Nowadays, in a personal computer or the like computer, a large number of application programs are activated to incarnate various functions, under the management of an operating system (called “OS”).
Malicious software elements intended to perform illegal accesses or to steal private information, etc., such as viruses and spyware, exist among the application programs, and various countermeasures are taken in order to prevent the illegal accesses, etc. by the software elements.
There has been proposed, for example, a security system wherein a hardware LSI called “TPM (Trusted Platform Module)” is undestroyably packaged in a personal computer (herein below, abbreviated to “PC”), thereby to detect the existence of illegal software and to prevent any illegal authentication (refer to Patent Document 1 being JP-A-2003-271254).
There has also been proposed a system wherein a plurality of OSes are installed on one PC, thereby to detect any illegal access and to enhance security.
By way of example, two OSes are installed, and application programs installed at will by a user are operated as in a conventional manner under the management of one of the OSes, while only software elements trusted by an IT manager or the like are operated under the management of the other OS.
Here, the “trusted software” signifies a group of software elements intended for special uses, for example, an anti-virus software element and a personal firewall. One of the two OSes shall be called the “conventional OS”, and the other OS the “Trusted OS (abbreviated to “T-OS”).
The group of software elements operated under the management of the T-OS can have the screens of their processed contents displayed on the area of a special display frame displayed on a display device. More specifically, the contents which are displayed by the group of software elements operated under the management of the T-OS are generally written into a specific display memory area TFB (Trusted Frame Buffer). Information written into the TFB is displayed within the special display frame (frame for the T-OS).
FIG. 15 shows an explanatory diagram of the schematic configuration of a related art security system.
The figure shows part of the configuration of one PC, which includes a CPU, a display and a graphic chip as hardware elements.
The CPU executes management software called a “VMM (Virtual Machine Monitor)”, and it operates a conventional OS and a T-OS (Trusted OS).
Besides, the graphic chip is an LSI which controls display contents for the display, and in which two display memory areas (TFB and UTFB) are included.
The TFB (Trusted Frame Buffer) is a memory area which is used only by the T-OS, while the UTFB (Un-trusted Frame Buffer) is a memory area which is used only by the conventional OS.
The display is an ordinary display device such as CRT or LCD, and it displays a display frame for the conventional OS and the display frame for the T-OS. In a case where display requests have been made by software elements operated under the managements of the respective OSes, data requested to be displayed are displayed within the display frames for the corresponding OSes.
The management software VMM chiefly includes a virtual graphic 1 which accepts a display request input from the conventional OS, a virtual graphic 2 which accepts a display request input from the T-OS, and a driver (graphic chip driver) which controls the graphic chip.
In a case, for example, where any display request has been made by the software operated under the management of the conventional OS, the virtual graphic 1 accepts the display request input, and the graphic chip driver interprets the display request and sends this display request to the graphic chip together with display data.
Upon accepting the display request, the graphic chip writes the received display data into the UTFB in a case where the display request has been made by the conventional OS. When the display data has been written into the UTFB, it is displayed within the display frame for the conventional OS.
Likewise, the display frame for the T-OS is displayed on the display, and in a case where the display request from the software operated under the management of the T-OS has been made, display data requested to be displayed is displayed within the display frame for the T-OS.
The two display frames are displayed on the display. A user is let know which of the display frames the display data is displayed in, by making the colors of the display frames different by way of example.
Assuming that the software operated under the management of the T-OS is trusted legal software at all times, contents displayed in the display frame for the T-OS on the display are not based on illegal software. Accordingly, the user considers the displayed contents as reliable information, and he/she reads the displayed contents and inputs necessary data.
However, if the color, display position, etc. of the display frame for the T-OS as is displayed on the display are fixed, an illegal display might be presented by imitating the display contents of the display frame for the T-OS. By way of example, illegal software operated under the management of the conventional OS is installed in the PC, and the same frame as the display frame for the T-OS is displayed on the display by the illegal software. In this way, the user can be deceived and think that a display of information displayed within the illegal frame was displayed by the software trusted by the T-OS.
FIG. 16 shows an explanatory diagram of such a status where the illegal display is presented by the illegal software. In this case, the illegal software is under the management of the conventional OS, and hence, all display data items requested to be displayed are written into the UTFB.
However, both the display frame for the conventional OS and the display frame for the T-OS can be displayed on the UTFB by the illegal software, and the user who is watching the display cannot discern whether or not the display frame for the T-OS is displayed by the illegal software. Therefore, the user watching the display believes that the display contents of the display will be the same as those displayed in FIG. 15.
On this occasion, assuming by way of example that a screen for causing the user to input an ID or a password is displayed in the frame pretended to be the display frame for the T-OS, the user might input the ID or the password without doubt.
Further, in a case where a process in which the inputted password or the like is transferred to another specified PC through a network is incorporated as the function of the illegal software, the password or the like is stolen.
Especially in a case where the normal display frame itself for the T-OS or a display content within this frame as is displayed through the original TFB is not displayed, the display frame for the T-OS or the display content thereof as displayed by the illegal software may possibly be judged as being reliable by the user. Accordingly, it is sometimes difficult to arrest the user's input of the password or the like.
The illegal software can intrude into the PC by various methods, and it is sometimes existent (i.e., present) in a way which is difficult to be noticed by the user. It is therefore dangerous because the user could input the password or the like while trusting only the displayed content of the display. Moreover, even when an anti-virus software element or the like is installed, it is difficult to perfectly prevent the invasion of the illegal software, and there remains the possibility that the illegal display will be presented on the display.
It is therefore desired to provide to the user, a scheme in which, although the content displayed in the display frame for the T-OS on the display is tentatively processed as being reliable, if the displayed content is really reliable can be confirmed.
This invention has been made in consideration of the above circumstances, and it has for its object to provide a status display control apparatus including output means capable of confirming the nonexistence (i.e., absence) of any illegal software, the reliability of a displayed content, etc. separately from the original displayed content on a display.