WO2009113376A1 - Os start propriety judgment device, os start propriety judgment system, os start propriety judgment method, and os start propriety judgment program - Google Patents

Os start propriety judgment device, os start propriety judgment system, os start propriety judgment method, and os start propriety judgment program Download PDF

Info

Publication number
WO2009113376A1
WO2009113376A1 PCT/JP2009/053018 JP2009053018W WO2009113376A1 WO 2009113376 A1 WO2009113376 A1 WO 2009113376A1 JP 2009053018 W JP2009053018 W JP 2009053018W WO 2009113376 A1 WO2009113376 A1 WO 2009113376A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
unit
normal
normality
activation
Prior art date
Application number
PCT/JP2009/053018
Other languages
French (fr)
Japanese (ja)
Inventor
駿太郎 永井
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2009113376A1 publication Critical patent/WO2009113376A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Definitions

  • the present invention relates to an OS activation availability determination device, an OS activation availability determination system, an OS activation availability determination method, and an OS activation availability determination program that determine whether an OS can be activated.
  • Japanese Patent Application Laid-Open No. 10-333902 discloses a technique for preventing activation of a device when tampering with an application is detected.
  • the system described in Japanese Patent Application Laid-Open No. 10-333902 reads an inspected file list at the time of startup, and compares the correct application information with the actual application information to thereby determine the application described in the inspected file list. Is verifying the completeness. If the file is not altered as a result of the inspection, the OS is activated. This makes it possible to check for file tampering before the OS is started.
  • Japanese Patent Laid-Open No. 10-333902 is composed of a single device, and all information used in the device is stored in the same device. Therefore, there is a risk that the device is stolen and used in another place, or the inside of the device is analyzed and information such as an application used in the device is leaked.
  • the device that stores the application is another device. In other words, no consideration is given to a case where connection to the device storing the application is not possible. Furthermore, since the inspected file list and the correct application information are stored in a non-rewritable area, it is difficult to update the file.
  • the present invention can prevent leakage of application information and can prevent an OS from starting even when an application cannot be properly connected to an apparatus that stores an application, an OS startability determination system, an OS startability determination system, and an OS startability determination It is an object to provide a method and an OS bootability determination program.
  • an OS bootability determination device provides: Application acquisition means for acquiring an application stored in the external device from the external device; When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application; Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance; OS booting means for booting the OS when it is determined that the application is normal based on the result of the matching performed by the matching means.
  • an OS activation availability determination system includes an external device that stores an application, and an OS activation availability determination device that activates the OS according to the normality of the application stored in the external device
  • the OS activation availability determination device includes: Application acquisition means for acquiring an application stored in the external device from the external device; When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application; Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance; OS booting means for booting the OS when it is determined that the application is normal based on the result of the matching performed by the matching means.
  • the OS bootability determination method includes: Obtaining an application stored in the external device from the external device; and When the application is acquired by normally connecting to the external device in the application acquisition step, a measurement step of measuring the normality of the application before starting the OS that operates the application; A collation step of collating the normality of the application measured in the measurement step with information indicating a normal application stored in advance; An OS activation step of activating the OS when it is determined that the application is normal based on the result of the collation in the collation step.
  • an OS bootability determination program is stored in a computer.
  • An application acquisition function for acquiring an application stored in the external device from the external device;
  • a measurement function for measuring the normality of the application before starting the OS for operating the application when the application is acquired by normally connecting to the external device with the application acquisition function;
  • a collation function for collating normality of the application measured by the measurement function with information indicating a normal application stored in advance;
  • An OS activation function for activating the OS when the application is determined to be normal based on the result of collation by the collation function.
  • a preferable aspect of the OS activation feasibility determination system includes, for example, a device that acquires an application used by the device from an external device at the time of activation and verifies the integrity of the acquired application, and activates the OS. It is characterized in that the integrity of the application is verified before, and if the application has been tampered with or damaged, the OS is not started. By adopting such a configuration, the object of the present invention can be achieved.
  • leakage of application information can be prevented, and activation of the OS can be prevented even when connection to a device storing the application is not possible.
  • FIG. 2 is a block diagram which shows the structure of 2nd Embodiment of the OS starting availability determination system of this invention.
  • FIG. 5 is a flowchart for explaining the operation of the OS activation availability determination system shown in FIG. 4.
  • FIG. 7 is a flowchart for explaining an operation of the OS activation permission determination system illustrated in FIG. 6.
  • FIG. 1 is a block diagram showing a minimum configuration example of an OS boot availability determination device according to the present invention.
  • 1 includes an application acquisition unit 105, a measurement unit 121, a collation unit 122, and an OS activation unit 103.
  • the application acquisition unit 105 acquires an application stored in an external device (not shown) from the external device.
  • the measurement unit 121 measures the normality of the application before starting the OS that operates the application when the application acquisition unit 105 normally connects to the external device and acquires the application.
  • the collation unit 122 collates the normality of the application measured by the measurement unit 121 with information indicating a normal application stored in advance.
  • the OS activation unit 103 activates the OS when it is determined that the application is normal based on the result of collation by the collation unit 122.
  • leakage of application information can be prevented, and activation of the OS can be prevented even when connection to the device storing the application is not possible.
  • FIG. 2 is a block diagram showing the configuration of the first embodiment of the OS bootability determination system of the present invention.
  • the OS bootability determination system includes a device (OS bootability determination device) 1 and a device (external device) 2.
  • the device 1 and the device 2 are connected to be communicable via a network, for example.
  • the device 2 is an external device installed outside the device 1, and stores the application unit 21 in a storage unit (not shown).
  • the application unit 21 is realized by application software executed by a CPU mounted on the apparatus 1.
  • the device 1 includes a BIOS unit 10, a storage device 11, a verification device 12, and a volatile storage device 13.
  • the BIOS unit 10 receives the application unit 21 from the device 2 and activates an OS unit 111 (to be described later) according to a result of the verification device 12 verifying the application unit 21. For example, the BIOS unit 10 does not start the OS unit 111 when the connection to the device 2 storing the application unit 21 is not possible or when the BIOS unit 10 is connected to an external device other than the device 2.
  • the BIOS unit 10 includes a verification request unit 101, an OS activation determination unit 102, an OS activation unit 103, and a communication unit 104.
  • the verification request unit 101 outputs a verification request to the verification device 12 when activated by the power source. For example, the verification request unit 101 verifies a verification request for requesting verification of the application unit 21 when the BIOS unit 10 is activated and the application unit 21 is normally connected to the device 2 storing the application unit 21 and received normally. Output to the device 12.
  • the OS activation determination unit 102 determines whether the OS unit 111 can be activated. That is, the OS activation determination unit 102 determines whether or not the application unit 21 is normal based on the result of the verification device 12 verifying the application unit 21.
  • the OS activation unit 103 activates the OS unit 111.
  • the OS activation unit 103 activates the OS unit 111 when the OS activation determination unit 102 determines that the application unit 21 is normal.
  • the communication unit 104 communicates with the device 2.
  • the device 1 receives the application unit 21 from the device 2 via the communication unit 104.
  • the storage device 11 stores an OS unit 111, an application list 112, and a reference value 113 for application verification.
  • the OS unit 111 is realized by basic software executed by a CPU (not shown) installed in the apparatus 1 and executes the application unit 21.
  • the application list 112 is information indicating an application (application unit 21) used by the device 1.
  • the reference value 113 for application verification is a value used when the verification device 12 verifies the application unit 21.
  • the reference value 113 for application verification is a unique value of the application in a state that the administrator of the apparatus 1 determines to be normal. That is, the application verification reference value 113 is information for determining whether or not the application unit 21 is normal, and is information indicating the normal application unit 21.
  • the application verification reference value 113 is realized by, for example, a range of values that can be taken by a normal application, a threshold value, or the like.
  • the verification device 12 includes a measurement unit 121 and a verification unit 122, and verifies whether or not the application unit 21 is normal.
  • the measurement unit 121 measures software-specific values such as an image of software such as an application or OS, a hash value, and a value for examining software damage such as CRC. For example, the measurement unit 121 measures a unique value indicating the normality of the application unit 21.
  • the unique value indicating the normality of the application unit 21 is referred to as “the unique value of the application unit 21”
  • “the unique value indicating the normality of the application unit 21 is measured” is referred to as “the application unit. May be described as “measuring 21 normality”.
  • the collation unit 122 collates the normality of the application unit 21 measured by the measurement unit 121 with the reference value 113 (normality of normal application) for application verification stored in the storage device 11.
  • the volatile storage device 13 is a storage device in which stored information is erased when power supply is cut off.
  • the volatile storage device 13 stores the application unit 21 received from the device 2.
  • FIG. 3 is a flowchart for explaining the operation of the OS bootability determination system shown in FIG.
  • the BIOS unit 10 is activated (step S101).
  • the BIOS unit 10 acquires the application list 112 used by the device 1 (step S102).
  • the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S103).
  • the BIOS unit 10 acquires (receives) the requested application unit 21 from the device 2 and stores it in the volatile storage device 13 (step S104).
  • BIOS unit 10 When the BIOS unit 10 cannot be correctly connected to the device 2 that stores the application unit 21 or is connected to an external device other than the device 2, for example, the BIOS unit 10 turns on the power of the device 1 without starting the OS unit 111. Disconnect.
  • Step S105 when the BIOS unit 10 correctly connects to the device 2 that stores the application unit 21 and receives the application unit 21 normally, the BIOS unit 10 outputs a verification request for requesting verification of the acquired application unit 21 to the verification device 12.
  • the verification device 12 measures a unique value of the application unit 21 (step S106), and acquires a reference value 113 for application verification from the storage device 11 (step S107).
  • the verification device 12 collates the measured unique value of the application unit 21 with the reference value 113 for application verification (step S108).
  • the verification apparatus 12 transmits a collation result to the BIOS part 10 (step S109).
  • the BIOS unit 10 determines whether or not the application unit 21 is normal based on the collation result (step S110).
  • the BIOS unit 10 turns off the power of the device 1 (step S111).
  • the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S112).
  • the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S113).
  • the application used by the apparatus is received from the external apparatus, and the presence / absence of falsification of the application is verified.
  • the application is developed and used on the volatile storage device 13, even if the device (device) is stolen, the application information is deleted when the power of the device 1 is turned off. It is possible to prevent leakage from the apparatus.
  • the leakage of the application information can be prevented even when the internal information of the device is analyzed.
  • FIG. 4 is a block diagram showing the configuration of the second embodiment of the OS boot availability determination system of the present invention.
  • the storage device 11 of the OS activation possibility determination system of this embodiment is provided with a reference value 114 for OS verification that is not provided in the storage device 11 shown in FIG.
  • the reference value 114 for OS verification is a unique value of the OS that is in a state in which the administrator of the apparatus 1 determines that it is normal.
  • FIG. 5 is a flowchart for explaining the operation of the OS activation permission determination system shown in FIG.
  • the BIOS unit 10 is activated (step S201).
  • the BIOS unit 10 acquires the application list 112 used by the device 1 (step S202).
  • the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S203).
  • the BIOS unit 10 acquires (receives) the requested application unit 21 from the device 2 and stores it in the volatile storage device 13 (step S204).
  • the BIOS unit 10 outputs a verification request for requesting verification of the application unit 21 and the OS unit 111 to the verification device 12 (step S205).
  • the verification device 12 measures a unique value of the application unit 21 (step S206), and acquires a reference value 113 for application verification from the storage device 11 (step S207).
  • the verification device 12 collates the measured unique value of the application unit 21 with the reference value 113 for application verification (step S208).
  • step S209 judges whether the application part 21 is normal based on a collation result.
  • the verification unit 12 determines that the application unit 21 is not normal (NO)
  • the verification unit 12 transmits information indicating NG (abnormality) to the BIOS unit 10, and the BIOS unit 10 cuts off the power of the device 1 (step S210).
  • the verification device 12 measures a unique value of the OS unit 111 (step S211), and stores the OS from the storage device 11 The reference value 114 for verification is acquired (step S212).
  • the verification device 12 collates the measured unique value of the OS unit 111 with the reference value 114 for OS verification (step S213).
  • the verification device 12 transmits the verification result (collation result) to the BIOS unit 10 (step S214).
  • the BIOS unit 10 determines whether the OS unit 111 is normal based on the collation result (step S215).
  • BIOS unit 10 determines that the OS unit 111 is not normal (NO)
  • the BIOS unit 10 turns off the power of the device 1 (step S216).
  • the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S217).
  • the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S218).
  • the OS in addition to the case where the application has been tampered with, the OS can be prevented from starting when the OS unit 111 has been tampered with. Since the verification of the OS unit 111 takes time compared with the verification of the application unit 21, the verification of the application unit 21 is performed before the verification of the OS unit 111, so that the OS unit 111 or the application unit 21 is altered. It is possible to efficiently prevent the OS from starting up. This is because if the application has been tampered with, the verification of the application unit 21 can determine whether or not the apparatus can be started without verifying the OS unit 111, which takes time. On the other hand, when the OS has been tampered with, the verification time of the application unit 21 is wasted, but the verification time of the application unit 21 is sufficiently small, and thus the influence is small.
  • FIG. 6 is a block diagram showing the configuration of the third embodiment of the OS boot availability determination system of the present invention.
  • the device 1 of the OS bootability determination system is provided with a security chip 14 that is not provided in the device 1 shown in FIG. 4.
  • the application list 112, the application verification reference value 113, and the OS verification reference value 114 are encrypted using a public key.
  • the security chip 14 stores a secret key for decrypting the encrypted application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification.
  • the device 2 stores update information.
  • the update information is information indicating whether or not the application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification are updated.
  • the device 2 stores update information indicating that the application list 112 is updated, and the updated application list 112.
  • the reference value 113 for application verification and the reference value 114 for OS verification are stored.
  • the updated application list 112, the application verification reference value 113, and the OS verification reference value 114 stored in the apparatus 2 are, for example, previously encrypted using a public key.
  • FIG. 7 is a flowchart for explaining the operation of the OS activation permission determination system shown in FIG.
  • the BIOS unit 10 is activated (step S301).
  • the BIOS unit 10 acquires (receives) update information from the device 2 (step S302), and checks whether the application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification have been updated (step S303). .
  • the BIOS unit 10 updates various information such as the application list 112 and the reference value 113 for application verification (step S304). For example, the BIOS unit 10 receives the encrypted updated information from the device 2 and stores it in the storage device 11.
  • the BIOS unit 10 acquires the application list 112 used by the device 1 and decrypts it using the secret key in the security chip 14 (step S305).
  • the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S306), receives the requested application unit 21 from the device 2, and receives the volatile storage device 13 from the device 2. (Step S307).
  • the BIOS unit 10 outputs a verification request for requesting verification of the application unit 21 and the OS unit 111 to the verification device 12 (step S308).
  • the verification device 12 measures the unique value of the application unit 21 (step S309), acquires the reference value 113 for application verification from the storage device 11, and decrypts it using the key in the security chip 14 (step S310). ).
  • the verification apparatus 12 collates the measured unique value of the application unit 21 with the decrypted reference value 113 for application verification (step S311).
  • the verification device 12 determines whether or not the application unit 21 is normal based on the collation result (step S312).
  • the verification unit 12 determines that the application unit 21 is not normal (NO)
  • the verification unit 12 transmits information indicating NG (abnormality) to the BIOS unit 10, and the BIOS unit 10 turns off the power of the device 1 (step S313).
  • the verification device 12 measures a unique value of the OS unit 111 (step S314) and stores the OS from the storage device 11 The reference value 114 for verification is acquired and decrypted with the key in the security chip 14 (step S315).
  • the verification device 12 collates the measured unique value of the OS unit 111 with the decrypted reference value 114 for OS verification (step S316).
  • the verification device 12 transmits a verification result (collation result) to the BIOS unit 10 (step S317).
  • the BIOS unit 10 determines whether the OS unit 111 is normal based on the collation result (step S318). When the BIOS unit 10 determines that the OS unit 111 is not normal (NO), the BIOS unit 10 turns off the power of the device 1 (step S319).
  • the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S320).
  • the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S321).
  • the reference information used when verifying the application and the OS is encrypted and protected. , Can prevent tampering.
  • in order to update the reference information when verifying the application or the OS it is necessary to directly change it, for example, by rewriting the ROM of the device 1.
  • the administrator of the security chip accesses the device 1 from the device 2 and uses the key in the security chip of the device 1 to update the application information used by the device 1 by remote operation. can do.
  • an OS bootability determination device having a characteristic configuration as shown in the following (1) to (5) is shown.
  • Application acquisition unit (for example, application acquisition unit 105, BIOS unit 10) that acquires an application (for example, realized by the application unit 21) stored in an external device (for example, realized by the device 2) from the external device.
  • the measurement unit for example, measures the normality of the application before starting the OS that operates the application
  • a verification unit for example, realized by the verification unit 122 for verifying the normality of the application measured by the measurement unit and information indicating a normal application stored in advance. Based on the result of verification by the verification unit, the application is determined to be normal. If, OS startup unit starts the OS (e.g., as implemented by the OS startup unit 103) OS startup determination apparatus characterized by comprising a (for example, implemented by the apparatus 1).
  • the measurement unit measures the normality of the OS before starting the OS for operating the application, and the collation unit determines the normality of the OS measured by the measurement unit and the normal OS stored in advance.
  • the OS activation unit determines whether the application is normal and the OS activation unit determines whether the OS is normal when the OS activation unit determines that the application is normal.
  • the OS activation determination device configured as described above can prevent the activation of the OS not only when the application has been tampered with but also when the OS unit has been tampered with.
  • the information indicating the application to be operated on the apparatus, the information indicating the normal application stored in advance, and the information indicating the normal OS stored in advance are encrypted using the encryption key to correspond to the encryption key.
  • An OS activation availability determination device including a security chip (for example, realized by the security chip 14) that stores a decryption key.
  • the OS bootability determination device configured as described above can prevent information in the device from being leaked or tampered with.
  • the OS boot availability determination device that measures the software image or its hash value in order to determine the normality of the application and the OS.
  • the measurement unit is an OS activation availability determination device that measures a value for examining software damage in order to determine the normality of the application and the OS.
  • the processing in the OS bootability determination device is a record that can be read by the OS bootability determination device in addition to the above-described dedicated hardware.
  • the program may be recorded on a medium, and the program recorded on the recording medium may be read and executed by an OS activation availability determination device.
  • the recording medium readable by the OS startability determination device refers to a transfer medium such as a floppy disk, a magneto-optical disk, a DVD, and a CD, and an HDD built in the OS startability determination device.
  • the present invention can be effectively applied to the use of protecting information of devices such as outdoor devices and built-in devices that are activated to a certain extent.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

An OS start propriety judgment device comprises an application acquisition means which acquires from an external device an application stored therein; a measurement means which when the application acquisition means acquires the application by normally connecting with the external device, measures normality of the application before starting of the OS which causes the application to operate; a collation means which collates the normality of the application measured by the measurement means with information indicating a normal application stored in advance; and an OS starting means which starts the OS when the application is judged to be normal on the basis of the result of the collation obtained by the collation means.

Description

OS起動可否判定装置、OS起動可否判定システム、OS起動可否判定方法およびOS起動可否判定プログラムOS startability determination apparatus, OS startability determination system, OS startability determination method, and OS startability determination program
 本発明は、OSの起動の可否を判定するOS起動可否判定装置、OS起動可否判定システム、OS起動可否判定方法およびOS起動可否判定プログラムに関する。 The present invention relates to an OS activation availability determination device, an OS activation availability determination system, an OS activation availability determination method, and an OS activation availability determination program that determine whether an OS can be activated.
 屋外に設置された機器は、盗難、改造、解析等の攻撃を受ける危険があるため、施錠等によって厳重に保護する等の対策が取られている。しかし、機器が攻撃を受けることにより、機器が盗難にあって別の場所で使用される可能性や、内部のアプリケーションの情報が解析される可能性や、改ざんされたアプリケーションを実行される可能性がある。 Since equipment installed outdoors is subject to attacks such as theft, modification, analysis, etc., measures such as strict protection by locking, etc. are taken. However, if the device is attacked, the device may be stolen and used elsewhere, the internal application information may be analyzed, and the altered application may be executed There is.
 これに対して、アプリケーションの改ざんを検出した時に機器の起動を阻止する技術が例えば、特開平10-333902号公報に記載されている。特開平10-333902号公報に記載されているシステムは、起動時に被検査ファイルリストを読み込み、正しいアプリケーションの情報と実際のアプリケーションの情報とを比較することで、被検査ファイルリストに記載されたアプリケーションの完全性を検証している。そして、検査の結果、ファイルの改ざんが検出されない場合にはOSを起動している。これにより、OSの起動前にファイルの改ざんを検査することが可能となる。 On the other hand, for example, Japanese Patent Application Laid-Open No. 10-333902 discloses a technique for preventing activation of a device when tampering with an application is detected. The system described in Japanese Patent Application Laid-Open No. 10-333902 reads an inspected file list at the time of startup, and compares the correct application information with the actual application information to thereby determine the application described in the inspected file list. Is verifying the completeness. If the file is not altered as a result of the inspection, the OS is activated. This makes it possible to check for file tampering before the OS is started.
 しかし、特開平10-333902号公報に記載された方式は、1つの装置で構成され、装置で使う情報が全て同一の装置内に保管されている。そのため、機器が盗難にあって別の場所で使用される危険や、機器の内部が解析され、機器内で使用されているアプリケーション等の情報が漏洩する危険性がある。 However, the method described in Japanese Patent Laid-Open No. 10-333902 is composed of a single device, and all information used in the device is stored in the same device. Therefore, there is a risk that the device is stolen and used in another place, or the inside of the device is analyzed and information such as an application used in the device is leaked.
 また、アプリケーションを記憶する装置が別の装置である場合は考慮されていない。つまり、アプリケーションを記憶する装置に正しく接続できない場合については考慮されていない。さらに、被検査ファイルリストや正しいアプリケーションの情報を書き換えが不可能な領域に保存しているため、ファイルの更新が困難である。 Also, it is not considered when the device that stores the application is another device. In other words, no consideration is given to a case where connection to the device storing the application is not possible. Furthermore, since the inspected file list and the correct application information are stored in a non-rewritable area, it is difficult to update the file.
 本発明は、アプリケーション情報の漏洩を防止できるとともに、アプリケーションを記憶する装置に正しく接続できない場合にもOSの起動を阻止することができるOS起動可否判定装置、OS起動可否判定システム、OS起動可否判定方法およびOS起動可否判定プログラムを提供することを目的とする。 The present invention can prevent leakage of application information and can prevent an OS from starting even when an application cannot be properly connected to an apparatus that stores an application, an OS startability determination system, an OS startability determination system, and an OS startability determination It is an object to provide a method and an OS bootability determination program.
 上記目的を達成するために、本発明によるOS起動可否判定装置は、
 外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得手段と、
 前記アプリケーション取得手段が前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定手段と、
 前記測定手段が測定した前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合手段と、
 前記照合手段が照合した結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動手段と、を有する。 In order to achieve the above object, an OS bootability determination device according to the present invention provides:
Application acquisition means for acquiring an application stored in the external device from the external device;
When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application;
Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance;
OS booting means for booting the OS when it is determined that the application is normal based on the result of the matching performed by the matching means.
 また、本発明によるOS起動可否判定システムは、アプリケーションを記憶する外部装置と、前記外部装置が記憶するアプリケーションの正常性に応じてOSを起動するOS起動可否判定装置と、を有し、
 前記OS起動可否判定装置は、
 前記外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得手段と、
 前記アプリケーション取得手段が前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定手段と、
 前記測定手段が測定した前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合手段と、
 前記照合手段が照合した結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動手段と、を有する。 In addition, an OS activation availability determination system according to the present invention includes an external device that stores an application, and an OS activation availability determination device that activates the OS according to the normality of the application stored in the external device,
The OS activation availability determination device includes:
Application acquisition means for acquiring an application stored in the external device from the external device;
When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application;
Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance;
OS booting means for booting the OS when it is determined that the application is normal based on the result of the matching performed by the matching means.
 また、本発明によるOS起動可否判定方法は、
 外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得ステップと、
 前記アプリケーション取得ステップで前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定ステップと、
 前記測定ステップで測定された前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合ステップと、
 前記照合ステップで照合された結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動ステップと、を有する。 In addition, the OS bootability determination method according to the present invention includes:
Obtaining an application stored in the external device from the external device; and
When the application is acquired by normally connecting to the external device in the application acquisition step, a measurement step of measuring the normality of the application before starting the OS that operates the application;
A collation step of collating the normality of the application measured in the measurement step with information indicating a normal application stored in advance;
An OS activation step of activating the OS when it is determined that the application is normal based on the result of the collation in the collation step.
 また、本発明によるOS起動可否判定プログラムは、コンピュータに、
 外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得機能と、
 前記アプリケーション取得機能で前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定機能と、
 前記測定機能で測定された前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合機能と、
 前記照合機能で照合された結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動機能と、を実現させる。 In addition, an OS bootability determination program according to the present invention is stored in a computer.
An application acquisition function for acquiring an application stored in the external device from the external device;
A measurement function for measuring the normality of the application before starting the OS for operating the application when the application is acquired by normally connecting to the external device with the application acquisition function;
A collation function for collating normality of the application measured by the measurement function with information indicating a normal application stored in advance;
An OS activation function for activating the OS when the application is determined to be normal based on the result of collation by the collation function.
 本発明によるOS起動可否判定システムの好ましい一態様は、例えば、起動時に、装置で使用するアプリケーションを起動時に外部装置より取得し、取得したアプリケーションの完全性を検証する装置を備え、OSを起動する前にアプリケーションの完全性を検証し、アプリケーションの改ざんや破損を確認した場合にはOSを起動しない動作をすることを特徴とする。このような構成を採用することにより、本発明の目的を達成することができる。 A preferable aspect of the OS activation feasibility determination system according to the present invention includes, for example, a device that acquires an application used by the device from an external device at the time of activation and verifies the integrity of the acquired application, and activates the OS. It is characterized in that the integrity of the application is verified before, and if the application has been tampered with or damaged, the OS is not started. By adopting such a configuration, the object of the present invention can be achieved.
 本発明によれば、アプリケーション情報の漏洩を防止できるとともに、アプリケーションを記憶する装置に正しく接続できない場合にもOSの起動を阻止することができる。 According to the present invention, leakage of application information can be prevented, and activation of the OS can be prevented even when connection to a device storing the application is not possible.
本発明のOS起動可否判定装置の最小の構成例を示すブロック図である。It is a block diagram which shows the minimum structural example of the OS starting availability determination apparatus of this invention. 本発明のOS起動可否判定システムの第1の実施形態の構成を示すブロック図である。It is a block diagram which shows the structure of 1st Embodiment of the OS starting availability determination system of this invention. 図2に示したOS起動可否判定システムの動作を説明するためのフローチャートである。3 is a flowchart for explaining an operation of the OS activation permission determination system illustrated in FIG. 2. 本発明のOS起動可否判定システムの第2の実施形態の構成を示すブロック図である。It is a block diagram which shows the structure of 2nd Embodiment of the OS starting availability determination system of this invention. 図4に示したOS起動可否判定システムの動作を説明するためのフローチャートである。5 is a flowchart for explaining the operation of the OS activation availability determination system shown in FIG. 4. 本発明のOS起動可否判定システムの第3の実施形態の構成を示すブロック図である。It is a block diagram which shows the structure of 3rd Embodiment of the OS starting availability determination system of this invention. 図6に示したOS起動可否判定システムの動作を説明するためのフローチャートである。FIG. 7 is a flowchart for explaining an operation of the OS activation permission determination system illustrated in FIG. 6. FIG.
 以下に、本発明の実施の形態について図面を参照して説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
 まず、本発明の概要を説明する。 First, the outline of the present invention will be described.
 図1は、本発明のOS起動可否判定装置の最小の構成例を示すブロック図である。 FIG. 1 is a block diagram showing a minimum configuration example of an OS boot availability determination device according to the present invention.
 図1に示すOS起動可否判定装置1は、アプリケーション取得部105と、測定部121と、照合部122と、OS起動部103とを備えている。 1 includes an application acquisition unit 105, a measurement unit 121, a collation unit 122, and an OS activation unit 103.
 アプリケーション取得部105は、外部装置(不図示)が記憶するアプリケーションを外部装置から取得する。 The application acquisition unit 105 acquires an application stored in an external device (not shown) from the external device.
 測定部121は、アプリケーション取得部105が外部装置に正常に接続してアプリケーションを取得した場合に、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する。 The measurement unit 121 measures the normality of the application before starting the OS that operates the application when the application acquisition unit 105 normally connects to the external device and acquires the application.
 照合部122は、測定部121が測定したアプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する。 The collation unit 122 collates the normality of the application measured by the measurement unit 121 with information indicating a normal application stored in advance.
 OS起動部103は、照合部122が照合した結果に基づいてアプリケーションが正常であると判断した場合に、OSを起動する。 The OS activation unit 103 activates the OS when it is determined that the application is normal based on the result of collation by the collation unit 122.
 図1に示すように構成すれば、アプリケーション情報の漏洩を防止できるとともに、アプリケーションを記憶する装置に正しく接続できない場合にもOSの起動を阻止することができる。 If configured as shown in FIG. 1, leakage of application information can be prevented, and activation of the OS can be prevented even when connection to the device storing the application is not possible.
 (第1の実施形態)
 以下に本発明の第1の実施形態を図面を参照して説明する。 (First embodiment)
A first embodiment of the present invention will be described below with reference to the drawings.
 図2は、本発明のOS起動可否判定システムの第1の実施形態の構成を示すブロック図である。 FIG. 2 is a block diagram showing the configuration of the first embodiment of the OS bootability determination system of the present invention.
 本実施形態のOS起動可否判定システムは図2に示すように、装置(OS起動可否判定装置)1と、装置(外部装置)2とを備える。装置1と装置2とは、例えば、ネットワークを介して通信可能に接続されている。 Referring to FIG. 2, the OS bootability determination system according to the present embodiment includes a device (OS bootability determination device) 1 and a device (external device) 2. The device 1 and the device 2 are connected to be communicable via a network, for example.
 装置2は、装置1の外部に設置される外部装置であって、記憶部(不図示)にアプリケーション部21を記憶する。アプリケーション部21は、装置1に搭載されるCPUが実行するアプリケーションソフトウェアで実現される。 The device 2 is an external device installed outside the device 1, and stores the application unit 21 in a storage unit (not shown). The application unit 21 is realized by application software executed by a CPU mounted on the apparatus 1.
 装置1は、BIOS部10と、記憶装置11と、検証装置12と、揮発性記憶装置13とを備えている。 The device 1 includes a BIOS unit 10, a storage device 11, a verification device 12, and a volatile storage device 13.
 BIOS部10は、装置2からアプリケーション部21を受信し、検証装置12がアプリケーション部21を検証した結果に応じ、後述するOS部111を起動する。BIOS部10は、例えば、アプリケーション部21を記憶する装置2に正しく接続できなかった場合や、装置2以外の外部装置に接続した場合には、OS部111を起動しない。BIOS部10は、検証要求部101と、OS起動判定部102と、OS起動部103と、通信部104とを備えている。 The BIOS unit 10 receives the application unit 21 from the device 2 and activates an OS unit 111 (to be described later) according to a result of the verification device 12 verifying the application unit 21. For example, the BIOS unit 10 does not start the OS unit 111 when the connection to the device 2 storing the application unit 21 is not possible or when the BIOS unit 10 is connected to an external device other than the device 2. The BIOS unit 10 includes a verification request unit 101, an OS activation determination unit 102, an OS activation unit 103, and a communication unit 104.
 検証要求部101は、電源による起動時に検証装置12に検証要求を出力する。例えば、検証要求部101は、BIOS部10が起動し、アプリケーション部21を記憶する装置2に正しく接続してアプリケーション部21を正常に受信した場合、アプリケーション部21の検証を要求する検証要求を検証装置12へ出力する。 The verification request unit 101 outputs a verification request to the verification device 12 when activated by the power source. For example, the verification request unit 101 verifies a verification request for requesting verification of the application unit 21 when the BIOS unit 10 is activated and the application unit 21 is normally connected to the device 2 storing the application unit 21 and received normally. Output to the device 12.
 OS起動判定部102は、OS部111の起動の可否を決定する。すなわち、OS起動判定部102は、検証装置12がアプリケーション部21を検証した結果に基づいて、アプリケーション部21が正常であるか否かを判断する。 The OS activation determination unit 102 determines whether the OS unit 111 can be activated. That is, the OS activation determination unit 102 determines whether or not the application unit 21 is normal based on the result of the verification device 12 verifying the application unit 21.
 OS起動部103は、OS部111を起動する。例えば、OS起動部103は、OS起動判定部102がアプリケーション部21が正常であると判断した場合に、OS部111を起動する。 The OS activation unit 103 activates the OS unit 111. For example, the OS activation unit 103 activates the OS unit 111 when the OS activation determination unit 102 determines that the application unit 21 is normal.
 通信部104は、装置2との通信を行う。例えば、装置1は、アプリケーション部21を通信部104を介して装置2から受信する。 The communication unit 104 communicates with the device 2. For example, the device 1 receives the application unit 21 from the device 2 via the communication unit 104.
 記憶装置11は、OS部111と、アプリケーションリスト112と、アプリケーション検証用の参照値113とを記憶する。 The storage device 11 stores an OS unit 111, an application list 112, and a reference value 113 for application verification.
 OS部111は、装置1に搭載されるCPU(不図示)が実行する基本ソフトウェアで実現され、アプリケーション部21を実行する。 The OS unit 111 is realized by basic software executed by a CPU (not shown) installed in the apparatus 1 and executes the application unit 21.
 アプリケーションリスト112は、装置1が使用するアプリケーション(アプリケーション部21)を示す情報である。 The application list 112 is information indicating an application (application unit 21) used by the device 1.
 アプリケーション検証用の参照値113は、検証装置12がアプリケーション部21を検証する時に用いる値である。アプリケーション検証用の参照値113は、装置1の管理者が正常であると判断する状態のアプリケーションの固有の値である。すなわち、アプリケーション検証用の参照値113は、アプリケーション部21が正常であるか否かを判断するための情報であって、正常なアプリケーション部21を示す情報である。アプリケーション検証用の参照値113は、例えば、正常なアプリケーションが取りうる値の範囲や、閾値等で実現される。 The reference value 113 for application verification is a value used when the verification device 12 verifies the application unit 21. The reference value 113 for application verification is a unique value of the application in a state that the administrator of the apparatus 1 determines to be normal. That is, the application verification reference value 113 is information for determining whether or not the application unit 21 is normal, and is information indicating the normal application unit 21. The application verification reference value 113 is realized by, for example, a range of values that can be taken by a normal application, a threshold value, or the like.
 検証装置12は、測定部121と、照合部122とを含み、アプリケーション部21が正常であるか否かを検証する。 The verification device 12 includes a measurement unit 121 and a verification unit 122, and verifies whether or not the application unit 21 is normal.
 測定部121は、アプリケーションやOSのようなソフトウェアのイメージやハッシュ値、CRC等のソフトウェアの破損を調べるための値等の、ソフトウェア固有の値を測定する。例えば、測定部121は、アプリケーション部21の正常性を示す固有の値を測定する。以下、「アプリケーション部21の正常性を示す固有の値」を「アプリケーション部21の固有の値」と表記し、「アプリケーション部21の正常性を示す固有の値を測定する」ことを「アプリケーション部21の正常性を測定する」と表記する場合がある。 The measurement unit 121 measures software-specific values such as an image of software such as an application or OS, a hash value, and a value for examining software damage such as CRC. For example, the measurement unit 121 measures a unique value indicating the normality of the application unit 21. Hereinafter, “the unique value indicating the normality of the application unit 21” is referred to as “the unique value of the application unit 21”, and “the unique value indicating the normality of the application unit 21 is measured” is referred to as “the application unit. May be described as “measuring 21 normality”.
 照合部122は、測定部121が測定したアプリケーション部21の正常性と、記憶装置11が記憶するアプリケーション検証用の参照値113(正常なアプリケーションの正常性)とを照合する。 The collation unit 122 collates the normality of the application unit 21 measured by the measurement unit 121 with the reference value 113 (normality of normal application) for application verification stored in the storage device 11.
 揮発性記憶装置13は、電源の供給が絶たれると保存されている情報が消去される記憶装置である。揮発性記憶装置13は、装置2から受信したアプリケーション部21を記憶する。 The volatile storage device 13 is a storage device in which stored information is erased when power supply is cut off. The volatile storage device 13 stores the application unit 21 received from the device 2.
 以下に、上記のように構成されたOS起動可否判定システムの動作について説明する。 Hereinafter, the operation of the OS bootability determination system configured as described above will be described.
 図3は、図2に示したOS起動可否判定システムの動作を説明するためのフローチャートである。 FIG. 3 is a flowchart for explaining the operation of the OS bootability determination system shown in FIG.
 まず、装置1の電源が入れられると、BIOS部10が起動する(ステップS101)。 First, when the apparatus 1 is powered on, the BIOS unit 10 is activated (step S101).
 BIOS部10は、装置1が使用するアプリケーションリスト112を取得する(ステップS102)。 The BIOS unit 10 acquires the application list 112 used by the device 1 (step S102).
 次に、BIOS部10は、アプリケーションリスト112に記載されている情報が示すアプリケーション部21を装置2に要求する(ステップS103)。 Next, the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S103).
 次に、BIOS部10は、要求したアプリケーション部21を装置2から取得(受信)して揮発性記憶装置13に保存する(ステップS104)。 Next, the BIOS unit 10 acquires (receives) the requested application unit 21 from the device 2 and stores it in the volatile storage device 13 (step S104).
 なお、BIOS部10は、アプリケーション部21を記憶する装置2に正しく接続できなかった場合や、装置2以外の外部装置に接続した場合、例えば、OS部111を起動せずに装置1の電源を切断する。 When the BIOS unit 10 cannot be correctly connected to the device 2 that stores the application unit 21 or is connected to an external device other than the device 2, for example, the BIOS unit 10 turns on the power of the device 1 without starting the OS unit 111. Disconnect.
 そして、BIOS部10は、アプリケーション部21を記憶する装置2に正しく接続してアプリケーション部21を正常に受信した場合に、取得したアプリケーション部21の検証を要求する検証要求を検証装置12へ出力する(ステップS105)。 Then, when the BIOS unit 10 correctly connects to the device 2 that stores the application unit 21 and receives the application unit 21 normally, the BIOS unit 10 outputs a verification request for requesting verification of the acquired application unit 21 to the verification device 12. (Step S105).
 検証装置12は、アプリケーション部21の固有の値を測定し(ステップS106)、記憶装置11からアプリケーション検証用の参照値113を取得する(ステップS107)。 The verification device 12 measures a unique value of the application unit 21 (step S106), and acquires a reference value 113 for application verification from the storage device 11 (step S107).
 次に、検証装置12は、測定されたアプリケーション部21の固有の値と、アプリケーション検証用の参照値113とを照合する(ステップS108)。 Next, the verification device 12 collates the measured unique value of the application unit 21 with the reference value 113 for application verification (step S108).
 そして、検証装置12は、照合結果をBIOS部10に送信する(ステップS109)。 And the verification apparatus 12 transmits a collation result to the BIOS part 10 (step S109).
 BIOS部10は、照合結果に基づいてアプリケーション部21が正常であるか否かを判断する(ステップS110)。 The BIOS unit 10 determines whether or not the application unit 21 is normal based on the collation result (step S110).
 アプリケーション部21が正常でないと判断した場合(NO)、BIOS部10は、装置1の電源を切断する(ステップS111)。 If it is determined that the application unit 21 is not normal (NO), the BIOS unit 10 turns off the power of the device 1 (step S111).
 一方、アプリケーション部21が正常であると判断した場合(YES)、BIOS部10は、記憶装置11のOS部111を起動する(ステップS112)。 On the other hand, when it is determined that the application unit 21 is normal (YES), the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S112).
 次に、OS部111は、アプリケーション部21を起動し、アプリケーション部21はアプリケーションを実行する(ステップS113)。 Next, the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S113).
 このように本実施形態においては、OS部111を起動する前に、装置が使用するアプリケーションを外部装置から受信し、アプリケーションの改ざんの有無を検証するというように構成されている。 As described above, in this embodiment, before starting the OS unit 111, the application used by the apparatus is received from the external apparatus, and the presence / absence of falsification of the application is verified.
 そのため、アプリケーションを取得できない場合や、改ざんされたアプリケーションを実行しようとした場合だけでなく、装置1が使用するアプリケーションを記憶する正しい外部装置に接続されなかった場合や、取得したアプリケーションが正しい状態になかった場合に、OSの起動を阻止し、OSが起動されることによって受ける攻撃を防止することができる。 Therefore, not only when an application cannot be acquired or when an application that has been tampered with is attempted, but when the application 1 is not connected to the correct external device that stores the application used, or when the acquired application is in the correct state. In the case where there is not, it is possible to prevent the OS from being activated and to prevent an attack received by the OS being activated.
 また、揮発性記憶装置13上にアプリケーションを展開して使用するため、機器(装置)が盗難されたとしても、装置1の電源が切れればアプリケーションの情報は消去されるため、アプリケーションの情報が装置の外に漏れることを防止することができる。 Further, since the application is developed and used on the volatile storage device 13, even if the device (device) is stolen, the application information is deleted when the power of the device 1 is turned off. It is possible to prevent leakage from the apparatus.
 また、アプリケーション情報を外部装置が記憶することから、装置の内部情報が解析された場合にも、アプリケーション情報の漏洩を防止することができる。 In addition, since the application information is stored in the external device, the leakage of the application information can be prevented even when the internal information of the device is analyzed.
 (第2の実施形態)
 次に、本発明の第2の実施形態を図面を参照して説明する。 (Second Embodiment)
Next, a second embodiment of the present invention will be described with reference to the drawings.
 図4は、本発明のOS起動可否判定システムの第2の実施形態の構成を示すブロック図である。 FIG. 4 is a block diagram showing the configuration of the second embodiment of the OS boot availability determination system of the present invention.
 本実施形態のOS起動可否判定システムの記憶装置11には図4に示すように、図2に示した記憶装置11には設けられていないOS検証用の参照値114が設けられている。OS検証用の参照値114は、装置1の管理者が正常であると判断する状態にあるOSの固有の値である。 As shown in FIG. 4, the storage device 11 of the OS activation possibility determination system of this embodiment is provided with a reference value 114 for OS verification that is not provided in the storage device 11 shown in FIG. The reference value 114 for OS verification is a unique value of the OS that is in a state in which the administrator of the apparatus 1 determines that it is normal.
 以下に、上記のように構成されたOS起動可否判定システムの動作について説明する。 Hereinafter, the operation of the OS bootability determination system configured as described above will be described.
 図5は、図4に示したOS起動可否判定システムの動作を説明するためのフローチャートである。 FIG. 5 is a flowchart for explaining the operation of the OS activation permission determination system shown in FIG.
 まず、装置1の電源が入れられると、BIOS部10が起動する(ステップS201)。 First, when the apparatus 1 is powered on, the BIOS unit 10 is activated (step S201).
 BIOS部10は、装置1が使用するアプリケーションリスト112を取得する(ステップS202)。 The BIOS unit 10 acquires the application list 112 used by the device 1 (step S202).
 次に、BIOS部10は、アプリケーションリスト112に記載されている情報が示すアプリケーション部21を装置2に要求する(ステップS203)。 Next, the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S203).
 次に、BIOS部10は、要求したアプリケーション部21を装置2から取得(受信)して揮発性記憶装置13に保存する(ステップS204)。 Next, the BIOS unit 10 acquires (receives) the requested application unit 21 from the device 2 and stores it in the volatile storage device 13 (step S204).
 そして、BIOS部10は、アプリケーション部21およびOS部111の検証を要求する検証要求を、検証装置12に出力する(ステップS205)。 Then, the BIOS unit 10 outputs a verification request for requesting verification of the application unit 21 and the OS unit 111 to the verification device 12 (step S205).
 検証装置12は、アプリケーション部21の固有の値を測定し(ステップS206)、記憶装置11からアプリケーション検証用の参照値113を取得する(ステップS207)。 The verification device 12 measures a unique value of the application unit 21 (step S206), and acquires a reference value 113 for application verification from the storage device 11 (step S207).
 次に、検証装置12は、測定されたアプリケーション部21の固有の値と、アプリケーション検証用の参照値113とを照合する(ステップS208)。 Next, the verification device 12 collates the measured unique value of the application unit 21 with the reference value 113 for application verification (step S208).
 そして、検証装置12は、照合結果に基づいて、アプリケーション部21が正常であるか否かを判断する(ステップS209)。 And the verification apparatus 12 judges whether the application part 21 is normal based on a collation result (step S209).
 検証装置12は、アプリケーション部21が正常でないと判断した場合(NO)、BIOS部10にNG(異常)を示す情報を送信し、BIOS部10は、装置1の電源を切断する(ステップS210)。 When the verification device 12 determines that the application unit 21 is not normal (NO), the verification unit 12 transmits information indicating NG (abnormality) to the BIOS unit 10, and the BIOS unit 10 cuts off the power of the device 1 (step S210). .
 一方、検証結果(照合結果)により、アプリケーション部21が正常であると判断した場合(YES)、検証装置12は、OS部111の固有の値を測定し(ステップS211)、記憶装置11からOS検証用の参照値114を取得する(ステップS212)。 On the other hand, if the verification unit 12 determines that the application unit 21 is normal based on the verification result (matching result) (YES), the verification device 12 measures a unique value of the OS unit 111 (step S211), and stores the OS from the storage device 11 The reference value 114 for verification is acquired (step S212).
 検証装置12は、測定されたOS部111の固有の値と、OS検証用の参照値114とを照合する(ステップS213)。 The verification device 12 collates the measured unique value of the OS unit 111 with the reference value 114 for OS verification (step S213).
 次に、検証装置12は、検証結果(照合結果)をBIOS部10に送信する(ステップS214)。 Next, the verification device 12 transmits the verification result (collation result) to the BIOS unit 10 (step S214).
 BIOS部10は、照合結果に基づいて、OS部111が正常であるか否かを判断する(ステップS215)。 The BIOS unit 10 determines whether the OS unit 111 is normal based on the collation result (step S215).
 BIOS部10は、OS部111が正常でないと判断した場合(NO)、装置1の電源を切断する(ステップS216)。 If the BIOS unit 10 determines that the OS unit 111 is not normal (NO), the BIOS unit 10 turns off the power of the device 1 (step S216).
 一方、検証結果(照合結果)により、OS部111が正常であると判断した場合(YES)、BIOS部10は、記憶装置11のOS部111を起動する(ステップS217)。 On the other hand, when it is determined that the OS unit 111 is normal based on the verification result (collation result) (YES), the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S217).
 次に、OS部111は、アプリケーション部21を起動し、アプリケーション部21はアプリケーションを実行する(ステップS218)。 Next, the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S218).
 このように本実施形態においては、アプリケーションが改ざんされていた場合に加えて、OS部111が改ざんされていた場合にOSの起動を阻止することができる。アプリケーション部21の検証と比較してOS部111の検証には時間がかかるため、アプリケーション部21の検証をOS部111の検証よりも先に行うことで、OS部111またはアプリケーション部21の改ざん時に効率的にOSの起動を阻止することができる。これは、アプリケーションが改ざんされていた場合は、時間のかかるOS部111の検証をせずに、アプリケーション部21の検証で装置の起動の可否を判断できるためである。一方、OSが改ざんされていた場合は、アプリケーション部21の検証時間は無駄になるが、アプリケーション部21の検証時間は十分小さいため、影響が少ない。 As described above, in this embodiment, in addition to the case where the application has been tampered with, the OS can be prevented from starting when the OS unit 111 has been tampered with. Since the verification of the OS unit 111 takes time compared with the verification of the application unit 21, the verification of the application unit 21 is performed before the verification of the OS unit 111, so that the OS unit 111 or the application unit 21 is altered. It is possible to efficiently prevent the OS from starting up. This is because if the application has been tampered with, the verification of the application unit 21 can determine whether or not the apparatus can be started without verifying the OS unit 111, which takes time. On the other hand, when the OS has been tampered with, the verification time of the application unit 21 is wasted, but the verification time of the application unit 21 is sufficiently small, and thus the influence is small.
 (第3の実施形態)
 次に、本発明の第3の実施形態を図面を参照して説明する。 (Third embodiment)
Next, a third embodiment of the present invention will be described with reference to the drawings.
 図6は、本発明のOS起動可否判定システムの第3の実施形態の構成を示すブロック図である。 FIG. 6 is a block diagram showing the configuration of the third embodiment of the OS boot availability determination system of the present invention.
 本実施形態のOS起動可否判定システムの装置1は図6に示すように、図4に示した装置1には設けられていないセキュリティチップ14が設けられている。 As shown in FIG. 6, the device 1 of the OS bootability determination system according to the present embodiment is provided with a security chip 14 that is not provided in the device 1 shown in FIG. 4.
 本実施形態では、アプリケーションリスト112と、アプリケーション検証用の参照値113と、OS検証用の参照値114とは、公開鍵を用いて暗号化されている。セキュリティチップ14は、暗号化されたアプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114を復号するための秘密鍵を記憶する。 In this embodiment, the application list 112, the application verification reference value 113, and the OS verification reference value 114 are encrypted using a public key. The security chip 14 stores a secret key for decrypting the encrypted application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification.
 また、本実施形態において装置2は、更新情報を記憶している。更新情報とは例えば、アプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114が更新されているか否かを示す情報である。 In the present embodiment, the device 2 stores update information. For example, the update information is information indicating whether or not the application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification are updated.
 装置2は、アプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114が更新されている場合、更新されていることを示す更新情報を記憶するとともに、更新後のアプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114を記憶する。装置2が記憶する更新後のアプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114は、例えば、あらかじめ公開鍵を用いて暗号化されている。 When the application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification are updated, the device 2 stores update information indicating that the application list 112 is updated, and the updated application list 112. The reference value 113 for application verification and the reference value 114 for OS verification are stored. The updated application list 112, the application verification reference value 113, and the OS verification reference value 114 stored in the apparatus 2 are, for example, previously encrypted using a public key.
 以下に、上記のように構成されたOS起動可否判定システムの動作について説明する。 Hereinafter, the operation of the OS bootability determination system configured as described above will be described.
 図7は、図6に示したOS起動可否判定システムの動作を説明するためのフローチャートである。 FIG. 7 is a flowchart for explaining the operation of the OS activation permission determination system shown in FIG.
 まず、装置1の電源が入れられると、BIOS部10が起動する(ステップS301)。 First, when the apparatus 1 is powered on, the BIOS unit 10 is activated (step S301).
 BIOS部10は、装置2から更新情報を取得(受信)し(ステップS302)、アプリケーションリスト112、アプリケーション検証用の参照値113およびOS検証用の参照値114の更新の有無を調べる(ステップS303)。 The BIOS unit 10 acquires (receives) update information from the device 2 (step S302), and checks whether the application list 112, the reference value 113 for application verification, and the reference value 114 for OS verification have been updated (step S303). .
 更新がある場合(YES)、BIOS部10は、アプリケーションリスト112やアプリケーション検証用の参照値113等の各種情報を更新する(ステップS304)。例えば、BIOS部10は、暗号化された更新後の情報を装置2から受信し、記憶装置11に記憶させる。 If there is an update (YES), the BIOS unit 10 updates various information such as the application list 112 and the reference value 113 for application verification (step S304). For example, the BIOS unit 10 receives the encrypted updated information from the device 2 and stores it in the storage device 11.
 次に、BIOS部10は、装置1が使用するアプリケーションのリスト112を取得し、セキュリティチップ14内の秘密鍵を用いて復号する(ステップS305)。 Next, the BIOS unit 10 acquires the application list 112 used by the device 1 and decrypts it using the secret key in the security chip 14 (step S305).
 次に、BIOS部10は、アプリケーションリスト112に記載されている情報が示すアプリケーション部21を装置2に要求し(ステップS306)、要求したアプリケーション部21を装置2から受信して揮発性記憶装置13に保存する(ステップS307)。 Next, the BIOS unit 10 requests the device 2 for the application unit 21 indicated by the information described in the application list 112 (step S306), receives the requested application unit 21 from the device 2, and receives the volatile storage device 13 from the device 2. (Step S307).
 次に、BIOS部10は、検証装置12に、アプリケーション部21およびOS部111の検証を要求する検証要求を出力する(ステップS308)。 Next, the BIOS unit 10 outputs a verification request for requesting verification of the application unit 21 and the OS unit 111 to the verification device 12 (step S308).
 検証装置12は、アプリケーション部21の固有の値を測定し(ステップS309)、記憶装置11からアプリケーション検証用の参照値113を取得して、セキュリティチップ14内の鍵を用いて復号する(ステップS310)。 The verification device 12 measures the unique value of the application unit 21 (step S309), acquires the reference value 113 for application verification from the storage device 11, and decrypts it using the key in the security chip 14 (step S310). ).
 次に、検証装置12は、測定されたアプリケーション部21の固有の値と、復号されたアプリケーション検証用の参照値113とを照合する(ステップS311)。 Next, the verification apparatus 12 collates the measured unique value of the application unit 21 with the decrypted reference value 113 for application verification (step S311).
 検証装置12は、照合結果に基づいて、アプリケーション部21が正常であるか否かを判断する(ステップS312)。 The verification device 12 determines whether or not the application unit 21 is normal based on the collation result (step S312).
 検証装置12は、アプリケーション部21が正常でないと判断した場合(NO)、BIOS部10にNG(異常)を示す情報を送信し、BIOS部10は、装置1の電源を切断する(ステップS313)。 When the verification device 12 determines that the application unit 21 is not normal (NO), the verification unit 12 transmits information indicating NG (abnormality) to the BIOS unit 10, and the BIOS unit 10 turns off the power of the device 1 (step S313). .
 一方、検証結果(照合結果)により、アプリケーション部21が正常であると判断した場合(YES)、検証装置12は、OS部111の固有の値を測定し(ステップS314)、記憶装置11からOS検証用の参照値114を取得して、セキュリティチップ14内の鍵で復号する(ステップS315)。 On the other hand, if the verification unit 12 determines that the application unit 21 is normal based on the verification result (matching result) (YES), the verification device 12 measures a unique value of the OS unit 111 (step S314) and stores the OS from the storage device 11 The reference value 114 for verification is acquired and decrypted with the key in the security chip 14 (step S315).
 検証装置12は、測定されたOS部111の固有の値と、復号されたOS検証用の参照値114とを照合する(ステップS316)。 The verification device 12 collates the measured unique value of the OS unit 111 with the decrypted reference value 114 for OS verification (step S316).
 次に、検証装置12は、検証結果(照合結果)をBIOS部10に送信する(ステップS317)。 Next, the verification device 12 transmits a verification result (collation result) to the BIOS unit 10 (step S317).
 BIOS部10は、照合結果に基づいて、OS部111が正常であるか否かを判断する(ステップS318)。BIOS部10はOS部111が正常でないと判断した場合(NO)、装置1の電源を切断する(ステップS319)。 The BIOS unit 10 determines whether the OS unit 111 is normal based on the collation result (step S318). When the BIOS unit 10 determines that the OS unit 111 is not normal (NO), the BIOS unit 10 turns off the power of the device 1 (step S319).
 検証結果(照合結果)により、OS部111が正常であると判断した場合(YES)、BIOS部10は、記憶装置11のOS部111を起動する(ステップS320)。 When it is determined that the OS unit 111 is normal based on the verification result (collation result) (YES), the BIOS unit 10 activates the OS unit 111 of the storage device 11 (step S320).
 次に、OS部111は、アプリケーション部21を起動し、アプリケーション部21はアプリケーションを実行する(ステップS321)。 Next, the OS unit 111 activates the application unit 21, and the application unit 21 executes the application (step S321).
 このように本実施形態においては、上述した第1の実施形態や第2の実施形態に加えて、アプリケーションやOSを検証する際の参照情報を暗号化して保護するため、装置内の情報が漏洩、改ざんされることを阻止することができる。また、特開平10-333902号公報に記されている方法では、アプリケーションやOSを検証する際の参照情報を更新するには、装置1のROMを書き換えるなど、直接変更する必要があったが、本実施形態においては、例えば、セキュリティチップの管理者が装置2から装置1にアクセスし、装置1のセキュリティチップ内の鍵を使用することで、装置1で使用するアプリケーションの情報を遠隔操作により更新することができる。 As described above, in this embodiment, in addition to the first embodiment and the second embodiment described above, the reference information used when verifying the application and the OS is encrypted and protected. , Can prevent tampering. Further, in the method described in Japanese Patent Laid-Open No. 10-333902, in order to update the reference information when verifying the application or the OS, it is necessary to directly change it, for example, by rewriting the ROM of the device 1. In the present embodiment, for example, the administrator of the security chip accesses the device 1 from the device 2 and uses the key in the security chip of the device 1 to update the application information used by the device 1 by remote operation. can do.
 なお、上述した第1~第3の実施形態では、以下の(1)~(5)に示すような特徴的な構成を備えたOS起動可否判定装置が示されている。 In the first to third embodiments described above, an OS bootability determination device having a characteristic configuration as shown in the following (1) to (5) is shown.
 (1)外部装置(例えば、装置2で実現される)が記憶するアプリケーション(例えば、アプリケーション部21で実現される)を外部装置から取得するアプリケーション取得部(例えば、アプリケーション取得部105、BIOS部10で実現される)と、アプリケーション取得部が外部装置に正常に接続してアプリケーションを取得した場合に、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定部(例えば、測定部121で実現される)と、測定部が測定したアプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合部(例えば、照合部122で実現される)と、照合部が照合した結果に基づいてアプリケーションが正常であると判断した場合に、OSを起動するOS起動部(例えば、OS起動部103で実現される)とを備えたことを特徴とするOS起動可否判定装置(例えば、装置1で実現される)。 (1) Application acquisition unit (for example, application acquisition unit 105, BIOS unit 10) that acquires an application (for example, realized by the application unit 21) stored in an external device (for example, realized by the device 2) from the external device. When the application acquisition unit normally connects to an external device and acquires the application, the measurement unit (for example, measures the normality of the application before starting the OS that operates the application) And a verification unit (for example, realized by the verification unit 122) for verifying the normality of the application measured by the measurement unit and information indicating a normal application stored in advance. Based on the result of verification by the verification unit, the application is determined to be normal. If, OS startup unit starts the OS (e.g., as implemented by the OS startup unit 103) OS startup determination apparatus characterized by comprising a (for example, implemented by the apparatus 1).
 (2)測定部は、アプリケーションを動作させるOSを起動する前に、当該OSの正常性を測定し、照合部は、測定部が測定したOSの正常性と、予め記憶された正常なOSを示す情報とを照合し、OS起動部は、アプリケーションが正常であると判断し、OSが正常であると判断した場合に、OSを起動するOS起動可否判定装置。そのように構成されたOS起動可否判定装置は、アプリケーションが改ざんされていた場合に加えて、OS部が改ざんされていた場合にもOSの起動を阻止することができる。 (2) The measurement unit measures the normality of the OS before starting the OS for operating the application, and the collation unit determines the normality of the OS measured by the measurement unit and the normal OS stored in advance. The OS activation unit determines whether the application is normal and the OS activation unit determines whether the OS is normal when the OS activation unit determines that the application is normal. The OS activation determination device configured as described above can prevent the activation of the OS not only when the application has been tampered with but also when the OS unit has been tampered with.
 (3)装置で動作させるアプリケーションを示す情報と、予め記憶された正常なアプリケーションを示す情報と、予め記憶された正常なOSを示す情報とを暗号鍵を用いて暗号化し、暗号鍵に対応する復号鍵を記憶するセキュリティチップ(例えば、セキュリティチップ14で実現される)を備えたOS起動可否判定装置。そのように構成されたOS起動可否判定装置は、装置内の情報が漏洩、改ざんされることを阻止することができる。 (3) The information indicating the application to be operated on the apparatus, the information indicating the normal application stored in advance, and the information indicating the normal OS stored in advance are encrypted using the encryption key to correspond to the encryption key. An OS activation availability determination device including a security chip (for example, realized by the security chip 14) that stores a decryption key. The OS bootability determination device configured as described above can prevent information in the device from being leaked or tampered with.
 (4)測定部は、アプリケーションおよびOSの正常性を判断するために、ソフトウェアイメージまたはそのハッシュ値を測定するOS起動可否判定装置。 (4) The OS boot availability determination device that measures the software image or its hash value in order to determine the normality of the application and the OS.
 (5)測定部は、アプリケーションおよびOSの正常性を判断するために、ソフトウェアの破損を調べるための値を測定するOS起動可否判定装置。 (5) The measurement unit is an OS activation availability determination device that measures a value for examining software damage in order to determine the normality of the application and the OS.
 なお、本発明においては、OS起動可否判定装置内の処理は上述の専用のハードウェアにより実現されるもの以外に、その機能を実現するためのプログラムをOS起動可否判定装置にて読取可能な記録媒体に記録し、この記録媒体に記録されたプログラムをOS起動可否判定装置に読み込ませ、実行するものであっても良い。OS起動可否判定装置にて読取可能な記録媒体とは、フロッピーディスク、光磁気ディスク、DVD、CDなどの移設可能な記録媒体の他、OS起動可否判定装置に内蔵されたHDDなどを指す。 In the present invention, the processing in the OS bootability determination device is a record that can be read by the OS bootability determination device in addition to the above-described dedicated hardware. The program may be recorded on a medium, and the program recorded on the recording medium may be read and executed by an OS activation availability determination device. The recording medium readable by the OS startability determination device refers to a transfer medium such as a floppy disk, a magneto-optical disk, a DVD, and a CD, and an HDD built in the OS startability determination device.
 以上、実施例を参照して本願発明を説明したが、本願発明は上記実施例に限定されるものではない。本願発明の構成や詳細には、本願発明のスコープ内で当業者が理解し得る様々な変更をすることができる。 Although the present invention has been described with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
 この出願は、2008年3月10日に出願された日本出願特願2008-059571を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2008-059571 filed on Mar. 10, 2008, the entire disclosure of which is incorporated herein.
 本発明は、屋外機器や組込機器といった起動するアプリケーションがある程度固定されている機器の情報を保護する用途に効果的に適用できる。 The present invention can be effectively applied to the use of protecting information of devices such as outdoor devices and built-in devices that are activated to a certain extent.

Claims (11)

  1.  外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得手段と、
     前記アプリケーション取得手段が前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定手段と、
     前記測定手段が測定した前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合手段と、
     前記照合手段が照合した結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動手段と、を有するOS起動可否判定装置。     Application acquisition means for acquiring an application stored in the external device from the external device;
    When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application;
    Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance;
    An OS activation availability determination device comprising: an OS activation unit that activates the OS when it is determined that the application is normal based on a result of the verification performed by the verification unit.
  2.  請求項1に記載のOS起動可否判定装置において、
     前記測定手段は、前記アプリケーション取得手段にて取得されたアプリケーションを動作させるOSを起動する前に、当該OSの正常性を測定し、
     前記照合手段は、前記測定手段が測定した前記OSの正常性と、予め記憶された正常なOSを示す情報とを照合し、
     前記OS起動手段は、前記アプリケーションが正常であると判断され、かつ、前記OSが正常であると判断された場合に、前記OSを起動するOS起動可否判定装置。     In the OS boot availability determination device according to claim 1,
    The measurement unit measures the normality of the OS before starting the OS that operates the application acquired by the application acquisition unit,
    The collation means collates the normality of the OS measured by the measurement means with information indicating a normal OS stored in advance,
    The OS activation means is an OS activation availability determination device that activates the OS when it is determined that the application is normal and the OS is normal.
  3.  請求項2に記載のOS起動可否判定装置において、
     前記アプリケーションを示す情報と、前記予め記憶された正常なアプリケーションを示す情報と、前記予め記憶された正常なOSを示す情報とを暗号鍵を用いて暗号化し、前記暗号鍵に対応する復号鍵を記憶するセキュリティチップを有するOS起動可否判定装置。     In the OS boot availability determination device according to claim 2,
    The information indicating the application, the information indicating the normal application stored in advance, and the information indicating the normal OS stored in advance are encrypted using an encryption key, and a decryption key corresponding to the encryption key is obtained. An OS activation availability determination device having a security chip to be stored.
  4.  請求項2または請求項3に記載のOS起動可否判定装置において、
     前記測定手段は、前記アプリケーション取得手段にて取得されたアプリケーション及び前記OSのソフトウェアイメージまたはハッシュ値を用いて、当該アプリケーション及び前記OSの正常性を測定するOS起動可否判定装置。     In the OS boot availability determination device according to claim 2 or 3,
    An OS activation availability determination device that measures the normality of the application and the OS using the application acquired by the application acquisition unit and the software image or hash value of the OS.
  5.  請求項2または請求項3に記載のOS起動可否判定装置において、
     前記測定手段は、ソフトウェアの破損を調べるための値を用いて、前記アプリケーション取得手段にて取得されたアプリケーション及び前記OSの正常性を測定するOS起動可否判定装置。     In the OS boot availability determination device according to claim 2 or 3,
    An OS activation availability determination device that measures the normality of the application acquired by the application acquisition unit and the OS, using the value used to check for software damage.
  6.  アプリケーションを記憶する外部装置と、
     前記外部装置が記憶するアプリケーションの正常性に応じてOSを起動するOS起動可否判定装置と、を有し、
     前記OS起動可否判定装置は、
     前記外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得手段と、
     前記アプリケーション取得手段が前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定手段と、
     前記測定手段が測定した前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合手段と、
     前記照合手段が照合した結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動手段と、を有するOS起動可否判定システム。     An external device that stores the application;
    An OS activation availability determination device that activates an OS according to the normality of an application stored in the external device;
    The OS activation availability determination device includes:
    Application acquisition means for acquiring an application stored in the external device from the external device;
    When the application acquisition unit normally connects to the external device and acquires the application, a measurement unit that measures the normality of the application before starting an OS that operates the application;
    Collation means for collating normality of the application measured by the measurement means with information indicating a normal application stored in advance;
    An OS activation availability determination system comprising: an OS activation unit that activates the OS when it is determined that the application is normal based on a result of the verification performed by the verification unit.
  7.  請求項6に記載のOS起動可否判定システムにおいて、
     前記測定手段は、前記アプリケーション取得手段にて取得されたアプリケーションを動作させるOSを起動する前に、当該OSの正常性を測定し、
     前記照合手段は、前記測定手段が測定した前記OSの正常性と、予め記憶された正常なOSを示す情報とを照合し、
     前記OS起動手段は、前記アプリケーションが正常であると判断され、かつ、前記OSが正常であると判断された場合に、前記OSを起動するOS起動可否判定システム。     In the OS boot availability determination system according to claim 6,
    The measurement unit measures the normality of the OS before starting the OS that operates the application acquired by the application acquisition unit,
    The collation means collates the normality of the OS measured by the measurement means with information indicating a normal OS stored in advance,
    The OS activation means is an OS activation availability determination system that activates the OS when it is determined that the application is normal and the OS is normal.
  8.  外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得ステップと、
     前記アプリケーション取得ステップで前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定ステップと、
     前記測定ステップで測定された前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合ステップと、
     前記照合ステップで照合された結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動ステップと、を有するOS起動可否判定方法。     Obtaining an application stored in the external device from the external device; and
    When the application is acquired by normally connecting to the external device in the application acquisition step, a measurement step of measuring the normality of the application before starting the OS that operates the application;
    A collation step of collating the normality of the application measured in the measurement step with information indicating a normal application stored in advance;
    An OS activation availability determination method comprising: an OS activation step of activating the OS when it is determined that the application is normal based on the collation result in the collation step.
  9.  請求項8に記載のOS起動可否判定方法において、
     前記測定ステップは、前記アプリケーション取得ステップで取得されたアプリケーションを動作させるOSを起動する前に、当該OSの正常性を測定するステップをさらに含み、
     前記照合ステップは、前記測定ステップで測定された前記OSの正常性と、予め記憶された正常なOSを示す情報とを照合するステップをさらに含み、
     前記OS起動ステップは、前記アプリケーションが正常であると判断され、かつ、前記OSが正常であると判断された場合に、前記OSを起動するステップであるOS起動可否判定方法。     In the OS boot availability determination method according to claim 8,
    The measurement step further includes a step of measuring the normality of the OS before starting the OS that operates the application acquired in the application acquisition step,
    The collation step further includes a step of collating the normality of the OS measured in the measurement step with information indicating a normal OS stored in advance.
    The OS activation step is a method for determining whether or not an OS can be activated, which is a step of activating the OS when it is determined that the application is normal and the OS is normal.
  10.  コンピュータに、
     外部装置が記憶するアプリケーションを前記外部装置から取得するアプリケーション取得機能と、
     前記アプリケーション取得機能で前記外部装置に正常に接続して前記アプリケーションを取得した場合、当該アプリケーションを動作させるOSを起動する前に、当該アプリケーションの正常性を測定する測定機能と、
     前記測定機能で測定された前記アプリケーションの正常性と、予め記憶された正常なアプリケーションを示す情報とを照合する照合機能と、
     前記照合機能で照合された結果に基づき、前記アプリケーションが正常であると判断された場合に、前記OSを起動するOS起動機能と、を実現させるためのOS起動可否判定プログラム。     On the computer,
    An application acquisition function for acquiring an application stored in the external device from the external device;
    A measurement function for measuring the normality of the application before starting the OS for operating the application when the application is acquired by normally connecting to the external device with the application acquisition function;
    A collation function for collating normality of the application measured by the measurement function with information indicating a normal application stored in advance;
    An OS boot availability determination program for realizing an OS boot function for booting the OS when it is determined that the application is normal based on a result of the collation by the collation function.
  11.  請求項10に記載のOS起動可否判定プログラムにおいて、
     前記測定機能は、前記アプリケーション取得機能で取得されたアプリケーションを動作させるOSを起動する前に、当該OSの正常性を測定する機能をさらに含み、
     前記照合機能は、前記測定機能で測定された前記OSの正常性と、予め記憶された正常なOSを示す情報とを照合する機能をさらに含み、
     前記OS起動機能は、前記アプリケーションが正常であると判断され、かつ、前記OSが正常であると判断された場合に、前記OSを起動する機能であるOS起動可否判定プログラム。     In the OS boot availability determination program according to claim 10,
    The measurement function further includes a function of measuring the normality of the OS before starting the OS for operating the application acquired by the application acquisition function,
    The collation function further includes a function of collating the normality of the OS measured by the measurement function with information indicating a normal OS stored in advance.
    The OS activation function is an OS activation availability determination program that is a function for activating the OS when it is determined that the application is normal and the OS is normal.
PCT/JP2009/053018 2008-03-10 2009-02-20 Os start propriety judgment device, os start propriety judgment system, os start propriety judgment method, and os start propriety judgment program WO2009113376A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008059571A JP2011128659A (en) 2008-03-10 2008-03-10 Device, system, method and program for determining propriety of os start
JP2008-059571 2008-03-10

Publications (1)

Publication Number Publication Date
WO2009113376A1 true WO2009113376A1 (en) 2009-09-17

Family

ID=41065048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/053018 WO2009113376A1 (en) 2008-03-10 2009-02-20 Os start propriety judgment device, os start propriety judgment system, os start propriety judgment method, and os start propriety judgment program

Country Status (2)

Country Link
JP (1) JP2011128659A (en)
WO (1) WO2009113376A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012111317A (en) * 2010-11-24 2012-06-14 Toyota Motor Corp Device and method for management of vehicle-mounted application
JP2020049744A (en) * 2018-09-26 2020-04-02 キヤノン株式会社 Image processing device, information processing method and program

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112011105566T5 (en) * 2011-08-30 2014-05-15 Hewlett-Packard Development Co., L.P. Bios network access

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10333902A (en) * 1997-05-27 1998-12-18 N Ii C Joho Syst:Kk Computer system with alteration detecting function
JP2004096666A (en) * 2002-09-04 2004-03-25 Matsushita Electric Ind Co Ltd Semiconductor device having encryption part, semiconductor device having external interface, and contents reproducing method
JP2007066021A (en) * 2005-08-31 2007-03-15 Nec Electronics Corp External data falsification detecting device and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10333902A (en) * 1997-05-27 1998-12-18 N Ii C Joho Syst:Kk Computer system with alteration detecting function
JP2004096666A (en) * 2002-09-04 2004-03-25 Matsushita Electric Ind Co Ltd Semiconductor device having encryption part, semiconductor device having external interface, and contents reproducing method
JP2007066021A (en) * 2005-08-31 2007-03-15 Nec Electronics Corp External data falsification detecting device and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012111317A (en) * 2010-11-24 2012-06-14 Toyota Motor Corp Device and method for management of vehicle-mounted application
JP2020049744A (en) * 2018-09-26 2020-04-02 キヤノン株式会社 Image processing device, information processing method and program
JP7129296B2 (en) 2018-09-26 2022-09-01 キヤノン株式会社 Image processing device, image processing device control method

Also Published As

Publication number Publication date
JP2011128659A (en) 2011-06-30

Similar Documents

Publication Publication Date Title
JP5475475B2 (en) Program execution device, control method, control program, and integrated circuit
JP4278327B2 (en) Computer platform and operation method thereof
EP1422591B1 (en) Program update method and server
JP5369502B2 (en) Device, management device, device management system, and program
JP6275653B2 (en) Data protection method and system
US8219806B2 (en) Management system, management apparatus and management method
CN107438849B (en) System and method for verifying integrity of electronic device
US8756414B2 (en) Information processing apparatus, software verification method, and software verification program
JP4116024B2 (en) Peripheral usage management method, electronic system and component device thereof
JP3955906B1 (en) Software management system and software management program
US20080278285A1 (en) Recording device
BRPI1003963A2 (en) integrated circuit chip, information processing apparatus, information processing system, method, and, storage medium
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
JP2008234217A (en) Information processor, method of protecting information, and image processor
US8423473B2 (en) Systems and methods for game activation
WO2009113376A1 (en) Os start propriety judgment device, os start propriety judgment system, os start propriety judgment method, and os start propriety judgment program
JP2009080772A (en) Software starting system, software starting method and software starting program
JP2004213057A (en) System for preventing unauthorized use of software
KR101266411B1 (en) Method of copy protect for digital device and apparatus thereof
US11971991B2 (en) Information processing apparatus, control method for controlling the same and storage medium
JP2005318299A (en) Electronic data storage system for storing electronic data while securing evidentiality of electronic data
JP5355351B2 (en) Computer
JP5278520B2 (en) Information processing apparatus and information protection method
KR100847659B1 (en) Method and device for data leakage prevention using ID verification method of key lock board and security USB memory
CN116415313A (en) Safety all-in-one machine, protection method and device of safety all-in-one machine

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09719334

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09719334

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP