Tampering monitoring system, management device, protection control module, and detection module

The invention claimed is: 1. A tampering monitoring system comprising: a management device; and an information processing device, wherein the information processing device includes a microprocessor and a non-transitory computer-readable recording medium coupled to the microprocessor storing computer-executable instructions thereon, wherein the instructions include: a protection control module for protecting an application program; and a plurality of detection modules for monitoring tampering of the protection control module, wherein the management device includes a microprocessor and a non-transitory computer-readable recording medium coupled to the microprocessor storing computer-executable instructions thereon, wherein the instructions, when executed by the microprocessor of the management device, are configured to: generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and output each of the key shares to a different one of the detection modules, wherein the detection modules, when executed by the microprocessor of the information processing device, are configured to acquire and store therein the key shares, wherein the protection control module, when executed by the microprocessor of the information processing device, is configured to: acquire the key shares from the detection modules; reconstruct the decryption key by composing the acquired key shares; decrypt the encrypted application program, with use of the reconstructed decryption key; and delete the decryption key, after the decryption is completed, wherein the instructions, when executed by the microprocessor of the management device, are further configured to: perform decryption processing made up of a plurality of partial decryption processes on an encrypted application program generated as a result of encryption of the application program in a non-tampered state and, for each partial decryption process, perform a one-way conversion on both input data for the partial decryption process and output data resulting from the partial decryption process to generate a decryption verification value, and generate verification data including the input data and the decryption verification value; and output the verification data to the protection control module, wherein the protection control module, when executed by the microprocessor of the information processing device, is further configured to: perform the decryption processing made up of the plurality of partial decryption processes on the encrypted application program, output, for each partial decryption process, the verification data and the output data resulting from the partial decryption process to a corresponding one of the detection modules, and wherein each of the detection modules corresponding to the partial decryption processes, when executed by the microprocessor of the information processing device, is further configured to: receive the output data and the verification data; and perform verification using the output data and the verification data, and output a result of the verification indicating a verification failure if the verification fails, wherein the plurality of partial decryption processes correspond one-to-one to two or more of the plurality of detection modules, wherein the instructions, when executed by the microprocessor of the management device, are further configured to output the verification data and the output data resulting from each partial decryption process to the detection module corresponding to the partial decryption process, and wherein each of the detection modules corresponding to the partial decryption processes when executed by the microprocessor of the information processing device, is further configured to: transmit identification information identifying the partial decryption process corresponding to the detection module, to another one or more of the detection modules; receive, from another one or more of the detection modules, one or more pieces of identification information identifying the partial decryption processes corresponding to the other one or more detection modules; and perform verification on duplication of the one or more pieces of identification information and the identification information identifying the partial decryption process corresponding to the detection module, and on the comprehensiveness of the one or more pieces of identification information and the identification information identifying the partial decryption process corresponding to the detection module, with respect to all pieces of identification information corresponding to the plurality of partial decryption processes. 2. The tampering monitoring system of claim 1 wherein each of the detection modules corresponding to the partial decryption processes when executed by the microprocessor of the information processing device, is further configured to output a result of verification indicating a verification failure, if any duplicates exist among the one or more pieces of identification information and the identification information identifying the partial decryption process corresponding to the detection module, or if the one or more pieces of identification information and the identification information identifying the partial decryption process corresponding to the detection module do not completely cover all pieces of identification information corresponding to the plurality of partial decryption processes. 3. A tampering monitoring system comprising: a management device; and an information processing device, wherein the information processing device includes a microprocessor and a non-transitory computer-readable recording medium coupled to the microprocessor storing computer-executable instructions thereon, wherein the instructions include: a protection control module for protecting an application program; and a plurality of detection modules for monitoring tampering of the protection control module, wherein the management device includes a microprocessor and a non-transitory computer-readable recording medium coupled to the microprocessor storing computer-executable instructions thereon, wherein the instructions, when executed by the microprocessor of the management device, are configured to: generate a plurality of key shares by decomposing a decryption key, the decryption key being for decrypting an encrypted application program generated as a result of encryption of the application program; and output each of the key shares to a different one of the detection modules, wherein the detection modules, when executed by the microprocessor of the information processing device, are configured to acquire and store therein the key shares, wherein the protection control module, when executed by the microprocessor of the information processing device, is configured to output the encrypted application program to each of the detection modules, wherein each detection module, when executed by the microprocessor of the information processing device, is further configured to: acquire the encrypted application program from the protection control module; partially decrypt the encrypted application program with use of the key share stored therein to generate a partially decrypted text; and output the partially decrypted text to the protection control module, and wherein the protection control module, when executed by the microprocessor of the information processing device, is further configured to: acquire the partially decrypted texts from the detection modules; and decrypts decrypt the encrypted application program with use of the acquired partially decrypted texts. 4. The tampering monitoring sys