JPH11272563A - Security system for information processor and security method in information processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a security system for an information processor which enables danger prevention against password's being decoded when only a portable information appliance is lost by connecting a storage device which records an enciphered password as an authentication key only at the time of use without storing authentication information on the information processor. SOLUTION: A storage device such as an IC card connectable to a portable information appliance 10 stores authentication information for authenticating a user of the portable information appliance 10 and its related information. The portable information appliance 10 does not store the authentication information. When a user uses the portable information appliance 10, the storage device is connected to the portable information appliance 10, a password a user inputs is compared with the authentication information of the connected storage device and authentication of the user is performed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security system for an information processing apparatus and a security method thereof,
Mobile computers, portable computers,
PDA (Personal Digital Assist)
The present invention relates to a security system of an information processing device effective for a portable information processing device such as an information processing device (e.g.

[0002]

2. Description of the Related Art In recent years, information processing apparatuses, particularly, for example, portable information devices have been improved in portability, so that the risk of loss or removal by third parties has increased, and the risk of analysis by malicious persons has increased. ing. In conventional password authentication, since authentication information is stored in a storage device, even an encrypted password may be decrypted.

[0003] In addition, prices are often set lower than non-portable computers, and due to the nature of portable information equipment,
There are limits on costs for authentication and confidentiality.

[0004]

The information processing apparatus has the above-mentioned problems, and in particular, decrypts a password and analyzes a program without recording authentication information such as an encrypted password in a portable information device main body. To make it difficult or impossible. It has also been desired to avoid an increase in hardware cost and a decrease in performance.

Therefore, the present invention has been made in view of the above circumstances, and solves the above-mentioned disadvantages, and records an encrypted password as an authentication key only at the time of use without storing authentication information in an information processing apparatus. It is an object of the present invention to provide a security system for an information processing apparatus and a security method in the information processing apparatus, which can reduce a risk of decrypting a password when only the information processing apparatus is lost by connecting a storage device. Aim.

[0006]

SUMMARY OF THE INVENTION In order to achieve the above object, the present invention relates to a security system for an information processing apparatus, particularly to a security system for a portable information device. In the security system of the information processing apparatus including the information processing apparatus storing the authentication information such as an encrypted password at the time of performing the operation and the separable storage device, the information processing apparatus includes the storage device and the storage device. Storage device interface means for connecting to an information processing apparatus and reading information stored in the storage device; decryption means for decrypting authentication information such as an encrypted password read from the storage device interface means; Authentication information such as a password and the pass entered when starting up the information processing device Authentication means for determining whether or not the authentication information such as a password matches the authentication information. The authentication means determines that the authentication information such as the decrypted password does not match the authentication information such as the input password. In the case where the authentication information is stored or the authentication information is not stored in the storage device, the startup process of the information processing apparatus is interrupted or stopped.

According to this configuration, the information relating to the authentication of the user is not stored in the information processing apparatus, but the authentication information which is the encrypted password of the user is stored in a storage device separate from the main body. Using this storage device as an authentication key of the information processing apparatus, authentication is performed by comparing a password input by the user with information on the authentication key. If the password does not match or the key is not present in the storage device, the information processing apparatus is used. Suspends or stops the startup process.
Thus, even if the information processing apparatus is lost or stolen, it becomes difficult or impossible for a third party to decrypt the password of the information processing apparatus or to illegally use the program by analyzing the program, which can be used to maintain confidentiality. .

If the authentication information does not exist in the main body of the information processing apparatus, there is a danger that the authentication will be illegally cleared by forging the authentication key. In addition to this configuration, there is a risk associated with the password for authenticating the user. This can be dealt with by changing the instruction of the specific part in the program on the information processing device to an instruction or the like for branching to the power cutoff execution unit.

In addition to the above configuration, a host computer for transferring a program to the information processing apparatus and generating an authentication key is provided. Information about the command is stored in a format that can be read only by a specific administrator of the host computer. As a result, only the original user and a specific administrator can use the information processing device.
A user who does not have administrator authority can create an authentication key for the information processing device used by him, but the information processing device of another user cannot be restored to the original instruction because the changed part of the program cannot be restored to the original instruction. Use can be prevented.

[0010]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to the drawings.

(First Embodiment) Hereinafter, a first embodiment of the present invention will be described.
Will be described with reference to the drawings.

The configuration of the first embodiment of the present invention will be described with reference to FIGS.

FIG. 1 is a block diagram of a portable information device 10 as an information processing apparatus, and shows a configuration necessary for describing the present embodiment, and other components are omitted.

FIG. 2 shows a storage device 20 such as an IC card which can be connected to the portable information device 10. An authentication key storage section 21 in the storage device 20 authenticates a user of the portable information device 10. Authentication information and its related information are stored.

The portable information device 10 does not store authentication information. When the user uses the portable information device 10, it is necessary to connect the storage device 20 to the portable information device 10. The portable information device 10 compares the password input by the user with the authentication information in the authentication key storage unit 21 of the connected storage device 20 to authenticate the user. Details will be described later.

Next, each configuration of FIG. 1 will be described.

The CPU 11 performs control processing of each component of the portable information device 10 according to a program stored in the memory 12.

The memory 12 stores programs, data, and the like necessary for controlling the portable information device 10.

The encryption unit 13 encrypts authentication information necessary for authenticating a user such as a password and information related thereto based on a predetermined encryption algorithm.

The decryption section 14 decrypts the encrypted information based on a predetermined encryption algorithm. For example, authentication information necessary for authenticating a user such as a password encrypted by the encryption unit 13 and information related thereto are decrypted.

The authentication unit 15 compares authentication information such as a password input by a user with authentication information stored in an authentication key storage unit 21 in a storage device 20 connected to the portable information device 10, Authenticate.

The storage device interface 16 is an interface for connecting the storage device 20, and transfers data between the storage device 20 and each component of the portable information device 10. Storage device interface 16
Performs reading of data stored in the storage device 20 or writing of data to the storage device 20. The power management unit 17 manages power supply to each component of the portable information device.

The bus 18 transfers data between components.

As described above, there is no authentication information such as an encrypted password on the main body of the portable information device 10, and the storage device 2 such as an easily connectable IC card can be used.
The authentication information is stored on 0.

If the authentication information is not stored in the main body of the portable information device 10, there is a risk that the authentication key is forged by a third party (a person who is not a valid user) who has obtained the portable information device 10 by some method. However, this problem is dealt with by changing a part of the program in the memory 12 of the portable information device 10 in advance.

Referring to FIG. 3, a method of coping with the change of the program will be described. FIG. 3A shows the original program, which is stored in the memory 12. In this program, "address A: instruction X" and "address B: instruction Y"
Taking one address as an example, instructions X and Y are executed at these addresses, respectively. FIG. 3B is an example in which the program is changed so that the portable information device 10 cannot be used due to forgery of the authentication key. here,
Taking the above two addresses of “address A: instruction X” and “address B: instruction Y” as an example, instructions corresponding to these two addresses are “address A: JMP C”,
"Address B: JMP C" is changed. "JMP
“C” means jumping to the address C, and a program for turning off the power of the portable information device 10 is arranged at the address C. That is, the CPU 11 performs the operation shown in FIG.
Is executed and the instructions at the addresses A and B are executed, the power supply of the portable information device 10 is shut off. The instruction corresponding to the address C may be any instruction as long as it is an instruction for preventing normal execution such as power-off (an instruction for interrupting or stopping the start-up process so as not to start up).

The authentication key storage unit 21 of the storage device 20 stores the encrypted password and the encrypted information of the correct command before the change (the command for executing the start-up process. In this example, the addresses A and B and the Are stored in advance.

An authorized user connects the storage device 20 to the portable information device 10 and inputs a password. After the authentication unit 15 authenticates the password, the decryption unit 14
The addresses A and B, which are the information of the encrypted correct instructions before the change, are combined with the corresponding instructions X and Y. CP
U11 changes the program in the memory 12 to the original program based on the decrypted information. This allows
A legitimate user can rewrite the changed program to the original program and normally execute the startup process.

An authentication processing procedure using the changed program will be described below.

The procedure of the authentication process prior to using the portable information device 10 will be described with reference to the flowchart of FIG. 5 shows a processing procedure when the use of the portable information device 10 is terminated. First, an authentication processing procedure prior to use will be described with reference to a flowchart of FIG. After turning on the power of the portable information device 10 (step A1), the user connects the storage device 20 to the storage device interface 1
Connect to 6. The authentication unit 15 determines whether an authentication key as authentication information exists in the authentication key storage unit 21 of the storage device 20 (Step A2). If the authentication key does not exist (No in step A2), the program is not rewritten to the original program in FIG. Therefore, the CPU 11 stops (cuts off) the power supply corresponding to the address C in order to execute the changed program of FIG.
The process (step A7) is performed, the power of the portable information device 10 is stopped (cut off), and the process ends. On the other hand, if the authentication key exists (Yes in step A2), the user is prompted to input an authentication password by a display device (not shown) or the like (step A3).

The encrypted authentication information stored in the authentication key storage unit 21 is decrypted by the decryption unit 14.
When the user inputs a password using an input device (not shown), the authentication unit 15 determines whether the password input by the user matches the decrypted authentication information (step A4). If they do not match (step A4
No), the program is not rewritten to the original program of FIG. Therefore, the CPU 11
In order to execute the changed program of (b), a power stop process (step A7) corresponding to the address C is performed,
The power supply of the portable information device 10 is stopped (cut off), and the process ends. If they match (Yes in step A4), the decryption unit 14 stores the addresses A and B, which are the information of the encrypted correct instruction before change stored in the authentication key storage unit 21, and the corresponding instruction X, Y, and the CPU 11 rewrites the instruction of the changed program in FIG. 3B to the original instruction based on the decoded program information (step A).
5). The CPU 11 starts executing a normal process based on the program rewritten into the original program (step A6).

Next, a processing procedure for ending the use of the portable information device 10 will be described with reference to the flowchart of FIG.

When the user terminates the use of the portable information device 10 by, for example, ending the program on the portable information device 10 (step B1), upon receiving the notice of the termination, C
The PU 11 returns the instruction in the program which has been rewritten to the original instruction on the memory 12 to the instruction before authentication (step B2), and stops (interrupts) the power supply (step B3). In this manner, by associating the execution of the instructions in the program with the authentication password of the user, unauthorized use can be prevented even if the password encryption algorithm is known and the authentication key is forged. In addition, as an example of processing when the use of the portable information device 10 is terminated, the portable information device 1 is used.
0, when the storage device 20 is removed without going through the original termination processing, the CPU 11 recognizes this and deletes a part or all of the program used for the above-mentioned startup processing. May not be performed normally. If a part or all of the program used for the start-up process has been erased, a display indicating that the device cannot be used is displayed on a display unit such as a display of the portable information device 10 or an LED during the next start-up process, The user may be notified of the impossibility.

Further, as another application example of the first embodiment, the memory 12 may be a memory that requires a battery backup. As a result, after a certain period of time due to loss or the like, the program for performing the start-up process is erased, and use by an unauthorized user is prevented. In this case, if the legitimate user wants to transfer the program stored in the memory 12 to another memory that does not require a battery backup in order to prevent the program on the memory from being erased, for example, when replacing the battery, If the decrypted authentication information such as a password matches the input authentication information such as a password and the user is authenticated with a valid user, the transfer is enabled.

(Second Embodiment) A second embodiment according to the present invention will be described with reference to FIG. The block diagram of the host computer 60 shows a configuration necessary for the description of the present embodiment, and other configurations are omitted.

In this embodiment, the host computer 60 transfers the changed program shown in FIG. 3B to the portable information device 10 and creates an authentication key. It is assumed that the portable information device 10 as the information processing apparatus has the elements / functions described in the first embodiment and has a communication unit (not shown), and the communication unit such as the LAN 70 uses the communication unit. It is assumed that data is transmitted to and received from the host computer 60 by connecting to a network. Further, the same portions and the same functions as those in the first embodiment are denoted by the same reference numerals, and description thereof is omitted. The description of this embodiment will be made with reference to the drawings described in the first embodiment.

The components of the host computer 60 will be described below.

The CPU 61 controls each component of the host computer 60.

The memory 62 stores programs executed by the CPU 61 and data.

The authentication section 63 authenticates a user who uses the host computer 60 with a password or the like. Also, LA
Authentication of the user of the portable information device 10 connected to the N70 and accessing the host computer 60 is also performed as necessary.

The encryption section 64 encrypts authentication information necessary for authenticating a user, such as a password, and related information based on a predetermined encryption algorithm.

The decrypting section 65 decrypts the encrypted information based on a predetermined encryption algorithm. For example, authentication information necessary for authenticating a user such as a password encrypted by the encryption unit 64 and information related thereto are decrypted.

The authentication key creation unit 66 is used for the portable information device 10
Create an authentication key when using. A method of storing the created authentication key in the storage device 20 will be described later.

The storage device interface 67 is an interface for connecting the storage device 20, and transfers data between the storage device 20 and each component of the host computer 60. Then, the storage device interface 16 reads data stored in the storage device 20 or writes data in the storage device 20.

The communication section 68 transmits and receives data to and from the portable information device 10 via the LAN 70.

A method of creating an authentication key when the program of the portable information device 10 described in the first embodiment is changed in advance to an instruction to interrupt or stop the start-up process will be described. In this case, as described above, the encrypted password and the information of the correct command before the change are stored in the storage device 20. Examples of a method of storing the created authentication key in the storage device 20 include a method using the storage device interface 67 of the host computer 60 and a method using the storage device interface 16 of the portable information device 10.

An example of a method using the storage device interface 67 of the host computer 60 will be described. A user of the portable information device 10 or a specific administrator who issues an authentication key inputs a password of the user for using the portable information device 10 through an input unit (not shown) of the host computer 60. The encryption unit 64 of the host computer 60 encrypts the password and the information of the correct command before the change, and the storage device interface 65 stores the encrypted password and the information of the correct command before the change in the authentication key storage unit of the storage device 20. 21. The storage of the program changed to the instruction to interrupt or stop the start-up process may be stored in the portable information device 10 in advance.

The original program is stored in the portable information device 1.
After the authentication key is set, the storage device 20 is connected and the portable information device 10 is started up, and when the use is terminated, the program is executed as in the process described with reference to FIG. The instruction may be changed to an instruction to interrupt or stop the startup processing. After the authentication key is set, the portable information device 10 may be connected to the LAN 70 to access the host computer 60, and the program may be transferred to a command for interrupting or stopping the startup process. In this case, before the transfer of the changed program, the original program is stored in the portable information device 10 so as to start up, and then the changed program is transferred from the host computer 60 to the portable information device 10.

Next, an example of a method using the storage device interface 16 of the portable information device 10 will be described.

When the user first starts up and sets the program by the program stored in the memory 12, the portable information device 10 is set to start up even if there is no authentication key in the storage device 20. When the authentication key is set, the above program is changed to a program that has been changed to an instruction to interrupt or cancel the startup process. After that, if there is no authentication key, the startup process is interrupted or stopped so that it does not start. . Also, for example,
When there is no need to set an authentication key, for example, when there is no important information in the portable information device 10, it is always necessary to start up without the authentication key, and after the authentication key is set, the program is changed to the above-mentioned changed program and the authentication key is changed. Otherwise, the start-up process may be interrupted or stopped to prevent the start-up.

The changed program (a program changed to an instruction to interrupt or stop the start-up process) may be transferred from the host computer 60 to the portable information device 10 and written into the memory 12 when the authentication key is set. Also,
The changed program may be prepared on the portable information device 10 in advance, and the program on the memory 12 may be changed from the originally correct program after setting the authentication key.

When setting the authentication key, the user of the portable information device 10 first connects to the LAN 70,
Access 0. The above-mentioned user is set in the host computer 60 in advance.
It is assumed that user registration for accessing is performed. The user operates the portable information device 10 through an input unit (not shown).
The host computer 60 enters the password from the authentication unit 6
3, the user is authenticated based on the password. After the user is successfully authenticated, an authentication key is created by the authentication key creation unit 66 based on the password input by the user of the portable information device 10 for starting up the portable information device 10 and information on a correct command before the change. Host computer 6
0 indicates that the communication unit 68 encrypts the password and the information of the correct command before the change by the encryption unit 64, and the portable information device 1
Transfer to 0. The portable information device 10 stores the password as the authentication key and the information of the correct command before the change in the authentication key storage unit 21 of the storage device 20 by the storage device interface 16.

If the address and type of the changed command can be accessed only by a specific administrator on the host computer 60 using a password or the like, the transfer and authentication of these changed programs are performed by the host computer 60 as described above. When the key is created, the specific administrator can use the portable information device 10 together with the original user with the information of the arbitrary authentication password and the change command.

[0054]

As described above in detail, according to the present invention, a storage device which records an encrypted password as an authentication key only at the time of use without connecting the authentication information to the information processing apparatus is connected. When only the information processing device is lost, the risk of decrypting the password can be eliminated. In addition, the fact that the authentication information does not exist on the information processing apparatus may cause a person who knows the password encryption algorithm to forge the authentication key and use it improperly.
If the instructions in the program are changed so that the password entered at the time of authentication can be decrypted as a key, even if the authentication key is forged and the password verification succeeds, the instruction has been changed, and unauthorized use will be possible. Can be blocked.
Changing the command in this way in relation to the password,
In other words, encrypting the command with a password,
It makes it very difficult for others to restore the original instructions, and does not increase cost because it essentially does not require hardware. Also, in terms of performance, the original instruction is changed at the time of authentication prior to use, so that execution performance does not deteriorate. Furthermore, the modified program also makes it difficult to analyze by disassembling or the like.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a portable information device according to a first embodiment of the present invention.

FIG. 2 is an exemplary block diagram showing the configuration of a storage device according to the embodiment;

FIG. 3 is an exemplary view showing an example of an original program at the start of use of the portable information device according to the embodiment and an example of a modified program thereof.

FIG. 4 is an exemplary flowchart showing an authentication processing operation at the start of use of the portable information device according to the embodiment;

FIG. 5 is an exemplary flowchart showing a processing operation at the end of use of the portable information device according to the embodiment;

FIG. 6 is a block diagram showing a configuration of a host computer and a portable information device according to a second embodiment of the present invention.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 ... Portable information equipment 11 ... CPU 12 ... Memory 13 ... Encryption part 14 ... Decryption part 15 ... Authentication part 16 ... Storage device interface 17 ... Power supply management part 20 ... Storage device 21 ... Authentication key storage part 60 ... Host computer 61 ... CPU 62 ... memory 63 ... authentication unit 64 ... encryption unit 65 ... decryption unit 66 ... authentication key creation unit 67 ... storage device interface 68 ... communication unit 69 ... bus 70 ... LAN

Claims (18)

[Claims] 1. An information processing apparatus comprising: an information processing apparatus; and a storage device separable from the information processing apparatus storing authentication information such as an encrypted password when the information processing apparatus is started up and used. In the device security system, the information processing device connects the storage device to the information processing device and reads information stored in the storage device; and storage device interface means for reading information stored in the storage device. Decryption means for decrypting the encrypted authentication information such as a password; and determining whether the decrypted authentication information such as the password matches the authentication information such as the password input when the information processing apparatus is started. Authentication means for judging, and the authentication means inputs authentication information such as the decrypted password and the input Information processing characterized by interrupting or stopping the start-up processing of the information processing device when it is determined that the authentication information does not match the authentication information such as a password, or when the authentication information is not stored in the storage device. Equipment security system. 2. The security system for an information processing device according to claim 1, wherein interrupting or stopping the startup process of the information processing device is a power-off process of the information processing. 3. An information processing apparatus comprising: an information processing apparatus; and a storage device separable from the information processing apparatus storing authentication information such as an encrypted password when the information processing apparatus is started up and used. In the device security system, the information processing device includes a memory that stores program information used for a start-up process of the information processing device, and connects the storage device to the information processing device and stores the information in the storage device. Storage device interface means for reading the decrypted information, decryption means for decrypting encrypted authentication information such as a password read from the storage device interface means, and authentication information such as the decrypted password and an information processing apparatus. Authentication to determine whether the password and other authentication information entered when starting up match A step is provided, and an arbitrary address of the program information and an instruction corresponding to this address are changed to a correct instruction for starting up the portable information device, and are previously changed to an instruction for interrupting or stopping the start-up process of the portable information device. In the storage device, an address at which the instruction of the program information is changed and an instruction corresponding to the changed address are encrypted and stored as a correct instruction for starting the portable information device, and the decrypted password or the like is stored. When the authentication information of the memory and the input authentication information such as the password match, the changed instruction of the program of the memory is changed to the correct instruction stored in the storage device combined by the decryption means. Security system for information processing equipment. 4. The security system for an information processing apparatus according to claim 3, wherein the instruction to interrupt or stop the startup processing of the information processing apparatus is an instruction to shut off a power supply of the information processing apparatus. 5. When the use of the information processing apparatus is terminated after the information processing apparatus is normally started, an instruction at an address of the program on the memory which has been changed to the correct instruction is changed to the correct instruction, and the information processing apparatus is started. 5. The security system for an information processing apparatus according to claim 3, wherein the instruction is changed to an instruction to interrupt or stop processing. 6. The memory according to claim 1, wherein the memory requires a battery backup, and another memory that does not require a battery backup when the decrypted authentication information such as a password matches the input authentication information such as a password. A program incorporating an instruction for suspending or stopping the start-up processing of the information processing device stored in the memory, the program can be transferred, and the program is erased after a certain period of time due to loss or the like. 6. The security system for an information processing device according to claim 3, or claim 4. 7. When the information processing apparatus is used and the storage device is removed without going through an original termination process, a part or all of the program used for the start-up process is erased, and the next start-up process is performed normally. 7. A security system for an information processing apparatus according to claim 3, wherein said security system cannot be executed in any of the above-mentioned manners. 8. The information processing apparatus according to claim 7, wherein when a part or all of the program used for the start-up processing has been erased, the start-up display means displays a display indicating that the program cannot be used. Equipment security system. 9. An information processing apparatus, a storage device separable from the information processing apparatus for storing authentication information such as an encrypted password when the information processing apparatus is started up and used, and the information processing apparatus In a security system for an information processing apparatus having a host computer connected to a communication network for creating and transferring the authentication information, the information processing apparatus includes a memory for storing program information used for a startup process of the information processing apparatus. A storage device interface unit that connects the storage device and the information processing device and reads information stored in the storage device; and decrypts encrypted authentication information such as an encrypted password read from the storage device interface unit. The decryption means, the decrypted authentication information such as the password and the information processing device are started up. Authentication means for determining whether or not authentication information such as a password entered at the time of authentication is the same, and communication means for transmitting and receiving information via the host computer and the communication network, wherein the host computer comprises: Authentication information creating means for creating the authentication information such as the password, encryption means for encrypting the created authentication information such as the password or other information, and storing the encrypted created authentication information such as the password. Storage means, and communication means for transmitting and receiving information via the information processing apparatus and the communication network, wherein the host computer comprises: an authentication information such as the encrypted created password; an arbitrary address of the program information; Change the instruction corresponding to this address to the correct instruction to start the information processing device, and suspend or stop the start-up process of the information processing device The information processing apparatus transmits the program changed to the instruction to the information processing apparatus, and the information processing apparatus transmits the encrypted authentication information such as an encrypted password transmitted from the host computer to the storage device by the storage device interface means. The changed address of the program information command and the changed command corresponding to this address are encrypted and stored as a correct command to start the information processing apparatus, and the changed memory transmitted from the host computer is stored in the memory. When the authentication information such as the decrypted password matches the input authentication information such as the password after the authentication information such as the password is generated, the changed instruction of the program information in the memory is issued. Change to the correct instruction stored in the storage device compounded by the decoding means Security system of the information processing apparatus characterized by. 10. An information processing apparatus comprising: an information processing apparatus; and a storage device separable from the information processing apparatus storing authentication information such as an encrypted password when the information processing apparatus is started up and used. In the apparatus, the information processing apparatus connects the storage device to the information processing apparatus, and reads information stored in the storage device. The storage device interface means, and the encrypted information read from the storage device interface means Decrypting means for decrypting authentication information such as a password, and determining whether or not the decrypted authentication information such as a password matches the authentication information such as a password input when the information processing apparatus is started. It is determined that the authentication information such as the decrypted password does not match the input authentication information such as the password. In security method in an information processing apparatus characterized by case or authentication information in the storage device and to interrupt or abort the start-up process of the information processing apparatus when not stored. 11. The security method according to claim 10, wherein interrupting or stopping the start-up processing of the information processing apparatus is power-off processing of the information processing. 12. An information processing apparatus comprising: an information processing apparatus; and a storage device separable from the information processing apparatus storing authentication information such as an encrypted password when the information processing apparatus is started up and used. In the apparatus, the information processing apparatus includes: a memory for storing program information used for a start-up process of the information processing apparatus; and information stored in the storage device by connecting the storage device and the information processing apparatus. Storage device interface means for reading the program information; and decryption means for decrypting encrypted authentication information such as a password read from the storage device interface means. An arbitrary address of the program information and a command corresponding to this address are provided. Interrupt the start-up process of the information processing device by changing The instruction to be stopped is changed in advance, and in the storage device, the address at which the instruction of the program is changed and the instruction changed corresponding to this address are encrypted and stored as a correct instruction to start up the information processing apparatus. It is determined whether the decrypted authentication information such as the password matches the authentication information such as the password input when the information processing apparatus is started, and determines whether the decrypted authentication information such as the password matches the input information. When the authentication information such as a password or the like matches, the changed instruction of the program in the memory is changed to a correct instruction stored in the storage device combined by the decryption means. Security method. 13. The security in an information processing apparatus according to claim 12, wherein the instruction to interrupt or stop the startup processing of the information processing apparatus is an instruction to shut off a power supply of the information processing apparatus. Method. 14. When the use of the information processing apparatus is completed after the information processing apparatus has normally started up, the instruction of the address changed to the correct instruction in the program information on the memory is changed to the correct instruction to start the portable information device. 14. The security method in the information processing apparatus according to claim 12, wherein the command is changed to an instruction to interrupt or cancel the raising process. 15. The above-mentioned memory is a memory that requires a battery backup, and another memory that does not require a battery backup when the decrypted authentication information such as a password matches the inputted authentication information such as a password. A program incorporating an instruction for suspending or stopping the start-up processing of the information processing device stored in the memory, the program can be transferred, and the program is erased after a certain period of time due to loss or the like. A security method in the information processing apparatus according to claim 12, 13, or 14. 16. When the information processing apparatus is used and the storage device is removed without going through an original termination process, a part or all of a program used for the start-up process is erased and the next start-up process is performed normally. 16. The security method in an information processing apparatus according to claim 12, wherein the security method cannot be performed. 17. The information processing apparatus according to claim 16, wherein when a part or all of the program used for the start-up processing has been deleted, a display indicating that the program cannot be used is displayed on the start-up display means. Security method for the device. 18. An information processing apparatus, a storage device separable from the information processing apparatus for storing authentication information such as an encrypted password when the information processing apparatus is started up and used, and the information processing apparatus. In a security system for an information processing apparatus having a host computer connected to a communication network for creating and transferring the authentication information, the information processing apparatus includes a memory for storing program information used for a startup process of the information processing apparatus. And storage device interface means for connecting the storage device and the information processing apparatus and reading information stored in the storage device, and authentication information such as an encrypted password read from the storage device interface means. And decrypt the authentication information such as the password and start up the information processing device. It is determined whether or not the authentication information such as the password input to the host computer matches, and information is transmitted and received through the communication network with the host computer.The host computer creates the authentication information such as the password. The created authentication information such as a password or other information is encrypted, the encrypted authentication information such as a created password is stored, and information is transmitted / received to / from the information processing apparatus via the communication network. The host computer starts up the information processing device by changing the encrypted authentication information such as the password and the arbitrary address of the program information and a command corresponding to this address to a correct command for starting up the information processing device. A program changed to an instruction to interrupt or stop processing is transmitted to the information processing apparatus, and the information processing apparatus The storage device interface means sends the storage device to the storage device the authentication information such as an encrypted password transmitted from the host computer, the address at which the instruction of the program information has been changed, and the instruction at which the instruction has been changed corresponding to the address. Encrypted and stored in a correct instruction for the processing device to start up, the memory stores the changed program information transmitted from the host computer, and creates the decrypted password after creating authentication information such as a password. When the authentication information such as the password and the input authentication information such as the password match, the instruction in which the program information of the memory is changed is changed to the correct instruction stored in the storage device combined by the decryption means. A security method in an information processing apparatus characterized by the following.