(1) Field of the Invention
The present invention relates to a technique for executing information security processing such as encryption of data, decryption of encrypted data, generation of a digital signature, and verification of a digital signature, securely and at high-speed in a program execution apparatus which executes a computer program with switching between a secure software execution environment and a normal software execution environment.
(2) Description of the Related Art
In recent years, theft of data (e.g. personal information) stored in information processing apparatuses such as personal computers (Personal Computer, PC) and mobile phones has become a widespread problem.
Such theft is sometimes committed by an unauthorized computer program. This computer program is illicitly downloaded from an open network such as Internet to an information processing apparatus such as a PC or a mobile phone. The computer program operates illicitly in the information processing apparatus against the will of the user of the information processing apparatus. For example, the computer program reads data stored in a storage device of the PC or the mobile phone, and sends the read data to an attacker or the like via a network. This is how the attacker achieves his/her aim of stealing data. Hereinafter, the unauthorized computer program is also referred to as a malicious computer program.
In order to prevent such data theft, Patent Documents 1 and 2 (Patent Document 1 (Japanese publication) and Patent Document 2 (US publication) disclose the same contents) discloses the following technique, with an aim to provide an access control system by which illegal access can be inhibited, even if any intruder from a network attempts illegal readout or writing on files by abusing a user's authority.
Multiple OSs operate simultaneously on a server information processing apparatus. One of the OSs is a service OS, and another is a security OS. Multiple OS control programs operating on the server information processing apparatus perform various controls to enable the service OS and the security OS to operate on the server information processing apparatus. A server program operates on the service OS, and an access control program operates on the security OS. An I/O manager and a file I/O hooking program operate in the service OS. An inter-OS communication processor operates in the multiple OS control programs.
When the server program requests a file access, the request reaches the file I/O hooking program via the I/O manager. The file I/O hooking program requests the access control program via the inter-OS communication processor to perform check on the access authority and the like with respect to the file access request. The access control program checks the received request against the policy file, and transmits the result of the check as a response to the file I/O hooking program via the inter-OS communication processor. The file I/O hooking program judges the validity of the access request based on the received response, and sets an error code if the request is against the policy. When the error code is set, the I/O manager returns an error to the server program.
As described above, by judging the validity of the requested access to the data on the security OS which is a secure execution environment, unauthorized data access can be prevented.
Next, Patent Document 3 discloses the following technique in order to solve the problem that unencrypted data remain on a cache in an encryption system operating integrally with a computer system.
A computer system including an operating system and a storage apparatus (hard disk) has a function of automatically encrypting a file to be saved in a predetermined folder. Cache data attached to a file to be encrypted, which is held on a cache memory managed by the computer system, is invalidated or rewritten in accordance with the switching between ON and OFF of the encryption processing function.
With this structure, no unencrypted data remain on the cache, thereby preventing unauthorized use of the data.
Patent Document 1: Japanese Laid-Open Patent Application Publication 2008-204468
Patent Document 2: US Patent Application Publication 2001/0025311A1
Patent Document 3:, Japanese Laid-Open Patent Application Publication 2004-240699