JP2001331375A - Program startup method, method and device for preventing unauthorized access, encoding/decoding system and card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a device, capable of preventing an unauthorized user from accessing a storage device in which data is stored at an encoded state by pretending to be someone else. SOLUTION: Fingerprints of a user to access the storage device 33 in a computer 3 are read by a fingerprint reader 22, data about prescribed fingerprint information stored in a first memory 11 of an IC card 1 are collated with the read fingerprint information, operation algorithm for encoding/decoding stored in a memory 32 is started, only when both pieces of fingerprint information match each other, the data to be stored in the storage device 33 is encoded by an encoding/decoding part 31 and encoded data stored in the storage device 33 is decoded simultaneously.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a program activation method for controlling activation of an operation program for encrypting data and / or an operation program for decrypting encrypted data, and stores data in an encrypted state. The present invention relates to a method and apparatus for preventing unauthorized user access to a storage device, an encryption / decryption system, and a card used in these methods.

[0002]

2. Description of the Related Art Computers, such as notebook computers, are becoming smaller and more portable.
Even in such a small computer, a large amount of data can be stored internally by mounting a small and large-capacity hard disk. Further, as for the hard disk for storing the data, from the existing fixed type, to the development of high-density mounting technology, the development of a portable type in the form of a card is going on in the future.

In such a situation where the size and weight of each device are being reduced, the main body of a notebook computer or a portable hard disk is stolen, and data stored in the hard disk is leaked or falsified. Preventing the situation is an important issue. Therefore, instead of storing the data as it is on the hard disk,
It is common practice to store data on a hard disk after encrypting data to be stored.

The process of encrypting data and the process of decrypting encrypted data are performed by software according to existing encryption operation programs and decryption operation programs, respectively. The activation of each operation program requires the input of password information consisting of specific numbers, characters, and the like so as not to be performed by a complicated user. In other words, only when the correct password information is entered,
These encryption and / or decryption operation programs are activated to access the hard disk, thereby preventing unauthorized access to the notebook computer body or portable hard disk even if it is stolen. This prevents leakage and tampering of stored data.

[0005]

However, in the above-mentioned conventional method, the password for starting the operation program for encryption and / or decryption is composed of numerals, characters, and the like. May be leaked, and if it is leaked, unauthorized users can easily start their operation programs and access the hard disk using the leaked password information, and the security is not sufficient There is a problem.

The present invention has been made in view of the above circumstances, and when an acquired physical feature and a predetermined physical feature are collated and matched with each other, an encryption operation program and / or a decryption operation program are provided. To provide a program start-up method that can prevent an unauthorized user from impersonating another person and illegally perform an encryption process and / or a decryption process by starting the operation program of the first embodiment, and can increase the security more than the conventional example. With the goal.

[0007] Another object of the present invention is to activate an operation program for encryption and / or an operation program for decryption when the acquired physical feature and a predetermined physical feature are collated and matched. An object of the present invention is to provide an unauthorized access prevention method and apparatus that can prevent an unauthorized user from impersonating another person and accessing the storage device illegally by enabling access to the storage device.

It is still another object of the present invention to provide an encryption / decryption system that can prevent encryption and / or decryption by an unauthorized user.

Still another object of the present invention is to provide a card used in the above method.

[0010]

According to a first aspect of the present invention, there is provided a program starting method for starting an operation program for encrypting data and / or an operation program for decrypting encrypted data with a predetermined password. The method comprises using a physical feature as the secret.

In the program starting method according to the first invention, a physical feature is used as a password for starting an operation program for encryption and / or an operation program for decryption. Since the physical characteristics are unique to each user, it is impossible to impersonate others and the security is extremely strong.

According to a second aspect of the present invention, in the first aspect, the physical feature is a fingerprint.

[0013] In the program starting method of the second invention, a fingerprint is used as a physical feature. It is easy to obtain a fingerprint that is a physical feature and the method of the present invention can be easily performed. In addition, the fingerprint can completely identify an individual and is extremely high in security.

According to a third aspect of the present invention, there is provided a method for preventing unauthorized access.
In a method for preventing unauthorized user access to a storage device that stores data in an encrypted state, a first step of obtaining physical characteristics of a user who has accessed the storage device, and the obtained physical characteristics and a predetermined body A second step of collating with a physical characteristic, an operation program for encrypting data to be stored in the storage device when the two physical characteristics match, and / or an encryption program stored in the storage device And a third step of executing an operation program for decoding the encrypted data.

[0015] In the unauthorized access prevention method according to the third aspect of the invention, the physical characteristics of the user who attempts to access the storage device are obtained, and it is determined whether or not the physical characteristics match the predetermined physical characteristics. Only when they match, it is possible to activate an operation program for encrypting data to be stored in the storage device and / or an operation program for decrypting encrypted data stored in the storage device. The physical characteristics are unique to each user, and it is impossible for an unauthorized user to impersonate another person to access the storage device, and the security of the storage device is extremely strong.

According to a fourth aspect of the present invention, there is provided a method for preventing unauthorized access.
The said predetermined physical characteristic is written in the card in Claim 3, The said predetermined physical characteristic is read from the said card in the said 2nd step, The said predetermined physical characteristic and the said 1st step are read. And collating with the physical characteristics obtained in (1).

In the unauthorized access prevention method according to the fourth invention, for example, a predetermined physical characteristic written on a card carried by the user is compared with the acquired physical characteristic.
Because the predetermined physical characteristic is written on a card carried by a legitimate user and is not stored somewhere else, the possibility that the predetermined physical characteristic is leaked is extremely low, and the safety is reduced. Sex is more improved.

The unauthorized access preventing device according to claim 5 is
An apparatus for preventing an unauthorized user from accessing a storage device that stores data in an encrypted state, comprising: obtaining means for obtaining physical characteristics of a user who has accessed the storage device; Verification means for verifying a physical feature, an operation program for encrypting data to be stored in the storage device when the two physical characteristics match, and / or an encryption program stored in the storage device. Permission means for permitting execution of an operation program for decoding data.

In the unauthorized access preventing apparatus according to the fifth invention, the acquiring means acquires the physical characteristics of the user who has accessed the storage device, and the collating means compares the acquired physical characteristics with the predetermined physical characteristics. The collation is performed, and the permission unit permits the encryption process and / or the decryption process when the two physical characteristics match. The physical characteristics are unique to each user, and it is impossible for an unauthorized user to impersonate another person to access the storage device, completely preventing unauthorized access to the storage device.

The unauthorized access prevention device according to claim 6 is
6. The method according to claim 5, further comprising: detecting means for detecting a failure of the acquiring means; and accepting means for receiving an input of a password when the acquiring means has failed, and when the inputted password matches a predetermined password. The permission means is adapted to permit execution of the operation program for encryption and / or the operation program for decryption.

In the unauthorized access preventing apparatus according to the sixth aspect of the present invention, the detecting means detects the failure of the acquiring means, and the accepting means detects
When the acquisition unit fails, an input of a password is accepted from the accessing user, and the permission unit permits the encryption process and / or the decryption process when the input password matches a predetermined password. Therefore, even when the acquisition unit fails, a legitimate user can access the storage device while maintaining the same security as the conventional example.

An encryption / decryption system according to claim 7 is
A storage device that stores data in an encrypted state, an encryption unit that encrypts data to be stored in the storage device,
Decryption means for decrypting encrypted data stored in the storage device, acquisition means for acquiring physical characteristics of a user who has accessed the storage device, and collating the acquired physical characteristics with predetermined physical characteristics Collating means, and when the two physical characteristics match by collation by the collating means,
Permission means for permitting execution of processing by the encryption means and / or the decryption means.

In the encryption / decryption system according to the seventh invention, when the acquired physical feature matches the predetermined physical feature, the permission unit performs processing by the encryption unit and / or the decryption unit. Allow execution of A legitimate user and an improper user are determined based on the physical characteristics, and encryption and / or decryption by an unauthorized user is prevented.

According to an eighth aspect of the present invention, there is provided a card used in the method according to any one of the first to fourth aspects, wherein the predetermined physical feature is written.

In the card according to the eighth aspect of the present invention, predetermined physical characteristics for specifying a valid user are written therein. Thus, the likelihood of the predetermined physical feature being leaked is very low and safe.

[0026]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be specifically described below with reference to the drawings showing the embodiments. FIG. 1 is a block diagram showing an apparatus configuration of an encryption / decryption system using an unauthorized access prevention method according to the present invention. In FIG. 1, 1 is an IC card, 2 is an unauthorized access prevention device, 3
Is a computer.

The IC card 1 is issued for each user who uses the computer 3, and each user has his or her own IC card 1. This IC card 1 is a card capable of writing / reading information in a contact or non-contact manner.

The IC card 1 has a first memory 11 for storing data of fingerprint information, which is physical information of the owning user.
Between the second memory 12 for storing data of personal identification information necessary for activating an operation program for data encryption / decryption processing in the computer 3, and the unauthorized access prevention device 2 (reader / writer 21). 13 for transmitting and receiving the data, and the CPU 1 for controlling the operation of each of these functional elements.
And 4. When the IC card 1 is issued, the data of the fingerprint information and the data of the password information corresponding thereto are written in the first memory 11 and the second memory 12, respectively.

The unauthorized access prevention device 2 includes an IC card 1
A reader / writer 21 for writing / reading information to / from a fingerprint reader 22 for obtaining fingerprint information of a user;
An interface 23 for transmitting and receiving information to and from the computer 3, a memory 24 storing an operation program for fingerprint collation processing and the like, and controlling the operation of these functional devices and executing software processing to be described later. CPU
25. The reader / writer 21 is an IC card 1
When is loaded, various data (fingerprint information data, password information data, etc.) stored therein are read out, the fingerprint information data is supplied to the CPU 25, and the password information data is transmitted via the interface 23. Output to computer 3. The fingerprint reader 22 optically or electrostatically reads a fingerprint, and provides the read fingerprint information to the CPU 25.

The above-mentioned first memory 11 and second memory 1
Each of the locks 2 is locked, and when reading stored data from the memories 11 and 12, it is necessary to open each lock with a key. The key to the first memory 11 is held by the reader / writer 21, and the key is the valid IC card 1 corresponding to the reader / writer 21, and the first memory 11 is unlocked. Also, the key to the second memory 12 is provided in the unauthorized access prevention device 2, and is used to check whether the stored data of the fingerprint information read from the IC card 1 matches the fingerprint information obtained by the fingerprint reader 22. The key is the second
The memory 12 is unlocked.

The computer 3 stores an encryption / decryption unit 31 for performing an encryption process for encrypting data and a decryption process for decrypting the encrypted data, an operation program for encryption, an operation program for decryption, and the like. A memory 32 for storing data in an encrypted state, an interface 34 for transmitting and receiving information between the unauthorized access prevention device 2, an input unit 35 for receiving external input, and And a CPU 36 for controlling the operation of the functional unit. When a correct password is input from the unauthorized access prevention device 2 via the interface 34, the encryption / decryption program stored in the memory 32
The data is read out and started by the decryption unit 31, and the encryption / decryption processing is performed.

Next, the operation of the unauthorized access prevention method according to the present invention will be described with reference to the flowcharts of FIGS.

First, registration processing of fingerprint information and password information will be described. FIG. 2 is a flowchart showing an operation procedure of the processing. The fingerprint of the user using the computer 3 is read by the fingerprint reader 22 to obtain fingerprint information, and the data is written and stored in the first memory 11 of the ID card 1 by the reader / writer 21 (step S11). .

At this time, the CPU 25 generates a specific numeral or character according to the control program. The specific numbers or characters generated and set in this manner are password information paired with the data of the fingerprint information of the user, and the data is stored in the second memory 12 of the ID card 1 by the reader / writer 21. Write and store (step S12). If the fingerprint information data and the password information data are encrypted and stored, security is improved.

Then, the password information is registered in the computer 3 (step S13). Further, the data of the fingerprint information and the data of the password information are written as they are or encrypted, and stored in the emergency recovery card (step S14). This emergency restoration card is used for data restoration when fingerprint collation becomes impossible due to a failure of the fingerprint reader 22 or the like, and is usually kept strictly.

Although the case where the registration processing of the fingerprint information and the password information is performed by using the components shown in FIG. 1 has been described, such a registration processing may be performed independently of the system of FIG. good.

Next, an encryption process for encrypting data and storing it in the storage device 33 will be described. FIG. 3 is a flowchart showing an operation procedure of the processing. The ID card 1 carried by the user trying to access the computer 3 is loaded into the reader / writer 21 (step S).
21). The CPU 25 determines whether or not the loaded ID card 1 is a regular card corresponding to the reader / writer 21 (Step S22). If the card is a valid card (S22: YES), the lock of the first memory 11 is opened, and the fingerprint information data stored therein is read by the reader / writer 21 to the CPU 25 (step S23). If it is determined that the card is not a legitimate card (S22: NO), the operation ends.

The fingerprint reader 22 reads the fingerprint of the user to obtain fingerprint information (step S24). CPU25
Checks the obtained fingerprint information and the read fingerprint information data to determine whether or not they match (step S25). If they match (S25: YES),
The lock of the second memory 12 is opened, and the data of the password stored therein is read out by the reader / writer 21 (step S26). If it is determined that they do not match (S25: NO), the operation ends.

The password information read by the unauthorized access prevention device 2 is sent to the computer 3 via the interfaces 23 and 34. As a result, an operation program for encryption is read from the memory 32, and the operation program is started in the encryption / decryption unit 31, and encryption processing is performed on data to be stored (step S2).
7). Then, the encrypted data is stored in the storage device 33 (Step S28).

Next, a decryption process for decrypting the encrypted data stored in the storage device 33 will be described. FIG.
5 is a flowchart showing an operation procedure of the processing.
The ID card 1 carried by the user trying to access the computer 3 is loaded into the reader / writer 21 (step S31). The CPU 25 determines whether the loaded ID card 1 is a legitimate card corresponding to the reader / writer 21 (step S32). If the card is a valid card (S32: YES), the lock of the first memory 11 is unlocked, and the fingerprint information data stored therein is read by the reader / writer 21 to the CPU 25 (step S33). If it is determined that the card is not a valid card (S32: NO), the operation ends.

The fingerprint reader 32 reads the fingerprint of the user to obtain fingerprint information (step S34). CPU25
Collates the obtained fingerprint information with the read fingerprint information data to determine whether or not they match (step S35). If they match (S35: YES),
The lock of the second memory 12 is unlocked, and the data of the password stored therein is read by the reader / writer 21 (step S36).

The password information read by the unauthorized access prevention device 2 is sent to the computer 3 via the interfaces 23 and 34. As a result, the operation program for decryption is read from the memory 32 and the encryption / decryption unit 3
1, the operation program is started and the storage device 33 is activated.
Is subjected to decryption processing on the encrypted data stored in (step S37). Then, the decrypted data is output (step S38).

The fingerprint information obtained by the fingerprint reader 32 and the IC
If the data of the fingerprint information read from the card 1 does not match (S35: NO), the CPU 25 determines whether or not the fingerprint reader 22 has failed (step S3).
9). If there is a failure (S39: YES), the input unit 3
5 accepts an external input of personal identification information (step S
40). As a result, the decryption operation program is started, the encrypted data stored in the storage device 33 is decrypted (S37), and the decrypted data is output (S38). As described above, when the fingerprint reader 32 fails, the fingerprint reader 32 has an auxiliary function of detecting the failure by itself and performing decryption processing by externally inputting the password information. On this occasion,
In order to ensure security, password information externally input is prevented from remaining in the computer 3.

Even if the fingerprint information does not match even in the above-described encryption processing, similarly, when the failure of the fingerprint reader 22 is detected, an external input of the password information is accepted and the data is received. May be configured to be able to perform encryption.

Next, a description will be given of a restoration process when fingerprint collation cannot be performed. FIG. 5 is a flowchart showing an operation procedure of the processing. The password information stored in the emergency restoration card is read, and the read password information is input to the computer 3 via the input unit 35 (step S41). The operation program for decryption in the memory 32 is started, and all the encrypted data stored in the storage device 33 is decrypted by the encryption / decryption unit 31 (step S4).
2). Thereafter, the pair of the registered fingerprint information and password information is deleted (step S43). Thus, for example, even if the user's finger is damaged and fingerprint collation becomes impossible,
The encrypted data can be decrypted to the original data.

Hereinafter, an embodiment in which the unauthorized access preventing device of the present invention is incorporated in a computer will be described. FIG. 6 is a block diagram showing a main configuration of a portable computer according to a first example of such a simplified embodiment. The portable computer 4 includes a fingerprint scanner 41 composed of a one-chip integrated circuit, an encryption / decryption unit 42 for performing an encryption process for encrypting data and a decryption process for decrypting encrypted data, and an encryption / decryption unit 42. Memory 43 for storing an operation program for use / decryption, an operation program for fingerprint collation processing, data of fingerprint information of a predetermined user, and a storage device 44 for storing data in an encrypted state. The CPU 45 controls the operation of each functional unit and executes software processing described later. In this example, as described below, the fingerprint collation result is directly used as password information for activating an encryption / decryption operation program.

Next, an encryption process for encrypting data and storing it in the storage device 44 will be described. FIG. 7 is a flowchart showing an operation procedure of the processing. The fingerprint of the user who attempts to access the computer 3 is read by the fingerprint scanner 41 to obtain fingerprint information (step S5).
1). The CPU 45 collates the obtained fingerprint information with the data of the predetermined fingerprint information read from the memory 43, and determines whether or not they match (step S52). If they match (S52: YES), the operation program for encryption is read from the memory 43 and the encryption / decryption unit 4
2, the operation program is started, and data to be stored is encrypted (step S5).
3). Then, the encrypted data is stored in the storage device 44 (Step S54). On the other hand, if they do not match (S52: NO), the operation ends as it is.

Next, a decryption process for decrypting the encrypted data stored in the storage device 44 will be described. FIG.
5 is a flowchart showing an operation procedure of the processing.
The fingerprint of the user trying to access the computer 3 is read by the fingerprint scanner 41 to obtain fingerprint information (step S61). The CPU 45 collates the obtained fingerprint information with the data of the predetermined fingerprint information read from the memory 43, and determines whether or not the two match (step S6).
2). If they match (S62: YES), the memory 43
, An operation program for decryption is read out, and the operation program is started by the encryption / decryption unit 42, and decryption processing is performed on the encrypted data stored in the storage device 44 (step S63). Then, the decrypted data is output (step S64). On the other hand, if they do not match (S62: NO), the operation ends as it is.

FIG. 9 is a block diagram showing a main configuration of a portable computer according to a second example of such a simplified embodiment. The portable computer 4 includes a fingerprint scanner 41 and an encryption / decryption unit 42 similar to those of the first example,
A removable storage device 51 for storing data in an encrypted state, and a communication unit 52 for communicating with a network
A memory 53 storing an operation program for encryption / decryption, an operation program for fingerprint collation processing, an operation program for communication processing in the communication section 52, data of fingerprint information of a predetermined user, and the like; And a CPU 54 for controlling the operation of each functional unit and executing the software processing as described above. In this example, the storage device 51
It is a card-type portable storage device that can be attached to and detached from the portable computer 4.

Also in the second example, the fingerprint collation result is used as password information for activating the encryption / decryption operation program. The encryption / decryption processing in the second example is the same as that in the first example. Same as in the case.

In the second example, execution of communication processing in the communication section 52 requires authentication of whether or not the user is a valid user. Then, in order to determine whether or not the user is a legitimate user, a fingerprint collation result is used in the same manner as when the encryption / decryption operation program is started.

Note that. In the above-described embodiment, the case where a fingerprint is used as a physical feature has been described.
Of course, other physical features can be used.

Also, an example has been described in which one user can access the storage device of one computer. However, the present invention is not limited to this, and a configuration in which a specific plurality of users can access the storage device is also possible. Needless to say.

[0054]

As described above, in the program starting method according to the first aspect of the present invention, a physical feature unique to each user is used as a password for starting the operation program for encryption and / or the operation program for decryption. Because it is used, it is impossible to impersonate another person, and extremely high security can be realized.

In the program starting method according to the second aspect of the present invention, since the fingerprint information is used as the physical feature, the physical feature can be easily obtained, and the authorized user can be specified accurately and easily. .

In the unauthorized access prevention method according to the third invention, it is determined whether or not the physical characteristics of the user match the predetermined physical characteristics, and only when the physical characteristics match, the data to be stored in the storage device is encrypted. And / or an operation program for decrypting encrypted data stored in the storage device can be activated, so that it is impossible for an unauthorized user to access the storage device by impersonating another person. Yes, extremely high security can be achieved regarding access to the storage device.

In the unauthorized access prevention method according to the fourth invention, the predetermined physical characteristic written on the card is compared with the acquired physical characteristic, so that the predetermined physical characteristic may be leaked. Performance is very low and safety can be further improved.

In the unauthorized access prevention device according to the fifth aspect of the invention, when the acquired physical characteristic matches the predetermined physical characteristic, the encryption processing and / or the decryption processing are permitted. Cannot access the storage device by impersonating another person, and can completely prevent unauthorized access to the storage device.

In the unauthorized access prevention device according to the sixth aspect of the present invention, when the failure of the acquisition means for acquiring the physical characteristics is detected,
Since the input of the password is accepted, even when the acquisition unit fails, the legitimate user can access the storage device while maintaining the same security as the conventional example.

In the encryption / decryption system according to the seventh aspect of the present invention, when the acquired physical feature matches a predetermined physical feature, execution of processing by the encryption means and / or the decryption means is permitted. As a result, a legitimate user and an unjust user can be easily determined based on physical characteristics, and encryption and / or decryption by an unauthorized user can be completely prevented.

In the card according to the eighth aspect of the present invention, a predetermined physical characteristic for specifying a legitimate user is written, so that the possibility that the predetermined physical characteristic is leaked is very low and safe. .

[Brief description of the drawings]

FIG. 1 is a block diagram showing an apparatus configuration of an encryption / decryption system using an unauthorized access prevention method according to the present invention.

FIG. 2 is a flowchart illustrating an operation procedure of registration processing of fingerprint information and password information.

FIG. 3 is a flowchart illustrating an operation procedure of an encryption process.

FIG. 4 is a flowchart showing an operation procedure of a decoding process.

FIG. 5 is a flowchart illustrating an operation procedure of a restoration process when fingerprint collation cannot be performed;

FIG. 6 is a block diagram showing a main configuration of a first example in which the unauthorized access prevention device of the present invention is incorporated in a computer.

FIG. 7 is a flowchart illustrating an operation procedure of an encryption process.

FIG. 8 is a flowchart showing an operation procedure of a decoding process.

FIG. 9 is a block diagram showing a main configuration of a second example in which the unauthorized access prevention device of the present invention is incorporated in a computer.

[Explanation of symbols]

 Reference Signs List 1 IC card 2 Unauthorized access prevention device 3 Computer 4 Portable computer 11 First memory 12 Second memory 14, 25, 36, 45, 54 CPU 21 Reader / writer 22 Fingerprint reader 31, 42 Encryption / decryption unit 24, 32, 43, 53 memory 33, 44, 51 storage device 35 input unit 41 fingerprint scanner 52 communication unit

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 12/00 537 G06F 9/06 660E 5J104 G06K 19/10 G06K 19/00 S 19/00 TH04L 9 / 32 H04L 9/00 673A 673D 673E

Claims (8)

[Claims] 1. A method for starting an operation program for encrypting data and / or an operation program for decrypting encrypted data with a predetermined password, wherein a physical feature is used as the password. And how to start the program. 2. The method according to claim 1, wherein the physical feature is a fingerprint. 3. A method for preventing unauthorized user access to a storage device that stores data in an encrypted state, wherein a first step of obtaining a physical characteristic of a user who has accessed the storage device, A second step of comparing a feature with a predetermined physical feature, and an operation program for encrypting data to be stored in the storage device when the two physical features match, and / or And a third step of executing an operation program for decrypting the stored encrypted data. 4. The predetermined physical characteristic is written on a card, and in the second step, the predetermined physical characteristic is read from the card, and the read predetermined physical characteristic and the first step are read. 4. The method for preventing unauthorized access according to claim 3, wherein the method is compared with the physical characteristics obtained in step (a). 5. An apparatus for preventing an unauthorized user from accessing a storage device that stores data in an encrypted state, wherein: an obtaining unit that obtains physical characteristics of the user who accesses the storage device; Collation means for collating a characteristic with a predetermined physical characteristic, an operation program for encrypting data to be stored in the storage device when the two physical characteristics match, and / or storage in the storage device And a permission unit for permitting execution of an operation program for decrypting the encrypted data. 6. A detecting means for detecting a failure of said obtaining means, and a receiving means for receiving an input of a password when the obtaining means has failed, wherein when the input password matches a predetermined password. 6. The unauthorized access prevention device according to claim 5, wherein the permission unit is configured to permit execution of the operation program to be encrypted and / or the operation program to be decrypted. 7. A storage device for storing data in an encrypted state, encryption means for encrypting data to be stored in the storage device, and decryption for decrypting encrypted data stored in the storage device. Means, acquiring means for acquiring physical characteristics of a user who has accessed the storage device, collating means for collating the acquired physical characteristics with a predetermined physical characteristic, and both bodies by collating with the collating means. An encryption / decryption system comprising: a permission unit that permits execution of processing by the encryption unit and / or the decryption unit when the characteristic features match. 8. A card used in the method according to claim 1, wherein said predetermined physical characteristic is written.