JP2007086957A - Information processing system, client device, server device, information processing method and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce any load to be imposed on a server device in an information processing system equipped with an IC chip, a client device and a server device connected to the client device for supporting the execution of predetermined processing by the IC chip in response to a request from the client device. <P>SOLUTION: A client device 102 is provided with a command designating part 122 for designating one or more commands necessary for the execution of predetermined processing; an encryption request transmitting part 120 for transmitting an encryption request to request the generation and encryption of one or more commands designated by a command generating part to the server device; a command receiving part 126 for receiving one or more encrypted commands from the server device; and a command using part 130 for using one or more encrypted commands when executing predetermined processing. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information processing system, a client device, a server device, an information processing method, and a computer program. More specifically, the present invention relates to an information processing system including a server device that supports execution of predetermined processing and a client device connected to the server device via a communication network.

  Conventionally, an information processing system provided with an IC chip, a client device, and a server device connected to the client device via a communication network and supporting execution of predetermined processing by the IC chip in response to a request from the client device is provided. Has been. In such an information processing system, generally, a server device and a tamper-resistant IC chip have corresponding keys. Then, the client device requests the server to start predetermined processing. In order to cause the IC chip to perform predetermined processing, the server designates and generates a command necessary for execution of the predetermined processing by the IC chip, encrypts the command using a key as necessary, and Via the IC chip. The IC chip decrypts the command using the key, executes the corresponding process, encrypts the response using the key as necessary, and transmits the response to the server device via the client device. Upon receiving the response, the server device designates the next command based on the response, and continues the above processing to complete the predetermined processing.

  In this way, in the conventional information processing system, the server is led, and the client device relays data transmission / reception between the server device and the IC chip after requesting the server device to start predetermined processing. Only. That is, the main application program for causing the IC chip to execute a predetermined process is on the server device side.

JP 2003-141063 A

  However, in the conventional server-driven information processing system as described above, for example, when each application program is required to cause the IC chip to execute various predetermined processes, the plurality of application programs are stored in the server device. And executed by the server device.

  Specifically, when there are various processes such as an electronic money settlement process, a ticket purchase process, a coupon acquisition process, and a chip ID confirmation process as predetermined processes to be executed by the IC chip, The types and order of commands given to the IC chip to be executed by the IC chip, command parameters, and the like are different. That is, the type and order of commands given to the IC chip for causing the IC chip to execute electronic money settlement processing, and the type and order of commands given to the IC chip for causing the IC chip to execute ticket purchase processing. Are different. Therefore, an application program corresponding to each process for providing the IC chip with the types of commands corresponding to each process in the order corresponding to each process is required. In a conventional server-driven information processing system, the plurality of applications are stored in a server device, and each application is executed by the server device.

  The server device receives requests from a plurality of client devices and executes a corresponding application program in response to the received requests. By executing a plurality of applications in parallel, the server device uses many resources such as a memory and a CPU. As a result, the processing speed of the server device decreases as the resource usage rate increases. In other words, the conventional information processing system has a problem that execution of a predetermined process is slowed down because an excessive load is applied to the server device and the processing speed of the server device is reduced.

  Accordingly, the present invention has been made in view of such problems, and an object of the present invention is to provide an information processing system, a client device, a server device, and an information processing method capable of reducing the load on the server device. And providing a computer program.

  In order to solve the above-described problems, according to one aspect of the present invention, a tamper-resistant IC chip, a client device, and a client device are connected to the client device via a communication network. There is provided an information processing system including a server device that supports execution of predetermined processing by a chip.

  In the information processing system, the client device includes a command specifying unit that specifies one or more commands necessary for execution of predetermined processing by the IC chip; and a client command generation that generates one or more commands specified by the command specifying unit An encryption request transmitting unit for transmitting an encryption request for the command to the server device, including a command generated by the client command generating unit; receiving a command for receiving one or more encrypted commands from the server device A command using unit that provides one or more encrypted commands to the IC chip.

  In the information processing system, the server device includes: an encryption request receiving unit that receives an encryption request from a client device; a command encryption unit that encrypts one or more commands included in the encryption request; A command transmission unit configured to transmit one or more commands to the client device.

  In the information processing system, the IC chip includes: a command acquisition unit that acquires one or more encrypted commands from the client device; a command decryption unit that decrypts the encrypted commands; A command execution unit that performs corresponding command processing.

  According to the above invention, the command specifying unit provided in the client device performs the designation of a command necessary for executing the predetermined processing by the IC chip, and the client command generating unit provided in the client device performs the generation of the specified command. . The server device encrypts the command specified and generated by the client device included in the encryption request received by the encryption request receiving unit. In other words, the server device only has to encrypt the command in response to a request from the client device. Therefore, unlike the conventional case, the server device does not need to specify and generate commands, so the load on the server can be reduced.

  In order to solve the above-described problems, according to another aspect of the present invention, a tamper-resistant IC chip, a client device, and a client device are connected to the client device via a communication network, and in response to a request from the client device. Another information processing system including a server device that supports execution of predetermined processing by an IC chip is provided.

  In the information processing system, the client device includes a command designating unit that designates one or more commands necessary for execution of predetermined processing by the IC chip; and generation and encryption of one or more commands designated by the command designating unit. An encryption request transmitting unit that transmits an encryption request to the server device; a command receiving unit that receives one or more encrypted commands from the server device; and providing one or more encrypted commands to the IC chip And a command using unit.

  In the above information processing system, the server device specifies in the encryption request the encryption request receiving unit that receives the encryption request from the client device; and one or more commands that are requested to be generated and encrypted by the encryption request A server command generation unit that generates each command that is generated; a command encryption unit that encrypts one or more commands generated by the server command generation unit; and transmits the one or more encrypted commands to the client device A command transmission unit;

  In the information processing system, the IC chip includes: a command acquisition unit that acquires one or more encrypted commands from the client device; a command decryption unit that decrypts the encrypted commands; A command execution unit that performs corresponding command processing.

  According to the above invention, the command designation unit provided in the client device performs designation of a command necessary for execution of predetermined processing by the IC chip. The server device generates and encrypts a command specified by the client device based on the encryption request received by the encryption request receiver. That is, the server device may generate and encrypt a specified command in response to a request from the client device. Therefore, unlike the prior art, the server device does not need to specify a command. Therefore, it is not necessary for the server device to recognize a command necessary for a predetermined process, and the load on the server device can be reduced.

  In order to solve the above-described problem, according to another aspect of the present invention, in a client device connected via a communication network to a server device that supports execution of a predetermined process: 1 required for executing a predetermined process A command specifying unit for specifying the above command; a client command generating unit for generating one or more commands specified by the command specifying unit; and an encryption request for the command including the command generated by the client command generating unit An encryption request transmission unit to be transmitted to the server device; a command reception unit to receive one or more commands encrypted from the server device; a command that uses the one or more commands encrypted when executing a predetermined process A client device comprising: a utilization unit;

  According to the above invention, the command designation unit provided in the client device performs the designation of the command necessary for executing the predetermined process, and the client command generation unit provided in the client device performs the generation of the designated command. Therefore, the server device only needs to encrypt the command. Therefore, unlike the conventional case, the server device does not need to specify and generate commands, so the load on the server can be reduced.

  The command specifying unit may specify one or more commands according to the processing result corresponding to the previous command. According to such a configuration, since the command specification unit of the client device can specify the next command according to the processing result corresponding to the previous command, the server device does not need to recognize the processing result, and the server device The processing executed by can be reduced.

  The client device may communicate with an IC chip having tamper resistance that executes a predetermined process, and the command using unit may provide an encrypted command to the IC chip.

  The client device includes, from the IC chip, a response acquisition unit that acquires a response that is a processing result corresponding to the command in an encrypted state by the IC chip; and a response decryption request that includes the encrypted response. A decryption request transmitter for transmitting to the apparatus; and a response receiver for receiving a decrypted response from the server apparatus. According to such a configuration, even when the response that is the result of the IC chip executing the process corresponding to the command is encrypted by the IC chip, the decryption request transmission unit sends the encrypted response to the server device. The client device can recognize the content of the response when the response reception unit receives the decrypted response from the server device. Therefore, the command specifying unit provided in the client device can specify the next command according to the response.

  When multiple commands are required to execute a given process, the command specification unit specifies multiple commands, and the client command generation unit generates multiple commands specified by the command specification unit, and encrypts them. The encryption request transmission unit transmits one encryption request for requesting encryption of the plurality of commands, including a plurality of commands specified by the command specification unit and generated by the client command generation unit, to the server device. May be. According to such a configuration, the client device can request encryption of a plurality of commands in one data transmission to the server device. Therefore, the number of communication between the client device and the server device can be reduced.

  The command receiving unit may be able to receive a command group including a plurality of encrypted commands from the server. In this case, the client device includes a command dividing unit that divides the command group into command units. You may prepare. According to such a configuration, the client device can acquire a plurality of commands in one data reception from the server device. Therefore, the number of communication between the client device and the server device can be reduced.

  The client device may include a response combining unit that combines a plurality of encrypted responses acquired from the IC chip by the response acquiring unit to generate one decryption request. According to such a configuration, the client device can request decoding of a plurality of responses in one data transmission to the server device. Therefore, the number of communication between the client device and the server device can be reduced.

  In order to solve the above-described problem, according to another aspect of the present invention, in a client device connected via a communication network to a server device that supports execution of a predetermined process: 1 required for executing a predetermined process A command designating unit for designating the above commands; an encryption request transmitting unit for transmitting an encryption request for requesting generation and encryption of one or more commands designated by the command designating unit; and encryption from the server device A client device is provided that includes a command receiving unit that receives one or more encrypted commands; and a command using unit that uses one or more encrypted commands when executing predetermined processing.

  According to the above invention, the command designation unit provided in the client device performs designation of a command necessary for execution of the predetermined process. Therefore, the server device only needs to generate and encrypt a specified command in response to a request from the client device. Therefore, unlike the conventional case, the server device does not need to specify a command, so that it is not necessary for the server device to recognize a command necessary for a predetermined process. Therefore, it is not necessary to store information such as the type and order of commands required for each predetermined process on the server device side, and an algorithm for combining commands for each predetermined process must be implemented and operated on the server device side. Therefore, the load on the server device can be reduced.

  When a plurality of commands are required to execute a predetermined process, the command specifying unit may specify a plurality of commands, and the encryption request transmitting unit may include a plurality of commands specified by the command specifying unit. One encryption request for requesting generation and encryption may be transmitted to the server device.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a computer program that causes a computer to function as any one of the client devices. The computer program is stored in a storage unit included in the computer, and is read and executed by a CPU included in the computer, thereby causing the computer to function as the client device. A computer-readable recording medium on which a computer program is recorded is also provided. The recording medium is, for example, a magnetic disk or an optical disk.

  In order to solve the above-described problems, according to another aspect of the present invention, an information processing method executed by any one of the above client devices is provided.

  In order to solve the above problems, according to another aspect of the present invention, in a server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device: client An encryption request receiving unit for receiving an encryption request for requesting generation and encryption of one or more specified commands necessary for execution of a predetermined process from a device; generation and encryption are requested by the encryption request; A server command generation unit that generates each command specified in the encryption request for one or more commands, a command encryption unit that encrypts one or more commands generated by the server command generation unit; And a command transmission unit that transmits the converted command to the client device.

  According to the above invention, the server device generates and encrypts the command specified by the client device based on the encryption request received by the encryption request receiver. In other words, the server device may receive the request from the client device and perform specified command generation and encryption. Therefore, unlike the prior art, the server device does not need to specify a command. Therefore, it is not necessary for the server device to recognize a command necessary for a predetermined process, and the load on the server device can be reduced.

  The server device includes a decryption request receiving unit that receives a response decryption request including a response, which is a processing result corresponding to the command, encrypted from the client device; and decrypts the encrypted response And a response decoding unit for converting to a response decoding unit.

  In order to solve the above problems, according to another aspect of the present invention, in a server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device: client An encryption request receiving unit for receiving an encryption request for requesting encryption of the command, including one or more commands necessary for execution of predetermined processing from the apparatus; and one or more commands included in the encryption request; A server device is provided that includes: a command encryption unit that performs encryption; and a command transmission unit that transmits an encrypted command to a client device.

  According to the above invention, the server device may encrypt the command included in the encryption request received from the encryption request receiving unit. Therefore, unlike the conventional case, the server device does not need to specify and generate commands, so the load on the server can be reduced.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a computer program that causes a computer to function as any one of the server devices. The computer program is stored in a storage unit included in the computer, and is read and executed by a CPU included in the computer, thereby causing the computer to function as the server device. A computer-readable recording medium on which a computer program is recorded is also provided. The recording medium is, for example, a magnetic disk or an optical disk.

  In order to solve the above-described problem, according to another aspect of the present invention, an information processing method executed by any one of the above server devices is provided.

  As described above, according to the present invention, it is possible to provide an information processing system, a client device, a server device, an information processing method, and a computer program that can reduce the load on the server device.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the present specification and drawings, components having substantially the same functional configuration are denoted by the same reference numerals, and redundant description is omitted.

(First embodiment)
In the following, the information processing system according to the present invention is connected to a client device 102 having an IC chip having tamper resistance, and the client device 102 is connected to the client device 102 via a communication network 106, and in response to a request from the client device 102, the IC chip The present invention will be described by applying to an information processing system 100 including a server device 104 that supports execution of predetermined processing. First, an overview of the information processing system 100 will be described.

  In the information processing system 100, the client apparatus 102 designates a command to be provided to the IC chip in order to cause the IC chip to execute a predetermined process. The command specified by the client device 102 is generated by the server device 104. The server device 104 has a key for encrypting / decrypting the command, and encrypts the generated command in order to keep the processing contents secret as necessary. The command generated and encrypted by the server device 104 is provided from the client device 102 to the IC chip. The IC chip has a key corresponding to the key that the server device 104 has, and decrypts and executes the command provided from the client device 102. After execution, the IC chip encrypts the response and provides it to the client apparatus 102. The client device 102 has the server device 104 decrypt the encrypted response, recognizes the content of the response, and then designates a command to be provided to the IC chip.

  As described above, in the information processing system 100, the IC chip and the server device 104 hold corresponding keys, and encrypt commands and responses in order to keep the processing contents secret. Since the server device 104 holds the key that is the secret information, it is possible to prevent the key from being leaked or tampered with a high probability as compared with the case where the client device 102 holds the key. It can be prevented from being decrypted and falsified. Furthermore, since the IC chip has tamper resistance, the key held by the IC chip is less likely to be leaked or tampered with, and the processing corresponding to the command by the IC chip and the response encryption processing are performed. Etc. are safely performed without leaking outside the IC chip.

  Next, the overall configuration of the information processing system 100 according to the first embodiment will be described with reference to FIGS. 1 and 2. The information processing system 100 includes, for example, client devices 102a, 102b,... (Hereinafter simply referred to as the client device 102), a server device 104, a communication network 106, and the like.

  The client device 102 is a computer capable of causing the IC chip to execute a predetermined process. The client device 102 can be, for example, a mobile phone with a built-in IC chip as indicated by reference numeral 102a. In that case, the client apparatus 102 causes the CPU included in the built-in IC chip to execute predetermined processing. Further, the client apparatus 102 can be a personal computer including an IC card reader / writer 108 as indicated by reference numeral 102b, for example. In this case, for example, the client apparatus 102 causes a CPU included in an IC chip built in an IC card arranged in a range capable of communicating with the IC card reader / writer 108 to execute a predetermined process. In addition, the client device 102 may be a kiosk terminal capable of downloading a POS register or a ticket.

  The IC chip that causes the client device 102 to execute a predetermined process decrypts the data encrypted by the server device 104, and the server device 104 encrypts the data so that the server device 104 can decrypt the data. I have a key that corresponds to my key. The IC chip has tamper resistance in order to securely hold the key.

  The tamper resistance of the IC chip includes, for example, physical tamper resistance that indicates a mechanism that can withstand attacks, tamper resistance against side channel attacks, a function that does not leak information useful for guessing internal secret information, This includes tamper resistance, etc. that forcefully malfunctions and does not leak internal secret information. Physical tamper resistance means that it is difficult to analyze objects (devices, circuit boards, semiconductor parts, etc.), or if you try to analyze it, it will detect the decomposition in some way and it will not work, or it will not be sensitive to leaking outside. This is realized by providing a mechanism for positive erasing. Tamper resistance to side channel attacks means measuring the data dependency of encryption processing time and the change in current consumption / leakage of electromagnetic waves during encryption operation in devices that process encryption (circuit boards, semiconductor integrated circuits). This is tampering with a method for estimating secret information in the apparatus.

  Note that the target for the client device 102 to execute a predetermined process may not be a tamper-resistant IC chip. For example, it may be a tamper-resistant physical medium (such as a memory card) that stores information to be kept secret on the IC chip. Further, the client device 102 itself or another computer may be used. In this case, in detail, since the key is stored in the memory of the client apparatus 102 or another computer, and the CPU performs encryption / decryption processing using the key, in order to prevent the outflow of the key, etc. It is necessary that at least one of the memory and the CPU, preferably both have tamper resistance.

  The server device 104 is a computer that receives a request from the client device 102 and supports execution of predetermined processing by the IC chip. The server apparatus 104 according to the first embodiment generates a command specified by the client apparatus and encrypts the generated command in response to a request from the client apparatus 102 as execution support for a predetermined process. it can.

  The communication network 106 includes, for example, a public line network such as the Internet, a telephone line network, and a satellite communication network, and a dedicated line network such as WAN, LAN, and IP-VPN, and may be wired or wireless.

  In the information processing system 100 according to the present embodiment, unlike the conventional information processing system, the client device has a main application program for causing the IC chip to execute a predetermined process. As shown in FIG. 2, each of the client devices 102a and 102b includes a tamper-resistant IC chip 112 that executes a predetermined process, and an application 110 that causes the IC chip 112 to execute the predetermined process. Examples of the predetermined process include inquiry and update of value information stored in the IC chip. Examples of value information include electronic money amount information, information on electronic coupons, service point value information, and the like. The client device 102 causes the IC chip 112 to perform the predetermined processing as described above by executing the application 110.

  The application 110 provides the IC chip 112 with a command necessary for executing the predetermined process by the IC chip 112 in order to cause the IC chip 112 to execute the predetermined process. Conventionally, the functions performed by the application 110 are performed by an application stored in the server device. That is, the server device executes an application stored in the server device, specifies and generates each command necessary for executing a predetermined process, and encrypts it as necessary. In the present embodiment, the application 110 of the client apparatus 102 designates each command necessary for executing a predetermined process among the functions previously performed by the server apparatus. That is, the client device 102 designates a command, and the server device 104 generates a command designated by the client device 102 and encrypts it as necessary. The generated or encrypted command is transmitted from the server device 104 to the client device 102 and provided from the client device 102 to the IC chip 112.

  According to such a configuration, the server device 104 only needs to generate a designated command. For example, even when each application program is necessary to cause the IC chip to execute various predetermined processes, the plurality of these programs are required. The application program is stored in the client device as the application 110. The server device 104 only needs to be able to generate a command necessary for execution of each predetermined process, and need only have a general-purpose application program for generating a specified command.

  Therefore, it is sufficient to add, change, delete, etc. application programs to the client device 102, and there is an advantage that management is easier than when adding, changing, deleting, etc. application programs to the server device 104. Further, since the server device 104 only needs to execute a general-purpose application program even when it receives requests from a plurality of client devices 102, the server device 104 is more than a case where a plurality of different applications are executed in parallel. Therefore, it is possible to prevent the processing speed from being lowered.

  Conventionally, the server apparatus has each application, and the client apparatus stores a GUI corresponding to each application. Therefore, it has been necessary to develop and link both an application on the server device side and an application such as a GUI on the client device side. However, according to the configuration of the present embodiment, there is an advantage that development efficiency increases because a general-purpose application only needs to be developed on the server device side, and an application on the client device side only needs to be developed.

  Furthermore, the session information for managing the communication state between the client device 102 and the server device 104 can be managed by the application 110 of the client device 102. Therefore, it is possible to prevent the resource on the server device 104 side from being used for managing session information, and the server device 104 can be connected simultaneously with a large number of client devices 102.

  Also, when managing session information on the server device side, there is usually a limit on resource use on the server device side, so it is necessary to provide a session timeout for managing session information. However, according to the present embodiment, the session information can be managed on the client apparatus 102 side, so there is no need to provide a timeout time. Therefore, even when a considerable time has elapsed after the communication connection between the client apparatus 102 and the server apparatus 104 is disconnected, the client apparatus 102 manages the session information, so that the client apparatus 102 and the server apparatus When the communication connection with the apparatus 104 is resumed, it is possible to continue the processing performed by the communication connection before disconnection.

  The overall configuration of the information processing system 100 has been described above. Next, the functional configuration of the client apparatus 102 will be described with reference to FIG.

  The client device 102 includes an encryption request transmission unit 120, a command designation unit 122, a command information storage unit for each process 124, a command reception unit 126, a command division unit 128, a command use unit 130, a response acquisition unit 132, a response combination unit 134, It mainly includes a decryption request transmission unit 136, a response reception unit 138, and the like.

  The command specifying unit 122 specifies one or more commands necessary for execution of predetermined processing by the IC chip 112. Specifically, the command designating unit 122 recognizes a predetermined process to be executed by the IC chip 112 and a command necessary for executing the predetermined process, and designates the command. The predetermined processing will be specifically described by applying it to the update of the point value information of the service point stored in the IC chip 112. The point value information update process includes three processes: authentication, reading of point value information stored in the IC chip 112, and writing of point value information to the IC chip 112. In order to cause the IC chip 112 to update the point value of the service point, the command specifying unit 122 first specifies a command “authentication”, for example, as a command for executing authentication. Next, the command designating unit 122 designates, for example, a command “read” as a command for causing the IC chip 112 to read the point value information. Next, the command designating unit 122 designates, for example, a command “write” as a command for causing the IC chip 112 to write the point value information.

  When designating a command, the command designating unit 122 can designate data to be used when executing processing of each command by the IC chip 112 as a command parameter. In the above example, for example, in the command “authentication”, data that can be recognized by the IC chip 112 such as the address of the storage area of the chip ID that can uniquely identify the IC chip 112 is designated as a command parameter. The For example, in the command “read”, data that allows the IC chip 112 to recognize that the read target is the point value information, such as an address of an area in which the point value information is stored, is designated as a command parameter. In the command “write”, data that allows the IC chip 112 to recognize that the write target is the point value information, such as the value of the point value to be written and the address of the write area, is designated as a command parameter.

  In addition, the command specifying unit 122 may specify a plurality of commands when a plurality of commands are necessary for execution of the predetermined processing by the IC chip 112. For example, the command designating unit 122 first designates the command “authentication” for the update processing of the point value information, and designates the command “read” after the execution of the command “authentication” by the IC chip 112 is completed. Similarly, each command may be specified in a plurality of times, such as specifying the command “write” after the execution of the command “read” by the IC chip 112 is completed. For the update processing of point value information, commands “authentication”, “read”, and “write” may be specified at once. For example, the command specifying unit 122 may specify a plurality of commands at once by referring to the command information for each process stored in the command information storage unit for each process 124.

  The process-specific command information storage unit 124 stores process-specific command information, and includes a storage device such as a RAM or a hard disk. FIG. 4 shows an example of process-specific command information stored in the process-specific command information storage unit 124. In the process-specific command information storage unit 124, a composite command name 1240, a command request 1242, and a parameter 1244 are associated and stored. The compound command name 1240 stores identification information that can specify a predetermined process. For example, process names such as process A and process B are stored as shown in the figure. The command request 1242 stores command identification information necessary for causing the IC chip 112 to execute predetermined processing identified by the processing information stored in the composite command name 1240. The parameter 1244 stores data (command parameters) to be used by the IC chip 112 when the IC chip 112 executes processing of the command identified by the identification information stored in the command request 1242.

  More specifically, for example, the process A in FIG. 4 is a process for updating the point value information of the service point described above, and a command necessary for causing the IC chip 112 to execute the point value update process is a command request. The commands “authentication”, “read”, and “write” are stored in 1242. The command designation unit 122 searches the command information storage unit 124 for each process to be executed by the IC chip 112, and associates a plurality of command requests 1242 associated with the corresponding composite command name 1240 with each command request. By specifying together with the specified parameters, it is possible to specify a plurality of commands necessary for executing a predetermined process at a time.

  The command specifying unit 122 provides the command name (“authentication”, “read”, “write”, etc.) of the specified command and parameters to the encryption request transmitting unit 120. The encryption request transmission unit 120 transmits to the server device an encryption request that requests generation of one or more commands specified by the command specification unit 122 and encryption of the commands as necessary. Specifically, the encryption request transmission unit 120 transmits the command name and parameters acquired from the command specification unit 122 to the server device 104 connected via the communication network 106.

  The command receiving unit 126 receives a command from the server device 104. Specifically, the command receiving unit 126 receives a command generated and encrypted by the server device 104 in response to a request from the encryption request transmitting unit 120. The command received by the command receiving unit 126 includes both an encrypted command and an unencrypted command. Further, when the command specifying unit 122 specifies a plurality of commands at a time and the encryption request transmitting unit 120 transmits a plurality of command names at a time, the command receiving unit 126 receives a plurality of commands at a time. . Therefore, when receiving a plurality of commands at once, the command receiving unit 126 provides the command group to the command dividing unit 128. Note that when receiving one command, the command receiving unit 126 may provide the command to the command using unit 130 instead of the command dividing unit 128.

  The command dividing unit 128 divides a command group including a plurality of commands into command units. For example, if the command group received by the command receiving unit 126 from the server device 104 includes information such as the length and start position of each command, the command group can be divided by referring to the information. it can. The command dividing unit 128 divides the command group into command units and provides each command to the command using unit 130.

  The command using unit 130 uses one or more commands when executing a predetermined process. Specifically, the command using unit 130 provides the IC chip 112 with the command acquired from the command receiving unit 126 or the command dividing unit 128. Commands provided to the IC chip 112 by the command utilization unit 130 include both encrypted commands and unencrypted commands. In this embodiment, provision of a command to the IC chip corresponds to use of the command, but use of the command is not limited to such an example. For example, when execution of predetermined processing is performed by another computer connected to the client apparatus 102 via the communication network instead of the IC chip, the predetermined processing may be provided to the computer.

  The response acquisition unit 132 acquires a response from the IC chip 112. The response is a processing result when the IC chip 112 performs command processing corresponding to the command. When the IC chip 112 receives the command and executes the corresponding command processing, the IC chip 112 provides the processing result to the client device 102 as a response. The IC chip 112 encrypts the response as necessary, and provides the encrypted response to the client device 102. When the response acquisition unit 132 acquires the response, the response acquisition unit 132 provides the response to the decryption request transmission unit 136. When the command designating unit 122 designates a plurality of commands at once, the IC chip 112 performs a plurality of command processing continuously and provides each response to the client device 102 continuously. Therefore, the response acquisition unit 132 may provide the acquired response to the response combination unit 134 and may be provided to the decryption request transmission unit 136 in a state where a plurality of responses are combined by the response combination unit 134.

  The decryption request transmission unit 136 includes a response acquired from the response acquisition unit 132 or the response combination unit 134, and transmits a decryption request for requesting decryption of the encrypted response when the response is encrypted. To do.

  The response receiving unit 138 receives the response decrypted by the server device 104. The response receiving unit 138 provides the received response to the command specifying unit 122. By providing the response, the command specifying unit 122 can specify the next command based on the response to the previous command.

  The functional configuration of the client device 102 has been described above. Next, the functional configuration of the server device 104 will be described with reference to FIG.

  The server device 104 includes an encryption request reception unit 140, a server command generation unit 142, a command conversion information storage unit 144, a command transmission unit 146, a command encryption unit 148, a decryption request reception unit 150, a response decryption unit 152, A response transmission unit 154 and the like are mainly provided.

  The encryption request receiving unit 140 receives an encryption request from the client device 102. Specifically, the encryption request receiving unit 140 acquires a command name and a parameter from the client device 102 and provides the acquired command name and parameter to the server command generation unit 142.

  The server command generation unit 142 acquires an encryption request from the encryption request reception unit 140, and generates a command based on the encryption request. Specifically, the server command generation unit 142 acquires a command name and parameters from the encryption request reception unit 140, and acquires the acquired command name based on the command conversion information stored in the command conversion information storage unit 144. Generate a command corresponding to.

  The command conversion information storage unit 144 stores command conversion information. An example of command conversion information stored in the command conversion information storage unit 144 is shown in FIG. In the command conversion information storage unit 144, a command request 1440, a command 1442, an actual value 1444, and the like are associated and stored. The command request 1440 is identification information that can uniquely identify a command, and stores, for example, a command name. The information stored in the command request 1440 corresponds to the information stored in the command request 1242 of the process-specific command information storage unit 124. The command 1442 stores information indicating the format of the command identified by the identification information stored in the command request 1440. For example, the information stored in the command 1442 indicates that the command “authentication” is a combination of the command code “Authentication” and a parameter. The actual value 1444 is a value provided to the IC chip 112. For example, the command code “Authentication” is provided to the IC chip 112 as the value “10”.

  The server command generation unit 142 searches for a command request 1440 corresponding to the command name acquired from the encryption request reception unit 140, and generates a command with reference to the command 1442 and the actual value 1444. As a specific example, for example, when the command “authentication” is acquired as the command name and “39 43 58 92 00” is acquired as the parameter from the encryption request receiving unit 140, the server command generation unit 142 is as follows: Generate a command.

Command = length + command code + parameter length = (command code + parameter) length “authentication” command = 06 10 39 58 92 00

  The server command generation unit 142 provides the command generated as described above to the command encryption unit 148 as necessary.

  The command encryption unit 148 encrypts the command acquired from the server command generation unit 142. Specifically, the command encryption unit 148 encrypts the command so that it can be decrypted with the key held by the IC chip 112. The command encryption unit 148 provides the encrypted command to the command transmission unit 146.

  The command transmission unit 146 is connected to the command acquired from the command encryption unit 148 via the communication network 106 and transmits the command to the client device 102 that is the transmission source of the encryption request.

  The decryption request receiving unit 150 receives a decryption request from the client device 102. Specifically, the decryption request receiving unit 150 receives a response that is a processing result of the command processing by the IC chip 112 from the client device 102 in a state encrypted with the key held by the IC chip 112. The decryption request receiving unit 150 provides the encrypted response to the response decrypting unit 152.

  The response decryption unit 152 decrypts the response acquired from the decryption request reception unit 150 and provides the response transmission unit 154 with the response.

  The response transmission unit 154 is connected via the communication network 106 to the response acquired from the response decryption unit, and transmits the response to the client apparatus 102 that is the transmission source of the decryption request.

  The functional configuration of the server device 104 has been described above. Next, the functional configuration of the IC chip 112 will be described with reference to FIG. The IC chip 112 mainly includes a command acquisition unit 160, a command decryption unit 162, a command execution unit 164, a response encryption unit 166, a response provision 168, and the like.

  The command acquisition unit 160 acquires a command from the client device 102 and provides the command to the command decryption unit 162. The command decoding unit 162 decodes the command acquired from the command acquisition unit 160 and provides the decoded command to the command execution unit 164. The command execution unit 164 executes processing corresponding to the command, and provides a response as a processing result to the response encryption unit 166. Specifically, for example, when the command is a command instructing reading, and the target area to be read is specified by a parameter, the command execution unit 164 reads the data stored in the specified area and reads the read data. To the response encryption unit 166 as a response. A specific example of the response to the command is shown in FIG. The command 1660 is the command name of the command executed by the command execution unit 164, and the actual value 1602 is data that the command execution unit 164 provides to the response encryption unit 166 as a response.

  The response encryption unit 166 encrypts the command acquired from the command execution unit 164 and provides the encrypted response to the response providing unit 168. The response providing unit 168 provides the encrypted response to the client device 102.

  When the command acquired by the command acquisition unit 160 is not encrypted, the command IC chip 112 may provide the response to the client device 102 without encrypting the response.

  As the IC chip 112 according to the present embodiment, an IC chip used in a conventional server-driven information processing system can be used as it is.

  The functional configuration of the IC chip 112 has been described above. Next, the flow of information processing in the information processing system 100 will be described with reference to FIG.

  First, the client apparatus 102 and the server apparatus 104 are communicatively connected, and mutual authentication is performed as necessary (S100). Next, the client device 102 designates a command according to a predetermined process to be executed by the IC chip 112 (S102). Then, the client device 102 transmits an encryption request for requesting generation and encryption of the specified command to the server device 104 (S104).

  The server device 104 receives the encryption request, generates a command specified in the encryption request (S106), and encrypts the generated command (S108). When a plurality of commands are specified in the encryption request, the server apparatus 104 performs S106 to S108 a plurality of times to generate a plurality of encrypted commands. Then, the server device 104 transmits the encrypted command to the client device 102 (S110).

  The client device 102 that has received the command divides it into command units as necessary (S112). In other words, when the client apparatus 102 transmits a plurality of command encryption requests at once in S104, the server apparatus 104 transmits a plurality of corresponding commands in S110. In that case, the client apparatus 102 divides into command units in S112. Subsequently, the client device 102 provides a command to the IC chip 112 (S114). When the command is encrypted by the server device 104, the client device 102 provides the command to the IC chip 112 in the state of being encrypted.

  The IC chip 112 acquires a command from the client device 102, and if the command is encrypted, decrypts it with the key it holds, and then executes the corresponding command processing (S116). After executing the command processing, the IC chip 112 encrypts the response that is the execution result (S118), and provides the encrypted response to the client device 102 (S112). The client apparatus 102 acquires a response from the IC chip 112 and combines a plurality of responses as necessary (S122). Then, the client apparatus 102 transmits a response decryption request including the encrypted response to the server apparatus 104 (S124).

  The server device 104 decrypts the received response (S126), and transmits the decrypted response to the client device 102 (S128).

  The client device 102 receives the decrypted response and designates a command based on the received response (S130).

  The flow of information processing in the information processing system 100 has been described above. The information processing system 100 according to the first embodiment can reduce the load on the server device by the client device 102 specifying the command that the server device has conventionally performed.

(Second Embodiment)
The information processing system according to the second embodiment is the same as the first embodiment in that the client device has a main application program for causing the IC chip to execute a predetermined process. Of the designation, generation, and encryption of each command necessary for execution of a predetermined process, which is conventionally performed by the server apparatus, in the first embodiment, the client apparatus 102 designates the command. The second embodiment is different from the first embodiment in that the client device specifies and generates a command. Hereinafter, the second embodiment will be described focusing on differences from the first embodiment.

  First, a functional configuration of the client device 202 according to the second embodiment will be described with reference to FIG. Components having the same functions as those of the client device 102 according to the first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  Like the command specifying unit 222 according to the first embodiment, the command specifying unit 222 executes predetermined processing by the IC chip by referring to the processing-specific command information stored in the processing-specific command information storage unit 124. Specify one or more commands required for. The command specifying unit 222 provides the command name of the specified command to the client command generating unit 224.

  The client command generation unit 224 generates a command specified by the command specification unit 222. Specifically, the client command generation unit 224 is designated by the command designation unit 222 based on the command conversion information stored in the command conversion information storage unit 144 in substantially the same manner as the server command generation unit 142 according to the first embodiment. Generate the command The client command generation unit 224 provides the generated command to the encryption request transmission unit 220.

  The encryption request transmission unit 220 transmits an encryption request for the command including the command acquired from the client command generation unit 224 to the server device 204.

  Next, a functional configuration of the server device 204 according to the present embodiment will be described. Components having the same functions as those of the server device 104 according to the first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  The encryption request receiving unit 240 receives an encryption request from the client device 202. Unlike the first embodiment, this encryption request includes the command itself instead of the command name. The encryption request receiving unit 240 provides the acquired command to the command encryption unit 248. The command encryption unit 248 encrypts the command acquired from the encryption request reception unit 240 and provides it to the command transmission unit 146.

  Next, the flow of information processing in this embodiment will be described based on FIG. First, the client device 202 and the server device 204 are communicatively connected, and mutual authentication is performed as necessary (S200). Next, a command is designated according to a predetermined process that the client device 202 wants the IC chip 112 to execute (S202). Subsequently, the client device 202 generates the command specified in S202 (S204). Then, the client device 202 transmits an encryption request for requesting encryption of the command including the command generated in S204 to the server device 204 (S206).

  The server device 204 receives the encryption request and encrypts the command included in the received encryption request (S208). Then, the server device 204 transmits the encrypted command to the client device 202 (S210). The subsequent processing is the same as the processing from S112 to S130 in FIG.

  In the information processing system according to the present embodiment, session information for managing communication between the client device 202 and the server device 204 can be managed on the client device 202 side. Therefore, even when the communication connection between the client device 202 and the server device 204 is disconnected, the processing that was performed before the disconnection can be continued after the connection is resumed. FIG. 13 shows the flow of processing when the communication connection is disconnected.

  The client device 202 transmits an encryption request to the server device 204 (S300). This encryption request includes three commands, command 1, command 2, and command 3, which are specified and generated by the client device 202, and is an encryption request for requesting encryption of these three commands. During the transmission of the encryption request, the communication connection between the client device 202 and the server device 204 is disconnected. In particular, in the encryption request, it is assumed that after the transmission of the command 1 and the command 2, the communication connection is disconnected while the command 3 is being transmitted from the client device 202 to the server device 204 (S302).

  Thereafter, when the communication connection between the client device 202 and the server device 204 is resumed, mutual authentication is performed as necessary (S304). Then, the client device 202 checks how far the processing between the client device 202 and the server device 204 has been completed at the time of the previous communication connection based on the managed session information. Specifically, the client device 202 confirms the transmitted command (S306). The client device 202 can confirm that the transmission of the command 1 and the command 2 is completed by checking the transmitted command. Therefore, the client device 202 transmits the command 3 that has not been completed last time. Specifically, the client apparatus 202 transmits an encryption request that includes the command 3 and requests encryption of the command 3 to the server apparatus 204 (S308). The server device 204 encrypts the received commands (command 1, command 2, and command 3) (S310), and transmits the encrypted command to the client device 202 (S312). As described above, the client device 202 can execute the continuation of the processing performed with the server device 204 before the communication connection is disconnected. It should be noted that the client device 102 in the first embodiment can also execute the continuation of the processing performed with the server device 104 before the communication connection is cut off.

  According to the above configuration, since the command is generated by the client device 202, the server device 204 only needs to encrypt the received command and does not need to generate the command. Therefore, the effect produced by the first embodiment can be produced in the same manner, and the burden on the server can be further reduced as compared with the case of the first embodiment.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to the example which concerns. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

It is explanatory drawing which shows the whole structure of the information processing system concerning 1st Embodiment of this invention. It is explanatory drawing which shows the whole structure of the information processing system in the embodiment. It is a block diagram which shows the function structure of the client apparatus in the embodiment. It is explanatory drawing which shows the command information according to process in the embodiment. It is a block diagram which shows the function structure of the server apparatus in the embodiment. It is explanatory drawing which shows the command conversion information in the embodiment. It is a block diagram which shows the function structure of the IC chip in the embodiment. It is explanatory drawing which shows an example of the response in the embodiment. 3 is a timing chart showing a flow of information processing in the embodiment. It is a block diagram which shows the function structure of the client apparatus in 2nd Embodiment of this invention. It is a block diagram which shows the function structure of the server apparatus in the embodiment. 3 is a timing chart showing a flow of information processing in the embodiment. 3 is a timing chart showing a flow of information processing in the embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Information processing system 102,102a, 102b, 202 Client apparatus 104,204 Server apparatus 106 Communication network 110 Application 112 IC chip 120,220 Encryption request transmission part 122,222 Command designation part 124 Command information storage part by process 126 Command reception Unit 128 command division unit 130 command utilization unit 132 response acquisition unit 134 response combination unit 136 decryption request transmission unit 138 response reception unit 140,240 encryption request reception unit 142 server command generation unit 144 command conversion information storage unit 146 command transmission unit 148, 248 Command encryption unit 150 Decryption request reception unit 152 Response decryption unit 154 Response transmission unit 160 Command acquisition unit 162 Command decryption unit 164 Command execution unit 166 Response encryption unit 168 Response provision unit 224 Client command generation unit

Claims (22)

A tamper-resistant IC chip, a client device, a server device connected to the client device via a communication network, and supporting execution of predetermined processing by the IC chip in response to a request from the client device; In an information processing system comprising:
The client device
A command designating unit for designating one or more commands necessary for execution of the predetermined processing by the IC chip;
A client command generation unit that generates the one or more commands specified by the command specification unit;
An encryption request transmission unit that transmits an encryption request for the command to the server device, including the command generated by the client command generation unit;
A command receiving unit that receives the one or more encrypted commands from the server device;
A command utilization unit for providing the one or more encrypted commands to the IC chip;
With
The server device
An encryption request receiving unit for receiving the encryption request from the client device;
A command encryption unit that encrypts the one or more commands included in the encryption request;
A command transmission unit that transmits the encrypted one or more commands to the client device;
With
The IC chip is
A command acquisition unit for acquiring the one or more encrypted commands from the client device;
A command decryption unit for decrypting the encrypted command;
A command execution unit that performs command processing according to the decoded command;
An information processing system comprising: A tamper-resistant IC chip, a client device, a server device connected to the client device via a communication network, and supporting execution of predetermined processing by the IC chip in response to a request from the client device; In an information processing system comprising:
The client device
A command designating unit for designating one or more commands necessary for execution of the predetermined processing by the IC chip;
An encryption request transmitting unit that transmits an encryption request for requesting generation and encryption of the one or more commands specified by the command specifying unit;
A command receiving unit that receives the one or more encrypted commands from the server device;
A command utilization unit for providing the one or more encrypted commands to the IC chip;
With
The server device
An encryption request receiving unit for receiving the encryption request from the client device;
A server command generation unit that generates each command specified in the encryption request for the one or more commands that are generated and encrypted in the encryption request;
A command encryption unit that encrypts one or more of the commands generated by the server command generation unit;
A command transmission unit that transmits the encrypted one or more commands to the client device;
With
The IC chip is
A command acquisition unit for acquiring the one or more encrypted commands from the client device;
A command decryption unit for decrypting the encrypted command;
A command execution unit that performs command processing according to the decoded command;
An information processing system comprising: In a client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating unit for designating one or more commands necessary for executing the predetermined process;
A client command generation unit that generates the one or more commands specified by the command specification unit;
An encryption request transmission unit that transmits an encryption request for the command to the server device, including the command generated by the client command generation unit;
A command receiving unit that receives the one or more encrypted commands from the server device;
A command using unit that uses the one or more encrypted commands when executing the predetermined process;
A client device comprising:   The client device according to claim 3, wherein the command designating unit designates the one or more commands according to a processing result corresponding to a previous command. It is possible to communicate with an IC chip having tamper resistance that executes the predetermined processing.
The client device according to claim 3, wherein the command using unit provides the encrypted command to the IC chip. A response acquisition unit that acquires, from the IC chip, a response that is a processing result corresponding to the command in a state encrypted by the IC chip;
A decryption request transmission unit that transmits a decryption request for the response to the server device, including the encrypted response;
A response receiver for receiving the decrypted response from the server device;
The client apparatus according to claim 5, further comprising: When a plurality of commands are required to execute the predetermined process, the command specifying unit specifies the plurality of commands,
The client command generation unit generates a plurality of the commands specified by the command specification unit,
The encryption request transmitting unit includes one encryption request for requesting encryption of the plurality of commands, including a plurality of commands specified by the command specifying unit and generated by the client command generating unit. The client device according to claim 3, wherein the client device transmits to the client device. The command receiving unit can receive a command group including a plurality of the encrypted commands from the server,
The client device according to claim 3, further comprising a command dividing unit that divides the command group into command units.   The client device according to claim 6, further comprising: a response combining unit that combines the plurality of encrypted responses acquired from the IC chip by the response acquiring unit to generate one decryption request. A client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating process for designating one or more commands necessary for executing the predetermined process;
A client command generation process for generating the one or more commands designated by the command designation process;
An encryption request transmission process for transmitting an encryption request for the command to the server device, including the command generated by the client command generation process;
Command reception processing for receiving the one or more encrypted commands from the server device;
A command use process for using the one or more encrypted commands when executing the predetermined process;
A computer program characterized in that the program is executed. In an information processing method executed by a client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating step for designating one or more commands necessary for executing the predetermined process;
A client command generation step for generating the one or more commands specified in the command specification step;
An encryption request transmission step for transmitting an encryption request for the command to the server device, including the command generated by the client command generation step;
A command receiving step of receiving the one or more commands encrypted from the server device;
A command using step of using the one or more encrypted commands when executing the predetermined processing;
An information processing method comprising: In a client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating unit for designating one or more commands necessary for executing the predetermined process;
An encryption request transmitting unit that transmits an encryption request for requesting generation and encryption of the one or more commands specified by the command specifying unit;
A command receiving unit that receives the one or more encrypted commands from the server device;
A command using unit that uses the one or more encrypted commands when executing the predetermined process;
A client device comprising: When a plurality of commands are required to execute the predetermined process, the command specifying unit specifies the plurality of commands,
13. The encryption request transmitting unit transmits one encryption request for requesting generation and encryption of a plurality of commands specified by the command specifying unit to the server device. Client device. A client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating process for designating one or more commands necessary for executing the predetermined process;
Encryption request transmission processing for transmitting to the server device an encryption request for requesting generation and encryption of the one or more commands specified by the command specification processing;
Command reception processing for receiving the one or more encrypted commands from the server device;
A command use process for using the one or more encrypted commands when executing the predetermined process;
A computer program characterized in that the program is executed. In an information processing method executed by a client device connected via a communication network to a server device that supports execution of a predetermined process:
A command designating step for designating one or more commands necessary for executing the predetermined process;
An encryption request transmitting step for transmitting to the server device an encryption request for requesting generation and encryption of the one or more commands specified in the command specifying step;
A command receiving step of receiving the one or more commands encrypted from the server device;
A command using step of using the one or more encrypted commands when executing the predetermined processing;
An information processing method comprising: In a server apparatus connected to a client apparatus via a communication network and supporting execution of a predetermined process in response to a request from the client apparatus:
An encryption request receiving unit that receives from the client device an encryption request for requesting generation and encryption of one or more specified commands necessary for execution of the predetermined processing;
A server command generation unit that generates each command specified in the encryption request for the one or more commands that are generated and encrypted in the encryption request;
A command encryption unit that encrypts one or more of the commands generated by the server command generation unit;
A command transmission unit for transmitting the encrypted command to the client device;
A server device comprising: A decryption request receiving unit for receiving a decryption request for a response including an encrypted response, which is a processing result corresponding to the command, from the client device;
A response decryption unit for decrypting the encrypted response;
The server apparatus according to claim 16, comprising: A server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device:
An encryption request receiving process for receiving from the client device an encryption request for requesting generation and encryption of one or more specified commands necessary for execution of the predetermined process;
A server command generation process for generating each command specified in the encryption request for the one or more commands that are generated and encrypted in the encryption request;
A command encryption process for encrypting one or more of the commands generated by the server command generation process;
Command transmission processing for transmitting the encrypted command to the client device;
A computer program characterized in that the program is executed. In an information processing method executed by a server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device:
An encryption request receiving step for receiving an encryption request for requesting generation and encryption of one or more designated commands required for execution of the predetermined processing from the client device;
A server command generation step of generating each command specified in the encryption request for the one or more commands that are generated and encrypted in the encryption request;
A command encryption step for encrypting one or more of the commands generated by the server command generation step;
A command transmission step of transmitting the encrypted command to the client device;
An information processing method comprising: In a server apparatus connected to a client apparatus via a communication network and supporting execution of a predetermined process in response to a request from the client apparatus:
An encryption request receiving unit for receiving an encryption request for requesting encryption of the command, including one or more commands necessary for execution of the predetermined process, from the client device;
A command encryption unit that encrypts the one or more commands included in the encryption request;
A command transmission unit for transmitting the encrypted command to the client device;
A server device comprising: A server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device:
An encryption request receiving process for receiving an encryption request for requesting encryption of the command, including one or more commands necessary for executing the predetermined process, from the client device;
A command encryption process for encrypting the one or more commands included in the encryption request;
Command transmission processing for transmitting the encrypted command to the client device;
A computer program characterized in that the program is executed. In an information processing method executed by a server device connected to a client device via a communication network and supporting execution of a predetermined process in response to a request from the client device:
An encryption request receiving step for receiving an encryption request for requesting encryption of the command, including one or more commands necessary for execution of the predetermined process, from the client device;
A command encryption step for encrypting the one or more commands included in the encryption request;
A command transmission step of transmitting the encrypted command to the client device;
An information processing method comprising:

Images