1. Field of the Invention
The present invention relates to a microprocessor having a function for assisting a multi-task program execution environment, and more particularly, to a micro-processor having a function for encrypting/decrypting programs and data which is capable of sharing hidden programs or hidden data among a plurality of processes safely.
2. Description of the Related Art
In recent years, the performance of a microprocessor has improved considerably such that the microprocessor is capable of realizing reproduction and editing of video images and audio sounds, in addition to the conventional functions such as computations and graphics. By implementing such a microprocessor in a system designed for end-user (which will be referred to as PC hereafter), the users can enjoy various video images and audio sounds on monitors. Also, by combing the function for reproducing video images and audio sounds with the computational power of the PC, the applicability to games or the like can be improved. Such a microprocessor is not designed for any specific hardware and can be implemented in a variety of hardwares so that there is an advantage that the users who already possess PCs can enjoy reproduction and editing of video images and audio sounds inexpensively.
In the case of handling video images and audio sounds on PCs, there arises a problem of a protection of the copyright of original images or music. In particular, in order to prevent alteration or illegal copying of a software for handling image data or music data on the PC, a technique called tamper resistant software technique has been used (see David Aucsmith et al., “Tamper Resistant Software: An Implementation”, Proceedings of the 1996 Intel Software Developer's Conference). The tamper resistant software technique is a technique for protecting know-how or the like contained in the software from analysis and preventing analysis and alternation of the software by encrypting the software.
However, the tamper resistant software technique is basically a technique which makes analysis using tools such as de-assembler or debugger difficult by encrypting a portion of the program that requires protection before the execution of the program starts, decrypting that portion immediately before executing that portion and encrypting that portion again immediately after the execution of that portion is completed. Consequently, as along as the program is executable by a processor, it is always possible to analyze the program by carrying out the analysis step by step starting from the start of the program. This fact has been an obstacle for providing copyright protected contents or sophisticated information services through the PC or applying programs containing know-how of an enterprise or individual to the PC.
In addition, as a problem on the hardware side, the PC is an open platform so that there is also a possibility of an attack by altering the operating system (OS) which is intended to be a basis of the system's software configuration. Namely, a skilled and malicious user can alter the OS of his own PC to carry out operations to invalidate or analyze the copyright protection mechanisms incorporated in application programs by utilizing privileges given to the OS, instead of carrying out the normal operations of the OS.
The current OS realizes the multi-task environment for seemingly processing a plurality of tasks in parallel by utilizing a privileged operation function with respect to a memory and an execution control function provided in CPU. Namely, the OS carries out an allocation of resources necessary for the execution of a program, i.e., an allocation of a CPU time to the execution of the program and an allocation of a memory space necessary for the execution of the program, and controls accesses to devices, network and application QoS that are under the control of the computer. For this purpose, the OS has the following two privileges.
The first privilege is that the OS can interrupt or restart an application program at arbitrary timing in order to carry out the CPU time allocation.
The second privilege is that the OS can move a content of a memory space allocated to an application program to a memory of a different hierarchical level at arbitrary timing, such that the OS can provide a flat memory space to the application by concealing normally hierarchical memory systems with different access speeds and capacities from the application.
Using these two privileges, the OS can interrupt an execution state of the application and take a snap shot of it at arbitrary timing, and restart it after making a copy of it or rewriting it. This function can also be used as a tool for analyzing secrets hidden in the application.
In order to prevent an analysis of the application on a computer, there are several known techniques for encrypting programs or data (Hampson, U.S. Pat. No. 4,847,902; Hartman, U.S. Pat. No. 5,224,166; Davis, U.S. Pat. No. 5,806,706; Takahashi et al., U.S. Pat. No. 5,825,878; Buer et al., U.S. Pat. No. 6,003,117; Japanese Patent Application Laid Open No. 11-282667 (1999), for example). The encrypted execution codes can be decrypted only by the microprocessor which knows the secret key. The decrypted state is allowed to exist only inside the microprocessor and no process or OS other than the executed process is allowed to carry out the decryption.
However, these known techniques do not account for the protection of the program operation and the data secrecy from the above described privileged operations of the OS. Consequently, the system employing the conventional encryption technique has a drawback in that the analysis of the program becomes possible by utilizing a privilege of the OS called a context switching, without decrypting the encrypted execution codes.
The context switching is carried out to switch some processes by the OS when the execution of the program is stopped by the interruption or when the program voluntarily calls up a software interruption command due to the system call up. Namely, for the purpose of the execution of the other program, the OS stores an execution state (which will be referred to as a context information hereafter) of the program indicating a set of register values at that point into a memory, and restores the context information of another program stored in the memory in advance into the registers. The context switching is an indispensable function in order to operate a plurality of programs in parallel. The OS can read the register values at a time of the context switching, so that it is possible to guess most of the operations made by the programs, according to how the execution state of that program has changed.
Apart from the interruption of the execution and the analysis of the program, the OS can also arbitrarily rewrite the register information that has been moved to the memory. The OS can store arbitrary state of the application so that it is possible to analyze the operation of the program by rewriting the register values and operating the program repeatedly.
In view of these problems, the present inventors have proposed a technique for automatically encrypting a part or whole of the context information in the registers within the microprocessor and saving it to a memory external of the processor at a time of the context switching, as disclosed in the commonly assigned co-pending U.S. patent application Ser. No. 09/781,284. Using this technique, the attacks by the OS at a time of the context switching can be prevented.
On the other hand, there is also a proposition of a technique in which each one of a plurality of applications and program providers maintains secrets independently from the OS. In U.S. Pat. No. 5,123,045, Ostrovsky et al. disclose a system that presupposes the use of sub-processors having a unique secret key for each application, in which the operation of the program cannot be guessed from the access pattern by which these sub-processors are accessing programs placed on a main memory. This system is based on a mechanism for carrying out random memory accesses by converting the instruction system for carrying out operations with respect to the memory into another instruction system different from that.
However, this technique requires different sub-processors for different applications so that it requires a high cost, and the implementation and fast realization of the compiler and processor hardware for processing such instruction system are quite different from those of the currently used processors, so that the realization of this system is expected to be very difficult at present. Also, in this type of processor, it becomes difficult to comprehend correspondences among the data contents and the operations even when the data and the operations of the actually operated codes are observed and traced so that the debugging of the program becomes very difficult, and therefore this technique has many practical problems, compared with the other conventional techniques described above in which the program codes and the data are simply encrypted, such as those of U.S. Pat. No. 5,224,166 and Japanese Patent Application Laid Open No. 11-282667.
The development of techniques for protecting encrypted programs and their processing target data is still in progress currently, but the current development is basically focused on the prevention of eavesdropping of programs and data from the other process by invalidating the analysis and tracing of the executed process.
On the other hand, there are demands for mutually sharing programs and data even in the encrypted state among properly permitted processes (programs). Namely, there are demands for sharing the encrypted programs and hidden data among processes in a similar manner as using an existing non-encrypted library or an inter-process shared memory provided by the OS. In order to share the encrypted programs or data among different processes, how to share the key information safely among proper processes can be a problem.
In the processor in which the decrypted state of the encrypted program or data is allowed only within the processor, when it is desired to share the encrypted memory region created by some process with the other process, the meaningful data sharing cannot be realized by simply utilizing the memory sharing mechanism provided by the OS, because the other process that requests the sharing of the encrypted memory region does not know the key necessary for this region.
The read/write of the encrypted memory region is carried out by using the key corresponding to this memory region. The key is maintained secretly within the processor. For this reason, if the same key can be shared within the processor by the other process as well, the meaningful read/write becomes possible. Here, however, it is necessary to carry out this key sharing safely between two processes.
The safe key sharing between processes which know the key in advance can be realized by embedding the key in the encrypted state within the program. However, if the key cannot be embedded in advance or if the key is to be shared between processes (programs) to which the key should not be notified in advance, there is a need to establish a safe key exchange sequence between processes.
Up to now, there are many techniques aimed at establishing a safe key exchange sequence via a network in conjunction with the development of the public key cryptosystem. The key information to be exchanged on the network itself can be eavesdropped, but the attacks are difficult unless the secret key maintained within each computer is known. In the case of the key exchange via a network, the temporary data to be used for the key exchange or key calculation within the computer are handled in the plaintext form under the presumption that the temporary data cannot be leaked to the network or cannot be eavesdropped from the network.
However, the present invention is directed to the case where there is a need to carry out the key exchange between processes within the computer, separately from the key exchange sequence via a network, and it is presupposed that the temporary data to be used for the key exchange or key calculation are also to be placed within the computer.