WO2020183562A1 - Validity authentication activation management system - Google Patents

Validity authentication activation management system Download PDF

Info

Publication number
WO2020183562A1
WO2020183562A1 PCT/JP2019/009669 JP2019009669W WO2020183562A1 WO 2020183562 A1 WO2020183562 A1 WO 2020183562A1 JP 2019009669 W JP2019009669 W JP 2019009669W WO 2020183562 A1 WO2020183562 A1 WO 2020183562A1
Authority
WO
WIPO (PCT)
Prior art keywords
security information
hardware
legitimacy
check
information
Prior art date
Application number
PCT/JP2019/009669
Other languages
French (fr)
Japanese (ja)
Inventor
哲 菅野
Original Assignee
ココン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ココン株式会社 filed Critical ココン株式会社
Priority to PCT/JP2019/009669 priority Critical patent/WO2020183562A1/en
Priority to JP2019518583A priority patent/JP6564549B1/en
Publication of WO2020183562A1 publication Critical patent/WO2020183562A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

Definitions

  • the present invention is an invention relating to a technique for managing the booting of an operating system by authenticating the validity of peripheral hardware and various chips under the MPU.
  • the prior art shows a technique for authenticating whether a PC that performs long-distance communication with a center server is a legitimate PC by performing a validity test of a program that requests long-distance communication.
  • This technology it is possible to detect inconsistencies such as rewriting, changing, and damage to programs that have been owned from the beginning.
  • inconsistencies such as rewriting, changing, and damage to programs that have been owned from the beginning.
  • the following legitimacy authentication activation management system is provided in the present invention. That is, as the first invention, when the computer is started up and before the system is started, the computer is directly or indirectly under the control of the MPU (hereinafter, "directly or indirectly under the control of the MPU” is simply under the control of the MPU.
  • the security information acquisition unit that acquires the security information of the hardware in the check target area that can be used in (.)
  • the validity authentication information that is the information for authenticating the validity of the hardware under the MPU of the computer.
  • the legitimacy check section that checks the legitimacy of the hardware using the retained legitimacy authentication information holding section, the acquired security information, and the retained legitimacy authentication information, and the check by the legitimacy check section.
  • the system boot process is continued, and if the check result is not valid for all hardware in the check target area.
  • a security information storage unit composed of a ROM that records security information of all hardware in a check target area that can be used under the MPU of a computer, and the security information acquisition unit has a security information storage unit. , Provide the validity authentication activation management system described in the first invention for acquiring security information from the security information storage unit.
  • the security information of all hardware within the check target area that can be used under the MPU obtained by starting the MPU of the computer before the system is started at the time of starting the computer. It has a startup security information acquisition unit that acquires startup security information that is based on security information, and the validity check unit has security information stored in the security information storage unit and startup security.
  • the validity authentication activation management system according to the second invention, which has a startup validity checking means for checking the validity of startup security information based on information.
  • the authenticity of the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit is provided.
  • the validity authentication activation management system described in the second invention or the third invention which further has a storage security information authenticity judgment unit for checking.
  • the security information acquisition unit does not acquire the security information from the security information storage unit.
  • the legitimacy authentication activation management system according to the fourth invention, which further has an acquisition restriction unit for controlling.
  • the legitimacy authentication information holding unit activates the legitimacy authentication according to any one of the first to fifth inventions for holding the legitimacy authentication information in the tamper resistance region.
  • the legitimacy authentication information holding unit activates the legitimacy authentication according to any one of the first to fifth inventions for holding the legitimacy authentication information in the tamper resistance region.
  • the security information acquisition unit has the legitimacy described in any one of the first to sixth inventions configured in the ROM, which is the hardware that can be used under the MPU. Provides an authentication activation management system.
  • the validity check unit is configured in the ROM which is the hardware under the MPU, and the security information is transmitted to the validity authentication information holding unit in the tamper resistance area, and the security information is transmitted to the ROM.
  • the validity authentication activation management system described in the sixth invention or the seventh invention based on the sixth invention which certifies the validity according to the content of the reply.
  • the ROM in which the security information acquisition unit is configured has tamper resistance, and the validity authentication activation management described in the seventh invention or the eighth invention based on the seventh invention. Provide a system.
  • the ROM in which the validity check unit is formed has tamper resistance, and the validity authentication activation management described in the eighth invention or the ninth invention based on the eighth invention. Provide a system.
  • a legitimacy authentication information holding unit that holds the legitimacy authentication information corresponding to each hardware, which is information for authenticating the legitimacy of the hardware under the MPU of the computer. It is a method of operating the authentication activation management system that has the security information acquisition step of acquiring security information from the hardware under the MPU of the computer at the time of starting the computer and before starting the system, and the acquired security information.
  • the validity check step for checking the validity of each hardware using the retained validity authentication information and the check result in the validity check section are valid for all hardware in the check target area. If the check result is, the system boot process is continued, and if the check result is not valid for all hardware in the check target area, the system boot process is not started.
  • Provided is a method of operating a legitimacy authentication activation management system having.
  • a legitimacy authentication information holding unit that holds legitimacy authentication information corresponding to each hardware, which is information for authenticating the legitimacy of the hardware under the MPU of the computer.
  • a security information acquisition step that acquires security information from the hardware under the MPU of the computer at the time of computer startup and before the system is started, and the acquired security information.
  • the validity check step for checking the validity of each hardware using the retained validity authentication information and the check result in the validity check section are valid for all hardware in the check target area. If the check result is, the system boot process is continued, and if the check result is not valid for all hardware in the check target area, the system boot process is not started.
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the first embodiment
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the second embodiment
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the third embodiment The figure which shows an example of the hardware configuration of the legitimacy authentication activation management system of Embodiment 3.
  • a functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the other embodiment 1 of the third embodiment A diagram showing an example of the hardware configuration of the other embodiment 1 of the other embodiment 1 of the legitimacy authentication activation management system of the embodiment 3.
  • a diagram showing an example of the hardware configuration of the other embodiment 2 of the third embodiment of the legitimacy authentication activation management system The figure which shows an example of the structure of the process flow of the legitimacy authentication activation management system of the other Embodiment 2 of embodiment 3.
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the fourth embodiment Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the fifth embodiment
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the sixth embodiment
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the seventh embodiment
  • Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the eighth embodiment
  • FIG. 1-a shows a state in which various hardware are properly arranged.
  • the hardware (0101) is increased by one as compared with FIG. 1-a.
  • the hardware indicated by 0101 corresponds to unknown.
  • the hardware configuration under the MPU cannot be justified.
  • the validity of all hardware is recognized within the check target area under the MPU by using a method of checking the validity of security information at the time of starting up the computer or a partial function of the computer. It is a legitimacy authentication startup management system that allows the system to start only in cases.
  • subordinate to MPU means that the MPU is in a position to directly or / or indirectly access and process information as described above. Generally, it refers to the relationship between the management processor on the board and the information processing chip on the board, or information processing with the management processor via the chipset on the motherboard, and the board is not necessarily limited to the motherboard. .. Further, “MPU” refers to a so-called processor such as a CPU or GPU.
  • FIG. 2 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it is composed of a security information acquisition unit (0201), a validity authentication information holding unit (0202), a validity check unit (0203), and a start processing continuation / cancellation unit (0204).
  • the present invention is an invention that manages the startup of the computer system by authenticating the validity of the hardware configuration under the MPU of the computer before starting the computer and starting the system in the normal usable state. Therefore, first, at what stage of the booting process of the computer system, the authentication and management in the present invention can be executed.
  • BIOS BASIC INPUT / OUTPUT SYSTEM
  • the BIOS When the power of the computer is turned on, the BASIC INPUT / OUTPUT SYSTEM (hereinafter referred to as "BIOS") or the like recorded in the flash memory is activated.
  • BIOS When the power of the computer is turned on, the BASIC INPUT / OUTPUT SYSTEM (hereinafter referred to as "BIOS") or the like recorded in the flash memory is activated.
  • BIOS When the power of the computer is turned on, the BIOS is first started, it first connects various hardware located on the motherboard under the MPU, various hardware that communicates with the MPU via the chipset, and various connected interfaces connected to each port. Check if there is any and if the connection is normal (power on self test). After that, the initialization process for enabling the various hardware to operate is instructed to the various hardware on each motherboard and the various interfaces connected to the ports. Then check the boot drive.
  • the BIOS expands the boot program (bootstrap loader) from the boot drive (for example, the hard disk drive on which the OS is installed) to the main memory and passes control to the boot loader.
  • the boot loader expands the OS to main memory and guides the OS to the boot state. This puts the computer in a system-enabled state.
  • Application software, various computer functions, communication, etc. become possible.
  • computers are personal computers, laptop computers, tablet terminals, servers, large computers, smartphones, mobile phones, modems, routers, exchanges, various home appliances, robots, smart meters, machine tools, plant control equipment, automobiles, etc. Includes various items such as airplanes, ships, and automated teller machines (ATMs).
  • the invention of the present application is configured to be performed and terminated before the BIOS performs various connection checks and the like and hands over the process to the boot loader, or before the boot loader continues the system boot process such as the OS and completes it.
  • the BIOS has more functions than those described above, and the processing that is common to the general BIOS can be simply expressed as described above.
  • the technology most commonly used in the general-purpose computer at the time of filing the present invention will be described as a specific example, but the technology known at the present time other than that used as a specific example (for example, , Unified Extensible Firmware Interface (hereinafter referred to as "UEFI"), as well as for technologies developed in the future in which the principles of the present invention can be reproduced. Function. Therefore, the specific description of each of the following embodiments (Embodiments 1 to 12) naturally includes cases other than starting the computer using the BIOS.
  • UEFI Unified Extensible Firmware Interface
  • the invention of the present application is characterized in that it detects an unknown that is present on the motherboard and cannot be visually noticed by the user, various hardware on the motherboard are described below in order to clarify the subject matter. Only wear will be given as a specific example. Therefore, although the interface connected to the port is not described as a specific example in the specification, it is connected to the port, for example, an unknown hidden in the keyboard steals the typing of the keyboard (so-called "fishing act"). It does not eliminate the detectability of unknown hidden inside the hidden interface, but by performing startup management using this system, the interface is connected to the port and the connected interface is used by the connecting computer.
  • the present invention also includes performing legitimacy authentication and activation management when the activation process is possible. This is common to Embodiments 1 to 12.
  • the type identification number and the like that identify the types of various hardware given to the signals that the BIOS comprehensively receives from various hardware can be considered as typical ones.
  • processing such as comparing the list of security information (details will be described later) with the legitimacy authentication information, it is possible to perform the legitimacy authentication of various hardware configurations arranged under the MPU. Then, if the legitimacy is authenticated, the computer startup process is completed, and if the legitimacy is not authenticated, the computer startup process is stopped.
  • BIOS has a list of hardware to be started in the first place and if the connection check etc. is performed according to the list, the validity of the hardware configuration is authenticated, but the BIOS However, it is possible that the list that you have in the first place has been rewritten. Therefore, it is dangerous to have only the BIOS guarantee the correctness of the configuration.
  • the "security information acquisition unit” acquires the security information of the hardware under the MPU of the computer at the time of starting up the computer and before starting the system.
  • "Security information” is information used to determine whether or not the hardware is legitimate hardware.
  • Hardware security information identifies hardware such as identification information such as a private key given to specific hardware, hardware type identification information, individual hardware identification information, hardware boot status information, and the like. This is unique information among the hardware under the preset MPU that can be set. It may be composed of one piece of information, or a plurality of pieces of information may be combined and treated as one piece of security information.
  • the means by which the security information acquisition unit acquires security information is not limited in this embodiment.
  • a method of acquiring by transmitting from all hardware in the check target area under the MPU can be considered.
  • the security information acquisition department registers the security information of all hardware in advance in the check target area placed under the MPU of the computer equipped with this validity authentication activation management system.
  • a method to obtain it is conceivable.
  • the method is not limited as long as it can obtain possible security information.
  • the "check target area” can be limited in scope by the design concept of the computer, but basically it is hardware that is adjusted so that it can be finally used in the system by the system boot process by BIOS or UEFI. Say the range of.
  • the "validity authentication information holding unit” holds the validity authentication information which is the information for authenticating the validity of the hardware under the MPU of the computer.
  • the "validity authentication information” is hardware based on the design information that can specify all the types of hardware that are determined to be under the MPU at the time of designing the computer equipped with this validity authentication activation management system. It's like the identification information of. It is composed of information that can identify the hardware that should be stored in the design under the MPU of the computer. For example, it may be configured by preset unique information capable of identifying hardware such as hardware type identification information, hardware individual identification information, and hardware startup status information.
  • a solution obtained by substituting various identification information into a hash function or the like a solution obtained by substituting all the identification information into a hash function or the like, a hash function to which the identification information should be substituted, etc.
  • the "validity check unit” checks the validity of the hardware by using the acquired security information and the retained validity authentication information.
  • the legitimacy authentication information is specific information obtained based on the legitimate design information of the hardware to be stored under the MPU of the computer equipped with the legitimacy activation management system. Since the hardware that is inserted into the motherboard or replaced later is not placed on the motherboard based on the legitimate design information, the security information related to these unknowns will not be authenticated by the legitimacy authentication information. .. Using this information and the security information, the validity of the hardware is checked through the process of determining whether the security information is legitimate information.
  • the legitimacy authentication information of the hardware based on the hardware design information that should be stored under the MPU of the computer equipped with this legitimacy activation management system it can be determined by comparing whether or not the security information and the hardware identification information based on the design information completely match. The legitimacy is affirmed when the security information and the hardware identification information based on the design information are exactly the same. If some of them do not match, or if all the hardware identification information based on the design information matches, but the security information that is not included in the hardware identification information based on the design information is included, the validity is denied. Will be done.
  • the legitimacy authentication information is information that uniquely corresponds to the design-time information of the hardware that should be stored under the MPU of the computer equipped with this legitimacy startup management system (for example, the legitimate hardware as the design-time information).
  • the same processing that generated the uniquely corresponding information can be performed using the security information obtained from the hardware, and the judgment can be made by comparing the results. it can.
  • the legitimacy authentication information may be a hash value of each security information.
  • the validity of each hardware is authenticated by incorporating the security information obtained from each hardware into the hash function and comparing the generated value with the validity authentication information.
  • Start processing continuation stop section allows the system startup process to continue when the check result in the validity check section is valid for all hardware, and is valid for all hardware. If the result is not the same as, the process of not continuing the system startup process is performed. For example, if all the results of the validity check are valid, the boot processing continuation canceling unit does not perform the boot processing stop processing, so that the system boot continues. If the legitimacy is denied as a result of the legitimacy check, the start processing continuation stop unit may issue an instruction to stop the start process and stop the start process.
  • the start processing continuation stop unit issues a start processing continuation command to continue the start processing, and it is not the result that all the validity check results are valid.
  • the start processing continuation / cancellation unit cancels the start processing by issuing a start processing command.
  • FIG. 3 is an example diagram conceptually showing the state of the hardware configuration after the computer equipped with this system is started.
  • the present invention can basically be composed of a computer and a program (including BIOS and OS), devices on various motherboards, and various interface devices that are added under the MPU via ports. ..
  • BIOS ROM (0301), memory card (0302), main memory (0303), flash memory (0304), clock generator (0305), SATA connector (0306), network controller chip (0307).
  • Sound controller chip (0308), Display controller chip (0309), Graphics processing unit (0310), Port 80 display (0311), Chipset (0312: In the chipset, the above-mentioned network controller chip, sound controller chip , Display controller chips and other chips may be integrated), various other expansion cards (0313: for example, graphics cards such as PCI-Express), hard disk drives (0314: OS is a chipset in many computers) Since it is located in the hard disk drive below, the hard disk drive is located under the chipset in the figure, but it can be placed directly under the MPU or under the chipset.) Etc. are held in the non-volatile memory. , Loaded into main memory, referenced and used when executing a series of programs.
  • interface devices include communication devices, keyboards, displays, mice, external memories such as microphones, speakers, and USB memory (not shown), optical drivers, magnetic drivers, scanners, printers, cameras, and the like.
  • the operation of the computer is basically to load the programs and data recorded in the non-volatile memory (including flash memory, hard disk drive, external memory, etc.) into the main memory, and then load the main memory and MPU (for example, CPU, GPU, etc.). It takes the form of executing processing with various hardware. Communication with the hardware is done via an interface connected to the bus line.
  • the non-volatile memory including flash memory, hard disk drive, external memory, etc.
  • MPU for example, CPU, GPU, etc.
  • the non-volatile memory (0316) used after the computer system is started under the MPU (0315).
  • the various programs (0317) stored in the main memory (0318) are not expanded at this stage.
  • the main memory is expanded to various hard drives with BIOS that can be read from the flash memory (in the example in the figure, memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller. Chips, display controller chips, graphics processing units, port 80 displays, chipsets, expansion cards, hard disk drives are examples), and various interfaces connected to the ports (communication devices, keyboards in the examples in the figure).
  • the boot loader (0319) is acquired from the hard disk drive storing the OS and expanded in the main memory.
  • the main memory boots the OS according to the boot program of the expanded boot loader, puts the OS in the boot state, and puts various hardware under the control of the OS.
  • the basic structure of the above hardware configuration is common to all the embodiments of the validity authentication activation management system (all of the first to the twelfth embodiments).
  • FIG. 4 is a diagram showing an example of the hardware configuration of the validity authentication activation management system according to the first embodiment. Since the validity authentication startup management system in the present embodiment has a problem of processing before the OS is started, a program under the BIOS that is in the started state at that time (in this embodiment: security information acquisition program, legitimacy). It has at least a sex check program and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
  • sub OS this legitimacy authentication startup management system
  • the book is managed under the control of the sub OS. It can also be configured to run a legitimacy authentication activation management system.
  • the "security information acquisition program” acquires security information.
  • the source of security information is not limited.
  • the "validity check program” authenticates the validity of the hardware under the MPU by using the security information and the validity authentication information.
  • the “start processing continuation cancel program” does not stop the continuation of the startup process if the legitimacy is confirmed according to the validity check result of the validity check section, and if the legitimacy is not recognized, the program does not stop the continuation of the startup process. Cancels the continuation of the startup process.
  • Each of the expanded programs is executed sequentially or constantly.
  • FIG. 5 is a superordinate conceptual processing flow diagram of the first embodiment.
  • the "security information acquisition step” (0501) which acquires the security information of the hardware under the MPU of the computer at the time of starting up the computer and before starting the system, checks the validity of the acquired security information.
  • "Validity check step” (0502), "Security information validity check result judgment unit” (0503) to judge whether the result of the security information validity check is valid, check result by the validity check unit If is not the check result that is valid for all hardware, the system boot process is not continued in the "start process continuation stop step” (0504), and the validity check result is valid for all hardware.
  • At least the “startup process continuation step” (0505) for continuing the system boot process when the check result is obtained is executed.
  • FIG. 6 is a diagram showing an example of a more specific processing flow of the first embodiment.
  • the "security information acquisition step” (0601) in which the security information of the hardware under the MPU of the computer is acquired at the time of starting up the computer and before the system is started, the security information is acquired for each hardware. Therefore, the "security information acquisition completion determination step” (0602) for confirming whether the acquisition of security information from all hardware has been completed, and the “validity check step” (0603) for checking the validity of the acquired security information. ), “Security information validity check result judgment step” (0604) to judge whether the result of the security information validity check is valid, and the check result in the validity check section is valid for all hardware.
  • the invention in the present embodiment is the invention described in the first embodiment, and is under the control of the MPU of a personal computer equipped with the present legitimacy authentication activation management system by using the security information acquired from the security information storage unit. Authenticate the hardware placed in.
  • FIG. 7 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication activation management system according to the second embodiment.
  • the security information storage unit (0701), the security information acquisition unit (0702), the validity authentication information holding unit (0703), the validity check unit (0704), the start processing continuation / cancellation unit (0705), and the like. Consists of. In the following, the description of the configuration common to the first embodiment will be omitted, and the configuration peculiar to the present embodiment will be described.
  • the "security information storage unit” is composed of a ROM in which security information is recorded.
  • ROM is an abbreviation for READ ONLY MEMORY, and although it can be read, it cannot be overwritten or deleted in principle. Moreover, since it is a non-volatile memory, it is possible to record information without the need to supply power.
  • the security information stored in the security information storage unit can be called hardware identification information based on the design information of the hardware placed under the MPU of the computer equipped with this validity authentication activation management system. It is composed of a list of.
  • the list of hardware retained as security information defines the contents to be registered based on the design information of the hardware equipped with this validity authentication activation management system.
  • the list of hardware that is security information is preferably a list of all hardware under the MPU, but it is also possible to make a partial list. In the case of a partial list, there is a possibility that the unknown exists or has been rewritten in the unlisted part, so the credibility of the authentication result using this system decreases.
  • the security information acquisition unit of the present embodiment acquires the security information of the hardware under the MPU of the computer from the security information acquisition unit at the time of starting up the computer and before starting the system.
  • various hardware will start up in preparation for booting.
  • the security information storage department sends the security information acquisition department to the security information acquisition department. Security information is sent. Since the security information acquired by the security information acquisition unit includes the security information accumulated by the security information storage unit, a list of hardware showing the design items of the hardware configuration at the time of designing at the subsequent validity check stage. Will be checked for validity.
  • FIG. 8 is a diagram showing an example of the most basic hardware configuration of the second embodiment.
  • Various hardware shown in the figure memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk
  • the basic structure of the drive MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
  • sub OS this legitimacy authentication boot management system
  • this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
  • the "security information acquisition program” is a program for acquiring security information of hardware under the MPU of the computer from the security information storage unit at the time of starting up the computer and before starting the system.
  • the security information storage unit refers to a memory itself such as a ROM that stores security information or an area existing in the memory.
  • the security information acquisition program accesses the security information storage unit, acquires the security information, and expands the security information in the main memory.
  • Each of the expanded programs is executed sequentially or constantly.
  • various setting information such as security information, legitimacy authentication information, legitimacy judgment result, stop order, communication (not shown), etc. are retained. It is loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and is referred to and used when executing the program of the legitimacy authentication startup management system.
  • FIG. 9 is a diagram showing a processing flow of the most basic configuration of the second embodiment.
  • the "security information acquisition step from the security information storage unit” (0901), in which the security information of the hardware under the MPU of the computer is acquired from the security information storage unit at the time of starting up the computer and before the system is started.
  • "Validity check step” (0902), “Security information check result determination step” (0903), “Startup process continuation stop step” (0904), “Startup process continuation step” (0905) are executed at least. Since the steps for performing the processing common to the first embodiment have already been described in the first embodiment, the description thereof has been omitted.
  • the invention in the present embodiment includes security information of hardware under the MPU obtained by starting the MPU of the computer at the time of starting the computer and before starting the system. It is characterized in that the validity authentication activation management is performed by using the startup security information which is the based security information.
  • FIG. 10 is a functional block diagram showing an example of the configuration of the most basic invention of the validity authentication activation management system in the present embodiment.
  • the description of the configuration common to the second embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • the "start-up security information acquisition unit" is the start-up security which is security information based on the security information of the hardware under the MPU obtained by starting up the MPU of the computer at the time of starting the computer and before starting the system. Get information.
  • type identification information given for each type of hardware, individual identification information given for each individual hardware, and the like can be considered. Alternatively, it may be identification information given as a unique number that can be authenticated as security information in this legitimacy authentication activation management system.
  • the BIOS As a method of acquiring security information at startup, when the BIOS receives a startup signal or the like for booting from each hardware, a method of acquiring it in association with or as information contained therein can be considered.
  • the BIOS acquires the startup security information
  • the BIOS writes the startup security information in the memory area in the order in which the startup security information is acquired, thereby generating a list of the startup security information.
  • the memory that generates the list of startup security information may be the main memory, or may be configured to provide a storage area for storing other startup security information. Alternatively, it may be configured as a cache memory on the chip in which the BIOS resides.
  • the list of security information at startup is a list used for authentication each time the computer is started, and is information that should be acquired each time the computer is started. Therefore, it is a temporary record that is stored only when the computer is started. It suffices if it is configured to be memorable.
  • the "startup validity check means" is security information, and checks the validity of the startup security information based on the security information stored in the security information storage unit and the startup security information. ..
  • FIG. 11 is a diagram conceptually showing a check method by the start-up validity check means. As shown in the figure, the validity of the startup security information is judged by using the startup security information and the accumulated security information. As described above, the startup security information is acquired by the hardware that manages and controls the startup of various hardware such as the BIOS as information for identifying various hardware arranged under the MPU at the time of computer startup. To. The startup legitimacy information can be said to be an exhaustive list of information in the computer under the MPU and hardware related to the operation of the computer. Therefore, by checking the validity of the startup security information by the startup validity checking means, it is determined whether or not the various hardware under the MPU has a configuration in line with the designer's design intention. It becomes possible.
  • FIG. 11 is a diagram showing an example of the most basic hardware configuration of the third embodiment.
  • Various hardware shown in the figure memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk
  • the basic structure of the drive MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
  • a program in the present embodiment: security information acquisition: acquisition of security information
  • security information acquisition acquisition of security information
  • BIOS has at least a program, a validity check program, a startup security information acquisition program, a startup validity check program, and a start processing continuation / cancellation program
  • these programs can be processed by the MPU.
  • various information may be configured to be expanded in the main memory by the BIOS.
  • the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
  • sub OS this legitimacy authentication boot management system
  • this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
  • the startup security information is obtained from all or part of the security information of the hardware under the MPU of the computer.
  • the "validity check unit” performs a validity check based on the security information stored in the security information storage unit, the startup security information, and the validity authentication information.
  • the “start-up validity check means” checks the validity of the start-up security information based on the security information stored in the security information storage unit and the start-up security information.
  • Each of the expanded programs is executed sequentially or constantly.
  • the data referred to when executing this legitimacy authentication activation management system includes security information, legitimacy authentication information, legitimacy judgment result, startup security information, startup validity check result, and stop order.
  • Various setting information such as communication (not shown) is retained, loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and is referred to and used when executing the program of the legitimacy authentication startup management system. ..
  • FIG. 13 is a diagram showing a processing flow of the most basic configuration of the third embodiment.
  • (1303) "Startup Legitimacy Check Substep” (1304) for authenticating the validity of the startup security information based on the accumulated security information and the startup security information, at the time of startup.
  • “Start-up security information check result judgment step” (1305) to judge whether the validity check result is valid, when the startup security information is valid as the start-up security information check result.
  • Embodiment 3 Other Embodiment 1: Ensuring the authenticity of accumulated security information> ⁇ Embodiment 3 Other Embodiment 1: Overview> As conceptually shown in FIG. 14, in addition to the configuration of the third embodiment, the present embodiment has a configuration in which the authenticity of the accumulated security information is guaranteed by a check using the legitimacy authentication information.
  • FIG. 15 is a functional block diagram showing an example of the configuration according to the other first embodiment.
  • the security information storage unit (1501), the security information acquisition unit (1502), the stored security information authenticity judgment unit (1503), the validity authentication information holding unit (1504), and the validity check unit (1505). It is composed of a start processing continuation stop unit (1506).
  • the description of the configuration common to the other embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • Embodiment 3 Other Embodiment 1: Explanation of configuration> ⁇ Embodiment 3 Other Embodiment 1 Description of configuration: Accumulated security information authenticity judgment unit>
  • the "stored security information authenticity judgment unit" is the security information stored using the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit. Check the authenticity.
  • a method of checking the stored security information using the legitimacy authentication information can be considered.
  • the security information acquisition unit first acquires the security information accumulated in the security information storage unit.
  • Hardware that determines whether the content of the acquired security information is legitimate using the legitimacy authentication information, and that the security information stored in the security information storage unit certainly contains the design items in line with the designer's intention. Authenticate that it is a list showing the wear configuration. In this way, a method of checking the authenticity of the security information stored in the security information storage unit using the legitimacy authentication information can be considered.
  • the security information whose authenticity has been authenticated is processed in association with the startup security information in the same manner as in the third embodiment, and the startup validity check result is acquired.
  • Legitimacy authentication that the legitimacy is authenticated only when the startup legitimacy check result that the security information stored in the security information storage unit and the startup security information are exactly the same is recognized. The result is obtained.
  • the authenticity of the security information accumulated in the security information storage unit arranged in a predetermined order is checked, and the security information whose authenticity is recognized and the start-up Performs operations to compare with time security.
  • This calculation has a lighter calculation load than the calculation using the legitimacy authentication information, which is particularly highly confidential and robustly protected. In other words, it can be calculated by a calculation process that does not require so much confidentiality. Therefore, this calculation can be performed at high speed, and has the effect that the calculation speed can be increased as a whole.
  • the hash operation for checking the validity of the stored security information the one held in the legitimacy authentication information holding unit together with the legitimacy authentication information can be used. That is, the hash function is taken out from the legitimate authentication information holding unit, and the hash value of the accumulated security information is obtained by using the hash function. With this configuration, it is possible to prevent falsification of the hash function, which enhances security.
  • the hash calculation of security information does not necessarily have to be processed once, and may be processed in multiple times.
  • By dividing the hash operation into a plurality of blocked security information in this way it is possible to determine which hardware block under the MPU was not validated, and to optimize the subsequent processing. You may be able to. For example, it is possible to take measures such that the continuation of the startup process is stopped because the legitimacy is not authenticated in some blocks, and the startup process is continued in other blocks whose legitimacy is recognized.
  • the validity authentication information is configured as encrypted information obtained when the hardware configuration information containing the design items according to the designer's intention is encrypted using a specific key, and is stored in the security information storage unit. By acquiring the encrypted security information encrypted using the same encryption key as creating the encrypted information in the security information, and comparing the legitimacy authentication information and the encrypted security information, both are completely. A configuration that authenticates the authenticity of security information can be considered only when they match.
  • the legitimacy authentication activation management system in the present embodiment is a process performed from when the computer is turned on until the start-up is completed, and the time required for hash calculation and encryption is that is, the computer stands up directly. It will be reflected as the time required for the above.
  • FIG. 16 is a diagram showing an example of the hardware configuration of the other embodiment 1.
  • Various hardware shown in the figure memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk
  • the basic structure of the drive MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
  • Embodiment 3 Other Embodiment 1: Hardware configuration About the fact that this system is under the BIOS> Since this legitimacy authentication boot management system has a problem of processing before the OS boots, a program under the BIOS that is in the boot state at that time (in this embodiment: security information acquisition program, accumulated security information authenticity judgment). It has at least a program, a validity check program, and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
  • sub OS this legitimacy authentication boot management system
  • this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
  • Embodiment 3 Other Embodiment 1: Hardware configuration Description of the program and information of the validity authentication activation management system> As shown in FIG. 16, as a program that executes common processing with other embodiments, there are a "security information acquisition program”, a “validity check program”, and a “start processing continuation / cancellation program”. Since the function of the program is the same as that of other embodiments, the description thereof will be omitted. As another program characteristic of the first embodiment, there is a "stored security information authenticity judgment program”. The "stored security information authenticity judgment program” is the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit. Check the authenticity. Each of the expanded programs is executed sequentially or constantly.
  • the data referred to when executing this legitimacy authentication activation management system includes security information, legitimacy authentication information, authenticity judgment result, legitimacy judgment result, stop order, various setting information such as communication (not shown), etc. Is retained, loaded into the main memory under the control of the BIOS (or under the control of the sub-OS), and referenced and used when executing the program of the legitimacy authentication startup management system.
  • FIG. 17 is an example diagram showing a processing flow of the most basic configuration of the other embodiment 1.
  • Embodiment 3 Other Embodiment 2: Overview>
  • the security information acquisition unit acquires the accumulated security information.
  • the configuration is such that the system startup is stopped at this stage so that it is not controlled and acquired.
  • FIG. 18 is a functional block diagram showing an example of the most basic configuration of the validity authentication activation management system according to the second embodiment.
  • the description of the configuration common to other embodiments will be omitted, and the configuration peculiar to this embodiment will be described.
  • the "acquisition control unit” controls so that the security information acquisition unit does not acquire security information from the security information storage unit when the judgment result of the accumulated security information authenticity judgment unit is not genuine. To do.
  • the acquisition restriction unit restricts the acquisition of security information by the security information acquisition unit
  • a method in which the acquisition restriction unit outputs a stop command instructing the security information acquisition unit to stop the acquisition process can be considered.
  • the security information acquisition unit is configured to acquire the security information only when the acquisition restriction unit issues an acquisition instruction, and the acquisition restriction unit does not issue the security information acquisition instruction to the security information acquisition unit. It may be configured to limit acquisition.
  • the acquisition restriction unit By configuring the acquisition restriction unit, if the accumulated security information is not genuine, it is not necessary to proceed with the process for starting after checking the authenticity, and the computer's computer can be installed earlier than when there is no acquisition restriction unit. Cancels the continuation of the startup process.
  • FIG. 19 is a diagram showing an example of the most basic hardware configuration of the other second embodiment.
  • Various hardware shown in the figure memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk
  • the basic structure of the drive MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
  • Embodiment 3 Other Embodiment 2 Hardware configuration Regarding the fact that this legitimacy authentication activation management system is under the BIOS> Since this legitimacy authentication boot management system has a problem of processing before the OS boots, a program under the BIOS that is in the booted state at that time (in this embodiment: security information acquisition program, accumulated security information authenticity judgment). It has at least a program, an acquisition control program, a validity check program, and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
  • sub OS this legitimacy authentication boot management system
  • this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
  • Embodiment 3 Other Embodiment 2 Description of hardware configuration program and information of legitimacy authentication activation management system>
  • a program that executes common processing with the other embodiment 1 there are a "security information acquisition program”, a "stored security information authenticity judgment program”, a “validity check program”, and a "start processing continuation / cancellation program”. Since the function of the program is the same as that of the fourth embodiment, the description thereof will be omitted.
  • an "acquisition restriction program” As another program characteristic of the second embodiment, there is an "acquisition restriction program”. If the "acquisition restriction program" determines that the judgment result of the stored security information authenticity judgment unit is not genuine, the security information acquisition department should not acquire the security information from the security information storage unit. Control.
  • Each of the expanded programs is executed sequentially or constantly.
  • the data referred to when the legitimacy authentication activation management system is executed includes security information, legitimacy authentication information, authenticity judgment result, acquisition control instruction, legitimacy judgment result, stop command, and bus line communication (not shown).
  • Various setting information and the like are retained, loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and are referred to and used when executing the program of the legitimacy authentication activation management system.
  • FIG. 20 is an example diagram showing the processing flow of the other embodiment 2.
  • the "stored security information authenticity judgment step” (2001), the stored security information authenticity judgment result judgment step “(2002), and the security information acquisition unit when the authenticity of the stored security information is not recognized.
  • "Acquisition control step” (2003) that restricts the acquisition of security information
  • Step (2005), “Validity check result determination step” (2006) for determining whether or not the validity check result is valid, and “Start processing continuation cancellation step” (2007) when the validity is not authenticated.
  • the description of the step of performing the process common to other embodiments is omitted.
  • Embodiment 4> ⁇ Outline of Embodiment 4>
  • the invention in the present embodiment is characterized in that, in addition to the features described in the first to third embodiments, the legitimacy authentication information is held in the tamper resistance region.
  • FIG. 21 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2101), a legitimacy authentication information holding unit (2102), a legitimacy checking unit (2103), and a start processing continuation / stopping unit (2104). The unit holds the legitimacy authentication information in the tamper-resistant area (2105).
  • a security information acquisition unit (2101)
  • a legitimacy authentication information holding unit 2102
  • a legitimacy checking unit 2103
  • start processing continuation / stopping unit 2104
  • the unit holds the legitimacy authentication information in the tamper-resistant area (2105).
  • the description of the configuration common to the invention described in any one of the first to third embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • the "tamper-resistant region” is a region having tamper resistance.
  • a tamper-resistant chip has been used as a typical hardware having tamper resistance.
  • the tamper-resistant chip has a very small data area that can be stored, and the processing speed is slow. Therefore, it is possible that the legitimacy authentication information cannot be stored in the same amount of data, and the legitimacy authentication information stored in the tamper-resistant chip is checked by the legitimacy authentication information holding unit. It may take several seconds to output to the unit, and the time required from the validity authentication of this system to the startup management has a large effect on the entire startup time.
  • tamper resistance means that confidential information such as an encryption key, the processing process of information, a program, etc. are extracted by observation or analysis from the outside, or data or a program is tampered with by interfering with the operation.
  • the anti-tamper chip has a mechanism that destroys the inside when it is enclosed in a special package and opened, a mechanism that detects air and light and automatically erases the contents of the semiconductor memory, and prevents the operation from being analyzed.
  • Anti-tamper resistance is achieved by a mechanism that keeps fluctuations in power consumption and processing time constant.
  • the function that the information recorded in the tamper resistance area for example, the validity authentication information and the hash function can be read from the outside but is not tampered with or destroyed, may be referred to as tamper resistance.
  • the function of not only being not tampered with or destroyed but also being unable to read internal information from the outside is sometimes called tamper resistance.
  • the validity authentication information and hash function that cannot be tampered with are guaranteed to be valid immediately after being taken out from the tamper resistance area, and these information and functions are used outside the tamper resistance area. Even so, the correct processing can be performed.
  • An example of the hardware configuration of the fourth embodiment corresponds to the example of the hardware configuration described in any one of the first to third embodiments. Therefore, since it has already been described in any one of the first to third embodiments, the description thereof will be omitted in the present embodiment.
  • Example 4 Processing flow> An example of the processing flow of the legitimacy authentication activation management system of the fourth embodiment is consistent with the example of the processing flow described in any one of the first to third embodiments. Therefore, since it has already been described in any one of the first to third embodiments, the description thereof will be omitted in the present embodiment.
  • a security information acquisition unit is configured in a ROM which is hardware under the MPU. To do.
  • the term "configured” here means that the configuration is ready to be executed by reading the configuration and expanding it in the main memory.
  • FIG. 22 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (20201), a legitimacy authentication information retention unit (2202), a legitimacy check unit (2203), and a start processing continuation / cancellation unit (2204). The unit is held in the tamper resistance area (2205), and the security information acquisition unit is configured in the ROM (2206), which is the hardware under the MPU.
  • the description of the configuration common to the invention described in any one of the first to fourth embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • Embodiment 5 Configuration As described above, since the ROM can only be read, the information stored in the ROM cannot be rewritten in principle unless the ROM itself is replaced.
  • an arithmetic circuit may be arranged so as to perform security information acquisition processing without expanding to the main memory.
  • the security information acquired in this case may be expanded to the main memory for processing, or a separate memory may be prepared for calculation and the location may be used to perform calculation processing for legitimacy authentication. You may.
  • An example of the hardware configuration of the fifth embodiment corresponds to the example of the hardware configuration described in any one of the first to fourth embodiments. Therefore, since it has already been described in any one of the first to fourth embodiments, the description thereof will be omitted in the present embodiment.
  • the validity check unit is configured in the ROM, and the security information is tamper resistant. It is characterized in that it is transmitted to the legitimacy authentication information holding unit in the area and the legitimacy is authenticated according to the reply content.
  • the fact that the validity check unit is configured in the ROM means that the configuration can be read and expanded in the main memory in the same manner as described above.
  • an arithmetic circuit may be arranged so as to perform the validity check process without expanding to the main memory.
  • the legitimacy authentication information acquired in this case and the acquired security information may be expanded to the main memory for processing, or a memory may be separately prepared for calculation and the location may be used for the legitimacy authentication calculation. It may be configured to perform processing.
  • FIG. 23 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2301), a legitimacy authentication information holding unit (2302), a validity checking unit (2303), and a start processing continuation / stopping unit (2304). The unit holds the validity authentication information in the tamper-resistant area (2305), and the validity check unit is configured in the ROM (2306).
  • the description of the configuration common to the invention described in the fourth embodiment or the fifth embodiment based on the fourth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • An example of the hardware configuration of the sixth embodiment is consistent with the example of the hardware configuration described in the fourth embodiment or the fifth embodiment based on the fourth embodiment. Therefore, since the description has already been given in the fourth embodiment or the fifth embodiment based on the fourth embodiment, the description thereof will be omitted in the present embodiment.
  • Embodiment 7> ⁇ Outline of Embodiment 7>
  • the invention in the present embodiment is characterized in that, in addition to the features of the invention described in the fifth embodiment or the sixth embodiment based on the fifth embodiment, the ROM in which the security information acquisition unit is configured has tamper resistance. It is an invention.
  • FIG. 24 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2401), a legitimacy authentication information holding unit (2402), a legitimacy checking unit (2403), and a start processing continuation / stopping unit (2404).
  • the unit holds the validity authentication information in the anti-tamper area (2405), the validity check part exists in the ROM (2406), and the security information acquisition part is the ROM which is the hardware under the MPU. It is configured in (2407) and is a tamper resistant region (2408).
  • the description of the configuration common to the invention described in either the fifth embodiment or the sixth embodiment based on the fifth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • Example 7 Processing flow> An example of the processing flow of the legitimacy authentication activation management system of the seventh embodiment is consistent with the example of the processing flow described in either the fifth embodiment or the sixth embodiment based on the fifth embodiment. Therefore, since the description has already been given in either the fifth embodiment or the sixth embodiment based on the fifth embodiment, the description thereof will be omitted in the present embodiment.
  • Embodiment 8> ⁇ Outline of Embodiment 8>
  • the invention in the present embodiment is characterized in that, in addition to the features of the invention described in the sixth embodiment or the seventh embodiment based on the sixth embodiment, the ROM in which the validity check unit is configured has tamper resistance. It is an invention.
  • FIG. 25 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2501), a validity authentication information holding unit (2502), a validity checking unit (2503), and a start processing continuation / cancellation unit (2504).
  • the unit holds the validity authentication information in the tamper-resistant area (2505), the validity check part exists in the ROM (2506), and the ROM in which the validity check part is configured is resistant. It has tamper properties (2507).
  • the description of the configuration common to the invention described in the sixth embodiment or the seventh embodiment subordinate to the sixth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
  • An example of the hardware configuration of the eighth embodiment is consistent with the example of the hardware configuration of the sixth embodiment or the seventh embodiment based on the sixth embodiment. Therefore, since the description has already been given in the sixth embodiment or the seventh embodiment based on the sixth embodiment, the description thereof will be omitted in the present embodiment.
  • Embodiment 9> ⁇ Outline of Embodiment 9>
  • the present embodiment relates to an operation method of a legitimacy authentication activation management system.
  • FIG. 5 is a diagram showing an example of the configuration of the operation method of the legitimacy authentication activation management system in the present embodiment.
  • the operation method of the validity authentication activation management system depends on the results of the security information acquisition step (0501), the validity check step (0502), the security information validity judgment step (0503), and the judgment step.
  • the start processing continuation stop step (0504) or the start processing continuation step (0505) is configured to be selected.
  • Embodiment 10> ⁇ Outline of Embodiment 10>
  • the present embodiment relates to an operation program of the validity authentication activation management system.
  • FIG. 5 is a diagram showing an example of the configuration of the operation program of the validity authentication activation management system in the present embodiment.
  • the operation program of the legitimacy authentication activation management system depends on the results of the security information acquisition step (0501), the legitimacy check step (0502), the security information legitimacy determination step (0503), and the determination step.
  • the start processing continuation stop step (0504) or the start processing continuation step (0505) is configured to be selected.
  • Embodiment 10 Configuration The program that executes the processing performed in each step is a security information acquisition program, a validity check program, and a start processing continuation / cancellation program.
  • the function of each program has already been described in the hardware configuration described in any one of the first to third embodiments, and more detailed functions are described in the configuration in which each process is performed in the first to third embodiments. Since it has already been explained as a description of the part, the description will be omitted in the present embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

A method for discovering an unknown having gotten mixed in inside of a computer has been sought after. Therefore, a validity authentication activation management system is provided that comprises: a security information acquisition unit for acquiring, before system activation at computer startup time, security information based on security information that pertains to the hardware under the command of the MPU of the computer; a validity authentication information retention unit for retaining validity authentication information that is used to authenticate the validity of the hardware under the command of the MPU of the computer; a validity check unit for checking the validity of the hardware using the acquired security information and the retained validity authentication information; and an activation process continue/halt unit for allowing a system activation process to continue when the result of check by the validity check unit indicates that all hardware pieces are valid, and not allowing the system activation process to continue when the result of check does not indicate that all hardware pieces are valid.

Description

正当性認証起動管理システムLegitimacy authentication activation management system
 本発明は、MPU配下の周辺ハードウエアや各種チップの正当性認証を行いオペレーティングシステムの起動を管理する技術に関する発明である。 The present invention is an invention relating to a technique for managing the booting of an operating system by authenticating the validity of peripheral hardware and various chips under the MPU.
 近年、コンピュータ内に製造者又は/及び使用者が把握していないプログラム(以下、「アンノウン」と呼ぶ)が組み込まれたハードウアや各種チップが組み込まれているという事件が発生している。このアンノウンの働きによって、使用者の利用履歴や通信履歴が無断で、かつ気づかれずに第三者に情報提供されていたり、通信傍受が行われていたり、不正なプログラム処理を引き起こしたりする事件が起きている。 In recent years, there have been cases in which hardware or various chips incorporating a program (hereinafter referred to as "unknown") that the manufacturer or / and the user do not know are incorporated in the computer. Due to the function of this unknown, there are cases where the user's usage history and communication history are provided to a third party without permission, communication is intercepted, and unauthorized program processing is caused. stay up.
特願2008-226191Japanese Patent Application No. 2008-226191
 先行技術では、センターサーバと遠距離通信を行うPCが正当なPCであるかを、遠距離通信を求めるプログラムの正当性テストを行うことによって認証する技術が示されている。当該技術では、当初より保有しているプログラムの書き換え、変更、破損等の齟齬を検出することが可能である。しかし、当該技術を用いても無断で追加された正体不明ハードウエアであるアンノウンの存在に気づくことはできなかった。 The prior art shows a technique for authenticating whether a PC that performs long-distance communication with a center server is a legitimate PC by performing a validity test of a program that requests long-distance communication. With this technology, it is possible to detect inconsistencies such as rewriting, changing, and damage to programs that have been owned from the beginning. However, even with this technology, it was not possible to notice the existence of unknown hardware that was added without permission.
 追加的に紛れ込んでいるアンノウンを見つけだす方法としては、物理的にハードを解体して、基板をチェックする方法や、高額かつ複雑な演算式を必要とするチェックシステムを内部に組み込む、あるいは外部に設ける方法が考えられていた。しかし、そのいずれも商品として販売する前にハードを解体する必要があったり、部品交換時に追加的に紛れ込まされた場合には検出できなかったり、費用が高額すぎたり、と現実的ではなかった。 As a method of finding out the unknown that is additionally mixed in, a method of physically disassembling the hardware to check the board, a check system that requires an expensive and complicated calculation formula is incorporated inside, or a check system is provided externally. The method was being considered. However, none of them was realistic because it was necessary to disassemble the hardware before selling it as a product, it could not be detected if it was additionally mixed in when replacing parts, and the cost was too high.
 そこで、コンピュータ内にアンノウンが追加的に紛れ込んでいることを発見することが可能であり、簡易かつ安価な方法が求められていた。 Therefore, it was possible to discover that unknowns were additionally mixed in the computer, and a simple and inexpensive method was required.
 そこで、上記課題を解決するために、本発明において、以下の正当性認証起動管理システムを提供する。すなわち、第一の発明として、コンピュータの立上時でシステム起動前に当該コンピュータの直接的又は/及び間接的にMPU配下(以下「直接的又は/及び間接的にMPU配下」を単に「MPU配下」という。)で利用可能とするチェック対象領域のハードウエアのセキュリティ情報を取得するセキュリティ情報取得部と、コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を保持する正当性認証情報保持部と、取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、ハードウエアの正当性をチェックする正当性チェック部と、正当性チェック部でのチェック結果がチェック対象領域内で全てのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理を続行させない起動処理続行中止部と、を有する正当性認証起動管理システムを提供する。 Therefore, in order to solve the above problems, the following legitimacy authentication activation management system is provided in the present invention. That is, as the first invention, when the computer is started up and before the system is started, the computer is directly or indirectly under the control of the MPU (hereinafter, "directly or indirectly under the control of the MPU" is simply under the control of the MPU. The security information acquisition unit that acquires the security information of the hardware in the check target area that can be used in (.) And the validity authentication information that is the information for authenticating the validity of the hardware under the MPU of the computer. The legitimacy check section that checks the legitimacy of the hardware using the retained legitimacy authentication information holding section, the acquired security information, and the retained legitimacy authentication information, and the check by the legitimacy check section. If the result is a check result that is valid for all hardware in the check target area, the system boot process is continued, and if the check result is not valid for all hardware in the check target area. Provides a legitimacy authentication startup management system having a startup processing continuation canceling unit that does not continue the system startup processing.
 次に、第二の発明として、コンピュータのMPU配下で利用可能とするチェック対象領域内で全てのハードウエアのセキュリティ情報を記録したROMからなるセキュリティ情報蓄積部を有し、前記セキュリティ情報取得部は、セキュリティ情報蓄積部からセキュリティ情報を取得する第一の発明に記載の正当性認証起動管理システムを提供する。 Next, as a second invention, there is a security information storage unit composed of a ROM that records security information of all hardware in a check target area that can be used under the MPU of a computer, and the security information acquisition unit has a security information storage unit. , Provide the validity authentication activation management system described in the first invention for acquiring security information from the security information storage unit.
 次に、第三の発明として、コンピュータの立上時でシステム起動前に当該コンピュータのMPUの立上によって得られる当該MPU配下で利用可能とするチェック対象領域内ですべてのハードウエアのセキュリティ情報に基づいたセキュリティ情報である立上時セキュリティ情報を取得する立上時セキュリティ情報取得部を有し、前記正当性チェック部は、前記セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、立上時セキュリティ情報とに基づいて立上時セキュリティ情報の正当性をチェックする立上時正当性チェック手段を有する第二の発明に記載の正当性認証起動管理システムを提供する。 Next, as a third invention, the security information of all hardware within the check target area that can be used under the MPU obtained by starting the MPU of the computer before the system is started at the time of starting the computer. It has a startup security information acquisition unit that acquires startup security information that is based on security information, and the validity check unit has security information stored in the security information storage unit and startup security. Provided is the validity authentication activation management system according to the second invention, which has a startup validity checking means for checking the validity of startup security information based on information.
 次に、第四の発明として、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、正当性認証情報保持部に保持されている正当性認証情報とを用いて蓄積されているセキュリティ情報の真正性をチェックする蓄積セキュリティ情報真正性判断部をさらに有する第二の発明又は第三の発明に記載の正当性認証起動管理システムを提供する。 Next, as a fourth invention, the authenticity of the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit. Provided is the validity authentication activation management system described in the second invention or the third invention, which further has a storage security information authenticity judgment unit for checking.
 次に、第五の発明として、蓄積セキュリティ情報真正性判断部での判断結果が真正でないとの判断結果である場合には、セキュリティ情報取得部は、セキュリティ情報蓄積部からセキュリティ情報を取得しないように制御する取得制限部をさらに有する第四の発明に記載の正当性認証起動管理システムを提供する。 Next, as a fifth invention, when the judgment result of the accumulated security information authenticity judgment unit is not genuine, the security information acquisition unit does not acquire the security information from the security information storage unit. Provided is the legitimacy authentication activation management system according to the fourth invention, which further has an acquisition restriction unit for controlling.
 次に、第六の発明として、正当性認証情報保持部は、耐タンパ性領域内に正当性認証情報を保持する第一の発明から第五の発明のいずれか一に記載の正当性認証起動管理システムを提供する。 Next, as the sixth invention, the legitimacy authentication information holding unit activates the legitimacy authentication according to any one of the first to fifth inventions for holding the legitimacy authentication information in the tamper resistance region. Provide a management system.
 次に、第七の発明として、セキュリティ情報取得部は、MPU配下で利用可能なハードウエアであるROM内に構成されている第一の発明から第六の発明のいずれか一に記載の正当性認証起動管理システムを提供する。 Next, as a seventh invention, the security information acquisition unit has the legitimacy described in any one of the first to sixth inventions configured in the ROM, which is the hardware that can be used under the MPU. Provides an authentication activation management system.
 次に、第八の発明として、正当性チェック部は、MPU配下のハードウエアであるROM内に構成されており、セキュリティ情報を耐タンパ性領域内の正当性認証情報保持部に送信し、その返信の内容に応じて正当性を認証する第六の発明又は第六の発明を基礎とする第七の発明に記載の正当性認証起動管理システムを提供する。 Next, as the eighth invention, the validity check unit is configured in the ROM which is the hardware under the MPU, and the security information is transmitted to the validity authentication information holding unit in the tamper resistance area, and the security information is transmitted to the ROM. Provided is the validity authentication activation management system described in the sixth invention or the seventh invention based on the sixth invention, which certifies the validity according to the content of the reply.
 次に、第九の発明として、セキュリティ情報取得部が構成されているROMは耐タンパ性を有する第七の発明又は第七の発明を基礎とする第八の発明に記載の正当性認証起動管理システムを提供する。 Next, as a ninth invention, the ROM in which the security information acquisition unit is configured has tamper resistance, and the validity authentication activation management described in the seventh invention or the eighth invention based on the seventh invention. Provide a system.
 次に、第十の発明として、正当性チェック部が構成されているROMは耐タンパ性を有する第八の発明又は第八の発明を基礎とする第九の発明に記載の正当性認証起動管理システムを提供する。 Next, as the tenth invention, the ROM in which the validity check unit is formed has tamper resistance, and the validity authentication activation management described in the eighth invention or the ninth invention based on the eighth invention. Provide a system.
 次に、第十一の発明として、コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を各ハードウエアに対応して保持する正当性認証情報保持部、を有する正当性認証起動管理システムの動作方法であって、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアからセキュリティ情報を取得するセキュリティ情報取得ステップと、取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、各ハードウエアの正当性をチェックする正当性チェックステップと、正当性チェック部でのチェック結果がチェック対象領域内ですべてのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理に移行させない起動処理続行中止ステップと、を有する正当性認証起動管理システムの動作方法を提供する。 Next, as the eleventh invention, a legitimacy authentication information holding unit that holds the legitimacy authentication information corresponding to each hardware, which is information for authenticating the legitimacy of the hardware under the MPU of the computer. It is a method of operating the authentication activation management system that has the security information acquisition step of acquiring security information from the hardware under the MPU of the computer at the time of starting the computer and before starting the system, and the acquired security information. The validity check step for checking the validity of each hardware using the retained validity authentication information and the check result in the validity check section are valid for all hardware in the check target area. If the check result is, the system boot process is continued, and if the check result is not valid for all hardware in the check target area, the system boot process is not started. Provided is a method of operating a legitimacy authentication activation management system having.
 次に、第十二の発明として、コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を各ハードウエアに対応して保持する正当性認証情報保持部、を有する正当性認証起動管理システムの動作プログラムであって、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアからセキュリティ情報を取得するセキュリティ情報取得ステップと、取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、各ハードウエアの正当性をチェックする正当性チェックステップと、正当性チェック部でのチェック結果がチェック対象領域内ですべてのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理に移行させない起動処理続行中止ステップと、を有する正当性認証起動管理システムの動作プログラムを提供する。 Next, as a twelfth invention, a legitimacy authentication information holding unit that holds legitimacy authentication information corresponding to each hardware, which is information for authenticating the legitimacy of the hardware under the MPU of the computer. A security information acquisition step that acquires security information from the hardware under the MPU of the computer at the time of computer startup and before the system is started, and the acquired security information. The validity check step for checking the validity of each hardware using the retained validity authentication information and the check result in the validity check section are valid for all hardware in the check target area. If the check result is, the system boot process is continued, and if the check result is not valid for all hardware in the check target area, the system boot process is not started. Provides an operating program for a legitimacy authentication activation management system that has.
 上記のような正当性認証起動管理システムを提供することによって、繰り返し可能であり、簡易かつ安価に、コンピュータ内にアンノウンが紛れ込んでいる場合にシステムの起動を中断することが可能となる。 By providing the above-mentioned legitimacy authentication startup management system, it is possible to repeat the system startup easily and inexpensively when the unknown is mixed in the computer.
正当なマザーボードのイメージ概念図Legitimate motherboard image conceptual diagram アンノウンが紛れ込んだマザーボードのイメージ概念図Image conceptual diagram of the motherboard with unknown 実施形態1の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the first embodiment 正当性認証起動管理システムを搭載したコンピュータの起動時のハードウエア構成の一例を示す図A diagram showing an example of the hardware configuration at startup of a computer equipped with a validity authentication startup management system. 実施形態1の正当性認証起動管理システムの、ハードウエア構成の一例を示す図The figure which shows an example of the hardware configuration of the legitimacy authentication activation management system of Embodiment 1. 正当性認証起動管理システムの上位概念的な処理の流れの一例を示す図A diagram showing an example of a higher-level conceptual processing flow of a legitimacy authentication activation management system. 実施形態1の正当性認証起動管理システムの、処理の流れの一例を示すフロー図A flow chart showing an example of the processing flow of the legitimacy authentication activation management system of the first embodiment. 実施形態2の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the second embodiment 実施形態2の正当性認証起動管理システムの、ハードウエア構成の一例を示す図The figure which shows an example of the hardware configuration of the legitimacy authentication activation management system of Embodiment 2. 実施形態2の正当性認証起動管理システムの、処理の流れの一例を示すフロー図A flow chart showing an example of the processing flow of the legitimacy authentication activation management system of the second embodiment. 実施形態3の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the third embodiment 実施形態3の正当性認証起動管理システムの、ハードウエア構成の一例を示す図The figure which shows an example of the hardware configuration of the legitimacy authentication activation management system of Embodiment 3. 実施形態3の正当性認証起動管理システムの、立上時セキュリティ情報の正当性チェックの方法の一例を概念的に示す図The figure which conceptually shows an example of the method of the legitimacy check of the security information at startup of the legitimacy authentication activation management system of Embodiment 3. 実施形態3の正当性認証起動管理システムの、処理の流れの一例を示すフロー図A flow chart showing an example of the processing flow of the legitimacy authentication activation management system of the third embodiment. 実施形態3のその他の実施形態1の正当性認証起動管理システムの、蓄積セキュリティ情報の真正性を判断する方法の一例を概念的に示す図The figure which conceptually shows an example of the method of judging the authenticity of the accumulated security information of the legitimacy authentication activation management system of the other Embodiment 1 of embodiment 3. 実施形態3のその他の実施形態1の正当性認証起動管理システムの、構成の一例を示す機能ブロック図A functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the other embodiment 1 of the third embodiment. 実施形態3のその他の実施形態1の正当性認証起動管理システムの、ハードウエア構成の一例を示す図A diagram showing an example of the hardware configuration of the other embodiment 1 of the other embodiment 1 of the legitimacy authentication activation management system of the embodiment 3. 実施形態3のその他の実施形態1の正当性認証起動管理システムの、処理の流れの一例を示すフロー図A flow chart showing an example of the processing flow of the other embodiment 1 of the other embodiment 1 of the legitimacy authentication activation management system of the embodiment 3. 実施形態3のその他の実施形態2の正当性認証起動管理システムの、構成の一例を示す機能ブロック図A functional block diagram showing an example of the configuration of the other embodiment 2 of the third embodiment of the legitimacy authentication activation management system. 実施形態3のその他の実施形態2の正当性認証起動管理システムの、ハードウエア構成の一例を示す図A diagram showing an example of the hardware configuration of the other embodiment 2 of the third embodiment of the legitimacy authentication activation management system. 実施形態3のその他の実施形態2の正当性認証起動管理システムの、処理の流れの構成の一例を示す図The figure which shows an example of the structure of the process flow of the legitimacy authentication activation management system of the other Embodiment 2 of embodiment 3. 実施形態4の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the fourth embodiment 実施形態5の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the fifth embodiment 実施形態6の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the sixth embodiment 実施形態7の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the seventh embodiment 実施形態8の正当性認証起動管理システムの、構成の一例を示す機能ブロック図Functional block diagram showing an example of the configuration of the legitimacy authentication activation management system of the eighth embodiment
 以下では、本発明の実施形態について、図を用いて説明する。以下の説明は、実施形態1は請求項1に、実施形態2は請求項2に、実施形態3は請求項3、請求項4、請求項5に、実施形態4は請求項6に、実施形態5は請求項7に、実施形態6は請求項8に、実施形態7は請求項9に、実施形態8は請求項10に、実施形態9は請求項11に、実施形態10は請求項12に、それぞれ対応する。なお、本発明の内容は、以下の実施例及び具体例にのみ限定されるものではなく、本発明の要旨を逸脱しない範囲内において種々変更を加え得る。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. The following description is described in claim 1 for embodiment 1, claim 2 for embodiment 2, claim 3, claim 4, claim 5 for embodiment 3, and claim 6 for embodiment 4. 5 is claim 7, embodiment 6 is claim 8, embodiment 7 is claim 9, embodiment 8 is claim 10, embodiment 9 is claim 11, and embodiment 10 is claim 10. Corresponds to 12 respectively. The content of the present invention is not limited to the following examples and specific examples, and various modifications can be made without departing from the gist of the present invention.
<実施形態1>
<実施形態1 概要>
 図1-a及び図1-bはマザーボード(0100)を鳥瞰的に見た場合の概念図である。図1-aは、各種ハードウエアが正当に配置されている状態を示している。図1-bでは、図1-aと比較してハードウエア(0101)が1つ多くなっている。この0101で示されるハードウエアがアンノウンにあたる。アンノウンが紛れ込んだマザーボードでは、MPU配下のハードウエア構成に正当性が認められない。
 本実施形態における発明は、コンピュータ又はコンピュータの部分機能の立上時に、セキュリティ情報の正当性をチェックする手法を用いて、MPU配下のチェック対象領域内で全てのハードウエアの正当性が認められた場合にのみシステムの起動を認める、正当性認証起動管理システムである。本明細書においては「MPU配下」とは、前述の通りMPUが直接的又は/及び間接的にアクセスして情報処理を行う地位にあることを言う。一般的にはボード上の管理プロセッサと、ボード上の情報処理チップとの関係やマザーボード上のチップセットを介して管理プロセッサと情報処理をおこなうものを言い、必ずしもマザーボードにボードが限定されるものでない。また「MPU」とはCPU、GPUなどいわゆるプロセッサを言う。 <Embodiment 1>
<Outline of Embodiment 1>
1-a and 1-b are conceptual diagrams when the motherboard (0100) is viewed from a bird's-eye view. FIG. 1-a shows a state in which various hardware are properly arranged. In FIG. 1-b, the hardware (0101) is increased by one as compared with FIG. 1-a. The hardware indicated by 0101 corresponds to unknown. On a motherboard with unknown information, the hardware configuration under the MPU cannot be justified.
In the invention of the present embodiment, the validity of all hardware is recognized within the check target area under the MPU by using a method of checking the validity of security information at the time of starting up the computer or a partial function of the computer. It is a legitimacy authentication startup management system that allows the system to start only in cases. In the present specification, "subordinate to MPU" means that the MPU is in a position to directly or / or indirectly access and process information as described above. Generally, it refers to the relationship between the management processor on the board and the information processing chip on the board, or information processing with the management processor via the chipset on the motherboard, and the board is not necessarily limited to the motherboard. .. Further, "MPU" refers to a so-called processor such as a CPU or GPU.
<実施形態1 発明の構成>
 図2は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(0201)、正当性認証情報保持部(0202)、正当性チェック部(0203)、起動処理続行中止部(0204)と、からなる。 <Structure of Embodiment 1 Invention>
FIG. 2 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it is composed of a security information acquisition unit (0201), a validity authentication information holding unit (0202), a validity check unit (0203), and a start processing continuation / cancellation unit (0204).
 本願発明は、コンピュータを立ち上げて通常の利用可能状態のシステムの起動前に、コンピュータのMPU配下にあるハードウエア構成の正当性を認証して、コンピュータのシステムの起動を管理する発明である。そこで、まずコンピュータのシステムの起動過程のどの段階において本願発明における認証及び管理を実行することが可能であるかを説明する。 The present invention is an invention that manages the startup of the computer system by authenticating the validity of the hardware configuration under the MPU of the computer before starting the computer and starting the system in the normal usable state. Therefore, first, at what stage of the booting process of the computer system, the authentication and management in the present invention can be executed.
 コンピュータは、電源が入れられるとフラッシュメモリ内に記録されているBASICINPUT/OUTPUT SYSTEM(以下、「BIOS」と呼ぶ)等が起動することになる。BIOSは最初に起動させられると、まずMPU配下のマザーボード上に配置されている各種ハードウエアやチップセットを介してMPUと通信する各種ハードウエア、各ポートに繋がれている接続済み各種インターフェイスの接続の有無及び接続が正常であるかを確認する(power on self test)。その後、各種ハードウエアを動作可能とするための初期化処理を各マザーボード上の各種ハードウエア及びポート接続済み各種インターフェイスに命令する。その後起動ドライブをチェックする。以上が終了した場合には起動ドライブ(例えばOSのインストールされたハードディスクドライブ)からBIOSは起動プログラム(ブートストラップローダー)をメインメモリに展開し、制御をブートローダに渡す。ブートローダはOSをメインメモリに展開してOSを起動状態に導く。これによってコンピュータはシステム利用可能な状態となる。アプリケーションソフトウエア、コンピュータの各種機能、通信などが可能となる。なお、本願でコンピュータとは、パーソナルコンピュータ、ノートパソコン、タブレット端末、サーバ、大型コンピュータ、スマートフォン、携帯電話、モデム、ルーター、交換機、各種家電、ロボット、スマートメーター、工作機械、プラント制御機器、自動車、飛行機、船舶、現金自動支払機(ATM)など各種のものを含む。
 本願の発明はBIOSが各種接続チェック等を行って処理をブートローダーに引き渡す前、又は、ブートローダーがOS等のシステム起動処理を続行中で完了前に行われ、終了するように構成される。 When the power of the computer is turned on, the BASIC INPUT / OUTPUT SYSTEM (hereinafter referred to as "BIOS") or the like recorded in the flash memory is activated. When the BIOS is first started, it first connects various hardware located on the motherboard under the MPU, various hardware that communicates with the MPU via the chipset, and various connected interfaces connected to each port. Check if there is any and if the connection is normal (power on self test). After that, the initialization process for enabling the various hardware to operate is instructed to the various hardware on each motherboard and the various interfaces connected to the ports. Then check the boot drive. When the above is completed, the BIOS expands the boot program (bootstrap loader) from the boot drive (for example, the hard disk drive on which the OS is installed) to the main memory and passes control to the boot loader. The boot loader expands the OS to main memory and guides the OS to the boot state. This puts the computer in a system-enabled state. Application software, various computer functions, communication, etc. become possible. In this application, computers are personal computers, laptop computers, tablet terminals, servers, large computers, smartphones, mobile phones, modems, routers, exchanges, various home appliances, robots, smart meters, machine tools, plant control equipment, automobiles, etc. Includes various items such as airplanes, ships, and automated teller machines (ATMs).
The invention of the present application is configured to be performed and terminated before the BIOS performs various connection checks and the like and hands over the process to the boot loader, or before the boot loader continues the system boot process such as the OS and completes it.
 BIOSには、上記に記載した以上に機能があり、概ねのBIOSにとって共通となる処理を簡易的に表現すると上記のようになる。以下の説明では、便宜上本願発明の出願時点で最も一般的に汎用性コンピュータにおいて採用されている技術を具体例として説明を行うものの、具体例として利用する以外の現時点で知られている技術(例えば、Unified Extensible Firmuare Interface(以下では、「UEFI」という。)を用いたコンピュータ)はもちろんのこと、本願発明の原理が再現可能な将来的に開発される技術に対しても、本願発明は同様に機能する。したがって、下記の各実施形態(実施形態1から実施形態12)の具体的な説明はBIOSを用いたコンピュータの起動以外の場合も当然に含むものである。 The BIOS has more functions than those described above, and the processing that is common to the general BIOS can be simply expressed as described above. In the following description, for convenience, the technology most commonly used in the general-purpose computer at the time of filing the present invention will be described as a specific example, but the technology known at the present time other than that used as a specific example (for example, , Unified Extensible Firmware Interface (hereinafter referred to as "UEFI"), as well as for technologies developed in the future in which the principles of the present invention can be reproduced. Function. Therefore, the specific description of each of the following embodiments (Embodiments 1 to 12) naturally includes cases other than starting the computer using the BIOS.
 なお、本願発明では特にマザーボード上に存在する、利用者が目視で異変に気付くことが出来ないアンノウンを検出することを特徴とすることから、下記では主題を明確化するためにマザーボード上の各種ハードウエアのみを具体例として挙げることとする。したがって、明細書中の具体例としてポートに接続されたインターフェイスに関しては記載しないものの、例えばキーボード中に隠されたアンノウンがキーボードのタイピングをスチールする(いわゆる「フィッシング行為」である)といった、ポートに接続されたインターフェイス内部に隠されたアンノウンの検出可能性を排除するものではなく、本システムを用いて起動管理を行うことで、ポートにインターフェイスを接続し、接続されたインターフェイスを接続元のコンピュータによって使用可能に起動処理をする際に、正当性認証及び起動管理を行うことも本願発明は含んでいる。このことは、実施形態1から実施形態12について共通である。 In addition, since the invention of the present application is characterized in that it detects an unknown that is present on the motherboard and cannot be visually noticed by the user, various hardware on the motherboard are described below in order to clarify the subject matter. Only wear will be given as a specific example. Therefore, although the interface connected to the port is not described as a specific example in the specification, it is connected to the port, for example, an unknown hidden in the keyboard steals the typing of the keyboard (so-called "fishing act"). It does not eliminate the detectability of unknown hidden inside the hidden interface, but by performing startup management using this system, the interface is connected to the port and the connected interface is used by the connecting computer. The present invention also includes performing legitimacy authentication and activation management when the activation process is possible. This is common to Embodiments 1 to 12.
 本願発明では、BIOSが網羅的に各種ハードウエアから受信した信号(例えば、代表的なものとして起動シグナル等が考えられる。)に与えられている各種ハードウエアの種類を識別する種類識別番号等のセキュリティ情報(詳細は後述する)のリストを、正当性認証情報と比較等の処理をすることによって、MPU下に配置されている各種ハードウエア構成の正当性認証を行うことが可能である。そして、正当性の認証が出来た場合には、コンピュータの起動処理を完了させ、正当性の認証が出来なかった場合には、コンピュータの起動処理を中止するという起動管理を行う。 In the present invention, the type identification number and the like that identify the types of various hardware given to the signals that the BIOS comprehensively receives from various hardware (for example, a start signal and the like can be considered as typical ones). By performing processing such as comparing the list of security information (details will be described later) with the legitimacy authentication information, it is possible to perform the legitimacy authentication of various hardware configurations arranged under the MPU. Then, if the legitimacy is authenticated, the computer startup process is completed, and if the legitimacy is not authenticated, the computer startup process is stopped.
 BIOSがそもそも起動すべきハードウエアのリストを保持しておりそのリストに則って接続チェック等を行っている場合はハードウエアの構成の正当性を認証しているという考え方も可能であるが、BIOSがそもそも所持しているリストが書き換えられている場合があり得る。従ってBIOSのみに構成の正当性を担保させることは危険である。 It is possible to think that the BIOS has a list of hardware to be started in the first place and if the connection check etc. is performed according to the list, the validity of the hardware configuration is authenticated, but the BIOS However, it is possible that the list that you have in the first place has been rewritten. Therefore, it is dangerous to have only the BIOS guarantee the correctness of the configuration.
<実施形態1 構成の説明>
<実施形態1 セキュリティ情報取得部>
 「セキュリティ情報取得部」は、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報を取得する。「セキュリティ情報」とは、ハードウエアが正当なハードウエアであるか否かを判断するために用いられる情報である。ハードウエアのセキュリティ情報は、特定のハードウエアに与えられた秘密キーのような識別情報、ハードウエアの種類識別情報、ハードウエアの固体識別情報、ハードウエア起動ステータス情報、等のハードウエアを特定することが可能なあらかじめ設定されているMPU配下のハードウエア間でユニークな情報である。一つの情報によって構成されていてもよいし、複数の情報を組み合わせて一つのセキュリティ情報として扱ってもよい。 <Explanation of Embodiment 1 Configuration>
<Embodiment 1 Security Information Acquisition Unit>
The "security information acquisition unit" acquires the security information of the hardware under the MPU of the computer at the time of starting up the computer and before starting the system. "Security information" is information used to determine whether or not the hardware is legitimate hardware. Hardware security information identifies hardware such as identification information such as a private key given to specific hardware, hardware type identification information, individual hardware identification information, hardware boot status information, and the like. This is unique information among the hardware under the preset MPU that can be set. It may be composed of one piece of information, or a plurality of pieces of information may be combined and treated as one piece of security information.
 セキュリティ情報取得部がセキュリティ情報を取得する手段は本実施形態においては限定していない。例えば、MPU配下のチェック対象領域内で全てのハードウエアから送信される等して取得する方法が考えられる。あるいは、本正当性認証起動管理システムを搭載しているコンピュータのMPU配下に置かれているチェック対象領域内で全部のハードウエアのセキュリティ情報を事前に登録しておき、それをセキュリティ情報取得部が取得する方法が考えられる。この他にも、考えられるセキュリティ情報を獲得可能な方法であれば、その方法は限定していない。
 ここで「チェック対象領域」とは、コンピュータの設計思想によって範囲を限定できるが、基本的にはBIOSやUEFIによるシステムの起動処理によって最終的にシステムで利用可能となるように調整されるハードウエアの範囲を言う。ただし、利用可能となるように調整されるハードウエアの一部に限定してチェック対象領域を設定することも考えられる。 The means by which the security information acquisition unit acquires security information is not limited in this embodiment. For example, a method of acquiring by transmitting from all hardware in the check target area under the MPU can be considered. Alternatively, the security information acquisition department registers the security information of all hardware in advance in the check target area placed under the MPU of the computer equipped with this validity authentication activation management system. A method to obtain it is conceivable. In addition to this, the method is not limited as long as it can obtain possible security information.
Here, the "check target area" can be limited in scope by the design concept of the computer, but basically it is hardware that is adjusted so that it can be finally used in the system by the system boot process by BIOS or UEFI. Say the range of. However, it is conceivable to set the check target area only for a part of the hardware adjusted so that it can be used.
<実施形態1 正当性認証情報保持部>
 「正当性認証情報保持部」は、コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を保持する。「正当性認証情報」は、本正当性認証起動管理システムを搭載しているコンピュータの設計時点でのMPU配下に置かれることが定まっているハードウエアの種類を全て特定できる設計情報に基づくハードウエアの識別情報のようなものである。コンピュータのMPU配下に設計上収められるべきハードウエアを特定できる情報によって構成されている。例えば、ハードウエアの種類識別情報、ハードウエアの固体識別情報、ハードウエア起動ステータス情報、等のハードウエアを特定することが可能なあらかじめ設定されているユニークな情報によって構成することが考えられる。あるいは、各種の識別情報をハッシュ関数等に代入することで得られる解、全ての識別情報をまとめてハッシュ関数等に代入することで得られる解、識別情報を代入すべきハッシュ関数等、等のハードウエアを特定することが可能なあらかじめ設定されているユニークな情報をハッシュ関数等の関数に代入することで得られる解がこれにあたる。 <Embodiment 1 Legitimacy Authentication Information Holding Unit>
The "validity authentication information holding unit" holds the validity authentication information which is the information for authenticating the validity of the hardware under the MPU of the computer. The "validity authentication information" is hardware based on the design information that can specify all the types of hardware that are determined to be under the MPU at the time of designing the computer equipped with this validity authentication activation management system. It's like the identification information of. It is composed of information that can identify the hardware that should be stored in the design under the MPU of the computer. For example, it may be configured by preset unique information capable of identifying hardware such as hardware type identification information, hardware individual identification information, and hardware startup status information. Alternatively, a solution obtained by substituting various identification information into a hash function or the like, a solution obtained by substituting all the identification information into a hash function or the like, a hash function to which the identification information should be substituted, etc. This is the solution obtained by substituting a unique preset information that can identify the hardware into a function such as a hash function.
<実施形態1 正当性チェック部>
 「正当性チェック部」は、取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、ハードウエアの正当性をチェックする。先述のように、正当性認証情報は、本正当性起動管理システムを搭載しているコンピュータのMPU配下に収められるべきハードウエアの正当な設計情報に基づいて得られる特定の情報である。後からマザーボード等に挿入されたり、入れ替えて挿入されるハードウエアは、正当な設計情報に基づいてマザーボードに配置される物でないのでこれらアンノウンに関するセキュリティ情報は、正当性認証情報では認証されないことになる。この情報とセキュリティ情報を用いて、セキュリティ情報が正当な情報であるかを判断する過程を経て、ハードウエアの正当性をチェックする。 <Embodiment 1 Validity Check Unit>
The "validity check unit" checks the validity of the hardware by using the acquired security information and the retained validity authentication information. As described above, the legitimacy authentication information is specific information obtained based on the legitimate design information of the hardware to be stored under the MPU of the computer equipped with the legitimacy activation management system. Since the hardware that is inserted into the motherboard or replaced later is not placed on the motherboard based on the legitimate design information, the security information related to these unknowns will not be authenticated by the legitimacy authentication information. .. Using this information and the security information, the validity of the hardware is checked through the process of determining whether the security information is legitimate information.
 セキュリティ情報が正当であるかをチェックする方法としては、例えば、正当性認証情報が本正当性起動管理システムを搭載しているコンピュータのMPU配下に収められるべきハードウエアの設計情報に基づくハードウエアの識別情報である場合には、セキュリティ情報と設計情報に基づくハードウエアの識別情報とが完全に一致しているか否かを比較することによって判断することができる。セキュリティ情報と設計情報に基づくハードウエアの識別情報が完全に一致している場合に、正当性が肯定される。一部が一致しない、あるいは設計情報に基づくハードウエアの識別情報は全て一致するが設計情報に基づくハードウエアの識別情報に含まれていないセキュリティ情報が含まれている場合には、正当性が否定される。 As a method of checking whether the security information is legitimate, for example, the legitimacy authentication information of the hardware based on the hardware design information that should be stored under the MPU of the computer equipped with this legitimacy activation management system In the case of identification information, it can be determined by comparing whether or not the security information and the hardware identification information based on the design information completely match. The legitimacy is affirmed when the security information and the hardware identification information based on the design information are exactly the same. If some of them do not match, or if all the hardware identification information based on the design information matches, but the security information that is not included in the hardware identification information based on the design information is included, the validity is denied. Will be done.
 あるいは、正当性認証情報が本正当性起動管理システムを搭載しているコンピュータのMPU配下に収められるべきハードウエアの設計時情報とユニークに対応する情報である場合(例えば設計時情報として正当なハードウエアの全識別情報の総和のハッシュ値など)には、ユニークに対応する情報を生成したと同じ処理をハードウエアから得られるセキュリティ情報を用いて行い、その結果を比較することによって判断することができる。 Alternatively, when the legitimacy authentication information is information that uniquely corresponds to the design-time information of the hardware that should be stored under the MPU of the computer equipped with this legitimacy startup management system (for example, the legitimate hardware as the design-time information). For the hash value of the sum of all the identification information of the hardware, etc.), the same processing that generated the uniquely corresponding information can be performed using the security information obtained from the hardware, and the judgment can be made by comparing the results. it can.
 セキュリティ情報(ハードウエア識別情報)が大きな値である場合には正当性認証情報は、各セキュリティ情報のハッシュ値であってもよい。この場合には各ハードウエアから得られるセキュリティ情報をハッシュ関数に取り込んで生成された値と正当性認証情報を比較することで一つ一つのハードウエアの正当性が認証される。 When the security information (hardware identification information) is a large value, the legitimacy authentication information may be a hash value of each security information. In this case, the validity of each hardware is authenticated by incorporating the security information obtained from each hardware into the hash function and comparing the generated value with the validity authentication information.
 ハードウエアの正当性を一つ一つ認証する場合には正当性が認証できなかったハードウエアのみを利用不能としてシステムを立ち上げる構成を採用することも可能である。このケースを本明細書ではシステムの起動処理が一部続行されない状態であるのでシステムの起動処理を続行させない処理と称することとする。 When authenticating the legitimacy of hardware one by one, it is also possible to adopt a configuration in which only the hardware for which the legitimacy could not be authenticated is regarded as unusable and the system is started up. In the present specification, this case is referred to as a process in which the system startup process is not continued because a part of the system startup process is not continued.
<実施形態1 起動処理続行中止部>
 「起動処理続行中止部」は、正当性チェック部でのチェック結果が全てのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、全てのハードウエアについて正当であるとの結果でない場合にはシステムの起動処理を続行させないという処理を行う。例えば、正当性のチェックの結果が全て正当である場合には、起動処理続行中止部は起動処理の中止処理を行わないことでシステムの起動を続行させる。正当性のチェックの結果、正当性が否定された場合には、起動処理続行中止部は起動処理を中止する命令を出し、起動処理を中止するという構成が考えられる。あるいは、例えば、正当性のチェック結果が全て正当である場合には、起動処理続行中止部が起動続行命令を出し起動処理を続行させ、正当性のチェック結果が全て正当であるとの結果ではない場合には、起動処理続行中止部が起動処理命令をだすことで起動処理を中止させるという構成も考えられる。
 なお前述の通り正当性が認証されないハードウエアが特定できる場合にはそのハードウエアについてのみ起動処理の続行を中止する場合も本願明細書に言う起動処理の続行中止に該当するものとする。 <Embodiment 1 Start processing continuation stop section>
The "start processing continuation stop section" allows the system startup process to continue when the check result in the validity check section is valid for all hardware, and is valid for all hardware. If the result is not the same as, the process of not continuing the system startup process is performed. For example, if all the results of the validity check are valid, the boot processing continuation canceling unit does not perform the boot processing stop processing, so that the system boot continues. If the legitimacy is denied as a result of the legitimacy check, the start processing continuation stop unit may issue an instruction to stop the start process and stop the start process. Alternatively, for example, when all the legitimacy check results are valid, the start processing continuation stop unit issues a start processing continuation command to continue the start processing, and it is not the result that all the validity check results are valid. In this case, it is conceivable that the start processing continuation / cancellation unit cancels the start processing by issuing a start processing command.
As described above, when the hardware whose legitimacy is not authenticated can be identified, even if the continuation of the startup process is stopped only for that hardware, it shall correspond to the continuation cancellation of the startup process referred to in the present specification.
 <実施形態1 ハードウエア構成>
 <実施形態1 ハードウエア構成 基本構造>
 図3は本システムを搭載したコンピュータの起動後のハードウエア構成の状態を概念的に示す例図である。この図にあるように本発明は、基本的にコンピュータとプログラム(BIOS、OSを含む)、各種マザーボード上のデバイス、ポートを介してMPU配下に加わる各種インターフェイスデバイス、で構成することが可能である。 <Embodiment 1 Hardware Configuration>
<Embodiment 1 Hardware Configuration Basic Structure>
FIG. 3 is an example diagram conceptually showing the state of the hardware configuration after the computer equipped with this system is started. As shown in this figure, the present invention can basically be composed of a computer and a program (including BIOS and OS), devices on various motherboards, and various interface devices that are added under the MPU via ports. ..
 各種マザーボード上のデバイスとしては、BIOS ROM(0301)、メモリカード(0302)、メインメモリ(0303)、フラッシュメモリ(0304)、クロックジェネレータ(0305)、SATAコネクタ(0306)、ネットワークコントローラチップ(0307)、サウンドコントローラチップ(0308)、ディスプレイコントローラチップ(0309)、グラフィックスプロセッシングユニット(0310)、ポート80ディスプレイ(0311)、チップセット(0312:チップセット内に、前出のネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ等のチップが集約されている場合がある)、その他の各種拡張カード(0313:例えば、PCI-Express等のグラフィックスカード等)、ハードディスクドライブ(0314:多くのコンピュータではOSはチップセット下のハードディスクドライブに配置されているため、図ではチップセット下にハードディスクドライブが配置しているが、MPU直下、チップセット下のいずれにも配置可能である。)等が不揮発性メモリに保持され、メインメモリにロードされ、一連のプログラム実行に際して参照され、利用される。 Devices on various motherboards include BIOS ROM (0301), memory card (0302), main memory (0303), flash memory (0304), clock generator (0305), SATA connector (0306), network controller chip (0307). , Sound controller chip (0308), Display controller chip (0309), Graphics processing unit (0310), Port 80 display (0311), Chipset (0312: In the chipset, the above-mentioned network controller chip, sound controller chip , Display controller chips and other chips may be integrated), various other expansion cards (0313: for example, graphics cards such as PCI-Express), hard disk drives (0314: OS is a chipset in many computers) Since it is located in the hard disk drive below, the hard disk drive is located under the chipset in the figure, but it can be placed directly under the MPU or under the chipset.) Etc. are held in the non-volatile memory. , Loaded into main memory, referenced and used when executing a series of programs.
 インターフェイスデバイスとしては、通信デバイス、キーボード、ディスプレイ、マウス、図示していないがマイク、スピーカー、USBメモリ等の外接メモリ、光学ドライバ、磁気ドライバ、スキャナ、プリンタ、カメラ、等が挙げられる。 Examples of interface devices include communication devices, keyboards, displays, mice, external memories such as microphones, speakers, and USB memory (not shown), optical drivers, magnetic drivers, scanners, printers, cameras, and the like.
 コンピュータの動作は基本的に不揮発性メモリ(フラッシュメモリ・ハードディスクドライブ、外接メモリ等も含む)に記録されているプログラムやデータをメインメモリにロードして、メインメモリとMPU(例えばCPU、GPU等)と各種ハードウエアで処理を実行していく形態をとる。ハードウエアとの通信は、バス線と繋がったインターフェイスを介して行われる。 The operation of the computer is basically to load the programs and data recorded in the non-volatile memory (including flash memory, hard disk drive, external memory, etc.) into the main memory, and then load the main memory and MPU (for example, CPU, GPU, etc.). It takes the form of executing processing with various hardware. Communication with the hardware is done via an interface connected to the bus line.
 この図にあるように本正当性認証起動管理システムでは、コンピュータのシステムの起動前の処理を対象としていることから、MPU(0315)配下でコンピュータのシステム起動後に利用される不揮発性メモリ(0316)に記憶されている各種プログラム(0317)は、この段階ではメインメモリ(0318)に展開されることがない。メインメモリに展開されているのは、フラッシュメモリ上から読み出し可能なBIOSが各種ハードドライブ(図中の例示では、メモリカード、メインメモリ、フラッシュメモリ、クロックジェネレータ、SATAコネクタ、ネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ、グラフィックスプロセッシングユニット、ポート80ディスプレイ、チップセット、拡張カード、ハードディスクドライブがこれに該当する)、及び、ポートに繋がれた各種インターフェイス(図中の例示では、通信デバイス、キーボード、ディスプレイ、マウス)から取得した起動シグナルに従って取得される各種ハードウエアのデバイスドライブ(0319)である。特に、OSを記憶しているハードディスクドライブからは、ブートローダ(0319)が取得されメインメモリに展開される。メインメモリは、展開されたブートローダの起動プログラムに従い、OSを起動してOSを起動状態として、各種ハードウエアをOSの管理下とする。以上のハードウエア構成の基本構造については、本正当性認証起動管理システムの全ての実施形態(実施形態1から実施形態12の全て)について共通する。 As shown in this figure, since this legitimacy authentication activation management system targets the processing before the computer system is started, the non-volatile memory (0316) used after the computer system is started under the MPU (0315). The various programs (0317) stored in the main memory (0318) are not expanded at this stage. The main memory is expanded to various hard drives with BIOS that can be read from the flash memory (in the example in the figure, memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller. Chips, display controller chips, graphics processing units, port 80 displays, chipsets, expansion cards, hard disk drives are examples), and various interfaces connected to the ports (communication devices, keyboards in the examples in the figure). , Display, mouse), and various hardware device drives (0319) acquired according to the activation signal acquired. In particular, the boot loader (0319) is acquired from the hard disk drive storing the OS and expanded in the main memory. The main memory boots the OS according to the boot program of the expanded boot loader, puts the OS in the boot state, and puts various hardware under the control of the OS. The basic structure of the above hardware configuration is common to all the embodiments of the validity authentication activation management system (all of the first to the twelfth embodiments).
 <実施形態1 ハードウエア構成 本システムがBIOS配下にあることについて>
 図4は、実施形態1における正当性認証起動管理システムのハードウエア構成の一例を示す図である。本実施形態における本正当性認証起動管理システムは、OSの起動前の処理を問題としていることから、その時点で起動状態にあるBIOSの配下にプログラム(本実施形態では:セキュリティ情報取得プログラム、正当性チェックプログラム、起動処理続行中止プログラム、を少なくとも有する。)が位置しており、これらのプログラムは、MPUが処理可能にBIOSによってメインメモリに展開される。さらに、各種情報もBIOSによってメインメモリに展開されるように構成してもよい。あるいはMPUが直接BIOS配下の本システムを構成するハードウエア中の情報にアクセスするように構成することもできる。 <Embodiment 1 Hardware Configuration About the fact that this system is under the BIOS>
FIG. 4 is a diagram showing an example of the hardware configuration of the validity authentication activation management system according to the first embodiment. Since the validity authentication startup management system in the present embodiment has a problem of processing before the OS is started, a program under the BIOS that is in the started state at that time (in this embodiment: security information acquisition program, legitimacy). It has at least a sex check program and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
 あるいは、本正当性認証起動管理システムのためのファームウエアやOS(便宜上、以後「サブOS」と呼ぶことにする)構築し、サブOSを起動させた後に、サブOSの管理のもとに本正当性認証起動管理システムを実行するように構成することも可能である。 Alternatively, after constructing the firmware or OS for this legitimacy authentication startup management system (hereinafter referred to as "sub OS" for convenience) and starting the sub OS, the book is managed under the control of the sub OS. It can also be configured to run a legitimacy authentication activation management system.
 <実施形態1 ハードウエア構成 正当性認証起動管理システムのプログラム及び情報の説明>
 「セキュリティ情報取得プログラム」は、セキュリティ情報を取得する。セキュリティ情報の取得元は、限定していない。
 「正当性チェックプログラム」は、セキュリティ情報と正当性認証情報とを用いてMPU配下のハードウエアの正当性を認証する。
 「起動処理続行中止プログラム」は、正当性チェック部の正当性チェック結果に応じて、正当性が認められた場合には起動処理の続行を中止せず、正当性が認められなかった場合には起動処理の続行を中止する。
 展開された上記各プログラムは順次又は常時実行される。なお、本正当性認証起動管理システムの実行の際に参照されるデータとしては、セキュリティ情報、正当性認証情報、正当性判断結果、中止命令、図示しない通信など各種の設定情報等が保持され、BIOSの管理の下(あるいはサブOSの管理の下)メインメモリにロードされ、正当性認証起動管理システムのプログラム実行に際して参照され、利用される。 <Embodiment 1 Hardware Configuration Description of Program and Information of Legitimacy Authentication Startup Management System>
The "security information acquisition program" acquires security information. The source of security information is not limited.
The "validity check program" authenticates the validity of the hardware under the MPU by using the security information and the validity authentication information.
The "start processing continuation cancel program" does not stop the continuation of the startup process if the legitimacy is confirmed according to the validity check result of the validity check section, and if the legitimacy is not recognized, the program does not stop the continuation of the startup process. Cancels the continuation of the startup process.
Each of the expanded programs is executed sequentially or constantly. In addition, as the data referred to when the legitimacy authentication activation management system is executed, various setting information such as security information, legitimacy authentication information, legitimacy judgment result, stop order, communication (not shown), etc. are retained. It is loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and is referred to and used when executing the program of the legitimacy authentication startup management system.
<実施形態1 処理の流れ>
 図5は、実施形態1の上位概念的な処理フロー図である。この図に示すように、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報を取得する「セキュリティ情報取得ステップ」(0501)、取得したセキュリティ情報の正当性をチェックする「正当性チェックステップ」(0502)、セキュリティ情報正当性チェックの結果が正当であるか否かを判断する「セキュリティ情報正当性チェック結果判断部」(0503)、正当性チェック部でのチェック結果が全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理を続行させない「起動処理続行中止ステップ」(0504)、正当性チェック結果が全てのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させる「起動処理続行ステップ」(0505)と、を少なくとも実行する。 <Implementation 1 Processing Flow>
FIG. 5 is a superordinate conceptual processing flow diagram of the first embodiment. As shown in this figure, the "security information acquisition step" (0501), which acquires the security information of the hardware under the MPU of the computer at the time of starting up the computer and before starting the system, checks the validity of the acquired security information. "Validity check step" (0502), "Security information validity check result judgment unit" (0503) to judge whether the result of the security information validity check is valid, check result by the validity check unit If is not the check result that is valid for all hardware, the system boot process is not continued in the "start process continuation stop step" (0504), and the validity check result is valid for all hardware. At least the "startup process continuation step" (0505) for continuing the system boot process when the check result is obtained is executed.
 図6は、実施形態1のより具体的な処理の流れの一例を示す図である。この図に示すように、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報を取得する「セキュリティ情報取得ステップ」(0601)、セキュリティ情報は各ハードウエアごとに取得することから、全てのハードウエアからセキュリティ情報の取得が完了したかを確認する「セキュリティ情報取得完了判断ステップ」(0602)、取得したセキュリティ情報の正当性をチェックする「正当性チェックステップ」(0603)、セキュリティ情報正当性チェックの結果が正当であるか否かを判断する「セキュリティ情報正当性チェック結果判断ステップ」(0604)、正当性チェック部でのチェック結果が全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理を続行させない「起動処理続行中止ステップ」(0605)、正当性チェック結果が全てのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させる「起動処理続行ステップ」(0606)と、を少なくとも実行する。 FIG. 6 is a diagram showing an example of a more specific processing flow of the first embodiment. As shown in this figure, the "security information acquisition step" (0601), in which the security information of the hardware under the MPU of the computer is acquired at the time of starting up the computer and before the system is started, the security information is acquired for each hardware. Therefore, the "security information acquisition completion determination step" (0602) for confirming whether the acquisition of security information from all hardware has been completed, and the "validity check step" (0603) for checking the validity of the acquired security information. ), "Security information validity check result judgment step" (0604) to judge whether the result of the security information validity check is valid, and the check result in the validity check section is valid for all hardware. If the check result is not the result of "Starting process continuation stop step" (0605), the system booting process is not continued. If the validity check result is the check result that all hardware is valid, the system booting is performed. At least the "start processing continuation step" (0606) for continuing the processing is executed.
<実施形態2>
<実施形態2 概要>
 本実施形態における発明は、実施形態1に記載する発明であって、セキュリティ情報をセキュリティ情報蓄積部から取得されたセキュリティ情報を利用して、本正当性認証起動管理システムを搭載したパソコンのMPU配下に配置されたハードウエアの正当性認証を行う。 <Embodiment 2>
<Outline of Embodiment 2>
The invention in the present embodiment is the invention described in the first embodiment, and is under the control of the MPU of a personal computer equipped with the present legitimacy authentication activation management system by using the security information acquired from the security information storage unit. Authenticate the hardware placed in.
<実施形態2 発明の構成>
 図7は、実施形態2における正当性認証起動管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報蓄積部(0701)、セキュリティ情報取得部(0702)、正当性認証情報保持部(0703)、正当性チェック部(0704)、起動処理続行中止部(0705)と、からなる。以下では、実施形態1との共通の構成についての説明は省略し、本実施形態に特有の構成について説明をする。 <Structure of Embodiment 2 Invention>
FIG. 7 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication activation management system according to the second embodiment. As shown in the figure, the security information storage unit (0701), the security information acquisition unit (0702), the validity authentication information holding unit (0703), the validity check unit (0704), the start processing continuation / cancellation unit (0705), and the like. Consists of. In the following, the description of the configuration common to the first embodiment will be omitted, and the configuration peculiar to the present embodiment will be described.
<実施形態2 セキュリティ情報蓄積部>
 「セキュリティ情報蓄積部」は、セキュリティ情報を記録したROMからなる。ROMはREAD ONLY MEMORYの略であり、読み出しはできるものの、原則的には上書きしたり削除したりすることができない。また不揮発性メモリであり、電源の供給を必要とせずに情報を記録しておくことが可能である。 <Embodiment 2 Security Information Storage Unit>
The "security information storage unit" is composed of a ROM in which security information is recorded. ROM is an abbreviation for READ ONLY MEMORY, and although it can be read, it cannot be overwritten or deleted in principle. Moreover, since it is a non-volatile memory, it is possible to record information without the need to supply power.
 セキュリティ情報蓄積部に蓄積されているセキュリティ情報は、本正当性認証起動管理システムを搭載したコンピュータのMPU配下に配置されるハードウエアの設計情報に基づくハードウエアの識別情報とも呼べる収納すべきハードウエアのリストによって構成されている。セキュリティ情報として保持されるハードウエアのリストは、本正当性認証起動管理システムを搭載するハードウエアの設計情報に基づいて登録する内容を定める。セキュリティ情報であるハードウエアのリストは、MPU配下にある全てのハードウエアに関するリストであることが好ましいが、一部のリストとすることも可能である。一部のリストとした場合には、リスト化していない部分にアンノウンが存在している、あるいは書き換えられている可能性が残ることから、本システムを利用した認証結果への信用性は低下する。 The security information stored in the security information storage unit can be called hardware identification information based on the design information of the hardware placed under the MPU of the computer equipped with this validity authentication activation management system. It is composed of a list of. The list of hardware retained as security information defines the contents to be registered based on the design information of the hardware equipped with this validity authentication activation management system. The list of hardware that is security information is preferably a list of all hardware under the MPU, but it is also possible to make a partial list. In the case of a partial list, there is a possibility that the unknown exists or has been rewritten in the unlisted part, so the credibility of the authentication result using this system decreases.
<実施形態2 セキュリティ情報取得部>
 本実施形態のセキュリティ情報取得部は、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報をセキュリティ情報取得部から取得する。コンピュータを起動すると、起動準備として各種のハードウエアが立ち上がる。各種ハードウエアの立上の前か、同時化、後か、そのタイミングがシステム管理者による設計事項であるが、遅くともコンピュータの起動が完了する前に、セキュリティ情報蓄積部からセキュリティ情報取得部に対してセキュリティ情報が送信される。セキュリティ情報取得部が取得するセキュリティ情報は、セキュリティ情報蓄積部が蓄積しているセキュリティ情報を含むものであるから、後続する正当性チェックの段階で設計時のハードウエア構成の設計事項を示すハードウエアのリストの正当性のチェックが行われることになる。 <Embodiment 2 Security Information Acquisition Unit>
The security information acquisition unit of the present embodiment acquires the security information of the hardware under the MPU of the computer from the security information acquisition unit at the time of starting up the computer and before starting the system. When you start your computer, various hardware will start up in preparation for booting. Whether before, at the same time, or after the startup of various hardware is a design matter by the system administrator, but before the computer startup is completed at the latest, the security information storage department sends the security information acquisition department to the security information acquisition department. Security information is sent. Since the security information acquired by the security information acquisition unit includes the security information accumulated by the security information storage unit, a list of hardware showing the design items of the hardware configuration at the time of designing at the subsequent validity check stage. Will be checked for validity.
<実施形態2 ハードウエア構成>
 図8は、実施形態2の最も基本的なハードウエア構成の一例を示す図である。図に示す各種ハードウエア(メモリカード、メインメモリ、フラッシュメモリ、クロックジェネレータ、SATAコネクタ、ネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ、グラフィックスプロセッシングユニット、ポート80ディスプレイ、チップセット、拡張カード、ハードディスクドライブ)、MPU、不揮発性メモリ、メインメモリ、BIOS、インターフェイスの基本的な構造については、実施形態1で説明してあるので省略する。 <Embodiment 2 Hardware Configuration>
FIG. 8 is a diagram showing an example of the most basic hardware configuration of the second embodiment. Various hardware shown in the figure (memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk The basic structure of the drive), MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
 <実施形態2 ハードウエア構成 本システムがBIOS配下にあることについて>
 図8に示す様に、本正当性認証起動管理システムは、OSの起動前の処理を問題としていることから、その時点で起動状態にあるBIOSの配下にプログラム(本実施形態では:セキュリティ情報取得プログラム、正当性チェックプログラム、起動処理続行中止プログラム、を少なくとも有する。)が位置しており、これらのプログラムは、MPUが処理可能にBIOSによってメインメモリに展開される。さらに、各種情報もBIOSによってメインメモリに展開されるように構成してもよい。あるいはMPUが直接BIOS配下の本システムを構成するハードウエア中の情報にアクセスするように構成することもできる。 <Embodiment 2 Hardware Configuration About the fact that this system is under the BIOS>
As shown in FIG. 8, since the legitimacy authentication boot management system has a problem of processing before the OS boots, a program (in this embodiment: security information acquisition) under the BIOS that is in the boot state at that time. It has at least a program, a validity check program, and a start processing continuation / cancellation program), and these programs are expanded into the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
 あるいは、本正当性認証起動管理システムのためのファームウェアやOS(便宜上、以後「サブOS」と呼ぶことにする)構築し、サブOSを起動させた後に、サブOSの管理のもとに本正当性認証起動管理システムを実行するように構成することも可能である。 Alternatively, after constructing the firmware and OS for this legitimacy authentication boot management system (hereinafter referred to as "sub OS" for convenience) and booting the sub OS, this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
 <実施形態2 ハードウエア構成 正当性認証起動管理システムのプログラム及び情報の説明>
 実施形態1と共通の処理を実行するプログラムとして、「正当性チェックプログラム」、「起動処理続行中止プログラム」がある。プログラムの機能については、実施形態1と同様であるから、説明を省略する。
 実施形態2に特徴的なプログラムとして、「セキュリティ情報取得プログラム」を有する。
 「セキュリティ情報取得プログラム」は、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報をセキュリティ情報蓄積部から取得するためのプログラムである。セキュリティ情報蓄積部は、セキュリティ情報を記憶しているROM等のメモリそのものあるいはメモリ内に存在している領域のことをいう。セキュリティ情報取得プログラムは、セキュリティ情報蓄積部にアクセスしてセキュリティ情報を取得して、メインメモリにセキュリティ情報を展開する。
 展開された上記各プログラムは順次又は常時実行される。なお、本正当性認証起動管理システムの実行の際に参照されるデータとしては、セキュリティ情報、正当性認証情報、正当性判断結果、中止命令、図示しない通信など各種の設定情報等が保持され、BIOSの管理の下(あるいはサブOSの管理の下)メインメモリにロードされ、正当性認証起動管理システムのプログラム実行に際して参照され、利用される。 <Embodiment 2 Hardware Configuration Description of Program and Information of Legitimacy Authentication Startup Management System>
As a program that executes the processing common to the first embodiment, there are a "validity check program" and a "start processing continuation / cancellation program". Since the function of the program is the same as that of the first embodiment, the description thereof will be omitted.
As a program characteristic of the second embodiment, there is a "security information acquisition program".
The "security information acquisition program" is a program for acquiring security information of hardware under the MPU of the computer from the security information storage unit at the time of starting up the computer and before starting the system. The security information storage unit refers to a memory itself such as a ROM that stores security information or an area existing in the memory. The security information acquisition program accesses the security information storage unit, acquires the security information, and expands the security information in the main memory.
Each of the expanded programs is executed sequentially or constantly. In addition, as the data referred to when the legitimacy authentication activation management system is executed, various setting information such as security information, legitimacy authentication information, legitimacy judgment result, stop order, communication (not shown), etc. are retained. It is loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and is referred to and used when executing the program of the legitimacy authentication startup management system.
<実施形態2 処理の流れ>
 図9は、実施形態2の最も基本的な構成の処理の流れを示す図である。この図に示すように、コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアのセキュリティ情報をセキュリティ情報蓄積部から取得する「セキュリティ情報蓄積部からセキュリティ情報取得ステップ」(0901)、「正当性チェックステップ」(0902)、「セキュリティ情報チェック結果判断ステップ」(0903)、「起動処理続行中止ステップ」(0904)、「起動処理続行ステップ」(0905)と、を少なくとも実行する。実施形態1と共通の処理を行うステップについては、実施形態1にて既に説明済みであることから、説明を省略した。 <Example 2 Processing flow>
FIG. 9 is a diagram showing a processing flow of the most basic configuration of the second embodiment. As shown in this figure, the "security information acquisition step from the security information storage unit" (0901), in which the security information of the hardware under the MPU of the computer is acquired from the security information storage unit at the time of starting up the computer and before the system is started. , "Validity check step" (0902), "Security information check result determination step" (0903), "Startup process continuation stop step" (0904), "Startup process continuation step" (0905) are executed at least. Since the steps for performing the processing common to the first embodiment have already been described in the first embodiment, the description thereof has been omitted.
<実施形態3>
<実施形態3 概要>
 本実施形態における発明は、実施形態2に記載する発明の特徴に加えて、コンピュータの立上時でシステム起動前に当該コンピュータのMPUの立上によって得られる当該MPU配下のハードウエアのセキュリティ情報に基づいたセキュリティ情報である立上時セキュリティ情報を利用して、正当性認証起動管理を行うことを特徴とする。 <Embodiment 3>
<Outline of Embodiment 3>
In addition to the features of the invention described in the second embodiment, the invention in the present embodiment includes security information of hardware under the MPU obtained by starting the MPU of the computer at the time of starting the computer and before starting the system. It is characterized in that the validity authentication activation management is performed by using the startup security information which is the based security information.
<実施形態3 発明の構成>
 図10は、本実施形態における正当性認証起動管理システムの最も基本的な発明の構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(1001)、セキュリティ情報蓄積部(1002)、立上時セキュリティ情報取得部(1003)、正当性認証情報保持部(1004)、正当性チェック部(1005)、立上時正当性チェック手段(1006)、起動処理続行中止部(1007)と、からなる。以下では、実施形態2との共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 3 Invention>
FIG. 10 is a functional block diagram showing an example of the configuration of the most basic invention of the validity authentication activation management system in the present embodiment. As shown in the figure, the security information acquisition unit (1001), the security information storage unit (1002), the startup security information acquisition unit (1003), the validity authentication information holding unit (1004), and the validity check unit (1005). , The startup processing validity check means (1006), and the start processing continuation / stop unit (1007). In the following, the description of the configuration common to the second embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態3 構成の説明>
<実施形態3 立上時セキュリティ情報取得部>
 「立上時セキュリティ情報取得部」は、コンピュータの立上時でシステム起動前に当該コンピュータのMPUの立ち上がりによって得られる当該MPU配下のハードウエアのセキュリティ情報に基づいたセキュリティ情報である立上時セキュリティ情報を取得する。立上時セキュリティ情報としては、ハードウエアの種類ごとに与えられている種類識別情報、各ハードウエアの個体ごとに与えられている個体識別情報、等が考えられる。あるいは、本正当性認証起動管理システムにおいてセキュリティ情報として認証可能なユニークな番号として与える識別情報であってもよい。 <Explanation of Embodiment 3 Configuration>
<Embodiment 3 Security Information Acquisition Department at Startup>
The "start-up security information acquisition unit" is the start-up security which is security information based on the security information of the hardware under the MPU obtained by starting up the MPU of the computer at the time of starting the computer and before starting the system. Get information. As the startup security information, type identification information given for each type of hardware, individual identification information given for each individual hardware, and the like can be considered. Alternatively, it may be identification information given as a unique number that can be authenticated as security information in this legitimacy authentication activation management system.
 立上時セキュリティ情報を取得する方法としては、BIOSが各ハードウエアから起動のための起動シグナル等を受信する際に、これに関連付けてあるいはこれに含まれる情報として取得する方法が考えられる。立上時セキュリティ情報をBIOSが取得すると、BIOSは立上時セキュリティ情報を獲得した順にメモリ領域に書き込むことで、立上時セキュリティ情報のリストを生成する。このとき立上時セキュリティ情報のリストを生成するメモリは、メインメモリであってもよいし、そのほかの立上時セキュリティ情報を記憶するための記憶領域を設ける構成となっていてもよい。あるいは、BIOSが存在しているチップ上のキャッシュメモリとして構成されていてもよい。なお、立上時セキュリティ情報のリストは、立上の都度認証に利用するリストであり、立上の都度獲得されるべき情報であることから、コンピュータの起動時にのみ記憶される一時的な記録として記憶可能なように構成されていれば足りる。 As a method of acquiring security information at startup, when the BIOS receives a startup signal or the like for booting from each hardware, a method of acquiring it in association with or as information contained therein can be considered. When the BIOS acquires the startup security information, the BIOS writes the startup security information in the memory area in the order in which the startup security information is acquired, thereby generating a list of the startup security information. At this time, the memory that generates the list of startup security information may be the main memory, or may be configured to provide a storage area for storing other startup security information. Alternatively, it may be configured as a cache memory on the chip in which the BIOS resides. The list of security information at startup is a list used for authentication each time the computer is started, and is information that should be acquired each time the computer is started. Therefore, it is a temporary record that is stored only when the computer is started. It suffices if it is configured to be memorable.
 <実施形態3 立上時正当性チェック手段>
 「立上時正当性チェック手段」は、セキュリティ情報であって、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、立上時セキュリティ情報とに基づいて立上時セキュリティ情報の正当性をチェックする。図11は、立上時正当性チェック手段によるチェック方法を概念的に示した図である。図に示す様に、立上時セキュリティ情報と蓄積セキュリティ情報とを用いて、立上時セキュリティ情報の正当性を判断する。立上時セキュリティ情報は、上述のようにコンピュータの立上時にMPU配下に配置されている各種ハードウエアを識別するための情報としてBIOS等の各種ハードウエアの起動を管理制御するハードウエアによって獲得される。立上時正当性情報は、MPU配下にあるコンピュータ内の情報やコンピュータの動作に関連するハードウエアの網羅的なリストといえる。したがって、立上時正当性チェック手段によって立上時セキュリティ情報の正当性をチェックすることによって、MPU配下にある各種ハードウエアが設計者の設計意図に沿った構成となっているか否かを判断することが可能となる。 <Embodiment 3 Stand-up validity check means>
The "startup validity check means" is security information, and checks the validity of the startup security information based on the security information stored in the security information storage unit and the startup security information. .. FIG. 11 is a diagram conceptually showing a check method by the start-up validity check means. As shown in the figure, the validity of the startup security information is judged by using the startup security information and the accumulated security information. As described above, the startup security information is acquired by the hardware that manages and controls the startup of various hardware such as the BIOS as information for identifying various hardware arranged under the MPU at the time of computer startup. To. The startup legitimacy information can be said to be an exhaustive list of information in the computer under the MPU and hardware related to the operation of the computer. Therefore, by checking the validity of the startup security information by the startup validity checking means, it is determined whether or not the various hardware under the MPU has a configuration in line with the designer's design intention. It becomes possible.
<実施形態3 ハードウエア構成>
 図11は、実施形態3の最も基本的なハードウエア構成の一例を示す図である。図に示す各種ハードウエア(メモリカード、メインメモリ、フラッシュメモリ、クロックジェネレータ、SATAコネクタ、ネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ、グラフィックスプロセッシングユニット、ポート80ディスプレイ、チップセット、拡張カード、ハードディスクドライブ)、MPU、不揮発性メモリ、メインメモリ、BIOS、インターフェイスの基本的な構造については、実施形態1で説明してあるので省略する。 <Embodiment 3 Hardware Configuration>
FIG. 11 is a diagram showing an example of the most basic hardware configuration of the third embodiment. Various hardware shown in the figure (memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk The basic structure of the drive), MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
 <実施形態3 ハードウエア構成 本システムがBIOS配下にあることについて>
 図12に示す様に、本正当性認証起動管理システムは、OSの起動前の処理を問題としていることから、その時点で起動状態にあるBIOSの配下にプログラム(本実施形態では:セキュリティ情報取得プログラム、正当性チェックプログラム、立上時セキュリティ情報取得プログラム、立上時正当性チェックプログラム、起動処理続行中止プログラム、を少なくとも有する。)が位置しており、これらのプログラムは、MPUが処理可能にBIOSによってメインメモリに展開される。さらに、各種情報もBIOSによってメインメモリに展開されるように構成してもよい。あるいはMPUが直接BIOS配下の本システムを構成するハードウエア中の情報にアクセスするように構成することもできる。 <Embodiment 3 Hardware Configuration About the fact that this system is under the BIOS>
As shown in FIG. 12, since the legitimacy authentication activation management system has a problem of processing before the OS is started, a program (in the present embodiment: security information acquisition: acquisition of security information) is under the control of the BIOS that is in the activated state at that time. It has at least a program, a validity check program, a startup security information acquisition program, a startup validity check program, and a start processing continuation / cancellation program), and these programs can be processed by the MPU. Expanded to main memory by BIOS. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
 あるいは、本正当性認証起動管理システムのためのファームウェアやOS(便宜上、以後「サブOS」と呼ぶことにする)構築し、サブOSを起動させた後に、サブOSの管理のもとに本正当性認証起動管理システムを実行するように構成することも可能である。 Alternatively, after constructing the firmware and OS for this legitimacy authentication boot management system (hereinafter referred to as "sub OS" for convenience) and booting the sub OS, this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
 <実施形態3 ハードウエア構成 正当性認証起動管理システムのプログラム及び情報の説明>
 実施形態1と共通の処理を実行するプログラムとして、「セキュリティ情報取得部」「起動処理続行中止プログラム」がある。プログラムの機能については、実施形態と2同様であるから、説明を省略する。
 実施形態3に特徴的なプログラムとして、「立上時セキュリティ情報取得部」「正当性チェック部」「立上時正当性チェック手段」、を有する。
 「立上時セキュリティ情報取得部」は、コンピュータの立上時でシステム起動前に当該コンピュータのMPUの立上によって得られる当該MPU配下のハードウエアのセキュリティ情報に基づいたセキュリティ情報である立上時セキュリティ情報を取得する。立上時セキュリティ情報は、当該コンピュータのMPU配下のハードウエアの全部または一部のセキュリティ情報から取得される。
 「正当性チェック部」は、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、立上時セキュリティ情報と、正当性認証情報とに基づいて、正当性チェックを行う。
 「立上時正当性チェック手段」は、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、立上時セキュリティ情報とに基づいて立上時セキュリティ情報の正当性をチェックする。
 展開された上記各プログラムは順次又は常時実行される。なお、本正当性認証起動管理システムの実行の際に参照されるデータとしては、セキュリティ情報、正当性認証情報、正当性判断結果、立上時セキュリティ情報、立上時正当性チェック結果、中止命令、図示しない通信など各種の設定情報等が保持され、BIOSの管理の下(あるいはサブOSの管理の下)メインメモリにロードされ、正当性認証起動管理システムのプログラム実行に際して参照され、利用される。 <Embodiment 3 Hardware Configuration Description of Program and Information of Legitimacy Authentication Startup Management System>
As a program that executes the same processing as that of the first embodiment, there are a "security information acquisition unit" and a "start processing continuation / cancellation program". Since the function of the program is the same as that of the second embodiment, the description thereof will be omitted.
As a program characteristic of the third embodiment, there are a "startup security information acquisition unit", a "validity check unit", and a "startup validity check means".
The "start-up security information acquisition unit" is security information based on the security information of the hardware under the MPU obtained by starting up the MPU of the computer at the time of starting up the computer before starting the system. Get security information. The startup security information is obtained from all or part of the security information of the hardware under the MPU of the computer.
The "validity check unit" performs a validity check based on the security information stored in the security information storage unit, the startup security information, and the validity authentication information.
The "start-up validity check means" checks the validity of the start-up security information based on the security information stored in the security information storage unit and the start-up security information.
Each of the expanded programs is executed sequentially or constantly. The data referred to when executing this legitimacy authentication activation management system includes security information, legitimacy authentication information, legitimacy judgment result, startup security information, startup validity check result, and stop order. , Various setting information such as communication (not shown) is retained, loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and is referred to and used when executing the program of the legitimacy authentication startup management system. ..
<実施形態3 処理の流れ>
 図13は、実施形態3の最も基本的な構成の処理の流れを示す図である。この図に示すように、「セキュリティ蓄積部からセキュリティ情報取得ステップ」(1301)、立上時セキュリティ情報を取得するための「立上時セキュリティ情報取得ステップ」(1302)、「正当性チェックステップ」(1303)、蓄積されているセキュリティ情報と立上時セキュリティ情報とに基づいて立上時セキュリティ情報の正当性を認証するための「立上時正当性チェックサブステップ」(1304)、立上時正当性チェック結果が正当であるか否かを判断する「立上時セキュリティ情報チェック結果判断ステップ」(1305)、立上時セキュリティ情報のチェック結果として立上時セキュリティ情報が正当であった場合に、正当性認証結果が正当であるか否かを判断する「セキュリティチェック結果判断ステップ」(1306)、立上時セキュリティ情報のチェック結果において正当性が認証されなかった場合、又は、セキュリティ情報の正当性チェック結果において正当性が認証されなかった場合に「起動処理続行中止ステップ」(1307)、セキュリティ情報の正当性チェック結果において正当性が認証された場合に「起動処理続行ステップ」(1308)と、を少なくとも実行する。実施形態と共通の処理を行うステップについては、実施形態1又は実施形態2にて既に説明済みであることから、説明を省略した。 <Example 3 Processing flow>
FIG. 13 is a diagram showing a processing flow of the most basic configuration of the third embodiment. As shown in this figure, "security information acquisition step from the security storage unit" (1301), "startup security information acquisition step" (1302), and "validity check step" for acquiring startup security information. (1303), "Startup Legitimacy Check Substep" (1304) for authenticating the validity of the startup security information based on the accumulated security information and the startup security information, at the time of startup. "Start-up security information check result judgment step" (1305) to judge whether the validity check result is valid, when the startup security information is valid as the start-up security information check result. , "Security check result judgment step" (1306) to judge whether the validity authentication result is valid, when the validity is not verified in the check result of the security information at startup, or the validity of the security information When the validity is not authenticated in the sex check result, it is called "start processing continuation stop step" (1307), and when the validity is authenticated in the security information validity check result, it is called "start processing continuation step" (1308). , At least do. Since the steps for performing the processing common to the embodiment have already been described in the first embodiment or the second embodiment, the description thereof has been omitted.
<実施形態3 その他の実施形態1:蓄積セキュリティ情報の真正を担保する>
<実施形態3 その他の実施形態1:概要>
 図14に概念的に示す様に、本実施形態は実施形態3の構成に加えて、蓄積セキュリティ情報の真正性を正当性認証情報を用いたチェックによって担保する構成である。 <Embodiment 3 Other Embodiment 1: Ensuring the authenticity of accumulated security information>
<Embodiment 3 Other Embodiment 1: Overview>
As conceptually shown in FIG. 14, in addition to the configuration of the third embodiment, the present embodiment has a configuration in which the authenticity of the accumulated security information is guaranteed by a check using the legitimacy authentication information.
<実施形態3 その他の実施形態1:構成>
 図15は、その他の実施形態1における構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報蓄積部(1501)、セキュリティ情報取得部(1502)、蓄積セキュリティ情報真正性判断部(1503)、正当性認証情報保持部(1504)、正当性チェック部(1505)、起動処理続行中止部(1506)と、からなる。以下では、他の実施形態と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明をする。 <Embodiment 3 Other Embodiment 1: Configuration>
FIG. 15 is a functional block diagram showing an example of the configuration according to the other first embodiment. As shown in the figure, the security information storage unit (1501), the security information acquisition unit (1502), the stored security information authenticity judgment unit (1503), the validity authentication information holding unit (1504), and the validity check unit (1505). It is composed of a start processing continuation stop unit (1506). In the following, the description of the configuration common to the other embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態3 その他の実施形態1:構成の説明>
<実施形態3 その他の実施形態1 構成の説明:蓄積セキュリティ情報真正性判断部>
 「蓄積セキュリティ情報真正性判断部」は、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、正当性認証情報保持部に保持されている正当性認証情報とを用いて蓄積されているセキュリティ情報の真正性をチェックする。 <Embodiment 3 Other Embodiment 1: Explanation of configuration>
<Embodiment 3 Other Embodiment 1 Description of configuration: Accumulated security information authenticity judgment unit>
The "stored security information authenticity judgment unit" is the security information stored using the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit. Check the authenticity.
 蓄積セキュリティ情報の真正性を担保する方法としては、図14に示すように、蓄積セキュリティ情報を正当性認証情報を用いてチェックする方法が考えられる。
 具体的には、例えば、まずセキュリティ情報取得部がセキュリティ情報蓄積部に蓄積されたセキュリティ情報を取得する。取得したセキュリティ情報の内容が正当であるかを正当性認証情報を用いて判断し、セキュリティ情報蓄積部に蓄積されているセキュリティ情報が確かに設計者の意図に沿った設計事項を内容とするハードウエア構成を示すリストであることを認証する。このようにして、正当性認証情報を用いてセキュリティ情報蓄積部に蓄積されているセキュリティ情報の真正をチェックする方法が考えられる。 As a method of ensuring the authenticity of the stored security information, as shown in FIG. 14, a method of checking the stored security information using the legitimacy authentication information can be considered.
Specifically, for example, the security information acquisition unit first acquires the security information accumulated in the security information storage unit. Hardware that determines whether the content of the acquired security information is legitimate using the legitimacy authentication information, and that the security information stored in the security information storage unit certainly contains the design items in line with the designer's intention. Authenticate that it is a list showing the wear configuration. In this way, a method of checking the authenticity of the security information stored in the security information storage unit using the legitimacy authentication information can be considered.
 蓄積セキュリティ情報の真正性のチェック後、上述の実施形態3同様に、真正性を認証されたセキュリティ情報と立上時セキュリティ情報を関連付けて処理して、立上時正当性チェック結果を取得する。セキュリティ情報蓄積部に蓄積されているセキュリティ情報と立上時セキュリティ情報の間に完全一致しているという立上時正当性チェック結果が認められる場合にのみ、正当性が認証されるという正当性認証結果が得られる。 After checking the authenticity of the accumulated security information, the security information whose authenticity has been authenticated is processed in association with the startup security information in the same manner as in the third embodiment, and the startup validity check result is acquired. Legitimacy authentication that the legitimacy is authenticated only when the startup legitimacy check result that the security information stored in the security information storage unit and the startup security information are exactly the same is recognized. The result is obtained.
 このように立上時セキュリティ情報を間接的にチェックすることは一見して直接的にチェックすることと比べて余計な時間を費やするかのような印象を与えるが、それは違う。立上時セキュリティ情報は、MPU配下のハードウエアから毎回ランダムな順番で送られてくるのでランダムに到達した各ハードウエアのセキュリティ情報をソートして予め予定されている順に並べてから正当性認証情報保持部に保持されている正当性認証情報を用いた正当性の認証を行わなければならない。特に、正当性認証情報保持部に保持された正当性認証情報が順に並べられたセキュリティ情報を用いた特定のハッシュ関数に用ハッシュ値との比較によって行われる場合にはこの要請が必須となる。そこで本実施形態のような構成をとることにより、予め定められた順に並んだセキュリティ情報蓄積部に蓄積されたセキュリティ情報の真正性をチェックし、この真正性が認められたセキュリティ情報と、立上時セキュリティとを比較する演算を行う。この演算は特に秘匿性が高く堅牢に守られている正当性認証情報を用いた演算よりも演算負荷が軽くなる。つまりそれほど秘匿性が要求されない計算処理によって演算できるからである。従ってこの計算は高速で可能であり、全体として演算速度が速くできるという効果を有する。 Indirectly checking the security information at startup in this way gives the impression that it takes extra time compared to checking directly at first glance, but that is not the case. Since the security information at startup is sent from the hardware under the MPU in a random order each time, the security information of each hardware that arrives at random is sorted and arranged in the order scheduled in advance, and then the validity authentication information is retained. The legitimacy must be authenticated using the legitimacy authentication information held in the department. In particular, this request is indispensable when the legitimacy authentication information held in the legitimacy authentication information holding unit is compared with the hash value for a specific hash function using the security information arranged in order. Therefore, by adopting a configuration like the present embodiment, the authenticity of the security information accumulated in the security information storage unit arranged in a predetermined order is checked, and the security information whose authenticity is recognized and the start-up Performs operations to compare with time security. This calculation has a lighter calculation load than the calculation using the legitimacy authentication information, which is particularly highly confidential and robustly protected. In other words, it can be calculated by a calculation process that does not require so much confidentiality. Therefore, this calculation can be performed at high speed, and has the effect that the calculation speed can be increased as a whole.
 蓄積されているセキュリティ情報の正当性をチェックするためのハッシュ演算は正当性認証情報保持部に正当性認証情報とともに保持されているものを利用することができる。つまり正当セ認証情報保持部から外部にハッシュ関数を取り出し、そのハッシュ関数を用いて蓄積されているセキュリティ情報のハッシュ値を得る。このように構成するとハッシュ関数の改竄を防ぐことができるので安全性が高まる。 As the hash operation for checking the validity of the stored security information, the one held in the legitimacy authentication information holding unit together with the legitimacy authentication information can be used. That is, the hash function is taken out from the legitimate authentication information holding unit, and the hash value of the accumulated security information is obtained by using the hash function. With this configuration, it is possible to prevent falsification of the hash function, which enhances security.
 なお、セキュリティ情報のハッシュ演算は必ずしも1回で処理する必要はなく、複数回に分けて処理してもよい。このようにハッシュ演算をブロック化した複数のセキュリティ情報に分けて処理すると、MPU配下のどのハードウエアのブロックで正当性が認められなかったかを判別することができ、その後の処理の最適化を図ることができる場合がある。例えば一部のブロックでは正当性が認証されなかったために起動処理の続行を中止し、他の正当性が認められたブロックでは起動処理を続行する、という対策をとることができる。 Note that the hash calculation of security information does not necessarily have to be processed once, and may be processed in multiple times. By dividing the hash operation into a plurality of blocked security information in this way, it is possible to determine which hardware block under the MPU was not validated, and to optimize the subsequent processing. You may be able to. For example, it is possible to take measures such that the continuation of the startup process is stopped because the legitimacy is not authenticated in some blocks, and the startup process is continued in other blocks whose legitimacy is recognized.
 蓄積されているセキュリティ情報の真正性の判断は、ハッシュ関数を利用する場合の他に暗号化の結果を比較する手法も考えられる。正当性認証情報は設計者の意図に沿った設計事項を内容とするハードウエア構成情報を特定のキーを用いて暗号化した場合に得られる暗号情報として構成しておき、セキュリティ情報蓄積部に蓄積されているセキュリティ情報に暗号情報を作成するのと同様の暗号キーを用いて暗号化した暗号化セキュリティ情報を獲得して、正当性認証情報と暗号化セキュリティ情報を比較することによって両者が完全に一致した場合にのみ、セキュリティ情報の真正を認証する構成が考えられる。 To judge the authenticity of the accumulated security information, a method of comparing the encryption results can be considered in addition to the case of using the hash function. The validity authentication information is configured as encrypted information obtained when the hardware configuration information containing the design items according to the designer's intention is encrypted using a specific key, and is stored in the security information storage unit. By acquiring the encrypted security information encrypted using the same encryption key as creating the encrypted information in the security information, and comparing the legitimacy authentication information and the encrypted security information, both are completely. A configuration that authenticates the authenticity of security information can be considered only when they match.
 本実施形態における正当性認証起動管理システムは、コンピュータの電源をいれてから、立上が完了するまでの間に行われる処理であり、ハッシュ演算や暗号化に要する時間はすなわちダイレクトにコンピュータの立上に要する時間として反映されることになる。 The legitimacy authentication activation management system in the present embodiment is a process performed from when the computer is turned on until the start-up is completed, and the time required for hash calculation and encryption is that is, the computer stands up directly. It will be reflected as the time required for the above.
<実施形態3 その他の実施形態1:ハードウエア構成>
 図16は、その他の実施形態1のハードウエア構成の一例を示す図である。図に示す各種ハードウエア(メモリカード、メインメモリ、フラッシュメモリ、クロックジェネレータ、SATAコネクタ、ネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ、グラフィックスプロセッシングユニット、ポート80ディスプレイ、チップセット、拡張カード、ハードディスクドライブ)、MPU、不揮発性メモリ、メインメモリ、BIOS、インターフェイスの基本的な構造については、実施形態1で説明してあるので省略する。 <Embodiment 3 Other Embodiment 1: Hardware configuration>
FIG. 16 is a diagram showing an example of the hardware configuration of the other embodiment 1. Various hardware shown in the figure (memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk The basic structure of the drive), MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
 <実施形態3 その他の実施形態1:ハードウエア構成 本システムがBIOS配下にあることについて>
 本正当性認証起動管理システムは、OSの起動前の処理を問題としていることから、その時点で起動状態にあるBIOSの配下にプログラム(本実施形態では:セキュリティ情報取得プログラム、蓄積セキュリティ情報真正判断プログラム、正当性チェックプログラム、起動処理続行中止プログラム、を少なくとも有する。)が位置しており、これらのプログラムは、MPUが処理可能にBIOSによってメインメモリに展開される。さらに、各種情報もBIOSによってメインメモリに展開されるように構成してもよい。あるいはMPUが直接BIOS配下の本システムを構成するハードウエア中の情報にアクセスするように構成することもできる。 <Embodiment 3 Other Embodiment 1: Hardware configuration About the fact that this system is under the BIOS>
Since this legitimacy authentication boot management system has a problem of processing before the OS boots, a program under the BIOS that is in the boot state at that time (in this embodiment: security information acquisition program, accumulated security information authenticity judgment). It has at least a program, a validity check program, and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
 あるいは、本正当性認証起動管理システムのためのファームウェアやOS(便宜上、以後「サブOS」と呼ぶことにする)構築し、サブOSを起動させた後に、サブOSの管理のもとに本正当性認証起動管理システムを実行するように構成することも可能である。 Alternatively, after constructing the firmware and OS for this legitimacy authentication boot management system (hereinafter referred to as "sub OS" for convenience) and booting the sub OS, this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
 <実施形態3 その他の実施形態1:ハードウエア構成 正当性認証起動管理システムのプログラム及び情報の説明>
 図16に示す様に、他の実施形態との共通の処理を実行するプログラムとして、「セキュリティ情報取得プログラム」、「正当性チェックプログラム」、「起動処理続行中止プログラム」がある。プログラムの機能については、他の実施形態と同様であるから、説明を省略する。
 その他の実施形態1に特徴的なプログラムとして、「蓄積セキュリティ情報真正性判断プログラム」を有する。
 「蓄積セキュリティ情報真正性判断プログラム」は、セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、正当性認証情報保持部に保持されている正当性認証情報とを用いて蓄積されているセキュリティ情報の真正性をチェックする。
 展開された上記各プログラムは順次又は常時実行される。なお、本正当性認証起動管理システムの実行の際に参照されるデータとしては、セキュリティ情報、正当性認証情報、真正判断結果、正当性判断結果、中止命令、図示しない通信など各種の設定情報等が保持され、BIOSの管理の下(あるいはサブOSの管理の下)メインメモリにロードされ、正当性認証起動管理システムのプログラム実行に際して参照され、利用される。 <Embodiment 3 Other Embodiment 1: Hardware configuration Description of the program and information of the validity authentication activation management system>
As shown in FIG. 16, as a program that executes common processing with other embodiments, there are a "security information acquisition program", a "validity check program", and a "start processing continuation / cancellation program". Since the function of the program is the same as that of other embodiments, the description thereof will be omitted.
As another program characteristic of the first embodiment, there is a "stored security information authenticity judgment program".
The "stored security information authenticity judgment program" is the security information stored in the security information storage unit and the security information stored in the legitimacy authentication information holding unit. Check the authenticity.
Each of the expanded programs is executed sequentially or constantly. The data referred to when executing this legitimacy authentication activation management system includes security information, legitimacy authentication information, authenticity judgment result, legitimacy judgment result, stop order, various setting information such as communication (not shown), etc. Is retained, loaded into the main memory under the control of the BIOS (or under the control of the sub-OS), and referenced and used when executing the program of the legitimacy authentication startup management system.
<実施形態3 その他の実施形態1:処理の流れ>
 図17は、その他の実施形態1の最も基本的な構成の処理の流れを示す例図である。この図に示すように、蓄積セキュリティ情報の真正性をチェックるすための「蓄積セキュリティ情報真正性判断ステップ」(1701)、蓄積セキュリティ情報判断ステップの判断結果が真正であるか否かをチェックする「蓄積セキュリティ情報チェック結果真正性判断ステップ」(1702)、蓄積セキュリティ情報の真正判断結果が真正である場合には「セキュリティ情報蓄積部からセキュリティ情報取得ステップ」(1703)、「正当性チェックステップ」(1704)、セキュリティ情報正当性チェック結果が正当か否かを判断する「セキュリティ情報正当性チェック結果判断ステップ」(1705)、蓄積セキュリティ情報の真正判断結果が真正ではない場合、又は、セキュリティ情報の正当性が認証されなかった場合に「起動処理続行中止ステップ」(1706)、正当性が認証された場合に「起動処理続行ステップ」(1707)と、を少なくとも実行する。他の実施形態と共通の処理を行うステップについては、説明を省略した。 <Embodiment 3 Other Embodiment 1: Process flow>
FIG. 17 is an example diagram showing a processing flow of the most basic configuration of the other embodiment 1. As shown in this figure, the "stored security information authenticity judgment step" (1701) for checking the authenticity of the stored security information, and checking whether or not the judgment result of the stored security information judgment step is authentic. "Accumulated security information check result authenticity judgment step" (1702), "Security information acquisition step from security information storage unit" (1703), "validity check step" when the authenticity judgment result of accumulated security information is authentic (1704), "Security information validity check result judgment step" (1705) to judge whether the security information validity check result is valid, when the authenticity judgment result of the accumulated security information is not genuine, or of the security information If the validity is not authenticated, the "start processing continuation cancel step" (1706) is executed, and if the validity is authenticated, the "start processing continuation step" (1707) is executed at least. The description of the step of performing the process common to other embodiments is omitted.
<実施形態3 その他の実施形態2:概要>
 その他の実施形態1で記載したように、蓄積セキュリティ情報の真正性をチェックした時、蓄積セキュリティ情報が真正ではないというチェック結果が得られた場合に、セキュリティ情報取得部による蓄積セキュリティ情報の取得を制御して取得させないようにして、この段階でシステムの起動を中止する構成である。 <Embodiment 3 Other Embodiment 2: Overview>
As described in the other embodiment 1, when the authenticity of the accumulated security information is checked, if the check result that the accumulated security information is not authentic is obtained, the security information acquisition unit acquires the accumulated security information. The configuration is such that the system startup is stopped at this stage so that it is not controlled and acquired.
<実施形態3 その他の実施形態2:発明の構成>
 図18は、その他の実施形態2における正当性認証起動管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報蓄積部(1801)、セキュリティ情報取得部(1802)、蓄積セキュリティ情報真正性判断部(1803)、取得制限部(1804)、正当性認証情報保持部(1805)、正当性チェック部(1806)、起動処理続行中止部(1807)と、からなる。以下では、他の実施形態と共通の構成についての説明は省略し、本実施形態に特有の構成について説明をする。 <Embodiment 3 Other Embodiment 2: Configuration of the invention>
FIG. 18 is a functional block diagram showing an example of the most basic configuration of the validity authentication activation management system according to the second embodiment. As shown in the figure, the security information storage unit (1801), the security information acquisition unit (1802), the accumulated security information authenticity judgment unit (1803), the acquisition restriction unit (1804), the legitimacy authentication information holding unit (1805), It consists of a validity check unit (1806) and a start processing continuation / cancellation unit (1807). In the following, the description of the configuration common to other embodiments will be omitted, and the configuration peculiar to this embodiment will be described.
<実施形態3 その他の実施形態2:構成の説明>
<実施形態3 その他の実施形態2 構成の説明:取得制御部>
 「取得制御部」は、蓄積セキュリティ情報真正性判断部での判断結果が真正でないとの判断結果である場合」には、セキュリティ情報取得部がセキュリティ情報蓄積部からセキュリティ情報を取得しないように制御する。取得制限部がセキュリティ情報取得部によるセキュリティ情報の取得を制限する方法としては、取得制限部がセキュリティ情報取得部に対して取得処理の中止を指示する中止命令を出力する方法が考えられる。あるいは、取得制限部が取得指示を出したときにのみセキュリティ情報取得部がセキュリティ情報を取得するように構成し、取得制限部がセキュリティ情報取得部に対してセキュリティ情報の取得指示を出さないことによって取得を制限するように構成してもよい。 <Embodiment 3 Other Embodiment 2: Explanation of configuration>
<Embodiment 3 Other Embodiment 2 Description of configuration: Acquisition control unit>
The "acquisition control unit" controls so that the security information acquisition unit does not acquire security information from the security information storage unit when the judgment result of the accumulated security information authenticity judgment unit is not genuine. To do. As a method in which the acquisition restriction unit restricts the acquisition of security information by the security information acquisition unit, a method in which the acquisition restriction unit outputs a stop command instructing the security information acquisition unit to stop the acquisition process can be considered. Alternatively, the security information acquisition unit is configured to acquire the security information only when the acquisition restriction unit issues an acquisition instruction, and the acquisition restriction unit does not issue the security information acquisition instruction to the security information acquisition unit. It may be configured to limit acquisition.
 取得制限部を構成することによって、仮に蓄積セキュリティ情報が真正でない場合には、真正性のチェック以降起動のための処理を進行させる必要がなく、取得制限部がない場合よりもより早期にコンピュータの起動処理の続行の中止を行う。 By configuring the acquisition restriction unit, if the accumulated security information is not genuine, it is not necessary to proceed with the process for starting after checking the authenticity, and the computer's computer can be installed earlier than when there is no acquisition restriction unit. Cancels the continuation of the startup process.
<実施形態3 その他の実施形態2:ハードウエア構成>
  図19は、その他の実施形態2の最も基本的なハードウエア構成の一例を示す図である。図に示す各種ハードウエア(メモリカード、メインメモリ、フラッシュメモリ、クロックジェネレータ、SATAコネクタ、ネットワークコントローラチップ、サウンドコントローラチップ、ディスプレイコントローラチップ、グラフィックスプロセッシングユニット、ポート80ディスプレイ、チップセット、拡張カード、ハードディスクドライブ)、MPU、不揮発性メモリ、メインメモリ、BIOS、インターフェイスの基本的な構造については、実施形態1で説明してあるので省略する。 <Embodiment 3 Other Embodiment 2: Hardware configuration>
FIG. 19 is a diagram showing an example of the most basic hardware configuration of the other second embodiment. Various hardware shown in the figure (memory card, main memory, flash memory, clock generator, SATA connector, network controller chip, sound controller chip, display controller chip, graphics processing unit, port 80 display, chipset, expansion card, hard disk The basic structure of the drive), MPU, non-volatile memory, main memory, BIOS, and interface has been described in the first embodiment and will be omitted.
 <実施形態3 その他の実施形態2 ハードウエア構成 本正当性認証起動管理システムがBIOS配下にあることについて>
 本正当性認証起動管理システムは、OSの起動前の処理を問題としていることから、その時点で起動状態にあるBIOSの配下にプログラム(本実施形態では:セキュリティ情報取得プログラム、蓄積セキュリティ情報真正判断プログラム、取得制御プログラム、正当性チェックプログラム、起動処理続行中止プログラム、を少なくとも有する。)が位置しており、これらのプログラムは、MPUが処理可能にBIOSによってメインメモリに展開される。さらに、各種情報もBIOSによってメインメモリに展開されるように構成してもよい。あるいはMPUが直接BIOS配下の本システムを構成するハードウエア中の情報にアクセスするように構成することもできる。 <Embodiment 3 Other Embodiment 2 Hardware configuration Regarding the fact that this legitimacy authentication activation management system is under the BIOS>
Since this legitimacy authentication boot management system has a problem of processing before the OS boots, a program under the BIOS that is in the booted state at that time (in this embodiment: security information acquisition program, accumulated security information authenticity judgment). It has at least a program, an acquisition control program, a validity check program, and a start processing continuation / cancellation program), and these programs are expanded to the main memory by the BIOS so that the MPU can process them. Further, various information may be configured to be expanded in the main memory by the BIOS. Alternatively, the MPU can be configured to directly access the information in the hardware constituting the system under the BIOS.
 あるいは、本正当性認証起動管理システムのためのファームウェアやOS(便宜上、以後「サブOS」と呼ぶことにする)構築し、サブOSを起動させた後に、サブOSの管理のもとに本正当性認証起動管理システムを実行するように構成することも可能である。 Alternatively, after constructing the firmware and OS for this legitimacy authentication boot management system (hereinafter referred to as "sub OS" for convenience) and booting the sub OS, this legitimacy is managed under the control of the sub OS. It can also be configured to run a sex authentication activation management system.
 <実施形態3 その他の実施形態2 ハードウエア構成 正当性認証起動管理システムのプログラム及び情報の説明>
 その他の実施形態1との共通の処理を実行するプログラムとして、「セキュリティ情報取得プログラム」、「蓄積セキュリテ情報真正性判断プログラム」、「正当性チェックプログラム」、「起動処理続行中止プログラム」がある。プログラムの機能については、実施形態4と同様であるから、説明を省略する。
 その他の実施形態2に特徴的なプログラムとして、「取得制限プログラム」を有する。
 「取得制限プログラム」は、蓄積セキュリティ情報真正性判断部での判断結果が真正でないとの判断結果である場合には、セキュリティ情報取得部は、セキュリティ情報蓄積部からのセキュリティ情報を取得しないように制御する。
 展開された上記各プログラムは順次又は常時実行される。なお、本正当性認証起動管理システムの実行の際に参照されるデータとしては、セキュリティ情報、正当性認証情報、真正判断結果、取得制御指示、正当性判断結果、中止命令、図示しないバス線通信など各種の設定情報等が保持され、BIOSの管理の下(あるいはサブOSの管理の下)メインメモリにロードされ、正当性認証起動管理システムのプログラム実行に際して参照され、利用される。 <Embodiment 3 Other Embodiment 2 Description of hardware configuration program and information of legitimacy authentication activation management system>
As a program that executes common processing with the other embodiment 1, there are a "security information acquisition program", a "stored security information authenticity judgment program", a "validity check program", and a "start processing continuation / cancellation program". Since the function of the program is the same as that of the fourth embodiment, the description thereof will be omitted.
As another program characteristic of the second embodiment, there is an "acquisition restriction program".
If the "acquisition restriction program" determines that the judgment result of the stored security information authenticity judgment unit is not genuine, the security information acquisition department should not acquire the security information from the security information storage unit. Control.
Each of the expanded programs is executed sequentially or constantly. The data referred to when the legitimacy authentication activation management system is executed includes security information, legitimacy authentication information, authenticity judgment result, acquisition control instruction, legitimacy judgment result, stop command, and bus line communication (not shown). Various setting information and the like are retained, loaded into the main memory under the control of the BIOS (or under the control of the sub OS), and are referred to and used when executing the program of the legitimacy authentication activation management system.
<実施形態3 その他の実施形態2 処理の流れ>
 図20は、その他の実施形態2の処理の流れを示す例図である。この図に示すように、「蓄積セキュリティ情報真正性判断ステップ」(2001)、蓄積セキュリティ情報真正性判断結果判断ステップ」(2002)、蓄積セキュリティ情報の真正性が認められない場合にセキュリティ情報取得部がセキュリティ情報を取得することを制限する「取得制御ステップ」(2003)、蓄積セキュリティ情報の真正性が認められる場合には「セキュリティ情報蓄積部からセキュリティ情報取得ステップ」(2004)、「正当性チェックステップ」(2005)、正当性チェック結果が正当であるか否かを判断する「正当性チェック結果判断ステップ」(2006)、正当性が認証されなかった場合に「起動処理続行中止ステップ」(2007)、正当性が認証された場合に「起動処理続行ステップ」(2008)と、を少なくとも実行する。他の実施形態との共通の処理を行うステップについては説明を省略した。 <Embodiment 3 Other Embodiment 2 Processing flow>
FIG. 20 is an example diagram showing the processing flow of the other embodiment 2. As shown in this figure, the "stored security information authenticity judgment step" (2001), the stored security information authenticity judgment result judgment step "(2002), and the security information acquisition unit when the authenticity of the stored security information is not recognized. "Acquisition control step" (2003) that restricts the acquisition of security information, "Security information acquisition step from the security information storage unit" (2004), "Validity check" if the authenticity of the accumulated security information is recognized. "Step" (2005), "Validity check result determination step" (2006) for determining whether or not the validity check result is valid, and "Start processing continuation cancellation step" (2007) when the validity is not authenticated. ), At least the "starting process continuation step" (2008) when the validity is authenticated. The description of the step of performing the process common to other embodiments is omitted.
<実施形態4>
<実施形態4 概要>
 本実施形態における発明は、実施形態1から実施形態3に記載した特徴に加えて、正当性認証情報が耐タンパ性領域に保持されていることを特徴とする。 <Embodiment 4>
<Outline of Embodiment 4>
The invention in the present embodiment is characterized in that, in addition to the features described in the first to third embodiments, the legitimacy authentication information is held in the tamper resistance region.
<実施形態4 発明の構成>
 図21は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(2101)、正当性認証情報保持部(2102)、正当性チェック部(2103)、起動処理続行中止部(2104)と、からなり、正当性認証情報保持部は耐タンパ領域内に正当性認証情報を保持している(2105)。以下では、実施形態1から実施形態3のいずれかに記載の発明と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 4 Invention>
FIG. 21 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2101), a legitimacy authentication information holding unit (2102), a legitimacy checking unit (2103), and a start processing continuation / stopping unit (2104). The unit holds the legitimacy authentication information in the tamper-resistant area (2105). In the following, the description of the configuration common to the invention described in any one of the first to third embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態4 構成の説明>
<実施形態4 耐タンパ領域>
 「耐タンパ領域」とは、耐タンパ性を有する領域である。一般的に、耐タンパ性を有する代表的なハードウエアとしては、耐タンパ性チップが用いられてきた。しかし、耐タンパ性チップは、保存可能なデータ領域が非常に小さく、処理速度が遅かった。そこで、正当性認証情報をそのままのデータ量で収納することが出来ない事態も想定可能であるし、耐タンパ性チップに保存されている正当性認証情報を正当性認証情報保持部から正当性チェック部に出力する場合に、数秒の時間を要する可能性があり、これに本システムの正当性認証から起動管理までに要する時間が起動時間全体に及ぼす影響割合が大きくなってくる。そこで、耐タンパ性チップではなく、耐タンパ領域を仮想的に作り、耐タンパ領域内に正当性認証情報を保存することによって、大きな容量の情報を保存可能とし、しかも通信速度は耐タンパ性がない状態のものとそれほど変わらないようにすることが可能となる。 <Explanation of Embodiment 4 Configuration>
<Embodiment 4 Anti-tamper area>
The "tamper-resistant region" is a region having tamper resistance. Generally, a tamper-resistant chip has been used as a typical hardware having tamper resistance. However, the tamper-resistant chip has a very small data area that can be stored, and the processing speed is slow. Therefore, it is possible that the legitimacy authentication information cannot be stored in the same amount of data, and the legitimacy authentication information stored in the tamper-resistant chip is checked by the legitimacy authentication information holding unit. It may take several seconds to output to the unit, and the time required from the validity authentication of this system to the startup management has a large effect on the entire startup time. Therefore, by virtually creating a tamper-resistant area instead of a tamper-resistant chip and storing the validity authentication information in the tamper-resistant area, it is possible to store a large amount of information, and the communication speed is tamper-resistant. It is possible to make it not so different from the one without it.
 ここで、耐タンパ性とは、外部からの観測や解析により暗号鍵などの機密情報や情報の処理過程、プログラムなどを抜き取ったり、動作に干渉してデータやプログラムを改竄されることのような、非正規な手段による解析や干渉に耐えられる強さをいう。耐タンパ性チップでは、特殊なパッケージに封入して開けると内部が破壊される仕組み、空気や光を検知して自動的に半導体メモリの内容が消去される仕組み、動作を解析されることを防ぐために消費電力や処理時間の変動を一定に保つ仕組み、等によって耐タンパ性を実現している。ソフトウェアの場合には、プログラムを暗号化して正規の実行時のみ復号して実行するような仕組み、プログラムを難解にしてリバースエンジニアリング等を用いても動作を解析されにくい仕組み、ハッシュ値などを利用した改竄検知の仕組み等によって耐タンパ性を実現している。 Here, tamper resistance means that confidential information such as an encryption key, the processing process of information, a program, etc. are extracted by observation or analysis from the outside, or data or a program is tampered with by interfering with the operation. , The strength to withstand analysis and interference by non-regular means. The anti-tamper chip has a mechanism that destroys the inside when it is enclosed in a special package and opened, a mechanism that detects air and light and automatically erases the contents of the semiconductor memory, and prevents the operation from being analyzed. Anti-tamper resistance is achieved by a mechanism that keeps fluctuations in power consumption and processing time constant. In the case of software, we used a mechanism that encrypts the program and decrypts it only during regular execution, a mechanism that makes the program difficult to analyze even if reverse engineering is used, and a hash value. Tamper resistance is achieved by a tampering detection mechanism.
 本実施形態では、耐タンパ性領域に記録されている情報、例えば正当性認証情報やハッシュ関数は外部から読み取れるが外部から改ざんされない、破壊されない、という機能を耐タンパ性という場合があり、また、単に改ざんされない、破壊されないだけでなく、内部の情報を外部から読み取れないという機能を耐タンパ性と呼ぶ場合がある。前者の場合は改ざんされることがない正当性認証情報やハッシュ関数は耐タンパ性領域から取り出した直後には正当なものであることが保証され、耐タンパ領域外でこれらの情報や関数を利用しても正しい処理ができる。後者の場合にはさらに堅牢であって耐タンパ領域に外部からチェックすべき情報例えばセキュリティ情報を取得して、耐タンパ領域内でその正当性をチェックして外部にその結果を出力することでハードウエアの正当性をチェックする。前者よりも後者の方がより堅牢ではあるが、耐タンパ性のチップは一般に高価であり、そのためにできるだけ容量を小さくし、機能も低く抑制したいという要請があるために前者の構成によって正当性をチェックすることに十分なコストパフォーマンスが得られる。 In the present embodiment, the function that the information recorded in the tamper resistance area, for example, the validity authentication information and the hash function can be read from the outside but is not tampered with or destroyed, may be referred to as tamper resistance. The function of not only being not tampered with or destroyed but also being unable to read internal information from the outside is sometimes called tamper resistance. In the former case, the validity authentication information and hash function that cannot be tampered with are guaranteed to be valid immediately after being taken out from the tamper resistance area, and these information and functions are used outside the tamper resistance area. Even so, the correct processing can be performed. In the latter case, it is more robust and hard by acquiring information that should be checked from the outside in the tamper-resistant area, for example, security information, checking its validity in the tamper-resistant area, and outputting the result to the outside. Check the validity of the wear. The latter is more robust than the former, but tamper-resistant chips are generally expensive, and there is a demand for as little capacity as possible and low functionality, so the former configuration justifies it. Sufficient cost performance can be obtained for checking.
<実施形態4 ハードウエア構成>
 実施形態4のハードウエア構成の一例は、実施形態1から実施形態3のいずれかに記載のハードウエア構成の例と一致する。したがって、実施形態1から実施形態3のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Embodiment 4 Hardware Configuration>
An example of the hardware configuration of the fourth embodiment corresponds to the example of the hardware configuration described in any one of the first to third embodiments. Therefore, since it has already been described in any one of the first to third embodiments, the description thereof will be omitted in the present embodiment.
<実施形態4 処理の流れ>
 実施形態4の正当性認証起動管理システムの処理の流れの一例は、実施形態1から実施形態3のいずれかに記載の処理の流れの例と一致する。したがって、実施形態1から実施形態3のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Example 4 Processing flow>
An example of the processing flow of the legitimacy authentication activation management system of the fourth embodiment is consistent with the example of the processing flow described in any one of the first to third embodiments. Therefore, since it has already been described in any one of the first to third embodiments, the description thereof will be omitted in the present embodiment.
<実施形態5>
<実施形態5 概要>
 本実施形態における発明は、実施形態1から実施形態4のいずれかに記載の発明の特徴に加えて、MPU配下のハードウエアであるROM内にセキュリティ情報取得部が構成されていることを特徴とする。ここで構成されているとは、その構成を読みだしてメインメモリに展開することで実行可能な状態にあることをいう。 <Embodiment 5>
<Outline of Embodiment 5>
The invention in the present embodiment is characterized in that, in addition to the features of the invention described in any one of the first to fourth embodiments, a security information acquisition unit is configured in a ROM which is hardware under the MPU. To do. The term "configured" here means that the configuration is ready to be executed by reading the configuration and expanding it in the main memory.
<実施形態5 発明の構成>
 図22は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(20201)、正当性認証情報保持部(2202)、正当性チェック部(2203)、起動処理続行中止部(2204)と、からなり、政党制認証情報保持部は耐タンパ性領域(2205)内に保持されており、セキュリティ情報取得部は、MPU配下のハードウエアであるROM内(2206)に構成されている。以下では、実施形態1から実施形態4のいずれかに記載の発明と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 5>
FIG. 22 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (20201), a legitimacy authentication information retention unit (2202), a legitimacy check unit (2203), and a start processing continuation / cancellation unit (2204). The unit is held in the tamper resistance area (2205), and the security information acquisition unit is configured in the ROM (2206), which is the hardware under the MPU. In the following, the description of the configuration common to the invention described in any one of the first to fourth embodiments will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態5 構成の説明>
 前述のように、ROMは読み込みしかできないことから、ROMに記憶した情報は、原則的にはROM自体を交換しない限りは、内容を書き換えられることがない。なおROMの他に演算回路を配置してメインメモリに展開しないでセキュリティ情報取得処理を行うように構成してもよい。この場合に取得されたセキュリティ情報はメインメモリに展開して処理してもよいし、さらに別途演算用にメモリを準備してその場所を使って正当性の認証の演算処理をするように構成してもよい。 <Explanation of Embodiment 5 Configuration>
As described above, since the ROM can only be read, the information stored in the ROM cannot be rewritten in principle unless the ROM itself is replaced. In addition to the ROM, an arithmetic circuit may be arranged so as to perform security information acquisition processing without expanding to the main memory. The security information acquired in this case may be expanded to the main memory for processing, or a separate memory may be prepared for calculation and the location may be used to perform calculation processing for legitimacy authentication. You may.
<実施形態5 ハードウエア構成>
 実施形態5のハードウエア構成の一例は、実施形態1から実施形態4のいずれかに記載のハードウエア構成の例と一致する。したがって、実施形態1から実施形態4のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Embodiment 5 Hardware Configuration>
An example of the hardware configuration of the fifth embodiment corresponds to the example of the hardware configuration described in any one of the first to fourth embodiments. Therefore, since it has already been described in any one of the first to fourth embodiments, the description thereof will be omitted in the present embodiment.
<実施形態5 処理の流れ>
 実施形態5の正当性認証起動管理システムの処理の流れの一例は、実施形態1から実施形態4のいずれかに記載の処理の流れの例と一致する。したがって、実施形態1から実施形態4のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Example 5 Processing flow>
An example of the processing flow of the legitimacy authentication activation management system of the fifth embodiment is consistent with the example of the processing flow described in any one of the first to fourth embodiments. Therefore, since it has already been described in any one of the first to fourth embodiments, the description thereof will be omitted in the present embodiment.
<実施形態6>
<実施形態6 概要>
 本実施形態における発明は、実施形態4又は実施形態4を基礎とする実施形態5に記載の発明の特徴に加えて、正当性チェック部がROM内に構成されており、セキュリティ情報を耐タンパ性領域内の正当性認証情報保持部に送信し、その返信内容に応じて正当性を認証することを特徴とする。ここで正当性チェック部がROM内に構成されているとは前述と同様に、その構成を読みだしてメインメモリに展開することで実行可能な状態にあることをいう。なおROMの他に演算回路を配置してメインメモリに展開しないで正当性チェック処理を行うように構成してもよい。この場合に取得された正当性認証情報と取得したセキュリティ情報はメインメモリに展開して処理してもよいし、さらに別途演算用にメモリを準備してその場所を使って正当性の認証の演算処理をするように構成してもよい。 <Embodiment 6>
<Outline of Embodiment 6>
In the invention of the present embodiment, in addition to the features of the invention described in the fourth embodiment or the fifth embodiment based on the fourth embodiment, the validity check unit is configured in the ROM, and the security information is tamper resistant. It is characterized in that it is transmitted to the legitimacy authentication information holding unit in the area and the legitimacy is authenticated according to the reply content. Here, the fact that the validity check unit is configured in the ROM means that the configuration can be read and expanded in the main memory in the same manner as described above. In addition to the ROM, an arithmetic circuit may be arranged so as to perform the validity check process without expanding to the main memory. The legitimacy authentication information acquired in this case and the acquired security information may be expanded to the main memory for processing, or a memory may be separately prepared for calculation and the location may be used for the legitimacy authentication calculation. It may be configured to perform processing.
<実施形態6 発明の構成>
 図23は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(2301)、正当性認証情報保持部(2302)、正当性チェック部(2303)、起動処理続行中止部(2304)と、からなり、正当性認証情報保持部は耐タンパ領域内に正当性認証情報を保持しており(2305)、かつ、正当性チェック部がROM内(2306)に構成されている。以下では、実施形態4又は実施形態4を基礎とする実施形態5に記載の発明と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 6 Invention>
FIG. 23 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2301), a legitimacy authentication information holding unit (2302), a validity checking unit (2303), and a start processing continuation / stopping unit (2304). The unit holds the validity authentication information in the tamper-resistant area (2305), and the validity check unit is configured in the ROM (2306). In the following, the description of the configuration common to the invention described in the fourth embodiment or the fifth embodiment based on the fourth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態6 ハードウエア構成>
 実施形態6のハードウエア構成の一例は、実施形態4又は実施形態4を基礎とする実施形態5に記載のハードウエア構成の例と一致する。したがって、実施形態4又は実施形態4を基礎とする実施形態5において既に説明済みであることから、本実施形態では説明を省略する。 <Embodiment 6 Hardware Configuration>
An example of the hardware configuration of the sixth embodiment is consistent with the example of the hardware configuration described in the fourth embodiment or the fifth embodiment based on the fourth embodiment. Therefore, since the description has already been given in the fourth embodiment or the fifth embodiment based on the fourth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態6 処理の流れ>
 実施形態6の正当性認証起動管理システムの処理の流れの一例は、実施形態4又は実施形態4を基礎とする実施形態5に記載の処理の流れの例と一致する。したがって、実施形態4又は実施形態4を基礎とする実施形態5において既に説明済みであることから、本実施形態では説明を省略する。 <Example 6 Processing flow>
An example of the processing flow of the legitimacy authentication activation management system of the sixth embodiment is consistent with the example of the processing flow described in the fourth embodiment or the fifth embodiment based on the fourth embodiment. Therefore, since the description has already been given in the fourth embodiment or the fifth embodiment based on the fourth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態7>
<実施形態7 概要>
 本実施形態における発明は、実施形態5または実施形態5を基礎とする実施形態6に記載の発明の特徴に加えて、セキュリティ情報取得部が構成されているROMが耐タンパ性を有することを特徴とする発明である。 <Embodiment 7>
<Outline of Embodiment 7>
The invention in the present embodiment is characterized in that, in addition to the features of the invention described in the fifth embodiment or the sixth embodiment based on the fifth embodiment, the ROM in which the security information acquisition unit is configured has tamper resistance. It is an invention.
<実施形態7 発明の構成>
 図24は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(2401)、正当性認証情報保持部(2402)、正当性チェック部(2403)、起動処理続行中止部(2404)と、からなり、正当性認証情報保持部は耐タンパ領域内に正当性認証情報を保持しており(2405)、正当性チェック部がROM内に存在しており(2406)、セキュリティ情報取得部は、MPU配下のハードウエアであるROM内(2407)に構成されており、かつ耐タンパ性領域(2408)である。以下では、実施形態5又は実施形態5を基礎とする実施形態6のいずれかに記載の発明と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 7>
FIG. 24 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2401), a legitimacy authentication information holding unit (2402), a legitimacy checking unit (2403), and a start processing continuation / stopping unit (2404). The unit holds the validity authentication information in the anti-tamper area (2405), the validity check part exists in the ROM (2406), and the security information acquisition part is the ROM which is the hardware under the MPU. It is configured in (2407) and is a tamper resistant region (2408). In the following, the description of the configuration common to the invention described in either the fifth embodiment or the sixth embodiment based on the fifth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態7 ハードウエア構成>
 実施形態7のハードウエア構成の一例は、実施形態5又は実施形態5を基礎とする実施形態6に記載のハードウエア構成の例と一致する。したがって、実施形態5又は実施形態5を基礎とする実施形態6のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Embodiment 7 Hardware Configuration>
An example of the hardware configuration of the seventh embodiment is consistent with the example of the hardware configuration of the fifth embodiment or the sixth embodiment based on the fifth embodiment. Therefore, since the description has already been given in either the fifth embodiment or the sixth embodiment based on the fifth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態7 処理の流れ>
 実施形態7の正当性認証起動管理システムの処理の流れの一例は、実施形態5又は実施形態5を基礎とする実施形態6のいずれかに記載の処理の流れの例と一致する。したがって、実施形態5又は実施形態5を基礎とする実施形態6のいずれかにおいて既に説明済みであることから、本実施形態では説明を省略する。 <Example 7 Processing flow>
An example of the processing flow of the legitimacy authentication activation management system of the seventh embodiment is consistent with the example of the processing flow described in either the fifth embodiment or the sixth embodiment based on the fifth embodiment. Therefore, since the description has already been given in either the fifth embodiment or the sixth embodiment based on the fifth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態8>
<実施形態8 概要>
 本実施形態における発明は、実施形態6又は実施形態6を基礎とする実施形態7に記載の発明の特徴に加えて、正当性チェック部が構成されているROMが耐タンパ性を有することを特徴とする発明である。 <Embodiment 8>
<Outline of Embodiment 8>
The invention in the present embodiment is characterized in that, in addition to the features of the invention described in the sixth embodiment or the seventh embodiment based on the sixth embodiment, the ROM in which the validity check unit is configured has tamper resistance. It is an invention.
<実施形態8 発明の構成>
 図25は本実施形態における正当性認証管理システムの最も基本的な構成の一例を示す機能ブロック図である。図に示す様に、セキュリティ情報取得部(2501)、正当性認証情報保持部(2502)、正当性チェック部(2503)、起動処理続行中止部(2504)と、からなり、正当性認証情報保持部は耐タンパ領域内に正当性認証情報を保持しておりる(2505)、正当性チェック部がROM内(2506)に存在しており、かつ正当性チェック部が構成されているROMが耐タンパ性(2507)を有する。以下では、実施形態6又は実施形態6に従属する実施形態7に記載の発明と共通の構成についての説明は省略し、本実施形態に特徴的な構成についてのみ説明する。 <Structure of Embodiment 8>
FIG. 25 is a functional block diagram showing an example of the most basic configuration of the legitimacy authentication management system according to the present embodiment. As shown in the figure, it consists of a security information acquisition unit (2501), a validity authentication information holding unit (2502), a validity checking unit (2503), and a start processing continuation / cancellation unit (2504). The unit holds the validity authentication information in the tamper-resistant area (2505), the validity check part exists in the ROM (2506), and the ROM in which the validity check part is configured is resistant. It has tamper properties (2507). In the following, the description of the configuration common to the invention described in the sixth embodiment or the seventh embodiment subordinate to the sixth embodiment will be omitted, and only the configuration characteristic of the present embodiment will be described.
<実施形態8 ハードウエア構成>
 実施形態8のハードウエア構成の一例は、実施形態6又は実施形態6を基礎とする実施形態7に記載のハードウエア構成の例と一致する。したがって、実施形態6又は実施形態6を基礎とする実施形態7において既に説明済みであることから、本実施形態では説明を省略する。 <Embodiment 8 Hardware Configuration>
An example of the hardware configuration of the eighth embodiment is consistent with the example of the hardware configuration of the sixth embodiment or the seventh embodiment based on the sixth embodiment. Therefore, since the description has already been given in the sixth embodiment or the seventh embodiment based on the sixth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態8 処理の流れ>
 実施形態8の正当性認証起動管理システムの処理の流れの一例は、実施形態6又は実施形態6の基礎とする実施形態7に記載の処理の流れの例と一致する。したがって、実施形態6又は実施形態6を基礎とする実施形態7において既に説明済みであることから、本実施形態では説明を省略する。 <Example 8 Processing flow>
An example of the processing flow of the legitimacy authentication activation management system of the eighth embodiment is consistent with the example of the processing flow described in the sixth embodiment or the seventh embodiment on which the sixth embodiment is based. Therefore, since the description has already been given in the sixth embodiment or the seventh embodiment based on the sixth embodiment, the description thereof will be omitted in the present embodiment.
<実施形態9>
<実施形態9 概要>
 本実施形態は、正当性認証起動管理システムの動作方法に関するものである。 <Embodiment 9>
<Outline of Embodiment 9>
The present embodiment relates to an operation method of a legitimacy authentication activation management system.
<実施形態9 発明の構成>
 図5は、本実施形態における正当性認証起動管理システムの動作方法の構成の一例を示す図である。図に示す様に、正当性認証起動管理システムの動作方法は、セキュリティ情報取得ステップ(0501)、正当性チェックステップ(0502)、セキュリティ情報正当性判断ステップ(0503)、判断ステップの結果に応じて、起動処理続行中止スッテプ(0504)又は起動処理続行ステップ(0505)のいずれかのステップを選択するように構成されている。 <Structure of Embodiment 9>
FIG. 5 is a diagram showing an example of the configuration of the operation method of the legitimacy authentication activation management system in the present embodiment. As shown in the figure, the operation method of the validity authentication activation management system depends on the results of the security information acquisition step (0501), the validity check step (0502), the security information validity judgment step (0503), and the judgment step. , The start processing continuation stop step (0504) or the start processing continuation step (0505) is configured to be selected.
<実施形態9 構成の説明>
 各ステップで行われる処理は、実施形態1から実施形態3のいずれか一に記載の処理の流れにおいて説明済みであり、さらに詳細な働きについては、実施形態1から実施形態3において各処理を行う構成部の説明として説明済みであることから、本実施形態では説明を省略する。 <Explanation of the configuration of Embodiment 9>
The process performed in each step has already been described in the flow of the process described in any one of the first to third embodiments, and for more detailed functions, each process is performed in the first to third embodiments. Since the description has already been given as the description of the configuration part, the description will be omitted in the present embodiment.
<実施形態10>
<実施形態10 概要>
 本実施形態は、正当性認証起動管理システムの動作プログラムに関するものである。 <Embodiment 10>
<Outline of Embodiment 10>
The present embodiment relates to an operation program of the validity authentication activation management system.
<実施形態10 発明の構成>
 図5は、本実施形態における正当性認証起動管理システムの動作プログラムの構成の一例を示す図である。図に示す様に、正当性認証起動管理システムの動作プログラムは、セキュリティ情報取得ステップ(0501)、正当性チェックステップ(0502)、セキュリティ情報正当性判断ステップ(0503)、判断ステップの結果に応じて、起動処理続行中止スッテプ(0504)又は起動処理続行ステップ(0505)のいずれかのステップを選択するように構成されている。 <Structure of Embodiment 10 Invention>
FIG. 5 is a diagram showing an example of the configuration of the operation program of the validity authentication activation management system in the present embodiment. As shown in the figure, the operation program of the legitimacy authentication activation management system depends on the results of the security information acquisition step (0501), the legitimacy check step (0502), the security information legitimacy determination step (0503), and the determination step. , The start processing continuation stop step (0504) or the start processing continuation step (0505) is configured to be selected.
<実施形態10 構成の説明>
 各ステップで行われる処理を実行するプログラムは、セキュリティ情報取得プログラム、正当性チェックプログラム、起動処理続行中止プログラムである。各プログラムの働きについては、実施形態1から実施形態3のいずれか一に記載のハードウエア構成において説明済みであり、さらに詳細な働きについては、実施形態1から実施形態3において各処理を行う構成部の説明として説明済みであることから、本実施形態では説明を省略する。 <Explanation of Embodiment 10 Configuration>
The program that executes the processing performed in each step is a security information acquisition program, a validity check program, and a start processing continuation / cancellation program. The function of each program has already been described in the hardware configuration described in any one of the first to third embodiments, and more detailed functions are described in the configuration in which each process is performed in the first to third embodiments. Since it has already been explained as a description of the part, the description will be omitted in the present embodiment.
0100 マザーボード
0101 アンノウン
0201 セキュリティ情報取得部
0202 正当性認証情報保持部
0203 正当性チェック部
0204 起動処理続行中止部 0100 Motherboard 0101 Unknown 0201 Security information acquisition unit 0202 Legitimacy authentication information holding unit 0203 Legitimacy check unit 0204 Start processing continuation Cancellation unit

Claims (12)

  1.  コンピュータの立上時でシステム起動前に当該コンピュータの直接的又は/及び間接的にMPU配下(以下「直接的又は/及び間接的にMPU配下」を単に「MPU配下」という。)で利用可能とするチェック対象領域のハードウエアのセキュリティ情報を取得するセキュリティ情報取得部と、
     コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を保持する正当性認証情報保持部と、
     取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、ハードウエアの正当性をチェックする正当性チェック部と、
     正当性チェック部でのチェック結果がチェック対象領域内で全てのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理を続行させない起動処理続行中止部と、
     を有する正当性認証起動管理システム。     When a computer is started up and before the system is started, it can be used directly or indirectly under the MPU (hereinafter, "directly or indirectly under the MPU" is simply referred to as "under the MPU"). The security information acquisition unit that acquires the security information of the hardware in the area to be checked,
    The legitimacy authentication information holding unit that holds the legitimacy authentication information, which is the information for authenticating the legitimacy of the hardware under the MPU of the computer,
    A legitimacy check unit that checks the legitimacy of hardware using the acquired security information and the retained legitimacy authentication information.
    If the check result in the validity check section is a check result that all hardware is valid in the check target area, the system startup process is continued and all hardware in the check target area is valid. If it is not the check result that there is, the system startup process is not continued.
    A legitimacy authentication activation management system that has.
  2.  コンピュータのMPU配下で利用可能とするチェック対象領域内で全てのハードウエアのセキュリティ情報を記録したROMからなるセキュリティ情報蓄積部を有し、
     前記セキュリティ情報取得部は、セキュリティ情報蓄積部からセキュリティ情報を取得する請求項1に記載の正当性認証起動管理システム。     It has a security information storage unit consisting of a ROM that records security information of all hardware within the check target area that can be used under the MPU of the computer.
    The legitimacy authentication activation management system according to claim 1, wherein the security information acquisition unit acquires security information from the security information storage unit.
  3.  コンピュータの立上時でシステム起動前に当該コンピュータのMPUの立上によって得られる当該MPU配下で利用可能とするチェック対象領域内ですべてのハードウエアのセキュリティ情報に基づいたセキュリティ情報である立上時セキュリティ情報を取得する立上時セキュリティ情報取得部を有し、
     前記正当性チェック部は、
     前記セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、立上時セキュリティ情報とに基づいて立上時セキュリティ情報の正当性をチェックする立上時正当性チェック手段を有する請求項2に記載の正当性認証起動管理システム。     Security information based on the security information of all hardware within the check target area that can be used under the MPU obtained by starting the MPU of the computer before the system starts at the time of startup of the computer. It has a startup security information acquisition department that acquires security information.
    The validity check unit
    The legitimacy according to claim 2, which has a startup legitimacy checking means for checking the validity of the startup security information based on the security information stored in the security information storage unit and the startup security information. Gender authentication activation management system.
  4.  セキュリティ情報蓄積部に蓄積されているセキュリティ情報と、正当性認証情報保持部に保持されている正当性認証情報とを用いて蓄積されているセキュリティ情報の真正性をチェックする蓄積セキュリティ情報真正性判断部をさらに有する請求項2又は請求項3に記載の正当性認証起動管理システム。 Accumulated security information authenticity judgment that checks the authenticity of the accumulated security information using the security information stored in the security information storage unit and the legitimacy authentication information stored in the legitimacy authentication information holding unit. The legitimacy authentication activation management system according to claim 2 or 3, further comprising a unit.
  5.  蓄積セキュリティ情報真正性判断部での判断結果が真正でないとの判断結果である場合には、セキュリティ情報取得部は、セキュリティ情報蓄積部からセキュリティ情報を取得しないように制御する取得制限部をさらに有する請求項4に記載の正当性認証起動管理システム。 If the judgment result of the stored security information authenticity judgment unit is not genuine, the security information acquisition unit further has an acquisition restriction unit that controls not to acquire the security information from the security information storage unit. The legitimacy authentication activation management system according to claim 4.
  6.  正当性認証情報保持部は、耐タンパ性領域内に正当性認証情報を保持する請求項1から請求項5のいずれか一に記載の正当性認証起動管理システム。 The legitimacy authentication information holding unit is the legitimacy authentication activation management system according to any one of claims 1 to 5, which retains the legitimacy authentication information in the tamper resistance area.
  7.  セキュリティ情報取得部は、MPU配下で利用可能なハードウエアであるROM内に構成されている請求項1から請求項6のいずれか一に記載の正当性認証起動管理システム。 The security information acquisition unit is the legitimacy authentication activation management system according to any one of claims 1 to 6, which is configured in a ROM which is hardware that can be used under the MPU.
  8.  正当性チェック部は、MPU配下のハードウエアであるROM内に構成されており、セキュリティ情報を耐タンパ性領域内の正当性認証情報保持部に送信し、その返信の内容に応じて正当性を認証する請求項6又は請求項6に従属する請求項7に記載の正当性認証起動管理システム。 The validity check unit is configured in the ROM, which is the hardware under the MPU, and sends security information to the validity authentication information holding unit in the tamper resistance area, and the validity is determined according to the content of the reply. The legitimacy authentication activation management system according to claim 6 or claim 7, which is subordinate to claim 6.
  9.  セキュリティ情報取得部が構成されているROMは耐タンパ性を有する請求項7又は請求項7に従属する請求項8に記載の正当性認証起動管理システム。 The legitimacy authentication activation management system according to claim 7, wherein the ROM in which the security information acquisition unit is configured has tamper resistance and is subordinate to claim 7.
  10.  正当性チェック部が構成されているROMは耐タンパ性を有する請求項8又は請求項8に従属する請求項9に記載の正当性認証起動管理システム。 The legitimacy authentication activation management system according to claim 8, wherein the ROM in which the legitimacy check unit is configured has tamper resistance and is subordinate to claim 8.
  11.  コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を各ハードウエアに対応して保持する正当性認証情報保持部、
     を有する正当性認証起動管理システムの動作方法であって、
     コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアからセキュリティ情報を取得するセキュリティ情報取得ステップと、
     取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、各ハードウエアの正当性をチェックする正当性チェックステップと、
     正当性チェック部でのチェック結果がチェック対象領域内ですべてのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理に移行させない起動処理続行中止ステップと、
     を有する正当性認証起動管理システムの動作方法。     The legitimacy authentication information holding unit that holds the legitimacy authentication information corresponding to each hardware, which is the information for authenticating the legitimacy of the hardware under the MPU of the computer.
    It is the operation method of the legitimacy authentication activation management system that has
    The security information acquisition step to acquire security information from the hardware under the MPU of the computer at the time of computer startup and before system startup,
    A legitimacy check step that checks the legitimacy of each hardware using the acquired security information and the retained legitimacy authentication information,
    If the check result in the validity check section is a check result that all hardware is valid in the check target area, the system boot process is continued and all hardware in the check target area is valid. If it is not the check result that there is, it does not shift to the system startup process.
    How to operate the legitimacy authentication activation management system that has.
  12.  コンピュータのMPU配下のハードウエアの正当性を認証するための情報である正当性認証情報を各ハードウエアに対応して保持する正当性認証情報保持部、
     を有する正当性認証起動管理システムの動作プログラムであって、
     コンピュータの立上時でシステム起動前に当該コンピュータのMPU配下のハードウエアからセキュリティ情報を取得するセキュリティ情報取得ステップと、
     取得したセキュリティ情報と、保持されている正当性認証情報とを用いて、各ハードウエアの正当性をチェックする正当性チェックステップと、
     正当性チェック部でのチェック結果がチェック対象領域内ですべてのハードウエアについて正当であるとのチェック結果である場合にシステムの起動処理を続行させ、チェック対象領域内で全てのハードウエアについて正当であるとのチェック結果でない場合にはシステムの起動処理に移行させない起動処理続行中止ステップと、
     を有する正当性認証起動管理システムの動作プログラム。     The legitimacy authentication information holding unit that holds the legitimacy authentication information corresponding to each hardware, which is the information for authenticating the legitimacy of the hardware under the MPU of the computer.
    It is an operation program of the legitimacy authentication activation management system that has
    The security information acquisition step to acquire security information from the hardware under the MPU of the computer at the time of computer startup and before system startup,
    A legitimacy check step that checks the legitimacy of each hardware using the acquired security information and the retained legitimacy authentication information,
    If the check result in the validity check section is a check result that all hardware is valid in the check target area, the system boot process is continued and all hardware in the check target area is valid. If it is not the check result that there is, it does not shift to the system startup process.
    The operation program of the legitimacy authentication activation management system that has.
PCT/JP2019/009669 2019-03-11 2019-03-11 Validity authentication activation management system WO2020183562A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2019/009669 WO2020183562A1 (en) 2019-03-11 2019-03-11 Validity authentication activation management system
JP2019518583A JP6564549B1 (en) 2019-03-11 2019-03-11 Validity authentication activation management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/009669 WO2020183562A1 (en) 2019-03-11 2019-03-11 Validity authentication activation management system

Publications (1)

Publication Number Publication Date
WO2020183562A1 true WO2020183562A1 (en) 2020-09-17

Family

ID=67692196

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/009669 WO2020183562A1 (en) 2019-03-11 2019-03-11 Validity authentication activation management system

Country Status (2)

Country Link
JP (1) JP6564549B1 (en)
WO (1) WO2020183562A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003507785A (en) * 1999-08-13 2003-02-25 ヒューレット・パッカード・カンパニー Computer platform and its operation method
JP2007026442A (en) * 2005-07-12 2007-02-01 Internatl Business Mach Corp <Ibm> Method, apparatus and computer program for establishing virtual endorsement credential for dynamically generated endorsement key in trusted computing platform
JP2008217580A (en) * 2007-03-06 2008-09-18 Fujitsu Ltd State display control device
JP2012008641A (en) * 2010-06-22 2012-01-12 Toshiba Tec Corp Security device and information processing device
US20150019852A1 (en) * 2013-07-12 2015-01-15 International Games System Co., Ltd. Verification method for system execution environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008235504A (en) * 2007-03-20 2008-10-02 Mitsubishi Electric Corp Assembly inspection device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003507785A (en) * 1999-08-13 2003-02-25 ヒューレット・パッカード・カンパニー Computer platform and its operation method
JP2007026442A (en) * 2005-07-12 2007-02-01 Internatl Business Mach Corp <Ibm> Method, apparatus and computer program for establishing virtual endorsement credential for dynamically generated endorsement key in trusted computing platform
JP2008217580A (en) * 2007-03-06 2008-09-18 Fujitsu Ltd State display control device
JP2012008641A (en) * 2010-06-22 2012-01-12 Toshiba Tec Corp Security device and information processing device
US20150019852A1 (en) * 2013-07-12 2015-01-15 International Games System Co., Ltd. Verification method for system execution environment

Also Published As

Publication number Publication date
JP6564549B1 (en) 2019-08-21
JPWO2020183562A1 (en) 2021-03-18

Similar Documents

Publication Publication Date Title
US11741230B2 (en) Technologies for secure hardware and software attestation for trusted I/O
US7917741B2 (en) Enhancing security of a system via access by an embedded controller to a secure storage device
US5844986A (en) Secure BIOS
JP5512610B2 (en) Method, system, and machine-readable storage medium for permitting or blocking access to memory from non-firmware agent
US7464256B2 (en) Bios protection device preventing execution of a boot program stored in the bios memory until the boot program is authenticated
US20050021968A1 (en) Method for performing a trusted firmware/bios update
US8898797B2 (en) Secure option ROM firmware updates
US9262631B2 (en) Embedded device and control method thereof
JP2015222474A (en) Method, computer program and computer for repairing variable set
TWI423064B (en) A method and apparatus for coupling a computer memory and a motherboard
CN113190880B (en) Determining whether to perform an action on a computing device based on analysis of endorsement information of a security co-processor
JPWO2008068908A1 (en) Information processing apparatus and information management program
WO2020183562A1 (en) Validity authentication activation management system
WO2007098642A1 (en) MECHANlSM FOR ACCESS CONTROL OF COMPUTING SYSTEM IN PRE-OS STAGE
CN115906046A (en) Trusted computing system and measurement method based on trusted computing system
US20040083379A1 (en) Data processing system and method
US12019752B2 (en) Security dominion of computing device
KR102369874B1 (en) A system for remote attestation, os deployment server, attestation target device and method for updating operating system and integrity information simultaneously
JP5295156B2 (en) Information processing apparatus and software unauthorized use prevention method
JP2008293468A (en) Method for manufacturing motherboard
AU2012245181B2 (en) Bios protection device
CN117873800A (en) Security detection method and device for server component, server and medium

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2019518583

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19919160

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19919160

Country of ref document: EP

Kind code of ref document: A1