CN102985930B

CN102985930B - Information processor and information processing method

Info

Publication number: CN102985930B
Application number: CN201280001893.0A
Authority: CN
Inventors: 前田学; 广田照人; 松岛秀树
Original assignee: Panasonic Intellectual Property Management Co Ltd
Current assignee: Panasonic Intellectual Property Management Co Ltd
Priority date: 2011-05-25
Filing date: 2012-05-02
Publication date: 2016-11-30
Anticipated expiration: 2032-05-02

Abstract

Information processor, is the information processor processing protection object data, possesses: the first storage part (301)；Second storage part (302)；And Cache control portion (303), storage data high-speed in first storage part (301) is cached to the second storage part (302), Cache control portion (303), in the way of will not being written back to the first storage part (301) from the cached data being cached in the cache area of the storage data of the second storage part (302) obtain, lock the cache area in the second storage part (302), after cache area in the second storage part (302) is locked, the protection object data different from storage data is written to the cache area in the second storage part (302).

Description

Information processor and information processing method

Technical field

The present invention relates to process the information processor of protection object data.

Background technology

In the past, there are the various information processors of process protection object data.Such as, patent documentation 1 and Shown in non-patent literature 1, about the technology of such information processor.

(prior art literature)

(patent documentation)

Patent documentation 1: Japanese Unexamined Patent Publication 2004-288155 publication

(non-patent literature)

Non-patent literature 1:ARM Security Technology (http://infocenter.arm.com/help/ Topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_ trustzone_ security_whitepaper.pdf)

But, in conventional information processor, understand the situation that the protection of protected object data is insufficient.

Summary of the invention

Then, it is an object of the invention to provide and can suitably protect the information processor of object data.

In order to realize described purpose, the information processor that one embodiment of the present invention relates to, is that process protection is right The information processor of image data, this information processor possesses: the first storage part；Second storage part；And Cache Control portion, is cached to described second storage part, described Cache control by the storage data high-speed in described first storage part Portion processed, to delay from the high speed being cached in the cache area of the described storage data of described second storage part obtain Deposit data will not be written back to the mode of described first storage part, locks the described cache memory section in described second storage part Territory, after the described cache area in described second storage part is locked, described in different from described storage data Protection object data is written to the described cache area in described second storage part.

And, they in all directions or specific embodiment, can be by system, method, integrated circuit, computer program Or record medium realizes, it is also possible to by the arbitrary combination of system, method, integrated circuit, computer program or record medium Realize.

The information processor that one embodiment of the present invention relates to, when processing protection object data, it is possible to suitably Protection protection object data.

Accompanying drawing explanation

Fig. 1 is the overall structure figure of the content delivering system that embodiment 1 relates to.

Fig. 2 is the hardware structure diagram of the content display that embodiment 1 relates to.

Fig. 3 is the structure chart of the Cache that embodiment 1 relates to.

Fig. 4 is the software architecture diagram of the content display that embodiment 1 relates to.

Fig. 5 is the structure chart of the encrypted secret datum that embodiment 1 relates to.

Fig. 6 is the structure chart of the bag generating unit that embodiment 1 relates to.

Fig. 7 is the structure chart of the security application that embodiment 1 relates to.

Fig. 8 is the sequence chart that the safety guiding that embodiment 1 relates to processes.

Fig. 9 is the sequence chart of the loading processing of the hiding data that embodiment 1 relates to.

Figure 10 is the sequence chart of the unloading process of the hiding data that embodiment 1 relates to.

Figure 11 is the structure chart of the SOS that embodiment 2 relates to.

Figure 12 is the structure chart of the application program main body that embodiment 2 relates to.

Figure 13 is the flow chart of the loading processing of the security application that embodiment 2 relates to.

Figure 14 A is the sequence chart of the locking processing of the Cache that embodiment 3 relates to.

Figure 14 B is the sequence chart of the unblock process of the Cache that embodiment 3 relates to.

Figure 15 A is the hardware structure diagram of the information processor that embodiment 4 relates to.

Figure 15 B is the flow chart of the work of the information processor illustrating that embodiment 4 relates to.

Figure 16 is the hardware structure diagram of the information processor that embodiment 5 relates to.

Figure 17 is the hardware structure diagram of the content display that other variation relates to.

Figure 18 is the structure chart of the software execution environment of the safety that other variation relates to.

Detailed description of the invention

(becoming the knowledge on the basis of the present invention)

It is undesirable for managing program of copyright etc. by the illegal act carrying out illegal parsing etc..Therefore, protect The technology protecting such program (hereinafter referred to as " protection object program ") is widely utilized.This is because, if insufficient guarantor Protect, the most not only the right person of program can be occurred the reason of loss at various aspects.

Such as, if the decrypted digital content after encrypting the program regenerated can illegally be resolved by illegal person And distort, then have the situation that digital content is illegally used.

Specifically, illegal person likely, by for the program of decrypted digital content after encryption is resolved, Acquisition is for the decruption key of the deciphering of digital content, thus illegal reproducing digital content.Further, though answering in digital content In the case of number of times processed or regeneration times etc. are restricted, illegal person is it is also feasible that pass through to alter for checking answering of digital content The program of number of times processed or regeneration times etc., so that this restriction ineffective treatment.

Non-patent literature 1 disclosure, the data of defence program etc. are not by the illegal technology resolved of illegal person.At non-patent literary composition Offer in the technology disclosed in 1, construct and there is the security domain preventing the mechanism from outside unauthorized access.And, LSI (Large Scale Integration: large scale integrated circuit), has and is carried out the safe mode that processes and not by security domain Utilizing security domain to carry out the normal mode processed, switching normal mode and safe mode are operated.

This technology, by making protection object program work in the safe mode, thus protection object program is not by illegal Parsing etc..Accordingly, protection is not obtained illegally for the decruption key of decryption processing, and protection is for checking the journey of regeneration times Sequence is not illegally distorted.

More specifically, as preventing the mechanism of unauthorized access, inside LSI, to connecting processor and peripheral circuit The additional signal being referred to as NS-bit (Non Secure bit: dangerous bit) of bus.This NS-bit, at the mould of core processor Formula is to be set to High during normal mode, is set to Low when the pattern of core processor is safe mode.

And, memory controller (Memory Controller), Cache and the DMA control portion being connected with this bus Peripheral circuits such as (dma controllers), according to this NS-bit, conduct interviews control.Such as, memory controller, by memorizer Every certain area (such as, each 4KB size), sets NS-bit.Accordingly, when core processor accesses memorizer, memorizer control Portion processed, compares the value of the value of the NS-bit of bus and the NS-bit of memorizer, and conduct interviews control.

Specifically, the pattern at core processor is normal mode (NS-bit of bus is High) and core processor general In the case of the memory area (NS-bit of memorizer is Low) of safe mode to be accessed, memory controller forbids this visit Ask.And, memory controller allows other access.

Information processor, by utilizing the anti-locking mechanism of such unauthorized access such that it is able to forbid work in the normal mode The program made, accesses the memory area of safety and is defined to safe mode and the function etc. that utilizes.It is to say, at information Reason device, stores the decruption key being used for decryption processing the memory area of safe mode, performs deciphering in the safe mode Process, perform to check the process of regeneration times in the safe mode.Accordingly, information processor, it is possible to prevent by illegal person is non- The parsing of method and distorting.

But, according to the structure of non-patent literature 1, only, core processor and these both sides of peripheral circuit are exactly Process NS-bit, thus realize controlling for the access of program, prevent from make use of the parsing of offensive program and distorting. It is therefoie, for example, in the case of the program performed in LSI utilizes the memorizer (SDRAM etc.) outside LSI, according to non-patent literary composition Offer the structure of 1, there is the problem that can not prevent the attack to the holding wire connecting LSI and memorizer.

Specifically, illegal person likely, by utilizing oscillograph or logic analyzer etc., captures on (detection) holding wire The data of flowing, thus directly obtain the data being written to safe memory area.And, illegal person likely, by solve The data that analysis obtains, it is thus achieved that the key etc. of protection digital content, thus illegal copy digital content.

Information processor needs, suitably protection protection object data, not by such attack, i.e. because utilizing logical analysis The data that the hardware of device etc. carrys out detectable signal line etc. and can occur flow out.

Then, the information processor that one embodiment of the present invention relates to, is the information processing protection object data Processing means, this information processor possesses: the first storage part；Second storage part；And Cache control portion, by described Storage data high-speed in first storage part is cached to described second storage part, and described Cache control portion, with from high Speed is cached in the cache area of the described storage data of described second storage part the cached data that obtains will not be by Write back to the mode of described first storage part, lock the described cache area in described second storage part, described second After described cache area in storage part is locked, the described protection object data different from described storage data is write Enter the described cache area in described second storage part.

Accordingly, protect object data, be not written to the memorizer (the first storage part) of SDRAM etc., and be written to deposit The Cache for cached data (the second storage part) in reservoir.Outside device accesses and is written to delay at a high speed The data of storage are difficult.Further, protect object data, be written to the cache area being locked, thus without quilt Write back to memorizer.Therefore, it is possible to suitably object data is protected in protection.

For example, it is also possible to be, described Cache control portion, by the described protection number of objects to export from processor According to the mode that will not be obtained by outside device by the circuit of physical protection, the described protection object that will export from described processor Data are written to the described cache area in described second storage part, right with the described protection in described cache area The mode that image data will not be obtained by outside device, described second storage part is by physical protection.

Accordingly, it is difficult that outside device physical obtains protection object data.Therefore, it is possible to suitably object is protected in protection Data.

Further, for example, it is also possible to be, described Cache control portion, when described protection object data is processed, pin To described protection object data, distribute the data area in described first storage part, by allocated described data area Described storage data high-speed is cached to described second storage part, with from the described storage being cached to described second storage part The described cached data obtained in the described cache area of data will not be written back to the side of described first storage part Formula, locks the described cache area in described second storage part, the described cache memory section in described second storage part After territory is locked, the described protection object data different from described storage data is written to the institute in described second storage part State cache area.

Accordingly, when protecting object data to be processed, for protecting the data area of object data, divided in memory Join.Therefore, the suitable corresponding relation in the region of region and the Cache of memorizer is maintained.

Further, for example, it is also possible to be, described Cache control portion, after described protection object data is processed, Remove the described cache area in described second storage part, with the institute obtained in the described cache area after removing State cached data and can be written back to the mode of described first storage part, release the locking of described cache area.

Accordingly, protect object data, before being written back to memorizer from Cache, be eliminated.Therefore, it is possible to it is suitable When protection protection object data.

Further, for example, it is also possible to be, described information processor is also equipped with processor, and this processor generates described protection Object data, and export the described protection object data of generation, described Cache control portion, in described second storage part Described cache area locked after, the described protection object data exported from described processor is written to described the Described cache area in two storage parts.

Accordingly, processor the protection object data generated is written to Cache.Therefore, it is possible to suitably protection by The protection object data that processor generates.

Further, for example, it is also possible to be, described information processor is also equipped with integrated circuit, described second storage part, described Cache control portion and described processor, be comprised in described integrated circuit.

Accordingly, Cache and processor constitute an integrated circuit.In outside device Access Integration circuit Data are difficult.Therefore, it is possible to suitably object data is protected in protection.

Further, for example, it is also possible to be, described processor, by encryption data is decrypted, thus generate described protection Object data, and export the described protection object data of generation.

Hereby it is possible to suitably protect the protection object data obtained by the deciphering of encryption data.

Further, for example, it is also possible to be, described Cache control portion, will be predefined for being written to institute by program The described protection object data stating the first storage part is written to the described cache area in described second storage part.

Accordingly, program will be written to the protection object data of memorizer, be not written to memorizer, and be written to height Speed buffer.Therefore, it is possible to suitably object data is protected in protection.

Further, for example, it is also possible to be, described Cache control portion, executable program is right as described protection Image data is written to the described cache area in described second storage part.

Hereby it is possible to protection protection object program is not tampered with.Therefore, it is possible to suitably perform protection object program.

Further, for example, it is also possible to be, described processor, perform security procedure in the safe mode, just performing in the normal mode Chang Chengxu, described first storage part has the first memory area and the second memory area, described first memory area be for Storing the region of described normal procedure, described second memory area is the region for storing described security procedure, and is prohibited from The region accessed by described normal procedure.

Accordingly, perform program with suitable level of security, perform to access control according to the level of security corresponding with program.

Further, for example, it is also possible to be, described Cache control portion, will be predefined for by described security procedure will be by The described protection object data being written to described second memory area is written to the described cache in described second storage part Region.

Accordingly, program will be written to the protection object data of memorizer, be not written to memorizer, and be written to height Speed buffer.Therefore, it is possible to higher level protection protection object data.

Further, for example, it is also possible to be, described information processor is also equipped with accessing control portion, and this access control portion forbids Described second memory area is accessed by described normal procedure.

Hereby it is possible to suitably control the access to the multiple memory areas in memorizer.Therefore, it is possible to suitably limit illegal The execution of program.

And then, they in all directions or concrete form, can be by system, method, integrated circuit, computer program or note Recording medium realizes, it is also possible to come real by the arbitrary combination of system, method, integrated circuit, computer program or record medium Existing.

Hereinafter, the information processor that one embodiment of the present invention is related to, it is specifically described referring to the drawings.

And, embodiment explained below, show that an object lesson of the present invention.Number shown in below example Value, shape, material, element, the allocation position of element and connection form, step, the order etc. of step, be one Example rather than restriction spirit of the invention.Further, in the element of below example, illustrate that upper is general The element being silent in the individual requests item read, illustrates as arbitrary element.

(embodiment 1)

The information processor that the present embodiment relates to is, connects from the content recording apparatus recording the broadcast wave received by antenna Receive content, and show the content display of content.

Fig. 1 is the structure chart of the content delivering system that the present embodiment relates to.Such as Fig. 1, content delivering system 100 includes, interior Hold display device 110, content recording apparatus 120 and antenna 121.

Content display 110 is the information processor that the present embodiment relates to.Content display 110, via network It is connected with content recording apparatus 120.And, content display 110, receive the content that content recording apparatus 120 is recorded, aobvious Show the content of reception.

Content recording apparatus 120, is connected with antenna 121.And, content recording apparatus 120, record is received by antenna 121 Content.Further, content recording apparatus 120, according to the request from content display 110, to content display 110 Send the content of record.Content recording apparatus 120 can also, from have portability record medium read content, show to content Device 110 sends the content read.

Content display 110 and content recording apparatus 120 have, common encryption and decryption key.And, content record Device 120, uses encryption and decryption key to carry out encrypted content, the content after content display 110 sends encryption.Accordingly, prevent Capture connects the data of flowing on the network of content display 110 and content recording apparatus 120, thus illegally obtains content Situation.

Need the encryption and decryption key that suitably protection content display 110 and content recording apparatus 120 have jointly.Want Protection encryption and decryption key, the most by by employ debugging routine or unauthorized applications (following, application program also referred to as should With) the attack of software, the most by attacking by the hardware of bus probe etc., otherwise can be compromised.

And, in the case of on this encryption and decryption key and network, content after the encryption of flowing is obtained, content can quilt Illegal deciphering.It is preferred, therefore, that in the inside of content display 110, the most suitably protection encryption and decryption key, using as hidden Hide data.

Fig. 2 is the hardware structure diagram of the content display 110 shown in Fig. 1.Such as Fig. 2, content display 110 includes, System LSI 1000, memorizer 1020 and Nonvolatile memory devices 1050.

System LSI 1000 includes, CPU (Central Processing Unit: central processing unit) 1001, IPL (Initial Program Loader: Initial Program Loader) 1002, memory controller (Memory Controller) 1003, Cache 1004 and key maintaining part 1006.

CPU1001, performs the general-purpose operating system (general purpose O S) 1031 or broadcasting application 1032 that memorizer 1020 is deposited The order code comprised in Deng.Accordingly, CPU1001, control the work of content display 110 entirety.Further, CPU1001, have Safe mode and normal mode the two pattern.

Boot loader 1041, SOS (safe OS) 1042 and content reproduction application 1043, with safe mould Formula works.The program worked in the safe mode, it is possible to access the memory area (safety zone that the program of safe mode is used 1040), it is also possible to access the memory area (normal region 1030) that the program of normal mode is used.And then, in the safe mode The program of work, it is also possible to utilize the peripheral circuit (crypto engine etc.) that can utilize in the safe mode.

On the other hand, the general-purpose operating system 1031, broadcasting application 1032 and content reception application 1033, in the normal mode Work.The program worked in the normal mode, it is possible to access the normal region 1030 that the program of normal mode is used, but, no The safety zone 1040 that the program of safe mode is used can be accessed.

Further, safe mode and normal mode each, also have privileged mode and nonprivileged mode the two pattern. Boot loader 1041, SOS 1042 and the general-purpose operating system 1031, work in privileged mode.They, it is possible to The various resources of free access memorizer 1020, network I/F and input and output I/F etc..

On the other hand, content reproduction application 1043, work in non-privileged mode, it is possible to access SOS 1042 and set The fixed resource in scope.Further, play application 1032 and content reception application 1033, work in non-privileged mode, it is possible to Access the resource in the range of the general-purpose operating system 1031 setting.

CPU1001, when accessing the peripheral circuit of memory controller 1003 grade, exports NS-bit (Non Secure Bit) signal.In the case of CPU1001 makees in work in the safe mode, NS-bit is set as Low by CPU1001.Another Aspect, in the case of CPU1001 makees in work in the normal mode, NS-bit is set as High by CPU1001.Such as memorizer The peripheral circuit being connected with bus of control portion 1003 grade, according to the state of this NS-bit, conduct interviews control.

IPL1002 is, after the power on of content display 110, and the program initial started up.IPL1002, carries out total The initial setting of the hardware of line, memory controller 1003, memorizer 1020 and Nonvolatile memory devices 1050 etc..This Time, IPL1002, launches boot loader 1041 for memorizer 1020 and performs.IPL1002, with the state not being tampered In mask rom being stored in system LSI 1000 etc..

Memory controller 1003, also referred to as Memory Controller, control from other the circuit being connected with bus to The access of memorizer 1020.Memory controller 1003, is divided into normal region 1030 and peace by the inside of memorizer 1020 Region-wide 1040 the two regions manage.

And, in CPU1001 works in the normal mode, (NS-bit is High) and CPU1001 will access place of safety In the case of territory 1040, memory controller 1003, forbid this access.And, in CPU1001 works in the normal mode In the case of (NS-bit is High) and CPU1001 will access normal region 1030, memory controller 1003, it is allowed to should Access.

Further, in CPU1001 works in the safe mode, (NS-bit is Low) and CPU1001 will access normal district In the case of territory 1030 or safety zone 1040, memory controller 1003, it is allowed to this access.

When CPU1001 will access memorizer 1020, Cache 1004, will comprise what CPU1001 will access The data of certain size of the data in memorizer 1020, are read into the inside of Cache 1004.Then, cache Device 1004, in the case of CPU1001 will read in data, returns data to CPU1001, will write data at CPU1001 In the case of, rewrite the data of the inside being read into Cache 1004.

Now, the data in the memorizer 1020 that CPU1001 will access have been read into Cache 1004 Inside in the case of, Cache 1004, do not read in data from memorizer 1020, and utilize the interior of Cache 1004 The data in portion process.Accordingly, at CPU1001, when the continuous print data in memorizer 1020 are conducted interviews, access speed Improve.

Cache 1004, the inside of Cache 1004 for store the region of data completely time, with quilt The new data of the inside being read into Cache 1004 rewrite the most stored data.

In the case of CPU1001 will write data, Cache 1004, update the inside of Cache 1004 Data, and, with suitable timing, this renewal is reflected memorizer 1020.The method updating reflection is had, direct writing means (Write Through Algorithm) and write-back mode (Write Back Algorithm) the two mode.

According to direct writing means, when CPU1001 will write data, update the data of the inside of Cache 1004, Further, this renewal reflects memorizer 1020.

According to write-back mode, when CPU1001 will write data, update the data of the inside of Cache 1004. And, will be to be read into the new data of the inside of Cache 1004 before rewriteeing the data after this renewal, this is more New reflection is to memorizer 1020.

In the present embodiment, in order to prevent hiding data to be written to memorizer 1020, Cache 1004 is set For, reflect renewal in write-back mode.

Cache 1004, when having from the access request of the data of CPU1001, needs moment retrieval the most slow Whether the inside of storage 1004 exists these data.Therefore, Cache 1004, at the storage inside number of Cache 1004 According to time, with special data configuration storage data.

Such as, Cache 1004, to be referred to as the internal data stored of the unified unit management of " line (Line) ". Specifically, Cache 1004, according to the memorizer corresponding with the data that the inside of Cache 1004 is deposited (following, collection indexes the lower-order digit bit of the address in 1020: SetIndex), limits deposit position.

In each line, the part (label) beyond the collection index of storage address and data.Cache 1004, According to deposit position and the information of label, identify that the data deposited in this line are the numbers that the where of memorizer 1020 stored According to.

Cache 1004 can, deposit multiple label and data to the deposit position with same collection index.This Sample deposit place, be known respectively as road (Way).Four labels and the Cache of data can be deposited, be referred to as 4 tunnels high Speed buffer.

Cache 1004, when the data in memorizer 1020 being read into the inside of Cache 1004, also By be used for identifying these data be normal region 1030 and safety zone 1040 which side region in already recorded data Information (NS-bit), record together with data.

Cache 1004, in the case of reading in data from normal region 1030, records High together with these data NS-bit.On the other hand, Cache 1004, in the case of reading in data from safety zone 1040, with these data one Play the NS-bit of record Low.CPU1001 will accesses cache 1004 time, Cache 1004, with memorizer Control portion 1003 is same, and with reference to the pattern of CPU1001 and the value of NS-bit that is recorded together with data, conduct interviews control System.

Specifically, in CPU1001 works in the normal mode in the case of, Cache 1004, forbid to NS- Bit is set to the access of the cached data (data read in from safety zone 1040) of Low.And, in addition In the case of, Cache 1004, it is allowed to access.

Cache 1004 has, data, the address of data, Dirty mark and Valid mark.Data, from depositing Reservoir 1020 is read into.Address is, the address of the data of memorizer 1020.Dirty mark is, the data of Cache 1004 The mark set when being written over.Valid mark is, it is shown that house the mark of the situation of effective data in Cache 1004 Will.

Key maintaining part 1006, keeps encryption and decryption key.This encryption and decryption key, for encrypted secret datum 1051, encryption Boot loader 1052, encryption safe operating system 1053 and the deciphering of encrypted content regeneration application 1054.Further, this adds Decruption key, hiding data, boot loader 1041, SOS 1042 and the content reproduction after deciphering should With the encryption of 1043.

And then, it is also possible to the encryption and decryption to other data, utilize this encryption and decryption key.And, it is also possible to being used for counting According to this and the encryption and decryption of other key of encryption and decryption of program etc., this encryption and decryption key is utilized.

Further, key maintaining part 1006, it is also possible to keep the multiple encryption and decryption keys corresponding with multiple programs.Further, close Key maintaining part 1006, it is also possible to keep mutually different encryption key based on public key encryption mode and decruption key. Or, key maintaining part 1006, it is also possible to keep common encryption and decryption key based on common key cipher mode.

Memorizer 1020 is, volatile RAM (Random Access Memory: random access storage device), including just Often region 1030 and safety zone 1040.

In normal region 1030, deposit CPU1001 and work in the normal mode the program of middle execution.Specifically, deposit The general-purpose operating system 1031, broadcasting application 1032 and content reception application 1033.Further, in normal region 1030, deposit The shared data 1034 that the program worked in the normal mode and these both sides of program worked in the safe mode access.

In safety zone 1040, deposit CPU1001 and work in the safe mode the program of middle execution.Specifically, deposit Boot loader 1041, SOS 1042 and content reproduction application 1043.

In the case of in CPU1001 works in the safe mode, and in working in the normal mode in the case of, CPU1001 can access normal region 1030.In the case of in CPU1001 works in the safe mode, CPU1001 can visit Pay one's respects region-wide 1040.But, in CPU1001 works in the normal mode in the case of, CPU1001 can not access safety zone 1040.Such access controls, memory controller 1003 realize.

And, in the environment of application will not be by user installation, debugging routine or illegal application are not mounted.Such Under environment, it is also possible to do not distinguish normal region 1030 and safety zone 1040.Furthermore, it is also possible to carry out all of in the normal mode Process.

Nonvolatile memory devices 1050 is, the memory element of flash memory etc., is built in content display 110.And, In Nonvolatile memory devices 1050, deposit encrypted secret datum 1051.For the structure of encrypted secret datum 1051, rear Face illustrates.Further, in Nonvolatile memory devices 1050, encryption boot loader 1052, encryption safe operation are deposited Other the safety applications (not illustrating) that the regeneration application 1054 of system 1053, encrypted content and memorizer 1020 are deposited.

In Nonvolatile memory devices 1050, it is also possible to also deposit broadcasting application 1032, content reception application 1033 with And content reproduction applies the application of 1043 etc..The program deposited in safety zone 1040, as encryption boot loader 1052, encryption SOS 1053 and encrypted content regeneration application 1054 like that, are stored in Nonvolatile memory devices after encryption In 1050.For the structure of the program after encryption, illustrate later.

Content display 110, is also equipped with the input and output portion etc. being shown without in Fig. 2.But, it is not this due to them The essence of technology, therefore omits the description.Further, system LSI 1000, it is also equipped with the peripheral circuit etc. being shown without in Fig. 2.But It is, owing to they are not the essence of this technology, therefore to omit the description.

Fig. 3 is the structure chart of the Cache 1004 shown in Fig. 2.Such as Fig. 3, Cache 1004 includes, memory block Territory 1011 and Cache control portion (cache controller) 1012.

Memory area 1011 is, for the region cached by the data high-speed in memorizer 1020.It is to say, memorizer Data in 1020 are cached to memory area 1011.

Cache control portion 1012, also referred to as cache controller, the work to Cache 1004 It is controlled.Such as, Cache control portion 1012, the data high-speed in memorizer 1020 is cached to Cache Memory area 1011 in 1004.

More specifically, Cache control portion 1012, accept the request of the data from CPU1001, will be by a high speed The data being cached to memory area 1011 are sent to CPU1001.Memory area it is not cached in requested data In the case of 1011, Cache control portion 1012, via memory controller 1003 etc., by the data in memorizer 1020 Cache to memory area 1011.And, Cache control portion 1012, memory area 1011 will be cached to Data are sent to CPU1001.

And, the structure of Fig. 3 is an example.Such as, Cache control portion 1012 can also be, independent of at a high speed The element of buffer 1004.Further, Cache 1004 can also be, is referred to as L2 Cache (Level 2 Cache) Cache, be referred to as the Cache of L1 Cache (Level 1 Cache), other high speed is delayed Storage.

Fig. 4 is the software architecture diagram of the content display 110 shown in Fig. 1.Such as Fig. 4, content display 110 includes, The software of common software execution environment (hereinafter referred to as " home (NormalWorld) ") 1100 and safety performs ring Border (hereinafter referred to as " security context (SecureWorld) ") 1200.

Content display 110, switching home 1100 and security context 1200, perform program.And, for switching Home 1100 and the method for security context 1200, it is possible to use the such as method described in patent documentation 1.

Home 1100 includes, the general-purpose operating system 1031, play application 1032, content reception application 1033 and Share data 1034.

The general-purpose operating system 1031, manages and (plays application 1032 with the application of home 1100 work and content connects Receive application 1033 etc.).Further, the general-purpose operating system 1031, carry out with the applications exploiting network etc. of home 1100 work Access Management Access during hardware and resource management.

Playing application 1032 is to control the application of the regeneration of content, provide a user with for carrying out the selection of content, regeneration Or the interface of stopping etc..Further, play application 1032, when user entrusts the regeneration of content, to content reception application 1033 with And content reproduction application 1043 indicates.And, content reception application 1033, receive content from content recording apparatus 120, interior Hold regeneration application 1043, carry out the Regeneration Treatment of the content being received.

Content reception application 1033, when there being the trust from broadcasting application 1032, by commission content, via network Receive from content recording apparatus 120.

Home 1100 can also, also include the application being shown without in Fig. 4.

Security context 1200 includes, boot loader 1041, SOS 1042 and content reproduction application 1043。

Boot loader 1041, when the startup of content display 110, is started by IPL1002.And, guide and load Device 1041, carries out the initialization of security context 1200, the setting process of safety zone 1040 and SOS 1042 Loading processing etc. to memorizer 1020.

SOS 1042, manages safety applications (the content reproduction application 1043 with security context 1200 work Deng).Further, SOS 1042, when the startup of safety applications, safety applications is loaded into safety zone 1040.According to This, SOS 1042, for the application protection safety applications worked with home 1100.

And then, SOS 1042 includes, hiding data loading unit 1044 and cache locking portion 1045.

Such as, the content reproduction as safety applications applies 1043, entrusts SOS 1042, deposits non-volatile The encrypted secret datum 1051 that storage device 1050 is recorded loads as hiding data 1010.SOS 1042, committee Torr cache locking portion 1045, locking for being loaded into the region of Cache 1004 by hiding data 1010.

Then, SOS 1042, entrust hiding data loading unit 1044, using encrypted secret datum 1051 as hidden Hide data 1010 to load.Accordingly, the hiding data 1010 being loaded into Cache 1004 is controlled as, and will not be written out to Memorizer 1020.

Hiding data loading unit 1044, according to the trust from SOS 1042, carries out non-volatile memories dress Put deciphering and the checking of 1050 encrypted secret datum 1051 recorded.And, hiding data loading unit 1044, by hiding number The region specified it is loaded into according to 1010.Further, hiding data loading unit 1044, according to the committee from SOS 1042 Torr, calculates the validation value (Verification Value) of hiding data 1010, is encrypted hiding data 1010, and generation adds Close hiding data 1051.

Cache locking portion 1045, according to the trust from SOS 1042, by memorizer 1020 middle finger The data in fixed region are read into Cache 1004.And, cache locking portion 1045, lock Cache 1004 (parts for Cache 1004), so that the data of the inside of Cache 1004 will not be written out to memorizer 1020。

Here, the locking of Cache 1004 is it is meant that control will not to be returned for the data in Cache 1004 Write memorizer 1020.Such as, according to the locking of Cache 1004, the data that usage frequency is high are maintained at cache The inside of device 1004, the performance that data process improves.

As the work of typical Cache 1004, the data in memorizer 1020 are read into Cache Lock under the state of 1004.Therefore, the cache locking portion 1045 of the present embodiment, at locking Cache 1004 Before, the data in memorizer 1020 are read into Cache 1004.Now it is read into the number of Cache 1004 According to, it is not used.

Further, cache locking portion 1045, according to the trust from SOS 1042, to Cache Region write 0 value (value of 0) unlocked in 1004.Then, cache locking portion 1045, it is cached device 1004 Unblock processes.

If here, 0 value is not written into and Cache 1004 is unlocked same as before, then cause being written to cache The hiding data of device 1004 is written to memorizer 102.Therefore, cache locking portion 1045, it is being cached device Before the unblock of 1004 processes, to region write 0 value unlocked.

The method of locking Cache 1004 has, such as, and the entirety (all of road) of locking Cache 1004 Method, lock the method on several roads among all of road and lock the method etc. of several line.

In the case of the information of the label that can read Cache 1004 at CPU1001, locking several roads or line Method etc. in, cache locking portion 1045, it is thus achieved that the information of label.And, cache locking portion 1045, determine The road corresponding with the region specified by SOS 1042 or line etc., lock the road being determined or line etc..

In the case of the information of the label that can not read Cache 1004 at CPU1001, according to lock several roads or The method etc. of line, as follows, road or line etc. are locked.

First, cache locking portion 1045, by the road not having to be locked or the line of the inside of Cache 1004 Memorizer 1020 is reflected Deng the data deposited.And, cache locking portion 1045, in Cache 1004, By such data invalid.Accordingly, the data becoming the region specified by SOS 1042 are not stored in height State in speed buffer 1004.

Then, cache locking portion 1045, retain road or the line etc. of last locking, lock other road or line etc.. In this condition, cache locking portion 1045, carry out the reading of the data in the region specified by SOS 1042 Process.

And, cache locking portion 1045, the locking of other the road unlocked or line etc..The opposing party is high Speed buffer sticking department 1045, road that the data in region that locking is specified by SOS 1042 are read into or line etc..High Speed buffer sticking department 1045, in the process of the locking of the road unlocked or line etc., does not release from the most just locking Road or the locking of line etc..

Accordingly, corresponding with the region specified by SOS 1042 road or line etc. are locked.

Loading processing and unloading for hiding data 1010 process, and utilize sequence chart to be described in detail later.

Content reproduction application 1043, accepts from the trust playing application 1032, carries out content reception application 1033 from interior Hold the Regeneration Treatment of the content that recording equipment 120 receives.But, content reception application 1033 receives from content recording apparatus 120 Content be already encrypted.Then, content reproduction application 1043, in order to be decrypted, to safety operation the content after encryption System 1042 entrusts the loading of the hiding data 1010 comprising decruption key.

Security context 1200 can also, also comprise the safety applications being shown without in Fig. 4.

Fig. 5 is the structure chart of the encrypted secret datum 1051 shown in Fig. 2.Such as Fig. 5, encrypted secret datum 1051 includes, head Information 1061, hiding data main body 1062 and validation value 1063.Header 1061, not have encrypted state to be stored, Hiding data main body 1062 and validation value 1063, be stored with encrypted state.

Header 1061 includes, the starting position of hiding data main body 1062 and size, the starting position of validation value 1063 And size, cipher mode and identifier etc..Cipher mode is, in adding of hiding data main body 1062 and validation value 1063 The cipher mode that make use of in close.Further, identifier is, for identifying the identifier of the verification algorithm of validation value 1063.

Hiding data main body 1062 comprises, for be decrypted the encrypted content received from content recording apparatus 120 The information of the parameter utilized in key and decipherment algorithm.Such information is, for attacking of the hardware by bus probe etc. Hit and by the attack of the software employing illegal application, need information to be protected.Therefore, hiding data main body 1062, non- In volatile storage 1050, it is recorded with encrypted state.

And, hiding data main body 1062, applied by content reproduction the safety applications of 1043 grades when utilizing decrypted, quilt It is loaded into Cache 1004.Before, with the number for loading memory area corresponding to the region of hiding data main body 1062 According to being read into Cache 1004.And, Cache 1004 is locked, so that hiding data main body 1062 will not be by It is written out to memorizer 1020.Then, hiding data main body 1062, it is loaded into Cache 1004.

Validation value 1063 is, for verifying the value that hiding data main body 1062 is not tampered.Specifically, validation value 1063 are, the hashed value obtained by the hiding data main body 1062 before encryption is input to hash function.And, validation value 1063, encrypted together with hiding data main body 1062.

And, hiding data 1010, it is not limited only in the key for encrypted content is decrypted and decipherment algorithm The information of the parameter used.Hiding data 1010 can also include, needs other data (such as, the content display dress hidden Put the device keys etc. each respectively having of 110 and similar device).Further, hiding data 1010 can also be, needs The code of the algorithm hidden or for processing the code etc. of data needing to hide.

And, it is shown that include the encrypted secret datum 1051 of a hiding data main body 1062, but, enciphering hiding number It is not limited only to such structure according to 1051.Encrypted secret datum 1051 can also include multiple hiding data main body.Now, multiple Hiding data main body can be encrypted as a series of data, it is also possible to is separately secured as individual other data.Further, Duo Geyin Hide data subject can also, utilize respectively different cipher mode and respectively different encryption key encrypted.

Further, encrypted secret datum 1051, the multiple validation values corresponding with multiple hiding data main bodys can be included, it is possible to It is the validation value list of to include that multiple validation value collects.Further, encrypted secret datum 1051 can also, for encryption hidden Hide all of hiding data main body that data 1051 include, including a validation value 1063.

Further, as it has been described above, encrypted secret datum 1051 includes validation value 1063, but, encrypted secret datum 1051 is not It is only limitted to such structure.Validation value 1063, can be additionally independent of encrypted secret datum 1051, it is also possible to do not exist.Further, As it has been described above, validation value 1063 is encrypted but it also may the most encrypted.Further, validation value 1063, can be with hiding data main body 1062 is the most encrypted, it is also possible to additionally encrypted independent of hiding data main body 1062.

Further, for the encryption of hiding data main body 1062, it is possible to use common key encryption as DES or AES Mode, it is also possible to utilize the public key encryption mode of RSA or ElGamal etc., it is also possible to combine them.

Further, as it has been described above, hiding data main body 1062 and validation value 1063 are caught encryption, but, the shape of encryption State is not limited only to this.Can be separately secured with hiding data main body 1062 and validation value 1063, it is also possible to validation value 1063 not by Encryption and hiding data main body 1062 is encrypted.

Further, validation value 1063, can not be positioned at after hiding data main body 1062, and be positioned at hiding data main body Before 1062.Further, validation value 1063, may be embodied in header 1061.And then, validation value 1063, can not comprise In encrypted secret datum 1051, and separate with encrypted secret datum 1051, be stored in the multiple of encrypted secret datum 1051 In the validation value list that validation value collects.

And, for hash function, it is possible to use the algorithm of MD4, MD5, SHA-1 and SHA-2 etc..Further, checking Value 1063 can also, be not hashed value, but digital signature (DigitalSignature), message authentication code (MAC:Message Authentication Code) value, error detection code value or error correction code value.

For calculating the algorithm of MAC value, it is possible to utilize CBC-MAC and HMAC etc..For computing faults in checking codes value Algorithm, it is possible to utilize cyclic redundancy check (CRC:Cyclic RedundancyCheck) and verification summation (checksum) Deng.Algorithm for mistake in computation correction code value, it is possible to utilize Reed Solomon code and Turbo code etc..

Encrypted secret datum 1051, is stored in non-volatile memories dress when the factory of content display 110 manufactures Put in 1050.Now, the primary data of hiding data main body 1062, it is generated, and is added with individual other key of each equipment Close.Accordingly, encrypted secret datum 1051 is generated.The key employed in encryption, be stored in system LSI 1000 is close Key maintaining part 1006.

And, encrypted secret datum 1051 can also, be distributed to content display via the communication lines of network etc. 110.Now, for encrypted secret datum 1051, it is also possible to the enciphering hiding number after encrypting with individual other key of each equipment It is distributed according to 1051.Or, it is also possible to it is distributed with the encrypted secret datum 1051 after the key encryption that all of equipment is common. And, content display 110 can also, receive after encrypted secret datum 1051, add with individual other double secret key of each equipment Close hiding data 1051 is encrypted, and preserves.

Further, encrypted secret datum 1051 can also, do not utilize network, and utilize the record medium with portability to be deposited It is put in content display 110.

Fig. 6 is the structure chart of the bag generating unit for generating safety applications that the present embodiment relates to.Such as Fig. 6, bag generating unit 3000 include, compiler 3100, linker 3101 and bag Core Generator 3102.Bag generating unit 3000, utilizes privacy key 3112, public key certificate (Public KeyCertificate) 3113 and enactment document 3114, according to source code (program Code) 3110 generation safety applications 3111.

Compiler 3100, the source code 3110 after compiling input, generate obj ect file.

Linker 3101, the obj ect file making storehouse (library) and compiler 3100 generate links.And, linker 3101, generate the file (program file) that content display 110 is able to carry out.

Bag Core Generator 3102, the program file generated according to linker 3101, utilize enactment document 3114, privacy key 3112 and public key certificate 3113, generate safety applications 3111.

Bag generating unit 3000, is comprised in the safety applications development device different from content display 110.And, The safety applications 3111 generated by the bag generating unit 3000 of safety applications development device, regenerates application 1054 as encrypted content Deng, it is stored in the Nonvolatile memory devices 1050 of content display 110.

Fig. 7 is the structure chart of the safety applications 3111 that the present embodiment relates to.Such as Fig. 7, safety applications 3111 includes, application head Information 3201, application main body 3202, enactment document 3203, application signature list (Application Signature List) 3204, public key certificate 3205 and signature (Signature) 3206.

In fig. 7 it is shown that the structure of safety applications 3111, but, it is not limited only to the structure of content reproduction application 1043, The structure of boot loader 1041 and SOS 1042 can also be as the structure shown in Fig. 7.

Application head information 3201 includes, for identifying the identifier of safety applications 3111.Further, application head information 3201, For application main body 3202, enactment document 3203, application signature list 3204 and public key certificate 3205 each, including opening Beginning address, size and number of files etc..Further, application head information 3201 includes, with to application main body 3202, enactment document 3203 And the information etc. that the cipher mode that employs when being encrypted of application signature list 3204 is relevant.

Application main body 3202 is, according to source code 3110, uses the program file that compiler 3100 and linker 3101 generate.

Enactment document 3203 is identical with the enactment document 3114 being input to bag Core Generator 3102.

Application signature list 3204 is, the row of the signature arrangement of application main body 3202 and these both sides of enactment document 3203 Table.Bag Core Generator 3102, when generating safety applications 3111, according to the application main body 3202 after input and enactment document 3203, generate each signature, generate application signature list 3204.For the generation of signature, use privacy key 3112.

Public key certificate 3205 is identical with the public key certificate 3113 being input to bag Core Generator 3102.

Signature 3206 is, by application head information 3201, application main body 3202, enactment document 3203, application signature list 3204 and the signature of a series of data that constitutes of public key certificate 3205.Here, to apply main body 3202, enactment document 3203 and the encrypted state of application signature list 3204, signature 3206 is generated.

And, described safety applications 3111 is configured to, and signs including application main body 3202, enactment document 3203, application List of file names 3204 and public key certificate 3205 respective each, but, the structure of safety applications 3111, be not limited only to this The structure of sample.For application main body 3202, enactment document 3203, application signature list 3204 and public key certificate 3205 Certain, can be multiple file, it is also possible to do not exist.

Further, as it has been described above, safety applications 3111 includes, application main body 3202 and the label of these both sides of enactment document 3203 The application signature list 3204 of name arrangement, but, the structure of safety applications 3111, it is not limited only to such structure.Safety applications 3111 can also, include respectively and application main body 3202 and two signatures corresponding to enactment document 3203.

Content display 110, when the startup of content display 110, verifies drawing with security context 1200 work Lead loader 1041 and situation that SOS 1042 is not tampered.

Hereinafter, after the power on for content display 110, until the side that the general-purpose operating system 103 starts Method (safe guiding process), utilizes the sequence chart of Fig. 8 to illustrate.

After the power on of content display 110, CPU1001, in the safe mode and the state of privileged mode, perform system IPL1002 in system LSI1000.And, have and CPU1001 is processed this situation according to IPL1002 execution show as IPL1002 The situation that execution processes.Further, have and CPU1001 is processed this situation according to execution such as programs show as program etc. and perform process Situation.

IPL1002, the initialization of the hardware first carrying out content display 110 processes (S1000).Process in initialization In, IPL1002, carry out the performance review of memorizer 1020, the initialization of memory controller 1003 and peripheral circuit (no Diagram) the process of initialization etc..And, IPL1002, when the initialization of memory controller 1003, at memorizer 1020, set normal region 1030 and safety zone 1040.

IPL1002, after initialization processes, is loaded into safety by boot loader 1041 from Nonvolatile memory devices 1050 Region 1040 (S1001).IPL1002, carry out being loaded into safety zone 1040 boot loader 1041 distort checking (S1002).Now, IPL1002, utilize signature additional in boot loader 1041 and public key certificate, guide and add Carry device 1041 distorts checking.

IPL1002, in the result according to checking, it is determined that (S1002 in the case of not being tampered for boot loader 1041 OK), start boot loader 1041 (S1003).On the other hand, IPL1002, in the result according to checking, it is determined that for guiding In the case of loader 1041 is tampered (NG of S1002), terminate the startup of content display 110.

Boot loader 1041, IPL1002, after starting (S1003), carry out the initial setting of security context 1200 (S1004).Boot loader 1041, in initial setting (S1004), is carried out for performing safety operation with security context 1200 The various settings of system 1042 and safety applications 3111 etc..

Boot loader 1041, after the initial end set, by SOS 1042 from Nonvolatile memory devices 1050 are loaded into safety zone 1040 (S1005).Boot loader 1041, carries out being loaded into the safety operation of safety zone 1040 System 1042 distort checking (S1006).Now, boot loader 1041, utilize label additional in SOS 1042 Name and public key certificate, carry out SOS 1042 distorts checking.

Boot loader 1041, in the result according to checking, it is determined that the feelings not being tampered for SOS 1042 Under condition (OK of S1006), start SOS 1042 (S1007).On the other hand, boot loader 1041, according to testing The result of card, it is determined that in the case of being tampered for SOS 1042 (NG of S1006), do not start SOS 1042。

SOS 1042, in the case of being started by boot loader 1041 (S1007), is carried out for performing peace Full operation system 1042 is own and sets (S1008) with the initial of this environment execution safety applications 3111 etc..Safety operation system To boot loader 1041, system 1042, after initial setting terminates, notifies that initialization terminates (S1009).

Boot loader 1041, is being judged to (NG of S1006) in the case of SOS 1042 is tampered, is setting Safety guides failure flags (S1010).Safety guides failure flags, is changed into peace in software execution environment from home 1100 It is examined during full ambient engine 1200.

And, in the case of safety guiding is kaput, boot loader 1041, utilize safety to guide failure flags, to Home 1100 notifier processes mistake.Further, with the application of home 1100 work, it is also possible to special to read in (Read-Only) access safety and guide failure flags.It is to say, the application with home 1100 execution can be with reference to peace Entirely guide failure flags.

Boot loader 1041, after initializing end notification (S1009) or mark setting (S1010), by general operation System 1031 is loaded into normal region 1030 (S1011) from Nonvolatile memory devices 1050.Then, boot loader 1041, CPU1001 is changed to normal mode, performs the general-purpose operating system 1031 (S1012).

And, as it has been described above, boot loader 1041, load the general-purpose operating system 1031, but, the form of process, no It is only limitted to this.

SOS 1042 can also, after initialization process terminates, do not return process to boot loader 1041, And load the general-purpose operating system 1031.And, SOS 1042 can also, after the loading of the general-purpose operating system 1031, CPU1001 is changed to normal mode, performs the general-purpose operating system 1031.

Further, as it has been described above, after the general-purpose operating system 1031 is loaded, CPU1001 is changed to normal mode, general behaviour Make system 1031 to be performed, but, the form of process, it is not limited only to this.

Can also be, after the general-purpose operating system 1031 is loaded, to check the feelings that the general-purpose operating system 1031 is not tampered Condition.Moreover, it can be, in the case of the general-purpose operating system 1031 is not tampered, CPU1001 is changed to normal mode Formula, the general-purpose operating system 1031 is performed.

Moreover, it can be, in the case of the general-purpose operating system 1031 is tampered, terminate content display 110 Start.Or, it is also possible to it is that, in the case of the general-purpose operating system 1031 is tampered, safety guides failure flags to be set.And And, it is also possible to it is that, when safety guides failure flags to be set, CPU1001 is changed to normal mode, general operation System 1031 is performed.

SOS 1042, from safety applications 3111 by when the entrusting of loading processing of hiding data 1010, Load hiding data 1010.Now, SOS 1042, utilize hiding data loading unit 1044 and Cache lock Determine portion 1045, hiding data 1010 is loaded into the inside of system LSI 1000.

Accordingly, SOS 1042, protect hiding data 1010, not by attacking by the hardware of bus probe etc., The most not attacking by the software by debugging routine or illegal application etc..

Hereinafter, for hiding data 1010 being loaded into the Cache of the data being set to safety zone 1040 The process of the inside of 1004, utilizes the sequence chart of Fig. 9 to illustrate.

The safety applications 3111 when the entrusting of loading by hiding data 1010 of 1043 grades is being applied, peace from content reproduction Full operation system 1042, guarantees the memory area (S1100) for hiding data 1010 in safety zone 1040.

And, SOS 1042, information (address and the size) notice of the memory area that will ensure that is given at a high speed Buffer sticking department 1045, entrusts the locking (S1101) of Cache 1004 to cache locking portion 1045.

Cache locking portion 1045, with the memory area (safety zone 1040 notified from SOS 1042 A part) data be read into the mode of Cache 1004, the reading carrying out data processes (S1102).This process (S1102) purpose is, makes Cache 1004 read in data, and therefore, the data after actual reading are not used.Therefore, Cache locking portion 1045 can not also have the reading of the empty data of value and process.

Cache locking portion 1045 locks, so that being read into Cache in pre-treatment (S1102) The data of 1004, from Cache 1004 except quilt, will not will not be written out to the memorizer of the outside of system LSI 1000 1020(S1103).According to this process, though the data in the case of the data in locked region are changed, after this change Also memorizer 1020 will not be written to.

Cache locking portion 1045, situation about locking processing being terminated, notice is to SOS 1042 (S1104)。

Then, SOS 1042, entrust to hiding data loading unit 1044, hiding data 1010 is loaded into height The locked region (S1105) of speed buffer 1004.Now, SOS 1042, the cache memory section that will load The information (address and size) in territory, notice is to hiding data loading unit 1044.

Hiding data loading unit 1044, reads in encrypted secret datum 1051 (S1106) from Nonvolatile memory devices 1050. Now, hiding data loading unit 1044 can also, encrypted secret datum 1051 is loaded into the safety zone of memorizer 1020 1040。

And, hiding data loading unit 1044, utilize the key kept by key maintaining part 1006, to encrypted secret datum 1051 are decrypted, thus obtain hiding data 1010 (S1107).And, hiding data loading unit 1044, will deciphering after hidden Hide data 1010 and be written to the region (S1108) from SOS 1042 notice.

Hiding data loading unit 1044, after having write, utilizes validation value 1063 additional in encrypted secret datum 1051, The situation (S1109) that checking data are not tampered.Hiding data loading unit 1044, the result in checking is situation about being tampered Under, rewrite the whole of the data after loading with 0.

Then, hiding data loading unit 1044, the end (S1110) of loading processing is notified to SOS 1042. At hiding data 1010 by normal load, in the case of the result of checking is not for being tampered, hiding data loading unit 1044, to SOS 1042 notifies normal termination.On the other hand, in the case of hiding data 1010 is tampered, hiding data adds Load portion 1044, to SOS 1042 notification error.

As it has been described above, before the loading of hiding data 1010, be cached the locking processing of device 1004.Accordingly, Even if hiding data 1010 is written to Cache 1004, hiding data 1010 also will not flow out system LSI 1000 Outside.Therefore, it is possible to protection hiding data 1010, not by attacking by the hardware of bus probe etc..

Further, the memory area corresponding with hiding data 1010, it is secured in safety zone 1040.Therefore, it is possible to protect Protect hiding data 1010, the most not attacking by the software by the debugging routine worked with home 1100 or illegal application etc..

And, as it has been described above, cache locking portion 1045, with the memory area notified from SOS 1042 Data be read into the mode of Cache 1004, the reading carrying out data processes (S1102).But, the form of process, It is not limited only to this.

Such as, cache locking portion 1045 can also, it is determined that from the memory area of SOS 1042 notice Data be read into Cache 1004.And, cache locking portion 1045 can also, in these data In the case of not being read into, perform reading and process (S1102).Or, SOS 1042 can also be carried out at reading Reason (S1102).In the case of data have been read into, reading can not be performed and process (S1102).

Further, for example, it is also possible to be, Cache 1004 has existed the cache area that can rewrite In the case of, this cache area is used for the loading of hiding data 1010.That is, it is also possible to be, Cache lock Determine portion 1045, lock rewritable cache area, hiding data loading unit 1044, hiding data 1010 is loaded into this height Speed buffer zone.

Further, as it has been described above, SOS 1042, guarantee for hiding data 1010 in safety zone 1040 Memory area, but, the memory area being ensured that, it is not limited only to safety zone 1040.Not by by debugging routine or illegal In the environment of the attack of the software of application etc., in the case of protection hiding data 1010 is not subject to by the attack of hardware, safety Operating system 1042 can also, normal region 1030 guarantees the memory area for hiding data 1010.

SOS 1042, when the trust processed by the unloading of hiding data 1010 from safety applications 3111, Utilize hiding data loading unit 1044 and cache locking portion 1045, unload hiding data 1010.Cache is locked Determine portion 1045, in the way of hiding data 1010 will not be written out to the outside of system LSI 1000, weigh with 0 data (value of 0) Write cache region.Then, cache locking portion 1045, release cache area locked in loading processing Locking.

Hereinafter, after the unloading for trust hiding data 1010, until the process that hiding data 1010 is unloaded, The sequence chart utilizing Figure 10 illustrates.

SOS 1042, when the trust processed by the unloading of hiding data 1010 from safety applications 3111, The preservation entrusting hiding data 1010 to hiding data loading unit 1044 processes (S1120).

Hiding data loading unit 1044, calculates validation value 1063 (S1121) from hiding data 1010.Further, hiding data Loading unit 1044, utilizes the double secret key hiding data 1010 kept by key maintaining part 1006 to be encrypted, generates enciphering hiding Data 1051 (S1122).And, hiding data loading unit 1044, the encrypted secret datum 1051 of generation is saved in non-volatile Property storage device 1050 (S1123).Then, hiding data loading unit 1044, preservation result is notified to SOS 1042(S1124)。

Then, SOS 1042, locked Cache is entrusted to cache locking portion 1045 The unblock (S1125) of 1004.

Cache locking portion 1045, is written to record the cache area of hiding data 1010 by the value of 0 All (S1126).And, cache locking portion 1045, release height locked in the loading processing of hiding data 1010 The locking (S1127) of speed buffer 1004.Then, cache locking portion 1045, end notification unblock processed is to peace Full operation system 1042 (S1128).

SOS 1042, the open safety zone corresponding with the cache area that hiding data 1010 is loaded Memory area (S1129) in 1040.

In the unloading of hiding data 1010, release Cache not carrying out writing the process (S1126) of the value of 0 In the case of the locking of 1004, in Cache 1004, remaining hiding data 1010, is written out to memorizer 1020.Pass through Carry out writing the process (S1126) of the value of 0, be not hiding data 1010, but the value of 0 is written out to memorizer 1020.

Therefore, even if the locking of Cache 1004 is released from, the data in Cache 1004 are written out to deposit Reservoir 1020, hiding data 1010 also will not be written out to memorizer 1020.

As it has been described above, the content display 110 that the present embodiment relates to, in the inter-process of system LSI 1000 regenerates The hiding data 1010 of the key etc. utilized during appearance.Accordingly, content display 110, it is possible to protection hiding data 1010 is not subject to By the attack of hardware.Further, content display 110, safety zone 1040 guarantees the storage for hiding data 1010 Region such that it is able to protection hiding data 1010 is not attacked by by software.

Accordingly, content display 110, it is possible to there are the mutually different three kinds of regions of security intensity (protection intensity).The One region is, does not has protected normal region 1030.Second area is, for the safety zone by the attack protection of software 1040.3rd region is, for the attack by hardware and the region attacking these both sides protection by software.

Further, hiding data loading unit 1044, with security context 1200, load hiding data 1010.Accordingly, prevent by with The debugging routine of home 1100 work or illegal program etc., the situation that hiding data 1010 is obtained illegally.

Further, in the present embodiment, a part for the Cache 1004 in system LSI 1000 is utilized.Therefore, it is System LSI1000 can also, in the inside of system LSI 1000, not there is private memory.And, common storage expeditiously by Utilize.Further, owing to Cache 1004 function inherently is utilized, therefore, for the process shown in the present embodiment, Do not add new hardware, and existing system can be applicable to.

Further, processed by loading processing or unloading, it is possible to avoid a part for Cache 1004 always to be occupied (locking) this state.And, when hiding data 1010 is processed, Cache 1004 is locked.Therefore, at Cache In 1004, the function of buffered data is also used effectively.

And, as it has been described above, when the process of hiding data 1010 starts, the locking of Cache 1004 starts.But Can also be that, when utilizing the application of hiding data 1010 to start, the locking of Cache 1004 starts.Moreover, it can be, At the end of utilizing the application of hiding data 1010, the locking of Cache 1004 is released from.

Accordingly, in utilizing the work of application of hiding data 1010, hiding data 1010 is maintained at Cache In 1004.Therefore, the treating capacity occurred because of loading and the unloading of hiding data 1010 reduces.

Further, exist in Cache 1004 in the case of sufficient capacity can also, at content display 110 Startup time, the locking of Cache 1004 starts.For example, it is also possible to be, when the startup of SOS 1042, high Speed buffer sticking department 1045, for hiding data 1010, starts the locking of Cache 1004.And, Cache The locking of 1004 can not also be released from.Even from such process, it is also possible to suitably protection hiding data 1010.

(embodiment 2)

In embodiment 1, SOS 1042, according to the safety applications 3111 applying 1043 grades from content reproduction Request, hiding data 1010 is loaded into Cache 1004.In the present embodiment, the application main body of safety applications 3111 The inside of 3202 includes, is loaded into the part of safety zone 1040 and is loaded into the part of Cache 1004.And, During the loading of safety applications 3111, such part is loaded the most respectively.

Hereinafter, illustrate SOS 1042 that the present embodiment relates to, bag generating unit 3000, safety applications 3111 and The structure of application main body 3202, illustrates the loading processing of safety applications 3111.And, composition similarly to Example 1 is wanted Element, utilizes identical symbol, and omits the description.

Figure 11 is the structure chart of the SOS 1042 that the present embodiment relates to.Such as Figure 11, SOS 1042 Including, hiding data loading unit 1044, cache locking portion 1045 and application loading unit 1046.

Application loading unit 1046, when the loading of safety applications 3111, it is thus achieved that the application head comprised in safety applications 3111 Information 3201.And, apply loading unit 1046, according to application head information 3201, it is determined that for being also required to hidden by the attack of hardware Whether the code hidden or data are comprised in application main body 3202.

In the case of needing the code hidden or data to be comprised, apply loading unit 1046, to cache locking Portion 1045 entrusts, and locking is for loading the region of the Cache 1004 needing code or the data hidden.Then, application adds Load portion 1046, is decrypted safety applications 3111 and loads.

Hiding data loading unit 1044 and cache locking portion 1045 are to load with the hiding data of embodiment 1 The same element in portion 1044 and cache locking portion 1045.

Moreover, it can be, the entirety of application main body 3202, it is loaded in Cache 1004 locked district Territory.And, it is also possible to it is that application main body 3202 is loaded into all of region of Cache 1004 and is locked, and solves After close and loading processing, for need not the data hidden, the locking in the region of a part is released from.In the case, with The unloading of hiding data 1010 processes difference, will not rewrite data with 0 value.

The bag generating unit 3000 that the present embodiment relates to, possesses the element as the bag generating unit 3000 of embodiment 1, But, a part for work is different.For carrying out the element of work similarly to Example 1, omit the description.

Compiler 3100, the source code 3110 after compiling input, generate obj ect file.Now, compiler 3100, by source code In 3110, enclose the data of the identifier representing hiding data 1010, process the function of hiding data 1010 or enclose expression Hide the code etc. of the identifier of this situation, be stored in specific section.

In this specific section, enclosing expression is hiding data 1010 or the mark of the code relevant with hiding data 1010 Symbol.For section, it is described in detail later.

Linker 3101 and bag Core Generator 3102 are, with linker 3101 and the bag Core Generator of embodiment 1 3102 same elements.

And, in the present embodiment, compiler 3100, by hiding data 1010 and the generation relevant with hiding data 1010 Code is stored in specific section.But, hiding data 1010 and the code relevant with hiding data 1010 are stored in specifically The process portion of section, is not limited only to compiler 3100.

Such as, compiler 3100 can also, source code 3110 will comprise hiding data 1010 or have with hiding data 1010 This situation of code closed notifies to linker 3101.And, linker 3101 can also, when link processes, by hiding data The code of 1010 or relevant with hiding data 1010 is stored in specific section.

Further, linker 3101 can also, source code 3110 will comprise hiding data 1010 or have with hiding data 1010 This situation of code closed notifies to bag Core Generator 3102.And, bag Core Generator 3102 can also, bag generation process Time, hiding data 1010 or the code relevant with hiding data 1010 are stored in specific section.

The safety applications 3111 that the present embodiment relates to includes, application head information 3201, application main body 3202, enactment document 3203, application signature list 3204, public key certificate 3205 and signature 3206.

Application head information 3201 has, and represents and whether comprises code or the mark of data that needs are hidden in application main body 3202 Will.For other information, owing to similarly to Example 1, therefore omitting the description.

For application main body 3202, enactment document 3203, application signature list 3204, public key certificate 3205 and label Name 3206, owing to similarly to Example 1, therefore omitting the description.

Figure 12 is the structure chart of the application main body 3202 that the present embodiment relates to.Such as Figure 12, application main body 3202 includes, head 3210 .text section 3211 .hctext section 3212 .rodata section 3213 .data section 3214 .bss section 3215 and .hcdata section 3216.

Head 3210, has the letter of follow-up multiple sections of respective kinds, start address and size etc. in head 3210 Breath.

.text section 3211 is, for depositing the section of the code of program, is set to read special and can perform.

.hctext section 3212 is, for depositing the section of the code of the program including the code relevant with hiding data 1010, It is set to read special and can perform.

.rodata section 3213 is, for depositing the section of constant data, is set to read special and can not perform.

.data section 3214 is, for depositing the section of the data being set with initial value, is set to read-write and can not hold OK.

.bss section 3215 is, for depositing the section of the data not setting initial value, is set to read-write and can not hold OK.

.hcdata section 3216 is, deposits the section of hiding data 1010, is set to read-write and can not perform.

As constructed as above in application main body 3202, apply loading unit 1046, by .hctext section 3212 and .hcdata section 3216, it is loaded into the locked region of Cache 1004.Application loading unit 1046, by other section, is loaded into safety Region 1040.

And, as mentioned above, it is shown that .hctext section 3212 and .hcdata section 3216, using locked as being loaded into The kind of section in region., for being loaded into the kind of the section in locked region, it is not limited only to this.

Head 3210 can also include, it is shown that the data of .text section 3211 and .data section 3214 is loaded into the most slow The locked region of storage 1004, still it is loaded into the mark of safety zone 1040.And, application loading unit 1046 also may be used With, according to this mark, it is determined that load data into the region of the locking of Cache 1004, still load data into safety Region 1040.

Further, as it has been described above, shown in application main body 3202, be loaded into the locked region of Cache 1004 Part and be loaded into the structure that the part of safety zone 1040 mixes.But, the structure of safety applications 3111, not only It is limited to such structure.Safety applications 3111, can include two application main body 3202,3202a (not illustrating).And, it is possible to To be, application main body 3202 is loaded into safety zone 1040, and application main body 3202a is loaded into the quilt of Cache 1004 The region of locking.

SOS 1042, when loading safety applications 3111, it is determined that whether comprise needs in safety applications 3111 The code hidden or data.And, SOS 1042, by the code needing to hide and the data of safety applications 3111 It is loaded into Cache 1004, other are loaded into safety zone 1040.

Hereinafter, for loading the process of safety applications 3111, the flow chart of Figure 13 is utilized to illustrate.

SOS 1042, reads in safety applications 3111, checking signature 3206 (S1200).SOS 1042, in the case of the authentication failed of signature 3206, stop the loading processing of safety applications 3111.

SOS 1042, in the case of the checking (S1200) successfully of signature, reads in answering of safety applications 3111 With header 3201 (S1201).

SOS 1042, the application head information 3201 after reading in, it is thus achieved that whether illustrate in application main body 3202 Comprise code or the mark of data that needs are hidden.And, SOS 1042, according to mark, it is determined that application main body Code or data (S1202) that needs are hidden whether are comprised in 3202.

SOS 1042, is being judged to that the code needing to hide or data are comprised in application main body 3202 In the case of ("Yes" of S1202), to application main body 3202 head 3210 be decrypted.And, SOS 1042, meter Calculate the code and the size of data needing to hide, carry out loading processing (S1203).For loading processing, hidden due to Fig. 9 The loading processing hiding data 1010 is same, therefore detailed.

SOS 1042, according to start address and the information of size of each section described in head 3210, To needing the code hidden and data to be decrypted, it is loaded into locked Cache 1004.

SOS 1042, is being judged to that the code needing to hide or data are not included in applying main body 3202 In the case of in ("No" of S1202), to need not the code hidden or data are decrypted.Or, SOS 1042, it would be desirable to the code hidden or data be loaded into Cache 1004 after (S1203), to need not the code hidden Or data are decrypted.

And, SOS 1042, code or data after need not the deciphering hidden are loaded into safety zone 1040(S1204)。

And, as it has been described above, SOS 1042, it is determined that whether need the code hidden or data to be comprised in should With in main body 3202, it would be desirable to the code hidden or data are loaded into the region of the locking of Cache 1004.But, process Form, be not limited only to such form.

First, SOS 1042 can also, all of data are considered as need hide code or data, load Locked region (S1203) to Cache 1004.

And, SOS 1042 can also, read in head 3210 (S1201), according to the information of head 3210, sentence The code in fixed locked region, needs are hidden or the region (S1202) of data.And, SOS 1042 is also Of course, the locking in region in locked region, that need the code hidden or data not to be comprised is released.

As it has been described above, according to the present embodiment, it is possible to it is included in content reproduction application by needing the code hidden or data In the safety applications 3111 of 1043 grades.Accordingly, safety applications 3111 can also, it is not necessary to does not entrust to SOS 1042 The loading processing of torr hiding data 1010.

And, it is also possible to loading processing and the unloading of hiding data 1010 are not processed and be embedded into safety as program In application 3111.By suitably setting the code needing to hide or the section of data, needs are hidden by SOS 1042 Code or data are loaded into suitable region.Therefore, even if in the case of changed loading destination by the structure of hardware, also Can be with constant safer application 3111.Therefore, the transplantability of safety applications 3111 improves.

(embodiment 3)

In embodiment 1, SOS 1042, according to the safety applications 3111 applying 1043 grades from content reproduction Request, hiding data 1010 is loaded into Cache 1004.Further, in example 2, the application of safety applications 3111 Main body 3202, has therein, is loaded into the part of safety zone 1040 and is loaded into the portion of Cache 1004 Point, when the loading of safety applications 3111, load two parts respectively.

In the present embodiment, SOS 1042, when processing hiding data 1010, hiding data 1010 will be processed And the stack region that the function of other data is used, lock in Cache 1004.Accordingly, hiding data 1010 It is processed safely.Further, SOS 1042, when not processing hiding data 1010, Cache 1004 is solved Lock.Accordingly, the utilization ratio of Cache 1004 improves.

Hereinafter, illustrate that locking processing and the unblock of the Cache 1004 that the present embodiment relates to process.And, for Process that embodiment 1 is same and element, utilize identical symbol, and omit the description.

Even if by the attack for hardware and being required for protection hidden for by the attack of software in safety applications 3111 In the case of hiding the locked region that data 1010 are loaded into Cache 1004, also have the situation of insufficient protection.

Such as, carrying out computing with the value different from hiding data 1010, this operation result, it is rewritten and is saved in and deposit In the case of having the region of hiding data 1010, problem will not occur.But, to the storehouse being configured in memorizer 1020 The local variable in region is deposited in the case of operation result etc., it may occur that problem.This is because, the with good grounds operation result of meeting can Obtain the reason of the situation of original hiding data 1010 itself.

Then, safety applications 3111, when processing hiding data 1010, Cache 1004 locks stack area Territory, thus protect hiding data 1010 and associated data.

Hereinafter, for locking the process of stack region in Cache 1004, the sequence chart of Figure 14 A is utilized to say Bright.

SOS 1042, according to the trust from safety applications 3111, is just obtaining the storehouse of safety applications 3111 In the address (S2000) used.

SOS 1042, notifies the information (address and size) of stack region to cache locking portion 1045, entrust the locking (S2001) of Cache 1004.

Cache locking portion 1045, the stack region in locking Cache 1004, so that the number of stack region According to, from Cache 1004 except quilt, will not will not be written out to the memorizer 1020 of the outside of system LSI 1000 (S1103).The process of locking itself, similarly to Example 1.In the present embodiment, as the stack region of object of locking, The execution of function has been read into Cache 1004.Therefore, the process (S1102) carrying out reading in data it is not required to.

Cache locking portion 1045, situation about locking processing being terminated notifies to SOS 1042 (S1104)。

Above, process terminates.Then, safety applications 3111, utilize hiding data 1010 to carry out calculation process, by its result Or midway result etc. is stored in stack region.

But, in the case of new memory area is assigned to stack region, SOS 1042, it is determined that at height The stack region of whether locked secure application 3111 in speed buffer 1004.In the case of stack region has been locked, peace Full operation system 1042, in Cache 1004, also locking is added the region being assigned to storehouse.

And, as it has been described above, SOS 1042, according to the trust from safety applications 3111, locking is the most slow Stack region in storage 1004.But, the timing of process, it is not limited only to such timing.SOS 1042 also may be used With, when the loading processing of on commission hiding data 1010, in Cache 1004, the peace of loading processing has been entrusted in locking The stack region of full application 3111.

And, it is also possible to it is, when safety applications 3111 accesses specific region set in advance, at Cache The stack region of locked secure application 3111 in 1004.

Further, as it has been described above, SOS 1042, the stack region in Cache 1004 is locked.But, quilt The region of locking, is not limited only to stack region.SOS 1042, can lock the region of the data depositing other. For locked region, for example, it may be the region using malloc function etc. and dynamically guaranteeing, it is also possible to be comprise by The region of the global variable that the arbitrary function in safety applications 3111 is able to access that.

Safety applications 3111, at the end of make use of the process of hiding data 1010, eliminates relevant with hiding data 1010 Stack region in data.And, safety applications 3111, entrust in Cache 1004 to SOS 1042 The unblock of stack region.SOS 1042, accepts commission, and unlocks the stack region in Cache 1004.

Accordingly, other program or other data can utilize the region locked in Cache 1004.Cause This, Cache 1004 is used effectively.

Hereinafter, for unlocking the process of stack region in Cache 1004, the sequence chart of Figure 14 B is utilized to say Bright.

Safety applications 3111, entrusts the unblock of stack region in Cache 1004 to SOS 1042. Receive the SOS 1042 of trust, entrust to cache locking portion 1045, Cache 1004 is locked The unblock (S1125) of fixed stack region.

Cache locking portion 1045, releases the locking of stack region locked in Cache 1004 (S2010).And, cache locking portion 1045, end notification unblock processed is to SOS 1042 (S1128)。

Above, process terminates.Then, safety applications 3111 generally works, and the data of stack region are read into the most slow Storage 1004, or, the data of Cache 1004 are written out to memorizer 1020.Accordingly, Cache 1004 is efficient Rate it is utilized.

As it has been described above, according to the present embodiment, deposit the stack region etc. of data, in the execution of program, the most slow In storage 1004, locked, and be unlocked.Accordingly, it is not limited only to hiding data 1010 itself, by processing hiding data 1010 The data of Program Generating and the result calculated according to hiding data 1010 are also protected.

(embodiment 4)

The information processor that the present embodiment relates to possesses, having of the content display 110 shown in embodiment 1 to 3 Distinctive element.

Figure 15 A is the hardware structure diagram of the information processor that the present embodiment relates to.Information processor shown in Figure 15 A 300 is the device processing protection object data.And, information processor 300 possesses, two storage parts 301,302, Yi Jigao Speed buffer control unit 303.

Storage part 301 is corresponding with the memorizer 1020 shown in Fig. 2.Storage part 302, with the memory area 1011 shown in Fig. 3 Corresponding.Cache control portion 303, corresponding with the Cache control portion 1012 shown in Fig. 3.

Figure 15 B is the flow chart of the work illustrating the information processor 300 shown in Figure 15 A.First, Cache control Portion 303 processed, is cached to storage part 302 (S301) by the storage data high-speed in storage part 301.

Then, Cache control portion 303, the cache area in locking storage part 302, so that from being delayed at a high speed The cached data that the cache area of the storage data being stored to storage part 302 obtains will not be written back to storage part 301 (S302).Then, Cache control portion 303, after the cache area in storage part 302 is locked, to storage part Cache area in 302 writes the protection object data (S303) different from storage data.

Accordingly, protect object data, be written to Cache (storage part 302).Outside device accesses and is written into Data to Cache are difficult.Therefore, it is possible to suitably object data is protected in protection.

Then, Cache control portion 303, after protection object data is processed, removes the high speed in storage part 302 Buffer zone (S304).Then, Cache control portion 303, release the locking of cache area, so that from being eliminated The cached data that cache area obtains can be written back to storage part 301 (S305).Accordingly, protect object data, Before being written back to memorizer from Cache, it is eliminated.Therefore, it is possible to suitably object data is protected in protection.

And, Cache control portion 303 can also, protect object data be processed time, for protection number of objects According to, the data area in distribution storage part 301.And, Cache control portion 303 can also, by allocated data field Storage data high-speed in territory is cached to storage part 302 (S301).Accordingly, for protecting the data area of object data, divided It is fitted in the memorizer (storage part 301) of SDRAM etc..Therefore, maintain between region and the region of Cache of memorizer Suitable corresponding relation.

And it is possible to omit the process (S304, S305) after protection object data is processed.If protection object data will not Be written back into, then can suitable protection object data.

Further, Cache control portion 303 can also, by not make protection object data that processor exports by outward Protection object data, by the circuit of physical protection, is written to the cache in storage part 302 by the mode that the device in portion obtains Region.And, storage part 302 can also be by physical protection, not make the protection object data in cache area by outside Device obtain.

For example, it is also possible to be, in the way of not making protection object data by outside device acquisition, processor, storage part Circuit between 302 and processor and storage part 302, is made up of an integrated circuit.Accordingly, outside device obtains to be protected It is physically difficult for protecting object data.Therefore, it is possible to suitably object data is protected in protection.

Further, Cache control portion 303 can also, will be predefined for being written to storage part 301 by program Protection object data is written to the cache area in storage part 302.Accordingly, will to be written to the protection of memorizer right for program Image data, is not written to memorizer, and is written to Cache.Therefore, it is possible to suitably object data is protected in protection.

Further, Cache control portion 303 can also, using executable program as protection object data be written to Cache area in storage part 302.Hereby it is possible to protection protection object program is not tampered with.Therefore, it is possible to suitably perform Protection object program.

(embodiment 5)

The information processor that the present embodiment relates to possesses, having of the content display 110 shown in embodiment 1 to 3 Distinctive element.Further, in the present embodiment, in addition to the element shown in embodiment 4, it is also shown that Neng Gouren The element that meaning adds.

Figure 16 is the hardware structure diagram of the information processor that the present embodiment relates to.Information processor shown in Figure 16 400 are, process the device of protection object data.And, information processor 400 possesses, storage part 401 and integrated circuit 405。

Storage part 401 is, the storage corresponding with the storage part 301 shown in the memorizer 1020 and Figure 15 A shown in Fig. 2 Device.Further, storage part 401 includes, two memory areas 411,412.Memory area 411, with the normal region shown in Fig. 2 1030 is corresponding, and memory area 412 is corresponding with the safety zone 1040 shown in Fig. 2.Memory area 411 is, is used for storing normal journey The region of sequence.Memory area 412 is, for storing the region of security procedure, is also prohibited from the region accessed by normal procedure.

Integrated circuit 405 is corresponding with the system LSI 1000 shown in Fig. 2.Further, integrated circuit 405 includes, storage part 402, Cache control portion 403, processor 404 and access control portion 406.

Storage part 402 is corresponding with the storage part 302 shown in the memory area 1011 and Figure 15 A shown in Fig. 3.The most slow Storage control portion 403, with the Cache control portion shown in Cache control the portion 1012 and Figure 15 A shown in Fig. 3 303 is corresponding.Processor 404 is corresponding with the CPU1001 shown in Fig. 2.Access control portion 406, mainly, with the memorizer shown in Fig. 2 Control portion 1003 is corresponding.

Storage part 402, Cache control portion 403 and processor 404, be comprised in integrated circuit 405.Outside The data of inside of device Access Integration circuit 405 be difficult.Therefore, it is possible to suitably object data is protected in protection.

Processor 404 can also, generate protection object data, output generate protection object data.And, cache Device control portion 403 can also, after the cache area in storage part 402 is locked, the protection that will export from processor 404 Object data, is written to the cache area in storage part 402.Accordingly, processor the protection object data generated, write Enter to Cache.Therefore, it is possible to suitably protect the protection object data generated by processor.

Such as, processor 404 can also, encryption data is decrypted, generates protection object data, thus export generation Protection object data.Hereby it is possible to suitably protect the protection object data obtained by the deciphering of encryption data.

Further, processor 404 can also, perform security procedure in the safe mode, perform normal procedure in the normal mode.According to This, perform program with suitable level of security, performs to access control according to the level of security corresponding with program.

Further, Cache control portion 403 can also, will be predefined for being written to memory area by security procedure The protection object data of 412 is written to the cache area in storage part 402.Accordingly, security procedure will be written to storage The protection object data of device, is not written to memorizer, and is written to Cache.Therefore, object data is protected, with more High level is protected.

Further, access control portion 406 can also, forbid by territory, normal procedure access storage areas 412.Hereby it is possible to suitably Control the access to two memory areas 411,412.Therefore, it is possible to suitably limit the execution of illegal program.

(other variation)

It relates to information processor, be not limited only to embodiment 1 to 5.Information processor can also structure as follows Become.

(1) according to described structure, program (encryption boot loader 1052, the encryption peace that safety zone 1040 is deposited Full operation system 1053 and encrypted content regeneration application 1054), it is stored in Nonvolatile memory devices 1050 respectively.But It is, the form deposited, is not limited only to such form.

It is one that the program that safety zone 1040 is deposited can also be caught.That is, it is also possible to be, loading is guided It is a file encrypted that device 1041, SOS 1042 and content reproduction application 1043 are caught, and is stored in Nonvolatile memory devices 1050.

The program deposited in safety zone 1040 is caught in the case of being one, IPL1002 can also, drawing When leading loading and the checking of loader 1041 (S1001 and S1002 of Fig. 8), carrying out collecting is that the file of is overall Load and checking.Further, in the case, boot loader 1041 can also, do not carry out adding of SOS 1042 Carry and checking (S1005 and S1006 of Fig. 8).

Or, it is also possible to it is that it is a file that all of program is not caught.Can also be, boot loader 1041 He It is a file that SOS 1042 is caught, and it is a file that other all of safety applications is caught.Or, also It may be that boot loader 1041 is made up of a file, SOS 1042 and other all of safety applications quilt Collecting is a file.Or, it is also possible to utilize other collects method.

And, in the case of SOS 1042 and all of safety applications are caught and are a file, safety Such safety applications can not also be loaded into safety zone 1040 by operating system 1042.Therefore, SOS 1042 Can not also have, such safety applications is loaded into the function of safety zone 1040.

(2) according to described structure, when the unloading of hiding data 1010 processes, Cache 1004 is unlocked it Before, the value with 0 rewrites hiding data 1010, but, the form of process, it is not limited only to such form.Can also be, be not with The value of 0 rewrites hiding data 1010, but rewrites hiding data 1010 with other value.And, it is also possible to it is or not with identical Value rewrite hiding data 1010.That is, it is also possible to be, hiding data 1010 is rewritten with multiple values.

And, it is also possible to remove the Dirty mark being set when the data in Cache 1004 are written over or illustrate Data effective to Cache 1004 are stored the Valid mark of this situation.Accordingly, hiding data 1010 is controlled as, Memorizer 1020 will not be written out to.In this case as well, it is possible to be, it not to rewrite hiding data 1010 with the value of regulation.

(3) according to described structure, hiding data 1010, it is loaded into the Cache of the inside of system LSI 1000 1004.But, the loading destination of hiding data 1010, it is not limited only to the inside of system LSI 1000.Such as, hiding data 1010 can also, be loaded into be arranged on system LSI 1000 outside and attack for the hardware by bus probe etc. The memorizer of protection.

In order to arrange memorizer in the way of for the attack protection of the hardware by bus probe etc., there is several methods that.Example As, it is also possible to it is, holding wire, system LSI 1000 and the terminal of memorizer between system LSI 1000 and memorizer, is buried Enter the inside at substrate.And, it is also possible to it is to smear alite paste on holding wire and terminal.Accordingly, peeled at alite paste Time, holding wire or terminal are destroyed.And, it is also possible to it is, system LSI 1000 and memorizer, is sealing in same bag.

Further, as Figure 17 illustrates, hiding data 1010 can also, be loaded into the inside being configured in system LSI 1000 OCM (On Chip Memory: on-chip memory) 1005.

(4) according to described structure, SOS 1042 includes, hiding data loading unit 1044 and high speed are slow Storage sticking department 1045.Or, SOS 1042 includes, hiding data loading unit 1044, cache locking portion 1045 and application loading unit 1046.But, the structure of SOS 1042, it is not limited only to such structure.Can also It is that the whole of them are not contained in SOS 1042.

Such as, the loadable module of SOS 1042 can be loaded into after they can be, it is also possible to be to set Standby driver.Further, they can also be that Figure 18 such as illustrates the firmware independent of SOS 1042.

Further, they, can be not contained in SOS 1042, and be comprised in boot loader 1041 In, it is also possible to it is comprised in SOS 1042 and these both sides of boot loader 1041.Hiding data loading unit 1044, Cache locking portion 1045 and application loading unit 1046, in which structure, at CPU1001 in the safe mode and special During the work of power pattern, can work.

(5) such as, each described device can also be, specifically, microprocessor, ROM, RAM, Hard disc module, aobvious Show the computer system of the compositions such as device assembly, keyboard and mouse.

Specifically, RAM or Hard disc module storage have computer program.And, microprocessor enters according to computer program Row work, accordingly, each device realizes its function.Here, computer program is, in order to realize the function of regulation, combination is respectively Represent that multiple order codes of the order to computer are constituted.

(6) and, such as, part or all of multiple elements of each device described in composition, it is also possible to by One system LSI is constituted.System LSI is, by integrated for the multiple constituting portion super multi-functional LSI manufactured on a single die, tool For body, the computer system being made up of microprocessor, ROM and RAM etc..RAM storage has computer program.Microprocessor root Being operated according to computer program, accordingly, system LSI realizes its function.

Further, for multiple elements of each device described in composition, can be by they difference single chips, it is possible to With by they single chips so that comprise part or all.

Further, here, show system LSI, but according to the difference of integrated level, system LSI is sometimes referred to as IC (Integrated Circuit: integrated circuit), LSI, super LSI, especially big LSI.

Further, for the method for integrated circuit, it is not limited only to LSI, it is also possible to come with special circuit or general processor Realize integrated circuit.FPGA (the FieldProgrammable Gate that can program after manufacturing LSI can also be utilized Array: field programmable gate array) or restructural LSI within the connection of circuit unit and the reconfigurable processing of setting Device.

And then, certainly, if there is replacing the integrated electricity of LSI because of other technology of the progress of semiconductor technology or derivation The technology on road, then can utilize its technology to carry out integrated to functional block.There is the probability of the application etc. of biotechnology.

(7) and, such as, part or all of multiple elements of each device described in composition, it is also possible to by With each device removably IC-card or the module composition of monomer.IC-card or module are to be made up of microprocessor, ROM, RAM etc. Computer system.

IC-card or module can also, comprise described super multi-functional LSI.Microprocessor carries out work according to computer program Making, accordingly, IC-card or module realize its function.This IC-card or this module can also, there is tamper-resistance properties.

(8) it relates to concept, it is also possible to come real as the method shown in multiple embodiments and multiple variation Existing.Further, it relates to concept, can realize, also as the computer program realizing such method with computer Can realize as the digital signal constituting computer program.

Further, it relates to concept, it is also possible to the nonvolatile being recorded as computer program or digital signal The record medium of embodied on computer readable realizes.This record medium can also be, such as, floppy disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray (registered trade mark) Disc) or semiconductor memory etc..Further, the disclosure The concept related to, it is also possible to the digital signal recorded as this record medium realizes.

And, it is also possible to by computer program or digital signal, via electrical communication lines, wireless communication line, cable modem The transmission such as letter circuit, network with the Internet as representative or data broadcast.

Further, it relates to concept, it is also possible to as possess microprocessor and memorizer computer system come Realize.And, memorizer, computer program, microprocessor can be stored, can work according to computer program.

Further, computer program or digital signal can be recorded to record medium and carry, computer program or numeral Signal can also carry via network etc..And, it relates to concept, it is also possible to by other independent computer system Implement.

(9) described multiple embodiments and described multiple variation can also be combined.The place that certain element performs Reason, it is also possible to performed by other element.And it is possible to the order that change processes, it is also possible to carry out multiple process parallel.

(supplementing)

And, in each embodiment described can also, each element, be made up of special hardware or by holding Row is suitable to the software program of each element and realizes.Each element, it is also possible to by the program of CPU or processor etc. Enforcement division, reads and performs the record software program that recorded of medium of hard disk or semiconductor memory etc. and realize.Here, it is real The software of the information processor etc. of existing each embodiment described is, following program.

It is to say, this program, computer execution is made to process the information processing method of protection object data, at this information In reason method: the storage data high-speed in the first storage part is cached to the second storage part；With from being cached to described The cached data obtained in the cache area of the described storage data of two storage parts will not be written back to described first The mode of storage part, locks the described cache area in described second storage part；Described in described second storage part After cache area is locked, the described protection object data different from described storage data is written to described second and deposits Described cache area in storage portion.

Above, the information processor that one or more embodiments of the present invention are related to, carry out according to embodiment Explanation, but, the present invention, it is not limited only to this embodiment.Without departing from spirit of the invention, the present embodiment is implemented ability The form of the various deformation that the technical staff in territory expects or combine the element in different embodiments and the form that constitutes, It is also contained in the range of one or more embodiments of the present invention.

The information processor that one embodiment of the present invention relates to, has the information processing apparatus for processing hiding data Put, for instance, it is possible to be adapted for carrying out mobile phone or the PC etc. of the software for regenerating the protected content of copyright Information processor.

Symbol description

100 content delivering systems

110 content displays

120 content recording apparatus

121 antennas

300,400 information processor

301,302,401,402 storage part

303,403,1012 Cache control portion (cache controller)

404 processors

405 integrated circuits

406 access control portion

411,412,1011 memory area

1000 system LSIs

1001 CPU

1002 IPL

1003 memory controllers (Memory Controller)

1004 Caches

1005 OCM

1006 key maintaining parts

1010 hiding datas

1020 memorizeies

1030 normal regions

1031 general-purpose operating systems (general purpose O S)

1032 play application

1033 content reception application

1034 share data

1040 safety zones

1041 boot loader

1042 SOSs (safe OS)

1043 content reproduction application

1044 hiding data loading units

1045 cache locking portions

1046 application loading units

1050 Nonvolatile memory devices

1051 encrypted secret datum

1052 encryption boot loader

1053 encryption safe operating systems

1054 encrypted content regeneration application

1061 headers

1062 hiding data main bodys

1063 validation values

1100 common software execution environment (home)

The software execution environment (security context) of 1200 safety

3000 bag generating units

3100 compilers

3101 linkers

3102 bag Core Generators

3110 source codes (program's source code)

3111 safety applications

3112 privacy keys

3113,3205 public key certificate

3114,3203 enactment document

3201 application head information

3202 application main bodys

3204 application signature lists

3206 signatures

3210 heads

3211.text section

3212.hctext section

3213.rodata section

3214.data section

3215.bss section

3216.hcdata section

Claims

1. an information processor, is the information processor that protection object data carries out predetermined processing, this information processing Device possesses:

First storage part；

Second storage part；

Cache control portion, is cached to described second storage part by the storage data high-speed in described first storage part；

Cache locking portion, is carried out the cache area of described second storage part described Cache control portion The instruction of locking；And

Hiding data loading unit, is loaded into described first storage part or described second storage part by described protection object data,

Described Cache control portion,

In the way of the cached data of described storage data not being write back to described first storage part, lock described second and deposit Described cache area in storage portion, wherein, described cached data is from being cached to described second storage part Described cache area obtains,

Described cache locking portion, by that presumptive area to be stored for described protection object data has stored and with institute State the protection different data of object data to read in, described Cache control portion is carried out in described second storage part described in The locking instruction of cache area,

Described hiding data loading unit, after the described cache area in described second storage part is locked, by described Protection object data is written to the described cache area in described second storage part.

2. information processor as claimed in claim 1,

Described Cache control portion, will not be by outside device by the described protection object data to export from processor The described protection object data exported from described processor, by the circuit of physical protection, is written to described second by the mode obtained Described cache area in storage part,

In the way of described protection object data in described cache area will not be by outside device acquisition, described second Storage part is by physical protection.

3. information processor as claimed in claim 1 or 2,

Described Cache control portion,

When described protection object data is carried out described predetermined processing, for described protection object data, distribute described first Data area in storage part,

Described storage data high-speed in allocated described data area is cached to described second storage part,

After described cache area in described second storage part is locked, described protection object data is written to institute State the described cache area in the second storage part.

4. information processor as claimed in claim 1 or 2,

Described Cache control portion,

Described first storage part can be written back to the described cached data obtained from described cache area Mode, releases the locking of described cache area in described second storage part,

Described cache locking portion, after described protection object data has been carried out described predetermined processing, removes described Described cache area in second storage part, carries out the institute in described second storage part to described Cache control portion State the latch-release instruction of cache area.

5. information processor as claimed in claim 1 or 2,

Described information processor is also equipped with processor, and this processor performs to carry out described protection object data at described regulation The program of reason,

Described cache locking portion, accepts from the instruction of described program, by be stored for described protection object data pre- Determine that stored in region and different from described protection object data data to read in, described Cache control portion is entered The locking instruction of the described cache area in described second storage part of row,

Described hiding data loading unit, accepts the instruction from described program, and the described high speed in described second storage part is delayed Deposit region locked after, described protection object data is written to the described cache area in described second storage part.

6. information processor as claimed in claim 5,

Described information processor is also equipped with integrated circuit,

Described second storage part, described Cache control portion and described processor, be comprised in described integrated circuit.

7. information processor as claimed in claim 5,

Described program, is decrypted also by encryption data, thus generates described protection object data, and to described in generation Protection object data performs described predetermined processing.

8. information processor as claimed in claim 1 or 2,

Described Cache control portion, by right for the described protection being predefined for being written to described first storage part by program Image data is written to the described cache area in described second storage part.

9. information processor as claimed in claim 1 or 2,

Described Cache control portion, is written to described second storage using executable program as described protection object data Described cache area in portion.

10. information processor as claimed in claim 5,

Described processor, performs security procedure in the safe mode, performs normal procedure in the normal mode,

Described first storage part has the first memory area and the second memory area,

Described first memory area is the region for storing described normal procedure,

Described second memory area is the region for storing described security procedure, and be prohibited from being accessed by described normal procedure Region.

11. information processors as claimed in claim 10,

Described Cache control portion, will be predefined for being written to described second memory area by described security procedure Described protection object data is written to the described cache area in described second storage part.

12. information processors as claimed in claim 10,

Described information processor is also equipped with accessing control portion, and this access control portion forbids being accessed described the by described normal procedure Two memory areas.

13. 1 kinds of information processing methods, are the information processing methods that protection object data carries out predetermined processing, at this information Reason method comprises the steps of,

Storage data high-speed in first storage part is cached to the step of the second storage part；

Carry out the step of the instruction cache area of described second storage part locked；And

Described protection object data is loaded into described first storage part or the step of described second storage part,

In the step storing data described in cache, described the cached data of described storage data is not write back to The mode of the first storage part, locks the described cache area in described second storage part, wherein, described cached data Obtain from the described cache area being cached to described second storage part,

In the step carrying out described instruction, by that presumptive area to be stored for described protection object data has stored and with The data reading that described protection object data is different, the locking carrying out the described cache area in described second storage part refers to Show,

In the step loading described protection object data, the described cache area in described second storage part is locked Afterwards, described protection object data is written to the described cache area in described second storage part.

14. 1 kinds of integrated circuits, are the integrated circuits that protection object data carries out predetermined processing, and this integrated circuit possesses:

Storage part；

Cache control portion, is cached to described storage part by the storage data high-speed in storage device；

Cache locking portion, carries out described Cache control portion locking the cache area of described storage part Instruction；And

Hiding data loading unit, is loaded into described storage device or described storage part by described protection object data,

Described Cache control portion,

In the way of the cached data of described storage data not being write back to described storage device, lock in described storage part Described cache area, wherein, described cached data from be cached to described storage part described high speed delay Deposit in region and obtain,

Described cache locking portion, by that presumptive area to be stored for described protection object data has stored and with institute The data stating protection object data different are read in, and described Cache control portion is carried out the described high speed in described storage part The locking instruction of buffer zone,

Described hiding data loading unit, after the described cache area in described storage part is locked, by described protection Object data is written to the described cache area in described storage part.