Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

US 20040123122A1
Filed: 07/31/2003
Published: 06/24/2004
Est. Priority Date: 08/01/2002
Status: Active Grant

First Claim

Patent Images

1. An encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:

a storing unit operable to store therein the program as a plurality of partial programs having been encrypted;

a memory location information generating unit operable to generate, for each of the partial programs, memory location information including (i) timing information indicating a timing of decryption and (ii) positional information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;

a decrypting unit operable to sequentially read, from the storing unit, and decrypt the partial programs according to the timing information; and

a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the positional information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encrypted-data decrypting apparatus that provides enhanced security protection for programs and data while they are in the processes of decryption to execution after having been encrypted. When a decrypted partial program needs to be loaded into the shared memory M, the controlling unit 11 loads it into an area indicated by the memory location information. According to the memory location information, a plurality of partial programs are sequentially loaded into an area so that one partial program gets overwritten by another; therefore, none of the partial programs exists in the memory for a long time, and thus there is less possibility of having the partial programs referred to illegitimately. In addition, since every time some data is decrypted, the decryption support program authenticating unit 13 confirms authenticity of the decryption support program P, it is possible to prevent having illegitimate references in which the decryption support program is abused.

39 Citations

View as Search Results

25 Claims

1. An encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:
- a storing unit operable to store therein the program as a plurality of partial programs having been encrypted;
  
  a memory location information generating unit operable to generate, for each of the partial programs, memory location information including (i) timing information indicating a timing of decryption and (ii) positional information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting unit operable to sequentially read, from the storing unit, and decrypt the partial programs according to the timing information; and
  
  a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the positional information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The encrypted-data decrypting apparatus of claim 1, wherein the positional information indicates, with respect to each of at least one of the partial programs, that one partial program gets overwritten into a location area where one or more other partial programs have already been located before the one partial program gets decrypted.
  - 3. The encrypted-data decrypting apparatus of claim 1, wherein the positional information is stored after being encrypted, and the loading unit decrypts the positional information so that each of the decrypted partial programs gets located into each location area according to the decrypted positional information.
  - 4. The encrypted-data decrypting apparatus of claim 2, wherein at a time of locating each partial program into a location area, when a size of the location area is larger than a size of the partial program, the loading unit writes dummy data into a space area, which is a portion of the location area that has not been overwritten because of a difference between the sizes.
  - 5. The encrypted-data decrypting apparatus of claim 1, wherein when a predetermined length of time elapses after one partial program located into a location area finishes being executed before another partial program gets located into the location area, the loading unit deletes the one partial program.
  - 6. The encrypted-data decrypting apparatus of claim 1, further comprising a key embedding unit operable to embed into at least one of the partial programs, in advance during a process of program encryption, part or all of an encryption key used in a decryption process of another partial program, wherein the decrypting unit performs the decryption process of this other partial program, using the encryption key embedded in the at least one partial program that has already been decrypted and located in the memory space.
  - 7. The encrypted-data decrypting apparatus of claim 1, further comprising a program embedding unit operable to embed into at least one of the partial programs, in advance during a process of program encryption, an encryption key generating program for generating part or all of an encryption key used in a decryption process of another partial program, wherein the decrypting unit performs the decryption process of this other partial program, using the encryption key generated through execution of the encryption key generating program embedded in the at least one partial program that has already been decrypted and located in the memory space.
  - 8. The encrypted-data decrypting apparatus of claim 1, further comprising an encryption-key-for-a-key embedding unit operable to embed into at least one of the partial programs, in advance during a process of program encryption, an encryption-key-for-a-key that is used to decrypt an encryption key which is to be used in a decryption process of another partial program, wherein the decrypting unit performs the decryption process of this other partial program, using the encryption key decrypted with the encryption-key-for-a-key obtained from the at least one partial program that has already been decrypted and located in the memory space.
  - 9. The encrypted-data decrypting apparatus of claim 1, wherein the loading unit dynamically determines an absolute address of each location area before one of the partial programs that is to be decrypted first gets located into the memory space.
  - 10. The encrypted-data decrypting apparatus of claim 1, wherein the decrypting unit decrypts each partial program with use of a decryption support program, the encrypted-data decrypting apparatus further comprises a decryption program confirming unit operable to confirm authenticity of the decryption support program, and the decrypting unit has the decryption program confirming unit confirm the authenticity of the decryption support program before decrypting each partial program, and decrypts each partial program only after the authenticity is confirmed.
  - 11. The encrypted-data decrypting apparatus of claim 1, further comprising an illegitimate access preventing unit operable to, when detecting an interruption, perform an illegitimate access preventing process by deleting one or more partial programs that are already located in the memory space.
  - 12. The encrypted-data decrypting apparatus of claim 11, wherein the illegitimate access preventing unit has a dummy program executed when performing the illegitimate access preventing process.
  - 13. The encrypted-data decrypting apparatus of claim 11, wherein the illegitimate access preventing unit receives in advance a registration of one or more positions at each of which an interruption for legitimate program checking occurs, and does not perform the illegitimate access preventing process when the detected interruption has occurred at one of the registered positions.
  - 14. The encrypted-data decrypting apparatus of claim 1, further comprising a storing position information storing unit operable to store therein storing position information that has been encrypted and indicates, for each of the partial programs, a storing position in the storing unit, wherein the decrypting unit reads, from the storing unit, and decrypts each of the partial programs according to the storing position information which the decrypting unit has read from the storing position information storing unit and decrypted.
  - 15. The encrypted-data decrypting apparatus of claim 14, further comprising a storing position information authenticating unit operable to judge if the storing position information is authentic, wherein when the storing position information authenticating unit judges affirmatively, the decrypting unit reads, from the storing unit, and decrypts each of the partial programs.

16. An encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:
- a storing unit operable to store therein the program as a plurality of partial programs having been encrypted;
  
  a decrypting unit operable to read one of the partial programs being an execution target from the storing unit and decrypt the read partial program;
  
  a memory location determining unit operable to dynamically determine a location position of the partial program being the execution target, the location position indicating an address in a memory space used for the execution of the program; and
  
  a loading unit operable to locate the decrypted partial program into the location position determined by the memory location determining unit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The encrypted-data decrypting apparatus of claim 16, wherein the memory location determining unit determines a location position for each of at least one of the partial programs, so that one partial program gets overwritten into an area that is included in the memory space and where one or more other partial programs have already been located.
  - 18. The encrypted-data decrypting apparatus of claim 16, further comprising an execution-purpose memory determining unit operable to dynamically determine, before the execution of the program starts, one or both of a start address and a size of the memory space.
  - 19. The encrypted-data decrypting apparatus of the claim 16, wherein when the memory location determining unit determines a location position of a partial program so that the partial program gets overwritten into an area where one or more other partial programs have already been located, the location position is determined so that the partial program overwrites such a partial program that has been located into the memory space earliest.
  - 20. The encrypted-data decrypting apparatus of claim 16, wherein when the memory location determining unit determines a location position of a partial program so that the partial program gets overwritten into an area where one or more other partial programs have already been located, the location position is determined so that the partial program partially or completely extends over two or more other partial programs that have been located.

21. An encrypted-program generating apparatus that encrypts a program that is to be executed on a computer system, the encrypted-program generating apparatus comprising:
- a memory location information generating unit operable to generate, in order to locate the program into a memory space for the execution of the program in units of a plurality of partial programs, memory location information for each of the partial programs, the memory location information including (i) timing information indicating a timing of decryption and (ii) positional information indicating into which location area each partial program is to be located after being decrypted, the location area being included in the memory space; and
  
  a program encrypting unit operable to encrypt the program in units of the plurality of partial programs, wherein the memory location information generating unit determines contents of the memory location information while giving priority to confidentiality so that, with regard to each of at least one of the partial programs, one partial program gets overwritten into a location area where one or more other partial programs have been located before the one partial program gets decrypted.
- View Dependent Claims (22)
- - 22. The encrypted-program generating apparatus of claim 21, wherein before the partial programs are encrypted, the program encrypting unit embeds, into each of at least one of the partial programs, either (a) an encryption key used in a decryption process of another partial program or (b) data required for obtaining the encryption key, and when this other partial program needs to be decrypted, either the encryption key or the encryption key obtained with use of the data is used, the encryption key or the data being obtained from the partial program that has previously been decrypted.

23. An encrypted-data decrypting method for decrypting, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting method comprising:
- a storing step of storing, into a storage device, the program as a plurality of partial programs having been encrypted;
  
  a memory location information generating step of generating, for each of the partial programs, memory location information including (i) timing information indicating a timing of decryption and (ii) positional information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting step of reading, from the storage device, one of the partial programs being an encryption target, and decrypts the read partial program according to the timing information; and
  
  a loading step of locating the decrypted partial program into the location area indicated by the positional information.

24. An encrypted-data decrypting method for decrypting, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting method comprising:
- a decrypting step of reading, from a storing unit that stores therein the program as a plurality of partial programs having been encrypted, one of the partial programs being an execution target and decrypts the read partial program;
  
  a memory location determining step of dynamically determining a location position of the partial program being the execution target, the location position indicating an address in a memory space used for the execution of the program; and
  
  a loading step of locating the decrypted partial program into the location position determined in the memory location determining step.

25. A program that makes a computer operate as an encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:
- a storing unit operable to store therein the program as a plurality of partial programs having encrypted;
  
  a memory location information generating unit operable to generate, for each of the partial programs, memory location information including (i) timing information indicating a timing of decryption and (ii) positional information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting unit operable to sequentially read, from the storing unit, and decrypt the partial programs according to the timing information; and
  
  a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the positional information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Ito, Yoshikatsu, Sato, Taichi, Asai, Rieko, Shoda, Yukie, Matsushima, Hideki, Hirota, Teruto, Abe, Toshihisa

Granted Patent

US 7,228,423 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links