JP6318948B2 - Electronic device and authentication device - Google Patents

Description

  The present invention relates to an information processing system including an electronic device and an authentication device.

  In order to simplify the authentication process in an electronic device, a user of the electronic device often uses an authentication device such as an IC (integrated circuit) card or a USB (Universal Serial Bus) key. Information such as a user ID (identifier) and a password is registered in an authentication device such as an IC card or a USB key, and the electronic device stores information acquired from the authentication device used by the user. The electronic device can appropriately perform processing using the stored user ID and the like.

  Furthermore, in recent years, there are many cases where a plurality of users use an electronic device. Even in electronic devices used by a plurality of users, user authentication processing is performed in order to provide an environment for each user as appropriate.

  As a related technique, a system has been proposed in which a verification apparatus that stores secret information to be used by a terminal and a terminal update program determines the validity of the terminal using information obtained from the terminal. In this system, the verification device outputs secret information to a terminal that is determined to be a valid terminal. On the other hand, if it is determined that the terminal is not valid, the verification device outputs an update program to the terminal, thereby forcing the terminal to use the secret information to update the program.

International Publication No. 2008/004524

  When a plurality of users use an electronic device jointly, information used by one user for authentication of the electronic device or information input to the electronic device may be misused by another malicious user. For this reason, it is desirable to prevent execution processing by other users after setting different environments for executing programs for each user. It is difficult to prevent a legitimate user of an electronic device from accessing an execution environment of another legitimate user even using the technique described as the related technique.

  An object of the present invention is to improve security in an electronic device used by a plurality of users.

An electronic apparatus according to one embodiment includes a communication unit, a storage unit, an execution processing unit, an extraction unit, a request unit, and a control unit. The communication unit performs communication with an authentication device that holds information for identifying a user. The storage unit stores a combination of an executable program and a target authentication device that is an authentication device that communicated when the program was installed. The execution processing unit executes the program. The extraction unit extracts, from information received from the target authentication device, identification information for identifying the combination and a public key generated by the target authentication device for use in authentication processing with the electronic device. When requesting execution of the program, the request unit requests the target authentication device for authentication processing by transmitting the identification information via the communication unit. The request unit encrypts the first data included in the second message received as a response to the first message used for transmitting the identification information with the public key, thereby generating second data. And transmitting a third message including the second data via the communication unit, and when the target authentication device decrypts the second data with a secret key that is a pair of the public key, When the fourth message indicating that the authentication processing has succeeded is acquired because it is determined that the data matches the data of 1, the execution processing unit is requested to execute the program. When the execution of the program is requested, the control unit performs control for stopping the execution of the program when communication with the target authentication device is not established. When the authentication process fails, the control unit determines that communication with the target authentication device has not been established, and stops the execution of the program.

  Security in electronic devices used by multiple users can be improved.

It is a figure explaining the example of the process performed with an information processing system. It is a figure explaining the example of a structure of an electronic device. It is a figure explaining the example of the hardware constitutions of an electronic device. It is a figure explaining the example of a structure of an authentication apparatus. It is a figure explaining the example of the information which an authentication apparatus hold | maintains. It is a figure explaining the example of the hardware constitutions of an authentication apparatus. It is a figure explaining the example of the production | generation method of a signed program. It is a sequence diagram explaining the example of the process performed at the time of installation of a program. It is a figure which shows the example of an identification information management table. It is a flowchart explaining the example of the process which an authentication apparatus performs in the case of installation of a program. It is a flowchart explaining the example of the process which an electronic device performs in the case of installation of a program. It is a sequence diagram explaining the example of the process performed when running a program. It is a sequence diagram explaining the example of the health check performed during execution of a program. It is a flowchart explaining the example of the process which an authentication apparatus performs at the time of execution of a program. It is a flowchart explaining the example of the process which an authentication apparatus performs at the time of execution of a program. It is a flowchart explaining the example of the process which an electronic device performs at the time of execution of a program. It is a sequence diagram explaining the example of application of the system concerning an embodiment.

  FIG. 1 is a diagram illustrating an example of processing performed in the information processing system when a program is installed in an electronic device and an installed program is executed. The information processing system includes an electronic device and an authentication device. It is assumed that the authentication device holds identification information, a password, and the like used by the user who uses the electronic device for authentication processing.

  An example E1 in FIG. 1 represents an example of a program that is installed in an electronic device when a plurality of users use the same program in the electronic device. In the electronic device, each program is installed as an individual program associated with an authentication device used by each user. For example, when the user A uses the program X, the program X (PAX) installed in association with the authentication device used by the user A is used. On the other hand, the program X used by the user B with the same electronic device is the program X (PBX) associated with the information of the authentication device of the user B. The electronic device holds a communication circuit used for communication with the authentication device and a communication circuit used for communication with a device other than the authentication device so that communication by the two communication circuits does not interfere with each other. It is assumed that it is set.

  Hereinafter, an example of program installation performed using the authentication apparatus A and an example of processing performed when executing a program associated with the authentication apparatus A will be described with reference to the flowchart in FIG.

  In step S1, the electronic device downloads an installer including the program X from the server. In addition to the program X, the installer also includes information related to processing performed by the electronic device to install the program X.

  In step S <b> 2, the electronic device specifies the authentication device that is communicating when starting the installation of the program X. Here, when the electronic device is requested to install the program X by the user, it is assumed that the electronic device is communicating with the authentication apparatus A. Therefore, the electronic device stores a combination of the program X and the authentication device A. At this time, the electronic device can create the identification information (AX) including both the identifier for identifying the program X and the identifier for identifying the authentication device A, and can store the created identification information AX. Further, the identification information AX may be generated by the authentication device A. When the identification information AX is generated by the authentication device A, the electronic device stores the identification information AX notified from the authentication device A.

  In step S3, the electronic device installs the program X in association with the authentication device A. That is, the electronic device installs the program X as the program PAX used by the user of the authentication device A, and associates the program PAX with the identification information AX.

  Thereafter, the processing related to the program X associated with the authentication device A is not performed until an execution request for the program X (PAX) associated with the authentication device A is generated (No in step S4). When an execution request for the program X associated with the authentication device A occurs, is the electronic device capable of communication with the authentication device (authentication device A) associated with the program requested to be executed? (Yes in step S4, step S5). If communication between the electronic device and the authentication device A is possible, the electronic device executes the program X associated with the authentication device A (Yes in step S5, step S6). In the case where the process of step S6 is performed, since the authentication apparatus A and the electronic device are in a communicable state, it is determined that the electronic apparatus is being accessed by the user of the authentication apparatus A.

  On the other hand, when the electronic device cannot communicate with the authentication device A, the electronic device ends the process without executing the program X associated with the authentication device A (No in step S5, step S7). That is, in the case of step S7, since the authentication apparatus A and the electronic device are not in a communicable state, it is determined that the electronic apparatus is accessed by a user other than the user of the authentication apparatus A, and misuse of information regarding the user of the authentication apparatus A Do not run the program to prevent such things.

  As described above, the electronic apparatus according to the embodiment installs the program to be installed as an individual program for each user using the information of the authentication device that is communicating at the time of installation. Furthermore, when the electronic device cannot confirm communication with the authentication device associated with each program, the electronic device does not execute the program. For this reason, even if a plurality of users use electronic devices, security for each user is ensured. That is, information used by each user is acquired by other users, and impersonation using a program installed by a certain user is prevented.

  In order to further enhance the security, it may be verified whether the program to be installed has been tampered with before the program is installed. Further, by performing an authentication process between the electronic device and the authentication device before the execution of the program, it is determined whether the connection between the authentication device and the electronic device connected at the time of program installation is established. It may be changed to. In the following description, a specific example will be described in detail in the case where the verification process of the installation target program and the authentication process between the electronic device 10 and the authentication device 40 are also performed.

<Device configuration>
FIG. 2 is a diagram illustrating an example of the configuration of the electronic device 10. The electronic device 10 includes a communication unit 11, a transmission / reception unit 12, an output processing unit 15, an input processing unit 16, an execution control unit 20, and a storage unit 30. The transmission / reception unit 12 includes a transmission unit 13 and a reception unit 14. The execution control unit 20 includes an installation processing unit 22, an extraction unit 23, a request unit 24, a control unit 25, and an execution processing unit 26. The storage unit 30 stores identification information 31 and an inter-device public key 32. The storage unit 30 does not store information such as the user ID and password as shown in FIG.

  The communication unit 11 performs communication processing between the electronic device 10 and the authentication device 40 (FIG. 4). The transmission unit 13 transmits data from the electronic device 10 to a device other than the authentication device 40. The receiving unit 14 receives data from devices other than the authentication device 40. The receiving unit 14 outputs the received data to the installation processing unit 22, the execution processing unit 26, and the like. For example, the reception unit 14 outputs a general-purpose installer including a program designated by the user as an installation target to the electronic device 10 to the installation processing unit 22. Hereinafter, “general-purpose installer” refers to an installer that can be used by any user. The input processing unit 16 receives input from a user for specifying a file to be downloaded and a program to be executed. The output processing unit 15 performs output processing for the user to use the processing result in the electronic device 10 such as display of the execution result of the program.

  The installation processing unit 22 acquires a program to be installed from the general-purpose installer input from the receiving unit 14 and performs installation. The extraction unit 23 extracts information such as identification information 31 from information received by the electronic device 10 from the authentication device 40. Here, the identification information 31 is information used to specify the combination of the authentication apparatus 40 that communicates when the electronic device 10 installs the program and the program being installed. Details of the processing of the extraction unit 23 will be described later. The request unit 24 requests authentication processing from the authentication device 40 associated with the program requested to be executed by the user. This authentication process is performed in order to determine whether communication is established between the authentication device 40 and the electronic device 10 that were communicating with the electronic device 10 when the program requested to be executed is installed. If the authentication is successful, it is determined that communication with the authentication device 40 that has been in communication with the electronic device 10 at the time of installation of the program requested to be executed has been established. Hereinafter, the authentication device 40 communicating with the electronic device 10 at the time of installation of the program requested to be executed may be referred to as “authentication device 40 associated with the program”.

  When it is determined that communication is not established with the authentication device 40 associated with the program, the control unit 25 controls the execution processing unit 26 not to execute the program. On the other hand, when it is determined that communication is established with the authentication device 40 associated with the program, the execution processing unit 26 executes the program.

  Note that the installation processing unit 22 and the extraction unit 23 may be executed as part of the processing of “general installer” or “individual installer” described later. Further, the request unit 24, the control unit 25, and the execution processing unit 26 may be executed as part of the processing of a program installed in the electronic device 10.

  FIG. 3 shows an example of the hardware configuration of the electronic device 10. The electronic device 10 includes a processor 101, a flash memory 102, a RAM (Random Access Memory) 103, a touch sensor 104, a display device 105, a wireless processing circuit 109, a communication processing circuit 110, and an antenna 111 (111a, 111b). Furthermore, the electronic device 10 may include a speaker 107 and a microphone 108 as options as shown in FIG. The electronic device 10 can be realized as a computer, a mobile phone terminal including a smartphone, a tablet, or the like. Note that FIG. 3 is an example. For example, the electronic device 10 may include an input device such as a keyboard instead of the touch sensor 104 and the microphone 108.

  The processor 101 operates as the execution control unit 20 by reading a program stored in the flash memory 102. The flash memory 102 operates as the storage unit 30. The input processing unit 16 is realized by the touch sensor 104, the microphone 108, the processor 101, and the like. The output processing unit 15 is realized by the processor 101, the display device 105, and the speaker 107. The communication unit 11 is realized by the communication processing circuit 110 and the antenna 111b. The communication processing circuit 110 is a circuit that performs communication processing in accordance with standards such as Bluetooth (registered trademark) and WiFi (Wireless Fidelity, registered trademark). Both the reception unit 14 and the transmission unit 13 are realized by the wireless processing circuit 109 and the antenna 111a.

  FIG. 4 shows an example of the configuration of the authentication device 40. The authentication device 40 includes a communication unit 41, a control unit 50, and a storage unit 60. The control unit 50 includes a program generation unit 51 and an authentication processing unit 52. The storage unit 60 stores an AP (Application) public key 61 and template information 62. Further, the authentication device 40 stores an inter-device encryption key 71, an identification information management table 72, an authentication information table 73, an SSL (Secure Socket Layer) authentication information table 74, and a certificate table 75 in the shield area 70. . The shield area 70 is a storage area set so that reading from the outside of the authentication device 40 is not possible.

  The communication unit 41 communicates with the electronic device 10. The program generation unit 51 is used to install a program for use by a user who stores an ID or the like in the authentication device 40 using the program acquired from the electronic device 10 via the communication unit 41 and the template information 62. Generate an installer. In the following description, an installer of a program used by a user who stores an ID or the like in the authentication device 40 may be described as “individual installer”. The program generation unit 51 generates the inter-device encryption key 71 when generating the individual installer. The inter-device encryption key 71 includes a public key and a secret key, and the individual installer includes a public key. Further, the program generation unit 51 generates identification information that can uniquely identify the combination of the user of the authentication device 40, the program to be installed, and the electronic device 10, and associates the identification information with the secret key in the identification information management table 72. Record. The identification information management table 72 is used during authentication processing by the authentication processing unit 52. The authentication processing unit 52 performs an authentication process between the electronic device 10 requested to execute the program and the authentication device 40.

  FIG. 5 is a diagram for explaining an example of information held by the authentication device 40. FIG. 5 shows an example of the authentication information table 73, the SSL authentication information table 74, and the certificate table 75. As described with reference to FIG. 2, the electronic device 10 does not hold information such as a user ID and password. For this reason, when a communication destination requests transmission of identification information regarding the user of the electronic device 10 by executing a program that operates on the electronic device 10, the electronic device 10 requests the authentication device 40 for information regarding the user. The authentication processing unit 52 extracts the user information from the authentication information table 73, the SSL authentication information table 74, and the certificate table 75 and transmits them to the electronic device 10 that has been successfully authenticated.

  In the authentication information table 73, for each URL (Uniform Resource Locator), an ID and a password used in a site specified by the URL are associated with each other. When the URL is notified from the electronic device 10 that has been successfully authenticated, the authentication processing unit 52 notifies the electronic device 10 of the combination of the ID and password associated with the notified URL.

  The SSL authentication information table 74 associates a URL with an index of a root certificate used at a site specified by the URL. On the other hand, the certificate table 75 holds an arbitrary number of root certificates. When an SSL authentication process is requested from the electronic device 10 that has been successfully authenticated, the authentication processing unit 52 uses the SSL authentication information table 74 to indicate the index of the root certificate associated with the URL notified in the authentication request. To identify. The authentication processing unit 52 further acquires a root certificate using the specified index, and verifies the server certificate with the public key included in the root certificate. When the verification of the server certificate is successful, the authentication processing unit 52 performs processing for the electronic device 10 to perform encrypted communication with the server that is the transmission source of the server certificate. A specific example will be described with reference to FIG.

  FIG. 6 is a diagram for explaining an example of the hardware configuration of the authentication device 40. The authentication device 40 includes a processor 101, a flash memory 102, a RAM 103, a communication processing circuit 110, and an antenna 111. The antenna 111 and the communication processing circuit 110 operate as the communication unit 41. The processor 101 implements the control unit 50. Further, the flash memory 102 operates as the storage unit 60.

<Embodiment>
Hereinafter, the embodiment will be described by obtaining a general-purpose installer by the electronic device 10, installing a program, and executing the program. The electronic device 10 installs each program as a different program for each user, but information such as a user ID and password is not stored in the electronic device 10 in order to increase security. Therefore, when user information such as an ID and a password is requested in accordance with the execution of the program, the electronic device 10 requests the connected authentication device 40 to transmit the information.

  In the following embodiment, it is assumed that wireless communication is performed between the electronic device 10 and the authentication device 40 using Bluetooth (registered trademark), WiFi, or the like. In addition, when the electronic device 10 communicates with a server or the like, wireless communication is performed, but it is set so that interference with the communication between the electronic device 10 and the authentication device 40 does not occur.

(1) Acquisition of Generic Installer by Electronic Device 10 FIG. 7 is a diagram for explaining an example of a method for generating a generic installer and a signed program. First, as shown in case C0, the certificate authority generates an encryption key pair to be used for detecting the alteration of the program. The encryption key pair generated by the certificate authority is used for detection of tampering by the authentication device 40. Hereinafter, in order to easily distinguish the encryption key used for communication between the electronic device 10 and the authentication device 40 (inter-device encryption key), the encryption key generated by the certificate authority is referred to as AP. It is described as an encryption key. The AP encryption key pair includes an AP private key and an AP public key.

  Next, signature data generation processing by the certificate authority will be described. As shown in Case C1, the certificate authority generates signature data by encrypting the hash value of the program with the AP secret key. Here, the function used to calculate the hash value of the program can be selected from any one-way hash function including SHA-1 (Secure Hash Algorithm-1). The certificate authority generates the signed program by combining the signature data and the program.

  Furthermore, the certificate authority generates a general-purpose installer by incorporating a signed program into a program (cooperation processing program) that shows the operation of authentication processing and falsification detection processing performed between the electronic device 10 and the authentication device 40. To do. The general-purpose installer does not include data used to identify the user who uses the program, and may be downloaded by any user. Therefore, the certificate authority publishes a general-purpose installer on a server accessible by the electronic device 10. As shown in FIG. 7, the manufacturer of the authentication device 40 acquires the AP public key from the certificate authority in advance, and stores the AP public key 61 in the authentication device 40 when the authentication device 40 is manufactured. Shall. In addition, the authentication device 40 is assumed to hold in advance a hash function used when the certificate authority generates signature data.

  The electronic device 10 accesses a server or the like in accordance with a user input acquired from the input processing unit 16. In addition, when the information to be downloaded from the server to the electronic device 10 is specified by the input signal from the input processing unit 16, the electronic device 10 receives the specified information via the receiving unit 14. Here, it is assumed that a general-purpose installer including a program to be installed by the user is selected as a download target. Then, the electronic device 10 receives a general-purpose installer from the server through communication via the transmission / reception unit 12.

(2) Program Installation FIG. 8 is a sequence diagram illustrating an example of processing performed when a program is installed. The sequence in FIG. 8 describes processing after the electronic device 10 downloads the general-purpose installer from the server. The installation processing unit 22 of the electronic device 10 operates according to the cooperation processing program in the general-purpose installer. Note that the sequence of FIG. 8 can be changed according to the implementation, for example, by switching the order of steps S13 and S14.

  In step S <b> 11, the installation processing unit 22 transmits the signed program included in the general-purpose installer to the authentication device 40 in communication with the electronic device 10 via the communication unit 11. The signed program is assumed to be included in the file system of the general-purpose installer.

  In step S <b> 12, the program generation unit 51 of the authentication device 40 verifies whether the program has been tampered with using the AP public key 61, the hash function, and the signature data and program received from the electronic device 10. In the example of FIG. 8, it is determined that the program has not been tampered with.

  With reference to steps S13 to S15, the individual installer generation process and the preparation for authentication performed when the execution of the program is requested will be described. When determining that the program has not been tampered with, the program generation unit 51 generates an encryption key (inter-device encryption key) used for authentication with the electronic device 10 (step S13). The inter-device encryption key includes an inter-device public key and an inter-device secret key. The inter-device encryption key is used for authentication processing performed between the electronic device 10 and the authentication device 40 when determining whether the electronic device 10 executes the program. Next, the program generation unit 51 generates identification information for identifying a combination of the program, the electronic device 10, and the authentication device 40 (step S14). The program generation unit 51 stores the identification information and the apparatus private key generated in step S13 in the identification information management table 72.

  FIG. 9 shows an example of the identification information management table 72. In the identification information management table 72, identification information and an inter-device secret key are associated with each other. The identification information is arbitrary information that can identify the combination of the program, the electronic device 10, and the authentication device 40. For example, the identification information is a 14-digit character string in which the first five digits are the program identification number, the next four digits are the identification number of the electronic device 10, and the last five digits are the identification number of the authentication device 40. be able to. Note that the number of digits of identification numbers, the order of combinations, the number of digits of identification numbers, and the like of the program, the electronic device 10, and the authentication device 40 can be changed according to the implementation.

  In step S15 of FIG. 8, the program generation unit 51 uses the template information 62 to generate an installer (individual installer) including a program, identification information, and an inter-terminal public key. Since the individual installer includes identification information for identifying a combination of the authentication device 40, the electronic device 10, and the program, unlike the general-purpose installer, other than the combination of the authentication device 40 and the electronic device 10 specified by the identification information. In not used. When the generation of the individual installer is completed, the program generation unit 51 notifies the electronic device 10 that the verification has been successful via the communication unit 41 (step S16).

  In step S17, the installation processing unit 22 determines whether the verification result is information indicating a successful verification (step S17). If the verification has failed, the program has been tampered with, and the installation processing unit 22 ends the process (No in step S17). On the other hand, when notified that the verification is successful, the installation processing unit 22 activates the individual installer stored in the authentication device 40 (Yes in step S17, step S18). This process is performed by, for example, accessing the authentication device 40 after the installation processing unit 22 sets the authentication device 40 as an external storage device of the electronic device 10. By performing the installation process using the individual installer, the program is installed in the electronic device 10 (step S19).

  FIG. 10 is a flowchart for explaining an example of processing performed by the authentication device 40 during program installation. Note that the order of the processes in steps S29 and S30 may be changed according to the implementation.

  The communication unit 41 of the authentication device 40 establishes a data link with the electronic device 10 (step S21). The program generation unit 51 acquires a signed program from the electronic device 10 via the communication unit 41 (step S22). If acquisition of the signed program fails, the program generation unit 51 requests a retry by transmitting a reception error notification to the electronic device 10 (No in step S23, step S24). Thereafter, when data is received from the electronic device 10, the processes after step S <b> 22 are performed.

  On the other hand, when acquisition of the signed program is successful, the program generation unit 51 decrypts the hash value in the signature data included in the signed program using the AP public key 61 incorporated in the authentication device 40. (Yes in step S23, step S25). Further, the program generation unit 51 obtains a hash value of the program using a hash function, and verifies whether the program has been tampered with by comparing it with the hash value included in the signature data (step S26). When the determination result that the program has been tampered with is obtained, the program generation unit 51 notifies the electronic device 10 that there is an error in the signed program and ends the process (No in step S27, step S28).

  On the other hand, when determining that the signed program has not been tampered with, the program generation unit 51 generates an inter-device encryption key pair (Yes in step S27, step S29). Further, the program generation unit 51 generates identification information for uniquely specifying the combination of the program, the electronic device 10, and the authentication device 40 (step S30). The program generation unit 51 stores the inter-device secret key and the identification information in the identification information management table 72 (step S31). The program generation unit 51 notifies the electronic device 10 that the program has not been tampered with as a program verification result (step S32).

  FIG. 11 is a flowchart for explaining an example of processing performed by the electronic device 10 when a program is installed. Note that FIG. 11 is an example, and for example, the processing order of steps S48 to S50 can be arbitrarily changed depending on the implementation.

  The communication unit 11 of the electronic device 10 establishes a data link with the authentication device 40 (step S41). The installation processing unit 22 transmits the signed program downloaded from the server to the authentication device 40 (step S42). If the transmission fails, the electronic device 10 retransmits the signed program to the authentication device 40 (No in step S43, step S42).

  If the transmission of the signed program is successful, the installation processing unit 22 waits until a verification result for the signed program is received from the authentication device 40 (Yes in step S43). Upon receiving the verification result for the signed program, the installation processing unit 22 determines whether it has been notified that the program has not been tampered with (step S45). When notified that the program has been tampered with, the installation processing unit 22 terminates the process and displays an error occurrence on the output processing unit 15 (No in step S45, step S47).

  On the other hand, when notified that the program has not been tampered with, the installation processing unit 22 uses the individual installer to install the program in the electronic device 10 (Yes in step S45, steps S46 and S48). Further, the extraction unit 23 extracts the inter-device public key from the information notified from the authentication device 40 using the individual installer, and installs the inter-device public key in the file system of the program (step S49). The extraction unit 23 extracts identification information from the individual installer, and stores the identification information in the file system of the program (step S50). When these processes are completed, the communication unit 11 disconnects the data link with the authentication device 40 (step S51). Note that steps S50 and S51 may be executed as a process of “individual installer”.

(3) Program Execution FIG. 12 is a sequence diagram illustrating an example of processing performed when executing a program. In step S61, when the execution of the program is requested by the user, the request unit 24 of the electronic device 10 performs processing for transmitting the identification information stored in the file system of the program requested to be executed. That is, the communication unit 11 is requested to start a link with the authentication device 40 and to transmit identification information. The authentication processing unit 52 of the authentication device 40 specifies the inter-device encryption key (secret key) associated with the identification information by searching the identification information management table 72 using the identification information received from the electronic device 10 as a key. (Step S62).

  Next, the authentication process part 52 produces | generates a random number, and transmits the obtained random number to the electronic device 10 as a challenge code (step S63). Upon obtaining the challenge code via the communication unit 11, the request unit 24 of the electronic device 10 generates response data by performing arithmetic processing on the data included in the challenge code with the inter-device public key (step S64). . The request unit 24 transmits response data to the authentication device 40 via the communication unit 11 (step S65).

  The authentication processing unit 52 of the authentication device 40 decrypts the response data using the inter-device secret key identified in step S62, and performs authentication processing by comparing the decrypted data with the challenge data (step S66). In FIG. 12, it is assumed that the decrypted data matches the challenge data. When the decrypted data matches the challenge data, the authentication processing unit 52 transmits information (link OK) indicating that the authentication is successful to the electronic device 10 (step S67). When the request unit 24 is notified by the authentication device 40 that the authentication is successful, the request unit 24 requests the execution processing unit 26 to execute the program. The execution processing unit 26 executes the program in response to a request from the request unit 24. The execution processing unit 26 appropriately performs output processing to the output processing unit 15 by executing the program.

  As shown in step S68, when a user ID, password, or the like is requested along with the execution of the program, the execution processing unit 26 requests the authentication device 40 for these pieces of information. When the authentication processing unit 52 of the authentication device 40 requests an ID or password from the electronic device 10 that has been successfully authenticated, the authentication processing unit 52 encrypts the requested information using the inter-device secret key, and stores it in the electronic device 10. Send. The execution processing unit 26 of the electronic device 10 decrypts the information transmitted from the authentication device 40 using the inter-device public key and uses it for processing.

  While the case where communication after authentication (step S68) is also performed using the inter-device public key and the inter-device secret key is described with reference to FIG. 12, the communication after authentication is performed in order to speed up the processing. Alternatively, the common key may be used. When communication between the electronic device 10 and the authentication device 40 is performed using the common key, the common key is exchanged between the electronic device 10 and the authentication device 40 using the inter-device public key and the inter-device secret key. Shall be. Note that the common key may be generated by either the electronic device 10 or the authentication device 40.

  FIG. 13 is a sequence diagram illustrating an example of a health check performed during execution of a program. In order to enhance security, a health check may be periodically performed between the electronic device 10 and the authentication device 40 in addition to authentication when starting execution of a program. FIG. 13 also shows a specific example of data transmission / reception after authentication. The processing in steps S61 to S67 is as described with reference to FIG.

  In step S <b> 71, the execution processing unit 26 of the electronic device 10 transmits a message (transfer request) for requesting the user ID and password to the authentication device 40 together with the URL of the site that has requested the user ID and password. . Here, it is assumed that information transmitted from the execution processing unit 26 to the authentication device 40 is encrypted. Note that the encryption may be performed using a common key or an inter-device public key as described in the description of FIG. The authentication processing unit 52 of the authentication device 40 acquires the URL of the site requesting the user ID and password by decrypting the transfer request. The authentication processing unit 52 uses the authentication information table 73 (FIG. 5) to obtain an ID and password associated with the URL notified by the transfer request. The authentication processing unit 52 encrypts the acquired ID and password and sends them back to the electronic device 10 (step S72). The encryption at this time is also performed using a common key or an inter-device secret key.

  When a predetermined period elapses after the last communication with the electronic device 10 is performed, the authentication processing unit 52 transmits a health check packet to the electronic device 10 (step S73). Upon obtaining the health check packet, the request unit 24 of the electronic device 10 generates a health check response and transmits it to the authentication device 40 (step S74). Processes similar to steps S73 and S74 are periodically repeated (steps S75 and S76). The request unit 24 of the electronic device 10 determines that the communication between the authentication device 40 and the electronic device 10 is maintained when the health check is received within a predetermined period from the last communication with the authentication device 40. On the other hand, when the authentication processing unit 52 of the authentication device 40 receives the health check response within a predetermined period after transmitting the health check to the electronic device 10, the communication between the authentication device 40 and the electronic device 10 is maintained. It is determined that

  When the authentication device 40 transmits a health check in step S77, it is assumed that the authentication device 40 and the electronic device 10 cannot communicate with each other because the distance between the authentication device 40 and the electronic device 10 increases. Then, the health check transmitted by the authentication device 40 does not reach the electronic device 10. For this reason, the authentication processing unit 52 cannot receive the health check response from the electronic device 10, and determines that the link between the authentication device 40 and the electronic device 10 has been disconnected (step S78).

  On the other hand, the request unit 24 of the electronic device 10 has not received the health check packet from the authentication device 40 even after a predetermined time has elapsed since the last communication with the authentication device 40. It determines with the link between the electronic devices 10 having been cut | disconnected (step S79). The request unit 24 notifies the control unit 25 that it has been determined that the link between the authentication device 40 and the electronic device 10 has been disconnected. When notified that the link between the authentication device 40 and the electronic device 10 has been disconnected, the control unit 25 performs a process for causing the execution processing unit 26 to stop executing the program. The execution processing unit 26 ends the processing of the program being executed by the processing of the control unit 25.

  FIG. 14A and FIG. 14B are flowcharts for explaining an example of processing performed by the authentication device 40 when executing a program. 14A and 14B show an example in which an ID and password request to the electronic device 10 is made. Note that the processing illustrated in FIGS. 14A and 14B is an example, and changes such as switching the order of steps S85 and S86 may be performed.

  When the authentication processing unit 52 of the authentication device 40 receives the data link start request from the electronic device 10 via the communication unit 41, is the identification information notified by the data link start request recorded in the identification information management table 72? Is determined (steps S81 and S82). When the identification information is not included in the identification information management table 72, the authentication processing unit 52 notifies the electronic device 10 of an error (No in step S82, step S83).

  When the identification information is included in the identification information management table 72, the authentication processing unit 52 generates a random value and transmits it as challenge data to the electronic device 10 (Yes in step S82, step S84). Thereafter, when response data is received from the electronic device 10, the authentication processing unit 52 searches the identification information management table 72 using the identification information received in step S81 as a key, and acquires an inter-device secret key (steps S85 and S86). . The authentication processing unit 52 performs authentication processing of the electronic device 10 using the inter-device secret key, response data, and challenge data (step S87). If the authentication fails, the authentication processing unit 52 notifies the electronic device 10 that the authentication has failed (No in step S88, step S89).

  On the other hand, if the authentication is successful, the authentication processing unit 52 notifies the electronic device 10 that the authentication is successful (Yes in step S88, step S90). The authentication processing unit 52 determines that a secure data link has been established with the electronic device 10 (step S91). The authentication processing unit 52 waits until a user ID or password is requested in association with the URL (No in step S92). When the authentication processing unit 52 requests a user ID or password in association with the URL, the authentication processing unit 52 determines whether the ID and password can be acquired from the authentication information table 73 (Yes in step S92, step S93). If the ID and password can be acquired from the authentication information table 73, the authentication processing unit 52 performs processing for transmitting the ID and password to the electronic device 10 and returns to step S92 (step S94).

  If the ID and password are not acquired from the authentication information table 73, the authentication processing unit 52 determines whether the ID and password information input to the electronic device 10 by the user has been acquired from the electronic device 10 (step S95). . When the ID and password information input by the user has not been acquired from the electronic device 10, the authentication processing unit 52 returns to Step S92 (No in Step S95). On the other hand, when the ID and password information input by the user is acquired from the electronic device 10, the authentication processing unit 52 stores the ID and password in the authentication information table 73 and returns to Step S92 (Yes in Step S95, Step S96). ).

  FIG. 15 is a flowchart illustrating an example of processing performed by the electronic device 10 when executing a program. The communication unit 11 establishes wireless communication with the authentication device 40 (step S101). The request unit 24 transmits a data link start request including identification information to the authentication device 40 (step S102). The request unit 24 acquires challenge data from the authentication device 40 via the communication unit 11 (step S103). The request unit 24 computes the challenge data using the inter-device public key, thereby generating response data and transmitting the response data to the authentication device 40 (step S104). The communication unit 11 receives the authentication result from the authentication device 40 (step S105). If the authentication device 40 has not been notified of successful authentication, the request unit 24 disconnects the wireless communication with the authentication device 40 (No in step S106, step S107). Further, the control unit 25 determines that communication with the authentication device 40 that has been communicating at the time of installation of the program requested to be executed has not been established, and causes the execution processing unit 26 to stop executing the program. Request. The execution processing unit 26 stops the execution of the program in response to a request from the control unit 25. At this time, the execution processing unit 26 may display an error or output a warning sound to the output processing unit 15.

  On the other hand, when authentication success is notified from the authentication device 40, it is determined that a secure data link has been established with the authentication device 40 (Yes in step S106, step S108). Since the authentication by the authentication device 40 is successful, the execution processing unit 26 executes the program (step S109). Note that steps S101 to S109 may be executed as processing of the installed program.

  FIG. 16 is a sequence diagram illustrating an application example of the system according to the embodiment. FIG. 16 shows an application example to SSL communication. In step S111, a link establishment process is performed using the procedure described with reference to FIGS. Thereafter, the execution processing unit 26 of the electronic device 10 acquires a root certificate from the certificate authority via the transmission / reception unit 12 (step S112). The execution processing unit 26 transmits the root certificate to the authentication device 40 via the communication unit 11 (step S113). The authentication processing unit 52 of the authentication device 40 stores the root certificate in the certificate table 75 (step S114).

  On the other hand, the request unit 24 of the electronic device 10 associates the root certificate with the URL that distributes the server certificate that is the subject of authentication processing using the root certificate (step S115). The correspondence between the URL and the root certificate is input by the user, and the request unit 24 performs the association based on the input information. The request unit 24 transmits the result of associating the root certificate with the URL toward the authentication device 40 (step S116). In the authentication device 40, the authentication processing unit 52 generates the SSL authentication information table 74 using the correspondence between the root certificate and the URL (step S117).

  Thereafter, the electronic device 10 requests the SSL access server for an SSL connection (step S118). The SSL server transmits the server certificate to the electronic device 10 (step S119). The request unit 24 of the electronic device 10 includes the information of the URL that requested the SSL connection and the server certificate in the SSL authentication processing request, and transmits the request to the authentication device 40 (step S120). The authentication processing unit 52 of the authentication device 40 acquires the index of the root certificate by searching the SSL authentication information table 74 using the notified URL as a key. Next, a root certificate is extracted using the acquired index and certificate table 75. Further, the server certificate is verified using the key included in the root certificate. If the verification is successful, the authentication processing unit 52 generates a common key and encrypts it with the public key included in the server certificate. The authentication processing unit 52 transmits the encrypted common key to the electronic device 10 (step S121). The electronic device 10 transmits the encrypted common key to the SSL access server (step S122). The SSL server obtains the common key by decrypting the encrypted common key using the private key that is the public key pair included in the server certificate (step S123).

  Further, the authentication device 40 notifies the electronic device 10 of a common key used for communication with the SSL access server (step S124). Through these processes, the electronic device 10 and the authentication device 40 start encrypted communication using the common key (step S125).

  As described above, since the electronic device 10 installs individual programs using individual installers for each user, the same type of program is used for information input when a user uses the program. Is unlikely to be acquired by other users. The electronic device 10 does not store information such as the user ID, password, and root certificate, and acquires such information from the authentication device 40 as appropriate. For this reason, the risk of leakage of information such as the user ID from the electronic device 10 is also low.

  Further, the electronic device 10 does not execute the program when communication with the authentication device 40 that has been in communication with the electronic device 10 when the program requested to be executed is installed is not established. For this reason, even an authorized user of the electronic device 10 cannot access a program installed in association with another user, and impersonation by the authorized user of the electronic device 10 can be prevented. Therefore, the crime prevention function in the electronic device 10 can be improved by the system according to the embodiment.

  As described with reference to FIG. 12, the risk of impersonation using the electronic device 10 is further reduced by performing the authentication process even between the electronic device 10 and the authentication device 40. Yes. In addition, since the authentication device 40 includes the inter-device public key in the individual installer and notifies the electronic device 10 and performs the authentication process using the inter-device encryption key, the authentication key can be exchanged. It's easy and safe.

  As described with reference to FIGS. 7, 8, 10, and the like, when signature information is included in the general-purpose installer of the program, the authentication target device falsifies the program to be installed before installing the program. Can be verified. For this reason, in the system according to the embodiment, it is possible to prevent malware from being installed in the electronic device 10. Moreover, if the installation of the program to the electronic device 10 is unified with the method according to the embodiment, it is possible to prevent the authorized user of the electronic device 10 from installing malware for the purpose of illegally acquiring information of other users.

  In addition, as described with reference to FIG. 13, even when the program is being executed, the health check is periodically performed, and communication between the authentication device 40 and the electronic device 10 is not established. By stopping the execution of, security is further improved.

<Others>
Since an individual installer is used when installing a program in the electronic device 10, the individual installer is deleted when the program installed in the electronic device 10 is uninstalled. Here, although the electronic device 10 has downloaded the general-purpose installer from the server, the general-purpose installer is not deleted when the program is uninstalled. Further, the general-purpose installer does not include information regarding a user who uses the program to be installed. For this reason, for example, the general installer downloaded by the user A can be used by the user B to generate an individual installer for the program used by the user B. In addition, after the user A uninstalls the program, a general installer downloaded by the user A can be used to generate an individual installer used by the user C to install the program for the user C.

  On the other hand, when uninstalling the program, the individual installer is deleted from the electronic device 10, so the encryption key used for communication between the electronic device 10 and the authentication device 40 is also deleted. Therefore, an encryption key used for communication between the electronic device 10 and the authentication device 40 is newly generated every time installation is performed, and security is improved. Note that the program installed in the electronic device 10 is any type of program including a browser.

  The tables shown in FIG. 5 and FIG. 9 are examples, and the information elements included in the tables held by the authentication device 40 can be changed according to the implementation.

  In the above description, the case where the electronic device 10 and the authentication device 40 store the combination of the program and the authentication device 40 communicating at the time of installation of the program as the identification information 31 is described as an example. Not too much. That is, the electronic device 10 may store a combination of the authentication device 40 and the program that communicated at the time of program installation in a form other than the identification information 31.

DESCRIPTION OF SYMBOLS 10 Electronic device 11, 41 Communication part 12 Transmission / reception part 13 Transmission part 14 Reception part 15 Output processing part 16 Input processing part 20 Execution control part 22 Installation processing part 23 Extraction part 24 Request part 25, 50 Control part 26 Execution processing part 30, 60 Storage Unit 31 Identification Information 32 Inter-device Public Key 40 Authentication Device 51 Program Generation Unit 52 Authentication Processing Unit 61 AP Public Key 62 Template Information 70 Shield Area 71 Inter-Device Encryption Key 72 Identification Information Management Table 73 Authentication Information Table 74 SSL Authentication Information table 75 Certificate table 101 Processor 102 Flash memory 103 RAM
104 Touch Sensor 105 Display Device 106 Audio Input / Output Device 107 Speaker 108 Microphone 109 Wireless Processing Circuit 110 Communication Processing Circuit 111 Antenna

Claims (3)

Electronic equipment,
A communication unit that performs communication with an authentication device that holds information for identifying a user;
A storage unit that stores a combination of an executable program and a target authentication device that is an authentication device that communicated when the program was installed;
An execution processing unit for executing the program;
An extraction unit that extracts identification information for identifying the combination and a public key generated by the target authentication device for use in authentication processing with the electronic device from information received from the target authentication device;
When the execution of the program is requested, a request unit that requests authentication processing to the target authentication device by transmitting the identification information via the communication unit,
Obtaining the second data by encrypting the first data contained in the second message received as a response to the first message used for transmitting the identification information with the public key;
Transmitting a third message including the second data via the communication unit;
When the target authentication device decrypts the second data with the private key that is a pair of the public key and determines that it matches the first data, a fourth message indicating that the authentication processing has succeeded When acquired, the execution processing unit is requested to execute the program.
The requesting unit;
When the execution of the program is requested, if communication with the target authentication device is not established, the control unit performs control for stopping the execution of the program, and the authentication process fails. An electronic apparatus comprising: the control unit that determines that communication with the target authentication device has not been established and stops execution of the program . A receiver that receives the program and signature information from a distribution source of the program from the distribution source before installing the program in the electronic device;
As a result of transferring the program and the signature information to the target authentication device, an installation processing unit that installs the program when notified from the target authentication device that the verification using the signature information is successful is further provided. The electronic device according to claim 1 . An authentication device,
When a program to be installed on an electronic device is acquired from the electronic device, a pair of a public key and a secret key that are encryption keys used for authentication processing with the electronic device, the program, Generating identification information for identifying a combination of the electronic device and the authentication device, and further generating a program installer including the program, the identification information, and the public key;
A communication unit that sends the installer to the electronic device in response to an access from the electronic device that installs the program;
An authentication processing unit that performs an authentication process between the electronic device requested to execute the installed program and the authentication device,
A second message including first data when the first message indicating that the authentication processing is requested and the first message including the identification information is acquired from the electronic device; To the electronic device as a response to the first message,
The third message including the second data obtained by extracting the first data from the second message and encrypting the first data with the public key included in the installer is referred to as the second message. Received from the electronic device received,
When it is determined whether the data obtained by decrypting the second data extracted from the third message with the generated secret key matches the first data, and it is determined that they match A fourth message indicating that the authentication process has been successful is transmitted to the electronic device.
Authentication processing unit
An authentication device comprising: