is:
The OS reading unit stores the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protected data to be protected are stored in the main memory. Read out,
The encoded data reading unit reads the encoded data from the read-only storage medium into the main memory;
The OS execution unit starts execution of the OS read into the main memory by the OS read unit;
The protected data decoding unit decodes the protected data from the encoded data read into the main memory by the encoded data reading unit after the execution of the OS by the OS executing unit is started,
The protection data using unit uses the protection data decrypted by the protection data decryption unit.

The read-only storage medium of the present invention is
OS (Operating System),
A storage medium storing encoded data generated by encoding the protection data used by using the function of the OS.

  The encoded data is data obtained by encoding the protection data using at least one of a normal identifier for identifying a regular storage medium and a computer identifier for identifying a regular computer.

The encoded data generation apparatus of the present invention is
An encoded data generation unit is provided that generates encoded data by encoding the protection data to be protected.
The encoded data generation unit encodes the protection data by using at least one of a medium identifier for identifying a read-only storage medium and a device identifier for identifying an information processing apparatus.

  The encoded data generation device includes a security file generation unit that generates a security file including an OS (Operating System) and the encoded data generated by the encoded data generation unit.

  The encoded data generation device includes a storage medium generation unit that stores the security file generated by the security file generation unit in a read-only storage medium.

The encoded data generation program of the present invention is
A computer is caused to function as the encoded data generation apparatus.

The encoded data generation program of the present invention is
A compression process for compressing the protected data to be protected;
A computer executes an encryption step of encrypting the protected data compressed in the compression step using a medium identifier for identifying a read-only storage medium and a device identifier for identifying an information processing device.

  According to the present invention, for example, it is possible to use protected data by preventing falsification of protected data (for example, a program and a setting file) to be protected.

1 is a schematic diagram of a security system 100 according to Embodiment 1. FIG. 2 is a functional configuration diagram of a security file generation device 400 according to Embodiment 1. FIG. 3 is a flowchart of a security file generation method in the first embodiment. 3 is a functional configuration diagram of an encoded file generation unit 410 according to Embodiment 1. FIG. 6 is a flowchart of encoded file generation processing (S110) in the first embodiment. 3 is a diagram illustrating an example of a hardware configuration of an information processing device 300 according to Embodiment 1. FIG. 2 is a functional configuration diagram of an information processing device 300 according to Embodiment 1. FIG. 4 is a flowchart of a protection program utilization method in the first embodiment. 3 is a functional configuration diagram of a startup script execution unit 340 according to Embodiment 1. FIG. 4 is a flowchart of a start script execution process (S240) in the first embodiment. 3 is a diagram illustrating an example of a hardware configuration of a security file generation device 400 according to Embodiment 1. FIG.

Embodiment 1 FIG.
A mode of using protected data by preventing falsification of protected data (for example, program and setting file) to be protected will be described.

FIG. 1 is a schematic diagram of a security system 100 according to the first embodiment.
An overview of the security system 100 according to the first embodiment will be described with reference to FIG.

The security system 100 is a system for protecting a program and a program setting file from tampering and unauthorized use.
Hereinafter, a program to be protected is referred to as “protection program 101 (an example of protection data)”, and a setting file indicating values set in parameters of the protection program 101 is referred to as “protection setting file 102 (an example of protection data)”.
For example, the protection program 101 is a security-related program (for example, a firewall).

In the security system 100, a security file generation device (not shown) generates the security file 201 by encoding (encrypting, data compression, etc.) the protection program 101 and the protection setting file 102. Then, the security file generation device stores the generated security file 201 in the read-only medium 200.
The information processing apparatus 300 reads the security file 201 from the read-only medium 200, decrypts the protection program 101 and the protection setting file 102 from the security file 201, and executes the protection program 101 based on the protection setting file 102.

The read-only medium 200 is a storage medium in which the boot loader 210 and the security file 201 are stored.
For example, the read-only medium 200 is a DVD-ROM or CD-ROM. Data stored in the read-only medium 200 (for example, the security file 201) can be read by the computer, but cannot be changed.

  The boot loader 210 is a program for starting up an OS (Operating System).

The security file 201 (an example of an encoded file) includes an OS image 220 and a public key certificate 230.
The OS image 220 is data including an OS file 221 and an encoded file 222 (an example of encoded data).
The OS file 221 is for executing the OS and includes a group of programs constituting the OS. The OS file 221 includes a startup script 229 (an example of a protected data decryption program) that is executed when the OS is started.
The encoding file 222 includes an encoding program 223 (an example of encoded data) obtained by encoding the protection program 101, and an encoding setting file 224 (an example of encoded data) obtained by encoding the protection setting file 102. Including.
The startup script 229 (an example of a protected data decryption program) is a kind of program, and indicates a decryption algorithm that decrypts the protection program 101 and the protection setting file 102 from the encoded file 222.

The public key certificate 230 is data including a public key 231 and subject information 232.
The public key 231 is a decryption key used for decrypting the encoding program 223 and the encoding setting file 224 included in the encoding file 222.
The subject information 232 is information (for example, an identifier of the subject) regarding a provider (hereinafter referred to as a subject) that provides the security file 201. For example, the subject information 232 includes an identifier (name, identification number, etc.) that identifies the subject. The subject may be an individual or a group (corporate, local government, government, etc.).
When the encoded file 222 can be decrypted into the protection program 101 and the protection setting file 102 using the public key 231, it is guaranteed that the security file 201 is provided by the subject indicated by the subject information 232.

FIG. 2 is a functional configuration diagram of the security file generation device 400 according to the first embodiment.
A functional configuration of the security file generation device 400 that generates the security file 201 will be described with reference to FIG.

  The security file generation device 400 (an example of an encoded data generation device) includes an encoded file generation unit 410 (an example of an encoded data generation unit), a security file generation unit 420, and a security file writing unit 430 (a storage medium generation unit). And a generation device storage unit 490.

  The encoded file generation unit 410 generates the encoded file 222 by encoding the protection program 101 and the protection setting file 102.

  The security file generation unit 420 generates the security file 201 using the OS file 221, the encoded file 222, and the public key certificate 230.

  The security file writing unit 430 writes the boot loader 210 and the security file 201 to the read-only medium 200.

The generation device storage unit 490 stores data used, generated, or input / output by the security file generation device 400.
For example, the generation device storage unit 490 stores the protection program 101, the protection setting file 102, the encoding file 222, the OS file 221, the public key certificate 230, the security file 201, and the boot loader 210.

FIG. 3 is a flowchart of the security file generation method according to the first embodiment.
A security file generation method using the security file generation apparatus 400 will be described with reference to FIG.

In S110, the encoded file generating unit 410 generates the encoded file 222 by encoding the protection program 101 and the protection setting file 102.
After S110, the process proceeds to S120.

  Hereinafter, the encoded file generation unit 410 and the encoded file generation process (S110) will be described.

FIG. 4 is a functional configuration diagram of the encoded file generation unit 410 according to the first embodiment.
The functional configuration of the encoded file generation unit 410 according to Embodiment 1 will be described with reference to FIG.

  The encoded file generation unit 410 includes a compression unit 411, a first encryption unit 412, a second encryption unit 413, and a third encryption unit 414.

The compression unit 411 performs data compression on the protection program 101 and the protection setting file 102.
Hereinafter, the data-compressed protection program 101 is referred to as a “compression program”, and the data-compressed protection setting file 102 is referred to as a “compression setting file”.
A file including a compression program and a compression setting file is referred to as a “compressed file”.

The first encryption unit 412 acquires a device identifier 309 (an example of a computer identifier) that identifies the information processing device 300, and encrypts the compressed file using the device identifier 309.
Hereinafter, a file obtained by encrypting a compressed file is referred to as a “first encrypted compressed file”.

The second encryption unit 413 acquires a medium identifier 209 (regular identifier) for identifying the read-only medium 200 and encrypts the first encrypted compressed file using the medium identifier 209.
Hereinafter, a file obtained by encrypting the first encrypted compressed file is referred to as a “second encrypted compressed file”.

The third encryption unit 414 encrypts the second encrypted compressed file using the private key 491 paired with the public key 231 included in the public key certificate 230 (see FIG. 1). The secret key 491 is stored in advance in the generation device storage unit 490.
A file obtained by encrypting the second encrypted compressed file is “encoded file 222”.

FIG. 5 is a flowchart of the encoded file generation process (S110) in the first embodiment.
The encoded file generation process (S110) in the first embodiment will be described with reference to FIG.

In S111 (an example of a compression process), the compression unit 411 compresses the protection program 101 and the protection setting file 102 by executing a general data compression algorithm.
The compression unit 411 generates a compressed file including a compression program obtained by compressing the protection program 101 and a compression setting file obtained by compressing the protection setting file 102.
After S111, the process proceeds to S112.

In S112 (an example of an encryption process), the subject who provides the security file 201 determines the information processing device 300 that is permitted to execute the protection program 101, and the device identifier 309 stored in the determined information processing device 300. And the obtained device identifier 309 is input to the security file generating device 400.
For example, the device identifier 309 is a CPU identification number, a ROM identification number, or a NIC MAC address. CPU is an abbreviation for Central Processing Unit. ROM is an abbreviation for Read Only Memory. NIC is an abbreviation for Network Interface Card. MAC is an abbreviation for Media Access Control.

The first encryption unit 412 generates the first encrypted compressed file by encrypting the compressed file using the device identifier 309 input to the security file generating device 400.
For example, the first encryption unit 412 generates a common key of the common key encryption method using the device identifier 309, and encrypts the compressed file using the generated common key as an encryption key.

The subject may input a plurality of device identifiers 309 such as a CPU identification number, a ROM identification number, and a NIC MAC address.
In this case, the first encryption unit 412 multiplexly encrypts the compressed file using the plurality of device identifiers 309.
For example, when the subject inputs the first device identifier 309 and the second device identifier 309, the first encryption unit 412 encrypts the compressed file using the first device identifier 309. An intermediate compressed file is generated, and the first encrypted compressed file is generated by encrypting the intermediate compressed file using the second device identifier 309.
However, the first encryption unit 412 generates one encryption key using the first device identifier 309 and the second device identifier 309, and encrypts the compressed file using the generated one encryption key. May be.

The security file generation device 400 and the information processing device 300 may be connected for communication.
In this case, the first encryption unit 412 receives the device identifier 309 from the information processing device 300, and encrypts the compressed file using the received device identifier 309.
After S112, the process proceeds to S113.

In S113 (an example of an encryption process), the subject determines the read-only medium 200 for storing the security file 201, obtains the medium identifier 209 registered in the determined read-only medium 200, and obtains the obtained medium identifier. 209 is input to the security file generating apparatus 400.
For example, the medium identifier 209 is called a media ID or a serial number.

The second encryption unit 413 encrypts the first encrypted compressed file (see S121) by using the medium identifier 209 input to the security file generating device 400, thereby obtaining the second encrypted compressed file. Generate.
For example, the second encryption unit 413 generates a common key of the common key encryption method using the medium identifier 209, and encrypts the first encrypted compressed file using the generated common key as an encryption key.

The read-only medium 200 may be attached to the security file generation device 400 so as to be readable. For example, a DVD-ROM that is the read-only medium 200 may be inserted into the ROM drive of the security file generation device 400.
In this case, the second encryption unit 413 reads the medium identifier 209 from the read-only medium 200, and encrypts the first encrypted compressed file using the read medium identifier 209.
After S113, the process proceeds to S114.

In S114 (an example of an encryption process), the third encryption unit 414 performs public key cryptography (PKI: Public).
The second encrypted compressed file (see S122) is encrypted using the secret key 491 of Key Infrastructure) as the encryption key. The private key 491 is paired with the public key 231 included in the public key certificate 230 (see FIG. 1).
A file obtained by encrypting the second encrypted compressed file using the secret key 491 is the encoded file 222.
After S114, the encoded file generation process (S110) ends.

Returning to FIG. 3, the description will be continued from S120.
In S120, the security file generation unit 420 generates an OS image 220 including the OS file 221 and the encoded file 222.
The security file generation unit 420 generates the security file 201 including the OS image 220 and the public key certificate 230.
After S120, the process proceeds to S130.

In S <b> 130, the subject attaches the read-only medium 200 to the security file generation device 400 so that writing is possible. For example, the subject inserts a DVD-ROM that is the read-only medium 200 into the ROM drive of the security file generation device 400.
The security file writing unit 430 writes the boot loader 210 and the security file 201 to the read-only medium 200.
After S130, the process of the security file generation method ends.

FIG. 6 is a diagram illustrating an example of a hardware configuration of the information processing apparatus 300 according to the first embodiment.
An example of the hardware configuration of the information processing apparatus 300 that reads the security file 201 from the read-only medium 200 will be described with reference to FIG.

The information processing apparatus 300 includes a motherboard 301. The motherboard 301 of the information processing apparatus 300 includes a CPU 302, a RAM 303 (Random Access Memory), a ROM 304, a port 306, and a NIC 307.
The CPU 302 is an arithmetic device that executes a program (for example, OS, protection program 101, protection data utilization program, protection data decryption program).
A RAM 303 is a main storage device (also referred to as a main memory) used by the CPU 302, and is a volatile memory in which stored contents are lost when the information processing apparatus 300 is turned off. For example, a program is loaded into the RAM 303.
The ROM 304 is a nonvolatile memory in which stored contents are not lost even when the information processing apparatus 300 is turned off. For example, the ROM 304 stores a BIOS 305 (Basic Input / Output System).
The port 306 is an interface for connecting peripheral devices. For example, a ROM drive 308 for reading the security file 201 from the read-only medium 200 is connected to the USB port that is the port 306.
The NIC 307 is an interface for connecting to a network.

FIG. 7 is a functional configuration diagram of the information processing apparatus 300 according to the first embodiment.
A functional configuration of the information processing apparatus 300 that executes the protection program 101 obtained from the security file 201 will be described with reference to FIG.

  The information processing apparatus 300 includes a BIOS execution unit 310, a boot loader execution unit 320, an OS execution unit 330, a startup script execution unit 340, an OS stop unit 350, and a protection program execution unit 360.

The BIOS execution unit 310 operates as follows by executing the BIOS 305 stored in the ROM 304.
The BIOS execution unit 310 reads the boot loader 210 stored in the read-only medium 200 into the RAM 303 and activates the boot loader execution unit 320.

The boot loader execution unit 320 (an example of an OS reading unit and an encoded data reading unit) operates as follows by executing the boot loader 210 read into the RAM 303.
The boot loader execution unit 320 reads the OS image 220 stored in the read-only medium 200 into the RAM 303 and activates the OS execution unit 330.

  The OS execution unit 330 starts the execution of the OS based on the OS file 221 in the OS image 220 read into the RAM 303 and starts the startup script execution unit 340.

The startup script execution unit 340 (an example of the protected data decryption unit) operates as follows by executing the startup script 229 included in the OS file 221.
The startup script execution unit 340 decrypts the protection program 101 and the protection setting file 102 from the encoded file 222 in the OS image 220 read into the RAM 303.

  If the startup script execution unit 340 cannot decrypt the protection program 101 and the protection setting file 102, the OS stop unit 350 stops the execution of the OS.

  The protection program execution unit 360 (an example of the protection data utilization unit) executes the protection program 101 based on the protection setting file 102 by using the function of the OS.

FIG. 8 is a flowchart of the protection program using method according to the first embodiment.
A protection program utilization method (an example of a protection data utilization method and a protection data utilization program) using the information processing apparatus 300 will be described with reference to FIG.

  The user of the information processing device 300 turns on the information processing device 300 and attaches the read-only medium 200 to the information processing device 300 so as to be readable. For example, after turning on the power of the information processing apparatus 300, the user inserts a DVD-ROM that is the read-only medium 200 into the ROM drive 308 of the information processing apparatus 300.

In S210, the BIOS execution unit 310 executes the BIOS 305 stored in the ROM 304.
Then, the BIOS execution unit 310 reads the boot loader 210 stored in the read-only medium 200 into the RAM 303 and activates the boot loader execution unit 320.
After S210, the process proceeds to S220.

In S220, the boot loader execution unit 320 executes the boot loader 210 read into the RAM 303.
Then, the boot loader execution unit 320 reads the OS image 220 stored in the read-only medium 200 into the RAM 303 and activates the OS execution unit 330.
After S220, the process proceeds to S230.

In S230, the OS execution unit 330 starts the execution of the OS based on the OS file 221 in the OS image 220 read into the RAM 303, and starts the start script execution unit 340.
It progresses to S240 after S230.

In S240, the startup script execution unit 340 executes the startup script 229 (an example of the protected data decryption program) included in the OS file 221 by using the function of the OS.
Then, the startup script execution unit 340 decrypts the protection program 101 and the protection setting file 102 from the encoded file 222 in the OS image 220 read into the RAM 303.
After S240, the process proceeds to S250.

  Hereinafter, the startup script execution unit 340 and the startup script execution process (S240) will be described.

FIG. 9 is a functional configuration diagram of the startup script execution unit 340 according to the first embodiment.
The functional configuration of the startup script execution unit 340 according to Embodiment 1 will be described with reference to FIG.

  The startup script execution unit 340 includes a first decryption unit 341, a second decryption unit 342, a third decryption unit 343, and a decompression unit 344.

The first decryption unit 341 reads the public key 231 from the public key certificate 230 stored in the read-only medium 200, and uses the read public key 231 to extract the second encrypted compressed file from the encoded file 222. Decrypt.
This second encrypted compressed file is a file having the same content as the second encrypted compressed file generated by the second encrypting unit 413 of the encoded file generating unit 410 (see FIG. 4).

The second decryption unit 342 reads the medium identifier 209 from the read-only medium 200, and decrypts the first encrypted compressed file from the second encrypted compressed file using the read medium identifier 209.
This first encrypted compressed file is a file having the same content as the first encrypted compressed file generated by the first encrypting unit 412 of the encoded file generating unit 410 (see FIG. 4).

The third decryption unit 343 decrypts the compressed file from the first encrypted compressed file using the device identifier 309 of the information processing device 300.
This compressed file is a file having the same content as the compressed file generated by the compression unit 411 of the encoded file generation unit 410 (see FIG. 4).

  The decompressing unit 344 decrypts the protection program 101 and the protection setting file 102 by decompressing (also referred to as decompressing) the compressed file.

FIG. 10 is a flowchart of the startup script execution process (S240) in the first embodiment.
The startup script execution process (S240) in the first embodiment will be described with reference to FIG. The startup script execution process (S240) is executed using a function of the OS.

In S241 (an example of a decryption step), the first decryption unit 341 reads the public key 231 from the public key certificate 230 stored in the read-only medium 200 into the RAM 303.
The first decryption unit 341 decrypts the second encrypted compressed file from the encoded file 222 using the read public key 231 as a decryption key. That is, the first decryption unit 341 generates a second encrypted compressed file by performing decryption processing on the encoded file 222 using the public key 231.
When the second encrypted compressed file can be decrypted using the public key 231, it is guaranteed that the encoded file 222 has been generated by the subject indicated by the subject information 232 included in the public key certificate 230. Is done.

If S241 ends normally, that is, if the second encrypted compressed file can be decrypted using the public key 231, the process proceeds to S242.
If S242 ends abnormally, that is, if the second encrypted compressed file cannot be decrypted using the public key 231, the processing after S242 is not performed, and the startup script execution process (S240) ends abnormally. (Not shown).

In S242 (an example of a decryption step), the second decryption unit 342 reads the medium identifier 209 from the read-only medium 200 into the RAM 303.
The second decryption unit 342 decrypts the first encrypted compressed file from the second encrypted compressed file using the read medium identifier 209. That is, the second decryption unit 342 generates a first encrypted compressed file by performing a decryption process on the second encrypted compressed file using the medium identifier 209.
For example, the second decryption unit 342 generates a common key of the common key encryption method using the medium identifier 209, and uses the generated common key as a decryption key to perform the first encryption from the second encrypted compressed file. Decrypt the compressed file.
If the first encrypted compressed file can be decrypted using the medium identifier 209, it is guaranteed that the read-only medium 200 is a legitimate storage medium, not a duplicated storage medium.

If S242 ends normally, that is, if the first encrypted compressed file can be decrypted using the medium identifier 209, the process proceeds to S243.
If S242 ends abnormally, that is, if the first encrypted compressed file cannot be decrypted using the medium identifier 209, the processing after S243 is not performed, and the startup script execution process (S240) ends abnormally. (Not shown).

In S243 (an example of a decryption step), the third decryption unit 343 reads the device identifier 309 from the hardware of the information processing device 300. For example, the third decryption unit 343 may read the identification number (an example of the device identifier 309) from the CPU 302 or the ROM 304, or may read the MAC address (an example of the device identifier 309) from the NIC 307.
The third decryption unit 343 decrypts the compressed file from the first encrypted compressed file using the read device identifier 309. That is, the third decryption unit 343 generates a compressed file by performing a decryption process on the first encrypted compressed file using the device identifier 309.
For example, the third decryption unit 343 generates a common key for the common key encryption method using the device identifier 309, and decrypts the compressed file from the first encrypted compressed file using the generated common key as a decryption key. .
If the compressed file can be decrypted using the device identifier 309, it is guaranteed that the information processing device 300 is a legitimate device that is permitted to execute the protection program 101.

When a plurality of device identifiers 309 are used in the first encryption process (see S112 in FIG. 5) by the security file generation device 400, the third decryption unit 343 uses the plurality of device identifiers 309 to perform the first encryption. Decrypt the compressed file from the compressed file.
For example, the third decryption unit 343 decrypts the intermediate compressed file from the first encrypted compressed file using the second device identifier 309 and uses the first device identifier 309 to decrypt the compressed file from the intermediate compressed file. Decrypt.
However, the third decryption unit 343 generates one decryption key using the first device identifier 309 and the second device identifier 309, and uses the generated one decryption key to perform the first encryption compression. The compressed file may be decrypted from the file.

If S243 ends normally, that is, if the compressed file can be decrypted using the device identifier 309, the process proceeds to S244.
If S243 ends abnormally, that is, if the compressed file cannot be decrypted using the device identifier 309, S244 is not performed and the startup script execution process (S240) ends abnormally (not shown).

In S244 (an example of a decompression process), the decompression unit 344 decompresses the compressed file by executing a general data decompression algorithm. As a result, the protection program 101 and the protection setting file 102 are decrypted into the storage area of the RAM 303.
After S244, the startup script execution process (S240) ends normally.

Returning to FIG. 8, the description will be continued from S250.
In S250, the startup script execution unit 340 determines whether the startup script execution process (S240) has ended normally.
When the startup script execution process (S240) is normally completed, the process proceeds to S260.
If the startup script execution process (S240) ends abnormally, the process proceeds to S270.

In S260, the protection program execution unit 360 executes the protection program 101 based on the protection setting file 102 using the function of the OS.
After S260, the process of the protection program using method ends.

In S270, the OS stop unit 350 stops the execution of the OS.
In this case, the information processing apparatus 300 cannot execute the protection program 101.
After S270, the processing of the protection program using method ends.

FIG. 11 is a diagram illustrating an example of a hardware configuration of the security file generating apparatus 400 according to the first embodiment.
An example of the hardware configuration of the security file generation device 400 according to Embodiment 1 will be described with reference to FIG.

The security file generation device 400 is a computer including an arithmetic device 901, an auxiliary storage device 902, a main storage device 903, a communication device 904, and an input / output device 905.
The arithmetic device 901, auxiliary storage device 902, main storage device 903, communication device 904, and input / output device 905 are connected to the bus 909.

The arithmetic device 901 is a CPU (Central Processing Unit) that executes a program.
The auxiliary storage device 902 is, for example, a ROM (Read Only Memory), a flash memory, or a hard disk device.
The main storage device 903 is, for example, a RAM (Random Access Memory).
The communication device 904 performs communication via the Internet, a LAN (local area network), a telephone line network, or other networks in a wired or wireless manner.
The input / output device 905 is, for example, a mouse, a keyboard, or a display device.

The program is normally stored in the auxiliary storage device 902, loaded into the main storage device 903, read into the arithmetic device 901, and executed by the arithmetic device 901.
For example, an operating system (OS) is stored in the auxiliary storage device 902. Further, a program (an example of an encoded data generation program) that realizes the function described as “˜unit” is stored in the auxiliary storage device 902. The OS and the program that realizes the function described as “˜unit” are loaded into the main storage device 903 and executed by the arithmetic device 901. “˜part” may be read as “˜process”.

  “Determining”, “determining”, “extracting”, “detecting”, “setting”, “registering”, “selecting”, “generating”, “to” Information, data, signal values, or variable values indicating the results of processing such as “input”, “output of”, and the like are stored in the main storage device 903 or the auxiliary storage device 902 as a file. Other data used by the security file generation device 400 is stored in the main storage device 903 or the auxiliary storage device 902.

In the first embodiment, the following security system 100 has been described.
The security system 100 reads the protection program 101 and the protection setting file 102 from the read-only medium 200 and executes them without saving the protection program 101 and the protection setting file 102 inside the information processing apparatus 300. Thereby, the protection program 101 and the protection setting file 102 can be prevented from being falsified.
The security system 100 guarantees “a legitimate information processing apparatus 300”, “a legitimate read-only medium 200”, and a “protection program 101 and protection setting file 102 provided by a legitimate subject”. Thereby, unauthorized use of the protection program 101 and the protection setting file 102 due to the replacement of the information processing apparatus 300 or the read-only medium 200 can be prevented.

In the first embodiment, the data compression process (S111), the first encryption process (S112) using the device identifier 309, the second encryption process (S113) using the medium identifier 209, and the secret key The encoded file 222 is generated by four encoding processes including the third encryption process (S114) using 491.
Then, a first decryption process (S241) using the public key 231; a second decryption process (S242) using the medium identifier 209; a third decryption process (S243) using the device identifier 309; The protection program 101 and the protection setting file 102 were decrypted by four decryption processes including the data decompression process (S244).
However, at least one of the four encoding processes may be omitted, and at least one of the four decoding processes may be omitted. For example, the data compression process (S111) and the data decompression process (S244) may be omitted. In this case, the encoded file 222 is generated by the first encryption process (S112), the second encryption process (S113), and the third encryption process (S114), and the first decryption process (S241). The protection program 101 and the protection setting file 102 are decrypted by the second decryption process (S242) and the third decryption process (S243).
Further, the processing order of the four encoding processes may be changed and the processing order of the four decoding processes may be changed. For example, the processing order of the first encryption process (S112) and the second encryption process (S113) is switched, and the processing order of the second decryption process (S242) and the third decryption process (S243) is changed. You can replace it. In this case, each encoding process is executed in the order of the data compression process (S111), the second encryption process (S113), the first encryption process (S112), and the third encryption process (S114). . Each decoding process is executed in the order of the first decoding process (S241), the third decoding process (S243), the second decoding process (S242), and the data decompression process (S244).
Furthermore, a new encoding process may be added to generate the encoded file 222, and a new decoding process may be added to decode the protection program 101 and the protection setting file 102.

  100 security system, 101 protection program, 102 protection setting file, 200 read-only medium, 201 security file, 209 medium identifier, 210 boot loader, 220 OS image, 221 OS file, 222 encoding file, 223 encoding program, 224 encoding Setting file, 229 Startup script, 230 Public key certificate, 231 Public key, 232 Subject information, 300 Information processing device, 301 Motherboard, 302 CPU, 303 RAM, 304 ROM, 305 BIOS, 306 port, 307 NIC, 308 ROM Drive, 309 Device identifier, 310 BIOS execution unit, 320 Boot loader execution unit, 330 OS execution unit, 340 Startup script execution unit, 341 First recovery 342 Second decoding unit 343 Third decoding unit 344 Decompression unit 350 OS stop unit 360 Protection program execution unit 400 Security file generation unit 410 Encoded file generation unit 411 Compression unit 412 First One encryption unit, 413 Second encryption unit, 414 Third encryption unit, 420 Security file generation unit, 430 Security file writing unit, 490 Generation device storage unit, 491 Private key, 901 Arithmetic device, 902 Auxiliary Storage device, 903 main storage device, 904 communication device, 905 input / output device, 909 bus.

Claims (19)

An OS reading unit that reads the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protection data to be protected are stored; ,
An encoded data reading unit that reads the encoded data from the read-only storage medium into the main memory;
An OS execution unit for starting execution of the OS read into the main memory by the OS read unit;
A protection data decoding unit that decodes the protection data from the encoded data read into the main memory by the encoded data reading unit after the OS execution unit starts execution of the OS;
An information processing apparatus comprising a protected data using unit that uses the protected data decrypted by the protected data decrypting unit ;
The read-only storage medium is a storage medium in which a public key and a medium identifier for identifying the read-only storage medium are stored,
The protective data decoding unit obtains the device identifier for identifying the information processing apparatus, the acquired public key and the medium identifier, a first decoding using prior SL public key from the read-only storage medium third decoding and by the protection data information processing apparatus you characterized by decoding the using the second decoding and the device identifier using the medium identifier. The encoded data includes a first encryption using a computer identifier for identifying a regular computer, a second encryption using a regular identifier for identifying a regular storage medium, and a third encryption using a regular secret key. is the data that is generated by the and encryption,
The protected data decryption unit is a regular public key in which the device identifier and the computer identifier match , the medium identifier and the regular identifier match, and the public key is paired with the regular secret key In some cases, the protection data can be decrypted, but the public key is paired with the regular private key when the device identifier and the computer identifier do not match, the medium identifier and the regular identifier do not match the information processing apparatus according to claim 1, wherein if it is not the public key of normal is characterized in that it can not be decoded the protected data. An OS reading unit that reads the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protection data to be protected are stored; ,
An encoded data reading unit that reads the encoded data from the read-only storage medium into the main memory;
An OS execution unit for starting execution of the OS read into the main memory by the OS read unit;
A protection data decoding unit that decodes the protection data from the encoded data read into the main memory by the encoded data reading unit after the OS execution unit starts execution of the OS;
An information processing apparatus comprising a protected data using unit that uses the protected data decrypted by the protected data decrypting unit ;
The read-only storage medium is a storage medium which medium identifier is stored that identifies the storage medium before Symbol read-only,
The protective data decoding unit obtains the device identifier for identifying the information processing apparatus, the acquired read-only storage medium or found before Symbol medium identifier, the third decoding and the medium using the device identifier the second decoding and using an identifier, the protection data information processing apparatus you characterized by decoding the. The encoded data is located in the data generated by the a second encryption using a regular identifier for identifying the storage medium of the first encryption and the regular using a computer identifier that identifies the authorized computer ,
The protection data decryption unit can decrypt the protection data when the device identifier and the computer identifier match and the medium identifier and the regular identifier match, but the device identifier and the computer identifier are The information processing apparatus according to claim 3, wherein the protection data cannot be decrypted if they do not match and if the medium identifier and the regular identifier do not match . The information processing apparatus according to claim 2 or claim 4 comprising the OS stops the protective data decoding unit stops execution of the OS when it is not possible to decrypt the protected data. Protection data utilization program causing a computer to function as the information processing apparatus as claimed in any one of claims 5. First decryption using a public key, second decryption using a medium identifier for identifying a read-only storage medium storing encoded data generated by encoding protected data, and the reading A decoding step of decoding compressed data from the encoded data by third decoding using a device identifier that identifies a computer that reads the encoded data from a dedicated storage medium;
A protected data decryption program for causing a computer to execute a decompression step of decrypting the protection data by decompressing the compressed data decrypted by the decryption step. Second decoding using a medium identifier for identifying a read-only storage medium in which encoded data generated by encoding the protection data is stored, and reading the encoded data from the read-only storage medium A decoding step of decoding compressed data from the encoded data by third decoding using a device identifier for identifying a computer;
A protected data decryption program for causing a computer to execute a decompression step of decrypting the protection data by decompressing the compressed data decrypted by the decryption step. A protected data utilization method using an information processing apparatus including an OS reading unit, an encoded data reading unit, an OS execution unit, a protected data decoding unit, and a protected data utilization unit,
The OS reading unit stores the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protected data to be protected are stored in the main memory. Read out,
The encoded data reading unit reads the encoded data from the read-only storage medium into the main memory;
The OS execution unit starts execution of the OS read into the main memory by the OS read unit;
After the protected data decrypting unit starts execution of the OS by the OS executing unit, the encoded data read into the main memory by the encoded data reading unit is used as a first key using a public key. Decrypting the protected data by decrypting the data , performing a second decryption using a medium identifier for identifying the read-only storage medium, and a third decryption using the device identifier ,
The protected data using method, wherein the protected data using unit uses the protected data decrypted by the protected data decrypting unit. A protected data utilization method using an information processing apparatus including an OS reading unit, an encoded data reading unit, an OS execution unit, a protected data decoding unit, and a protected data utilization unit,
The OS reading unit stores the OS from a read-only storage medium in which an OS (Operating System) and encoded data generated by encoding the protected data to be protected are stored in the main memory. Read out,
The encoded data reading unit reads the encoded data from the read-only storage medium into the main memory;
The OS execution unit starts execution of the OS read into the main memory by the OS read unit;
After the protected data decoding unit starts execution of the OS by the OS execution unit, the encoded data read out to the main memory by the encoded data reading unit is stored in the read-only storage medium. by the third decoding using a second decoding and the device identifier using the identified media identifier, and decrypts the protected data,
The protected data using method, wherein the protected data using unit uses the protected data decrypted by the protected data decrypting unit. OS (Operating System),
The encoded data generated by encoding the protection data used using the function of the OS is stored,
The encoded data includes a second encryption using a medium identifier for identifying a read-only storage medium, a first encryption using a device identifier for identifying an information processing apparatus , and a first encryption using a secret key. third by the encryption, only storage medium out read you, characterized in that said protected data is encoded data. OS (Operating System),
The encoded data generated by encoding the protection data used using the function of the OS is stored,
The encoded data is encoded by the second encryption using a medium identifier for identifying a read-only storage medium and the first encryption using a device identifier for identifying an information processing apparatus. dedicated storage medium out read you characterized in that it is a phased data. An encoded data generation unit that generates encoded data by encoding the protected data to be protected;
The encoded data generation unit uses a second encryption using a medium identifier for identifying a read-only storage medium, a first encryption using a device identifier for identifying an information processing apparatus , and a secret key. The encoded data generating apparatus, wherein the protected data is encoded by the third encryption . An encoded data generation unit that generates encoded data by encoding the protected data to be protected;
The encoded data generation unit performs the protection data by performing a second encryption using a medium identifier for identifying a read-only storage medium and a first encryption using a device identifier for identifying an information processing device. An encoded data generation device characterized by encoding the data. OS and (Operating System), according to claim 13 or claim 14, characterized in that it comprises a security file generation unit that generates a security file containing said encoded data generated by the encoded data generating unit Encoded data generation apparatus. 16. The encoded data generation apparatus according to claim 15, further comprising a storage medium generation unit that stores the security file generated by the security file generation unit in a read-only storage medium. An encoded data generation program for causing a computer to function as the encoded data generation apparatus according to any one of claims 13 to 16 . A compression process for compressing the protected data to be protected;
The protection data compressed in the compression step, a second encryption using a medium identifier for identifying a read-only storage medium, a first encryption using a device identifier for identifying an information processing device, An encoded data generation program for causing a computer to execute a third encryption using a secret key and an encryption step for encryption. A compression process for compressing the protected data to be protected;
The protection data compressed in the compression step, a second encryption using a medium identifier for identifying a read-only storage medium, a first encryption using a device identifier for identifying an information processing device , encoded data generating program for executing an encryption step of encrypting the computer by.

Images