1. Field of the Invention
The present invention relates to a data processing apparatus with software protecting functions for protecting programs and data handled by the apparatus from being stolen, tampered with, or otherwise abused. More particularly, the invention relates to a data processing apparatus having versatile, general-purpose functions of software protection.
2. Description of the Related Art
Programs and data (generically called data hereunder unless otherwise noted) prepared for public distribution need to be protected from theft, tampering and other unauthorized uses. Conventional attempts to protect the data include placing them into a ROM or storing them on a floppy disk or the like protected against piracy. These attempts have mostly failed to achieve their purpose because determined rogues have easily cracked the safeguards to get what is supposed to be protected.
Other methods of data protection include encrypting the data to be supplied so that only the user having an appropriate decryption key may decrypt the data in question. However, it is impossible for this method completely to eliminate the possibility of the decrypted data being subsequently stolen, tampered with or otherwise abused because they are stored in memory or in fixed disk drives after decryption.
One solution to such problems is a data processing apparatus with security functions proposed in Japanese Unexamined Patent Publication No. Hei 2-155034. The proposed apparatus operates under a scheme whereby encrypted data are again ciphered when placed in internal memory and then deciphered when retrieved therefrom and executed by a central processing unit. The scheme involves installing an encryption and a decryption device for software protection within the data processing apparatus. This apparatus will now be described more specifically below.
FIG. 32 is a block diagram of a conventional data processing apparatus designed for such software protection. The apparatus comprises a central processing unit (CPU) 210, a storage device 240, an input device 220, an output device 230 and a key input device 250. The CPU 210 contains an arithmetic unit 212, a control unit 211, an encryption-decryption unit 213 and a key storage unit 214.
The CPU 210 functions as the core of the data processing apparatus, operating on data and controlling component devices. The storage device 240 for data storage exchanges data with the encryption-decryption unit 213 in the CPU 210 under control of the latter.
The input device 220 receives data from outside the data processing apparatus under control of the CPU 210. The output device 230, also controlled by the CPU 210, outputs data from the data processing apparatus. The key input device 250 sets keys necessary for encrypting and decrypting data.
The arithmetic unit 212 in the CPU 210 performs arithmetic and logic operations on the data fed from the input device 220 or storage device 240. The control unit 211 interprets instructions from the storage device 240 to control the data processing apparatus itself. The key storage unit 214 accommodates keys set by the key input device 250. The encryption-decryption unit 213, interposed between the storage device 240 and the arithmetic unit 212, decrypts the encrypted instructions and data from the storage device 240 by use of keys in the key storage unit 214 in such a manner that the decrypted instructions and data may be interpreted and processed by the control unit 221 and the arithmetic unit 212, respectively. In addition, upon storing the computed result from the arithmetic unit 212 into the storage device 240, the encryption-decryption unit 213 encrypts the target data using keys from the key storage unit 214 and stores it in the storage device 240.
The data processing apparatus of the above-described constitution keeps the data encrypted in the storage device 240. This means that any data stolen from the storage device 240 are difficult to interpret, whereby data security is supposed to be enhanced.
In the above kind of data processing apparatus with software protecting functions, encrypted and stored data need to be decrypted whenever they are executed. This requires the apparatus to adopt a cipher system of relatively simple algorithms (e.g., XOR) in view of the need to reduce the overhead of data decryption. The result can be a lowered level of encryption security. It is thus necessary to maximize the security of data encryption even in conjunction with relatively simple algorithms.
Efforts to bypass the above deficiency include employing different encryption method for each data processing apparatus and to keep such encryption methods confidential. These methods lead to another problem: a significant decrease in data interchangeability. Moreover, the frequency of specific instruction codes appearing in programs and the correspondence of encrypted programs to how the apparatus operates can give clues to how encryption algorithms and encryption keys are constituted. This means that the efforts such as those above have not necessarily increased the level of encryption security for individual data processing apparatuses.
Other methods are being proposed to ensure high levels of encryption security with small amounts of computations involved. One such method is proposed in connection with the data processing apparatus disclosed in Japanese Unexamined Patent Publication No. Hei 4-102920 in which an encryption key is set for each process or segment. In this setup, as with the example of FIG. 32, data are encrypted and stored in memory and are subsequently retrieved therefrom and decrypted for execution by the CPU. In addition, the proposed setup comprises a selection circuit for selecting a translation (i.e., encryption-decryption) circuit for each process or segment. The selection circuit is designed so that plain or user-created programs are carried out by the CPU without the intervention of a translation circuit. This makes it possible to use different encryption keys for each of the processes or segments that constitute the logical units managed by the operating system. With the operating system managing encryption keys in a flexible manner, the level of encryption security is enhanced.
Recently marketed data processing apparatus, especially microprocessors, are characterized by their extensive use of cache memory. In such apparatuses, the translation circuits may be installed interposingly between cache memory and main memory. Decrypted programs and data are then held in cache memory so that encryption and decryption processes will be carried out at high speed.
The above data processing apparatus in which encryption keys are set for each process or segment still has a disadvantage. To control the selection circuit in the logical units of processes or segments requires that the operating system, which the controls processes or segments, be in charge of controlling the selection circuit. The operating system is generally software which, when running under a scheme adopting an encryption method of relatively simple algorithms, can be easily tampered with by those who concentrate on deciphering encryption switchover controls of the operating system. This means that data can be output from the data processing apparatus as they are decrypted therein. Merely tampering with the operating system in part can thus lead to the decryption of all programs and data. That is, control of encryption-decryption means by software in a data processing apparatus can be a weak point in data security.
A system in which the selection circuit is controlled by the operating system and in which decrypted data are held in cache memory for high-speed processing can entail the following problems:
Cache memory control methods fall into two broad categories: a write-through method whereby data in cache memory and those in main memory are updated synchronously, and a write-back method whereby the two kinds of data in the two memories are updated asynchronously. The write-back method is generally the more efficient of the two methods, and should preferably be used for cache memory control so that the data processing apparatus in question may carry out data encryption and decryption without sacrificing its performance.
Where the write-back type cache memory setup is adopted, the fact that data in cache memory and those in main memory are updated asynchronously means that software can control only the timing of writing data to cache memory. As a result, control of the selection circuit by software becomes impossible. In other words, having the operating system control the selection circuit prevents decrypted data from being retained in write-back type cache memory. To enhance the level of encryption security without reducing processing capabilities requires implementing an encryption-decryption key management scheme matching various memory management methods such as the cache memory method and virtual storage method.
Furthermore, conventional data processing apparatuses with software protecting functions use a predetermined decryption method or decryption keys in decrypting the programs or data encrypted by a predetermined encryption method or encryption keys. The overhead accompanying the process of decryption requires that the encryption method be relatively simple so that the amount of computations involved is limited. This makes it necessary for the encryption-decryption method or encryption-decryption keys to be confidential or be specific to each data processing apparatus. Any third party not in a position to know such encryption-decryption methods or keys is unable to freely develop software which should be protected by the security function of the data processing apparatus in question.