JPH07244584A - Software protection system - Google Patents

Abstract

PURPOSE:To attain execution by an optional execution device by a procedure for changing a specified execution device in a software protection system which can not be executed by an execution device other than the specified one. CONSTITUTION:Whether a software identifier(ID) recorded in an information recording part 12 of a disk 1 is stored in a storage part 203 or not is retrieved. When the corresponding ID is stored in the storage part 203, the accumulated number of IDs is compared with a reference number stored in the storage part 203, and only when the accumulated number is larger, the execution of the software is permitted. Also when the corresponding ID is not stored in the storage part 203, the execution of the software is permitted. In this case, a software key in the recording part 12 is decoded by a software key ciphering/ decoding part 207, ciphered software recorded in a ciphered software recording part 11 is decoded by using the software key and executed by a software execution part 210. At the time of changing a specified execution device, the accumulated number of IDs and the reference value are changed and a software key is rewritten to a key for a changed execution device.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a software protection system, and more particularly to a software protection system that allows software stored in a recording medium to be executed only by a predesignated execution unit.

[0002]

2. Description of the Related Art In recent years, various multimedia devices have been developed and many paid multimedia software such as games and educational software have been sold.
However, the protection of the software is incomplete, and there is a lot of illegally copied software. In order to prevent such unauthorized copying, there are regulations such as patent law and copyright law, but at the same time, software protection from the aspect of mechanism is also necessary.

For example, there is a method of making a recording medium (eg, a floppy disk) storing software special so that copying cannot be performed by a copy function provided by an OS (operating system). . However, even with such a method, in many cases, duplication is possible by using a copy tool of the type that makes a copy bit by bit. In addition, for a legitimate user, the inconvenience of not being able to make a backup disk will occur.

Further, a method of encrypting software to prevent copy is proposed. This method is disclosed, for example, in JP-A-61-145642. Figure 7
The configuration is shown in. In FIG. 7, the personal computer 501 includes an encryption mechanism 502. The program 503 sold by a software distributor is encrypted with a unique file key KF, and is stored on a disk as one program file (Japanese Patent Laid-Open No. 61-14564).
In the publication No. 2, it is called a diskette).

A user who purchases a disk in which the encrypted program 503 is stored must first obtain a secret password generated at the key distribution center 504 from a software distributor. With this password, the encrypted program 503 can be decrypted and executed only by a pre-designated personal computer 501 having an appropriately initialized encryption mechanism 502. This secret password is unique to the particular program and the particular computer on which it is restored and executed. According to this password, another encrypted program cannot be restored on that computer, and the same encrypted program cannot be restored on another computer. Further, even if the disc storing the encrypted program is copied, it cannot be restored by a computer other than a personal computer designated in advance, and the copying is meaningless. This realizes the copy protection function.

[0006]

However, in the above-mentioned conventional software protection system, even if the owner of the legitimate software cannot execute the software except the pre-specified execution unit, the software is executed in another place. It is difficult to do so or transfer the software to another user.

To enable execution elsewhere,
It is conceivable that not only the recording medium in which the software is stored but also a personal computer 501 designated in advance moves. However, considering that the personal computer 501 is generally larger and harder to move than the recording medium, it is unrealistic. is there.

On the other hand, in order to make the transfer of the software effective, it is conceivable to transfer the software together with the personal computer 501 to another user, but this is also because the personal computer 501 originally belongs to that user, Considering that the above software is executed, it is also unrealistic to transfer one piece of software to another user to transfer it to another user. In this case, it is conceivable that the user creates software for the transfer destination user, but since the original software can be executed by the transfer source as well, the actual transfer is not established.

[0009] Therefore, it is an object of the present invention to provide a software protection system which can execute software on other execution units and can prevent illegal copying. Another object of the present invention is to provide a software protection system suitable for lending software. Still another object of the present invention is to provide a software protection system capable of controlling the number of times software is copied.

[0010]

The invention according to claim 1 is
A software protection system for causing software stored in a recording medium to be executed only by a predesignated executing unit, wherein the recording medium includes software and first unique information unique to the software or the recording medium. The second unique information unique to the executor for executing the software is stored, and the executor reads the software and the second unique information from the recording medium, and the second unique information is unique to the own device. Check means for accepting execution of the software, execution device specifying means for specifying the change destination of the execution device that executes the software,
Conversion means for converting the second unique information stored in the recording medium into information unique to another execution device designated by the execution device designating means, non-executable information storage means for storing information about inexecutable software, When the execution device specifying unit specifies the change destination of the execution device, the first device stored in the recording medium
Unique information writing means for writing unique information of the above into the non-executable information storage means, and the first information stored in the recording medium.
When the non-executable information storage means stores the same unique information as the non-executable information, the first execution control means is provided for controlling the check means so as not to accept the execution of the software stored in the recording medium. ing.

According to a second aspect of the present invention, in the first aspect of the present invention, the recording medium further stores a cumulative number paired with the first unique information, and the non-executable information storage means, Further, the reference number is stored in a pair with the first unique information, the initial values of the cumulative number and the reference number are selected to be the same value, and the executor changes the executor by the executor designating means. When the destination is designated, the first execution control means further includes addition means for adding a predetermined value to each of the cumulative number and the reference number, and the first execution control means has the same unique information as the first unique information stored in the recording medium. If the information is not stored in the non-executable information storage means, or if it is stored in the recording medium, the first
If the unique information that is the same as the unique information is stored in the inexecutable information storage means but the cumulative number is larger than the reference number,
The permission for executing the software stored in the recording medium is given to the checking means, and the first means stored in the recording medium is stored.
If the unique information that is the same as the unique information is stored in the non-executable information storage means and the cumulative number is equal to or smaller than the reference number, the execution of the software stored in the recording medium is not permitted. Is given to the checking means.

According to a third aspect of the present invention, in the first aspect of the invention, the recording medium further stores a random number paired with the first unique information, and the inexecutable information storage means further includes: , The random number is stored as a pair with the first unique information, and the executor uses the random number generating means and the random number generating means to generate a random number when the change destination of the executor is specified by the executor specifying means. Every time a random number is generated, the random number is additionally written to the inexecutable information storage unit, and a random number rewriting unit that rewrites the random number stored in the recording medium each time the random number is generated by the random number generation unit. The first execution control means may store the unique information that is the same as the first unique information stored in the recording medium in the unexecutable information storage means, or may be stored in the recording medium. If the same unique information as the first unique information is stored in the inexecutable information storage means, but the same random number as the random number stored in the recording medium is not stored in the inexecutable information storage means, The execution permission of the software stored in the recording medium is given to the checking means, and the same unique information as the first unique information stored in the recording medium is stored in the non-executable information storage means, and When the same random number as the stored random number is stored in the non-executable information storage means, the check means is provided with the non-permission of execution of the software stored in the recording medium.

According to a fourth aspect of the invention, in any one of the first to third aspects of the invention, the software stored in the recording medium is encrypted, and the second unique information stored in the recording medium is: The check means is an encrypted soft key, and the check means is a secret information storage means for storing secret information different for each execution device, and a soft key decryption means for reading the soft key from the recording medium and decrypting it using the secret information. And a software decryption unit that reads out the encrypted software from the recording medium and decrypts it using the decrypted soft key,
And a software executing means for executing the decrypted software, wherein the converting means includes the decrypted soft key,
The soft key encryption means for encrypting so that it can be decrypted only by the secret information in the other execution device specified by the execution device specifying means, and the encrypted soft key stored in the recording medium,
And a soft key rewriting unit for rewriting the soft key encrypted by the soft key encrypting unit.

According to a fifth aspect of the present invention, in the invention of the fourth aspect, at least the encrypted software, the first unique information, the encrypted soft key, and the cumulative number are recorded on the recording medium. The digital signature information created for any one of them is stored.
Further, it is confirmed whether or not the digital signature information stored in the recording medium is valid, and if it is not, the second execution for controlling the checking means so as not to accept the execution of the software stored in the recording medium. When the change destination of the executer is specified by the control means and the executer specifying means,
The digital signature information creating means for creating digital signature information using the secret information and the signature information rewriting means for rewriting the digital signature information stored in the recording medium into the digital signature information created by the digital signature information creating means are provided. ing.

According to a sixth aspect of the present invention, in the invention according to any one of the first to fifth aspects, the recording medium further stores the number of times copying is possible, and the executor further counts the number of times the recording medium is copied. A total number storage unit that stores a total number indicating the number of times, a copy control unit that executes copying of the recording medium only when the number of copyable times stored in the recording medium is larger than the total number stored in the total number storage unit, Also, the copy control means is provided with a cumulative number updating means for updating the cumulative number stored in the cumulative number storage means each time the copy medium is copied.

In the invention according to claim 7, when lending a recording medium in which software is stored, an execution unit on the lender side performs a change procedure to specify an execution unit on the borrower side that can execute the software. In the software protection system as described above, the recording medium includes encrypted software, software / recording medium specific information specific to the software or the recording medium, and an encrypted first information specific to the lender's executing unit. The soft key No. 1 and the encrypted second soft key unique to the borrower's execution unit are stored, and the lender's execution unit has the first secret unique to the lender's execution unit. First secret information storage means for storing information, first soft key decryption means for reading out the first soft key from the recording medium, and decrypting using the first secret information,
First software decrypting means for reading the encrypted software from the recording medium and decrypting it using the decrypted first soft key, first software executing means for executing the decrypted software, software Executor designating means for designating a borrower side executing device, and a second soft key capable of decrypting the decrypted first soft key only by the borrower side executing device designated by the executing device designating means. And a soft key rewriting means for rewriting the encrypted second soft key stored in the recording medium to the second soft key encrypted by the soft key encryption means. The borrower's implementer is equipped
Second secret information storage means for storing second secret information unique to the borrower's execution unit, a second soft key is read from a recording medium, and decrypted using the second secret information.
Soft key decryption means, second software decryption means for reading the encrypted software from the recording medium, and decrypting using the decrypted second soft key; and second software decrypting means for executing the decrypted software. 2 software execution means, return procedure instruction means for instructing return procedure of recording medium, non-executable information storage means for storing information about inexecutable software, and return procedure instruction means Unique information writing means for writing the stored software / recording medium unique information into the non-executable information storing means, and the same software / recording medium unique information as the software / recording medium unique information stored in the recording medium are inexecutable information If the software is stored in the storage device, And a execution control means for controlling the second software execution means not to accept the line.

According to an eighth aspect of the present invention, there is provided a software protection system in which software stored in a recording medium is executed only by an execution unit designated in advance, and the recording medium includes encrypted software and , Software or recording medium-specific software / recording medium specific information is stored, and the execution unit reads out encrypted software from a secret information storage unit that stores secret information that is different for each execution unit. A software decrypting means for decrypting using the secret information, a software executing means for executing the decrypted software, an executer specifying means for specifying a change destination of an executer for executing the software,
Software encryption means for encrypting the decrypted software so that it can be decrypted only by the secret information in the other execution device designated by the execution device designating means, the encrypted software stored in the recording medium, A software rewriting means for rewriting to software encrypted by the software encryption means, an unexecutable information storage means for storing information about inexecutable software, and a recording medium when the execution device change destination is specified by the execution device specifying means. Stored software / recording medium specific information
If the unique information writing means to be written in the non-executable information storage means and the same software / recording medium unique information as the software / recording medium unique information stored in the recording medium are stored in the non-executable information storage means, the recording is performed. An execution control means is provided for controlling the software execution means so as not to accept the execution of the software stored in the medium.

[0018]

According to the first aspect of the invention, the second unique information unique to the executor for executing the software is stored in the recording medium, and the executor stores the software and the second unique information from the recording medium. Is read, and execution of the software is accepted only when the second unique information is unique to the own device. As a result, the executor capable of executing the software can be specified in advance. Further, when the change destination of the execution unit that executes the software is designated, the second unique information stored in the recording medium is converted into information unique to the other designated execution unit. This allows the user to easily change the executor that executes the software.
When the change destination of the executor is designated, the first unique information stored in the recording medium is written in the non-executable information storage means, and then the first unique information stored in the non-executable information storage means. Even if a recording medium having the same unique information as the above unique information is attached to the original execution device, execution of the software stored in the recording medium is not accepted. With this, it is possible to prevent the software copied before the change designation of the execution unit from being illegally executed by the original execution unit.

According to the second aspect of the present invention, when the change destination of the executor for executing the software is designated, the cumulative number stored in the recording medium and the reference number stored in the inexecutable information storage means are respectively set. A predetermined value is added. After that, even if a recording medium having the same unique information as the first unique information stored in the non-executable information storage means is attached to the original execution device, only when the cumulative number is larger than the reference number, The software stored in the recording medium is permitted to be executed. As a result, when the original executor is designated again as the change destination in the change destination executor, the software can be executed in the original executor.

According to the third aspect of the invention, when the change destination of the executor for executing the software is designated, the executor generates a random number, and the random number is additionally written in the inexecutable information storage means, and The random number stored in the recording medium is rewritten with the random number. After that, even if a recording medium having the same unique information as the first unique information stored in the inexecutable information storage means is attached to the original execution device, the same random number as the random number stored in the recording medium is used. If is not stored in the inexecutable information storage means, execution of the software stored in the recording medium is permitted. As a result, if the original executor is specified again as the change destination in the change destination executor,
The software can be executed on the original execution unit.

In the invention according to claim 4, the encrypted soft key is stored in the recording medium, and in the execution unit,
This soft key is decrypted using the unique secret information, and the decrypted software key is used to decrypt and execute the software read from the recording medium.
As a result, the executor capable of executing the software can be specified in advance. Also, when the change destination of the execution unit that executes the software is specified, the decrypted soft key is encrypted so that it can be decrypted only by the other specified execution unit, and the encryption stored in the recording medium is performed. The soft key
At this time, the encrypted soft key is rewritten. This allows the user to easily change the executor that executes the software. Further, when the change destination of the executor is designated, the software unique information stored in the recording medium is written in the unexecutable information storage means, and then the software unique information stored in the unexecutable information storage means is stored. Even if a recording medium having the same software unique information is attached to the original execution device, the execution of the software stored in the recording medium is not accepted. With this, it is possible to prevent the software copied before the change designation of the execution unit from being illegally executed by the original execution unit.

In the invention according to claim 5, the digital signature information created for at least one of the encrypted software, the software unique information, the encrypted soft key and the cumulative number is recorded. It is stored in a medium, and the execution unit confirms whether the digital signature information stored in the recording medium is valid. If it is not valid, execution of the software stored in the recording medium is not accepted. I have to. by this,
The correctness of the information stored in the recording medium can be confirmed more accurately, and unauthorized duplication can be prevented.

In the invention according to claim 6, the cumulative number updated each time the recording medium is copied is stored in the executor, and the number of copyable times stored in the recording medium is larger than the cumulative number. Only in this case, copying of the recording medium is permitted. As a result, the number of times the recording medium is copied can be limited to a predetermined number.

In the invention according to claim 7, the execution device on the lender side decrypts the software by using the first soft key stored in the recording medium. Therefore, the borrower side execution unit does not need to rewrite the second soft key in the recording medium when returning the recording medium to the lender.

In the invention according to claim 8, the software itself stored in the recording medium is encrypted so that it can be decrypted only by the designated execution device. Therefore,
The executor decrypts and executes the software using the unique secret information.

[0026]

【Example】

(1) First Embodiment FIG. 1 is a block diagram showing the configuration of a software protection system according to the first embodiment of the present invention. In addition, in FIG. 1, solid arrows indicate movement of data, and broken arrows indicate movement of control information. In the following description, software means, for example, an application program.

In FIG. 1, the disc 1 includes an encrypted software recording section 11 and an information recording section 12. In the encrypted software recording unit 11, the encrypted software E
(KA, softA) is stored. Information recording unit 1
2 includes software unique information IDA that indicates the type of software and a software identifier that includes a cumulative number CNT [A] that indicates the number of times the designated executor that can execute the software has changed, and a designated executor that can only be decrypted by the designated executor The soft key E (X, KA) and signature information indicating the validity of these pieces of information are recorded.

The player 2 confirms the contents of the software identifier, the designated execution unit soft key E (X, KA) and the signature information in the disc 1, executes the software, and further performs the designated execution unit change procedure. have. This player 2 includes a connection unit 201, a software ID search unit 202, a storage unit 203, a signature information confirmation unit 204, an execution control unit 205, a reference number / cumulative number comparison unit 206, and a soft key encryption / Decryption unit 207, secret information storage unit 208, and encrypted software decryption unit 20
9, software execution unit 210, and execution unit designation unit 21
1, a non-executable software information updating unit 212 and a signature information creating unit 213.

The connecting portion 201 connects the disc 1 to the player 2
It has a function of reading each information from the disc 1 and writing predetermined information to the disc 1. The software ID search unit 202 has a function of searching whether the input software unique information IDA is stored in the storage unit 203 as unexecutable software. The storage unit 203 stores the software unique information IDA ′ of the non-executable software and the reference number N that is the same value as the cumulative number CNT [A] recorded in the information recording unit 12 when the software is in the non-executable state.
UM [A] is paired and stored as a software identifier.

The signature information confirmation unit 204 confirms whether the signature information recorded in the information recording unit 12 is valid with respect to the software recorded as the inexecutable software in the storage unit 203, and the signature information is confirmed. Is valid, the reference number / cumulative number comparison unit 206 displays the reference number NUM.
It has a function of instructing to compare [A] with the cumulative number CNT [A], and inputting information indicating that the execution of the software is not permitted to the execution control unit 205 when the signature information is invalid. The execution control unit 205 includes information input from the signature information confirmation unit 204 (information indicating whether the signature information recorded in the information recording unit 12 is valid) and the reference number / cumulative number comparison unit 2
Based on the information (information of permission / non-permission of execution of the software) inputted from 06, the encryption software E
It has a function of controlling whether to decrypt (KA, softA). Reference number / cumulative number comparison unit 206
Is the reference number NUM [A] of the software stored in the storage unit 203 and the information recording unit 12 for the disc 1 for which the signature information confirmation unit 204 has confirmed that the signature information is valid.
It has a function of comparing the magnitude relation with the cumulative number CNT [A] recorded in the above, and inputting the software execution permission / non-permission information to the execution control unit 205 based on the result.

The soft key encryption / decryption unit 207 has a designated execution unit soft key E recorded in the information recording unit 12.
If (X, KA) is decrypted with the secret information SX unique to the player 2 stored in the secret information storage unit 208, and if the designated execution unit is changed, the designated execution unit software for the change destination is used. It has the function of encryption to the key. The secret information storage unit 208 records secret information SX unique to the player 2. The encrypted software decryption unit 209 is a soft key to which the encrypted software E (KA, softA) recorded in the encrypted software recording unit 11 is input and which is decrypted by the soft key encryption / decryption unit 207.
It has a function of decrypting the encrypted software E (KA, softA). The software execution unit 210 has a function of executing the software softA decrypted by the encrypted software decryption unit 209.

The executor designating section 211 controls the soft key encryption / decryption section 207 to change the soft key for the designated executor according to the inputted change destination information, and the information is recorded in the information recording section 12. The connection unit 201 is instructed to rewrite the accumulated number CNT [A], and accordingly, the inexecutable software information updating unit 212 is instructed to change the information stored in the storage unit 203, and the signature for the new software identifier is given. It has a function of instructing the signature information creation unit 213 to create information. The non-executable software information updating unit 212 changes the information stored in the storage unit 203 as the cumulative number recorded in the information recording unit 12 is rewritten when the designated execution unit is changed. It has a function. The signature information creation unit 213 has a function of creating signature information for the new software identifier changed by the inexecutable software information update unit 212.

In the player 2 of FIG. 1, the software ID search unit 202, the storage unit 203, the signature information confirmation unit 204, the execution control unit 205, the reference number / cumulative number comparison unit 206, and the soft key encryption / decryption. Unit 207, secret information storage unit 208, encrypted software decryption unit 209, software execution unit 210, executor designation unit 211, inexecutable software information update unit 212, and signature information creation unit 21.
3 are arranged in areas that cannot be changed, analyzed, or copied.

In summary, in the software protection system of the first embodiment, the software softA itself is encrypted by the key soft key KA common to all disks of the software, and the soft key KA is the designated execution unit. By encrypting so that it can be decrypted only by the player 2, it can be executed only by the designated execution device.

FIG. 2 is a flow chart showing the processing procedure of the software execution operation in the software protection system of the first embodiment. Further, FIG. 3 shows the first
5 is a flowchart showing a processing procedure of a designated executor changing procedure in the software protection system of the embodiment. Hereinafter, with reference to FIGS. 2 and 3, the first
The operation of this embodiment will be described.

In the following, the encrypted software E (K) having the soft key E (X, KA) encrypted for the player 2 (hereinafter referred to as player X) in FIG.
A, softA) is decrypted and executed, and then another player not shown (hereinafter referred to as player Y)
A description will be given of the operation when the procedure for changing the designated player is performed. Also, in the following description, the soft key E
(X, KA) shows the soft key KA encrypted in a format that can be decrypted only by the secret information SX unique to the player X. In addition, software E (KA, soft
A) shows the software softA encrypted with the soft key KA, which is decrypted with the soft key KA.

(A) Decryption / execution operation of encrypted software First, referring to FIG. 2, decryption / execution of encrypted software
The execution operation will be described. First, the disc 1 is connected to the connecting portion 201.
Are connected (step S101). Next, the software unique information IDA of the software identifier recorded in the information recording unit 12 is input to the software ID search unit 202 through the connection unit 201. The software ID search unit 202 uses the input software unique information I
Non-executable software unique information IDA 'that matches DA
Is searched for in the storage unit 203 (step S102).

As a result of the search in step S102, the inexecutable software unique information IDA 'matching the input software unique information IDA is stored in the storage unit 203.
Stored in the software ID search unit 202
Reads the signature information and the software identifier from the information recording unit 12 via the connection unit 201 and inputs them to the signature information confirmation unit 204. The signature information confirmation unit 204 determines whether or not the content of the software identifier recorded in the information recording unit 12 is valid by the execution device identifier (not shown in the figure) of the digital signature creator of the signature information.
It is confirmed by the public key of the digital signature creator which is easily derived from (stored in) (step S103). If it is determined that the software identifier is not valid as a result of the confirmation in step S103, the signature information confirmation unit 20
4 instructs the execution control unit 205 to disallow execution of the software (step S104). Therefore, the execution control unit 205 does not execute the software.

On the other hand, if the result of the confirmation in step S103 is that the content of the software identifier is valid, the signature information confirmation unit 204 instructs the storage unit 203 to the reference number / cumulative number comparison unit 206. Cannot be executed as a software identifier in software unique information IDA '
The reference number NUM [A] stored as a pair is compared with the cumulative number CNT [A] of software identifiers recorded in the information recording unit 12. Accordingly, the reference number / cumulative number comparison unit 206 determines that the inexecutable software unique information ID from the storage unit 203 is a software identifier.
The reference number NUM [A] recorded in pairs with A'is read out. In addition, the cumulative number CNT [A] of software identifiers recorded in the information recording unit 12 via the connection unit 201.
Read out. Next, the reference number / cumulative number comparison unit 206 compares the input reference number NUM [A] and the accumulated number CNT [A] (step S105).

If the software stored on the disc 1 is legitimate software, the inequality NUM [A] <CNT [A] is established and the reference number / cumulative number comparison unit 206 determines The software execution permission information is input to the execution control unit 205 (step S106). On the other hand, the inequality NUM [A] <CNT
If [A] does not hold, the disk 1 is a disk that has already been invalidated by the designated executor change procedure, so the execution control unit 205 inputs information indicating that the execution of the software softA is not permitted (step S104). Therefore, in this case, the execution control unit 205 does not execute the software softA.

When the reference number / cumulative number comparison unit 206 gives permission to execute the software, the execution control unit 205 causes the information recording unit 12 via the connection unit 201 to specify the designated execution unit soft key E (X, KA). Is read and input to the soft key encryption / decryption unit 207. In addition, the execution control unit 205
The secret information SX unique to the player X is read from the secret information storage unit 208 and input to the soft key encryption / decryption unit 207. Accordingly, the soft key encryption / decryption unit 207
Is the soft key E (X, KA) for the designated executor player X
To obtain the soft key KA (step S107). At this time, if the specified player soft key E (X, KA) is not for the player X, the soft key KA cannot be decrypted and the software cannot be executed.

Next, the soft key encryption / decryption unit 207
Inputs the decrypted soft key KA to the encrypted software decryption unit 209. In addition, the execution control unit 205
From the encrypted software recording unit 8 of the disk via the connection unit 201, the encrypted software E (KA, soft
A) is read and input to the encrypted software decryption unit 209. Accordingly, the encrypted software decryption unit 209
The software softA is decrypted using the soft key KA input from the soft key encryption / decryption unit 207 (step S108). Next, the encrypted software decryption unit 209 determines that the decrypted software softA
Is input to the software execution unit 210. Therefore, the software execution unit 210 executes the decrypted software (step S109).

On the other hand, as a result of the search in step S102 described above, if the unexecutable software unique information IDA 'matching the input software unique information IDA is not stored in the storage unit 203, the software ID searching unit 202 executes the execution. The software execution permission information is input to the control unit 205 (step S106). Hereinafter, step S1
The processes of 07 to S109 are the same as those of steps S107 to S described above.
The operation is the same as that of 109.

(B) Specified Executor Change Procedure Next, the designated executor change procedure will be described with reference to FIG. It should be noted that in the following description, the designated executor changing procedure for making the software stored in the disc 1 that can currently be executed only by the player X unexecutable by the player X and executed by another player Y different from the player X Describe.

First, the information (executor identifier) that the change destination is player Y is input to the executer designating section 211 from an input device such as a keyboard and a mouse (not shown) (step S201). Then, the executor designating unit 211 reads the designated executor soft key E (X, KA) from the information recording unit 12 via the connection unit 201, and performs soft key encryption /
Input to the decoding unit 207. In addition, the execution device designation unit 211
Reads the secret information SX unique to the player X from the secret information storage unit 208, and the soft key encryption / decryption unit 207
To enter. The soft key encryption / decryption unit 207 uses the secret information SX peculiar to the player X input from the secret information storage unit 208 to specify the designated execution unit soft key E (X, K).
A) is decrypted into the soft key KA, then the public key for the player Y is generated from the execution unit identifier of the changed player Y given from the execution unit designation unit 211, and the generated public key is used to generate the soft key KA. Is encrypted to obtain the player Y soft key E (Y, KA) (step S202). Further, the executor designating section 211 erases the player X soft key E (X, KA) previously recorded in the information recording section 12 via the connecting section 201. Furthermore, the execution device designation unit 2
11 records the player Y soft key E (Y, KA) as a designated executor soft key in the information recording unit 12 via the connection unit 201. This soft key E for player Y
(Y, KA) can be decrypted only by the secret information SY unique to the player Y (stored in the secret information section 208 of the player Y). Therefore, the disc 1 can be executed only by the player Y thereafter.

Next, the executor designating section 211 is connected to the connecting section 20.
The recording is updated via 1 so that the value of the cumulative number CNT [A] of the software identifiers recorded in the information recording unit 12 increases by 1 (step S203). Next, the executor designating unit 211 updates the updated new cumulative number CNT.
The value of [A] is the reference number NUM of the new software identifier.
The value of [A] is set as the inexecutable software unique information ID
It is written in the storage unit 203 via the unexecutable software information updating unit 212 as a software identifier paired with A ′ (step S204). At this time, the executor designating unit 211 simultaneously erases the value of the old reference number from the storage unit 203. As a result, the software stored on the disc 1 cannot be executed by the player X thereafter.

Next, the executor designating section 211 is connected to the connecting section 20.
From the information recording unit 12, the software unique information IDA which is the software identifier and the cumulative number CNT [A]
And the secret information SX peculiar to the player X from the secret information storage unit 208 and input to the signature information creation unit 213, respectively. The signature information creation unit 213 creates signature information that can be created only by the player X using the secret information SX unique to the player X with respect to the input software unique information IDA that is the software identifier and the cumulative number CNT [A]. Then, the information recording unit 12 uses the created signature information as new signature information via the connection unit 201.
(Step S205). At this time, the signature information creation unit 213 simultaneously deletes the old signature information.

Even if the player X disc is copied before the designated player change procedure, the reference number NUM in the storage unit 203 is changed after the designated player change procedure.
Since [A] becomes larger than the cumulative number of the copied discs, the reference number NUM [A] in the player and the cumulative number CNT in the disc in step S105 of FIG.
It is determined that the execution is impossible by the comparison operation with [A], and the player X
Thus, it is possible to prevent the copy disk from being undesirably executed.

As described above, according to the first embodiment, in the software protection system in which the soft key cannot be decrypted by the designated execution unit, the designated execution unit can be changed to prevent the illegal copying. Meanwhile, it is possible to realize an environment in which software can be executed by an arbitrary execution unit.

In the first embodiment, the software body is encrypted with the soft key KA common to all the disks of the software, and the soft key KA is encrypted so that it can be decrypted only by the designated execution unit. Although configured as a system, the present invention may be configured so that the software itself is encrypted so that it can only be decrypted by the designated executable unit, and in this case also, the same effect as the first embodiment is obtained. Is obtained.

Further, in the first embodiment, the soft key is used to prevent the software from being executed by any device other than the designated execution device. However, the ID information of the designated execution device is stored in the disk and the execution device is stored. Before the software is executed, the ID information of the disk corresponds to the I
Alternatively, the software may be executed only when the ID information is checked and the ID information corresponds to the own device.

In the first embodiment, the disk 1
When transferring, we used a cumulative number with an ordered number and a reference number as the information indicating the invalid disk,
A random number may be generated instead of the cumulative number and the reference number, and the random number may be recorded in the information recording unit 12 and the storage unit 203 as a software identifier in pair with the software unique information. In this case, the storage unit 203
All the generated random numbers are recorded without being erased, and the old random number is rewritten to the new random number in the information recording unit 12 every time a new random number is generated. Then, the software identifier on the disk 1 is compared with all the software identifiers stored in the storage unit 203, and the execution of the software is permitted only when there is no match.

In the first embodiment, the disk 1
In order to ensure the legitimacy of the above software identifier, we generated a digital signature for it, but the digital signature is targeted for the software identifier, the software key for the designated execution unit, and all or part of the contents of the encrypted software. May be As a result, the content of the encrypted software recorded in the encrypted software recording unit 11 and the validity of the executor identifier can be ensured.

In the first embodiment, the disk 1
Although the digital signature is used to show the authenticity of the above data, the software identifier or the like may be encrypted in a form that cannot be decrypted by any other than the designated executing device. In this case also, the same as in the first embodiment. The effect is obtained.

Further, in the first embodiment, as the information for identifying the software of the software identifier, the software unique information IDA which is different for each software type and is common to each disk is used. An identifier unique to the disc may be used. by this,
After the procedure of changing the designated execution unit of the disk 1, it is possible to deal with the case where another disk that stores software of the same type as the previous disk is executed.

In the first embodiment, the offline software distribution form is assumed, but even if the present invention is applied to the online software distribution form, the same effect as that of the first embodiment can be obtained. can get.

(2) Second Embodiment The second embodiment of the present invention is configured as a rental software system using the software protection system described in the first embodiment. FIG. 4 is a flow chart showing a processing procedure in the rental software system of the second embodiment. Hereinafter, the details of the second embodiment will be described with reference to FIG. 4 while referring to the configuration described in the first embodiment.

In this rental software system, a rental disk is introduced. In the first embodiment, in the information recording unit 12 (see FIG. 1) of the disc 1, only the encrypted soft key for the designated execution unit is recorded as the information about the soft key. On the other hand, in the rental-only disc according to the second embodiment, not only the designated-executor soft key but also the rental store soft key is always recorded in the information recording unit 12 in the disc. Information recording unit 12
Other information in is the same as the information recorded in the information recording unit 12 in the first embodiment.

A procedure for lending the rental disk to the member Y (considered the same as the player Y) at the rental shop X will be described. At the rental shop X, the change procedure is performed by the player of the rental shop with the member Y as the change destination, as described in the first embodiment. At this time, this disc 1
The designated execution device soft key is encrypted in a format that can be executed only by the player Y of the member Y (step S3).
01). The member Y inserts the disc 1 into his own player Y and executes the software (step S302). Hereinafter, the procedure for executing the software in the disk 1 is as described in the first embodiment.

Next, the case where the member Y returns the disc to the rental store X will be described. The member Y may simply perform the return procedure instead of designating the rental shop as the transfer destination in the designated execution unit changing procedure described in the first embodiment. This is because the information recording unit 12 of the disc 1 always records the rental store soft key, so that the rental store X can execute the disc 1 using the rental store soft key. Is. At this time, the executor designating unit 211 in the player of the member Y erases the player Y soft key in the information recording unit 12, increases the cumulative number by 1, and updates the reference number in the storage unit 203 (step S303). By this process, even if you copy the rental disk and try to execute it after the return procedure,
The copy disk cannot be executed in step S105 of FIG. In other words, with a rental disc,
The soft key for member Y can be deleted, but the procedure for changing the designated execution device can be done only at the rental shop.

As described above, according to the second embodiment, when returning the rental software encrypted for the rental destination to the rental store, the member side changes the designated execution unit as the designated execution unit. You do n’t have to go through
You can save troublesome work. In addition, the rental disk can be run only by the designated execution unit, so it is possible to prevent the rental software from being rented again. Furthermore, updating the cumulative number and the reference number can prevent members from making illegal copies.
In addition, only the rental shop can change the designated execution unit of the rental disk, so it cannot be lent or borrowed between members.

(3) Third Embodiment FIG. 5 is a block diagram showing the configuration of the third embodiment of the present invention. In FIG. 5, the third embodiment uses a master disk 10 that can be copied a specified number of times. In addition to the information recorded on the disc 1 of FIG.
[Copy], the cumulative number SUM [disk], and the master disk identifier are recorded in the information recording unit 12.
The other recording information of the master disk 10 is the same as the recording information of the disk 1 of FIG.

The player 2 has a copy controller 214 and a buffer memory 215 in addition to the configuration of the player 2 described in the first embodiment. FIG. 6 is a flowchart showing a processing procedure in the software protection system of the third embodiment. The operation of the third embodiment will be described below with reference to FIG.

First, the case of making a copy disc from the master disc 10 will be described. The master disc 10 can be executed only by the player X. When the master disc 10 is connected to the connection unit 201 (step S401), the copy control unit 214 reads the master disc identifier from the information recording unit 12,
It is identified that the connected disk is the master disk 10 (step S402). Next, the copy control unit 214 receives the cumulative number SUM [dis] from the information recording unit 12.
k] is read and it is determined whether or not the copy from the master disk 10 is the first (step S403). When no copy disk has been created from the master disk 10 (that is, when the cumulative number SUM [disk] is 0), the copy control unit 214 causes the inexecutable software information updating unit 212 to connect via the connection unit 201. Then, the number of possible copies No [copy] and the cumulative number SUM [disk] are read from the information recording unit 12 and stored in the storage unit 203 as No [copy, X] and SUM [X], respectively (step S404). In addition, the copy control unit 214 reads the master disk identifier from the information recording unit 12 via the connection unit 201, pairs it with the above-described number of possible copying No [copy, X] and the cumulative number SUM [X], and stores it in the storage unit. It stores in 203.

On the other hand, when the copy disc is created at least once from the master disc 10, the copy control unit 214 causes the copyable number No [copy, X] and the total number SUM stored in the storage unit 203.
[X], the number of possible copies No [copy] and the cumulative number SUM [disk] recorded in the information recording unit 12.
And are compared, and it is confirmed whether the two are equal (step S405). When it is confirmed in step S405 that they do not match, the copy control unit 214 determines that copying from the master disk 10 is not permitted (step S406). Therefore, in this case, the master disk 10 is not copied. On the other hand, step S40
If it is confirmed that both match in 5, the copy control unit 214 determines whether the number of possible copies No [copy] recorded in the information recording unit 12 and the cumulative number SUM [X] stored in the storage unit 203 are large or small. The relationships are compared and the inequality No [co
Copying from the master disk 10 is permitted only when py]> SUM [X] is satisfied (step S40).
7).

Next, the operation when the master disk 10 is permitted to be copied and the contents of the master disk are copied to another disk will be described. When the number n of times of continuous continuous copying is input to the copy control unit 214 from an external input device (not shown), the copy control unit 214 causes the information recording via the connection unit 201. The cumulative number SUM [disk] recorded in the unit 12 is updated so as to be increased by the designated copy number n, and similarly, the cumulative number SUM [X] in the storage unit 203 is updated (step S
408). However, this n is selected as a value such that the cumulative total number of updates does not become equal to or larger than the number of copyable times No [copy]. Next, the copy control unit 214
Reads the encrypted software and the designated execution device soft key from the master disk 10 through the connection unit 201 and stores them in the buffer memory 214 (step S4).
09).

The copy disk has the same recording format as the disk described in the first embodiment and includes an information recording section 12 and an encrypted software recording section 8. When this copy disk is replaced with the master disk 10 and connected to the connection unit 201 (step S410), information about the designated executor is input to the executor designation unit 211 from an external input device (not shown) (step S411). ). This executor designation information is input to the copy control unit 211. Depending on,
The copy control unit 214 reads the encrypted software from the buffer memory 215, and writes it in the encrypted software recording unit 11 of the copy disk via the connection unit 201 (step S412). Also, the copy control unit 214
Records the software unique information and the cumulative number as the software identifier in the information recording unit 12 of the copy disc (step S412). At this time, the cumulative number is recorded as 0. Further, the copy control unit 214 causes the soft key encryption / decryption unit 207 and the certification information creation unit 213 to create the specified execution unit soft key and signature information, respectively, and records the information on the copy disk via the connection unit 201. It is recorded in the section 12 (step S412). Now, one new copy disk has been created. After that, the copy control unit 214 creates the copy disk for the number of times n of copy designated in advance. When n copy disks are generated, the copy control unit 214
The encrypted software stored in the buffer memory 215 is erased (step S413).

As described above, according to the third embodiment, it is possible to generate a copy disk that can be newly executed only by a specified specific executing device a predetermined number of times.

[0069]

According to the invention of claim 1, the second unique information peculiar to the executor for executing the software is stored in the recording medium, and the executor executes the software and the second information from the recording medium. The unique information is read, and the execution of the software is accepted only when the second unique information is unique to the own device, so that the software is prevented from being executed by a device other than the designated execution unit. can do. Also, when the change destination of the execution unit is designated, the second unique information stored in the recording medium is converted into information unique to the other designated execution unit, so that the software can be executed. It is possible to easily change the appropriate executor on the user side. When the change destination of the executor is designated, the first unique information stored in the recording medium is written in the non-executable information storage means, and then the first unique information stored in the non-executable information storage means. Even if a recording medium having the same unique information as that of the above is attached to the original execution device, execution of the software stored in the recording medium is not accepted. It is possible to prevent the copied software from being illegally executed by the original execution unit.

According to the second aspect of the invention, when the change destination of the executor is designated, a predetermined value is added to each of the cumulative number stored in the recording medium and the reference number stored in the inexecutable information storage means. After that, even if a recording medium having the same unique information as the first unique information stored in the unexecutable information storage means is attached to the original executing device, the cumulative number is larger than the reference number. In this case, execution of the software stored in the recording medium is permitted. Therefore, even if the original executor is designated again as the change destination in the change destination executor, the software can be executed in the original executor.

According to the third aspect of the invention, when the change destination of the executor is designated, the executor generates a random number, and the random number is additionally written to the inexecutable information storage means and stored in the recording medium. Rewrite the generated random number with the random number, then,
Even if a recording medium having the same unique information as the first unique information stored in the inexecutable information storage means is attached to the original executor, the same random number as the random number stored in the recording medium is executed. When not stored in the impossible information storage means, execution of the software stored in the recording medium is permitted. Therefore, even if the original executor is designated again as the change destination in the change destination executor, the software can be executed in the original executor.

According to the fourth aspect of the present invention, the encrypted soft key is stored in the recording medium, and the execution unit decrypts this soft key using the unique secret information, and further decrypts it. Since the software read from the recording medium is decrypted and executed by using the soft key, it is possible to prevent the software from being executed by a device other than the designated execution unit. When the execution device change destination is specified, the decrypted soft key is encrypted so that it can be decrypted only by the other specified execution device, and the encrypted soft key stored in the recording medium is encrypted. Is rewritten to the encrypted soft key at this time, the user can easily change the execution unit that executes the software. Further, when the change destination of the executor is designated, the software unique information stored in the recording medium is written in the unexecutable information storage means, and then the software unique information stored in the unexecutable information storage means is stored. Even if a recording medium having the same software-specific information is attached to the original execution unit, execution of the software stored in that recording medium is not accepted, so it was copied before changing the execution unit. The software can be prevented from being illegally executed by the original execution unit.

According to the invention of claim 5, the digital signature information prepared for at least one of the encrypted software, the software unique information, the encrypted soft key and the cumulative number is recorded. It is stored in a medium, and the execution unit confirms whether the digital signature information stored in the recording medium is valid. If it is not valid, execution of the software stored in the recording medium is not accepted. Therefore, the correctness of the information stored in the recording medium can be confirmed more accurately, and an unauthorized copy can be prevented.

According to the sixth aspect of the present invention, the cumulative number updated each time the recording medium is copied is stored in the executor, and the copyable number stored in the recording medium is larger than the cumulative number. Only in this case, since the copying of the recording medium is permitted, the number of times of copying the recording medium can be limited to a predetermined number.

According to the invention of claim 7, the lender-side executing unit decrypts the software using the first soft key stored in the recording medium. When returning to the lender, it is not necessary to rewrite the second soft key in the recording medium.

According to the invention of claim 8, since the software itself stored in the recording medium is encrypted so that it can be decrypted only by the designated executing device, the software is executed by a device other than the designated executing device. Can be prevented.
Also, when the execution device change destination is specified, the decrypted software is encrypted so that it can be decrypted only by the other specified execution device, and the software stored in the recording medium is encrypted at this time. Since the software is rewritten to the stored software, the user can easily change the executor that executes the software. Further, when the change destination of the executor is designated, the software unique information stored in the recording medium is written in the unexecutable information storage means, and then the software unique information stored in the unexecutable information storage means is stored. Even if a recording medium having the same software-specific information is attached to the original execution unit, execution of the software stored in that recording medium is not accepted, so it was copied before changing the execution unit. The software can be prevented from being illegally executed by the original execution unit.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a software protection system according to a first exemplary embodiment of the present invention.

FIG. 2 is a flowchart showing a processing procedure of a software execution operation in the software protection system of the first exemplary embodiment of the present invention.

FIG. 3 is a flowchart showing a processing procedure of a designated executor changing procedure in the software protection system according to the first embodiment of the present invention.

FIG. 4 is a flowchart showing a processing procedure in the rental software system according to the second embodiment of this invention.

FIG. 5 is a block diagram showing a configuration of a third exemplary embodiment of the present invention.

FIG. 6 is a flowchart showing a processing procedure in a software protection system according to a third embodiment of the present invention.

FIG. 7 is a block diagram showing a configuration of a conventional software protection system.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Disc 11 ... Encrypted software recording unit 12 ... Information recording unit 2 ... Player 201 ... Connection unit 202 ... Software ID search unit 203 ... Storage unit 204 ... Signature information confirmation unit 205 ... Execution control unit 206 ... Reference number / cumulative number Comparing unit 207 ... Soft key encryption / decryption unit 208 ... Confidential information storage unit 209 ... Encrypted software decryption unit 210 ... Software execution unit 211 ... Executor designation unit 212 ... Executable software information update unit 213 ... Signature information creation unit 214 ... Copy control unit

Continuation of the front page (72) Inventor Mitsuko Miyaji 1006 Kadoma, Kadoma City, Osaka Prefecture Matsushita Electric Industrial Co., Ltd.

Claims (8)

[Claims] 1. Software stored in a recording medium,
A software protection system to be executed only by a pre-specified execution device, wherein the recording medium should execute software, first unique information unique to the software or the recording medium, and the software. The second peculiar to the executor
Unique information is stored, the execution unit reads the software and the second unique information from the recording medium, and only when the second unique information is information unique to the own device, Checking means for accepting execution of software, executor specifying means for specifying a change destination of the executor executing the software, second unique information stored in the recording medium, other than that specified by the executor specifying means Conversion unit for converting information specific to the execution unit, non-executable information storage unit for storing information about unexecutable software, and stored in the recording medium when the execution unit designation unit specifies a change destination of the execution unit. The first unique information
When the unique information writing unit to be written in the unexecutable information storage unit and the same unique information as the first unique information stored in the recording medium are stored in the unexecutable information storage unit, A software protection system comprising first execution control means for controlling the checking means so as not to accept execution of stored software. 2. The recording medium further stores a cumulative number as a pair with the first unique information, and the unexecutable information storage means further has a pair with the first unique information. The reference number is stored as, and the cumulative number and the reference number are selected to have the same initial value, and the execution unit is specified by the execution unit designating unit as a change destination of the execution unit. At this time, it further comprises an adding means for adding a predetermined value to each of the cumulative number and the reference number, and the first execution control means is the same unique information as the first unique information stored in the recording medium. Is not stored in the unexecutable information storage means, or the same unique information as the first unique information stored in the recording medium is stored in the unexecutable information storage means, but the cumulative number is Greater than the reference number In this case, the execution permission of the software stored in the recording medium is given to the checking means, and the same unique information as the first unique information stored in the recording medium is stored in the inexecutable information storage means. If the cumulative number is equal to or smaller than the reference number, the check means is provided with the non-permission of execution of the software stored in the recording medium. Software protection system described in. 3. The recording medium further stores a random number paired with the first unique information, and the inexecutable information storage means further paired with the first unique information. Random numbers are stored in the execution unit, and the execution unit further includes a random number generation unit that generates a random number when the execution unit designation unit specifies a change destination of the execution unit, and a random number is generated by the random number generation unit. A random number writing means for additionally writing the random number to the inexecutable information storage means, and a random number rewriting means for rewriting the random number stored in the recording medium each time a random number is generated by the random number generating means, The first execution control means, when the same unique information as the first unique information stored in the recording medium is not stored in the unexecutable information storage means, or The same unique information as the first unique information stored in the body is stored in the non-executable information storage means, but the same random number as the random number stored in the recording medium is stored in the non-executable information storage means. When not stored, the execution permission of the software stored in the recording medium is given to the checking means, and the same unique information as the first unique information stored in the recording medium is stored in the inexecutable information storage. If the same random number as that stored in the recording medium is stored in the recording medium, the execution prohibition of the software stored in the recording medium is prohibited. Characterized by giving to the checking means,
The software protection system according to claim 1. 4. The software stored in the recording medium is encrypted, the second unique information stored in the recording medium is an encrypted soft key, and the checking means executes: Secret information storage means for storing secret information different for each device; soft key decryption means for reading the soft key from the recording medium and decrypting the soft key using the secret information; and the encrypted from the recording medium. It includes software decryption means for reading out software and decrypting using the decrypted soft key, and software execution means for executing the decrypted software, wherein the conversion means includes the decrypted software. A soft key encryption means for encrypting the key so that it can be decrypted only by the secret information in the other execution device designated by the execution device designating means; A soft key rewriting unit for rewriting an encrypted soft key stored in a medium into a soft key encrypted by the soft key encryption unit.
The software protection system according to any one of 3 above. 5. The recording medium is further created for at least one of the encrypted software, the first unique information, the encrypted soft key, and the cumulative number. The digital signature information stored in the recording medium is stored in the recording medium, and the execution unit further confirms whether the digital signature information stored in the recording medium is valid. Second execution control means for controlling the checking means so as not to accept execution of software; and when the execution device designating means designates a change destination of the execution device, the secret information is used to obtain the digital signature information. The digital signature information creating means to be created and the digital signature information stored in the recording medium are created by the digital signature information creating means. Comprising a signature information rewriting means for rewriting the digital signature information,
The software protection system according to claim 4. 6. The recording medium further stores the number of times copying is possible, and the executor further stores a cumulative number storage unit that stores a cumulative number indicating the number of times the recording medium has been copied, the recording medium. The copy control means for executing the copy of the recording medium only when the number of possible copies stored in is larger than the total number stored in the total number storage means, and the copy control means executes the copy of the recording medium. The software protection system according to claim 1, further comprising a cumulative total update unit that updates the cumulative total stored in the cumulative total storage unit each time. 7. A software protection system in which, when a recording medium in which software is stored is lent, an execution unit on the lender side performs a change procedure to identify an execution unit on the borrower side that can execute the software. In the recording medium, the encrypted software, software / recording medium unique information unique to the software or the recording medium, and the encrypted first unique to the lender's execution unit A soft key and an encrypted second soft key unique to the borrower-side execution unit are stored, and the lender-side execution unit has a first secret unique to the lender-side execution unit. First secret information storage means for storing information, a first soft key decryption means for reading out the first soft key from the recording medium, and decrypting the first soft key using the first secret information A first software decryption means for reading the encrypted software from the recording medium and decrypting the encrypted software using the decrypted first soft key; a first software decrypting means for executing the decrypted software; Software execution means, execution device specifying means for specifying the execution device on the borrower side for executing the software, and the decrypted first soft key is executed by the execution device on the borrower side specified by the execution device specification device. Second only decryptable
Second soft key encryption means for encrypting the soft key encryption means and the second soft key encrypted by the soft key encryption means.
Soft key rewriting means for rewriting to the soft key of the borrower side, the execution device on the borrower side is a second secret information storage device for storing second secret information unique to the execution device on the borrower side, Second soft key decryption means for reading out a second soft key and decrypting using the second secret information; reading out the encrypted software from the recording medium; and performing the decrypted second Second software decryption means for decrypting using a soft key, second software execution means for executing the decrypted software, return procedure instruction means for instructing return procedure of the recording medium, inexecutable software Non-executable information storage means for storing information regarding information stored in the recording medium when the return procedure is instructed by the return procedure instruction means. Software / recording medium unique information for writing the software / recording medium unique information to the non-executable information storage means, and the same software / recording medium unique information as the software / recording medium unique information stored in the recording medium is the non-executable information. When stored in the storage means, the execution control means is provided for controlling the second software execution means so as not to accept the execution of the software stored in the recording medium.
Software protection system. 8. The software stored in the recording medium,
A software protection system to be executed only by a pre-specified execution unit, wherein the recording medium stores encrypted software and software or software / recording medium unique information unique to the recording medium. The execution unit is a secret information storage unit that stores secret information that is different for each execution unit, a software decryption unit that reads encrypted software from the recording medium, and decrypts using the secret information. Software execution means for executing the decrypted software, execution device designating means for designating a change destination of the execution device for executing the software, and the decrypted software for other products designated by the execution device designating means. Software encryption means for encrypting so that it can be decrypted only with secret information in the execution unit, Software rewriting means for rewriting the encrypted software stored in the recording medium to the software encrypted by the software encryption means, an inexecutable information storage means for storing information about inexecutable software, the executor designating means When the change destination of the executor is designated by the execution unit, the software / recording medium unique information stored in the recording medium is written in the unexecutable information storage unit, and the software stored in the recording medium. / When the same software as the recording medium unique information / recording medium unique information is stored in the inexecutable information storage means, the software execution means is controlled so as not to accept the execution of the software stored in the recording medium. Software that includes an execution control unit that Protection system.