JP2006033266A - System, device, and method for processing information, and server device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide information from a server to a terminal while verifying authenticity in a communication target and communication content. <P>SOLUTION: The application of a terminal SAM client 11 transmits an application public key to a qualified organ 13, and receives the digital certification of the application transmitted from the qualified organ 13 to it for storage. And the application of the terminal SAM client 11 transmits the digital certification of the application to a key server 15. The key server 15 generates an access permit for transmitting to the application of the terminal SAM client 11. The application of the terminal SAM client 11 transmits the access permit and the message of a key data acquisition request to the key server 15, which can be applied to an information processing system for processing information on an IC card. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing system, an information processing device, a server device, and an information processing method. In particular, the server device can provide information to a terminal device while verifying the authenticity of a communication target and communication contents. The present invention relates to an information processing system, an information processing apparatus, a server apparatus, and an information processing method.

  In recent years, when operating (updating) data in a card (IC card) containing an IC (Integrated Circuit) chip, a terminal equipped with an IC card reader / writer is connected to a server that provides information to the terminal, After performing mutual authentication online, a terminal equipped with an IC card reader / writer operates on data in the IC card.

  For example, Patent Document 1 discloses a technique for reading data in an IC card online.

An application is stored in a terminal provided with an IC card reader / writer, and the application holds a key (common key) used with the IC card.
JP 2003-141063 A

  However, when providing key data to a terminal in which an application is stored, there is a problem that it is difficult for the server to verify that the application may provide key data. .

  The present invention has been made in view of such a situation, and the server device provides information to the terminal while verifying the authenticity of the communication target and the communication content.

  An information processing system of the present invention is an information processing system including a terminal device that manages information related to an IC card, a server device that provides information to the terminal device, and an authorization device. The terminal device is a first device included in the terminal device. A first transmission unit that transmits a second key corresponding to the key to the authorized device and a digital certificate of the terminal device that is transmitted from the authorized device in response to transmission by the first transmission unit. 1 receiving means, a first storage means for storing the digital certificate of the terminal device received by the first receiving means, and the digital certificate of the terminal device stored in the first storage means in the server device A second transmitting means for transmitting, and the authorization device is received by the second receiving means for receiving the second key transmitted by the first transmitting means of the terminal device and the second receiving means. Second key A first signing means for generating a signature of the second key using the second key and the third key of the authorized device when the second key of the terminal device is recognized; A third sending means for sending a signature of the second key generated by the first signing means and a digital certificate of the terminal device comprising the second key to the terminal device; And a fourth transmission unit configured to transmit a fourth key corresponding to the key to the server device, and the server device receives the digital certificate of the terminal device transmitted by the second transmission unit of the terminal device. The third receiving means, the fourth receiving means for receiving the fourth key transmitted by the fourth transmitting means of the authorization device, and the fourth key received by the fourth receiving means are stored. The digital certificate of the terminal device received by the second storage means and the third receiving means A first verification unit that verifies that the second key is valid using a signature of the second key to be turned and a fourth key stored in the second storage unit, and a first verification unit When it is verified that the second key of the digital certificate is valid by using the digital certificate of the terminal device received by the third receiving means and the fifth key of the server device, A second signing means for generating a signature of the digital certificate of the terminal device, a signature of the digital certificate of the terminal device generated by the second signature means, and an access permit comprising the digital certificate of the terminal device, A fifth transmission means for transmitting to the terminal device, wherein the terminal device includes a fifth reception means for receiving the access permit transmitted by the fifth transmission means of the server device, and a fifth reception means. Memorize the received access permit And 3 storage means.

  When the terminal device requests predetermined information from the server device, the terminal device transmits the access permit stored in the third storage unit and request information requesting the server device for predetermined information to the server device. And 6th receiving means for receiving information transmitted from the server apparatus in response to transmission by the 6th transmitting means, and the server apparatus includes sixth transmitting means for the terminal device. The seventh receiving means for receiving the access permit and the request information transmitted by the above, the access permit received by the seventh receiving means, and the sixth key corresponding to the fifth key of the server device And the second verification means for verifying that the access permit is valid using the key of the information, and when the access verification certificate is verified by the second verification means, information on the request information is end It can be made, further comprising a seventh transmitting means for transmitting device.

  The first key is the secret key of the terminal device, the second key is the public key of the terminal device, the third key is the secret key of the certified device, and the fourth key is the certified device The fifth key is the server device private key, the sixth key is the server device public key, the terminal device private key, the authorized device private key, and the server device private key. Only each device has a private key. Those signed using the private key of the terminal device are verified with the public key of the terminal device, and those signed using the private key of the certified device are those of the certified device. What is verified with the public key and signed with the private key of the server device can be verified with the public key of the server device.

  The information can be an application program, data necessary for its execution, or common key data necessary for IC card access.

  When the terminal device requests predetermined information from the server device, the terminal device uses the access permit stored in the third storage means, request information for requesting predetermined information from the server device, and the first key. And further comprising third signing means for generating a signature of the permit and the request information, and the sixth sending means includes the access permit, the request information, and the access permit and request generated by the third signing means. The signature of the information is transmitted to the server device. In the server device, the seventh receiving means receives the access permit, the request information, and the access permit and the signature of the request information, and the second verifying means Using the second key obtained from the signature of the permit and request information and the access permit, verify that the access permit and request information are valid, and verify the access permit And the sixth key is used to verify that the access permit is valid, and when the second verification means verifies that the access permit and the request information are valid, the seventh transmission means The information encrypted using the fourth key acquired from the authorized device can be transmitted to the terminal device.

  A first information processing method according to the present invention is an information processing method for an information processing system including a terminal device that manages information related to an IC card, a server device that provides information to the terminal device, and a certification device. The second key corresponding to the first key of the authorized device is transmitted to the server device, the server device receives and stores the second key transmitted from the authorized device, and the terminal device is the terminal A fourth key corresponding to the third key of the device is transmitted to the authorization device, the authorization device receives the fourth key transmitted from the terminal device, and the received fourth key is stored in the terminal device; When it is recognized that the key is the fourth key, a signature of the fourth key is generated using the fourth key and the first key of the authentication device, and the generated signature of the fourth key is The terminal device digital certificate consisting of the fourth key is transmitted to the terminal device, The device receives the digital certificate of the terminal device transmitted from the authorized device, controls storage of the received digital certificate of the terminal device, and sends the digital certificate of the terminal device whose storage is controlled to the server device. The server device receives the digital certificate of the terminal device transmitted from the terminal device, receives the second key transmitted from the authorized device, and is included in the received digital certificate of the terminal device When the signature of the fourth key and the received second key are used to verify that the fourth key is valid and the fourth key of the digital certificate is verified to be valid, Using the received digital certificate of the terminal device and the fifth key of the server device, the signature of the digital certificate of the terminal device is generated, and the generated digital certificate signature of the terminal device and the terminal device From a digital certificate Access permit, and transmitted to the terminal device, the terminal apparatus receives the access permit transmitted from the server apparatus, and controls the storage of the received access permit.

  In the first aspect of the present invention, the authorization device transmits the second key to the server device, and the server device receives and stores the second key, and the terminal device and the fourth key to the authorization device. When it is transmitted and the authorized device receives the fourth key and the received fourth key is authorized to be the fourth key of the terminal device, the fourth key and the authorized device have the fourth key. The first key is used to generate the signature of the fourth key, and the signature of the fourth key and the digital certificate of the terminal device including the fourth key are transmitted to the terminal device. In addition, the terminal device receives the digital certificate of the terminal device, the digital certificate of the terminal device is transmitted to the server device, the server device receives the digital certificate of the terminal device, and the second key is The fourth key of the digital certificate that is received and verified that the fourth key is valid by using the signature of the fourth key included in the digital certificate of the terminal device and the second key. Is verified using the digital certificate of the terminal device and the fifth key of the server device, the signature of the digital certificate of the terminal device is generated and the digital certificate of the terminal device is verified. And an access permit including the digital certificate of the terminal device is transmitted to the terminal device. Further, the terminal device receives the access permit and controls the storage.

  The server device of the present invention is a server device that exchanges information with an authorized device and provides information to a terminal device that manages information related to an IC card, and the authorized device transmitted from the terminal device is connected to the terminal device. First receiving means for receiving a digital certificate of the terminal device issued to the second receiving device, and second receiving for receiving a second key corresponding to the first key of the authorized device transmitted from the authorized device. Means, storage means for storing the second key received by the second receiving means, and a third key possessed by the terminal device included in the digital certificate of the terminal device received by the first receiving means. A first verification unit that verifies that the fourth key is valid by using the corresponding fourth key signature and the second key stored in the storage unit; The fourth key of the digital certificate is valid If it is verified that there is a signature, the signature that generates the signature of the digital certificate of the terminal device using the digital certificate of the terminal device received by the first receiving unit and the fifth key of the server device And a first transmission means for transmitting to the terminal device an access permit comprising the digital certificate of the terminal device generated by the signature means and the digital certificate of the terminal device. .

  When the terminal device requests predetermined information, the third receiving means for receiving the access permit transmitted from the terminal device and the request information for requesting the predetermined information, and the third receiving means receive the information. Second verification means for verifying that the access permit is valid using the access permission certificate and the sixth key corresponding to the fifth key of the server device, and second verification means When it is verified that the access permit is valid, the information processing apparatus may further include a second transmission unit that transmits information on the request information to the terminal device.

  The second information processing method of the present invention is an information processing method for a server device that exchanges information with an authorized device and provides information to a terminal device that manages information related to an IC card, and has been transmitted from the terminal device. In addition, a first reception step of receiving a digital certificate of the terminal device issued by the authorized device to the terminal device, and a second corresponding to the first key of the authorized device transmitted from the authorized device. A second receiving step for receiving the key; a storage control step for controlling storage of the second key received by the processing of the second receiving step; and a terminal device received by the processing of the first receiving step. Using the signature of the fourth key corresponding to the third key of the terminal device included in the digital certificate and the second key stored by the processing of the storage control step, the fourth key is valid. There is A verification step for verifying, and when the verification key verifies that the fourth key of the digital certificate is valid, the digital certificate of the terminal device received by the processing of the first reception step, and the server A signature step of generating a digital certificate signature of the terminal device using a fifth key of the device; a signature of the digital certificate of the terminal device generated by the processing of the signature step; and a digital certificate of the terminal device A transmission step of transmitting an access permit consisting of a certificate to the terminal device.

  In the second aspect of the present invention, the first certificate included in the certification device that is transmitted from the terminal device and received from the certification device is received from the digital certificate of the terminal device issued by the certification device to the terminal device. A second key corresponding to the key of the terminal is received and stored, and the signature of the fourth key corresponding to the third key of the terminal device included in the received digital certificate of the terminal device is stored. The second key is used to verify that the fourth key is valid. If the fourth key is verified to be valid, the digital certificate of the terminal device and the fifth key of the server device are obtained. The signature of the digital certificate of the terminal device is generated, and the generated digital certificate signature of the terminal device and the access permit including the digital certificate of the terminal device are transmitted to the terminal device.

  An information processing apparatus according to the present invention is an information processing apparatus that exchanges information with a server apparatus and an authentication apparatus that provide information related to an IC card, and that authenticates a second key corresponding to the first key of the information processing apparatus A first transmission means for transmitting to the apparatus; a first reception means for receiving the digital certificate of the information processing apparatus transmitted from the authorized apparatus for transmission by the first transmission means; and a first reception First storage means for storing the digital certificate of the information processing apparatus received by the means, and second transmission means for transmitting the digital certificate of the information processing apparatus stored in the first storage means to the server apparatus; In response to the transmission by the second transmission means, the second receiving unit receives the signature of the digital certificate of the information processing apparatus transmitted from the server apparatus and the access permit including the digital certificate of the information processing apparatus. Characterized in that it comprises means, and a second storage means for storing the received access permit by the second receiving means.

  A third transmission unit configured to transmit, to the server device, the access permit stored in the second storage unit and the request information requesting the server device for the predetermined information when requesting the server device for the predetermined information; In addition to the transmission by the third transmission means, it may further comprise a third reception means for receiving information on the request information transmitted from the server device.

  A third information processing method of the present invention is an information processing method of an information processing device that exchanges information with a server device and an authorized device that provide information about an IC card, and corresponds to a first key that the information processing device has A first transmission step of transmitting a second key to the authorized device, and a first reception of the digital certificate of the information processing device transmitted from the authorized device in response to the transmission by the processing of the first transmission step Receiving step, a first storage control step for controlling storage of the digital certificate of the information processing apparatus received by the first reception step, and an information processing whose storage is controlled by the processing of the first storage control step A second transmission step of transmitting the digital certificate of the device to the server device, and an information processing device transmitted from the server device in response to the transmission by the processing of the second transmission step A second receiving step for receiving a digital certificate signature and an access permit comprising the digital certificate of the information processing apparatus; and a second for controlling storage of the access permit received by the processing of the second receiving step. Storage control step.

  In the third aspect of the present invention, the second key corresponding to the first key of the information processing apparatus is transmitted to the certification apparatus, and the digital certificate of the information processing apparatus transmitted from the certification apparatus is received and received. The stored digital certificate of the information processing apparatus is stored, the stored digital certificate of the information processing apparatus is transmitted to the server apparatus, the signature of the digital certificate of the information processing apparatus transmitted from the server apparatus, and the information processing An access permit consisting of a digital certificate of the device is received and stored.

  According to the first aspect of the present invention, information can be safely provided to the terminal device. In particular, according to the first aspect of the present invention, the user of the terminal device can use only the information from the correct user of the server device. In addition, the user of the server device should grant permission for access to himself / herself after confirming that the terminal device has the function desired by the user of the server device based on the authorization by the authorization device. Can do.

  According to the second aspect of the present invention, information can be safely provided to the terminal device. In particular, according to the second aspect of the present invention, the user of the server device confirms that the terminal device has the function desired by the user of the server device based on the authorization by the authorization device, and then It is possible to grant access permission.

  According to the third aspect of the present invention, the terminal device can receive provision of safe information. In particular, according to the third aspect of the present invention, the user of the terminal device can use only information from the correct user of the server device.

  Embodiments of the present invention will be described below. The correspondence relationship between the invention described in this specification and the embodiments of the invention is exemplified as follows. This description is intended to confirm that the embodiments supporting the invention described in this specification are described in this specification. Therefore, even if there is an embodiment that is described in the embodiment of the invention but is not described here as corresponding to the invention, the fact that the embodiment is not It does not mean that it does not correspond to the invention. Conversely, even if an embodiment is described herein as corresponding to an invention, that means that the embodiment does not correspond to an invention other than the invention. Absent.

  Further, this description does not mean all the inventions described in this specification. In other words, this description is for the invention described in the present specification, which is not claimed in this application, that is, for the invention that will be applied for in the future or that will appear and be added by amendment. It does not deny existence.

The information processing system according to claim 1 is a terminal device (for example, the terminal SAM client 11 in FIG. 1) that manages information related to an IC card, and a server device that provides information to the terminal device (for example, the key server in FIG. 1). 15), and an information processing system (for example, the information processing system 1 in FIG. 1) including an accreditation device (for example, the accreditation organization 13 in FIG. 1),
The terminal device
First transmission means (for example, step S11 in FIG. 13) that transmits a second key (for example, an application public key) corresponding to a first key (for example, an application secret key) of the terminal device to the authorized device. The output unit 208) of FIG.
In response to transmission by the first transmission means, first reception means (for example, a digital certificate of the terminal device transmitted from the authorized device (for example, the digital certificate of the application in FIG. 14)) The input unit 201 in FIG. 6 that executes the process of step S12 in FIG. 13;
First storage means for storing the digital certificate of the terminal device received by the first reception means (for example, the storage unit 203 in FIG. 6 that executes the process of step S13 in FIG. 13);
Second transmission means for transmitting the digital certificate of the terminal device stored in the first storage means to the server device (for example, the output unit 208 in FIG. 6 for executing the processing of step S31 in FIG. 15); With
The certified device is
Second receiving means for receiving the second key transmitted by the first transmitting means of the terminal device (for example, the input unit 351 in FIG. 9 for executing the processing in step S21 in FIG. 13);
When it is determined that the second key received by the second receiving means is the second key of the terminal device, the second key and a third key ( For example, a first signing means (for example, the signature processing unit 354 of FIG. 9 that executes the process of step S22 of FIG. 13) that generates a signature of the second key using the certification authority private key);
The terminal device uses the signature of the second key generated by the first signing means and the digital certificate of the terminal device (for example, the digital certificate of the application in FIG. 14) composed of the second key. A third transmission means (for example, the output unit 355 of FIG. 9 that executes the process of step S23 of FIG. 13);
A fourth transmission unit (for example, the output unit 355 in FIG. 9) that transmits a fourth key (for example, an authorized institution public key) corresponding to the third key of the authorization device to the server device; Prepared,
The server device
Third receiving means for receiving the digital certificate of the terminal device transmitted by the second transmitting means of the terminal device (for example, the input unit 451 in FIG. 11 that executes the processing of step S51 in FIG. 15). When,
Fourth receiving means (for example, the input unit 451 in FIG. 11) for receiving the fourth key transmitted by the fourth transmitting means of the authorization device;
Second storage means for storing the fourth key received by the fourth reception means (for example, the storage unit 453 for storing the certification authority public key 484 in FIG. 12);
Using the second key signature contained in the digital certificate of the terminal device received by the third receiving means and the fourth key stored by the second storage means, the second key is used. First verification means for verifying that the key is valid (for example, the verification processing unit 455 of FIG. 11 that executes the process of step S52 of FIG. 15);
When the first verification unit verifies that the second key of the digital certificate is valid, the digital certificate of the terminal device received by the third reception unit, and the server device Using the fifth key (for example, server private key) possessed by the second signature means for generating the signature of the digital certificate of the terminal device (for example, executing the processing of step S54 in FIG. 15). Signature processing unit 454),
A signature of the digital certificate of the terminal device generated by the second signing means and an access permit (for example, access permit of FIG. 16) composed of the digital certificate of the terminal device are transmitted to the terminal device. And a fifth transmission means (for example, the output unit 458 of FIG. 11 that executes the process of step S55 of FIG. 15).
The terminal device
Fifth reception means for receiving the access permit transmitted by the fifth transmission means of the server device (for example, the input unit 201 in FIG. 6 for executing the processing of step S32 in FIG. 15);
And third storage means for storing the access permit received by the fifth reception means (for example, the storage unit 203 in FIG. 6 that executes the process of step S33 in FIG. 15). To do.

The information processing system according to claim 2 comprises:
The terminal device is
When requesting predetermined information (for example, key data) from the server device, the access permit stored by the third storage unit and request information for requesting predetermined information from the server device, A sixth transmission means for transmitting to the server device (for example, the output unit 208 in FIG. 6 that executes the process of step S152 in FIG. 20);
In response to transmission by the sixth transmission means, sixth reception means for receiving the information transmitted from the server device (for example, the input unit 201 in FIG. 6 for executing the processing of step S153 in FIG. 21). And further comprising
The server device is
Seventh receiving means for receiving the access permit transmitted by the sixth transmitting means of the terminal device and the request information (for example, the input of FIG. 11 for executing the processing of step S171 in FIG. 20) Part 451),
The access permit received by the seventh receiving means and the sixth key corresponding to the fifth key of the server device are used to verify that the access permit is valid. Second verification means (for example, the verification processing unit 455 of FIG. 11 that executes the processing of step S172 or step S174 of FIG. 20);
When the second verification means verifies that the access permit is valid (for example, when YES is determined in step S173 in FIG. 20 and YES is determined in step S175), the request information And a seventh transmission means for transmitting the information to the terminal device (for example, the output unit 458 of FIG. 11 that executes the process of step S179 of FIG. 21).

The first key of the information processing system according to claim 3 is a secret key of the terminal device,
The second key is a public key of the terminal device;
The third key is a secret key of the authorized device;
The fourth key is a public key of the authorized device,
The fifth key is a secret key of the server device;
The sixth key is a public key of the server device;
The private key of the terminal device, the private key of the authorized device, and the private key of the server device are possessed only by the respective devices, and those that are signed using the private key of the terminal device are publicly disclosed by the terminal device. What is verified with the key and signed with the secret key of the certified device is verified with the public key of the certified device, and what is signed with the secret key of the server device is the public key of the server device It is characterized by being verified.

The information of the information processing system according to claim 4 is the application program, data necessary for execution thereof, or common key data necessary for IC card access (for example, key data 491 in FIG. 12). And

The information processing system according to claim 5 is:
The terminal device is
When requesting predetermined information to the server device, the access permit stored in the third storage means, the request information requesting the server device for predetermined information, and the first key are used. , Further comprising third signature means for generating a signature of the access permit and the request information (for example, the signature processing unit 204 of FIG. 6 that executes the process of step S151 of FIG. 20),
The sixth transmission unit transmits the access permit, the request information, and the access permit and the request information signature generated by the third signature unit to the server device (for example, Step S152 in FIG.
The server device
The seventh receiving means receives the access permit, the request information, and the access permit and the signature of the request information (for example, step S171 in FIG. 20),
The second verification means verifies that the access permit and the request information are valid by using the signature of the access permit and the request information and the second key acquired from the access permit. And verifying that the access permit is valid using the access permit and the sixth key (for example, step S174 and step S175 in FIG. 20),
When it is verified by the second verification means that the access permit and the request information are valid, the seventh transmission means encrypts using the fourth key acquired from the authorization device. The transmitted information is transmitted to the terminal device (for example, step S179 in FIG. 21).
It is characterized by that.

The information processing method of the information processing system according to claim 6 is a terminal device (for example, the terminal SAM client 11 in FIG. 1) that manages information related to an IC card, and a server device (for example, FIG. 1) that provides information to the terminal device. 1 key server 15) and an information processing system (for example, information processing system 1 in FIG. 1) comprising an accreditation device (for example, accreditation organization 13 in FIG. 1),
The accreditation device transmits a second key (for example, an accreditation body public key) corresponding to a first key (for example, an accreditation body private key) possessed by the accreditation device to the server device (for example, FIG. 9). Processing executed by the output unit 355),
The server device receives and stores the second key transmitted from the authorized device;
The terminal device transmits a fourth key (for example, an application public key) corresponding to a third key (for example, an application secret key) that the terminal device has (for example, step S11 in FIG. 13). ),
The certified device is
Receiving the fourth key transmitted from the terminal device (for example, step S21 in FIG. 13);
When it is determined that the received fourth key is the fourth key of the terminal device, the fourth key and the first key (for example, an accredited institution secret key) that the accrediting device has To generate a signature of the fourth key (for example, step S22 in FIG. 13),
The generated signature of the fourth key and the digital certificate of the terminal device (for example, the digital certificate of the application in FIG. 14) composed of the fourth key are transmitted to the terminal device (for example, FIG. 13). Step S23),
The terminal device
Receiving the digital certificate of the terminal device (for example, the digital certificate of the application of FIG. 14) transmitted from the authorized device (for example, step S12 of FIG. 13);
Control the storage of the received digital certificate of the terminal device (for example, step S13 in FIG. 13),
The digital certificate of the terminal device whose storage is controlled is transmitted to the server device (for example, the output unit 208 of FIG. 6 that executes the process of step S31 of FIG. 15),
The server device
Receiving the digital certificate of the terminal device transmitted from the terminal device (for example, step S51 in FIG. 15);
The second key transmitted from the authorized device is received (for example, processing executed by the input unit 451 in FIG. 11),
Using the signature of the fourth key included in the received digital certificate of the terminal device and the received second key, it is verified that the fourth key is valid (for example, FIG. 15 Step S52),
When it is verified that the fourth key of the digital certificate is valid, the received digital certificate of the terminal device and a fifth key (for example, server secret key) of the server device To generate a signature of the digital certificate of the terminal device (for example, step S54 in FIG. 15),
The generated digital certificate signature of the terminal device and an access permit (for example, the access permit in FIG. 16) including the digital certificate of the terminal device are transmitted to the terminal device (for example, in FIG. 15). Step S55),
The terminal device
Receiving the access permit transmitted from the server device (for example, step S32 in FIG. 15);
Control storage of the received access permit (for example, step S33 in FIG. 15).
It is characterized by that.

The server device according to claim 7 sends / receives information to / from an accreditation device (for example, the accreditation organization 13 in FIG. 1), and also manages a terminal device (for example, the terminal SAM client 11 in FIG. 1) that manages information on the IC card. A server device (for example, key server 15) that provides information,
First receiving means for receiving the digital certificate of the terminal device issued from the terminal device to the terminal device transmitted from the terminal device (for example, a diagram for executing the process of step S51 in FIG. 15) 11 input units 451),
Second receiving means for receiving a second key (for example, a certification authority public key) corresponding to a first key (for example, a certification authority private key) possessed by the certification apparatus, transmitted from the certification apparatus. For example, the input unit 451) of FIG.
Storage means for storing the second key received by the second reception means (for example, a storage unit 453 for storing the certification authority public key 484 in FIG. 12);
A fourth key (for example, an application public key) corresponding to a third key (for example, an application private key) included in the terminal device included in the digital certificate of the terminal device received by the first receiving unit. 15 and the second key stored in the storage means, the first verification means for verifying that the fourth key is valid (for example, the process of step S52 in FIG. 15). The verification processing unit 455) of FIG.
When the first verification unit verifies that the fourth key of the digital certificate is valid, the digital certificate of the terminal device received by the first reception unit, and the server device 11 for generating a signature of the digital certificate of the terminal device using the fifth key (for example, server private key) possessed by (for example, the signature processing of FIG. 11 for executing the processing of step S54 of FIG. 15) Part 454),
A first certificate for transmitting the digital certificate signature of the terminal device generated by the signature means and an access permit (for example, the access permit in FIG. 16) composed of the digital certificate of the terminal device to the terminal device. Transmission means (for example, the output unit 458 of FIG. 11 that executes the process of step S55 of FIG. 15).

The server device according to claim 8 is:
Third reception for receiving the access permit transmitted from the terminal device and request information for requesting the predetermined information when the terminal device requests predetermined information (for example, key data). Means (for example, the input unit 451 in FIG. 11 for executing the processing in step S171 in FIG. 20);
Verifying that the access permit is valid using the access permit received by the third receiving means and a sixth key corresponding to the fifth key of the server device Second verification means (for example, the verification processing unit 455 of FIG. 11 that executes the processing of step S172 or step S174 of FIG. 20);
When the second verification means verifies that the access permit is valid (for example, when YES is determined in step S173 in FIG. 20 and YES is determined in step S175), the request information And a second transmission unit (for example, the output unit 458 of FIG. 11 that executes the process of step S179 of FIG. 21).

The information processing method according to claim 9 is a terminal device (for example, the terminal SAM client 11 in FIG. 1) that exchanges information with an authorization device (for example, the certification body 13 in FIG. 1) and manages information on the IC card. An information processing method of a server device (for example, key server 15) that provides information to
A first reception step (for example, step S51 in FIG. 15) of receiving the digital certificate of the terminal device issued from the terminal device to the terminal device, transmitted from the terminal device;
A second receiving step of receiving a second key (for example, a certification authority public key) corresponding to a first key (for example, a certification authority private key) possessed by the certification apparatus, which has been transmitted from the certification apparatus ( For example, processing executed by the input unit 451 in FIG.
Storage control step for controlling storage of the second key received by the processing of the second reception step (for example, storage control step for controlling storage of the certification authority public key 484 in FIG. 12 in the storage unit 453) When,
A fourth key (for example, application public key) corresponding to a third key (for example, an application secret key) included in the terminal device included in the digital certificate of the terminal device received by the processing of the first reception step A verification step (for example, step S52 in FIG. 15) that verifies that the fourth key is valid by using the signature of the key) and the second key stored by the processing of the storage control step. When,
When it is verified that the fourth key of the digital certificate is valid by the process of the verification step, the digital certificate of the terminal device received by the process of the first reception step, and the server A signature step (for example, step S54 in FIG. 15) for generating a signature of the digital certificate of the terminal device using a fifth key (for example, a server private key) possessed by the device;
A signature of the digital certificate of the terminal device generated by the processing of the signature step and an access permit (for example, access permit of FIG. 16) composed of the digital certificate of the terminal device are transmitted to the terminal device. And a transmission step (for example, step S55 in FIG. 15).

The information processing device according to claim 10 is an information processing device that exchanges information with a server device (for example, the key server 15 in FIG. 1) and an accreditation device (for example, the accreditation organization 13 in FIG. 1) that provides information related to the IC card. A device (eg, terminal SAM client 11),
First transmission means (for example, step of FIG. 13) that transmits a second key (for example, application public key) corresponding to a first key (for example, application secret key) possessed by the information processing apparatus to the authorized apparatus. The output unit 208) of FIG. 6 for executing the process of S11;
In response to transmission by the first transmission means, first reception means (for example, a digital certificate of the information processing apparatus (for example, the digital certificate of the application in FIG. 14) transmitted from the authorized apparatus). , The input unit 201 in FIG. 6 for executing the process of step S12 in FIG.
First storage means for storing the digital certificate of the information processing apparatus received by the first reception means (for example, the storage unit 203 in FIG. 6 for executing the processing in step S13 in FIG. 13);
Second transmission means for transmitting the digital certificate of the information processing apparatus stored in the first storage means to the server apparatus (for example, the output unit 208 in FIG. 6 that executes the process of step S31 in FIG. 15). When,
In response to transmission by the second transmission means, an access permit (for example, FIG. 16) consisting of the digital certificate signature of the information processing apparatus transmitted from the server apparatus and the digital certificate of the information processing apparatus. Second receiving means (for example, the input unit 201 in FIG. 6 that executes the process of step S32 in FIG. 15),
And second storage means for storing the access permit received by the second reception means (for example, the storage unit 203 in FIG. 6 that executes the process of step S33 in FIG. 15). .

An information processing apparatus according to claim 11 is provided.
When requesting predetermined information (for example, key data) to the server device, the access permit stored in the second storage means and request information requesting the server device for predetermined information Third transmission means for transmitting to the server device (for example, the output unit 208 in FIG. 6 that executes the process of step S152 in FIG. 20);
In response to transmission by the third transmission means, third reception means for receiving the information for the request information transmitted from the server device (for example, executing the processing of step S153 in FIG. 21). And an input unit 201).

The information processing method according to claim 12 is an information processing for exchanging information with a server device (for example, the key server 15 in FIG. 1) and an accreditation device (for example, the accreditation organization 13 in FIG. 1) that provides information related to the IC card. An information processing method for a device (for example, a terminal SAM client 11),
A first transmission step (for example, the step of FIG. 13) that transmits a second key (for example, an application public key) corresponding to a first key (for example, an application secret key) possessed by the information processing apparatus to the authorized device. S11)
A first reception step of receiving a digital certificate of the information processing apparatus (for example, the digital certificate of the application in FIG. 14) transmitted from the authorized apparatus in response to transmission by the processing of the first transmission step. (For example, step S12 in FIG. 13),
A first storage control step (for example, step S13 in FIG. 13) for controlling storage of the digital certificate of the information processing apparatus received in the first reception step;
A second transmission step (for example, step S31 in FIG. 15) for transmitting the digital certificate of the information processing device whose storage is controlled by the processing of the first storage control step to the server device;
For the transmission by the processing of the second transmission step, the access certificate (for example, the signature of the digital certificate of the information processing device transmitted from the server device and the digital certificate of the information processing device) A second receiving step (for example, step S32 in FIG. 15) for receiving the access permit in FIG.
And a second storage control step (for example, step S33 in FIG. 15) for controlling storage of the access permit received by the processing of the second reception step.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing an example of the overall configuration of an information processing system to which the present invention is applied.

  Terminal SAM (Secure Application Module) clients 11-1 to 11-3 (terminal devices) are each connected to the network 12. The network 12 is connected with an accreditation body (also referred to as an accreditation station) 13, servers (server devices) 14-1 to 14-3, and a key server (server device) 15.

  Server 14-1 is operated by service provider A, server 14-2 is operated by service provider B, and server 14-3 is operated by service provider C. That is, the servers 14-1 to 14-3 are operated by different service providers. The network 12 is, for example, a LAN (Local Area Network). The key server 15 is a server that is operated jointly by the service providers A, B, and C, and centrally manages keys for exchanging information with the IC card. That is, key data corresponding to services managed by the servers 14-1 to 14-3 are collectively managed by the key server 15. The servers 14-1 to 14-3 register key data in the key server 15 via the network 12 when updating the key. The accreditation apparatus is an apparatus that is governed by the accreditation body (accreditation station) 13. In practice, various processes are executed by the accreditation apparatus. In this embodiment, the accreditation apparatus is referred to as a process executed by the accreditation body 13. .

  In the following, when the terminal SAM clients 11-1 to 11-3 do not need to be individually distinguished, they are referred to as the terminal SAM client 11, and when the servers 14-1 to 14-3 do not need to be individually distinguished, This is referred to as server 14. Further, when it is not necessary to individually distinguish the service providers A, B, and C, they are referred to as service providers.

  The authorization organization 13 is an organization that authorizes the terminal SAM client 11 to the service provider. For example, in response to a request from the terminal SAM client 11, the certification authority 13 issues a digital certificate for the application (a certificate for the application of the terminal SAM client 11 by the certification authority 13) to the application of the terminal SAM client 11. . Each application of the terminal SAM client 11 transmits the digital certificate of this application to the key server 15, and the key server 15 receives the digital certificate of the application. The key server 15 verifies whether the digital certificate of the application is valid by using the public key of the certification authority 13. If the key server 15 is verified as valid, the key server 15 generates (issues) an access permit, and the terminal SAM client 11 Send to your application. The application of the terminal SAM client 11 appropriately acquires key data from the key server 15 using this access permit. Further, the terminal SAM client 11 appropriately receives distribution of applications and other information from the server 14-1.

  The key server 15 can determine whether or not the application of the terminal SAM client 11 should distribute key data based on the access permit from the application of the terminal SAM client 11. The key server 15 transmits key data to the application of the terminal SAM client 11 when the authentication of the application of the terminal SAM client 11 is successful based on the access permit from the application of the terminal SAM client 11.

  The terminal SAM client 11 can execute a plurality of applications. The terminal SAM client 11 executes an application and accesses an IC card (not shown). At this time, the application uses the key data as a common key for exchanging information with the IC card. For example, the terminal SAM client 11 executes an application and updates data in the IC card. Then, the application of the terminal SAM client 11 transmits processing execution results and inquiries to the server 14 that provides the corresponding service via the network 12. When the network 12 is offline, the application of the terminal SAM client 11 holds the execution result of the process, and when it is online, transmits the execution result to the server 14 via the network 12. In this example, the network 12 is described, but the network 12 may not be used.

  Next, a functional configuration example of the terminal SAM client 11 will be described. FIG. 2 is a block diagram showing a functional configuration example of the terminal SAM client 11 of FIG.

  The terminal SAM client 11 has a functional configuration of a control terminal 41, a terminal SAM 42, and an IC card reader / writer antenna 43.

  The control terminal 41 is, for example, a POS (Point Of Sales) terminal. The control terminal 41 issues a command to update data to the IC card 51 or transmits data read from the IC card 51 to the server 14 via the network 12 (FIG. 1).

  The IC card reader / writer antenna 43 communicates with the external IC card 51 in a non-contact manner, and reads various data stored in the IC card and writes data. For example, the IC card reader / writer antenna 43 reads data such as an identification number unique to the IC card 51 stored in the IC card 51 and an amount stored in the IC card 51. The IC card reader / writer antenna 43 communicates with the IC card 51 in a non-contact manner, and rewrites (updates) data such as the amount of money stored in the IC card 51. At this time, information exchanged between the IC card 51 and the application (terminal SAM 42) via the IC card reader / writer antenna 43 is encrypted using a common key. In this embodiment, the IC card 51 and the IC card reader / writer antenna 43 are described as being non-contact type, but the IC card and the IC card reader / writer may be contact type.

  The terminal SAM 42 encrypts and decrypts the data supplied from the IC card reader / writer antenna 43 and obtains the certification of the server 14 from the certification authority 13 to sign the public key of the terminal SAM 42. And a control to transmit a terminal SAM digital certificate comprising the signature of the terminal SAM public key and the terminal SAM public key to the server 14. Further, the terminal SAM 42 executes an application and saves the execution result of the process as a log. That is, the terminal SAM 42 securely manages data in the terminal SAM client 11.

  FIG. 3 is a block diagram showing a hardware configuration example of the terminal SAM 42 of FIG.

  A CPU (Central Processing Unit) 71, a ROM (Read Only Memory) 72, and a RAM (Random Access Memory) 73 are connected to each other via an internal bus 74. An input / output interface 75 is also connected to the internal bus 74.

  The CPU 71 executes various processes according to a program stored in the ROM 72 or a program loaded from the storage unit 78 to the RAM 73. The RAM 73 also appropriately stores data necessary for the CPU 71 to execute various processes.

  The input / output interface 75 includes an input unit 76 including a keyboard and a mouse, an output unit 77 including a lamp, an LED (Light Emitting Diode) and a speaker, a storage unit 78 including a hard disk, a modem, a terminal adapter, and the like. A communicator 79 and an IC card reader / writer 80 are connected. The communication unit 79 performs communication processing via various networks including RS232C serial communication, LAN, telephone line, or CATV. Data exchange with the control terminal 41 is performed via the communication unit 79. The IC card reader / writer 80 has a built-in memory (not shown), the card data is stored in the memory, and the IC card reader / writer antenna 43 is used for short-distance communication with the IC card 51. Done through.

  A drive 81 is connected to the input / output interface 75 as necessary, and a removable medium 91 including a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is appropriately mounted, and a computer program read therefrom is Installed in the storage unit 78 as necessary.

  In association with the above-described functional configuration example of FIG. 3, the CPU 71 of FIG. 4 has a function of the terminal SAM by executing predetermined processing described later.

  FIG. 4 is a diagram for explaining an example of information related to the terminal SAM 42 (FIG. 3) stored in the storage unit 78 of FIG. That is, FIG. 4 shows an example of information used for the terminal SAM 42 to execute processing.

  In the storage unit 78, as information regarding the terminal SAM 42, an application 121-1, an application 122-1, and an application 123-1 (in the case of an application corresponding to the terminal SAM client 11-1, an application 121-1, an application 122- 1 and the application 123-1, and the application corresponding to the terminal SAM client 11-2 is the application 121-2, the application 122-2, and the application 123-2, and corresponds to the terminal SAM client 11-3. The application 121-3, the application 122-3, and the application 123-3). When one application (for example, the application 121-1) is executed, it functions as the terminal SAM 42 for one IC card. That is, according to the type of the IC card 51 that communicates with the IC card reader / writer antenna 43, the corresponding application among the application 121-1, the application 122-1, and the application 123-1 is executed, whereby the terminal SAM42. Works. Note that the applications 121-1, 122-1, and 123-1 are applications provided by different IC cards (different service providers).

  As shown in FIG. 5, the key server 15 uses a common key (information exchanged between the IC card 51 and each of the applications 121-1 to 121-3) used by each of the applications 121-1 to 121-3. The common key used for encryption and decryption is centrally managed. The applications 121-1 to 121-3 are stored in different terminal SAMs 42, respectively. For example, the application 121-1 is stored in the terminal SAM client 11-1 in FIG. 1, the application 121-2 is stored in the terminal SAM client 11-2, and the application 121-3 is stored in the terminal SAM client 11-3. Yes. Specifically, these applications 121-1 to 121-3 are applications that are executed to use the same type of IC card (for example, Felica (trademark)). In the following, the applications 121-1 to 121-3 are referred to as applications 121 when it is not necessary to distinguish them individually.

  That is, the applications 121-1 through 121-3 have the same service provider, and the keys (common keys) of the applications 121-1 through 121-3 are also shared.

  The application 121 is prohibited from further transferring the key data acquired from the key server 15 to another application or the like, and the key data is used only within the application 121.

  Note that the keys of the applications 121-1, 122-1, and the application 123-1 in FIG. 4 are not shared (that is, because service providers are different or applications are used differently).

  In FIG. 5, public key cryptography is used for data exchange between the application 121 and the key server 15, and details will be described later.

  Next, a functional configuration example of the terminal SAM 42 in FIG. 2 will be described. FIG. 6 is a block diagram illustrating a functional configuration example of the terminal SAM 42 of FIG. The functional configuration of FIG. 6 is realized by the CPU 71 of the terminal SAM client 11 of FIG. 3 executing the application stored in the storage unit 78. That is, FIG. 6 is a block diagram illustrating a virtual functional configuration example of the application 121 that operates as the terminal SAM 42.

  In FIG. 6, an application 121 includes an input unit 201, a main control unit 202, a storage unit 203, a signature processing unit 204, a verification processing unit 205, an encryption unit 206, a decryption unit 207, and an output unit 208. .

  The input unit 201 receives data input and supplies the received data to the main control unit 202. For example, the input unit 201 receives data supplied from the IC card reader / writer antenna 43 and data supplied from the control terminal 41 and supplies the data to the main control unit 202.

  The main control unit 202 controls each unit. The storage unit 203 stores (virtually) information necessary for the application 121 to execute processing based on the control from the main control unit 202. As a specific example, as shown in FIG. 7, the storage unit 203 includes an application public key 221, an application private key 222, an application digital certificate 223, an access certificate 224, and a key server digital certificate 225. Remember.

  The application public key 221 is a public key of the application 121 that the application 121 discloses to external devices (for example, the certification authority 13, the server 14, and the key server 15). The application secret key 222 is a secret key of the application 121 that only the application 121 has. The application public key 221 and the application secret key 222 correspond to each other. That is, the application public key 221 and the application secret key 222 are a key pair. More specifically, the data signed with the application secret key 222 can be verified only by the application public key 221 whether the data is valid. The terminal SAM 42 that holds the application secret key 222 has a function of not leaking the secret key to others.

  The application digital certificate 223 is a digital certificate issued by the certification authority 13 and certifying the application. The application digital certificate 223 is acquired and stored in a process described later.

  The access permit 224 is a permit that permits the application 121 to access the key server 15 and is issued by the key server 15 based on the application digital certificate 223 issued by the certification authority 13. Note that the access permit 224 is also acquired and stored in the process described later, like the application digital certificate 223.

  The key server digital certificate 225 is a digital certificate issued by the certification authority 13 to certify the key server 15. The digital certificate 225 of the key server is held in advance in the application. It is assumed that the validity of the digital certificate 225 of the key server has been verified.

  That is, in FIG. 7, an application public key 221, an application private key 222, and a key server digital certificate 225 are stored in the storage unit 203 in advance, and the application digital certificate 223 and the access certificate 224 are The data is stored in the storage unit 203 as appropriate in the following processing.

  Returning to FIG. 6, the signature processing unit 204 generates a signature of predetermined data based on the control from the main control unit 202. For example, the signature processing unit 204 generates a signature of predetermined data using the application secret key 222. Based on the control from the main control unit 202, the verification processing unit 205 executes processing for verifying that the predetermined data is valid. For example, the verification processing unit 205 verifies that the predetermined data is valid using the transmission source public key.

  The encryption unit 206 encrypts data based on the control from the main control unit 202. The decrypting unit 207 decrypts the encrypted data based on the control from the main control unit 202. For example, the decryption unit 207 decrypts the data encrypted with the application public key 221 owned by itself with the application secret key 222.

  The output unit 208 outputs data based on the control from the main control unit 202. For example, the output unit 208 outputs data to the control terminal 41 or outputs via the IC card reader / writer antenna 43.

  FIG. 8 is a block diagram illustrating a hardware configuration example of the certification authority 13 of FIG.

  The CPU 251, ROM 252, and RAM 253 are connected to each other via an internal bus 254. An input / output interface 255 is also connected to the internal bus 254.

  The CPU 251 executes various processes according to a program stored in the ROM 252 or a program loaded from the storage unit 258 to the RAM 253. The RAM 253 also appropriately stores data necessary for the CPU 251 to execute various processes.

  The input / output interface 255 includes an input unit 256 including a keyboard and a mouse, an output unit 257 including a CRT, an LCD, and a speaker, a storage unit 258 including a hard disk, and a communication unit including a modem and a terminal adapter. 259 is connected. The communication unit 259 performs communication processing via various networks including a telephone line and CATV.

  A drive 261 is also connected to the input / output interface 255 as necessary, and a removable medium 271 composed of a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is appropriately mounted, and a computer program read therefrom is Installed in the storage unit 258 as necessary.

  Next, a functional configuration example of the accreditation body 13 (authorization apparatus) in FIG. 8 will be described. FIG. 9 is a block diagram illustrating a functional configuration example of the accreditation body 13 of FIG. The functional configuration of FIG. 10 is realized by the CPU 251 of the certification authority 13 of FIG. 8 executing various processes using information stored in the storage unit 258.

  In FIG. 9, the certification authority 13 is provided with an input unit 351, a main control unit 352, a storage unit 353, a signature processing unit 354, and an output unit 355.

  The input unit 351 accepts data input and supplies the accepted data to the main control unit 352. For example, the input unit 351 receives data supplied from the terminal SAM client 11 via the network 12, data supplied from the server 14, or data supplied from the key server 15, and receives this data as the main control unit. 352.

  The main control unit 352 controls each unit. The storage unit 353 stores at least the certification authority public key 361 and the certification authority private key 362. The certification authority public key 361 is a public key of the certification authority 13 that the certification authority 13 discloses to an external device. For example, the certification authority public key 361 is transmitted to the key server 15 via the output unit 355 and stored in the key server 15. The certification authority secret key 362 is a secret key of the certification authority 13 that only the certification authority 13 has. The certification authority public key 361 and the certification authority private key 362 correspond to each other. That is, the certification authority public key 361 and the certification authority private key 362 are a key pair. These are stored in advance in the certification authority 13. More specifically, it is possible to verify whether the data signed with the certification authority private key 362 is valid only with the certification authority public key 361. The certification authority 13 that holds the certification authority private key 362 has a function of not leaking the secret key to others.

  The signature processing unit 354 generates a signature for predetermined data based on the control from the main control unit 352. For example, the signature processing unit 354 generates a signature of predetermined data using the certification authority private key 312.

  The output unit 355 outputs data based on the control from the main control unit 352. For example, the output unit 355 outputs data to the terminal SAM client 11, the server 14, or the key server 15 via the network 12.

  FIG. 10 is a block diagram illustrating a hardware configuration example of the key server 15 of FIG.

  The CPU 371, ROM 372, and RAM 373 are connected to each other via an internal bus 374. An input / output interface 375 is also connected to the internal bus 374.

  The CPU 371 executes various processes according to a program stored in the ROM 372 or a program loaded from the storage unit 378 to the RAM 373. The RAM 373 also stores data necessary for the CPU 371 to execute various processes.

  The input / output interface 375 includes an input unit 376 including a keyboard and a mouse, an output unit 377 including a CRT, an LCD, and a speaker, a storage unit 378 including a hard disk, a communication unit including a modem, a terminal adapter, and the like. 379 is connected. The communication unit 379 performs communication processing via various networks including a telephone line and CATV.

  A drive 381 is also connected to the input / output interface 375 as necessary, and a removable medium 391 composed of a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is appropriately mounted, and a computer program read therefrom is It is installed in the storage unit 378 as necessary.

  Next, a functional configuration example of the key server 15 in FIG. 10 will be described. FIG. 11 is a block diagram illustrating a functional configuration example of the key server 15 of FIG. The functional configuration of FIG. 11 is realized by the CPU 371 of the key server 15 of FIG. 10 executing various processes using information stored in the storage unit 378.

  11, the key server 15 includes an input unit 451, a main control unit 452, a storage unit 453, a signature processing unit 454, a verification processing unit 455, an encryption unit 456, a decryption unit 457, and an output unit 458. Yes.

  The input unit 451 receives data input and supplies the received data to the main control unit 452. For example, the input unit 451 receives data supplied from the terminal SAM client 11 via the network 12, data supplied from the certification authority 13, or data supplied from the server 14, and supplies this to the main control unit 452. To do.

  The main control unit 452 controls each unit. The storage unit 453 stores information used for the key server 15 to execute the processing described in the present embodiment. A specific example will be described with reference to FIG.

  In the example of FIG. 12, the storage unit 453 stores a key server public key 481, a key server private key 482, a key server digital certificate 483, an authorized institution public key 484, and a key folder 485.

  The key server public key 481 is a public key of the key server 15 that the key server 15 discloses to external devices (for example, the application 121 of the terminal SAM client 11, the certification authority 13, and the server 14). The key server secret key 482 is a secret key of the key server 15 that only the key server 15 has. The key server public key 481 and the key server private key 482 correspond to each other. That is, the key server public key 481 and the key server private key 482 are a key pair. More specifically, data signed with the key server private key 482 can be verified only by the key server public key 481 as to whether the data is valid. The key server 15 that holds the key server secret key 482 has a function of not leaking the secret key to others.

  The key server digital certificate 483 is a digital certificate issued by the certification authority 13 to certify the key server 15. Note that the digital certificate 483 of the key server is acquired and stored in a process described later. The key server digital certificate 483 is the same as the key server digital certificate 203 stored in the storage unit 203 of the application 121 in FIG.

  The certification authority public key 484 is a public key of the certification authority 13 that the certification authority 13 discloses to external devices, and corresponds to the certification authority private key (the certification authority private key 362 in FIG. 9 described above). That is, the certification authority public key 484 and the certification authority public key 361 in FIG. 9 are the same.

  Key data 491 to 493 are registered in the key folder 485. The key data 491 to 494 are set for each application 121. For example, the application 121-1 corresponds to the key data 491, the application 121-2 corresponds to the key data 492, and the application 121-3 corresponds to the key data 121-3. Two applications 121 may share one key. For example, the key data 491 may be shared between the application 121-1 and the application 121-2.

  That is, in FIG. 12, the key server public key 481, the key server private key 482, and the certification authority public key 484 are stored in advance in the storage unit 453, and the digital certificate 483 of the key server is appropriately used in the following processing. Stored in the storage unit 453. The key data of the key folder 485 is stored in advance when the service is provided, but is appropriately added or updated from the server 14 as the service provider.

  Next, with reference to the flowchart of FIG. 13, a process in which the application 121 in FIG. 6 (the application 121 executed in the terminal SAM client 11) receives the digital certificate of the application from the certification authority 13 in FIG. To do. This process is a process executed by the application 121 and the certification authority 13, and is started when the application 121 is started for the first time or when a command is issued to the application 121 to receive a certificate. Is done.

  In step S <b> 11, the output unit 208 of the application 121 transmits a message requesting the signature of the application public key and the application public key 221 based on the control from the main control unit 202. Specifically, the main control unit 202 reads out the application public key 221 (FIG. 7) stored in the storage unit 203 and outputs a message requesting the signature of the application public key from the output unit 208 (transmission). ) Here, instead of a message requesting the signature of the application public key, a message requesting a digital certificate of the application may be transmitted.

  On the other hand, in step S21, the input unit 351 of the certification authority 13 receives the message requesting the signature of the application public key and the application public key 221 (accepts input).

  In step S 22, the signature processing unit 354 of the certification authority 13 generates a signature of the application public key using the certification authority private key 362 based on the control from the control unit 352. At this time, the signature processing unit 354 generates a signature when it is recognized that the application public key 221 is the application public key 221 of the application 121 (when certified by some means). Specifically, the signature processing unit 354 encrypts the result of compressing the application public key 221 using the hash function program with the certification authority private key 362, and thereby the application public key as shown in FIG. Generate a signature (digital signature). In the present embodiment, it is described that the signature of the application public key is generated. However, in practice, a signature may be generated for data including at least the application public key. In other words, even if “Generate signature of application public key” is described, a signature may be generated for data including the application public key and other data.

  In step S23, based on the control from the main control unit 352, the output unit 355 uses the application public key signature and the application public key as application digital certificates, and the application 121 (the application 121 of the terminal SAM client 11). ). Specifically, as shown in FIG. 14, a digital certificate of an application including a (digital) signature of the application public key and the application public key is transmitted.

  On the other hand, in step S12, the input unit 201 of the application 121 receives a digital certificate (FIG. 14) including the signature of the application public key and the application public key.

  In step S <b> 13, the storage unit 203 stores the received application digital certificate as the application digital certificate 223 based on the control from the main control unit 202. That is, the application digital certificate of FIG. 14 is stored as the application digital certificate 223 of FIG. Actually, the digital certificate of the received application is merely stored in the storage unit 203, but is described in this way for consistency (the same applies hereinafter). Thereafter, the process is terminated.

  With the processing in FIG. 13, the application 121 can receive and store the application digital certificate 223 from the certification authority 13. The certification authority 13 issues a digital certificate 223 for the application, thereby certifying that the application 121 has a function of preventing the leakage of key data as a result.

  In this embodiment, the certification authority 13 issues the application digital certificate 223. However, the manufacturer of the terminal SAM client 11 on which the application 121 operates does not leak key data from the terminal. You may be responsible for issuing digital certificates for applications.

  Next, a process in which the application 121 in FIG. 6 (the application 121 executed in the terminal SAM client 11) receives the key server access permit from the key server 15 in FIG. 11 will be described with reference to the flowchart in FIG. . This process is a process executed by the application 121 and the key server 15, and is a process executed after the process of FIG. 13 (that is, after the application 121 acquires the application digital certificate 223). .

  In step S <b> 31, the output unit 208 of the application 121 transmits the application digital certificate 223 to the key server 15 based on the control from the main control unit 202. Specifically, the main control unit 202 acquires the application digital certificate 223 (the application digital certificate 223 acquired and stored in the processing of FIG. 13) from the storage unit 203 and stores it in the key server 15. The output unit 208 is controlled to transmit.

  On the other hand, the input unit 451 of the key server 15 receives the digital certificate 223 of the application in step S51. The received digital certificate 223 of the application is supplied to the main control unit 452.

  In step S52, the verification processing unit 455 verifies that the digital certificate of the application is valid using the certification authority public key 484 (FIG. 12) based on the control from the main control unit 452. Specifically, the verification processor 455 decrypts the signature of the application public key included in the application digital certificate with the certification authority public key 484 and the application public key included in the application digital certificate. Thus, it is verified whether the digital certificate of the application is valid by determining whether or not the data compressed by the hash function program matches. With this processing, the key server 15 confirms whether or not the application 121 that has transmitted the digital certificate of the application has a function of preventing the key data from being leaked. In addition, when data is transferred from the application 121 to the key server 15, it can be confirmed whether or not the data has been tampered with.

  In step S53, the verification processing unit 455 determines whether the digital certificate of the application has been verified as valid. Specifically, the signature of the application public key included in the application digital certificate is decrypted with the certification authority public key 484 and the application public key included in the application digital certificate is compressed by a hash function program. If they match, it is determined that they are valid, and if they do not match, it is determined that they are not verified. If it is determined in step S53 that the digital certificate of the application has not been verified as valid, the process ends.

  If it is determined in step S53 that the digital certificate of the application has been verified as valid, in step S54, the signature processing unit 454 is based on the control from the main control unit 452, and the key server private key 482 ( Using the key server private key 482) stored in the storage unit 453, a signature of the digital certificate of the application as shown in FIG. 16 is generated.

  In step S <b> 55, the output unit 458 transmits the application digital certificate signature and the access permit including the application digital certificate to the application 121 based on the control from the main control unit 452. Specifically, the output unit 452 transmits the access permit shown in FIG. 16 based on the control from the main control unit 452.

  In contrast, in step S32, the input unit 201 of the application 121 receives an access permit including the signature of the application digital certificate and the application digital certificate.

  In step S <b> 33, the storage unit 203 stores an access permit based on control from the main control unit 202. Specifically, the storage unit 203 stores the access permit (received access permit) shown in FIG. 16 as the access permit 224 of FIG. This access permit is required when the application 121 acquires key data, and is used when the application 121 requests key data from the key server 15 in the following processing. Specifically, the key server 15 is used to determine whether or not key data may be transmitted to the application 121.

  By this processing, the application 121 can acquire an access permit for accessing the key server 15 (for receiving information from the key server 15).

  13 and 15, the application 121 can obtain the application digital certificate 223 and the access permit 224. The access permit 224 is used when the application 121 acquires key data from the key server 15.

  Next, a process in which the key server 15 in FIG. 11 receives the digital certificate of the key server from the certification authority 13 in FIG. 9 will be described. This process is a process executed by the key server 15 and the certification authority 13, and when the key server 15 is activated for the first time, or a command is input to the key server 15 to receive a certificate. When will be started. Further, this process is a process that is executed in parallel or before and after the processes in FIGS. 13 and 15 described above.

  In step S71, the output unit 458 of the key server 15 transmits a message requesting the signature of the key server public key and the key server public key 481 based on the control from the main control unit 452. Specifically, the main control unit 458 reads out the key server public key 481 (FIG. 12) stored in the storage unit 453 and causes the output unit 458 to output a message requesting the signature of the key server public key. (Send it).

  On the other hand, in step S91, the input unit 351 of the certification authority 13 receives the message requesting the signature of the key server public key and the key server public key 481.

  In step S92, the signature processing unit 354 of the certification authority 13 generates a signature of the key server public key using the certification authority private key 362 based on the control from the control unit 352. Specifically, the signature processing unit 354 encrypts the result obtained by compressing the key server public key 491 with the hash function program with the certification authority private key 362, and as shown in FIG. Generate a public key signature (digital signature).

  In step S <b> 93, the output unit 355 transmits the signature of the key server public key and the digital certificate of the key server composed of the key server public key to the key server 15 based on the control from the main control unit 352. Specifically, as shown in FIG. 18, a digital certificate of the key server composed of the (digital) signature of the key server and the key server public key is transmitted.

  On the other hand, in step S72, the input unit 451 of the key server 15 receives the digital certificate (FIG. 18) of the key server composed of the (digital) signature of the key server and the key server public key.

  In step S73, the storage unit 453 stores the received digital certificate of the key server as the digital certificate 483 of the key server based on the control from the main control unit 452. That is, the digital certificate of the key server in FIG. 18 is stored as the digital certificate 483 of the key server in FIG. Thereafter, the process is terminated.

  17, the key server 15 receives the key server digital certificate 483 from the certification authority 13 and stores it.

  Next, referring to the flowchart of FIG. 19, the application 121 of FIG. 6 (the application 121 executed in the terminal SAM client 11) acquires the digital certificate 483 of the key server from the key server 15 of FIG. Will be described. This process is a process executed by the application 121 and the key server 15, and is executed after the process of FIG. 17 (that is, after the key server 15 acquires the digital certificate 483 of the key server). It is.

  In step S <b> 111, the output unit 208 of the application 121 transmits a message requesting a digital certificate of the key server based on the control from the main control unit 202. The message requesting the digital certificate of the key server includes, for example, the digital certificate 223 of the application shown in FIG.

  In response to this, the input unit 451 of the key server 15 receives the message requesting the digital certificate of the key server transmitted from the application 121 in step S131.

  In step S132, the output unit 458 of the key server 15 transmits the digital certificate 483 (FIG. 18) of the key server to the application 121 based on the control from the main control unit 452. Specifically, the main control unit 452 controls the output unit 458 to read out the digital certificate 483 of the key server from the storage unit 453 and transmit it to the application 121.

  On the other hand, the input unit 201 of the application 121 receives the digital certificate 483 of the key server in step S112.

  In step S <b> 113, the storage unit 203 stores the key server digital certificate 483 as the key server digital certificate 225 (FIG. 7) based on the control from the main control unit 202.

  The key server digital certificate 225 as shown in FIG. 18 is stored in the storage unit 203 by the processing of FIG.

  Through the processes in FIGS. 13, 15, 17, and 19, the application digital certificate 223, the access certificate 224, and the key server digital certificate 225 are acquired in the storage unit 203 of the application 121. The key server digital certificate 483 is acquired in the storage unit 453 of the key server 15. These processes are executed in advance in order for the application 121 to execute the process for acquiring the key data from the key server 15, which will be described with reference to FIGS. 20 and 21.

  20 and 21 are flowcharts for explaining processing in which the application 121 acquires key data from the key server 15. This process is a process executed after the processes shown in FIGS. 13, 15, 17, and 19. For example, the key data stored in the IC card 51 with which the IC card reader / writer 80 (FIG. 3) of the terminal SAM client 11 communicates via the IC card reader / writer antenna 43 is the key currently used by the application 121. When it is different from the data (or when the key data is not stored), it is started in response to a request supplied via the IC card reader / writer antenna 43.

  In step S151, based on the control from the main control unit 202, the signature processing unit 204 of the application 121 uses the application secret key 222 (FIG. 7) to generate the access permit 224 (FIG. 7) and the key data acquisition request. Generate a message signature. Specifically, the signature processing unit 204 generates a signature using the application secret key 222 for the access permit 224 (FIG. 7) and the key data acquisition request message stored in the storage unit 203. The access permit 224 is obtained by the process of FIG. 15 described above. As a result, a signature of “access permit and key data acquisition request message” (signature by the application 121 for “access permit and key data acquisition request message”) is generated as shown in the lower part of FIG. The

  In step S <b> 152, the output unit 208 transmits an access permit, a signature of a key data acquisition request message, an access permit 224, and a key data acquisition request message based on control from the main control unit 202. Specifically, the output unit 208 outputs data as shown in FIG. 22 (access permit 224, key data acquisition request message, and signature of “access permit and key data acquisition request message”). .

  On the other hand, in step S171, the input unit 451 of the key server 15 signs the access permit and the key data acquisition request message, the access permit 224, and the key data acquisition request message (ie, as shown in FIG. 22). Data).

  In step S172, the verification processing unit 455 uses the application public key extracted from the access permit 224 based on the control from the main control unit 452 to verify that the access permit and key data acquisition request message are valid. To verify. Specifically, first, the verification processing unit 455 acquires an application public key further included in the digital certificate of the application included in the access permit as shown in FIG. 16, and uses this to obtain an access permission. The signature of the certificate and key data acquisition request message is decrypted. Next, the verification processing unit 455 compresses the access permit and the key data acquisition request message using a hash function program. Then, the verification processing unit 455 decrypts the signature (result of decrypting the signature of the access permit and key data acquisition request message) and the result compressed by the hash function program (access permit and key data acquisition request It is verified that the access permit message and the key data acquisition request message are valid depending on whether or not the message matches the result of compression by the hash function program. With this process, it is possible to confirm whether or not the data has been tampered with when data is transferred from the application 121 to the key server 15.

  In step S173, the verification processing unit 455 determines whether it is verified that the access permit and the key data acquisition request message are valid. That is, as a result of the process in step S172, it is determined whether or not it has been verified that the received data has not been tampered with during the transfer. If it is determined in step S173 that the validity has not been verified, the process ends.

  If it is determined in step S173 that the access permit message and the key data acquisition request message are verified to be valid, the process proceeds to step S174.

  In step S174, the verification processing unit 455 verifies that the access permit is valid using the key server public key 481. Specifically, the verification processing unit 455 obtains the signature of the application digital certificate from the access permit, and decrypts the signature of the application digital certificate with the key server public key 481. Also, the verification processing unit 455 obtains the application digital certificate from the access permit, and compresses the application digital certificate by the hash function program. Then, the verification processing unit 455 uses the hash function to decrypt the signature with the key server public key 481 (the result of decrypting the signature of the application digital certificate with the key server public key 481) and the application digital certificate. It is verified that the digital certificate of the application is valid depending on whether the results compressed by the program match. With this processing, it is verified whether or not the received access permit is from an application having an access right to the key server 15 (by the processing of FIG. 15). That is, in this process, it is verified that the access permit (other received data) has been transmitted from the correct partner.

  In step S175, the verification processing unit 455 determines whether or not the access permit is verified as valid. That is, as a result of the processing in step S174, it is determined whether or not it has been verified that the access permit (other received data) has been transmitted from the correct partner. If it is determined in step S175 that the validity has not been verified, the process ends.

  If it is determined in step S175 that the access permit is verified as valid, the process proceeds to step S176.

  Note that the order of step S172 and step S173, and step S174 and step S175 may be reversed, or may be executed in parallel. That is, the order is not limited as long as the validity of the access permit and key data acquisition request message and the validity of the access permit are confirmed.

  Through the processing from step S171 to step S175, the access permit and the key data acquisition request message are verified.

  In step S176, the main control unit 452 reads the corresponding key data from the key folder 485 of the storage unit 453. The main control unit 452 can select key data to be distributed to the application 121 by confirming the digital certificate of the application included in the access permit, for example, so that the key data 491 can be selected from the key folder 485, for example. Is read.

  If the key data read by the key server 15 cannot be identified by only the digital certificate of the application (for example, when a plurality of types of key data are supplied to one application 121), the application 121 may include a usage ID (an ID indicating the usage of key data) in the digital certificate 223 of the application to be transmitted in the processing of step S31 in FIG. 15 described above. In this case, the main control unit 452 of the key server 15 reads the corresponding key data based on the usage ID included in the digital certificate of the application.

  In step S177, the signature processing unit 454 uses the key server private key 482 and the key server digital certificate 483 (FIG. 12) and key data (in the process of step S175) based on the control from the main control unit 452. A signature (signature by the key server 15) of the read key data) is generated. The digital certificate 483 of the key server is obtained by the key server 15 in the above-described processing of FIG. 17 and stored in the storage unit 453 of FIG. For example, the key data is the key data 491 in FIG. The signature processing unit 454 compresses the key server digital certificate 483 and the key data 491 with the hash function program based on the control from the main control unit 452, and the key server private key is compressed with respect to the compressed one. By encrypting using 482, a digital certificate of the key server and a signature of the key data as shown in FIG. 23 are generated.

  In step S178, the encryption unit 456 encrypts the digital certificate 483 and the key data 491 of the key server using the application public key (for example, the application public key 221) based on the control from the main control unit 452. To do. The application public key 221 is an application public key included in the digital certificate (FIG. 14) of the application that is determined to match in the process of step S175. As a result, the encrypted “key server digital certificate 483 and key data 491” in the upper part of FIG. 23 is generated.

  In step S179, the output unit 458, based on the control from the main control unit 452, signifies the digital certificate and key data of the key server, and the encrypted “key server digital certificate 483 and key data 491”. Is transmitted to the application 121. That is, the output unit 458 transmits data as shown in FIG. 23 (key server digital certificate and key data signature, and encrypted “key server digital certificate 483 and key data 491”). To do. The key server digital certificate and the key data signature were generated in step S177, and the encrypted “key server digital certificate 483 and key data 491” was encrypted in step S178. Is.

  In contrast, in step S153, the input unit 201 of the application 121 receives the digital certificate and key data signature of the key server and the encrypted “digital certificate 483 and key data 491 of the key server”. To do.

  In step S154, the decryption unit 207 decrypts the encrypted “digital certificate 483 and key data 491 of the key server” using the application secret key 222 (FIG. 7). Since this “digital certificate 483 and key data 491 of the key server” is encrypted with the application public key (for example, the application public key 221) as described above in step S178, the application secret that is a key pair with the application public key. By using the key 222, decryption can be performed. Thereby, the digital certificate 483 and the key data 491 of the key server can be obtained.

  In step S155, the verification processing unit 205 uses the key server public key (the key server public key included in the key server digital certificate 225 (FIG. 7)) to process the key server digital certificate 483 (the process of step S154). It is verified that the digital certificate 483) of the key server obtained in step 4 and the key data 491 are valid. Specifically, the verification processing unit 205 decrypts the “key server digital certificate and key data” with the key server public key (the key server public key included in the key server digital certificate 225 (FIG. 7)). The digital certificate 483 of the key server and the key data 491 are verified to be valid depending on whether the digital certificate 483 and the key data 491 of the key server are compressed by the hash function program. . With this process, it is possible to confirm whether data has been tampered with when data is transferred from the key server 15 to the application 121.

  In step S156, the verification processing unit 205 determines whether the digital certificate and key data of the key server have been verified to be valid. Specifically, the verification processing unit 205 compresses the key server digital certificate and key data using the key server public key, and compresses the key server digital certificate 483 and key data 491 with a hash function program. It is determined that it is verified that it is valid if it matches, and it is determined that it is not verified that it is valid if it does not match. If it is determined in step S156 that the validity has not been verified, the process ends.

  If it is determined in step S156 that the digital certificate and key data of the key server have been verified as valid, the process proceeds to step S157, and the main control unit 202 obtains the digital data of the key server obtained by decryption. The certificate (the key server digital certificate 483 obtained in step S154) is compared with the key server digital certificate 225 stored in the storage unit 203 (FIG. 7). The key server digital certificate 225 stored in the storage unit 203 is obtained from the key server 15 in the above-described processing of FIG.

  In step S157, the main control unit 202 compares the digital certificates of the two key servers (the digital certificate 483 of the key server obtained by decrypting in the process of step S153 with the result of the comparison in the process of step S156, and FIG. 17). It is determined whether or not the digital certificate 225) of the key server acquired by the process of FIG. If it is determined that they do not match, the processing is terminated.

  If it is determined in step S158 that the digital certificates of the two key servers match, the main control unit 202 uses the key data 491 obtained in step S154 in step S159. For example, it is stored as new key data 491 in the storage unit 203 or updated when key data is stored in the storage unit 203 in advance. Further, for example, when communication is performed between the IC card reader / writer antenna 43 and the IC card 51 (FIG. 2), it is used as a common key. Thereafter, the process is terminated.

  20 and 21, the key server 15 can securely transmit key data to the application 121. Further, the application 121 can also obtain key data from the key server 15 safely.

  20 and 21 are started by the application 121 of the terminal SAM 42 as necessary (for example, an IC card having an updated common key connected to the terminal SAM 42). Therefore, the key server 15 does not need to notify the corresponding plurality of applications 121 of the update of the key data, so that the load on the key server 15 is reduced. Can be reduced.

  In this way, when the application 121 requests the key server 15 to acquire key data, the access certificate 224 is used so that the key server 15 can authenticate the other party with this content (once, It is possible to authenticate that it is a signed terminal).

  According to the above, the certification authority 13 issues the digital certificate 223 of the application, and the key server 15 issues an access permit 224 (permit for receiving services from the key server 15) for the digital certificate 223 of the application. The key server 15 can distribute the key data only to the application 121 to be updated.

  Further, the key server 15 can securely and safely transmit the key data to the application 121 without knowing the key version of each application 121 or whether or not it is necessary to update.

  That is, the above processing is executed by each of the applications 121-1 to 121-3. According to the present invention, the key server 15 is provided so as to manage information to be distributed to the applications 121-1 to 121-3, and even when the key data is updated, the key server 15 performs the application 121. -1 to 121-3 need not be recognized and distributed, and the applications 121-1 to 121-3 can go to the key server 15 to obtain key data, respectively, thereby easily distributing the key data. be able to.

  The application 121 can acquire the key data from the key server 15 reliably and securely by using the access permit 224.

  This is because when the server 14 or the key server 15 holds a digital certificate of a terminal (application 121) that is recognized as a key data providing destination and provides the key data, the digital certificate for the key data request Since it is not necessary to hold the digital certificate of each terminal, it is possible to reduce the processing cost as compared with the case where the authentication is valid. In particular, when the number of terminals to which the key data is provided is large, the management cost of the server 14 or the key server 15 becomes enormous (consumes a large storage area), and the time required for searching for a digital certificate However, according to the present invention, since the key server 15 does not need to hold information related to the application 121, the management cost of the key server 15 can be reduced and the processing time can be shortened.

  In addition, according to the above, since the digital certificate 223 of the application is issued by a third party who can be trusted (the certification authority 13), the application 121 has a function of preventing the leakage of key data. The key server 15 can recognize the key data, so that the key data can be distributed more securely.

  Further, even when it is desired to update the common key shared among the scattered applications (within the terminal SAM client 11 provided in a plurality of regions and stores), the service provider (server 14) can use the key server. By updating only 15 key data, the application 121 can acquire necessary information (key data) from the key server 15 as necessary, and the key data can be updated autonomously. Here, as a case where the application 121-1 needs to acquire key data, an IC in which the key data is updated by another application 121-2 (another terminal 11-2) that shares the key data. This is a case where the card 51 is used in the application 121-1.

  In this manner, necessary common key data (for example, key data 491) can be efficiently added or updated on the terminal SAM 42 side that manages information related to the IC card using a common key IC card. In particular, when many applications (terminal SAM 42) sharing the common key data are scattered (provided in many stores), the common key data can be distributed to each application more efficiently.

  Further, by executing the processing corresponding to each application as the terminal SAM 42, as shown in FIG. 4, when applications provided by a plurality of service providers are stored in the storage unit 78 of the terminal SAM 42, In addition, since the application public key 221, the application private key 222, the application digital certificate 223, the access permit 224, and the like are acquired for each application, the key data can be updated or added for each application. That is, it is possible to prevent a non-compatible application from diverting a key provided by another service provider (even if it is an application stored in the same terminal SAM 42).

  The application 121 can also cache the acquired key data (for example, key data 491), reduce the number of accesses to the key server 15, and improve processing efficiency. When the key data is cached, the key data is stored in an area free from security attacks such as tampering, eavesdropping, and suspension of use on the application 121 side. In this case, when the key server 15 authenticates the application 121 (for example, when the process of FIG. 15 is executed), it may be verified that the application has this prohibition function.

  The key server 15 can be in any format from a synchronous type such as an HTTP (HyperText Transfer Protocol) server to an asynchronous type that accepts a request by receiving an e-mail and then returns it. May be. When taking the asynchronous form, the communication path may not be the network 12.

  In the above example, the key server 15 collectively manages key data of a plurality of service providers (servers 14-1 to 14-3), but the key server 15 is managed for each service provider. You may make it provide. In this case, the application 121 can acquire key data from a plurality of key servers by holding digital certificates and access permits of the plurality of key servers 15.

  The key server 15 and the server 14 may be integrated. For example, each of the servers 14-1 to 14-3 may have the function of the key server 15 therein.

  Furthermore, in the above example, the data to be distributed is the key data (common key data necessary for accessing the IC card). However, the present invention is not limited to this, and the application program and the data necessary for the execution are distributed. Also good.

  Further, in the above example, it is described that the predetermined data that is the source of the signature is not encrypted together with the signature of the predetermined data, but the predetermined data that is the source of the signature is, for example, You may make it transmit with encrypting with the public key of a transmission destination. Further, the signature may be transmitted after being encrypted with the public key of the transmission destination. Specifically, in step S55 of FIG. 15, the “application digital certificate” may be transmitted after being encrypted with the application public key, or “application digital certificate signature and application digital certificate”. And may be transmitted after being encrypted with the application public key.

  Furthermore, since it is not necessary to distribute the key data to each of the applications 121 of the terminal SAM client 11 every time the key data is updated, the processing cost for the key update can be suppressed.

  The encryption method is not limited to the above-described method, and a method using a common key or the like may be used.

  Further, in the above example, with respect to a portion described as encrypting specific information (for example, a common key), it indicates that at least the portion including the specific information is encrypted. That is, the description “encrypt specific information” indicates that “the specific information is included in the information to be encrypted”.

  The terminal SAM client 11 can be applied to other information processing apparatuses as long as they process information. For example, a personal computer provided with an IC card reader / writer may be used as the terminal SAM client 11.

  Although the present embodiment has been described using a public key encryption method and a digital signature, other methods can be applied as long as they can be used in place of this method.

  Also, the premise of public key encryption and digital signature is that the application private key, the certification authority private key, and the server private key are only owned by each device. Those verified with the key and signed with the accreditation authority private key are verified with the accreditation authority public key, and those signed with the server private key are verified with the server public key.

  The series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software is installed from a network or a recording medium.

  As shown in FIG. 3 (and FIG. 8 and FIG. 10), this recording medium is a package comprising a removable medium 91 on which a program is recorded, which is distributed to provide a program to the user separately from the computer. In addition to being composed of media, it is composed of a ROM 72 on which a program is recorded and a hard disk including a storage unit 78 provided to the user in a state of being pre-installed in the apparatus main body. The same applies to FIGS. 8 and 10.

  In the present specification, the step of describing a computer program includes not only processing performed in time series according to the described order but also processing executed in parallel or individually even if not necessarily processed in time series. Is also included.

  Further, in this specification, the system represents the entire apparatus composed of a plurality of apparatuses.

It is a figure which shows the example of a whole structure of the information processing system to which this invention is applied. It is a figure which shows the functional structural example of the terminal SAM client of FIG. It is a block diagram which shows the structural example of the hardware of the terminal SAM client of FIG. It is a figure explaining the information memorize | stored in the memory | storage part of FIG. It is a figure explaining the relationship between the key server of FIG. 1, and an application. FIG. 6 is a block diagram illustrating a functional configuration example of the application of FIG. 5. It is a figure explaining the information memorize | stored in the memory | storage part of FIG. It is a block diagram which shows the structural example of the hardware of the certification | authentication organization of FIG. It is a block diagram which shows the functional structural example of the accreditation organization of FIG. It is a block diagram which shows the structural example of the hardware of the key server of FIG. It is a block diagram which shows the functional structural example of the key server of FIG. It is a figure explaining the information memorized by the storage part of FIG. It is a flowchart explaining the process in which an application receives issue of the digital certificate of an application from an accreditation organization. It is a figure explaining the digital certificate of an application. It is a flowchart explaining the process in which an application receives issuance of an access permit from a key server. It is a figure explaining an access permit. It is a flowchart explaining the process in which a key server receives the issuance of a digital certificate of a key server from an authorized organization. It is a figure explaining the digital certificate of a key server. It is a flowchart explaining the process in which an application acquires the digital certificate of a key server from a key server. It is a flowchart explaining the process in which an application acquires key data from a key server. It is a flowchart explaining the process in which an application acquires key data from a key server. It is a figure explaining the data transmitted by step S152 of FIG. It is a figure explaining the data transmitted by step S179 of FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Information processing system, 11 Terminal SAM client, 14 Server, 15 Key server, 42 Terminal SAM, 43 IC card reader / writer antenna, 121 Application, 201 Input part, 202 Main control part, 203 Storage part, 204 Signature processing part, 205 Verification processing unit, 206 encryption unit, 207 decryption unit, 208 output unit, 221 application public key, 222 application secret key, 223 application digital certificate, 224 access permit, 225 key server digital certificate, 351 input unit , 352 main control unit, 353 storage unit, 354 signature processing unit, 355 output unit, 361 accreditation body public key, 362 accreditation body private key, 451 input unit, 452 main control unit, 453 storage unit, 4 4 signature processing unit, 455 verification processing unit, 456 encryption unit, 457 decryption unit, 458 output unit, 481 key server public key, 482 key server private key, 483 digital certificate of key server, 484 certification authority public key, 485 Key folder, 491 to 493 Key data

Claims (12)

In an information processing system comprising a terminal device that manages information related to an IC card, a server device that provides information to the terminal device, and an authorized device,
The terminal device
First transmission means for transmitting a second key corresponding to the first key of the terminal device to the authorization device;
A first receiving means for receiving a digital certificate of the terminal device transmitted from the authorized device in response to transmission by the first transmitting means;
First storage means for storing a digital certificate of the terminal device received by the first reception means;
Second transmission means for transmitting the digital certificate of the terminal device stored in the first storage means to the server device;
The certified device is:
Second receiving means for receiving the second key transmitted by the first transmitting means of the terminal device;
And when the second key received by the second receiving means is recognized as the second key of the terminal device, the second key and a third key of the authorization device A first signing means for generating a signature of the second key using
A third transmission unit configured to transmit the signature of the second key generated by the first signature unit and the digital certificate of the terminal device including the second key to the terminal device;
A fourth transmission means for transmitting a fourth key corresponding to the third key of the authorized device to the server device;
The server device
Third receiving means for receiving the digital certificate of the terminal device transmitted by the second transmitting means of the terminal device;
Fourth receiving means for receiving the fourth key transmitted by the fourth transmitting means of the authorization device;
Second storage means for storing the fourth key received by the fourth receiving means;
Using the second key signature contained in the digital certificate of the terminal device received by the third receiving means and the fourth key stored by the second storage means, the second key is used. First verification means for verifying that the key of is valid,
When the first verification unit verifies that the second key of the digital certificate is valid, the digital certificate of the terminal device received by the third reception unit, and the server device A second signing means for generating a signature of the digital certificate of the terminal device using a fifth key possessed by:
A fifth transmission means for transmitting to the terminal device a signature of the digital certificate of the terminal device generated by the second signature means and an access permit comprising the digital certificate of the terminal device;
The terminal device
Fifth receiving means for receiving the access permit transmitted by the fifth transmitting means of the server device;
An information processing system, further comprising: third storage means for storing the access permit received by the fifth reception means. The terminal device
When requesting predetermined information from the server device, the access permit stored in the third storage means and request information requesting the server device for predetermined information are transmitted to the server device. 6 transmission means;
And a sixth receiving means for receiving the information transmitted from the server device in response to the transmission by the sixth transmitting means,
The server device
Seventh access means for receiving the access permit transmitted by the sixth transmission means of the terminal device and the request information;
The access permit received by the seventh receiving means and the sixth key corresponding to the fifth key of the server device are used to verify that the access permit is valid. A second verification means;
And a second transmission unit configured to transmit the information corresponding to the request information to the terminal device when the access verification is verified by the second verification unit. Item 4. The information processing system according to Item 1. The first key is a secret key of the terminal device;
The second key is a public key of the terminal device;
The third key is a secret key of the authorized device;
The fourth key is a public key of the authorized device,
The fifth key is a secret key of the server device;
The sixth key is a public key of the server device;
The private key of the terminal device, the private key of the authorized device, and the private key of the server device are possessed only by the respective devices, and those that are signed using the private key of the terminal device are publicly disclosed by the terminal device. What is verified with the key and signed with the secret key of the certified device is verified with the public key of the certified device, and what is signed with the secret key of the server device is the public key of the server device The information processing system according to claim 2, wherein the information processing system is verified. The information processing system according to claim 2, wherein the information is the application program, data necessary for executing the application program, or common key data necessary for accessing an IC card. The terminal device
When requesting predetermined information to the server device, the access permit stored in the third storage means, the request information requesting the server device for predetermined information, and the first key are used. , Further comprising third signature means for generating a signature of the access permit and the request information,
The sixth transmission means transmits the access permit, the request information, and the access permit and the request information signature generated by the third signature means to the server device;
The server device
The seventh receiving means receives the access permit, the request information, and the access permit and the signature of the request information;
The second verification means verifies that the access permit and the request information are valid by using the signature of the access permit and the request information and the second key acquired from the access permit. And verifying that the access permit is valid using the access permit and the sixth key,
When it is verified by the second verification means that the access permit and the request information are valid, the seventh transmission means encrypts using the fourth key acquired from the authorization device. The information processing system according to claim 2, wherein the information is transmitted to the terminal device. In an information processing method of an information processing system including a terminal device that manages information related to an IC card, a server device that provides information to the terminal device, and an authorized device,
The authorization device transmits a second key corresponding to the first key of the authorization device to the server device,
The server device receives and stores the second key transmitted from the authorized device;
The terminal device transmits a fourth key corresponding to a third key of the terminal device to the authorization device;
The certified device is:
Receiving the fourth key transmitted from the terminal device;
When it is determined that the received fourth key is the fourth key of the terminal device, the fourth key and the first key of the authentication device are used to determine the fourth key. Generate a key signature for
Transmitting the generated signature of the fourth key and the digital certificate of the terminal device including the fourth key to the terminal device;
The terminal device
Receiving the digital certificate of the terminal device transmitted from the authorized device;
Control the storage of the received digital certificate of the terminal device,
Sending the digital certificate of the terminal device whose storage is controlled to the server device;
The server device
Receiving a digital certificate of the terminal device transmitted from the terminal device;
Receiving the second key transmitted from the authorized device;
Using the signature of the fourth key included in the received digital certificate of the terminal device and the received second key, verifying that the fourth key is valid;
When it is verified that the fourth key of the digital certificate is valid, the terminal device uses the received digital certificate of the terminal device and the fifth key of the server device to Generate a digital certificate signature,
Transmitting the generated digital certificate signature of the terminal device and an access permit including the digital certificate of the terminal device to the terminal device;
The terminal device
Receiving the access permit transmitted from the server device;
Controlling storage of the received access permit. An information processing method characterized by: In a server device that exchanges information with an authorized device and provides information to a terminal device that manages information related to an IC card,
First receiving means for receiving a digital certificate of the terminal device issued from the terminal device to the terminal device, transmitted from the terminal device;
Second receiving means for receiving a second key corresponding to a first key of the authorized device transmitted from the authorized device;
Storage means for storing the second key received by the second receiving means;
A signature of a fourth key corresponding to a third key of the terminal device included in the digital certificate of the terminal device received by the first receiving unit, and the second key stored by the storage unit First verification means for verifying that the fourth key is valid using
When the first verification unit verifies that the fourth key of the digital certificate is valid, the digital certificate of the terminal device received by the first reception unit, and the server device Signature means for generating a signature of the digital certificate of the terminal device using a fifth key possessed by:
A first transmission unit configured to transmit a signature of the digital certificate of the terminal device generated by the signature unit and an access permit including the digital certificate of the terminal device to the terminal device. Server device. Third receiving means for receiving, when the terminal device requests predetermined information, the access permit transmitted from the terminal device and request information requesting the predetermined information;
Verifying that the access permit is valid using the access permit received by the third receiving means and a sixth key corresponding to the fifth key of the server device A second verification means;
And a second transmission unit configured to transmit the information corresponding to the request information to the terminal device when the access verification is verified by the second verification unit. Item 8. The server device according to Item 7. In the information processing method of the server device that exchanges information with the authorized device and provides information to the terminal device that manages information about the IC card,
A first reception step of receiving a digital certificate of the terminal device issued from the terminal device to the terminal device, which is transmitted from the terminal device;
A second receiving step of receiving a second key transmitted from the authorized device and corresponding to the first key of the authorized device;
A storage control step for controlling storage of the second key received by the processing of the second reception step;
The signature of the fourth key corresponding to the third key of the terminal device included in the digital certificate of the terminal device received by the processing of the first reception step and the storage by the processing of the storage control step A verification step of verifying that the fourth key is valid using the second key
When it is verified that the fourth key of the digital certificate is valid by the process of the verification step, the digital certificate of the terminal device received by the process of the first reception step, and the server A signature step of generating a signature of the digital certificate of the terminal device using a fifth key of the device;
A signature step of the digital certificate of the terminal device generated by the processing of the signature step, and a transmission step of transmitting an access permit consisting of the digital certificate of the terminal device to the terminal device. Information processing method. In an information processing device that exchanges information with a server device and an authorized device that provide information related to an IC card,
First transmission means for transmitting a second key corresponding to the first key of the information processing apparatus to the authorization apparatus;
A first receiving means for receiving a digital certificate of the information processing apparatus transmitted from the authorized apparatus in response to transmission by the first transmitting means;
First storage means for storing a digital certificate of the information processing apparatus received by the first reception means;
Second transmission means for transmitting the digital certificate of the information processing apparatus stored in the first storage means to the server apparatus;
In response to the transmission by the second transmission means, a second certificate that receives the signature of the digital certificate of the information processing apparatus transmitted from the server apparatus and the access permit consisting of the digital certificate of the information processing apparatus is received. Means for receiving
An information processing apparatus comprising: a second storage unit that stores the access permit received by the second reception unit. When requesting predetermined information to the server device, the access permit stored in the second storage means and request information requesting the server device for predetermined information are transmitted to the server device. 3 transmission means;
11. The apparatus according to claim 10, further comprising: a third receiving unit configured to receive the information on the request information transmitted from the server device in response to transmission by the third transmitting unit. Information processing device. In an information processing method of an information processing device that exchanges information with a server device and an authorized device that provide information on an IC card,
A first transmission step of transmitting a second key corresponding to a first key of the information processing apparatus to the authorization apparatus;
A first reception step of receiving a digital certificate of the information processing device transmitted from the authorized device in response to transmission by the processing of the first transmission step;
A first storage control step for controlling storage of the digital certificate of the information processing apparatus received in the first reception step;
A second transmission step of transmitting a digital certificate of the information processing apparatus whose storage is controlled by the processing of the first storage control step to the server apparatus;
In response to the transmission in the process of the second transmission step, the signature of the digital certificate of the information processing apparatus transmitted from the server apparatus and the access permit consisting of the digital certificate of the information processing apparatus are received. A second receiving step;
And a second storage control step for controlling storage of the access permit received by the processing of the second reception step.

Images