JP7170588B2 - Data processing method and data processing system - Google Patents

Description

The present invention relates to a data processing method, a data processing system and a data processing management medium.

A customer who uses a general-purpose MCU (Micro Control Unit) or the like may outsource the writing of software to the MCU to an external factory. At this time, the outsourced factory obtains general-purpose MCUs, which are objects to be written, from another route, writes the software to a predetermined number or more of general-purpose MCUs, and sells them. This is called overproduction. There's a problem.

In order to prevent such overproduction, a method of connecting a data writer and a license server and managing the number of times software is written by the license server is conceivable. In addition, encrypted data and keys are used to prevent data such as software and terminal information from leaking to the outside.

For example, Patent Literature 1 discloses a key management system that manages an authentication key for determining whether or not a device constituting the system is authorized to receive information distribution.

WO2001/43108

Access to the license server is via a communications network. Access to the license server is executed each time writing to the general-purpose MCU is performed, but if trouble such as the license server going down or a communication network malfunction occurs, writing to the object to be written cannot be performed. The factory production line stops.

Other problems and novel features will become apparent from the description of the specification and the accompanying drawings.

Although a plurality of embodiments are described in this specification, one embodiment is as follows.

The data processing method comprises a write object to which write data is written, a data writer that writes the write data to the write object, and a data processing management medium that manages the number of write processing executions. It is done in The data processing management medium is removable from the data writer. The data processing method includes a first step in which the data writer transmits a write request for write data to the data processing management medium; 2, and a third step in which the data processing management medium sends a write permission for the data to be written to the data writer. In the second step, the data processing management medium does not send a write permission even if it receives a write request when the number of executions reaches a predetermined number of executions upper limit.

According to one embodiment, it is possible to prevent overproduction and perform data write processing without using a license server.

1 is a block diagram showing a configuration example of a data processing system according to Embodiment 1 of the present invention; FIG. FIG. 4 is a flowchart showing an example of data write processing according to Embodiment 1 of the present invention; FIG. 3 is a diagram that associates the main processes of FIG. 2 with the operations of each element of the data processing system; It is a block diagram which shows the structural example of the data processing system based on Embodiment 2 of this invention. FIG. 10 is a flowchart showing an example of data write processing according to Embodiment 2 of the present invention; FIG. 6 is a diagram that associates the main processing of FIG. 5 with the operation of each element of the data processing system;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In principle, the same parts are denoted by the same reference numerals in all the drawings for describing the embodiments, and repeated description thereof will be omitted.

(Embodiment 1)
<Configuration of data processing system>
FIG. 1 is a block diagram showing a configuration example of a data processing system according to Embodiment 1 of the present invention. As shown in FIG. 1 , the data processing system 1 includes a write target 10 , a data writer 20 and a data processing management medium (hereinafter also referred to as “dongle”) 30 . A representative example of the writing target 10 is an MCU. MCUs also include general-purpose MCUs available on the open market. Therefore, hereinafter, the write target 10 may be referred to as a general-purpose MCU 10 in some cases.

<Data processing management medium>
The dongle 30, which is a data processing management medium, is a device that manages the number of data writes to the general-purpose MCU 10. FIG. As shown in FIG. 1, the dongle 30 includes a calculator 31, a memory 32, an interface 33, and the like. The dongle 30 has a tamper resistance that makes it difficult to analyze the internal structure and find out.

The memory 32 has a non-volatile memory and stores the execution count CN of write processing of write data to the general-purpose MCU 10 . In addition, the memory 32 stores the execution count upper limit value CNL of the writing process to the general-purpose MCU 10, a secret key (first secret key) k1, and the like. The memory 32 also stores programs, parameters, etc. for operating the dongle 30 .

The memory 32 is composed of non-volatile memory. At least a partial area of the nonvolatile memory is a secure area that prohibits external access. For example, information important for managing the number of writes, such as the number of executions CN, the upper limit of the number of executions CNL, and the secret key k1, is preferably stored in the secure area. Only the calculator 31 in the dongle 30 can access the secure area.

Dongle 30 is connected to data writer 20 via interface 33 . The dongle 30 and data writer 20 are connected to each other via a serial bus or the like. Examples of serial buses include USB (Universal Serial Bus). In this case, the interfaces 24 and 33 are configured with terminals conforming to the USB standard, and the dongle 30 is connected to the data writer 20 via the USB terminal.

A computing unit 31 is a functional block that executes each process in the dongle 30 . Although details will be described later, upon receiving a write request for write data from the data writer 20 to the general-purpose MCU 10 , the calculator 31 increments the number of executions CN and updates the number of executions CN in the memory 32 . The calculator 31 then transmits a write permission to the data writer 20 via the interface 33 .

At that time, the computing unit 31 compares the number of times of execution CN with the upper limit number of times of execution CNL. When the execution count CN reaches the execution count upper limit value CNL, the computing unit 31 does not increment the execution count CN and does not transmit write permission even if it receives a write request. That is, the dongle 30 stops operating when the data write process is performed for the number of execution times upper limit value CNL.

As a result, the data writer 20 cannot receive the write permission from the dongle 30 and cannot write the write data to the general-purpose MCU 10 . In this manner, the execution count CN of the data write process is appropriately managed so as to be equal to or less than the execution count upper limit value CNL, and overproduction can be prevented.

In this embodiment, encryption of write permission is performed in the dongle 30 . In order to perform encryption, the computing unit 31 has a public key cryptographic key generator 31a and an AES (Advanced Encryption Standard) encryptor 31b, as shown in FIG. The public key encryption key generator 31a and the AES encryptor 31b are implemented in the calculator 31 by hardware or program execution. Note that the public key encryption key generator 31a and the AES encryptor 31b configured by hardware may be provided outside the computing unit 31. FIG.

The public key cryptographic key generator 31a generates a key pair consisting of a secret key (second secret key) sk and a public key (first public key) pk using, for example, a random number generator (not shown). The AES encryptor 31b generates a ciphertext C2 by encrypting the write permission including the identification information ID of the general-purpose MCU 10 received from the data writer 20 and the secret key sk. The calculator 31 transmits the ciphertext C2 and the public key pk to the data writer 20 . Each processing in the calculator 31 will be described later in detail.

<Data writer>
The data writer 20 is a device that writes data for writing to the general-purpose MCU 10 . As shown in FIG. 1, the data writer 20 includes a calculator 21, a memory 22, a power supply circuit 23, an interface 24, and the like. The data writer 20 may be a dedicated product for writing processing, or may be composed of an information processing device such as a personal computer.

The memory 22 has a non-volatile memory and stores data for writing to the general-purpose MCU 10 (for example, program P). The memory 22 also stores programs, parameters, etc. for operating the data writer 20 .

The power supply circuit 23 is a functional block that controls the power supplied to each part in the data writer 20 . The power supply circuit 23 is connected to an external power supply (not shown) and performs power supply control according to a signal supplied from the calculator 21 . The power supply circuit 23 may also supply power to the dongle 30 and the general-purpose MCU 10 .

A computing unit 21 is a functional block that executes each process in the data writer 20 . For example, the computing unit 21 transmits to the dongle 30 a write request for write data for the general-purpose MCU 10 and receives write permission from the dongle 30 . For example, the calculator 21 reads identification information ID unique to each general-purpose MCU from the general-purpose MCU 10 to which write data is to be written, generates a write request including the read identification information, and transmits the write request to the dongle 30 .

In this embodiment, the data writer 20 encrypts data including write data. The computing unit 21 has a public key encryption encoder 21a for performing encryption processing. The public key encryption/encryptor 21a is realized in the calculator 21 by hardware or program execution. Note that the public key encryption/encryptor 21a configured by hardware may be formed outside the computing unit 21. FIG.

The public key encryption encoder 21a uses the public key pk received from the dongle 30, for example, to encrypt data including write data (for example, program P) and the read identification information ID using the public key pk. to generate the ciphertext C3 of the data. The calculator 21 transmits the generated ciphertext C3 and ciphertext C2 to the general-purpose MCU 10 .

<Writing object>
Write data is written on the write target 10 . A write target 10 includes a calculator 11 and a memory 12 . As already mentioned, the writing object 10 is a generally available general-purpose MCU or the like.

The memory 12 has a non-volatile memory, and stores identification information ID of the writing target 10, a secret key (first secret key) k1, and the like. In addition to these, the memory 12 also stores an operating program for the write target 10, setting values, and the like. The identification information ID is set to a different value for each writing target 10 . The write data such as the program P received from the data writer 20 is installed in the memory 12 through a predetermined process described later.

The calculator 11 is a functional block that performs various controls on the writing target 10 . The computing unit 11 has a public key encryption/decryption device 11a and an AES decryption device 11b. The public key encryption/decryption device 11a and the AES decryption device 11b are implemented in the calculator 11 by hardware or program execution. The public key encryption/decryption device 11 a and the AES decryption device 11 b configured by hardware may be formed outside the computing unit 11 .

The AES decryptor 11b decrypts the ciphertext C2 received from the data writer 20. FIG. Specifically, the AES decryptor 11b decrypts the ciphertext C2 using the secret key k1 stored in the memory 12, the secret key sk included in the write permission, and the write The identification information ID of the object 10 is acquired. For the sake of convenience, the identification information obtained here will be referred to as ID'.

The public key encryption/decryption device 11 a decrypts the ciphertext C3 received from the data writer 20 . Specifically, the public key encryption/decryptor 11a decrypts the ciphertext C3 using the secret key sk obtained by decrypting the ciphertext C2, and attempts to write the program P and the data contained in the data. The identification information ID of the writing target 10 is acquired. For convenience, the identification information obtained here is referred to as "ID".

<Data write processing>
Next, data write processing in the data processing system 1 will be described in detail. FIG. 2 is a flowchart showing an example of data write processing according to Embodiment 1 of the present invention. FIG. 3 is a diagram that associates the main processes of FIG. 2 with the operations of each element of the data processing system.

For the data write process, steps S10 to S190 shown in FIG. 2, for example, are performed. When the data writing process is started (step S10), the data writer 20 reads the unique identification information ID from the general-purpose MCU 10 ((1), step S20). Specifically, upon receiving an instruction from the data writer 20, the calculator 11 of the general-purpose MCU 10 reads the identification information ID stored in the memory 12, and transmits the read identification information ID to the data writer 20. do. The identification information ID may be automatically sent to the data writer 20 when the data writing process is started.

The data writer 20 transmits the identification information ID read from the general-purpose MCU 10 to the dongle 30 as a write request ((2), step S30). At that time, the data writer 20 stores the identification information ID in the memory 22 or the RAM in the calculator 21 or the like.

Upon receiving the identification information ID, the calculator 31 of the dongle 30 compares the execution count CN with the execution count upper limit value CNL, and determines whether the execution count CN is the execution count upper limit value CNL (step S40). Specifically, the calculator 31 reads out the number of times of execution CN and the upper limit value of the number of times of execution CNL from the memory 32, and makes a determination by comparing them. If the execution count CN is the execution count upper limit value CNL (YES), the arithmetic unit 31 determines that the execution count has reached the predetermined execution count upper limit value, and the dongle 30 is operated without incrementing the execution count CN. is stopped (step S50).

On the other hand, when the execution count CN is smaller than the execution count upper limit value CNL (NO), the computing unit 31 increments the execution count CN (step S60, (3)). The calculator 31 then transmits the incremented number of executions CN to the memory 32 and updates the value of the number of executions stored in the memory 32 .

Next, the public key encryption key generator 31a generates a pair of keys (pk, sk) using, for example, a random number generator ((4), step S70). The public key pk and secret key sk are composed of multiple bits. The AES encryptor 31b encrypts the write permission for the general-purpose MCU 10 using the secret key k1 ((5), step S80). Specifically, first, the calculator 31 generates a plaintext (sk||ID) in which the secret key sk generated by the public key encryption key generator 31a and the identification information ID are arranged. Then, the AES encryptor 31b encrypts the plaintext (sk||ID) using the secret key k1 to generate the ciphertext C2=Enc(k1, sk||ID). The calculator 31 transmits the public key pk and the ciphertext C2 to the data writer 20 via the interface 33 ((6), step S90).

Next, the public key encryption encoder 21a of the data writer 20 encrypts the data including the identification information ID received from the program P and the general-purpose MCU 10, and generates a ciphertext C3=PKEnc(pk, P||ID). ((7), step S100). Specifically, first, the public key encryption/encryptor 21a generates plaintext (P||ID) in which the program P and the identification information ID are arranged as data. Then, the public key encryption encryptor 21a encrypts the plaintext (P||ID) using the public key pk received from the dongle 30, thereby converting the ciphertext C3=PKEnc(pk, P||ID) into Generate. The calculator 21 transmits the ciphertext C2=Enc(k1, sk||ID) and C3=PKEnc(pk, P||ID) to the general-purpose MCU 10 ((8), step S110).

The AES decryptor 11b of the general-purpose MCU 10 decrypts the ciphertext C2 using the secret key k1 ((9), step S120). Specifically, the AES decryptor 11b reads the secret key k1 from the memory 12 and decrypts the ciphertext C2=Enc(k1, sk||ID) using the read secret key k1. As a result, the AES decoder 11b acquires the secret key sk' and the identification information ID' (sk||ID=Dec(k1, C2)).

The private key and identification information obtained in step S120 are denoted by sk' and ID'. Thereby, the obtained secret key and the secret key generated by the dongle 30 are distinguished, and the obtained identification information and the identification information stored in the general-purpose MCU 10 are distinguished.

In step S130, it is determined whether the identification information ID' acquired in step S120 and the identification information ID stored in the general-purpose MCU 10 match. Specifically, the calculator 11 of the general-purpose MCU 10 reads the identification information ID stored in the memory 12 and compares the read identification information ID with the identification information ID' obtained in step S120. If the identification information ID and ID' are different from each other (NO), the computing unit 11 stops the operation of the general-purpose MCU 10 (step S140).

On the other hand, if the identification information ID and ID' match (YES), the public key encryption/decryption device 11a decrypts the ciphertext C3 using the secret key sk' acquired in step S120, and the program P and the identification Information is acquired ((10), step S150).

In step S150, if the decryption of the ciphertext C3 using the secret key sk' fails, the computing unit 11 causes the general-purpose MCU 10 to stop operating.

In step S160, it is determined whether or not the identification information ID" obtained in step S150 matches the identification information ID stored in the general-purpose MCU 10. is compared with the identification information ID". If the identification information ID and ID'' are different from each other (NO), the computing unit 11 stops the operation of the general-purpose MCU 10 (step S170).

On the other hand, if the identification information ID and ID'' match (YES), the computing unit 11 installs the program P acquired in step S150 ((11) step S180). The data write process is completed (step S190).

<Main effects of the present embodiment>
According to the present embodiment, when the dongle 30 receives a write request for write data such as a program from the data writer 20, the dongle 30 increments the write processing execution count CN, and writes the write data to the data writer 20. Send permission. Further, when the execution count CN reaches the predetermined execution count upper limit value CNL, the dongle 30 does not transmit the write permission even if it receives a further write request. According to this configuration, the dongle 30 can appropriately manage the number of executions and prevent overproduction.

Thus, by using the dongle 30 of the present embodiment, it is possible to prevent overproduction and perform data writing processing without using a license server.

Further, according to the present embodiment, the write request transmitted from the data writer 20 and the write permission transmitted from the dongle 30 contain the identification information ID read from the general-purpose MCU 10 attempting to perform the write request write process. included. Then, the general-purpose MCU 10 compares the identification information ID', ID'' included in the data and write permission received from the data writer 20 with the identification information ID stored in itself, and if they are different from each other, , to stop working.

According to this configuration, the data write process is executed only when the identification information ID', ID" matches the identification information ID stored in itself, so that the safety of the data write process is ensured. That is, it is possible to match the general-purpose MCU that has received write permission with the general-purpose MCU that is the object of writing.

Further, according to the present embodiment, data including write permission for the general-purpose MCU 10 and write data such as the program P is encrypted, and the general-purpose MCU 10 decrypts the ciphertext. Specifically, by using a cryptographic protocol that combines public key cryptography and common key cryptography among the dongle 30, data writer 20, and general-purpose MCU 10, even if an attacker reads the communication content between each device, , it is impossible to take out writing data such as programs and illegally install them. Also, it is impossible to falsify the number of executions CN managed by the dongle 30 . In this way, it is possible to prevent eavesdropping of the contents of communication on the path from the dongle 30 to the general-purpose MCU 10, thereby further ensuring safety during the data writing process.

Further, according to the present embodiment, even if a fake dongle is created and connected to the data writer 20, the secret key to be stored is different. It is possible to detect that it is a fake dongle and prevent execution of unauthorized data writing processing.

Further, according to the present embodiment, the secret key k1 common to the dongle 30 and the general-purpose MCU 10 is stored. According to this configuration, there is no need to communicate with the server when reading the private key, and processing can be performed offline.

Also, according to the present embodiment, a pair of key pairs (pk, sk) are generated within dongle 30 . According to this configuration, since the key pair is not leaked to the outside, the security of encryption and decryption using the key pair is ensured.

(Embodiment 2)
Next, Embodiment 2 will be described. In the following description, portions that overlap with the content described in the above embodiments will be omitted as appropriate. FIG. 4 is a block diagram showing a configuration example of a data processing system according to Embodiment 2 of the present invention.

<Data processing management medium>
The memory 32 stores the execution count CN of the write process, the execution count upper limit CNL, the secret key (third secret key) k1, the secret key (fourth secret key) sk, and the like. The memory 32 also stores programs, parameters, etc. for operating the dongle 30 .

In addition to the functions of Embodiment 1, the calculator 31 of the present embodiment also generates a secret key (fifth secret key) k2 and a secret key (sixth secret key) k3 using the secret key k1. . Specifically, the arithmetic unit 31 may use a key derivation function, for example, and may output secret keys k2 and k3 with the secret key k1 as an input.

The calculator 31, as shown in FIG. 4, includes an AES encryptor 31b and a MAC generator 31c. The AES encryptor 31b and MAC generator 31c are realized in the calculator 31 by hardware or program execution. Note that the AES encryptor 31b and the MAC generator 31c may be provided outside the arithmetic unit 31 when configured by hardware.

The AES encryptor 31b encrypts the write permission including the secret key sk and the identification information ID using the secret key k2, for example, and generates a write permission ciphertext C12. The MAC generator 31c generates a message authentication code (first message authentication code) t using the write permission encrypted by the AES encryptor 31b. The arithmetic unit 31b transmits the ciphertext C12 and the message authentication code t to the data writer 20. FIG. Each processing in the calculator 31b will be described in detail later.

<Data writer>
The memory 22 of the data writer 20 stores a ciphertext C13 of data encrypted using a public key (second public key) pk corresponding to the secret key sk. This ciphertext C13 is generated in advance by, for example, the user of the data writer 20 or the software vendor. This public key pk is, for example, a key published on the website of the manufacturer of the dongle 30, and is a key corresponding to the secret key sk. In other words, the private key sk and the public key pk form a pair of keys. Using the dongle 30, the user of the data writer 20 or the software vendor obtains the public key pk from the website, generates the ciphertext C13, and stores it in the memory 22. FIG.

As described above, in the present embodiment, the ciphertext of data including programs and the like is prepared in the memory 22 in advance, so that the computing unit 21 does not need to perform encryption. Therefore, the public key encryption encoder 21a is not provided in the computing unit 21 of this embodiment.

The computing unit 21 transmits to the general-purpose MCU 10 the write permission ciphertext C12 received from the dongle, the message authentication code t, and the data ciphertext C13 stored in the memory.

<Writing object>
The memory 12 of the general-purpose MCU 10 stores identification information ID, secret key (third secret key) k1, and the like. In addition to the functions of Embodiment 1, the calculator 11 of the present embodiment also generates a secret key (fifth secret key) k2 and a secret key (sixth secret key) k3 using the secret key k1. . As with the dongle 31, the secret keys k2 and k3 use, for example, a key derivation function, and are output with the secret key k1 as an input.

The computing unit 11 includes a public key decryptor 11a, an AES decryptor 11b, and a MAC verifier 11c. The public key encryption/decryptor 11a, the AES decryptor 11b, and the MAC verifier 11c are implemented in the calculator 11 by hardware or program execution. Note that the public key encryption/decryptor 11 a , the AES decryptor 11 b , and the MAC verifier 11 c may be formed outside the computing unit 11 when configured by hardware.

The MAC verifier 11c generates a message authentication code (second message authentication code) t' using the write permission ciphertext C12 received from the data writer 20 and the secret key k3 generated by the calculator 11. .

If the received message authentication code t and the message authentication code t' generated by the MAC verifier 11c match, the AES decoder 11b uses the secret key k2 to decrypt the write permission ciphertext C12, Obtain the secret key sk and the identification information contained in the authorization. For the sake of convenience, the identification information obtained here will be referred to as ID'.

If the identification information ID stored by the general-purpose MCU 10 that is about to perform the write process matches the identification information ID' obtained from the ciphertext C12, the public key encryption/decryption device 11a converts the data ciphertext C13 into the secret key. Decrypt using sk to obtain the program P.

<Data write processing>
Next, the data write processing of this embodiment will be described in detail. FIG. 5 is a flowchart showing an example of data write processing according to Embodiment 2 of the present invention. FIG. 6 is a diagram that associates the main processes of FIG. 3 with the operations of each element of the data processing system.

Steps S210 to S400 shown in FIG. 5, for example, are performed in the data write process. When the data writing process is started (step S210), the data writer 20 reads the unique identification information ID from the general-purpose MCU 10 ((1), step S220). In step S220, a process similar to that in step S20 of FIG. 2 is executed, so detailed description thereof will be omitted.

The data writer 20 transmits the identification information ID read from the general-purpose MCU 10 to the dongle 30 as a write request ((2), step S230). It should be noted that it is not necessary to store the identification information ID in the memory 22 or the like in step S230. This is because the data writer 20 does not generate the ciphertext.

Upon receiving the identification information ID, the calculator 31 of the dongle 30 compares the execution count CN with the execution count upper limit value CNL, and determines whether the execution count CN is the execution count upper limit value CNL (step S240). If the execution count CN is the execution count upper limit value CNL (YES), the arithmetic unit 31 determines that the execution count has reached the predetermined execution count upper limit value, and the dongle 30 is operated without incrementing the execution count CN. is stopped (step S250). On the other hand, when the execution count CN is smaller than the execution count upper limit value CNL (NO), the computing unit 31 increments the execution count CN (step S260, (3)). In steps S240-S260, processing similar to that of steps S40-S60 in FIG. 2 is performed.

Next, the calculator 31 uses the key derivation function (KDF) to generate secret keys k2 and k3 ((k2, k3)=KDF(k1)) with the secret key k1 as an input ((4), step S270 ). The AES encryptor 31b encrypts the write permission using the secret key k2 ((5), step S280). Specifically, first, the computing unit 31 reads out the secret key sk from the memory 32 and generates a write permission plaintext (sk||ID) in which the secret key sk and the identification information ID are arranged. Then, the AES encryptor 31b generates ciphertext C12=Enc(k2, sk||ID) by encrypting the write permission plaintext (sk||ID) using the secret key k2.

Next, the MAC generator 31c generates a message authentication code t=MAC(k3, C12) using the secret key k3 generated in step S270 and the write permission ciphertext C12 ((6), step S290).

The calculator 31 transmits the ciphertext C12 and the message authentication code t to the data writer 20 via the interface 33 ((7), step S300).

The interface 24 of the data writer 20 transmits the ciphertext C12, the message authentication code t, and the ciphertext C13 to the general-purpose MCU 10 ((8), step S310).

The arithmetic unit 11 of the general-purpose MCU 10 uses the key derivation function (KDF) to generate secret keys k2 and k3 ((k2, k3)=KDF(k1)) with the secret key k1 as an input ((9), step S320 ).

In step S330, it is verified whether or not the message authentication code t generated by the dongle matches the message authentication code t' generated by the general-purpose MCU 10 ((10), step S330). First, the MAC verifier 11c generates a message authentication code t' using the ciphertext C12 received in step S310 and the secret key k3 generated in step S320.

The MAC verifier 11c then compares the message authentication code t received in step S310 with the generated message authentication code t', and verifies whether these message authentication codes t and t' match. As a result of the verification, if these message authentication codes t and t' do not match (NO), the computing unit 11 stops the operation of the general-purpose MCU 10 (step S340).

On the other hand, if these message authentication codes t and t' match (YES), the AES decoder 11b uses the secret key k2 to decrypt the ciphertext C12=Enc(k2, sk||ID) ((11 ), step S350), the secret key sk and identification information ID' are acquired (sk||ID=Dec(k2, C12)). The private key and identification information obtained in step S120 are denoted as ID'. This distinguishes the acquired identification information from the identification information stored in the general-purpose MCU 10 . Step S350 is similar to step S120 of FIG.

In step S360, it is determined whether the identification information ID' acquired in step S350 and the identification information ID stored in the general-purpose MCU 10 match. Step S360 is similar to step S130 in FIG. If the identification information ID and ID' are different from each other (NO), the computing unit 11 stops the operation of the general-purpose MCU 10 (step S370).

On the other hand, if the identification information ID and ID' match (YES), the public key encryption/decryption device 11a decrypts the ciphertext C13 using the secret key sk obtained in step S350, and obtains the program P. ((12), step S380). Note that in step S380, if the decryption of the ciphertext C13 using the secret key sk fails, the computing unit 11 causes the general-purpose MCU 10 to stop operating.

Then, the computing unit 11 installs the program P acquired in step S380 ((13) step S390). When the installation of the program P is completed, the data writing process is completed (step S400).

<Main effects of the present embodiment>
In this embodiment, the following effects are obtained in addition to the effects of the first embodiment described above. A comparison of the identification information contained in the write permission is made along with a comparison of the message authentication code generated using the ciphertext of the write permission. According to this configuration, it is possible to prevent communication errors in the communication path, intentional falsification, etc., and further improve the safety of communication within the system.

Further, according to the present embodiment, in the dongle 30 and the general-purpose MCU, secret keys k2 and k3 are generated using a key derivation function (KDF) and a secret key k1 as an input to the key derivation function. This configuration eliminates the need to transmit the secret key (k2) for decryption of the ciphertext C12 and the secret key (k3) for MAC verification from the dongle 30 .

Further, according to this embodiment, there is no need to create a key pair within the dongle 30, so the public key encryption key generator 31a of FIG. 1 is not required. A random number generator required for public key generation is also not required. Also, since the program P is generated in advance by the user of the data writer 20 or the software vendor, the possibility of program P leakage is reduced. Also, the data writer 20 does not require a secure storage area.

The invention made by the present inventor has been specifically described above based on the embodiment, but the present invention is not limited to the above embodiment, and can be variously modified without departing from the scope of the invention. Needless to say.

Preferred embodiments of the present invention are additionally described below.

[Appendix 1]
The data processing management medium generates a key pair consisting of a second secret key and a first public key corresponding to the second secret key, and stores the first public key, the second secret key, and the identification information. sending to the data writer the encrypted write permission comprising
The data writer encrypts the data using the received first public key, and transmits the encrypted data and the encrypted write permission to the object to be written;
The write target decrypts the encrypted write permission using the first secret key to obtain the second secret key, and decrypts the encrypted data using the second secret key. do,
data processing system.

[Appendix 2]
the data includes the identification information read from the write target;
The write target writes the write data when the identification information of itself and the identification information included in the data match.
data processing system.

[Appendix 3]
The data processing management medium stores a third secret key and a fourth secret key, generates a fifth secret key and a sixth secret key using the third secret key, and uses the fifth secret key to generate the encrypting the write permission including a fourth private key; generating the first message authentication code using the encrypted write permission and the sixth private key; sending said write permission to said data writer;
The data writer stores the data encrypted using the fourth private key and a corresponding second public key, and stores the first message authentication code, the encrypted write permission, and the encrypted write permission. transmitting the data to the writing object;
The write object stores the third secret key, generates the fifth secret key and the sixth secret key using the third secret key, and generates the encrypted write permission received. generating a second message authentication code using the sixth secret key obtained from
data processing system.

[Appendix 4]
The write target decrypts the encrypted write permission using the fifth secret key to obtain the fourth secret key, and decrypts the encrypted data using the fourth secret key. do,
data processing system.

[Appendix 5]
The data processing management medium and the object to be written use a key derivation function to obtain the fifth secret key and the sixth secret key with the third secret key as an input,
data processing system.

[Appendix 6]
the data writer and the data processing management medium are connected to each other by a serial bus;
data processing system.

[Appendix 7]
the data writer and the data processing management medium are connected to each other via a USB terminal;
data processing system.

[Appendix 8]
generating a key pair consisting of a second private key and a first public key corresponding to the second private key; sending a write permission to the data writer;
Data processing management medium.

[Appendix 9]
storing a third secret key and a fourth secret key; generating a fifth secret key and a sixth secret key using the third secret key; using the fifth secret key to contain the fourth secret key; encrypting a write permission; generating said first message authentication code using said encrypted write permission and said sixth secret key; and transferring said first message authentication code and said encrypted write permission to said data send to the writer,
Data processing management medium.

[Appendix 10]
using a key derivation function to obtain the fifth and sixth secret keys with the third secret key as input;
Data processing management medium.

[Appendix 11]
Equipped with a memory containing a secure area that prohibits external access,
Data processing management medium.

[Appendix 12]
A write target on which the write process of the write data is executed by a data writer while the number of execution times of the write process of the write data is managed by a data process management medium,
writing the write data when the identification information of itself and the identification information included in the write permission for the write target transmitted from the data processing management medium match;
object to be written.

[Appendix 13]
decrypting the write permission encrypted on the data processing management medium and the data encrypted on the data writer, respectively;
object to be written.

[Appendix 14]
storing a first private key, and decrypting the write permission encrypted using the first private key using the first private key stored by itself;
object to be written.

[Appendix 15]
decrypting the encrypted write permission including a second private key and the identification information using the first private key to obtain the second private key; and a first public key corresponding to the second private key. using the second private key to decrypt the data encrypted using
object to be written.

[Appendix 16]
writing the write data when the identification information of itself and the identification information included in the data match;
object to be written.

[Appendix 17]
generating a second message authentication code using the encrypted write permission received, and encrypting if the first message authentication code generated in the data processing management medium and the second message authentication code match; decrypting the encrypted write permission and the encrypted data, respectively;
object to be written.

[Appendix 18]
storing a third secret key, generating a fifth secret key and a sixth secret key using the third secret key;
second message authentication using the write permission including the fourth secret key encrypted using the fifth secret key generated in the data management medium, and the sixth secret key generated in the write object; generate a sign,
object to be written.

[Appendix 19]
The write target decrypts the encrypted write permission using the fifth secret key to obtain the fourth secret key, and encrypts the write object using a second public key corresponding to the fourth secret key. decrypting the encrypted data using the fourth private key;
object to be written.

[Appendix 20]
using a key derivation function to obtain the fifth and sixth secret keys with the third secret key as input;
object to be written.

[Appendix 21]
The object to be written is an MCU,
object to be written.

REFERENCE SIGNS LIST 1 data processing system 10 general-purpose MCU (object to be written) 20 data writer 30 dongle (data processing control medium) 11, 21, 31 calculator 12, 22, 32 memory 11a ... public key encryption/decryptor, 11b... AES decryptor, 11c... MAC verifier, 21a... public key encryption/encryptor, 31a... public key encryption key generator, 31b... AES encryption apparatus, 31c... MAC generator

Claims (13)

a write target on which write data is written;
a data writer that writes the write data to the write target;
a data processing management medium for managing the number of executions of the write processing;
A data processing method between
The data processing management medium is detachable from the data writer,
a first step in which the data writer transmits a write request for the write data to the data processing management medium;
a second step of incrementing the execution count of the write process when the data processing management medium receives a write request;
a third step in which the data processing management medium transmits a write permission for the write data to the data writer;
including
In the second step, the data processing management medium does not transmit the write permission even if the write request is further received when the execution count reaches a predetermined execution count upper limit;
In the first step, the data writer reads identification information of the object to be written, and transmits the write request including the read identification information to the data processing management medium;
In the third step, the data processing management medium transmits the write permission including the received identification information to the data writer;
a fourth step in which the data writer transmits data including the data to be written and the received write permission to the object to be written;
a fifth step of writing the write data when the write object matches its own identification information with the identification information included in the write permission;
further comprising
Data processing method. In the data processing method according to claim 1 ,
In the third step, the data processing management medium encrypts the write permission and transmits the encrypted write permission to the data writer;
In the fourth step, the data writer encrypts the data, sends the encrypted data and the encrypted write permission to the object to be written;
In the fifth step, the write object decrypts the encrypted write permission and the encrypted data, respectively.
Data processing method. In the data processing method according to claim 2 ,
the data processing management medium and the writing object each store a first secret key;
In the third step, the data processing management medium encrypts the write permission using the first private key;
In the fifth step, the write object decrypts the encrypted write permission using the first private key.
Data processing method. In the data processing method according to claim 3 ,
In the third step, the data processing management medium generates a key pair consisting of a second secret key and a first public key corresponding to the second secret key, and sending to the data writer an encrypted write permission containing a private key and the identification information;
In the fourth step, the data writer encrypts the data using the received first public key, and transmits the encrypted data and the encrypted write permission to the write object. send and
In the fifth step, the write target obtains the second secret key by decrypting the encrypted write permission using the first secret key, and converts the encrypted data to the second secret key. decrypt using the private key,
Data processing method. In the data processing method according to claim 2 ,
the data includes the identification information read from the write target;
In the fifth step, when the identification information of the write target matches the identification information included in the data, the write data is written.
Data processing method. In the data processing method according to claim 2 ,
In the third step, the data processing management medium uses the encrypted write permission to generate a first message authentication code, transmits the generated first message authentication code to the data writer;
In the fourth step, the data writer transmits the first message authentication code to the writing object;
In the fifth step, the write object uses the received encrypted write permission to generate a second message authentication code, and if the first message authentication code and the second message authentication code match. decrypting the encrypted write permissions and the encrypted data, respectively;
Data processing method. In the data processing method according to claim 6 ,
The data processing management medium stores a third secret key and a fourth secret key,
In the third step, the data processing management medium uses the third secret key to generate a fifth secret key and a sixth secret key, and uses the fifth secret key to generate the fourth secret key. encrypting a write permission; generating said first message authentication code using said encrypted write permission and said sixth secret key; and transferring said first message authentication code and said encrypted write permission to said data send to the writer,
the data writer stores the data encrypted using the fourth private key and the corresponding second public key;
In the fourth step, the data writer transmits the first message authentication code, the encrypted write authorization, and the encrypted data to the object to be written;
the write target stores the third secret key;
In the fifth step, the write object uses the third secret key to generate the fifth secret key and the sixth secret key, and the received encrypted write permission and the generated 6 generating a second message authentication code using the private key;
Data processing method. In the data processing method according to claim 7 ,
In the fifth step, the write target obtains the fourth secret key by decrypting the encrypted write permission using the fifth secret key, and converts the encrypted data to the fourth secret key. decrypt using the private key,
Data processing method. In the data processing method according to claim 7 ,
In the third step, the data processing management medium uses a key derivation function to obtain the fifth secret key and the sixth secret key with the third secret key as an input;
In the fifth step, the write target obtains the fifth secret key and the sixth secret key using the third secret key as an input using a key derivation function.
Data processing method. a write target on which write data is written;
a data writer that writes the write data to the write target;
a data processing management medium for managing the number of executions of the write processing;
with
The data processing management medium is detachable from the data writer, and upon receiving a write request for the write data from the data writer, increments the number of executions of the write process, and transfers the data to the data writer. sending write permission for the write data, and not sending the write permission even if the write request is further received when the execution count reaches a predetermined execution count upper limit;
the data writer reads identification information of the object to be written, and transmits the write request including the read identification information to the data processing management medium;
the data processing management medium transmitting the write permission including the received identification information to the data writer;
The data writer transmits data including the write data and the received write permission to the write target;
The write target writes the write data when the identification information of the write target matches the identification information included in the write permission.
data processing system. 11. The data processing system of claim 10 , wherein
the data processing management medium encrypting the write permission and transmitting the encrypted write permission to the data writer;
the data writer encrypts the data and transmits the encrypted data and the encrypted write permission to the object to be written;
the write object decrypts the encrypted write permissions and the encrypted data, respectively;
data processing system. 12. The data processing system of claim 11 , wherein
the data processing management medium and the writing object each store a first secret key;
the data processing management medium encrypts the write permission using the first private key;
the write object decrypts the encrypted write permission using the first private key;
data processing system. 12. The data processing system of claim 11 , wherein
the data processing management medium generating a first message authentication code using the encrypted write permission, transmitting the generated first message authentication code to the data writer;
said data writer sending said first message authentication code to said writing object;
The write object uses the received encrypted write permission to generate a second message authentication code, and if the first message authentication code and the second message authentication code match, the encrypted decrypting the write permission and the encrypted data, respectively;
data processing system.

Images