Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

US 7,747,870 B2
Filed: 04/25/2007
Issued: 06/29/2010
Est. Priority Date: 08/01/2002
Status: Active Grant

First Claim

Patent Images

1. An encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:

a storing unit operable to store therein the program as a plurality of partial programs having been encrypted;

a memory location information reading unit operable to read, for each of the partial programs, memory location information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;

a decrypting unit operable to sequentially read and decrypt the partial programs; and

a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the memory location information, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encrypted-data decrypting apparatus that provides enhanced security protection for programs and data while they are in the processes of decryption to execution after having been encrypted. When a decrypted partial program needs to be loaded into the shared memory M, the controlling unit 11 loads it into an area indicated by the memory location information. According to the memory location information, a plurality of partial programs are sequentially loaded into an area so that one partial program gets overwritten by another; therefore, none of the partial programs exists in the memory for a long time, and thus there is less possibility of having the partial programs referred to illegitimately. In addition, since every time some data is decrypted, the decryption support program authenticating unit 13 confirms authenticity of the decryption support program P, it is possible to prevent having illegitimate references in which the decryption support program is abused.

Citations

26 Claims

1. An encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting apparatus comprising:
- a storing unit operable to store therein the program as a plurality of partial programs having been encrypted;
  
  a memory location information reading unit operable to read, for each of the partial programs, memory location information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting unit operable to sequentially read and decrypt the partial programs; and
  
  a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the memory location information, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The encrypted-data decrypting apparatus of claim 1, whereinat least part of the memory location information is stored after being encrypted, andthe loading unit locates each of the decrypted partial programs into each location area after decrypting the encrypted part of the memory location information.
  - 3. The encrypted-data decrypting apparatus of claim 1, whereinat a time of locating each partial program into a location area, when a size of the location area is larger than a size of the partial program, the loading unit writes dummy data into a space area, which is a portion of the location area that has not been overwritten because of a difference between the sizes.
  - 4. The encrypted-data decrypting apparatus of claim 1, whereinafter execution of one partial program located into a location area finishes, if another partial program is not located into the location area, the loading unit deletes the one partial program.
  - 5. The encrypted-data decrypting apparatus of claim 1, whereinthe decrypting unit performs decryption on a partial program, using an encryption key embedded in one or more partial programs that have already been decrypted and located in the memory space, the one or more partial programs being other than the partial program.
  - 6. The encrypted-data decrypting apparatus of claim 1, whereinthe loading unit dynamically determines an absolute address of each location area before one of the partial programs that is to be decrypted first gets located into the memory space.
  - 7. The encrypted-data decrypting apparatus of claim 6, further comprising:
    - a memory location determining unit, whereinthe loading unit includes a memory management information storing unit storing location information indicating locations at which the partial programs have been located, andthe memory location determining unit generates the memory location information based on the location information.
  - 8. The encrypted-data decrypting apparatus of claim 7, whereinthe memory location determining unit generates the memory location information based on a random number generated for each execution of the program.
  - 9. The encrypted-data decrypting apparatus of claim 7, whereinthe memory management information storing unit stores therein sequence information indicating a sequence in which the loading unit has located the partial programs, andthe memory location determining unit generates the memory location information based on the sequence information.
  - 10. The encrypted-data decrypting apparatus of claim 1, whereinthe decrypting unit performs decryption on each partial program with use of a decryption support program, andthe encrypted-data decrypting apparatus further comprising:
    - a decryption program confirming unit operable to confirm authenticity of the decryption support program, andthe decryption unit causes the decryption program confirming unit to confirm the authenticity of the decryption support program before the decryption, and performs the decryption only after the authenticity is confirmed.
  - 11. The encrypted-data decrypting apparatus of claim 1, further comprising:
    - an illegitimate access preventing unit operable to, when detecting an interruption, perform an illegitimate access preventing process by deleting one or more partial programs that are already located in the memory space.
  - 12. The encrypted-data decrypting apparatus of claim 11, wherein the illegitimate access preventing unit has a dummy program executed when performing the illegitimate access preventing process.
  - 13. The encrypted-data decrypting apparatus of claim 1, further comprising:
    - an illegitimate access preventing unit operable to, when detecting an interruption, make a judgment on whether theinterruption has been caused intentionally, and perform an illegitimate access preventing process by deleting one or more partial programs that are already located in the memory space when the judgment is negative.
  - 14. The encrypted-data decrypting apparatus of claim 13, wherein the illegitimate access preventing unit has a dummy program executed when performing the illegitimate access preventing process.
  - 15. The encrypted-data decrypting apparatus of claim 1, further comprising:
    - a storing position information authenticating unit operable to judge whether storing position information indicating, for each of the partial programs, a storing position in the storing unit is authentic, whereinwhen the storing position information authenticating unit judges affirmatively, the decrypting unit reads, from the storing unit, and decrypts each of the partial programs.

16. An encrypted-data decrypting method for decrypting, for a purpose of execution on a computer system, a program that has been encrypted and stored, the encrypted-data decrypting method comprising:
- a memory location information reading step of reading, for each of partial programs stored in a storing unit, memory location information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting step of sequentially reading and decrypting the partial programs; and
  
  a loading step of locating each of the decryptedpartial programs into each location area indicatedby the memory location information, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.

17. A recording medium recording thereon a program that makes a computer operate as an encrypted-data decrypting apparatus that decrypts, for a purpose of execution on a computer system, a program that has been encrypted and stored, whereinthe encrypted-data decrypting apparatus includes:
- a memory location information reading unit operable to read, for each of partial programs stored in a storing unit, memory location information indicating into which location area each partial program is to be located after being decrypted, the location area being included in a memory space used for the execution of the program;
  
  a decrypting unit operable to sequentially read and decrypt the partial programs; and
  
  a loading unit operable to locate each of the decrypted partial programs into each location area indicated by the memory location information, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.
- View Dependent Claims (18, 19)
- - 18. The encrypted-program generation apparatus of claim 17, whereinthe memory location information generating unit dynamically determines an absolute address of each location area before one of the partial programs that is to be decrypted first gets located into the memory space.
  - 19. The encrypted-program generation apparatus of claim 17, whereinthe memory location information generating unit generates the memory location information based on a random number generated for each execution of the program.

20. An encrypted-program generating apparatus that encrypts a program that is to be executed on a computer system, comprising:
- a program dividing unit operable to divide the program in units of a plurality of partial programs to be located in a memory space used for the execution of the program and be executed;
  
  a program encrypting unit-operable to encrypt the program in units of the plurality of partial programs; and
  
  a memory location information generating unit operable to generate memory location information indicating, for each of the encrypted partial programs, into which location area each encrypted partial program is to be located after being decrypted, the location area being included in the memory space, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The encrypted-program generating apparatus of claim 20, whereinthe program dividing unit embeds, into at least one of the plurality of partial programs, information used in a decryption process for a different partial program, andin a decryption process for the one partial program, information embedded in a different partial program that has previously been decrypted is used.
  - 22. The encrypted-program generation apparatus of claim 20, whereinthe information used in the decryption process for the one partial program is part or all of an encryption key used in the encryption process for the different partial program.
  - 23. The encrypted-program generation apparatus of claim 20, whereinthe information used in the decryption process for the one partial program is an encryption key generation program used for generating part or all of an encryption key that is used in the decryption process for the different partial program.
  - 24. The encrypted-program generation apparatus of claim 20, whereinthe information used in the decryption process for the one partial program is a 1^stencryption key used for decrypting a 2^ndencryption key that is used in the decryption process for the different partial program, andthe decryption process for the one partial program is performed with use of a 2^ndkey decrypted using a 1st encryption key obtained from a different partial program that has previously been decrypted and stored in the memory space.

25. An encryption program generating method for encrypting a program that is to be executed on a computer system, comprising:
- a program dividing step of dividing the program in units of a plurality of partial programs to be located in a memory space used for the execution of the program and be executed;
  
  a program encrypting step of encrypting the program in units of the plurality of partial programs; and
  
  a memory location information generating step of generating memory location information indicating, for each of the encrypted partial programs, into which location area each encrypted partial program is to be located after being decrypted, the location area being included in the memory space, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.

26. A recording medium recording thereon a program that makes a computer operate as an encrypted-program generating apparatus that encrypts a program to be executed on a computer system, whereinthe encrypted-program generating apparatus includes:
- a program dividing unit operable to divide the program in units of a plurality of partial programs to be located in a memory space used for the execution of the program and be executed;
  
  a program encrypting unit operable to encrypt the program in units of the plurality of partial programs; and
  
  a memory location information generating unit operable to generate memory location information indicating, for each of the encrypted partial programs, into which location area each encrypted partial program is to be located after being decrypted, the location area being included in the memory space, whereinthe memory location information indicates, with respect to at least one of the partial programs, at least part of the at least one partial program gets overwritten into a location area where one or more other partial programs have already been located before the at least one partial program gets decrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Abe, Toshihisa, Hirota, Teruto, Sato, Taichi, Shoda, Yukie, Matsushima, Hideki, Ito, Yoshikatsu, Asai, Rieko
Primary Examiner(s)
Peeso, Thomas R

Application Number

US11/790,399
Publication Number

US 20070294534A1
Time in Patent Office

1,161 Days
Field of Search

713/189, 713/193, 380/28, 380/284
US Class Current

713/189
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/6218   to a system of files or obj...

G06F 21/6281   at program execution time, ...

Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatuses and methods for decrypting encrypted data and locating the decrypted data in a memory space used for execution

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links