JPH11250192A - Recording medium with built-in ic chip and information access controller - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a recording medium provided with a built-in IC chip and capable of holding security for digital information such as software to be recorded. SOLUTION: The recording medium 10 is constituted of housing a recording medium 11 such as a CD-ROM in a casing 13 having a shape to be housed in an information access device 20 and fitting an IC chip 12 to a prescribed position of the casing 13. A ciphered file obtained by ciphering digital information is recorded in the recording medium 11. At the time of accessing information by the device 20, the IC chip 12 executes verification, and when the verified result is affirmative, sends a decipher key for deciphering the ciphered file to the device 20. The device 20 receives the decipher key from the IC chip 12, deciphers the ciphered file and installs the deciphered file.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a package type recording medium for recording a computer program, for example, a flexible disk (FD), a compact disk type ROM (CD-ROM), a magneto-optical disk (MO disk), a mini disk. The present invention relates to a disk (MD) and an access device for accessing these recording media, and more particularly, to a technique for ensuring security of a computer program recorded on the recording medium.

[0002]

2. Description of the Related Art When distributing digital information such as computer programs, data, and contents, it is common to record these on a package-type recording medium in a computer-readable form. The user sets the recording medium in the computer device, installs the recording medium, and uses the recording medium. However, conventionally, security measures for recorded information have not been sufficiently taken on recording media, and measures for preventing unauthorized copying are poor.

[0003] For example, it is very easy for a third party who has borrowed a recording medium from a purchaser to install digital information into his / her own computer device. Software I
Attempts have been made to provide a D-number and a user registration system, but at present it does not lead to a fundamental solution for preventing unauthorized copying. As a means for maintaining the sameness of the recorded information, for example, in the case of FD, it is common to set the slide switch of the package to “writable”. Changing to the "writable" state is very easy and does not call security.

[0004]

In recent years, the size of digital information to be recorded has been increasing, and accordingly, the recording medium is read-only, such as a CD-ROM, but has a large capacity. A recording medium is being used. However, such a recording medium is not provided with a software ID number for each medium due to the manufacturing process. Normally, when installing a program or the like, it is necessary to input a software ID number. However, in many cases, this software ID number is not recorded on a recording medium, but is used as a software ID number. Can be installed if the result obtained by applying the hash function to a table stored in a recording medium in advance is used. For example, with the software ID number of the recording medium purchased by Mr. A,
The recording information of the same recording medium purchased by Mr. B can be installed. As described above, it is not preferable that the software can be installed from the same recording medium as many times as possible, and a technical development for securing digital information has been desired.

Accordingly, an object of the present invention is to provide a recording medium with a built-in IC chip that ensures the security of recorded digital information by utilizing the tamper resistance and high security of the IC chip. Another object of the present invention is to provide I
An object of the present invention is to provide an information access device for performing information access to a recording medium with a built-in C chip.

[0006]

According to the present invention, there is provided a recording medium with a built-in IC chip which can be accommodated in a device for reading digital information recorded on the recording medium and accessing information to the IC chip. Wherein the recording medium is accommodated inside the housing, and the IC chip is attached to a predetermined portion.
The chip is configured to restrict reading of the digital information by the device.

[0007] The digital information is, for example, digital information encrypted by a predetermined encryption algorithm. In this case, the IC chip holds a decryption key used for decrypting the encrypted digital information and authenticates information access from the device. If the authentication result is affirmative, the IC chip notifies the device. An access control means for passing the decryption key and decrypting the encrypted digital information is provided.

[0008] The digital information may be an executable program. In this case, the IC chip holds condition information necessary for executing the executable program, authenticates information access from the device, and if the authentication result is affirmative, sends the condition information to the device. And an access control unit for forming an execution state of the executable program. The condition information is, for example, start information, key information, or data that defines a program execution procedure.

[0009] The access control means is configured to perform the authentication by confirming the validity of the random number data received at the time of the information access, for example.

Another recording medium with a built-in IC chip according to the present invention is:
A computer-readable installer and a recording medium on which digital information to be installed is recorded are housed in a housing that can be housed in the computer. A predetermined portion of the housing is provided with an IC chip that performs authentication in response to a command input and outputs an authentication result. The installer sends an authentication command based on predetermined authentication data to the IC chip, and
The authentication result is obtained from the C chip, and when the authentication result is affirmative, the computer device executes a process of installing the digital information recorded on the IC chip.

In such a recording medium with a built-in IC chip, the digital information may be encrypted digital information. In this case, the IC chip holds a decryption key used for decrypting the encrypted digital information, authenticates information access from the device, and if the authentication result is affirmative, the decryption key And the installer causes the computer device to execute a process of decrypting the encrypted digital information with the decryption key and installing the decrypted digital information.

In the case where the IC chip holds a decryption key, key generation means for generating a reference key in response to the input of the authentication command, and verification means for verifying the generated reference key with the decryption key Are configured to output a positive authentication result when both keys match.

Preferably, the IC chip further comprises:
An installation number counting means for counting the number of installations, and means for restricting the installation when the count value of the installation number counting means exceeds a predetermined value.

According to another aspect of the present invention, there is provided an information access apparatus for storing digital information and a recording medium storing an installer of the digital information in a housing, and an IC chip fixed to a predetermined portion of the housing. And a reader / writer for transmitting / receiving information to / from the IC chip when the housing is accommodated, and an authentication command to the IC chip through the reader / writer. And a controller for reading the installer from the recording medium and installing the digital information when the authentication result from the IC chip is affirmative.

[0015] When the encrypted digital information is recorded on the recording medium and a decryption key for decrypting the encrypted digital information is held in the IC chip, the control means determines that the authentication result is In the case of affirmative, the installation is performed after decrypting the encrypted digital information using the decryption key stored in the IC chip.

[0016]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an embodiment of a computer system including a recording medium with a built-in IC chip of the present invention and an information access device of the present invention will be described. Here, the recording medium for recording digital information is CD-RO.
The digital information is assumed to be encrypted by a predetermined encryption algorithm. Hereinafter, the plaintext digital information is simply referred to as a file, and the encrypted file is referred to as an encrypted file.

FIG. 1 is a configuration diagram of a computer system according to the present embodiment. This computer system
CD-ROM with built-in IC chip having IC chip 12
(Hereinafter, IC-CD) 10 and a CD-
An information access device 20 for installing a file or an encrypted file recorded in the ROM 11 is provided.

The information access device 20 has a CD-ROM 1
A read head 21 for reading the information recorded in
Reader / writer 2 for exchanging information with C chip 12
And a control unit 23 realized by reading a predetermined control program by a CPU (not shown) in the device, and a large-capacity hard disk 24 as an auxiliary storage device. Usually, the information access device 20 is realized by a personal computer or a workstation.

The IC-CD 10 is an information access device 20
The CD-ROM 11 is housed in a resin-made casing 13 having a shape and dimensions attachable to a media loading mechanism (not shown). The IC chip 12 is attached to the section. A slidable cover 14 is attached to the housing 13, and when the IC-CD 10 is mounted on the media mounting mechanism, the cover 14
-The recording surface of the ROM 11 is exposed, and the read head 21
-The recorded information in the ROM 11 can be read.

The IC chip 12 has at least the ROM 1
5, RAM 16, EEPROM 17, CPU 18, I /
An O port 19 is formed.

The ROM 15 stores an IC program read and executed by the CPU 18. The RAM 16 is a work area used by the CPU 18, and the EEPROM 17 has a key storage area 171,
An installation count storage area 172 and a key generation function storage area 173 are formed. The CPU 18 is a logical operation processor that performs a function operation and input / output control. The I / O port 19 is an input / output port for information with the reader / writer 22.

In this embodiment, in addition to the above-mentioned encrypted file, information on an encryption algorithm,
Record the installer. On the side of the information access device 20, when the IC-CD 10 is mounted on the medium mounting mechanism, the installer recorded on the CD-ROM 11 is read, and the CPU executes the installer, thereby putting various functional blocks into the device. Form. Also in the IC chip 12, various functional blocks are formed by the CPU 18 reading and executing the IC program.

FIG. 2 is a correlation diagram of these functional blocks. That is, the information access device 20 forms functional blocks of the random number processing unit 26, the decoding unit 27, and the memory control unit 28. The random number processing unit 26 receives user authentication data (random number) through an input device (not shown) and outputs the data to the IC chip 12 through the reader / writer 22. The decryption unit 27 decrypts the encrypted file recorded on the CD-ROM 11 when the decryption key is sent from the IC chip 12. The memory control unit 28 controls the storage of the decrypted file on the hard disk 24.

On the other hand, the IC chip 12 includes a memory control unit 121, a key generation unit 122, a collation unit 123, and a number detection unit 1
24 function blocks are formed. Memory control unit 121
Performs recording control and reproduction control of information in the EEPROM 17, and the key generation unit 122 generates a reference key based on a random number input from the random number processing unit 26. The collation unit 123 collates whether the reference key generated by the key generation unit 122 matches the key stored in the key storage area 171 in the EEPROM 17, and stores the collation result in the installation count storage area 172. By referring to the number of times the installation can be performed, whether the installation is possible or not is output to the decoding unit 27 through the reader / writer 22. The number-of-times detecting unit 124 updates the number of times of installation in the number-of-installations storage area 172.

The encrypted file recorded on the IC-CD 10 is encrypted by, for example, a known common key method. FIG. 3 shows the procedure of the encryption process in this case. First,
A random number is generated in a recording device (not shown) for recording a file on the CD-ROM 10 (step S10).
1) An encryption key is generated using the random number and the key generation function (step S102). For example, if the key generation function is G
(X), where R is a random number, the encryption key K is obtained by the following equation (1). K = G (R) (1)

Next, the encryption key K and the common encryption algorithm C
Is used to encrypt the target file F0. The encrypted file F1 generated as described above has the following (2)
It can be obtained by an equation (step S103). F1 = C (F0) (2)

The recording device records the encrypted file F1 generated in this manner together with the common encryption algorithm C and the installer on the CD-ROM 11. Also, IC
The key storage area 171, the installation count storage area 172, and the key generation function storage area 173 of the chip 12 store the encryption key K, the initial value of the number of installable times, and the key generation function G, respectively.
Record (x). For the user, IC-CD10
And the random number R used to generate the encryption key K.

Next, in the computer system, the user operates the encrypted file F recorded on the IC-CD 10.
1 will be described with reference to FIG.

When the user who has received the random number R and the IC-CD 10 mounts the IC-CD 10 on the medium mounting mechanism, the information access device 20 reads and executes the installer recorded on the CD-ROM 11 (step S).
201). After that, the random number processing unit 26 receives the input of the random number R from the user, and outputs this to the key generation unit 122 of the IC chip 12 as an authentication command (step S20).
2). The key generation unit 122 stores the key generation function G (x) stored in the key generation function storage area 173 of the EEPROM 17.
Is received via the memory control unit 121, and a reference key is generated (step S203).

The collating unit 123 generates a key with the key generation unit 122 in which the number of installable times N stored in the number-of-installations storage area 172 is equal to or more than “1” and the key stored in the key storage area 171 in advance. Then, it is compared with the reference key (step S204). If both match (step S204; Yes), a positive authentication result, that is, “OK judgment” is transmitted to the number-of-times detecting unit 124, and the “OK judgment” and the decryption key are And send.

The number-of-times detecting section 124 updates the installable number N to “N−1” and stores (updates) this in the install number storage area 172 via the memory control section 121 (step S205).

In the information access device 20, the decryption unit 27 decrypts the encrypted file F1 based on the decryption key and the common encryption algorithm C, and decrypts the decrypted file F1 with the memory control unit 28.
(Step S206). Memory control unit 28
Installs the decrypted file on the hard disk 24 (step S207), and terminates the process. On the other hand, in step S204, if the reference key and the decryption key do not match, or if the number of installable times N is “0” (step S204; No), the matching unit 123 An authentication result, that is, “NG determination” is transmitted. The decoding unit 27 that has received the NG determination immediately ends the processing.

As described above, the encrypted file F1 is stored in the CD-
By recording the information in the ROM 11 and storing the decryption key and the like in the IC chip 12, it is possible to leave the access control of the information recorded in the CD-ROM 11 to the IC chip 12. For example, it is possible to authenticate the validity of the user and to limit the number of installations, which is impossible with a conventional CD-ROM, FD, or the like, and complete security measures for files.

In this embodiment, as a recording medium,
A so-called packaged CD-R stored in the housing 13
Although the OM has been described as an example, the present invention can be similarly applied to other recording media having a structure to which an IC chip can be fixed, such as an MO or a DVD.

[0035]

Next, an embodiment of the IC-ID 10 will be described. (First Embodiment) By using the IC-ID 10, the application processing can be decentralized. In other words, of the files for executing the predetermined application processing, only the part of the program in the executable format is recorded on the CD-ROM 11 and used as the installation target file. It is also possible to mount them and execute one application process by combining them. In this way, by decentralizing the application processing, the memory capacity at the time of installation can be reduced.

(Second Embodiment) In addition to recording an executable program on the CD-ROM 11, condition information necessary for executing the program can be recorded on the IC chip 12 (EEPROM 17) in an updatable manner. Can be combined in the information access apparatus 20 so that the program can be executed only by the IC-CD 10 without necessarily installing the program.

Examples of the program in the executable form in this case include a game program such as RPG (role playing game), a business AP (AP is an application program, the same applies hereinafter), an electronic money AP, and the like. . The condition information recorded on the IC chip 12 is game progress information and other variable information for each player in the case of a game program, data in the case of a business AP, and electronic money information in the case of an electronic money AP. . The information may be environmental information or key information of a computer device required for starting each program.

By adopting such a usage pattern, the condition information is carried together with the program in the executable form, and the two are united when the program is executed, so that the IC-CD 1
Since the program can be started from above, conflicts in the execution environment of a plurality of programs can be prevented.

Even when it is necessary to install the program in the information access device 20, since the program and its condition information are integrated, there is no need to separately move the AP and the condition information to the computer device. It is possible to facilitate the formation of the execution environment.

[0040]

As is clear from the above description, according to the recording medium with the built-in IC chip of the present invention, the recorded digital information and the security at the time of delivery of the digital information can be secured. And a license pack contract can be made without involvement of a software maker.

[Brief description of the drawings]

FIG. 1 is a configuration diagram showing an embodiment of a computer system to which the present invention is applied.

FIG. 2 is a correlation diagram of functional blocks according to the embodiment;

FIG. 3 is an explanatory diagram showing a procedure for encrypting a recording target file according to the embodiment;

FIG. 4 is an explanatory diagram of a procedure for installing a recording target file according to the embodiment;

[Explanation of symbols]

 Reference Signs List 10 IC-CD 11 CD-ROM 12 IC chip 13 Case 14 Cover 17 EEPROM 18 CPU 20 Information access device 21 Read head 22 Reader / writer 23 Control device 24 Hard disk 26 Random number processing unit 27 Decoding unit 28, 121 Memory control unit 122 Key Generation unit 123 Collation unit 124 Number of times detection unit 171 Key storage area 172 Installation times storage area 173 Key generation function storage area

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁶ Identification symbol FI G06F 12/14 320 G06F 12/14 320E G11B 7/24 571 G11B 7/24 571A 571Z 19/04 501 19/04 501H

Claims (10)

[Claims] 1. A housing having a shape capable of being housed in a device for reading digital information recorded on a recording medium and accessing information to an IC chip, wherein the recording medium is housed inside the housing. The IC chip is attached to a predetermined portion of the housing, and the IC chip is configured to restrict reading of the digital information by the device. recoding media. 2. The digital information is encrypted digital information, and the IC chip holds a decryption key used for decrypting the encrypted digital information, and controls an information access from the device. 2. The IC according to claim 1, further comprising access control means for performing authentication, and passing the decryption key to the apparatus when the authentication result is affirmative to decrypt the encrypted digital information. Recording media with built-in chip. 3. The digital information is an executable program. The IC chip holds condition information necessary for executing the executable program, authenticates information access from the device, and performs authentication. 2. The recording medium with a built-in IC chip according to claim 1, further comprising access control means for passing the condition information to the apparatus when the result is affirmative so as to form an execution state of the executable program. 4. The apparatus according to claim 2, wherein the access control unit performs the authentication by confirming the validity of the random number data received at the time of the information access. Recording media with built-in IC chip. 5. A computer-readable storage medium storing an installer readable by a computer device and digital information to be installed, in a housing capable of being housed in the computer device, and instructing a predetermined portion of the housing to issue a command. What is claimed is: 1. A recording medium with a built-in IC chip, comprising: an IC chip for performing authentication upon input and outputting an authentication result, wherein said installer sends an authentication command based on predetermined authentication data to said IC chip and said IC chip. Acquiring the authentication result from the computer, and when the authentication result is positive, causes the computer device to execute a process of installing the digital information recorded on the IC chip. . 6. The digital information is encrypted digital information, wherein the IC chip holds a decryption key used for decrypting the encrypted digital information, and controls an information access from the device. It is configured to perform authentication, and to pass the decryption key when the authentication result is positive, wherein the installer performs a process of decrypting and installing the encrypted digital information with the decryption key to the computer device. 6. The recording medium with a built-in IC chip according to claim 5, wherein the recording medium is executed. 7. The IC chip comprises: key generation means for generating a reference key in response to input of the authentication command; and verification means for verifying the generated reference key with the decryption key. 7. The recording medium with a built-in IC chip according to claim 2, wherein a positive authentication result is output when they match. 8. The IC chip includes an installation number counting unit for counting the number of installations, and a unit for limiting the installation when a count value of the installation number counting unit exceeds a predetermined value. 7. The recording medium with a built-in IC chip according to claim 6, wherein: 9. A storage medium in which digital information and an installer of the digital information are stored in a housing, and an IC chip fixed to a predetermined portion of the housing.
An apparatus for accessing information on a recording medium with a built-in C chip, wherein the reader / writer transmits and receives information to and from the IC chip when the housing is housed, and sends an authentication command to the IC chip through the reader / writer. Control means for reading the installer from the recording medium and installing the digital information when the authentication result from the IC chip is affirmative. 10. The recording medium stores encrypted digital information, and the IC chip holds a decryption key for decrypting the encrypted digital information. If the authentication result is positive, the I
10. The information access apparatus according to claim 9, wherein the installation is performed after decrypting the encrypted digital information using a decryption key stored in a C chip.