The present invention relates to an information processing apparatus such as a personal computer, an information processing apparatus controlling method and an information processing apparatus controlling program, and in particular, to the information processing apparatus equipped with security hardware for performing user certification based on security key information in the security hardware on system log-on, and information processing apparatus controlling method and information processing apparatus controlling program thereof.
A PC (Personal Computer) equipped with a security chip compliant with the TCPA (Trusted Computing Platform Alliance: “http: //www.trustedcomputing.org/tcpaasp4/index.asp”) standards uses a predetermined cryptographic program and security key information in the security chip and thereby executes various security processes such as user certification as to whether or not to permit a start of an OS (Operating System), encryption and decryption of a file and a folder in collaboration with the OS, storage of a digital certificate and integration of the user certification in various applications.
Published Unexamined Patent Application No. 2001-99466 teaches reading the security key information in the security hardware such as an IC card via a certification apparatus connected to a terminal and determining whether or not an owner of the security hardware is an authorized owner based on the security key information so as to allow a log-in from the terminal to a host only when determination results are “Yes”.
As for a repair of a PC relating to an ordinary hardware failure, it is sufficient to replace the failed hardware with a new one. As opposed to this, in the case of making a repair including replacement of a security chip compliant with the TCPA, security key information stored in the security chip before the replacement does not exist in the new security chip after the replacement. Therefore, an OS start (hereafter, referred to as a “system log-on” as appropriate) cannot be implemented even if the power of the PC is turned on after replacing the security chip so that it becomes difficult to use the PC. To be more specific, the security key information in the security chip is encrypted by a predetermined program in the security chip and is stored therein. To perform user certification for the system log-on based on the security key information, it is necessary to decrypt the security key information in the security chip with a program in the security chip. If there is no security key information in the security chip, the decryption becomes difficult and so user certification cannot be executed so that the system log-on becomes difficult. In order to overcome it, it is necessary to reinstall the OS on the PC and then newly set up the security key information again, which takes enormous amounts of labor and time. In addition, as for the folders and files stored on the hard disk after being encrypted based on the security key information in the security chip before the replacement, it is difficult to decrypt them even if new security key information is registered separately as to the new security chip since they are encrypted based on the security key information in the security chip before the replacement. The security chip compliant with the TCPA is normally mounted on a mother board, and in the case of a typical repair, the entire mother board is replaced when an element of the mother board is faulty. Accordingly, there are many cases where the security chip is replaced even if the security chip itself is not faulty.
The above mentioned patent application shows a measure to deal with a situation in which, after being certified based on authorized security hardware and logging into a host from a terminal once, the authorized security hardware is maliciously replaced by unauthorized hardware and a session is continued. However, it does not disclose any effective measure to restore the security key information in the security hardware after the replacement in the case where, on the replacement of the security hardware, an authorized user cannot log on to the system and restore the security key information of the security hardware before the replacement to new security hardware without using the security key information of the security hardware before the replacement.