TAMPERING MONITORING SYSTEM, MANAGEMENT DEVICE, PROTECTION CONTROL MODULE, AND DETECTION MODULE
First Claim
1. A tampering monitoring system including:
- a protection control module for protecting an application program;
a plurality of detection modules for monitoring tampering of the protection control module; and
a management device,the management device comprising;
a key share generation unit configured to generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and
an output unit configured to output each of the key shares to a different one of the detection modules,the detection modules configured to acquire and store therein the key shares, andthe protection control module comprising;
an acquisition unit configured to acquire the key shares from the detection modules;
a reconstruction unit configured to reconstruct the decryption key by composing the key shares acquired by the acquisition unit;
a decryption unit configured to decrypt the encrypted application program, with use of the decryption key reconstructed by the reconstruction unit; and
a deletion unit configured to delete the decryption key, after the decryption by the decryption unit is completed.
1 Assignment
0 Petitions
Accused Products
Abstract
A management device 200d comprises: a key share generation unit 251d generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit 252d outputting each of the key shares to a different one of a plurality of detection modules. The detection modules acquire and store therein the key shares. The protection control module 120d comprises: an acquisition unit 381d acquiring the key shares from the detection modules; a reconstruction unit 382d reconstructing the decryption key by composing the key shares; a decryption unit 383d decrypting the encrypted application program with use of the decryption key; and a deletion unit 384d deleting the decryption key, after the decryption by the decryption unit is completed.
61 Citations
68 Claims
-
1. A tampering monitoring system including:
- a protection control module for protecting an application program;
a plurality of detection modules for monitoring tampering of the protection control module; and
a management device,the management device comprising; a key share generation unit configured to generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit configured to output each of the key shares to a different one of the detection modules, the detection modules configured to acquire and store therein the key shares, and the protection control module comprising; an acquisition unit configured to acquire the key shares from the detection modules; a reconstruction unit configured to reconstruct the decryption key by composing the key shares acquired by the acquisition unit; a decryption unit configured to decrypt the encrypted application program, with use of the decryption key reconstructed by the reconstruction unit; and a deletion unit configured to delete the decryption key, after the decryption by the decryption unit is completed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- a protection control module for protecting an application program;
-
22. A management device for managing:
- a protection control module for protecting an application program; and
a plurality of detection modules for monitoring tampering of the protection control module, the management device comprising;a key share generation unit configured to generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit configured to output each of the key shares to a different one of the detection modules. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- a protection control module for protecting an application program; and
-
31. A protection control module for protecting an application program, tampering of the protection control module being monitored by a plurality of detection modules,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, the detection modules acquiring and storing therein the key shares, and the protection control module comprising: -
an acquisition unit configured to acquire the key shares from the detection modules; a reconstruction unit configured to reconstruct the decryption key by composing the key shares acquired by the acquisition unit; a decryption unit configured to decrypt the encrypted application program, with use of the decryption key reconstructed by the reconstruction unit; and a deletion unit configured to delete the decryption key, after the decryption by the decryption unit is completed. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. One of a plurality of detection modules for monitoring tampering of a protection control module that is for protecting an application program,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, and the detection module comprising: -
an acquisition unit configured to acquire the key share; a storage unit configured to store therein the key share; and an output unit configured to output the key share to the protection control module. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A control method used in a management device for managing:
- a protection control module for protecting an application program; and
a plurality of detection modules for monitoring tampering of the protection control module, the control method comprising the steps of;generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and outputting each of the key shares to a different one of the detection modules.
- a protection control module for protecting an application program; and
-
58. A computer-readable recording medium storing thereon a control computer program used in a management device for managing:
- a protection control module for protecting an application program; and
a plurality of detection modules for monitoring tampering of the protection control module, the management device being a computer, the control computer program causing the management device to perform the steps of;generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and outputting each of the key shares to a different one of the detection modules.
- a protection control module for protecting an application program; and
-
59. A control computer program used in a management device for managing:
- a protection control module for protecting an application program; and
a plurality of detection modules for monitoring tampering of the protection control module, the management device being a computer, the control computer program causing the management device to perform the steps of;generating a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and outputting each of the key shares to a different one of the detection modules.
- a protection control module for protecting an application program; and
-
60. An integrated circuit constituting a management device for managing:
- a protection control module for protecting an application program; and
a plurality of detection modules for monitoring tampering of the protection control module, the integrated circuit comprising;a key share generation unit configured to generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and an output unit configured to output each of the key shares to a different one of the detection modules.
- a protection control module for protecting an application program; and
-
61. A control method used in a protection control module for protecting an application program, tampering of the protection control module being monitored by a plurality of detection modules,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, the detection modules acquiring and storing therein the key shares, and the control method comprising the steps of: -
acquiring the key shares from the detection modules; reconstructing the decryption key by composing the key shares acquired in the acquiring step; decrypting the encrypted application program, with use of the decryption key reconstructed by the reconstructing step; and deleting the decryption key, after the decryption in the decrypting step is completed.
-
-
62. A computer-readable recording medium storing thereon a control computer program used in a protection control module for protecting an application program, tampering of the protection control module being monitored by a plurality of detection modules, the protection control module being a computer,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, the detection modules acquiring and storing therein the key shares, and the control computer program causing the protection control module to perform the steps of: -
acquiring the key shares from the detection modules; reconstructing the decryption key by composing the key shares acquired in the acquiring step; decrypting the encrypted application program, with use of the decryption key reconstructed by the reconstructing step; and deleting the decryption key, after the decryption in the decrypting step is completed.
-
-
63. A control computer program used in a protection control module for protecting an application program, tampering of the protection control module being monitored by a plurality of detection modules, the protection control module being a computer,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, the detection modules acquiring and storing therein the key shares, and the control computer program causing the protection control module to perform the steps of: -
acquiring the key shares from the detection modules; reconstructing the decryption key by composing the key shares acquired in the acquiring step; decrypting the encrypted application program, with use of the decryption key reconstructed by the reconstructing step; and deleting the decryption key, after the decryption in the decrypting step is completed.
-
-
64. An integrated circuit constituting a protection control module for protecting an application program, tampering of the protection control module being monitored by a plurality of detection modules,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, the detection modules acquiring and storing therein the key shares, and the integrated circuit comprising: -
an acquisition unit configured to acquire the key shares from the detection modules; a reconstruction unit configured to reconstruct the decryption key by composing the key shares acquired by the acquisition unit; a decryption unit configured to decrypt the encrypted application program, with use of the decryption key reconstructed by the reconstruction unit; and a deletion unit configured to delete the decryption key, after the decryption by the decryption unit is completed.
-
-
65. A method used in one of a plurality of detection modules for monitoring tampering of a protection control module that is for protecting an application program,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, and the method comprising the steps of: -
acquiring the key share; storing the key share; and outputting the key share to the protection control module.
-
-
66. A computer-readable recording medium storing thereon a computer program used in one of a plurality of detection modules for monitoring tampering of a protection control module that is for protecting an application program, the detection module being a computer,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, and the computer program causing the detection module to perform the steps of: -
acquiring the key share; storing the key share; and outputting the key share to the protection control module.
-
-
67. A computer program used in one of a plurality of detection modules for monitoring tampering of a protection control module that is for protecting an application program, the detection module being a computer,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, and the computer program causing the detection module to perform the steps of: -
acquiring the key share; storing the key share; and outputting the key share to the protection control module.
-
-
68. An integrated circuit constituting one of a plurality of detection modules for monitoring tampering of a protection control module that is for protecting an application program,
a plurality of key shares being generated as a result of a decryption key being decomposed by a management device, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program, each of the key shares thus generated being output by the management device to a different one of the detection modules, and the integrated circuit comprising: -
an acquisition unit configured to acquire the key share; a storage unit configured to store therein the key share; and an output unit configured to output the key share to the protection control module.
-
Specification