JPH10320291A - Data converter - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent plain sentence data prepared by a preparing person from being utilized except display and to protect the profit of preparing person by reloading the branch destination registered in a branch table so as to limit the execution of another task while deciphered plain sentence data exist in a main storage device. SOLUTION: When a permitted person tries to display the contents of enciphere data, the enciphered data are read into the prescribed area of the RAM in a main storage device 6. Next, when the permitted person inputs a decipher key, data showing the branch destination registered in the branch destination table are saved in the other area of the RAM and among the branch destinations registered in the branch destination table, a printing control processing address, a line control processing address and an auxiliary storage device control processing address as the branch destinations of respective device drivers for managing the inputs/outputs of printer 3, line control unit 4 and auxiliary storage device 7 are reloaded into addresses of branch destinations. Thus, the profit of preparing person is protected.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data conversion device for decrypting encrypted data, and more particularly to a computer having an operating system for executing a plurality of the above tasks in parallel. The present invention relates to a data conversion device that effectively prevents the use of a data for purposes other than display.

[0002]

2. Description of the Related Art Conventionally, there is an encryption technique as a technique for protecting communication data from unauthorized access such as wiretapping or falsification of the communication data. Some of them encrypt data using encryption software. For example, data is transmitted and received as follows.

In a transmitting computer, a person who intends to transmit data (for example, a data creator) uses encryption software to convert plaintext data to be transmitted to a predetermined encryption key designated by the creator. Based on the encrypted data, the encrypted data is transmitted based on the encrypted data.

On the other hand, at the receiving computer receiving the encrypted data, a person having a decryption key for decryption (for example, a licensor who has been permitted to use the plaintext data by the creator) decrypts the data. Using the decryption software, the received encrypted data is decrypted into the original plaintext data based on the decryption key. Then, the decrypted plaintext data is transmitted to the HD of the receiving computer by decryption software.
D or the like.

[0005]

As described above, the above-described encryption technique can protect the confidentiality of data from persons other than the licensor. However, it has not been possible to prevent the licensor from copying and distributing the decrypted plaintext data without permission to the creator, falsifying it, or even spreading it to other computers.

On the other hand, in an open system which does not have a mechanism for managing the user of the system, which is found in a system which attempts to use information in a wide area, etc., the decrypted plaintext data is decrypted by decryption software. Therefore, if the licenser is left in such a state, the plaintext data may be easily obtained and used by an unspecified number of people. Was.

In general, data to be encrypted is extremely confidential, and if it is falsified without the intention of the creator, anyone who tries to use the plaintext data will suffer significant damage. You are at risk of suffering.

Therefore, an object of the present invention is to solve such a conventional problem. In a computer having an operating system for executing a plurality of tasks in parallel, plain text data created by the creator is not displayed. Effectively protects the creator's interests, and at the same time, improves the reliability of the plaintext data,
It is an object of the present invention to provide a data conversion device suitable for protecting the benefit of a user who uses plaintext data.

[0009]

According to one aspect of the present invention, there is provided a data conversion apparatus comprising: a main storage device; an auxiliary storage device; An operating system that executes a plurality of tasks in parallel based on a branch table in which branch destinations are registered, and reads encrypted data stored in the auxiliary storage device into the main storage device and decrypts the encrypted data. In the data conversion device, while the decryption means for decrypting the encrypted data to the main storage device and the plaintext data decrypted by the decryption means exist in the main storage device, the other Branch table rewriting means for rewriting a branch destination registered in the branch table so as to restrict execution of a task.

With such a configuration, when attempting to decrypt the encrypted data stored in the auxiliary storage device, the encrypted data is read into the main storage device, and the encrypted plaintext data is stored in the main storage device. The decryption means decrypts the data in the main storage device based on a predetermined decryption key. In response, the branch table rewriting means rewrites the branch destination registered in the branch table so that the decrypted plaintext data is not obtained from another task, and stores the plaintext data in the main storage device. During this time, the rewritten state is maintained.

Then, while the plaintext data exists in the main storage device, another task is started, and when a request to acquire the plaintext data is issued to the operating system, the operating system transmits the request to the operating system. Even if an attempt is made to branch to a necessary process for executing the request, the execution is restricted because the branch destination has been changed. Examples of such tasks include a task of hardcopying plaintext data displayed on a screen and a task of editing arbitrary data stored in a main storage device and storing the data in an auxiliary storage device.

That is, conventionally, the execution of the above-mentioned task has not been particularly prohibited even while the plaintext data exists in the main storage device. Thus, the contents can be stored in the auxiliary storage device or the contents can be printed on paper. On the other hand, according to the present invention, while plaintext data exists in the main storage device, part or all of the execution of such a task is prohibited.
It is possible to effectively prevent plaintext data from being acquired from another task.

On the other hand, in this case, the encrypted plaintext data is decrypted only in the main storage device.
As a result of the decryption, the plaintext data is not stored in the auxiliary storage device, and when not decrypted, the plaintext data is held in the auxiliary storage device in an encrypted state. For this reason, for example, after display of the decrypted plaintext data is completed, the plaintext data is completely deleted so that some or all of the plaintext data does not remain in the main storage device, and then the processing is terminated. Such a configuration is preferable.

Here, the decryption key is a motivation for determining an algorithm for decrypting the encrypted plaintext data, and determines an algorithm for encrypting the plaintext data. It has a causal relationship with the motivated encryption key and a predetermined causal relationship required to restore the plaintext data normally. This includes the password set when encrypting the plaintext data or decrypting the encrypted data, and the encryption / decryption algorithm itself that does not require a password.

Therefore, in the first aspect of the present invention, the decryption is based on the encryption key of the encrypted data and the decryption key having the predetermined causal relationship. To restore successfully to
This does not include generating anything other than the original plaintext data based on the encryption key and the decryption key having no predetermined causal relationship.

On the other hand, in the invention according to claim 1,
An operating system is a system that manages resources such as a main storage device, an auxiliary storage device, and data stored therein, and may be any system that executes a plurality of tasks in parallel based on a branch table. For example, the present invention also includes an interrupt control device that executes interrupt control based on a table in which branch destinations of interrupt processing are registered, and a multitask system that can perform distributed processing of a plurality of tasks.

According to a second aspect of the present invention, there is provided a data conversion apparatus according to the first aspect, wherein:
A plaintext data deleting unit for deleting the plaintext data from the main storage device, wherein the branch table rewriting unit is registered in the branch table in accordance with the decryption unit decoding the plaintext data. The branch destination is rewritten, and the branch destination of the branch table is returned to the original one in accordance with the deletion of the plaintext data by the plaintext data deleting means.

With such a configuration, the decoding means uses
When the plaintext data is decrypted in the main storage device or when a request is issued to the decryption means to decrypt the encrypted plaintext data, the branch table rewriting means uses the branch table Is rewritten. Then, when the plaintext data erasing means deletes the plaintext data from the main storage device or when the plaintext data erasing means is issued a request to delete the plaintext data from the main storage device, etc., The rewritten branch table is returned to the original state by the branch table rewriting means.

Then, for example, during the period from when the plaintext data is decrypted to the main storage device to when the plaintext data is deleted from the main storage device, part or all of the execution of other tasks is restricted. You. However, during other times, execution of other tasks is not restricted at all.

Further, the data conversion device according to a third aspect of the present invention is the data conversion device according to the first or second aspect, wherein a request from the other task that has branched based on the branch table is received. And a branch table rewriting means for rewriting a branch destination registered in the branch table to an address of the task branching means.

With such a configuration, the branch destination reregistered in the branch table is rewritten by the address of the task branching means by the branch table rewriting means. Then,
When another task is started while the plaintext data is present in the main storage device and a request to acquire the plaintext data is issued to the operating system, the task is branched to the task branching means, and the task branch is performed. By means, the request is branched so that the request is returned to the original task. That is, such a request is not executed by the operating system while the plaintext data is present in the main storage device, and is returned to the original task that requested the request.

According to a fourth aspect of the present invention, there is provided a data conversion device according to the first, second or third aspect, wherein the branch table includes the main storage device and the auxiliary storage device. The branch destination of the input / output control process for managing the input / output operation of the device is registered, and the branch table rewriting means rewrites the branch destination of the input / output control process among the branch destinations registered in the branch table. Like that.

With such a structure, the branch table rewriting means rewrites the branch destination of the input / output control processing for managing the input / output operation of the peripheral device among the branch destinations registered in the branch table.

Then, while the plaintext data exists in the main storage device, another task is started, and when a request to output the plaintext data to the peripheral device is issued to the operating system, the request is issued. Execution is restricted. Such tasks include, for example, storing plaintext data in an auxiliary storage device such as an HDD or FDD, copying the data to another area of the main storage device, outputting the data to a display device, a printing device, or a network transmission path. And other tasks.

[0025]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing an embodiment of a data conversion device according to the present invention.

In this embodiment, as shown in FIG. 1, a data conversion device according to the present invention is stored in an auxiliary storage device of a computer in a multitask system capable of performing a plurality of tasks in a distributed manner. This is applied to the case of displaying the contents of encrypted data.

The data conversion apparatus includes a computer 1 for processing encrypted data, a CRT 2 for displaying an image signal output from the computer 1 on a screen, and printing character information output from the computer 1 on paper. It comprises a printing device 3 and a line control device 4 for controlling the line between the computer 1 and the network.

The computer 1 includes an arithmetic processing unit 5 for controlling the arithmetic operation and the entire system, a main storage device 6 and an auxiliary storage device 7 capable of reading and writing data.
A keyboard 8 as a human interface capable of inputting data from the outside, a printing device 3, a line controller 4, and an interface unit 9 for inputting and outputting data to and from the keyboard 8, and stored in a specific area of the main storage device 6. And a CRT control device 10 for converting the input data into an image signal and outputting the image signal to the CRT 2. The arithmetic processing unit 5, the main storage device 6, the auxiliary storage device 7, and the interface unit 9 transmit the data. Are connected to each other by a bus which is a signal line.

The main storage device 6 includes a ROM in which a control program for the arithmetic processing device 5 is stored in advance, data read from the auxiliary storage device 7 and the
RAM for storing the calculation results required in the calculation process of
And a VRAM for storing display data to be displayed at T2. It should be noted that the VRAM is an arithmetic processing unit 5
And the CRT control device 10 can be accessed independently and mutually.

The auxiliary storage device 7 is composed of an FDD, an HDD, or the like, and is configured to store encrypted data to be displayed. The CRT control device 10 is configured to sequentially read data stored in the VRAM of the main storage device 6 from a head address at a predetermined cycle, convert the read data into an image signal, and output the image signal to the CRT 2.

The arithmetic processing unit 5 is composed of a micro process unit MPU and the like, and always executes a task controller 11 for distributed processing of a plurality of tasks according to a control program stored in a ROM of the main storage device 6. It is configured.

As shown in FIG. 2, the task controller 11 includes a task A, which is composed of a plurality of instruction codes,
The task B and the task started when the encrypted data stored in the auxiliary storage device 7 is to be decrypted and displayed are time-divisionally processed at predetermined intervals. That is, the task controller 11
A time T is allocated as a time for executing processing to each of the task A, the task B, and the present task in the time of making a round of all the tasks, and the tasks A, B, and the present task are distributed and processed in this order. Go.

As shown in FIG. 3, the task controller 11 sequentially reads out and decodes instruction codes from the task to be processed, and inputs / outputs the instruction codes from / to the CRT 2, the printing device 3, the line control device 4, the keyboard 8, and the like. It is configured to execute the decoded instruction code based on a branch destination table in which the branch destination of each device driver that manages the operation is registered. That is, for example, when an instruction code for requesting printing is read from a task to be executed,
First, the instruction code is decoded, the address of the device driver for executing the print control process registered at a predetermined position in the branch destination table is read, and the process branches to the address. Then, when a series of print control processing is executed by the device driver, the processing is returned to the task controller 11, and the process shifts to reading of the next instruction code.

Further, when the encrypted data is to be displayed, the task controller 11
A predetermined program stored in the OM is started, and FIG.
Is configured to execute the processing shown in the flowchart of FIG.

That is, as shown in FIG. 4A, the process proceeds to step S1, where the encrypted data to be decrypted and displayed is read from the auxiliary storage device 7 into the RAM of the main storage device 6, and the process proceeds to step S2. The process proceeds to input a decryption key for decrypting the encrypted data from the keyboard 8.

Next, the process proceeds to step S3, where the data indicating the branch destination registered in the branch destination table is saved in another area of the RAM of the main storage device 6, and the process proceeds to step S4, where the data is stored in the branch destination table. Of the registered branch destinations,
The branch destination of each device driver that manages the input / output operations of the printing device 3, the line control device 4, and the auxiliary storage device 7 is rewritten to the address in step S21 described later.

Then, the flow shifts to step S5, where the encrypted data is decrypted in the RAM of the main storage device 6 based on the decryption key input in step S2, and the flow shifts to step S6, where the decrypted plaintext data is decrypted. The data is stored in the VRAM of the storage device 6, and the process proceeds to step S7 to input from the keyboard 8 whether or not there is a request to end the display of the plaintext data.
If there is a request to end, the process moves to step S8. However, if there is no request to end, step S7 is repeated until there is a request to end.

In step S8, the RAM of the main storage device 6
And delete the plaintext data stored in the VRAM,
In step S9, the data indicating the branch destination registered in the branch destination table saved in another area of the RAM of the main storage device 6 is restored, and the branch destination registered in the branch destination table is restored to the original state. And the series of processing ends.

On the other hand, in step S21, which is the address of the branch destination rewritten in step S4, the process proceeds to step S22, where an error code indicating that the requested processing has not been executed is set, and the flow branches to step S21. The incoming processing is returned to the original processing as it is.

Next, the operation of the above embodiment will be described with reference to the drawings. FIG. 5 is a block diagram showing states before and after rewriting of the branch destination table. Here, the licensor who has been permitted to use the data by the creator of the data intends to display the contents of the encrypted data stored in the auxiliary storage device 7 on the CRT 2 based on the decryption key possessed by the creator. The case will be described.

First, when the licenser attempts to display the contents of the encrypted data, the processing shown in the flowchart of FIG. 4 is executed, and the encrypted data is read into a predetermined area of the RAM of the main storage device 6 in step S1. .

Next, when the licenser inputs the decryption key in step S2, the data indicating the branch destination registered in the branch destination table is saved in another area of the RAM through steps S3 and S4. As shown in (a), among the branch destinations registered in the branch destination table, a print destination which is a branch destination of each device driver that manages input / output operations of the printing device 3, the line control device 4, and the auxiliary storage device 7. The control processing address b, the line control processing address c, and the auxiliary storage device control processing address e are rewritten to the address in step S21 as shown in FIG.

Next, through steps S5 and S6, the encrypted data read into the RAM is decrypted based on the decryption key input in step S2, and the decrypted plaintext data is stored in the VRAM. Then, CRT
The control unit 10 reads the plaintext data stored in the VRAM, converts it into an image signal, and
2, the content is displayed on CRT2. In step S7, a state of waiting for an input from the keyboard 8 is set. Therefore, the licensor keeps waiting until an instruction to end the display of the plaintext data is issued.
The contents of the plaintext data displayed on the CRT 2 can be viewed.

Next, in step S7, the licensor inputs a request for terminating the display of the plaintext data from the keyboard 8, and through steps S8 and S9, after the plaintext data in the RAM and VRAM is deleted, another The data indicating the branch destination registered in the branch destination table saved in the area is restored, and as shown in FIG. 5A, the branch destination registered in the branch destination table is returned to the original state.

As described above, the case where the person having the decryption key displays the contents of the encrypted plaintext data has been described, but the person having no decryption key can display the contents of the plaintext data. If you try to display, step S
In 5, the original plaintext data is not restored normally, and the contents of the plaintext data are not displayed on the CRT 2 at all.

As described above, while the plaintext data is stored in the RAM and the VRAM, the branch destination registered in the branch destination table is rewritten. Even if task A or task B issues a request to input / output data to / from printing device 3, line control device 4, and auxiliary storage device 7, the request is restricted from being executed by the operating system. can do. Therefore,
The plaintext data stored in RAM and VRAM is
It can be effectively prevented from being acquired from task A or task B, which is a task other than the present task, and the profit of the creator can be protected. Accordingly, since the reliability of the plaintext data can be improved, not only the profit of the creator but also the profit of the user using the plaintext data can be protected.

In particular, before decrypting the plaintext data into the RAM, the branch destination registered in the branch destination table is rewritten, and the plaintext data stored in the RAM and VRAM is deleted. Branching destination is returned to the original state, so plaintext data
While being stored in the M or VRAM, it is possible not only to more reliably prevent the plaintext data from being acquired from the task A or the task B other than the present task, but also to terminate the execution of the present task. However, it is possible to prevent a part or all of the plaintext data from being acquired from another task executed thereafter. Also,
On the other hand, while the plaintext data is not stored in the RAM or the VRAM, the execution of the task A or the task B is not affected at all.

Further, the branch destination registered in the branch destination table is rewritten in step S21.
During the rewriting, the task A or the task B, which is a task other than the present task, is executed by the printing apparatus 3, the line control apparatus 4,
Even if a request to input / output data to / from the auxiliary storage device 7 is issued, an error code is set in step S22 and the request is returned to the original task, so that the request is prohibited from being executed by the operating system. be able to.

Furthermore, of the branch destinations registered in the branch destination table, only the branch destination of the device driver that manages the input / output operation of the peripheral device is rewritten.
This prevents plaintext data stored in the RAM or VRAM from being acquired from the task A and the task B without affecting processes other than the process of managing the input / output operations of the task A, the task B, and the present task. be able to.

Further, since the series of processing is terminated after deleting the plaintext data stored in the RAM and VRAM, when the contents of the encrypted plaintext data are not displayed, the plaintext data is not displayed. Can be stored in the auxiliary storage device 7 in an encrypted state.

In the above embodiment, a case has been described in which the branch destination registered in the branch destination table is rewritten before decrypting the plaintext data. However, the present invention is not limited to this. May be configured to rewrite the branch destination registered in the branch destination table at the same time as the processing shown in the flowchart of FIG.

In the above embodiment, the RAM
And the case where the plaintext data stored in the VRAM is deleted and then the branch destination registered in the branch destination table is returned to the original state. However, the present invention is not limited to this. The branch destination registered in the branch destination table may be returned to the original state at the same time as the end request or before deleting the plaintext data.

Further, in the above-described embodiment, the case where the error code is set in step S22 to return to the original task has been described. However, the present invention is not limited to this. The branch from the present task may be determined, and the branch from the present task may be configured to branch to the branch destination before rewriting the branch destination table.

With such a configuration, the plaintext data is R
While stored in the AM and the VRAM, the execution of tasks A and B, which are tasks other than the present task, can be freely restricted without affecting the execution of the present task at all.

Further, in the above-described embodiment, the configuration in which the branch destination table in which each branch destination of the device driver managing the input / output operation of the peripheral device is registered is rewritten, but the present invention is not limited to this. It may be configured to manage the execution of the process, for example, rewrite a branch destination table in which a branch destination of a system call in the operating system is registered.

With such a configuration, the execution of tasks A and B, which are tasks other than the present task, can be prohibited at a lower level in detail.
While the data is stored in the AM and the VRAM, the effect on the execution of the present task, the task A and the task B can be reduced.

Further, in the above-described embodiment, a case has been described in which the data conversion device according to the present invention is applied to a computer having a multitask system capable of distributing a plurality of tasks, but the present invention is not limited to this. Without
The present invention can also be applied to a simple computer having only an interrupt control device that executes interrupt control based on a table in which branch destinations of interrupt processing are registered.

Further, in the above-described embodiment, the case where the present invention is applied to the computer having the arithmetic processing unit 5 having no limitation in the operation mode has been described, but the present invention is not limited to this.
For example, the present invention can be applied to a computer including an arithmetic processing unit that operates in two modes, a supervisor mode and a user mode. In this case, the branch destination table in which the branch destination of the device driver is registered cannot normally be rewritten in the user mode. Therefore, once the arithmetic processing device is operated in the supervisor mode, What is necessary is just to rewrite a branch destination table.

Further, in the above-described embodiment, the case has been described where the encrypted plaintext data is decrypted in the RAM of the main storage device 6 at a time.
Not limited to this, the encrypted plaintext data is converted to CRT2
May be decrypted in the RAM of the main storage device 6. In this connection, for example, the plaintext data may be displayed only once on the CRT 2, and the plaintext data related to the once displayed portion may be deleted from the main storage device 6 and the auxiliary storage device 7. It may be. Practically, data for identifying the confidential level is added to the encrypted data in advance, and the data conversion device appropriately changes the display mode or the like according to the confidential level. It is preferable to configure as follows.

With such a configuration, the more secure the encrypted data, the more securely the contents can be protected. Further, in the above-described embodiment, when executing the task controller 11 in the arithmetic processing unit 5 or executing the processing shown in the flowchart of FIG.
A case has been described in which a program stored in advance in M is executed. However, the present invention is not limited to this. The program is read from a recording medium on which a program indicating these procedures is recorded into the RAM of the main storage device 6 and executed. You may make it. Here, the recording medium is RAM, RO
Any recording medium such as M, FD, compact disk, hard disk or magneto-optical disk, which can be read by a computer regardless of a recording method such as electronic, magnetic, optical, etc. It refers to a recording medium.

Further, in the above embodiment, the task controller 11 executed by the arithmetic processing unit 5 or
Although the processing shown in the flowchart of FIG. 4 executed by the task controller 11 has been described in the case of being configured by software, the processing is replaced with electronic circuits such as a comparison circuit, an arithmetic circuit, and a logic circuit. You may.

In the above embodiment, steps S2 and S5 correspond to the decrypting means of claim 1, step S4 corresponds to the branch table rewriting means of claim 1, 3 or 4, and step S8. Corresponds to the plaintext data deleting means according to claim 2, steps S3, S4 and S9 correspond to the branch table rewriting means according to claim 2, and steps S21 and S22 correspond to the task branching means according to claim 3. It corresponds to.

[0063]

As described above, according to the data conversion apparatus of the present invention, in a computer having an operating system that executes a plurality of tasks in parallel, decrypted plaintext data is obtained from another task. It is possible to effectively prevent plaintext data created by the creator from being used for purposes other than display, and protect the creator's interests more than before. The effect is obtained. Furthermore, the reliability of the plaintext data can be further improved as compared with the related art, and the advantage that the benefit of the user using the plaintext data can be protected.

Further, according to the data conversion device of the second aspect of the present invention, while plain data is present in the main storage device, it is more certain that the plain data is obtained from another task. Not only can prevent
Even if the execution of the present task is completed, it is possible to obtain an effect that a part or the whole of the plaintext data can be prevented from being acquired from another task executed thereafter.
Further, during the period other than the time when the decrypted plaintext data exists in the main storage device, there is obtained an effect that the execution of other tasks is not affected at all.

Further, according to the data conversion apparatus of the third aspect of the present invention, while the branch destination table is being rewritten, another task issues a request to input / output data to / from a peripheral device. However, there is an effect that the request can be prohibited from being executed by the operating system.

Further, according to the data conversion device of the fourth aspect of the present invention, a part of the decrypted plaintext data or a part of the decrypted plaintext data is not affected without affecting processes other than the process of managing the input / output operation of the peripheral device. There is also obtained an effect that it is possible to prevent all of the information from being acquired from another task.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an embodiment.

FIG. 2 is a block diagram illustrating a first configuration of a task controller.

FIG. 3 is a block diagram illustrating a second configuration of the task controller.

FIG. 4 is a flowchart for displaying the contents of encrypted data.

FIG. 5 is a block diagram showing states before and after rewriting of a branch destination table.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Computer 2 CRT 3 Printing device 4 Line control device 5 Arithmetic processing device 6 Main storage device 7 Auxiliary storage device 8 Keyboard 9 Interface section 10 CRT control device 11 Task controller

Claims (4)

[Claims] 1. A main storage device, an auxiliary storage device, and an operating system that executes a plurality of tasks in parallel based on a branch table in which a branch destination of a process required to execute a task is registered, A data conversion device that reads encrypted data stored in the auxiliary storage device into the main storage device and decrypts the encrypted data; a decryption unit that decrypts the encrypted data in the main storage device; Branch table rewriting means for rewriting a branch destination registered in the branch table so as to limit execution of the other task while the plaintext data decrypted by the means exists in the main storage device. A data conversion device comprising: 2. The apparatus according to claim 1, further comprising a plaintext data erasing unit for erasing the plaintext data from the main storage device, wherein the branch table rewriting unit performs the branching in accordance with the decryption unit decoding the plaintext data. 2. The data according to claim 1, wherein the branch destination registered in the table is rewritten, and the branch destination of the branch table is returned to the original one in accordance with the deletion of the plaintext data by the plaintext data deleting means. Conversion device. 3. A task branching means for branching a request from the other task branched based on the branch table to the other task as it is, wherein the branch table rewriting means is configured to be registered in the branch table. 3. The data conversion device according to claim 1, wherein the branch destination is rewritten to an address of the task branching unit. 4. A branch table in which a branch destination of input / output control processing for managing input / output operations of peripheral devices including the main storage device and the auxiliary storage device is registered. 4. The data conversion device according to claim 1, wherein a branch destination of the input / output control processing is rewritten among branch destinations registered in the branch table.