1. Field of the Invention
The present invention relates to an encryption/decryption system, a control method therefor, and a storage medium.
2. Description of the Related Art
Conventional printing apparatuses have an encrypting function and a decrypting function for enhanced security. With the encrypting function, data stored in a storage device such as an HDD which the printing apparatuses have is encrypted, and with the decrypting function, the encrypted data is decrypted using a so-called encryption key.
In governments in some countries including Japan and the U.S. and security-aware corporations, the printing apparatuses mentioned above are required to obtain certification from a third-party institution based on “Japan Cryptographic Module Validation Program” which is one of product certification systems, and specifically, required to have security levels 2 or higher approval under this certification program.
The encrypting function is offered by an IC chip, and from the standpoint of enhancing robustness in terms of security, is more preferably offered by an SiP (System in a Package) in which a nonvolatile memory die, in which secret information such as a encryption key, an encryption program, and so on are stored, and an encryption logic die are sealed in a package.
In general, an IC chip has an input-output IF for use in input and output of data, a debug IF for use in failure analysis, and a memory IF for use in storing an encryption program in a nonvolatile memory inside the IC chip, and in some cases, an analysis of the interior of the IC chip is carried out by way of the debug IF or the memory IF.
In order that the encrypting function can be offered by an IC chip, and security levels 2 or higher certification under “Japan Cryptographic Module Validation Program” can be obtained, information included in the IC chip has to be prevented from being analyzed even when an access to a debug IF or a memory IF is made. To deal with this, there is a method in which part or all of secret information and an encryption program stored in a nonvolatile memory are subjected to encryption.
Secret information and an encryption program stored in a nonvolatile memory are encrypted using, for example, the AES (advanced encryption standard) which is a common key cryptosystem, but a encryption key for encrypted secret information and an encryption program is reproduced sometimes based on information obtained by a third party through access to a debug IF or a memory IF. Thus, in order to prevent a encryption key for encrypted secret information and an encryption program from being reproduced easily by a third party, data is encrypted using random numbers obtained by inputting a encryption key generated by a encryption key generation unit which an encryption apparatus has and an initial input value set in plain text in a register to a random number generation circuit (see, for example, Japanese Laid-Open Patent Publication (Kokai) No. H10-22994).
However, an initial input value in the register is set in plain text, and hence when the initial input value is stolen, a encryption key is reproduced, causing encrypted data to be decrypted with ease.
The present invention provides an encryption/decryption system and a control method therefor which are capable of preventing encrypted data from being easily decrypted, as well as a storage medium.
Accordingly, a first aspect of the present invention provides an encryption/decryption system which sends and receives data to and from a host apparatus, comprising a storage unit configured to store, in encrypted form, a program for carrying out an encryption process or a decryption process on data sent and received to and from the host apparatus, a key generation unit configured to generate a key for decrypting the stored program in response to startup of the encryption/decryption system, a decryption unit configured to decrypt the stored program using the key generated by the key generation unit, and an execution unit configured to execute the decrypted program.
Accordingly, a second aspect of the present invention provides a control method for an encryption/decryption system which sends and receives data to and from a host apparatus, comprising a storage step of storing, in encrypted form, a program for carrying out an encryption process or a decryption process on data sent and received to and from the host apparatus, a key generation step of generating a key for decrypting the stored program in response to startup of the encryption/decryption system, a decryption step of decrypting the stored program using the key generated in the key generation step, and an execution step of executing the decrypted program.
Accordingly, a third aspect of the present invention provides a non-transitory computer-readable storage medium storing a program for causing a computer to execute a control method for an encryption/decryption system which sends and receives data to and from a host apparatus, the control method comprising a storage step of storing, in encrypted form, a program for carrying out an encryption process or a decryption process on data sent and received to and from the host apparatus, a key generation step of generating a key for decrypting the stored program in response to startup of the encryption/decryption system, a decryption step of decrypting the stored program using the key generated in the key generation step, and an execution step of executing the decrypted program.
According to the present invention, the program for carrying out the encryption process or the decryption process is stored, and the key for decrypting the program is generated in response to startup of the encryption/decryption system. The encrypted program is decrypted using the generated key to carry out the encryption process or the decryption process. As a result, encrypted data is prevented from being decrypted easily.
Further features of the present invention will become apparent from the following description of exemplary embodiments (with reference to the attached drawings).
The present invention will now be described with reference to the drawings showing an embodiment thereof.
The image forming system in
The host controller 101 also has a ROM 903 and a RAM 904, which are connected to the memory control unit 902. The network 906, a scanner apparatus 909, a FAX apparatus 911, a panel apparatus 914, an encryption IC 102, and a printing unit 917 are connected to the LAN-IF unit 905, the reader IF unit 908, the FAX-IF unit 910, the panel IF unit 913, the HDD-IF unit 915, and the video IF unit 916, respectively, and the FAX apparatus 911 is connected to a public telephone line 919. An HDD 103 is connected to the encryption IC 102.
The host controller 101 is provided in, for example, an MFP (multi-function printer). The CPU 901 provides system control and performs arithmetic processing, and the memory control unit 902 controls input and output to and from various memory device and control DMA (direct memory access).
The ROM 903 stores a starting program, various processing programs, control parameters, and so on. The RAM 904 is a write-dedicated memory typified by a DDR (double data rate) memory.
The image processing unit 912 carries out various types of image processing on image data obtained via the LAN-IF unit 905, the reader IF unit 908, and the FAX-IF unit 910. The scanner apparatus 909 reads an original and converts it into image data. The FAX apparatus 911 controls communication and sends and receives data via the public telephone line 919. The panel apparatus 914 is a user interface, and a user operates buttons and others displayed on a liquid crystal display via the panel apparatus 914. Through such operation, various settings on the scanner apparatus 909 and others connected to the host controller 101 are configured. The printing unit 917 is a printer having a printing apparatus main body, a sheet-feeding unit, and a sheet-discharging unit and prints print data on sheets according to command information mainly from the video IF unit 916.
The encryption IC 102 performs encryption processing and decryption processing on data sent and received via a SATA-IF 104, to be described later, which the encryption IC 102 has, and so on. The HDD 103 is a nonvolatile mass-storage device, in which image data and various programs are stored, and has a data area (not shown) which is used as a temporary work area and a system area (not shown) in which, for example, version information on the HDD 103 is stored.
Referring to
The encryption IC 102 is configured as an SiP in which an encryption chip 110 and the flash memory chip 111 are enclosed in a single package. The encryption chip 110 performs encryption processing on, for example, data stored in the HDD 103. The flash memory chip 111 stores various data. The flash memory chip 111 should not necessarily be incorporated in the encryption IC 102 but may be externally added to the encryption IC 102.
The encryption IC 102 in
The CPU 201 executes such programs as an encryption program, a pseudorandom program, and a SATA-IF control program, which are stored in the flash memory 202 and the RAM 203.
The flash memory 202 is a nonvolatile memory, in which various programs, various control parameters, secret information for encryption, and so on are stored. The RAM 203 is a volatile memory, which is used as a program execution area, a temporary work area, a storage area for a generated encryption key, and so on. The memory control unit 204 controls input and output of data to and from the flash memory 202 and the RAM 203. The encryption/decryption processing unit 205 performs encryption processing and decryption processing on data using, for example, the AES (advanced encryption standard) which is a common key cryptosystem.
Referring to
The secret information encryption program 301 performs encryption/decryption processing on part or all of the data encryption program 302 and the secret information 303 using, for example, the AES and generates the secret information encryption key 305 on the RAM 203 using the information b 304 and information a 410, to be described later. The data encryption program 302 performs encryption/decryption processing on data sent and received between the host controller 101 and the HDD 103 via the SATA-IFs 104 and 105 using, for example, the AES and generates the data encryption key 306 on the RAM 203 using the secret information 303.
The secret information 303 is authentication information for use in making the encryption IC 102 available or highly-confidential and important information for use in generating the data encryption key 306 and is received from the host controller 101 connected to the encryption IC 102 via the SATA-IF 104.
The information b 304 is comprised of a bit value and allowed to be combined with the information a 410, to be described later. The information b 304 is received from the host controller 101 and comprised of a bit value which varies according to, for example, the individual host controller 101 as a receiving side or the timing of reception from the host controller 101. The secret information encryption program 301 and the information b 304 are stored in plain text in the flash memory 202, and the data encryption program 302 and the secret information 303 are stored in encrypted form in the flash memory 202.
Referring to
The control register 404 is a register for use in controlling hardware modules, and the status register 405 is a register which indicates arithmetic conditions of the CPU 201. Namely, the register values constituting the status register 405 vary with arithmetic conditions of the CPU 201, and for example, the register values constituting the status register 405 vary according to how the encryption IC is started.
The information a 410 is generated by, for example, combining register values Ac1, Ac2, and Cc1 selected from the resister values in the control register 404 and register values As2, Bs2, and Cs1 selected from the register values in the status register 405 in a certain period of time (information value generating unit). As described above, the register values in the status register 405 vary with arithmetic conditions of the CPU 201. In other words, the register values in the status register 405 vary with time, and hence the information a 410 including the register values in the status register 405 also varies according to the time at which the information a 410 is generated.
Referring to
Referring to
It should be noted that the seed values 503 and 506 should not necessarily be obtained by combining the information b 304, but the information a 410 alone may constitute the seed values 503 and 506. However, when the secret information encryption key 305 is generated without combining the information b 304 in a case where encryption IC chips (hereafter referred to as “production model encryption IC chips”) distributed in large numbers on the market are used, both X1 and X2 which are the information a 410 at the time t1 and the time t2 are generated from the same register value in both the production model encryption IC chips, and hence the obtained secret information encryption keys 305 are the same, and the secret information encryption keys 305 may be reproduced with ease.
Accordingly, for example, by combining the information b 304 comprised of a bit value varying with the individual host controller 101, the secret information encryption keys 305 for individual encryption IC chips are generated, so that the secret information encryption keys 305 can be prevented from being the same when production model encryption IC chips are used. This raises security level.
When the secret information encryption key 305 is generated from the information a 410 and the information b 304, such nullification (zeroization) of the secret information encryption key 305 such that only the information b 304 is changed is allowed to be performed. When the information b 304 is changed, the secret information encryption key 305 generated before the change of the information b 304 cannot be used, and hence even if, for example, the secret information 303 encrypted using the secret information encryption key 305 is discarded, the encrypted secret information 303 will never be decrypted after the change of the information b 304, and this further raises security level.
As described above, since the register values constituting the status register 405 vary according to how the encryption IC 102 is started in a case where there are two or more ways to start the encryption IC 102, the bit values constituting the information a 410, which includes the register values in the status register 405, as well varies according to how the encryption IC 102 is started. For example, as shown in
Namely, the information a 410 can be changed by changing the way to start the encryption IC 102, and hence the secret information encryption key 305 generated by combining the information a 410 can be changed. This raises the security level of the secret information encryption key 305.
The encryption process in
Referring to
As a result of the determination in the step S702, when the encryption IC 102 is connected to the host controller 101 (YES in the step S702), the CPU 201 receives the secret information 303 and the information b 304 from the host controller 101 (step S703).
The CPU 201 then inputs the seed value 503, which is obtained by combining X1 and the information b 304 together, to the pseudorandom module 504 to obtain the bit string 505, inputs the seed value 506, which is obtained by combining X2 and the information b 304 together, to the pseudorandom module 504 to obtain the bit string 507, and performs the exclusive-OR operation (ExOR) 508 using the obtained bit strings 505 and 507 to generate the secret information encryption key 305 (step S704).
The CPU 201 then performs encryption processing on the data encryption program 302 and secret information 303 using the generated secret information encryption key 305 (step S705) and determines whether or not the encryption processing has been completed (step S706).
As a result of the determination in the step S706, when the encryption processing has not yet been completed (NO in the step S706), the process returns to the step S705, and when the encryption processing has been completed (YES in the step S706), the CPU 201 stores the information b 304, which has been used to generate the encrypted data encryption program 302, the secret information 303, and the secret information encryption key 305, in the flash memory 202 (step S707) and terminates the present process.
On the other hand, as a result of the determination in the step S702, when the encryption IC 102 is not connected to the host controller 101 (NO in the step S702), the CPU 201 immediately terminates the present process without receiving the secret information 303 and the information b 304 from the host controller 101.
According to the encryption process in
Moreover, according to the encryption process in
Further, according to the encryption process in
The program execution process in
Referring to
Next, the CPU 201 obtains the bit string 505 by inputting the seed value 503, which is obtained by combining X1 and the information b 304 stored in the flash memory 202, to the pseudorandom module 504, obtains the bit string 507 by inputting the seed value 506, which is obtained by combining X2 and the information b 304 stored in the flash memory 202 to the pseudorandom module 504, and performs the exclusive-OR operation (ExOR) 508 using the obtained bit strings 505 and 507 to generate the secret information encryption key 305 (step S802).
The register values in the status register 405 represent the same values at the same time, and hence X1 and X2 generated in the step S701 and the step S801 which are common in terms of time are the same, and the secret information encryption keys 305 generated in the step S704 and the step S802 are also the same. Thus, the data encryption program 302 and secret information 303 encrypted using the secret information encryption key 305 generated in the step S704 are allowed to be decrypted using the secret information encryption key 305 generated in the step S802.
Then, the CPU 201 carries out decryption processing on the data encryption program 302 and the secret information 303 (both of them have been encrypted using the secret information encryption key 305 generated in the step S704) using the secret information encryption key 305 generated in the step S802 and expands the decrypted data encryption program 302 and secret information 303 on the RAM 203 (step S803) and determines whether or not the decryption processing has been completed (step S804).
As a result of the determination in the step S804, when the decryption processing has not been completed (NO in the step S804), the process returns to the step S803, and when the decryption processing has been completed (YES in the step S804), the CPU 201 generates the data encryption key 306 using the secret information 303 decrypted and expanded on the RAM 203 (step S805) and determines whether or not to establish connection with the host controller 101 (step S806).
As a result of the determination in the step S806, when connection with the host controller 101 is to be established (YES in the step S806), communication between the host controller 101 and the HDD 103 is established, so that commands from the host controller 101 can be received.
On the other hand, as a result of the determination in the step S806, when connection with the host controller 101 is not to be established (NO in the step S806), the present process is immediately terminated irrespective of whether or not there is a command request from the host controller 101.
After that, the CPU 201 determines whether or not a command has been requested by the host controller 101 (step S807), and when a command has been requested by the host controller 101 (YES in the step S807), the CPU 201 determines whether or not the requested command is a system-related command to read system information from the system area of the HDD 103 or a system-related command to write system information in the system area of the HDD 103 (step S808).
As a result of the determination in the step S808, when the requested command is the system-related command (YES in the step S808), the CPU 201 performs transmission of system information to the host controller 101 or the HDD 103 (step S814) in plaintext as it is without encrypting the system information (unencryption) (step S809) until the transmission is completed (YES in step S817) because the system information is in plain text and the necessity to encrypt it is not great.
On the other hand, as a result of the determination in the step S808, when the requested command is not the system-related command (NO in the step S808), the CPU 201 determines whether the requested command is a read-related command to read data information from the data area of the HDD 103 or a write-related command to write data information in the data area of the HDD 103 (step S810).
As a result of the determination in the step S810, when the requested command is the read-related command, the CPU 201 reads ciphertext data from the HDD 103 (step S811), decrypts the ciphertext data using the data encryption key 306 (step S812), and performs transmission of the decrypted data to the host controller 101 (step S815) until the transmission is completed (YES in step S818).
As a result of the determination in the step S808, when the requested command is the write-related command, the CPU 201 encrypts data received from the host controller 101 using the data encryption key 306 (step S813), and performs transmission of the encrypted data to the HDD 103 (step S816) until the transmission is completed (YES in step S819).
When the supply of power to the encryption IC 102 is stopped (YES in step S820) after the transmission is completed (YES in the step S817, YES in the step S818, or YES in the step S819), the present process is brought to an end, and when the supply of power to the encryption IC 102 is not stopped (NO in the step S820), the CPU 201 carries out the processes in the step S807 and the subsequent steps again.
According to the program execution process in
Moreover, according to the program execution process in
It should be noted that the secret information encryption key 305 may be generated at the time when the encryption IC 102 is started (t1=t2=0). Namely, since the secret information encryption key 305 for use in decrypting the data encryption program 302 and the secret information 303 is generated in response to the activation of the encryption IC 102 (steps S801 to S803), the possibility of a third party decrypting the data encryption program 302 and the secret information 303 between encryption and decryption of the data encryption program 302 and the secret information 303.
Embodiment(s) of the present invention can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a ‘non-transitory computer-readable storage medium’) to perform the functions of one or more of the above-described embodiment(s) and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiment(s), and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiment(s) and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiment(s). The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions. The computer executable instructions may be provided to the computer, for example, from a network or the storage medium. The storage medium may include, for example, one or more of a hard disk, a random-access memory (RAM), a read only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™), a flash memory device, a memory card, and the like.
While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions.
This application claims the benefit of Japanese Patent Application No. 2014-043834, filed Mar. 6, 2014, which is hereby incorporated by reference herein in its entirety.
Number | Date | Country | Kind |
---|---|---|---|
2014-043834 | Mar 2014 | JP | national |