JP6950164B2 - Information processing device - Google Patents

Description

The present invention relates to an information processing device, and more particularly to an information processing device having a function of establishing an encrypted communication path with an external device to perform encrypted communication and a function of performing other processing using an encryption key.

When an information processing device exchanges information with an external device, a secure encrypted communication path is established between the two to ensure the security of communication, and encrypted communication is performed via this encrypted communication path. Is indispensable. In particular, portable information processing devices such as smartphones and IC cards may fall into the hands of malicious persons due to loss, so it is necessary to take sufficient security measures.

Recently, portable terminal devices such as smartphones have become widespread, and these terminal devices are usually equipped with IC cards called SIM cards and UIM cards. Then, information is exchanged between the IC card and the terminal device, or between the IC card and the external server device via a predetermined communication path. At this time, if the information is confidential, it is necessary to open a secure communication path and exchange encrypted information.

Under these circumstances, various methods have been proposed for performing encrypted communication by establishing a secure communication path between the IC card and an external device. For example, Patent Document 1 below discloses a technique for preventing leakage of confidential information by performing communication via a proxy device having a data conversion processing function based on a predetermined conversion algorithm. Further, Patent Document 2 discloses a technique for performing encrypted communication using a public key cryptosystem when exchanging information between an IC card and a server device via the Internet. No. 3 discloses a technique for promptly performing a system recovery process when an abnormality related to security is detected during such encrypted communication.

On the other hand, in Patent Document 4, an IC card compatible area having a one-to-one correspondence with an IC card is provided on the server device side, and a secure communication path is set between the IC card compatible area and the user terminal device. A technique for integrating a server device and an IC card is disclosed.

JP-A-2002-055961 Japanese Unexamined Patent Publication No. 2002-217895 Japanese Unexamined Patent Publication No. 2006-190222 Japanese Unexamined Patent Publication No. 2010-073188

In order to establish a secure cryptographic communication path between the information processing device and the external device, both devices need to have a cryptographic communication processing function based on a common cryptographic protocol. That is, the transmitting side encrypts and sends out the information to be transmitted by using a predetermined encryption key and a predetermined encryption protocol, and the receiving side uses the same encryption key and encryption as the transmitting side to transmit the received encrypted information. It will be decrypted using the protocol. Therefore, the information processing device and the external device are preliminarily incorporated with a cryptographic communication processing function using a specific encryption key and encryption protocol.

However, in recent years, the communication partners of information processing devices have been diversified, and there are many cases where one IC card communicates with a plurality of partners depending on various situations. For example, in the case of an IC card (SIM card or UIM card) mounted on a smartphone, since multiple application programs are embedded in the smartphone as an external device, information can be exchanged between these multiple application programs. Need to do. In this case, in terms of hardware, it means two-way communication between the IC card and the smartphone, but in terms of software, there is individual communication between the program on the IC card side and the individual application programs on the smartphone side. It will be done.

Recently, more secure cryptographic protocols have been recommended, and there are a wide variety of cryptographic protocols actually used. Therefore, in practice, one IC card is provided with a cryptographic communication function based on a plurality of cryptographic protocols in advance, and depending on the convenience of an external device that communicates with the IC card (for example, in a smartphone). It is preferable to be able to perform encrypted communication by selecting an arbitrary encryption protocol each time (depending on the convenience of the application program). For that purpose, it is necessary to store a plurality of types of encryption keys in the IC card in advance, and when a specific encryption protocol is selected, it is necessary to appropriately read and use the encryption key required for the protocol. ..

Moreover, the encryption key is not only used for opening an encrypted communication channel, but also for various processes such as verification processing for checking data tampering, verification processing using tokens, and decryption processing for encrypted programs. It will be used. Therefore, in reality, an IC card in which an application program having various processing functions using an encryption key is incorporated needs to store a large number of encryption keys used for each of these processing functions. Therefore, a general IC card is provided with a key table capable of accommodating a plurality of encryption keys, and an operation of storing necessary encryption keys in individual storage locations of the key table is adopted.

However, in portable small information processing devices such as smartphones and IC cards, the storage capacity of the built-in memory is limited, so even when accommodating multiple encryption keys, waste is reduced as much as possible and the minimum required encryption is used. It is important to keep only the key stored. In other words, it is preferable to avoid the situation where useless encryption keys that are not used in the first place are stored, or the encryption keys that are no longer needed are stored as they are due to the function change of the application program. .. In addition, if an unnecessary encryption key is stored, security problems will increase if it is leaked to the outside. That is, even if the encryption key is unnecessary for the information processing device, if it is leaked to the outside, it becomes a factor that threatens the security of the entire system including the external device.

Therefore, the present invention maintains a state in which only the minimum necessary encryption key is stored in an information processing device having various processing functions using the encryption key, saves the storage capacity of the storage location of the encryption key, and at the same time, The purpose is to reduce security issues.

(1) The first aspect of the present invention is in an information processing apparatus having various processing functions using an encryption key.
An information storage unit that stores the program and the data used by the program,
A program execution unit that executes the program stored in the information storage unit, and
Provided
A program load process that loads an application program package that has multiple processing functions that use an encryption key and stores it in the information storage unit according to the load command given by the external device.
According to the installation command given from the external device, the package loaded by the program load process is expanded to the information storage unit, and the application program is installed.
A key writing process that stores the encryption key used by the installed application program in the information storage unit according to the key writing command given by the external device.
Have the function to execute
When executing the installation process, the specified function specified by the function specification information included in the installation command can be executed among the multiple processing functions that use the encryption key for the installed application program. West,
Before executing the key writing process, it is determined whether or not the processing function using the encryption key stored by the key writing process is an executable function, and the executable function is used. If there is, the key writing process is executed, and if it is not an executable function, the key writing process is rejected.

(2) A second aspect of the present invention is the information processing apparatus according to the first aspect described above.
When executing the installation process for a specific application program, an executable list containing information that identifies the functions that the application program can execute is created, stored in the information storage unit, and the key writing process is executed. By referring to the executable list, it is determined whether or not the processing function to be determined is an executable function.

(3) A third aspect of the present invention is the information processing device according to the first or second aspect described above.
When executing the installation process for a specific application program, a key table for storing the encryption key is constructed in the logical key space of the information storage unit for the application program.
When the key writing process is executed, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table constructed in the logical space.

(4) A fourth aspect of the present invention is the information processing device according to the third aspect described above.
Correspondence information that associates a specific processing function that uses the encryption key with the storage location on the key table for storing the encryption key is stored in the information storage unit.
When the key write command is given, by referring to the above correspondence information, it is associated with the storage location specified by the write location specification information included in the given key write command. A specific processing function is recognized as a judgment target, and if the judgment target is an executable function, a key write command is executed, and if it is not an executable function, a key write command is executed. I tried to reject it.

(5) A fifth aspect of the present invention is the information processing device according to the fourth aspect described above.
The key table consists of a collection of two-dimensional matrix-like cells that can identify one cell by the combination of the key version number and the key ID.
When a key write command is given, the storage location of the encryption key is specified based on the key version number included in the key write command as the write location designation information.

(6) A sixth aspect of the present invention is the information processing apparatus according to the first aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, the functions that can be executed by the application program and the storage location of the encryption key used for the function correspond to each other. Create a function table to be attached, store it in the information storage unit,
By referring to the function table when the key write command is given, the storage location specified by the write location specification information included in the given key write command is included in the function table. If it is included, the key write command is executed, and if it is not included, the key write command is rejected.

(7) A seventh aspect of the present invention is the information processing device according to the first aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
When executing the installation process for a specific application program, create a function table that lists the functions that can be executed by the application program, store this in the information storage unit, and store it.
When a key write command is given, the storage location specified by the write location specification information included in the key write command is stored for the executable functions listed in the function table. It is judged whether or not it is the storage location associated with the place list table, and if a positive judgment result is obtained, the key writing command is executed and a negative judgment result is obtained. In some cases, the key write command is rejected.

(8) An eighth aspect of the present invention is the information processing apparatus according to the first aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, a function table that lists the storage locations of the encryption keys used for the functions that can be executed by the application program is created. Store this in the information storage unit,
By referring to the function table when the key write command is given, the storage location specified by the write location specification information included in the given key write command is included in the function table. If it is included, the key write command is executed, and if it is not included, the key write command is rejected.

(9) A ninth aspect of the present invention is an information processing apparatus having various processing functions using an encryption key.
An information storage unit that stores the program and the data used by the program,
A program execution unit that executes the program stored in the information storage unit, and
Provided
A program load process that loads an application program package that has multiple processing functions that use an encryption key and stores it in the information storage unit according to the load command given by the external device.
According to the installation command given from the external device, the package loaded by the program load process is expanded to the information storage unit, and the application program is installed.
A key writing process that stores the encryption key used by the installed application program in the information storage unit according to the key writing command given by the external device.
Executable function change processing that changes the processing functions that can be executed by the already installed application program according to the executable function change processing command given from the external device, and
Have the function to execute
When executing the installation process, the specified function specified by the function specification information included in the installation command can be executed among the multiple processing functions that use the encryption key for the installed application program. West,
When the executable function change process is executed, if there is a process function that has been changed from executable to non-executable by the change process, the encryption key used for the process function that has been changed to non-executable is provided. The key deletion process to be deleted from the storage unit is also executed.

(10) A tenth aspect of the present invention is the information processing apparatus according to the ninth aspect described above.
When executing the installation process for a specific application program, an executable list containing information that identifies the functions that the application program can execute is created, and this is stored in the information storage unit.
When executing the executable function change process, the executable list is rewritten and the encryption key used for the processing function that is to be deleted from the executable list is deleted from the information storage unit. Is to be executed.

(11) The eleventh aspect of the present invention is the information processing apparatus according to the ninth or tenth aspect described above.
When executing the installation process for a specific application program, a key table for storing the encryption key is constructed in the logical key space of the information storage unit for the application program.
When executing the key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table constructed in the logical space.
When the key deletion process is executed, the encryption key data written in the real space is deleted and the real space in the memory is released.

(12) A twelfth aspect of the present invention is the information processing device according to the eleventh aspect described above.
Correspondence information that associates a specific processing function that uses the encryption key with the storage location on the key table for storing the encryption key is stored in the information storage unit.
When executing the executable function change process, refer to the above correspondence information to identify the storage location associated with the process function changed from executable to non-executable, and store it in the specified storage location. The key deletion process that deletes the encrypted key that has been used is executed.

(13) A thirteenth aspect of the present invention is the information processing apparatus according to the twelfth aspect described above.
The key table consists of a collection of two-dimensional matrix-like cells that can identify one cell by the combination of the key version number and the key ID.
Based on the key version number, the storage location of the encryption key to be written or deleted is specified.

(14) A fourteenth aspect of the present invention is the information processing apparatus according to the ninth aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, the functions that can be executed by the application program and the storage location of the encryption key used for the function correspond to each other. Create a function table to be attached, store it in the information storage unit,
When executing the executable function change process, the function table is rewritten, the storage location associated with the processing function to be deleted from the function table is specified, and the storage location is stored in the specified storage location. The key deletion process that deletes the encrypted key that has been used is executed.

(15) A fifteenth aspect of the present invention is the information processing apparatus according to the ninth aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
When executing the installation process for a specific application program, create a function table that lists the functions that can be executed by the application program, store this in the information storage unit, and store it.
When executing the executable function change process, the function table is rewritten and the storage location associated with the processing function to be deleted from the function table is determined by referring to the storage location list table. The key deletion process is executed to specify and delete the encryption key stored in the specified storage location.

(16) A sixth aspect of the present invention is the information processing apparatus according to the ninth aspect described above.
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, a function table that lists the storage locations of the encryption keys used for the functions that can be executed by the application program is created. Store this in the information storage unit,
When executing the executable function change process, the function table is rewritten by referring to the storage location list table, the storage location to be deleted from the function table is specified, and the specified storage location is used. The key deletion process for deleting the stored encryption key is executed.

(17) A seventeenth aspect of the present invention is the information processing apparatus according to the first to sixteenth aspects described above.
A function to install an application program that has a processing function to open an encrypted communication path using a predetermined encryption protocol with an external device, and in the key writing process, the encryption key used to open the encrypted communication path It is intended to be written.

(18) An eighteenth aspect of the present invention is the information processing apparatus according to the first to sixteenth aspects described above.
At least one management program is stored in the information storage unit as an application program.
The management program should have a function to execute program load processing, installation processing, and key writing processing for the new application program in order to keep the new application program under its own control. It was done.

(19) A nineteenth aspect of the present invention is the information processing apparatus according to the eighteenth aspect described above.
When a key write command is given from an external device after the program load process and installation process for the new application program are completed, the new application program executes the key write process according to the key write command. It is something that I tried to do.

(20) A twentieth aspect of the present invention is the information processing apparatus according to the eighteenth or nineteenth aspect described above.
The management program interprets the privilege parameter "privilege" attached to the installation command specified in the GlobalPlatform (registered trademark) specification as function specification information, and executes the installation process so that only the specified function can be executed. It is the one that was made.

(21) The 21st aspect of the present invention is the information processing apparatus according to the 18th or 19th aspect described above.
The management program interprets the SCP type parameter attached to the installation command specified in the Global Platform (registered trademark) specification as function specification information, and opens an encrypted communication path according to the encryption protocol indicated by the specified SCP type. The installation process is executed so that the process can be executed.

(22) A 22nd aspect of the present invention makes it possible to independently provide a program for operating a computer as an information processing device according to the 1st to 21st aspects described above.

According to the first embodiment of the present invention, before writing a new encryption key, it is determined whether or not the processing function using the encryption key to be written is an executable function, and the operation is executed. The actual writing is done only if it is a possible function. Therefore, it is possible to avoid a situation in which a useless encryption key that is not used in the first place is written. Therefore, in an information processing device having various processing functions using an encryption key, the state in which only the minimum necessary encryption key is stored is maintained, the storage capacity of the encryption key storage location is saved, and security is improved. It is possible to reduce the problem.

Further, according to the second embodiment of the present invention, it has been a function that can be executed until now, but when there is a processing function that has been changed to be infeasible by the function change process, it is changed to the non-executable function. The key deletion process that deletes the encryption key used for the processing function is executed. Therefore, it is possible to avoid a situation in which the encryption key that is no longer needed is continuously stored as it is. Therefore, in an information processing device having various processing functions using an encryption key, the state in which only the minimum necessary encryption key is stored is maintained, the storage capacity of the encryption key storage location is saved, and security is improved. It is possible to reduce the problem.

It is a block diagram which shows the mode of information communication between a general smartphone 10, a SIM card 11, and an external server 20. FIG. 5 is a block diagram showing an example of a program configuration for performing encrypted communication between the SIM card 11 (information processing device) shown in FIG. 1 and the smartphone 10 or the external server 20 (external device). It is a figure which shows the specific example of the key table shown in FIG. It is a figure which shows the outline of the general data structure of the encryption key Key stored in the key table shown in FIG. 3, and the data structure of the encryption communication path opening command using the encryption key. 6 is a diagram showing specific examples of various commands exchanged between the SIM card 11 (information processing device) and the smartphone 10 (external device) shown in FIG. 2 and responses to the commands. It is a figure which shows the data structure of the general encrypted communication channel opening command CMD and its variation. It is a table which shows the correspondence relationship between the command character string information used for each cryptographic protocol, and the type information of a cryptographic algorithm. It is a figure which shows the hierarchical structure (FIG. (a)) of the application program built in SIM card 11 (information processing apparatus), and the function (FIG. (b)) of management program SD. It is a block diagram which shows an example of the mode of information communication between an information processing apparatus (SIM card 11) and an external apparatus (smartphone 10 or an external server 20) at the time of shipment from a factory. It is a block diagram which shows an example of the mode of information communication between an information processing apparatus (SIM card 11) and an external apparatus (smartphone 10 or an external server 20) at the start of use. It is a figure which shows the format example of the specific command given to the IC card which conforms to the specification of GlobalPlatform (registered trademark). It is a block diagram which shows the mode of information communication between the basic configuration of the information processing apparatus (SIM card 11) which concerns on this invention, and an external apparatus (smartphone 10 or an external server 20). It is a figure which shows the content of the parameter attached to the installation command of the application program shown in FIG. 11 (c). It is a table which shows the specific contents of the privilege parameter (privilege) shown in FIG. It is a figure which shows the specific example of the storage place list table used for the information processing apparatus which concerns on this invention. It is a figure which shows an example of the function table used in the information processing apparatus which concerns on this invention. It is a figure which shows the structural example of the ISD data and SSD1 data stored in the data storage part of the information processing apparatus which concerns on this invention. It is a figure which shows the modification of the function table used in the information processing apparatus which concerns on this invention. It is a flow chart which shows the processing procedure of 1st Embodiment of this invention. It is a flow chart which shows the processing procedure of the 2nd Embodiment of this invention.

Hereinafter, the present invention will be described based on the illustrated embodiment.

<<< §1. Conventional general communication mode for IC cards >>>
The present invention is an invention suitable for use in an information processing device having a function of performing encrypted communication with an external device, and particularly relates to a technique suitable for use in an information processing device made of an IC card. Therefore, here, first, a conventional general communication form for an IC card will be briefly described.

FIG. 1 is a block diagram showing an mode of information communication between a general smartphone 10, a SIM card 11, and an external server 20. Normally, the smartphone 10 is used with the SIM card 11 mounted inside, and if necessary, communicates with the external server 20 via a predetermined communication path (Internet or telephone line). Here, the SIM card 11 (also called a UIM card) is an IC card that conforms to international specifications that have become a de facto standard, such as Java Card (trademark) and Global Platform (registered trademark), and is used as an external device. Communication is performed in the form of a command given from the external device and a response to the command.

Focusing on the SIM card 11, both the smartphone 10 and the external server 20 are external devices, and communication with these external devices is performed via a predetermined communication path. Although FIG. 1 shows only the communication path between the smartphone 10 and the external server 20, in reality, it is also between the SIM card 11 and the smartphone 10 and between the SIM card 11 and the external server 20. A communication path is formed. Then, commands and responses are exchanged with the SIM card 11 via these communication paths.

FIG. 2 is a block diagram showing an example of a program configuration for performing encrypted communication between the SIM card 11 shown in FIG. 1 and the smartphone 10 or the external server 20, and the information processing device 100 and the external device 200 An example is shown in which a communication path is opened between the two to communicate with each other. As described above, since the present invention is a technique particularly suitable for application to an IC card, here, the information processing device 100 is a SIM card 11 mounted on the smartphone 10, and the external device 200 is the smartphone 10. (Alternatively, the external server 20 may be used), the following description will be given.

An IC card such as the SIM card 11 usually incorporates a plurality of application programs. The information processing device 100 (SIM card 11) of FIG. 2 shows a state in which two sets of general application programs AP1 and AP2 are incorporated. In addition, at least one set of management program SD (Security Domain program) is usually incorporated in the IC card. This management program SD is a kind of application program in terms of classification, but plays a role of managing the operation of the entire IC card and other application programs under control in cooperation with the OS program. Therefore, in the present application, among the application programs incorporated in the information processing device 100 (SIM card 11), the Security Domain program is referred to as a "management program", and the other application programs are referred to as "general application programs (abbreviation: general applications)". I will call it.

As will be described in detail later, the management program SD includes a load function, an installation function, a deletion function, an issue data writing function (for example, an encryption key writing function), and an encrypted communication path for the application program under management. It has various functions such as an opening function. The management program SD shown in FIG. 2 incorporates a cryptographic channel opening routine R1 and a key table T1, which are elements for realizing a cryptographic channel opening function. In the case of the information processing device 100 composed of an IC card, a secure cryptographic communication path is usually established with the external device 200 based on a predetermined cryptographic protocol called "SCP: Secure Channel Protocol" to perform cryptographic communication. Will be done. In order to realize such a function, the encrypted communication channel opening routine R1 and the key table T1 are incorporated in the management program SD.

On the other hand, on the external device 200 side, an application program AP3 having a function of performing encrypted communication corresponding to the application program AP3 is prepared, and the encrypted communication channel opening routine R2 and the key table T2 are incorporated. For example, when the external device 200 is a smartphone 10, the application program AP3 is one of the application programs installed on the smartphone 10.

The cryptographic communication path opening routine R1 on the information processing device 100 side and the cryptographic communication path opening routine R2 on the external device 200 side open a secure cryptographic communication path between the two devices and perform cryptographic communication based on the same encryption protocol. The same encryption key is stored in the key table T1 and the key table T2. Therefore, in the case of the illustrated example, the management program SD and the application program AP3 perform encrypted communication between the information processing device 100 and the external device 200 based on the same encryption protocol using the same encryption key. Cryptographic communication path will be opened.

Protocols such as SCP01 and CP02 have been used for a long time as encryption protocols used for encrypted communication with IC cards. However, the problem of compromise has been pointed out in the cryptographic algorithm "Triple-DES" used in these protocols, and in recent years, it has become SCP03 using a cryptographic algorithm based on the AES (Advanced Encryption Standard) standard. The protocol is also beginning to spread as a specification compliant with Global Platform (registered trademark). In addition, the use of protocols such as SCP80 and SCP81, which were established mainly by standardization bodies such as 3GPP / ETSI, has become widespread.

Further, as the key table T for the management program SD incorporated in the IC card, the specification using the key space as illustrated in FIG. 3 is generalized. The illustrated key table T is composed of a two-dimensional matrix in which a key version number is defined in the vertical direction and a key ID is defined in the horizontal direction. The key version numbers are 0x01 to 0x7F. An address space within the range is assigned, and an address space within the range of 0x00 to 0x7F is assigned for the key ID (0x at the beginning of the address indicates that the following numerical values are hexadecimal numbers).

Each encryption key will be stored in any cell of the key table T, and is specified by a combination of a key version number and a key ID. For example, the encryption key KeyA is specified by the combination of the key version number "0x01" and the key ID "0x01". The figure shows a state in which KeyA to KeyR are stored in a specific cell as an example of storing individual encryption keys. Of course, the encryption key does not have to be stored in every cell, it is sufficient if the necessary encryption key is stored in a predetermined cell.

In a certain cryptographic protocol, a certain key version number is specified, and an encryption process or a decryption process using one or more encryption keys stored in a cell having the key version number is executed. NS. In the case of the illustrated example, a state in which some encryption key is stored in each line of the key version numbers "0x01", "0x20", "0x21", "0x22", "0x7E", and "0x7F" is shown. Further, in the case of the illustrated example, the encryption key is stored in each of the three cells of the key IDs "0x01", "0x02", and "0x03" for each key version number.

This is because each key version number corresponds to an encryption protocol using three different encryption keys (for example, SCP01, SCP02, SCP03, etc. described above). For example, when the key version number "0x20" is specified, the three encryption keys KeyD, KeyE, and KeyF stored in the cells of the key IDs "0x01", "0x02", and "0x03" are encrypted or decrypted. It will be used for processing. In other words, one or more encryption keys having the same key version number are used for the encryption process or the decryption process based on a specific encryption protocol. Of course, for an encryption protocol that requires a total of five encryption keys, the encryption keys will be prepared in each of the five cells having the same key version number.

On the other hand, FIG. 4A is a diagram showing general data structures of the encryption keys KeyA to KeyR stored in the individual cells of the key table T shown in FIG. The illustrated data structure of the encryption key Key indicates the standard format of the encryption key Key defined as the international standard specification for the IC card described above, and the type information (key type) A, in order from the beginning, The key length L and the key value data V are arranged side by side. Here, the type information (key type) A is information including the type of the encryption algorithm adopted by the encryption protocol that is supposed to use the encryption key Key, such as "AES", "DES", and "RSA". The key length L is information indicating the data length (byte) of the subsequent key value data (key value) V, and the final key value data (key value) V is used for the encryption operation. It is the key value data itself used.

Further, FIG. 4B is a diagram showing an outline of the data structure of the encrypted communication channel opening command CMD. The actual command will have a more complex data structure that complies with standards such as ISO (eg ISO7816-4), but for convenience, Figure 4 (b) extracts only the information necessary for explanation. I will show the conceptual data structure. The illustrated example shows a command for opening an encrypted communication path used when the above-mentioned encryption protocols CP01, CP02, and CP03 are adopted, and is a character string "INITIALIZE UPDATE" instructing the establishment of the encrypted communication path. Indicates the command character string information (actually, instruction byte information meaning the command "INITIALIZE UPDATE", but for convenience, it will be described as a character string "INITIALIZE UPDATE" below) and the storage location of a specific encryption key. It is composed of storage location specification information (actually, a specific key version number) and a predetermined random number.

For example, when opening an encrypted communication channel using three encryption keys KeyD, KeyE, and KeyF stored in the key table T shown in FIG. 3, a key version number of "0x20" is added to the character string "INITIALIZE UPDATE". Is followed by a predetermined random number, and a cryptographic channel opening command CMD is given to the IC card. The random number added at the end of this encrypted communication channel opening command CMD is used for the external device to authenticate that the IC card is a legitimate communication partner. In other words, the encrypted communication path opening command CMD is an authentication command that requests the IC card to return an authentication code corresponding to a predetermined random number as well as a role as an instruction command for executing the encrypted communication path opening process. Also plays a role as.

FIG. 5 shows various types of exchanges between the management program SD incorporated in the SIM card 11 (information processing device 100) shown in FIG. 2 and the application program AP3 incorporated in the smartphone 10 (external device 200). It is a diagram which shows a concrete example of a command and a response to this. As shown in steps S1 to S6, in each case, a predetermined command is transmitted from the smartphone 10 side to the SIM card 11 side, and a response to the command is returned from the SIM card 11 side to the smartphone 10 side. , Information is exchanged between the two. In the case of this example, the information exchange in steps S1 to S4 is performed via a normal unencrypted communication path, but the information exchange in steps S5 and S6 is performed by the encryption established by the management program SD. It is done via a communication path.

First, step S1 is a process of transmitting a "SELECT command" from the smartphone 10 side to the SIM card 11 side. This "SELECT command" is a command that should be called an "application selection command", and is a command that specifies a specific channel number and selects a specific application program (in this case, the management program SD) on the SIM card 11 side. Is. On the SIM card 11 side, the channel number is associated with the management program SD, and thereafter, when a command having the same channel number is given, the management program SD processes the channel number. When the "SELECT command" is normally accepted, a response is returned from the SIM card 11 side to the smartphone 10 side.

Subsequent step S2 is a process of transmitting a "GET DATA command". The commands after step S2 are assigned the same channel numbers as those in step S1, and are processed by the management program SD on the SIM card 11 side. This "GET DATA command" is a command for reading predetermined data from the SIM card 11 side to the smartphone 10 side based on the "data reading function" of the management program SD, and specifies the data to be read. Information is added. The management program SD reads the designated data from the memory in the SIM card 11 in response to the command, and returns this to the smartphone 10 side as a response to the command.

According to the specifications of GlobalPlatform (registered trademark), when an SD program executes a "data reading function", it is not essential to exchange information via an encrypted communication path. The process of step S2 in FIG. 5 shows an example in which data reading processing capable of reading information is performed before opening the encrypted communication path without going through the encrypted communication path.

Subsequent steps S3 and S4 are processes for preparing to open an encrypted communication path. First, in step S3, the "INITIALIZE UPDATE command" is transmitted. This command is an "encrypted communication path opening command" having the data structure shown in FIG. 4 (b), and as described above, it has a form in which a key version number and a random number are added to the command character string information "INITIALIZE UPDATE". Have. This command also serves as an authentication command for the smartphone 10 (external device 200) to authenticate the SIM card 11 (information processing device 100) as a legitimate communication partner.

That is, the management program SD in the SIM card 11 that has received the "INITIALIZE UPDATE command" extracts the encryption key corresponding to the specified key version number from the key table T1, prepares for the encryption process, and is given. An operation based on a predetermined algorithm is performed on the random number, and the operation result is returned as a response to the command. On the other hand, the application program AP3 in the smartphone 10 verifies whether or not the returned calculation result is the correct calculation result for the given random number, and if the calculation result is correct, the SIM card currently being communicated. Authenticate 11 as a legitimate contact.

In the following step S4, the "EXTERNAL AUTHENTICATE command" is transmitted. This command is an "external authentication command", and is an authentication command for the SIM card 11 (information processing device 100) to authenticate the smartphone 10 (external device 200) as a legitimate communication partner. The smartphone 10 performs an operation based on a predetermined algorithm on the data returned by the response in step S3, adds the operation result to the command character string information "EXTERNAL AUTHENTICATE", and transmits the operation result to the SIM card 11. The SIM card 11 (management program SD) verifies whether or not the calculation result transmitted by the "EXTERNAL AUTHENTICATE command" is the correct calculation result, and if it is the correct calculation result, the smartphone currently communicating. Authenticate 10 as a legitimate contact.

Since the specific process of mutual authentication according to steps S3 and S4 is a commonly used known technique, detailed description thereof will be omitted here. In this way, when mutual authentication between the SIM card 11 and the smartphone 10 is completed, an encrypted communication path is established between the two. The commands after step S5 shown below the broken line in the figure will be given via this encrypted communication path. That is, the substantial content portion of the command after step S5 is encrypted based on a predetermined encryption protocol and transmitted as a command protected by "SCP: Secure Channel Protocol".

In the current standard, it is possible to set the level of SCP when opening an encrypted communication channel (when processing the "EXTERNAL AUTHENTICATE command"). Specifically, "level 1: assigning a check code for detecting command tampering" and "level 2: assigning a check code for detecting command tampering + encrypting a command data field" are defined, and in step S5 and thereafter. The level set at the time of opening will be applied to the exchanged commands. When the SCP level is set in this way, the data fields of the commands in steps S5 and subsequent steps are encrypted only when the level 2 is set. In the examples of steps S5 and S6, the responses to the commands are not protected by SCP, and are returned in plain text via the normal communication path. However, if necessary, these responses are to be answered. However, the reply may be made via the encrypted communication path.

<<< §2. Management program security strength and hierarchical structure >>>
In §1 described above, the procedure for establishing an encrypted communication path with the external device 200 by the management program SD incorporated in the information processing apparatus 100 and performing encrypted communication between the two is briefly described. Here, it will be described that there is a difference in security strength between the encrypted communication paths established by the management program SD and that a plurality of management program SDs are incorporated into the information processing apparatus 100 in a hierarchical structure.

FIG. 6 is a diagram showing a data structure of an encrypted communication channel opening command CMD, which is currently defined as a specification for an IC card. In the case of the example described in §1, the data structure of the encrypted communication path opening command CMD is, as shown in FIG. 6A, "command character string information", "storage location specification information", and "random number" in order from the beginning. , And specifically, as shown in Fig. 6 (b), the format is such that the character string "INITIALIZE UPDATE" is at the beginning, followed by "key version encryption" and "random number".

As described above, the first "command character string information (INITIALIZE UPDATE)" is a character string for indicating that the command is a command for opening an encrypted communication path. The following "storage location designation information" is encryption key designation information for designating a specific encryption key used for opening an encrypted communication path, and is a case where the encryption key is stored using the key table T as shown in FIG. Consists of "key version number". The final "random number" is data used by the smartphone 10 to authenticate the SIM card 11 as a legitimate communication partner, as described above.

The data structure of the encrypted communication path establishment command CMD illustrated in FIGS. 6 (a) and 6 (b) is defined as the encryption protocols SCP01, CP02, and CP03 in international specifications such as GlobalPlatform (registered trademark) and 3GPP / ETSI. It is what has been done. In addition to this, some encryption protocol specifications are defined in the specifications, and the data structure of the encrypted communication path opening command CMD has a different data structure according to each specification. For example, for the encryption protocol SCP80, as shown in FIG. 6 (c), a cryptographic communication path opening command CMD that puts the character string "ENVELOPE" at the beginning is defined, and for the encryption protocol SCP10, FIG. As shown in (d), a cryptographic communication path establishment command CMD that starts with the character string "MANAGE SECURITY ENVIRONMENT" is defined. As described above, the data structure of each of these command CMDs is a conceptual data structure in which only a part of the information is extracted for convenience of explanation, and does not indicate the actual data structure itself.

FIG. 7 is a table showing the correspondence between the command character string information used for each encryption protocol and the type information of the encryption algorithm. Here, the character strings such as SCP01, SCP02, SCP03, SCP10, SCP80, and CSP81 shown in each column of the table are information (referred to in the present application as CSP type) that specifies each encryption protocol. The vertical heading of the table indicates the type of cryptographic algorithm used by each cryptographic protocol, and the horizontal heading of the table indicates the command character string information used by each cryptographic protocol. Note that "SCPxx" in this table indicates an encryption protocol that may be formulated in the future, although it has not been specified by GlobalPlatform (registered trademark) at this time.

As described above, a large number of cryptographic protocols have been established at present, and it is expected that new cryptographic protocols will be additionally formulated in the future. In addition, it is expected that the cryptographic algorithms used by each cryptographic protocol will also diversify. The important point here is that the security strength differs depending on each encryption protocol. For example, regarding the cryptographic algorithm, AES is theoretically considered to have higher security strength than Triple-DES. Therefore, in the case of the example shown in FIG. 7, SCP03 is better than the cryptographic protocols SCP01 and CP02. However, the security strength is increased.

Moreover, even if the same cryptographic algorithm is adopted, the security strength differs depending on the specifications of the cryptographic protocol. For example, in the case of the example shown in FIG. 7, the encryption protocols CP01 and SCP02 both use Triple-DES as the encryption algorithm, but the encryption protocol SCP02 is said to have higher security strength than SCP01. ..

As described in §1, a general IC card incorporates at least one set of management program SD (Security Domain program), and the encrypted communication path to and from the external device is determined by this management program SD. It will be opened. The management program SD is configured to support any one or more of the various cryptographic protocols shown in the table of FIG. Therefore, when a plurality of management program SDs are incorporated in the same information processing apparatus 100, the encryption protocol adopted for each management program SD is often different. For example, the first management program SD adopts only the encryption protocol CP81, but the second management program SD adopts both the encryption protocols CP01 and CP02, and so on.

Naturally, the security strength of the encrypted communication path established by the management program SD will differ depending on which encryption protocol is adopted. Of course, since the application program AP3 on the external device 200 side requests the specific management program SD in the information processing device 100 to open the encrypted communication path and communicates with it, even if the encrypted communication path with low security strength is used. Even if information is exchanged via the system, the application program AP3 knows that and specifies the specific management program SD, which itself poses a serious problem. It does not mean that.

FIG. 8A is a diagram showing a hierarchical structure of an application program constructed in the SIM card 11 (information processing device 100). In this figure, the ISD (Issuer Security Domain) arranged at the top of the hierarchical structure is a management program called an issuer SD, which is a program written at the time of factory shipment of the SIM card 11. In the case of the illustrated example, the programs SSD1, SSD2, AP01, AP02 are arranged below this ISD, AP11 and AP12 are arranged below SSD1, and SSD3, AP21, AP22, AP23 are arranged below SSD2. Are arranged, and AP31 and AP32 are arranged below the SSD3.

Each of the programs shown in blocks in FIG. 8A is an application program incorporated in the SIM card 11 (information processing device 100). Here, SSD1, SSD2, SSD3 (Supplemental Security Domain) are management programs like ISD, but while ISD is the highest management program written at the time of factory shipment, SSD1, SSD2, SSD3 becomes a program placed under ISD or another SSD.

As mentioned above, the management program is still one of the application programs, but due to the hierarchical structure, another application program (general application program may be used or another management program) is subordinate to the management program. Can be placed and kept under control. Therefore, in the case of the illustrated example, only two sets of general application programs AP11 and AP12 are arranged under the management program SSD1, but one set of another management program is arranged under the management program SSD2. SSD3 and three sets of general application programs AP21, AP22, and AP23 are arranged, and further, two sets of general application programs AP31 and AP32 are arranged below the management program SSD3.

The management program SD has a function of managing the entire SIM card 11 (information processing device 100) and a function of managing lower-level application programs. Specifically, a general SD program has the following functions. A list of these features is also shown in Figure 8 (b).
<Function 1> IC card life cycle management <Function 2> Application program life cycle management <Function 3> Application instance life cycle management <Function 4> Application program loading <Function 5> Application instance generation (installation)
<Function 6> Deletion of application programs and instances <Function 7> Writing of issued data for applications <Function 8> Reading of data <Function 9> Securing a secure communication path

However, the above nine functions are not necessarily provided in all management programs SD. Normally, the ISD of the uppermost layer has all the functions, but some functions may be restricted for the SSD placed in the lower layer. For example, the above-mentioned function 1 "IC card life cycle management" is usually provided only in ISD. In addition, some of the above functions are functions provided for application programs (application programs under the control of the user) arranged in the lower hierarchy of the user.

Hereinafter, some of the above nine functions related to the present invention will be briefly described. First, in order for the management program SD to incorporate the application program under its own control and enable it to operate, the application program is loaded by the above function 4, and then the application program is loaded by the above function 5. An instance is generated, and further, the issue data for the application is written by the above function 7.

More specifically, the process of function 4 "loading the application program" is a process of storing the package of the application program in the memory in response to the load command given from the external device. In addition, the process of function 5 "Generate application program instance" is a so-called installation process, and the loaded application program package is expanded on the memory according to the installation command given from the external device to develop the application instance. This is the process to generate. Execution of the application program is the process of executing this instantiated program code.

Then, the process of the function 7 "writing the issue data for the application" is a process of storing the data (issued data) necessary for executing the application program in the memory. For example, in the case of an application program having a credit payment function, in order to make the program executable, it is necessary to perform a process of writing a credit card number, a user's personal information, etc. as issuance data. Further, in the case of the management program SD, in order to make the program executable, it is necessary to perform a process of writing the key information necessary for opening the encrypted communication path as issuance data (processing of writing the encryption key to the key table T). There is.

As described in §1, the process of the final function 9 “securing a secure communication path” is secure with the external device 200 based on a predetermined encryption protocol called “SCP: Secure Channel Protocol”. It is a function to open a cryptographic communication channel and perform cryptographic communication. In order to realize such a function, as shown in FIG. 2, the encrypted communication channel opening routine R1 and the key table T1 are incorporated in the management program SD. The encrypted communication channel opening routine R1 will be incorporated by the above function 5 "Generation of an instance of the application program", and the contents of the key table T1 will be written by the above function 7 "Writing the issue data for the application". Become.

According to the specifications of Global Platform (registered trademark), when the management program SD performs the above-mentioned "functions 1 to 7", information is exchanged via an encrypted communication path (a secure communication path established by the function 9). However, it is not mandatory to open an encrypted communication channel for "Function 8: Reading data". The process of step S2 in FIG. 5 shows an example in which data reading processing capable of exchanging information without going through the encrypted communication path is performed before opening the encrypted communication path. On the other hand, commands for executing processing such as function 4 (load function), function 5 (installation function), and function 7 (issue function) are protected by SCP as in steps S5 and S6 of FIG. As a command, it will be sent in an encrypted state.

FIG. 9 is a block diagram showing an example of an mode of information communication between the information processing device 100 (SIM card 11) at the time of shipment from the factory and the external device 200 (smartphone 10 or external server 20). In the case of the illustrated example, the information processing apparatus 100 stores an OS program, an ISD (issuer SD: top-level management program), and two sets of application programs AP01 and AP02 at the time of shipment from the factory. It is ready for operation. Here, the management program ISD incorporates a cryptographic channel opening routine R00 and a key table T00, which can be used to open a cryptographic channel based on a predetermined encryption protocol. be.

Here, for convenience of explanation, consider the case where an external device 200 (smartphone 10 or external server 20) as shown in FIG. 9 is prepared. The application program AP (ISD) prepared in the external device 200 is a program for establishing an encrypted communication path with the management program ISD in the information processing device 100, and is encrypted communication like the management program ISD. The road opening routine R00 and the key table T00 are incorporated. On the other hand, the external device 200 shown in the figure also has an application program AP (SSD1). This program AP (SSD1) is a program for opening an encrypted communication path with the management program SSD1 to be incorporated in the information processing apparatus 100 later, and the encrypted communication path opening routine R10 and the key table T10 are incorporated. It has been.

Here, the information processing apparatus 100 at the time of shipment from the factory shown in FIG. 9 incorporates the management program ISD, but does not yet incorporate the management program SSD1. That is, it can be said that the hierarchical structure of the information processing apparatus 100 shown in FIG. 9 is a state in which only the blocks of ISD, AP01, and AP02 in the hierarchical structure diagram of FIG. 8 exist. The hierarchical structure diagram of FIG. 8 is a state after the user who has obtained the information processing apparatus 100 shown in FIG. 9 has performed work of incorporating various application programs.

FIG. 10 is a block diagram showing an example of an mode of information communication between the information processing device 100 (SIM card 11) and the external device 200 (smartphone 10 or external server 20) at the start of use. The information processing device 100 shown in FIG. 10 newly stores the management program SSD1 and is in an operable state. The illustrated management program SSD1 incorporates an encrypted communication channel opening routine R10 and a key table T10, and uses this to be used between the application program AP (SSD1) prepared on the external device 200 side. It is possible to open an encrypted communication channel and perform encrypted communication.

According to the specifications of GlobalPlatform (registered trademark), when a plurality of management program SDs are incorporated in the SIM card 11, the key table T used by each management program SD is stored as a separate table. Therefore, in the case of the example shown in FIG. 10, the key table T00 and the key table T10 are separate and independent key tables.

However, in practicing the present invention, the key table T used by each management program SD does not necessarily have to be a separate table. For example, a common key table T as shown in FIG. 3 is provided and a key is provided. The tables T00 and T10 may be configured as a part of the key table T. For example, when the key table T00 is composed of the row area of the key version "0x20" and the key table T10 is composed of the row area of the key version "0x21", the encryption key recorded in the key table T00 is. The encryption keys recorded in the KeyD, KeyE, KeyF, and the key table T10 are KeyG, KeyH, and KeyI.

In order to move the information processing apparatus 100 from the state shown in FIG. 9 to the state shown in FIG. 10, a new management is performed under the control of the management program ISD shown in FIG. 8A, that is, the management program ISD. It is necessary to perform a process of incorporating the program SSD1. To do so, first, the external device 200 gives a command to open an encrypted communication path to the management program ISD of the information processing device 100, and the management program ISD functions 9 "securing a secure communication path" between the two devices. After establishing a cryptographic communication path in, the work of giving the following command may be performed via this cryptographic communication path.

First, a load command is given from the external device 200 to the management program ISD of the information processing device 100 to execute the process of function 4 "loading the application program" by the management program ISD. By this process, the binary data of the program package constituting the new management program SSD1 is stored in the memory in the information processing apparatus 100. This program package is a program before installation, and the CPU is not ready to be executed as it is.

Subsequently, an installation command is given from the external device 200 to the management program ISD of the information processing device 100 to execute the process of function 5 "instance generation of application program" by the management program ISD. By this process, the program package stored in the memory is expanded on the memory, and the application instance constituting the management program SSD1 is generated. Although this application instance is a routine that can be executed by the CPU, the issued data (in this case, the encryption key) is still insufficient to operate as the management program SSD1. In other words, at this point, the encrypted communication channel opening routine R10 drawn in the block of SSD1 in FIG. 10 is in a state of being stored in the memory as an application instance, but the contents of the key table T10 (contents). The encryption key) is not yet stored in the memory.

Therefore, finally, the external device 200 gives a command to write the issued data to the management program ISD of the information processing device 100, and the process of function 7 "writing the issued data for the application" by the management program ISD (key writing process). ) Is executed. By this process, the issuance data (encryption key) necessary for the operation of the management program SSD1 is written in the memory. That is, the encryption key which is the content of the key table T10 shown in FIG. 10 is written in the memory as the issue data. As a result, the new management program SSD1 is incorporated under the control of the management program ISD in an operable state. Therefore, the management program SSD1 can execute the process of function 9 “securing a secure communication channel” by using the encrypted communication channel opening routine R10 and the key table T10, if necessary.

The management program SSD2 shown in the hierarchical structure diagram of FIG. 8A is also incorporated in a state in which it can operate under the control of the management program ISD by the same procedure. Then, this time, after opening the encrypted communication path in the management program SSD1, the application programs AP11 and AP12 can be incorporated under the management in an operable state by the same procedure. Further, after the management program SSD2 is provided with an encrypted communication path, the application programs AP21 to AP23 and the management program SSD3 can be incorporated under the control of the management program SSD2 in an operable state by the same procedure. Further, after the management program SSD3 is provided with an encrypted communication path, the application programs AP31 and AP32 can be incorporated under the management in an operable state.

Keeping in mind that such a procedure is performed, after all, when a certain management program is designated and another application program is incorporated under the management, the function 9 “Secure communication” of the designated management program is performed. An encrypted communication path is established by using "Securing a path", and the function 4 "loading the application program" and the function 5 "creating (installing) an instance of the application program" are added to the designated management program via the encrypted communication path. , Function 7 A command is given to perform the process of "writing the issued data for the application". In short, when a new application program is installed in the lower layer of a certain management program, a command that instructs load processing, installation processing, and issuance processing for the new application program via the encrypted communication path established by the management program. Will be given.

<<< §3. Specific commands given to the IC card >>>
FIG. 11 is a diagram showing a specific command format example given to an IC card conforming to the specifications of Global Platform (registered trademark). Of course, various other commands are used as commands for IC cards, but the commands shown in FIGS. 11 (a) to 11 (h) are the commands used in the explanations of §1 and §2 and §4. These are commands related to the specific embodiments described below. Hereinafter, the format of each of these commands and the processing content executed on the IC card side in response to the command will be briefly described. Note that the data structure of each command format shown in FIG. 11 is a conceptual data structure obtained by extracting only a part of information like the data structure of the command format shown in FIG. 6, and the actual data structure itself can be used. It does not indicate.

<3-1. Application selection command>
First, the “application selection command” shown in FIG. 11A will be described. This command is the command described in step S1 of the diagram of FIG. 5, and is a command for designating a specific channel number and selecting a specific application program on the information processing apparatus 100 side. As shown in the figure, it has a data structure of "SELECT (#n) + application name", specifies a channel number #n, and is an instruction to select an application program specified by "application name".

When a command is given from the external device 200 to the information processing device 100, the channel number #n is used to identify which application program the command is addressed to. Since a plurality of application programs are stored in the information processing device 100, it is necessary to add a channel number #n to each of the commands given from the external device so that they can be identified. The "application selection command" plays a role of performing initial setting for associating a specific channel number #n with a specific application program.

For example, when the application selection command "SELECT (# 3) + ISD" is given to the information processing apparatus 100, the management program ISD is associated with the channel number # 3. Specifically, the OS program in the information processing apparatus 100 that has received the command records that the management program ISD is associated with the channel number # 3. After that, all the commands to which the channel number # 3 is assigned are treated as commands addressed to the management program ISD and executed by the management program ISD.

<3-2. Application load command>
Next, the “application load command” shown in FIG. 11B will be described. This command is a command for executing the function 4 of the SD program shown in FIG. 8 (b), and is executed as the first step when incorporating a new application program under the control of a specific management program SD. It is a command. Actually, as shown in the figure, it is composed of two commands.

The load command of the first stage has a data structure of "INSTALL for load (#n) + package name", specifies the channel number #n, and loads the package specified by "package name". It becomes a command to convey instructions. The load command of the second stage has a data structure of "LOAD (# n) + binary data", specifies the channel number # n, and instructs that the subsequent binary data package is stored in the memory as it is. It becomes a command to convey.

Here, this "application load command" will be described by taking as an example the procedure when the lower management program SSD1 is newly incorporated under the control of the upper management program ISD. For convenience of explanation, it is assumed that the management program ISD is already associated with the channel number # 3 by the above-mentioned application selection command "SELECT (# 3) + ISD". In this case, a command such as "INSTALL for load (# 3) + PackSSD1" is given as the load command of the first stage, and a command such as "LOAD (# 3) + binary data" is given as the load command of the second stage. Will be given.

Since the application load command consisting of the above two steps is a command to which the channel number "# 3" is assigned, it will be processed by the higher-level management program ISD associated with "# 3". The higher-level management program ISD stores the "binary data" part included in the load command of the second stage as it is in a predetermined location in the memory, and confirms whether the "binary data" is the package name "PackSSD1". I do. Here, the substance of the "binary data" is the program data for the newly incorporated lower management program SSD1.

<3-3. Application program installation command>
Subsequently, the “application program installation command” shown in FIG. 11 (c) will be described. This command is a command for executing the function 5 of the SD program shown in FIG. 8 (b), and is executed as a second step when incorporating a new application program under the control of a specific management program SD. Command.

The application program installation referred to here is a process of expanding the application program package stored in the memory by loading the application as an application instance in the memory so that the CPU can execute it. .. In other words, installing an application program is the process of expanding an already loaded package into memory and creating an application instance.

As shown in the figure, the installation command of this application program has a data structure of "INSTALL for install (#n) + package name + application name + parameter", specify the channel number #n, and use "package name". It is a command that expands the specified package, creates an application instance, and conveys an instruction to give the application instance a name specified by "application name". In addition, in the installation command conforming to the GlobalPlatform specifications, the data "class name" is placed after the "package name", and the application instance specified by the "class name" is generated. For convenience, the description of "class name" will be omitted.

The "parameter" part attached to this installation command includes function specification information. This function specification information is information that specifies a processing function that can be executed by the application program to be installed, and after installation, the application program may execute a predetermined processing function specified by this function specification information. It will be possible. In other words, the processing function not specified in this function specification information cannot be executed. This is because execution restrictions are applied at the time of installation for processing functions that are not specified in the function specification information.

The "binary data" loaded by the application load command originally contains program routines for executing various processing functions, and the installed application program itself has various processing functions. There is. However, when the installation process is completed, only the functions specified in the function specification information can be executed among these processing functions. In this way, it is for security reasons that only the specified function can be executed. That is, the installation process is performed so that only the necessary processing functions can be executed according to the authority to be given to the application program to be installed.

In the explanation of the command format example (b) described above, "INSTALL for load (# 3) + Pack SSD1" and "LOAD (#)" are taken as an example in which the lower management program SSD1 is newly installed under the control of the upper management program ISD. The procedure for loading the package "PackSSD1" into the memory of the information processing device 100 by the application load command "3) + binary data" has been described. Here, as a continuation, a specific process when an application program installation command such as "INSTALL for install (# 3) + PackSSD1 + SSD1 + parameter" is given will be described. Since the channel number "# 3" is also assigned to this command, it is processed by the higher-level management program ISD associated with "# 3".

Therefore, the management program ISD uses the SD program function 5 shown in FIG. 8 (b) to expand the application program package already loaded with the package name "PackSSD1" on the memory and create an application instance. To execute. The new application program installed in this way is given the designated application name "SSD1" and is under the control of the management program ISD in terms of the hierarchical structure.

According to the GlobalPlatform (registered trademark) specifications, when performing this installation process, a cryptographic channel opening function using a specific encryption protocol specified by the function specification information in the "parameter" will be set. .. Normally, the management program loaded as a package includes a cryptographic communication path opening routine based on multiple cryptographic protocols, but at the time of installation, it should be specified by the function specification information in the above "parameters". As a result, only a specific cryptographic protocol is selected, and only the processing functions related to the selected cryptographic protocol are installed so that they can be executed. As will be described later, various processing functions other than the encrypted communication channel opening function can be pointed out in the function designation information, and such various processing functions are also installed in an executable state as needed. ..

For example, suppose that the package "PackSSD1" contains a cryptographic channel opening routine for two types of encryption protocols, "SCP01 (Triple-DES)" and "SCP02 (Triple-DES)". In this case, if "SCP01 (Triple-DES)" is specified in the parameter (function specification information) of the installation command of the application program, the encrypted communication path opening routine for "SCP01 (Triple-DES)" is installed, and thereafter. , The management program SSD1 will open an encrypted communication path using the encryption protocol "SCP01 (Triple-DES)". On the other hand, if "SCP02 (Triple-DES)" is specified in the parameter (function designation information), the encrypted communication path opening routine for "SCP02 (Triple-DES)" is installed, and thereafter, the management program SSD1 An encrypted communication path will be opened using the encryption protocol "SCP02 (Triple-DES)".

<3-4. Issued data write command for applications ＞
Here, the “command for writing issued data for applications” shown in FIG. 11 (d) will be described. This command is a command for executing the function 7 of the SD program shown in FIG. 8 (b), and is a command for writing issued data for a predetermined application program.

As already mentioned, many application programs, including management programs, cannot perform normal operations just by installing them, and perform an issuance process that stores the data (issued data) necessary for execution in memory. There is a need. For example, in the case of an application program having a credit payment function, in order to make the program executable, it is necessary to perform an issuance process in which a credit card number, a user's personal information, etc. are written as issuance data. Similarly, in the case of the management program SD, in order to make the program executable, it is necessary to perform an issuing process of writing the encryption key required for opening the encrypted communication path as issuance data.

FIG. 11 (d) shows two types of write commands for writing such issued data. The write command No. 1 is a general-purpose write command for writing the issue data, has a data structure of "STORE DATA (#n) + issue data", specifies the channel number #n, and "issues". It is a command that conveys an instruction to write the data in the "data" part as issued data. This command is a general-purpose command that can be given not only to the management program but also to general application programs. As described above, if it is given to an application program having a credit payment function, a credit card number, user's personal information, key data used for payment processing, etc. can be written as "issued data". Further, if given to the management program SD, key data or the like necessary for opening an encrypted communication path can be written as "issued data". The contents of the key table T illustrated in FIG. 3 can also be written as "issued data".

On the other hand, the write command No. 2 is a dedicated write command for writing the key data (encryption key), has a data structure of "PUT KEY (# n) + key data", and has a channel number # n. It is a command to specify and convey an instruction to write the data of the "key data" part to the key table T (only an empty storage location is prepared at the time of installation) illustrated in FIG. The contents of the key table T illustrated in FIG. 3 can be written as issuance data by the above-mentioned write command 1, or can be written as key data by the write command 2.

In the explanations of the command format examples (b) and (c) described above, the stage of loading and installing the management program SSD1 is described by taking as an example the case where the lower management program SSD1 is newly incorporated under the control of the upper management program ISD. explained. Although the storage location for the key table T is secured in the management program SSD1 installed in this way, the contents remain empty, and the encrypted communication path is opened unless the key data is written. Can't. Therefore, as the final stage of the embedded processing of the lower management program SSD1, it is necessary to give the issue data write command and write the key data to the key table T.

When writing the key data using the write command No. 1, the write command of the issue data "STORE DATA (#n) + key data" may be given (the key data becomes the issue data). As will be described in detail later, the channel number "#n" in this command may be a number that specifies the upper management program ISD or a number that specifies the lower management program SSD1. That is, by designating the write target in advance by the "(h) Issued data write target specification command" described later, the management program that executes the command can specify the given write data. It can be written as key data about the inclusion target. Therefore, in the case of the above example, the key data can be written as the key data for the lower management program SSD1.

On the other hand, when writing the key data using the write command No. 2, the issue data write command "PUT KEY (#n) + key data" may be given. This command is a command for causing the management program itself that has received the command to execute the writing process of the key data used by itself. Therefore, in the case of the above example, the channel number "# n" in this command is a number that specifies the lower management program SSD1, and the key data is written as the key data for the lower management program SSD1.

The general format of write command 1 is "STORE DATA (#n) + issued data", but according to the specifications of GlobalPlatform (registered trademark), when key data is used as issued data, It is a rule to clearly indicate that it is key data by using a predetermined specifier in the issue data part. Therefore, when a write command in the format of "STORE DATA (#n) + key data" with the issued data part as the key data is received, it is recognized that the write command is a key data write command. be able to. On the other hand, since the write command No. 2 is a command dedicated to writing key data, it can be recognized that it is a key data write command when the write command is received.

When writing key data to the key table T composed of a collection of cells in a two-dimensional matrix as shown in FIG. 3, it is necessary to specify the cell as the storage position. Each cell is specified by the key version number and the key ID. For the key ID, for example, as shown in the illustrated example, a storage rule such as "store the cell having 0x01 in order" is applied. If it is determined, the writing position of the key data can be specified only by specifying the key version number. In this case, the write command may include information for specifying the key version number as the write location specification information for specifying the write position.

<3-5. Cryptographic channel opening command ＞
Next, the “encrypted channel opening command” shown in FIG. 11 (e) will be described. This command is a command for executing the function 9 of the SD program shown in FIG. 8 (b), and is a command for opening an encrypted communication path for a specific management program SD. This encrypted communication channel opening command has already been described in step S3 of the diagram of FIG. 5, and the format thereof has already been described with reference to FIG.

That is, as shown in the figure, this encrypted communication channel opening command has a data structure of "INITIALIZE UPDATE (#n) + parameter", and provides an encrypted communication channel to the management program SD specified by the channel number #n. It is a command that gives an instruction to open and requests a response that the external device 200 uses to authenticate the information processing device 100 as a legitimate communication partner.

As described above, a key version number and a random number are added as parameters to this encrypted communication channel opening command. The management program SD extracts the encryption key specified by the key version number added to the command from the key table T shown in FIG. 3, and uses the extracted encryption key and a predetermined encryption algorithm to connect with the external device 200. A process of establishing an encrypted communication path between them is performed, an operation based on a predetermined algorithm is performed on the random number added to the command, and the operation result is returned as a response to the command.

<3-6. External authentication command>
Subsequently, the “external authentication command” shown in FIG. 11 (f) will be described. This command is a command for the management program SD specified by the channel number # n to authenticate the external device 200 currently communicating as a legitimate communication partner, and has already been performed in step S4 of the diagram of FIG. This is an explanation.

As described in §3-5, the encrypted communication channel opening command "INITIALIZE UPDATE (#n) + parameter" gives an instruction to open the encrypted communication channel, and the external device 200 normally communicates with the information processing device 100. This command requests a response used to authenticate as a partner. If the response is valid, the external device 200 determines that the information processing device 100 is a legitimate communication partner.

As shown in the figure, the external authentication command described here has a data structure of "EXTERNAL AUTHENTICATE (#n) + host authentication code", specifies the channel number #n, and uses the external device 200 as a regular communication partner. A host authentication code for authentication is added. If the host authentication code is valid, the information processing device 100 determines that the external device 200 is a legitimate communication partner.

In this way, the external authentication command "EXTERNAL AUTHENTICATE (#n) + host authentication code" is a command given following the encrypted communication channel opening command "INITIALIZE UPDATE (#n) + parameter", and information processing is performed by both. Mutual authentication will be performed between the device 100 and the external device 200.

<3-7. Management program change command>
Next, the “management program change command” shown in FIG. 11 (g) will be described. This command is a command used to change the hierarchical structure of the management program. FIG. 8A shows an example of the hierarchical structure of the application program, but such a hierarchical structure can be changed by using the management program change command.

As shown in FIG. 11 (g), this management program change command has a data structure of "INSTALL for extradition (#n) + new management program name + application name to be moved", and specific management is performed by channel number # n. It is a command that specifies a program SD and conveys an instruction to the management program SD to move the application program to be moved, which is currently under its control, to the control of a new management program.

For example, in the hierarchical structure shown in FIG. 8A, consider a case where the management program SSD3 is moved from the control of the management program SSD2 to the control of the management program SSD1. In this case, the management program change command "INSTALL for extradition (#n) + SSD1 + SSD3" is given to the current upper management program SSD2. As a result, the current upper management program SSD2 executes a process of moving the lower management program SSD3 to be moved under the control of the new upper management program SSD1 to be moved. At this time, the general application programs AP31 and AP32, which are lower layers of the management program SSD3, also move together.

Such movement is often performed when the load function and the install function of the management program SSD1 are restricted. In this case, the management program SSD1 cannot directly install the management program SSD3 under its own, so for the time being, the management program SSD2 having an installation function installs it under its own and moves it to the lower part of the management program SSD1. After that, the issue data (encrypted data) is written. That is, the process of writing the issued data for the management program SSD3 is performed via the encrypted communication path established by the management program SSD1 which is the destination.

After all, the substance of this management program change command is a command for arranging the lower management program under the control of the upper management program, like the installation command. Therefore, the "installation command" in the present application includes not only the application program installation command (command (c)) described in §3-3, but also the management program change command (command (g)) described here. It shall be.

<3-8. Issued data write target specification command>
Finally, the “issued data write target specification command” shown in FIG. 11 (h) will be described. In §3-4, "Issued data writing command No. 1" was explained, but the "Issued data writing target specification command" described here gives "Issued data writing command No. 1". This is a command for specifying the writing target of the issued data in advance.

As shown in FIG. 11 (h), this issue data write target specification command has a data structure of "INSTALL for personalization (#n) + issue target application name", and is a specific management program SD according to the channel number #n. Is specified to be a command for the management program SD to specify the application program specified as the "issue target application name" as the issue data write target.

Here, too, the following description will be given by taking as an example a case where the lower management program SSD1 is newly incorporated under the control of the upper management program ISD. As described above, once the management program SSD1 is loaded into the lower layer of the upper management program ISD and the installation stage is completed, the key data is only written to the lower management program SSD1 as the final stage. At this time, in order to write the key data using the write command 1 shown in FIG. 11 (d), the issue data document "STORE DATA (#n) + key data" is written to the lower management program SSD1. It is necessary to give an embedded command to cause the lower management program SSD1 to execute the key data writing process.

However, if the issue data write target specification command is used, the issue data write command "STORE DATA (#n) + key data" is given to the higher-level management program ISD, and the write command is actually given. Can be passed to the lower management program SSD1 and executed by the lower management program SSD1. For that purpose, before giving the issue data write command "STORE DATA (#n) + key data" to the upper management program ISD, "INSTALL for personalization (# n) + SSD1" to the upper management program ISD. It is sufficient to give the issue data write target specification command, and specify that the key data write target for the subsequent issue data write command is the lower management program SSD1.

<<< §4. Problems to be solved by the present invention >>>
In the above, in §1 to §3, the basic configuration of a general IC card conforming to the specifications of Global Platform (registered trademark) and the basic functions of a management program have been described. Based on these explanations, the problems to be solved by the present invention will be specifically described here.

FIG. 12 is a block diagram showing an aspect of information communication between the basic configuration of the information processing device 100 according to the present invention and the external device 200. Here, as in the description in §1 to §3, it is assumed that the information processing device 100 is the SIM card 11 mounted on the smartphone 10 and the external device 200 is the smartphone 10 or the external server 20. Therefore, the following explanation will be given.

The information processing device 100 has a function of performing encrypted communication with the external device 200, and includes an information storage unit 110 and a program execution unit 120 as shown in the figure. In the case of this embodiment, the information storage unit 110 is configured by the non-volatile memory and plays a role of storing the program and the data used by the program. More specifically, the information storage unit 110 includes a program storage unit 111 for storing a program and a data storage unit 112 for storing data.

On the other hand, the program execution unit 120 plays a role of executing the program stored in the information storage unit 110. More specifically, the program execution unit 120 includes a CPU and, if necessary, a working memory such as a RAM, and stores the data stored in the data storage unit 112 in the program storage unit 111. Run the program that has been created. A communication path is provided between the program execution unit 120 and the external device 200. The program execution unit 120 executes a command given from the external device 200 via this communication path, and returns the result as a response to the external device 200.

As shown in the figure, various programs and data are stored in the information storage unit 110. First, the OS program and the application program are stored in the program storage unit 111. As described in §1, the application program is composed of a management program and a general application program, and in the case of the illustrated example, two sets of management programs ISD and SSD1 and two sets of general application programs AP01 and AP02 are stored. The state is shown. Here, as shown in the hierarchical structure diagram of FIG. 8A, a hierarchical relationship is defined between the management programs ISD and SSD1.

In the embodiment shown in FIG. 12, an example in which two sets of management programs and two sets of general application programs are stored as application programs in the program storage unit 111 is shown, but it relates to the present invention. In the information processing device, it is not always necessary that a plurality of management programs and a plurality of general application programs are stored, and at least one management program (in the case of the illustrated example, the management program ISD) is stored. If so, it is possible to carry out the present invention.

Here, as described above, the management programs ISD and SSD1 have their own upper layer and another application program (regardless of whether it is a general application program or a management program) as a lower layer, and the application in the lower layer. A program that keeps the program under its own control, and is an encrypted communication path to and from the external device 200 using a predetermined encryption protocol and a predetermined encryption key for the self or the application program under the control of the self. It has a cryptographic communication path opening function for opening a program, and the function is executed based on a cryptographic communication path opening command given from the external device 200.

In addition, the management programs ISD and SSD1 both have a function of incorporating a new application program (regardless of whether it is a general application program or a management program) under their own control. Specifically, as explained in §2, load processing, installation processing, and issuance processing for a new application program will be executed.

On the other hand, the data storage unit 112 also stores data used by the OS program and each application program. The figure shows a state in which OS data, ISD data, SSD1 data, AP01 data, and AP02 data are stored corresponding to each program stored in the program storage unit 111. There is. Each program will be executed using each corresponding data. As described above, the management program requires the key table T as shown in FIG. 3, but in the case of the illustrated example, the key table T (ISD) for the management program ISD is stored as a part of the ISD data. , The key table T (SSD1) for the management program SSD1 is stored as a part of the data for SSD1.

However, the configuration itself shown in the block diagram of FIG. 12 is exactly the same as the configuration of the conventional information processing apparatus described so far. The feature of the information processing apparatus 100 according to the present invention is that the management program ISD or SSD1 is newly provided with an additional processing function. This processing function always maintains the state in which only the minimum necessary encryption key is stored in the key table stored as a part of the ISD data or the SSD1 data, saves the storage capacity, and is for security reasons. It has a unique effect of reducing the problem of.

As described in §2, the management program ISD (Issuer Security Domain) is the highest-level management program written at the time of shipment from the factory, and is an essential program already written when the information processing apparatus 100 is shipped. be. Of course, the same applies to the OS program. On the other hand, the management program SSD (Supplemental Security Domain) incorporated in the lower layer of the management program ISD is usually an incidental program incorporated as needed after the information processing apparatus 100 is shipped from the factory.

Therefore, the management program SSD1 shown in FIG. 12 is an application program newly incorporated after the information processing apparatus 100 is shipped from the factory, and the embedded processing of the management program SSD1 is as described in §2. It will be executed by the higher-level management program ISD. That is, by giving the application load command shown in FIG. 11 (b) to the management program ISD, a load process for loading the program package to be the management program SSD1 is executed, and the management program ISD is made to execute the load process shown in FIG. 11 (c). By giving the installation command shown, the installation process for expanding the loaded package is executed, and finally, by giving the write command shown in FIG. 11 (d) to the management program ISD, the installed management program SSD1 The key writing process for writing the encryption key to be used will be executed. As described in §3, this key writing process can be executed by the newly installed management program SSD1 itself, but in the basic embodiment shown below, the key is used by the management program ISD. An example in which the writing process is executed will be described.

Here, the storage of the encryption key is performed in two stages, the next preparation stage and the writing stage. The preparation stage is a process executed at the time of installation (when the installation command shown in FIG. 11C is given), and the key table T (SSD1) is used as a part of the SSD1 data in the data storage unit 112. This is the process to prepare. However, the key table T (SSD1) prepared in this preparation stage is a virtual table composed of empty storage locations, and the actual data of the encryption key is not recorded. In other words, in the preparatory stage performed at the time of installation, only the key table for storing the encryption key is prepared in the logical key space, and the storage capacity of the memory is wasted at this stage. There is nothing.

On the other hand, the writing stage is a process executed at the time of key writing (when the writing command shown in FIG. 11D is given), and is a predetermined key table T (SSD1) prepared in the preparation stage. This is the process of writing the actual key data (encryption key) to the storage location. That is, the data of the encryption key is actually written in the real space on the memory corresponding to the predetermined location of the key table T (SSD1) constructed in the logical space. Therefore, when this writing step is executed, the storage capacity corresponding to the actual data of the encryption key is consumed. Therefore, if an encryption key that is not originally required is actually written at the writing stage, the memory is wasted.

In the case of a small portable information processing device such as a smartphone or IC card, the storage capacity of the built-in memory is small, so it is important to reduce waste as much as possible and keep only the minimum necessary encryption key stored. .. In particular, since the memory for an IC card is often required to have a higher level of security than a general USB memory or the like, an expensive memory with more robust security is often used. Therefore, it is difficult to incorporate a large-capacity memory in order to reduce the cost, and it is strongly required to save the storage capacity in operation. Further, Japanese Patent Application No. 2015-168868 also discloses a technique for switching and using a plurality of encryption protocols, and when such a technique is used, it should be stored in the key table T. The number of cryptographic keys is expected to increase, and efficient use of key space will become increasingly important.

In addition, if an unnecessary encryption key is stored, a security problem will occur if it is leaked to the outside. That is, even if the encryption key is unnecessary for the specific information processing device 100, if it is leaked to the outside, it becomes a factor that threatens the security of the entire system including the external device 200 and another information processing device. Therefore, storing unnecessary encryption keys in the key table T (SSD1) is not preferable in terms of security.

Of course, since it is not necessary to bother to write an unnecessary encryption key, normally, only the necessary encryption key should be written in the key table T (SSD1). However, in reality, it is not uncommon for the above-mentioned writing process to be executed for an encryption key that is not originally required and written to the key table T (SSD1). This is because the write process is a process that is uniquely executed based on the write command (FIG. 11 (d)) given by the external device 200.

In other words, the conventional management program ISD may or may not require the specific encryption key for the management program SSD1 installed below when a specific encryption key write command is given from the external device 200. Will faithfully execute the write command and execute the process of writing the specific encryption key to the designated location of the key table T (SSD1). Of course, if the external device 200 side is thoroughly examined and only the encryption key required for the installed management program SSD1 is carefully selected and the write command is given, no problem will occur, but it is prepared on the external device 200 side. If the application program (a program for performing a process of newly incorporating the management program SSD1 into the information processing device 100) is a crude program that does not give such consideration, an unnecessary encryption key will be written. Is inevitable.

In particular, information processing devices such as smartphones and IC cards are widely used as indispensable items for social life, and various application programs are provided by various businesses from large companies to small and medium-sized companies. Has been done. Therefore, the application programs prepared on the external device 200 side are also various, and an appropriate write command for writing only the encryption key required for the application program installed on the information processing device 100 side is transmitted. Often no consideration is given.

As described above, the installation command shown in FIG. 11 (c) is accompanied by a parameter, and this parameter includes function specification information. Then, when the management program ISD that receives this installation command (command to install the management program SSD1) expands the program of the management program SSD1 to be installed on the memory, the processing function specified by the function designation information (the processing function (command to install the management program SSD1)) For example, a measure is taken so that only the encrypted communication path opening function using the encryption protocol indicated by the SCP type "SCP02") can be executed. In this case, the write command given thereafter should normally give an instruction to write only the encryption key used by "SCP02", but the application program prepared on the external device 200 side is crude. In a program, there are many cases in which a process of sending a write command for all encryption keys is always performed without giving such detailed consideration.

For example, in order to be able to handle any of the plurality of SCP types shown in FIG. 7, a plurality of documents are written so that all the encryption keys used by these individual SCP types are sequentially written. A specification may be adopted in which the embedded commands are sent in order. In this case, it is sufficient to prepare a crude application program consisting of a simple program routine that saves the trouble of examining the contents specified in the function specification information of the installation command on the external device 200 side. In fact, even such a crude application program does not cause any operational problems. In addition, even if it is not such an easy intention, there may be a case where a write command instructing the writing process of an unnecessary encryption key is transmitted due to some bug.

In this way, if a crude application program is prepared on the external device 200 side, an unnecessary encryption key for the management program SSD1 to be installed will be written to the key table T (SSD1). As described above, when the actual data of the encryption key is written in the key table T, the storage capacity corresponding to the actual data is actually consumed. Such a problem occurs not only when the application program to be installed is a management program but also when it is a general application. That is, an application program having a processing function using some kind of encryption key exists not only in the management program but also in the general application. This is because the encryption key is used not only for opening an encrypted communication channel, but also for various processes such as verification processing for checking data tampering, verification processing using tokens, and decryption processing for encrypted programs. This is because it is used.

According to the specifications of GlobalPlatform (registered trademark), as shown in FIG. 13, "privilege" and "SCP type parameter" may be included in the parameter part of the installation command shown in FIG. 11 (c). It has been decided. All of these parameters are "function designation information" referred to in the present application, and when the management program executes the installation process, the designated function specified by this function designation information is applied to the application program to be installed. Processing is performed so that it can be executed.

Here, the "SCP type parameter" is a parameter added when the application program to be installed is a management program (that is, a program having an encrypted communication path opening function), and the management program to be installed is , Information that identifies the encryption protocol to support after installation. Specifically, at present, various cryptographic protocols (SCP types) as illustrated in FIG. 7 are generally used, and for example, "SCP02" is specified as the SCP type parameter shown in FIG. In this case, the management program to be installed supports only the encryption protocol specified by the SCP type "SCP02" after installation.

On the other hand, the "privilege" is a parameter for specifying various functions of the application program to be installed, and is specified by GlobalPlatform (registered trademark) in detail as shown in FIG. Is stipulated. Specifically, this "privilege" is composed of all 3 bytes (24 bits), and the bit patterns # 0 to # 20 shown in each row of the table in FIG. 14 (a). , The privileges shown in FIG. 14 (b) are defined. Here, in each column of the table of FIG. 14A, "1" indicates that the bit is "1", "0" indicates that the bit is "0", and "-". Indicates that the value of the bit does not matter. Note that bit pattern # 20 is a pattern reserved for future function expansion, and in each column of the table, "X" indicates that the bit is "0".

For example, the bit pattern # 0 in which the bit b8 of the first byte becomes "1" indicates that the application program to be installed is a management program (Security Domain program). Therefore, when the bit b8 of the first byte of the "privilege" is "1", the parameters of the installation command include not only the "privilege" but also the "SCP type" as shown in FIG. "Parameter" will also be attached.

Similarly, the bit pattern # 1 in which the bit b7 of the first byte is "1" and the bit b1 is "0" indicates that the application program to be installed has the processing function of "DAP Verification". Bit pattern # 7, in which bit b7 of the first byte is "1" and bit b1 is "1", indicates that the application program to be installed has the processing function of "Mandated DAP Verification". Shown. The bit b8 of the first byte of the bit patterns # 1 and # 7 is set to "1" because these processing functions are given only to the management program.

Since many bits of each bit pattern are "-", it is actually possible to specify a combination of a plurality of bit patterns. For example, in the "privilege" of "11100000 00100000 010000000", the application program to be installed is a management program (# 0), "DAP Verification" (# 1), and "Delegated Management" (# 2). ), "Token Verification" (# 10), and "Ciphered Load File Data Block" (# 17).

FIG. 14B is a table showing privilege names corresponding to each of the bit patterns # 0 to # 20 of the “privilege” and their outlines (meanings). Here, the privilege shown in the bold frame in the privilege name column indicates that the processing function using the encryption key is given. Therefore, when the privileges shown in these thick frames are specified as the function specification information, the encryption key writing process is performed after the installation process.

Since the individual processing functions given by each privilege are known functions defined in the specifications of Global Platform (registered trademark), detailed description is omitted here, but for example, "DAP Verification" (# 1) is , Refers to the verification processing function that checks data tampering using an encryption key, "Token Verification" (# 10) refers to the verification processing function that uses tokens, and "Ciphered Load File Data Block" (# 17) , Refers to the decryption processing function of the encrypted program. The processing function specified by the "privilege" is the processing function that can be used after installation.

After all, the function designation information shown in FIG. 13 is information (privilege) that specifies which of the various privileges shown in FIG. 14 should be given (which processing function should be installed so as to be executable). )) And, if the installation target is a management program, which of the various SCP types shown in FIG. 7 should be supported (which encryption protocol-based encrypted communication path opening function is available. This is information (SCP type parameter) that specifies (whether to install so that it can be executed). Then, after the installation process is completed, the processing function using the encryption key specified in the "privilege" (the processing function shown in the thick frame in FIG. 14 (b)) and the "SCP type parameter" are used. It is necessary to execute the key writing process for writing the encryption key used in the specified encrypted communication path opening function.

After all, the encryption key to be written by the key writing process after the installation process is not only the encryption key used for the encrypted communication path opening function, but also the encryption used for some processing functions specified by the privilege parameter (privilege). The key will also be included. Therefore, the application program originally prepared on the external device 200 side examines the contents of the privilege parameter (privilege) and the SCP type parameter included in the installation command and writes only the necessary encryption key. However, as mentioned above, in the case of a crude program, all the encryption keys required for all processing functions are written for the time being without such detailed consideration. There are many cases in which a sloppy method is adopted.

For this reason, in reality, a large number of useless encryption keys that are not used are stored, which wastes valuable storage capacity and causes a problem of lowering security. The present invention proposes a new means for solving such a problem. Hereinafter, the specific method will be described in detail with respect to the first embodiment (§5) and the second embodiment (§6).

<<< §5. First Embodiment of the present invention >>>
First, the first embodiment of the present invention will be described in detail.

<Structure of Information Processing Device According to 5.1 First Embodiment>
As shown in FIG. 12, the information processing device 100 according to the first embodiment of the present invention has a function of performing encrypted communication with the external device 200, and stores a program and data used by the program. The information storage unit 110 is provided, and the program execution unit 120 that executes the program stored in the information storage unit 110 is provided. At least one management program is stored in the information storage unit 110. FIG. 12 shows a state in which two sets of management programs ISD and SSD1 are stored, but here, for convenience of explanation, it is assumed that only the upper management program ISD is stored.

As described above, the management program ISD loads the application program package having a plurality of processing functions, each of which uses the encryption key, in response to the load command (FIG. 11 (b)) given from the external device 200. It has a function of executing a program load process stored in the information storage unit 110. Here, consider the case where the application program to be loaded is the lower-level management program SSD1. In this case, the package that is the basis of the management program SSD1 will be loaded.

Further, the management program ISD expands the package loaded by the program load process into the information storage unit 110 in response to the installation command (FIG. 11 (c)) given from the external device 200, and the management program ISD expands the application program (management program). It has a function to execute an installation process to install SSD1). That is, the process of unpacking the loaded application program package and creating the application instance is performed. Executing the installed application program is the process of executing this instantiated program code.

At this time, instantiation is performed so that only the specified function specified by the function specification information included in the parameters of the installation command as shown in FIG. 13 can be executed. For example, if the processing function "Token Verification" is specified by the "privilege" that configures the function specification information and "SCP02" is specified by the "SCP type parameter", the processing function "Token Verification" is specified. The routine required for the above and the routine required for opening an encrypted communication channel using the encryption protocol corresponding to "SCP02" are instantiated so as to be executable. According to the GlobalPlatform® specifications, processing functions that are not specified are in an unexecutable state.

That is, when the management program ISD executes the installation process, the installed application program (management program SSD1) is based on the function specification information included in the installation command among the plurality of processing functions that use the encryption key. Processing is performed so that only the designated designated function (in the above example, the processing function "Token Verification" and the encrypted communication path opening function using the encryption protocol corresponding to "SCP02") can be executed.

When executing the installation process for a specific application program, the management program ISD stores the encryption key in the logical key space of the information storage unit 110 for the application program, if necessary. It is possible to perform the process of constructing the key table T for the purpose. In the case of the above example, since the application program to be installed is the management program SSD1, the process of constructing the key table T (SSD1) is performed. As described above, since the key space constructed here is a logical space, even if it is a two-dimensional matrix-like key space as shown in FIG. 3, the real memory is not wasted. No.

Subsequently, the key writing process is executed. The management program ISD is a key for storing the encryption key used by the installed application program (management program SSD1) in the information storage unit 110 in response to the key writing command (FIG. 11 (d)) given by the external device 200. It has a function to execute write processing. In this key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table T (SSD1) constructed in the logical space, so that the real memory is written. The storage capacity of is actually consumed. However, the instruction of "what kind of encryption key is written in which storage location on the key table T (SSD1)" follows the instruction of the key writing command given from the external device 200.

As the key write command, as shown in FIG. 11 (d), a general-purpose "write command 1" that gives the actual data of the encryption key as the issue data may be used, or the actual data of the encryption key may be used. You may use "write command 2" dedicated to key writing given as key data. In this case, the key writing process is executed by the management program SSD1 itself, not by the management program ISD. According to the specifications of GlobalPlatform (registered trademark), key data is written in units of rows of a two-dimensional matrix-shaped key table T as shown in FIG.

In the case of the embodiment shown here, the key table T is a collection of cells in a two-dimensional matrix in which one cell can be specified by the combination of the key version number and the key ID, but is given by the external device 200. The key write command to be executed includes the key version number as the write location specification information (omitted in FIG. 11 (d)), and when the management program ISD receives the key write command, this key is used. The storage location of the encryption key is specified based on the version number, and the actual data of the encryption key included as the issued data or the key data is written to the specified storage location in the write command shown in FIG. 11 (d). Perform processing.

In this way, the content of "which encryption key is written in which column of the key table T" is exclusively instructed by the key writing command given from the external device 200. Therefore, as described in §4, if the application program prepared on the external device 200 side is a crude program that gives a sloppy instruction, a useless encryption key that is not originally used is written. Valuable storage capacity is wasted and security is reduced.

For example, as in the above example, the management program SSD1 was installed so that only the processing function "Token Verification" and the encryption communication channel opening function using the encryption protocol "SCP02" could be executed. In this case, in the key writing process that follows this, it is preferable to write only the encryption keys necessary for these functions, but in reality, as described above, the write command instructing the writing of unnecessary encryption keys is used. It is often given.

<5.2 Basic concept of the first embodiment>
The basic concept of the first embodiment of the present invention is that even when the management program ISD or the management program SSD1 receives a key writing command (FIG. 11 (d)) from the external device 200 in the situation as in the above example. If the received write command is a command instructing the writing of an unnecessary encryption key, it is rejected and not executed. That is, is the management program according to the first embodiment of the present invention a function capable of executing a processing function using the encryption key stored by the key writing process before executing the key writing process? Whether or not it is determined, and if it is an executable function, the key writing process is executed, but if it is not an executable function, the key writing process is rejected.

According to the specifications of GlobalPlatform (registered trademark), as described above, the encryption key is written to the key table T on a line-by-line basis, and one key version number is specified for the key write command given from the external device 200. The writing location specification information to be written and the actual data of the encryption key to be written in the line corresponding to the key version number are included. Therefore, in the above example, when a key writing command specifying a certain key version number is given, the management program ISD determines whether or not an encryption key to be stored in the line corresponding to the key version number is necessary. However, if the encryption key is unnecessary, the process of rejecting the key writing command is performed. In other words, among the key writing commands given from the external device 200, only the command instructing the writing of the necessary encryption key is executed, and the command instructing the writing of the unnecessary encryption key is rejected.

In order to determine whether or not the encryption key for which writing is instructed by the key writing command is necessary, the application program can be executed when the management program ISD executes the installation process for a specific application program. An executable list including information for specifying various functions may be created, and the process of storing the executable list in the information storage unit 110 may be performed. Then, by referring to this executable list before executing the key writing process, it is possible to determine whether or not the processing function to be determined is an executable function.

For example, as in the case of the above example, the management program SSD1 is installed so that only the processing function "Token Verification" and the encryption communication path opening function using the encryption protocol "SCP02" can be executed. If so, an executable list including information that identifies these two processing functions may be created and stored in the data storage unit 112 as a part of the ISD data or the SSD1 data. Then, before executing the key writing process, it is possible to confirm which process function can be executed by referring to this executable list.

However, although the key writing command usually includes information on "which encryption key is written where", it does not include information on "which processing function the encryption key is used for". For example, in the specifications of GlobalPlatform (registered trademark), since the key writing command (Fig. 11 (d)) includes the actual data of the encryption key and the key version number, the writing location on the key table T However, it is not possible to recognize which processing function the encryption key to be written is used for.

Therefore, in the embodiment described here, correspondence information for associating a specific processing function using an encryption key with a storage location on a key table for storing the encryption key is created, and this is stored in the information storage unit 110. Store it. Then, when the management program receives the key write command, it refers to this corresponding information to the storage location specified by the write location specification information included in the received key write command. When the associated specific processing function is recognized as a judgment target and the judgment target is an executable function, the received key write command is executed and the function is not executable. Can reject the received key write command.

<5.3 Specific contents of the first embodiment>
In order to create the above-mentioned correspondence information, it is sufficient to associate a specific storage location with each of all the processing functions using the encryption key in advance. FIG. 15 is a diagram showing a specific example of the storage location list table G showing such association. In this storage location list table G, a specific range of key version numbers is associated with each of a total of 11 sets of functions. Here, the first five sets of functions are the processing functions specified by the "privilege" shown in FIG. 13, and are shown in a thick frame in FIG. 14 (b), # 1, # 7, This is a processing function (processing function that requires an encryption key) corresponding to the privileges of # 10, # 16, and # 17. On the other hand, the latter six sets of functions are processing functions specified by the "SCP type parameters" shown in FIG. 13, and are encrypted using the encryption protocol corresponding to each SCP type shown in the table of FIG. Corresponds to the communication channel opening function.

If such a storage location list table G is defined in advance and used as information shared by the information processing device 100 side and the external device 200 side, a specific key version number is used for any processing function using an encryption key. Will be assigned automatically. Therefore, for example, when a key writing command for writing an encryption key used for a processing function called "DAP Verification" is transmitted from the external device 200 to the information processing device 100, the writing location designation information is always used. It is an implicit understanding to specify a key version number within the range of "0x10 to 0x1F". In fact, in the specifications of GlobalPlatform (registered trademark), such a storage location list table G is defined (Note that the table G shown in FIG. 15 is a table created for convenience of explanation, and GlobalPlatform ( It is not a table based on the specifications of (registered trademark)).

If the storage location list table G as shown in FIG. 15 is prepared on the information processing apparatus 100 side, the specific processing function that can be executed is associated with the storage location that stores the encryption key used for the processing function. Information can be created. Here, a table showing such correspondence information will be referred to as a function table F.

FIG. 16 is an example of the function table F (SSD1) created at the time of installation of the management program SSD1, and the management program SSD1 has a processing function (verification process using tokens) and “Token Verification” after installation. It is shown that the processing function "SCP02" (encryption communication path opening processing function using the encryption protocol "SCP02") can be executed. Further, it is shown that the storage location of the encryption key used for the processing function "Token Verification" is in the range of the key version number "0x30 to 0x3F", and the storage location of the encryption key used for the processing function "SCP02". Is shown to be in the range of key version numbers "0x70 to 0x7F".

The function table F (SSD1) shown in FIG. 16 is created in the process of incorporating the management program SSD1 into the lower layer of the upper management program ISD, as in the examples described so far. Specifically, an installation command (FIG. 11 (c)) for newly installing the management program SSD1 is given to the management program ISD, and "Token Verification" is given as a parameter (function specification information) associated therewith. When the "privilege" indicating "privilege" and the "SCP type parameter" of "SCP02" are included, the management program ISD creates the function table F (SSD1) shown in FIG. It is stored in the data storage unit 112 as a part.

In short, the function table F (SSD1) shown in FIG. 16 can be said to be an executable list containing information that identifies functions that can be executed by a specific application program (management program SSD1), and is a specific that uses an encryption key. It can also be said to be correspondence information that associates the processing function with the storage location on the key table for storing the encryption key.

The information "Token Verification" and "SCP02" in the "Function" column of the function table F (SSD1) can be obtained from the parameters (function specification information) attached to the installation command. On the other hand, the information "0x30 to 0x3F" and "0x70 to 0x7F" in the "key version number" column can be obtained by referring to the storage location list table G shown in FIG.

Therefore, after the installation command is executed by the management program ISD, as shown in FIG. 17, the ISD data includes the key table T (ISD) used by the upper management program ISD itself and the management program SSD1 incorporated in the lower hierarchy. The function table F (SSD1) for is stored, and the key table T (SSD1) used by the lower management program SSD1 itself is stored as the data for SSD1. However, at this point, the key table T (SSD1) is a virtual table constructed on a logical key space, and the actual data of the encryption key is not stored.

Therefore, subsequently, the external device 200 gives a key writing command for writing the actual data of the encryption key to the key table T (SSD1). When the management program ISD receives this key write command, the storage location specified by the write location specification information included in the key write command is included in the function table F (SSD1). Whether or not it is included can be determined, and if it is included, the key write command can be executed, and if it is not included, the key write command can be rejected.

For example, if the key version number included in the key write command as the write location specification information is within the range of "0x30 to 0x3F" and "0x70 to 0x7F", the key write command is installed. Since it can be determined that the management program SSD1 is a key writing command for the encryption key used for the executable "Token Verification" or "SCP02" processing function, the key writing command is executed for encryption. The key will be written. On the other hand, if the key version number included in the key write command as the write location specification information is out of the above range, the encrypted key used for the processing function that can be executed by the installed management program SSD1. Since it can be determined that the key writing command is not, the key writing command is rejected. In this case, an error response will be returned for the key write command.

After all, in implementing the first embodiment described here, first, the storage location list table G as shown in FIG. 15 is stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the application program (SSDI) can be executed by referring to the storage location list table G. A function table F (SSD1) that associates each of these functions with the storage location of the encryption key used for the function is created, and the function table F (SSD1) is stored in the data storage unit 112. FIG. 16 shows an example of such a function table F (SSD1), and FIG. 17 shows an example in which the function table F (SSD1) is stored in the data storage unit 112 as ISD data. When the lower management program SSD1 itself executes the key writing process, the function table F (SSD1) may be stored as SSD1 data.

Subsequently, when the management program ISD receives the key write command, the write location specification information (key version number) included in the received key write command is referred to by referring to this function table F (SSD1). ) Is included in the function table F (SSD1), and if it is included, the key write command is executed and the storage location is not included. In that case, the process of rejecting the key writing command may be performed.

<5.4 Modification of the first embodiment>
Here, some modifications of the first embodiment described so far will be described. The first modification is an example in which the function table F'(SSD1) shown in FIG. 18A is used instead of the function table F (SSD1) shown in FIG. While the function table F (SSD1) shown in FIG. 16 is a table showing the correspondence between the processing function that enables the management program SSD1 to be executed after the installation process and the storage location of the encryption key used for the processing function. The function table F'(SSD1) shown in FIG. 18A is simply a table listing the processing functions that enable the management program SSD1 to be executed after the installation process.

In carrying out this first modification, the storage location list table G as shown in FIG. 15 is also stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the application program (SSDI) is executed as in the example shown in FIG. 18 (a). A function table F'(SSD1) listing possible functions is created, and this is stored in the data storage unit 112.

Subsequently, when the management program ISD receives the key write command, the storage location specified by the write location specification information (key version number) included in the received key write command is shown in FIG. It is determined whether or not the executable functions listed in the function table F'(SSD1) shown in a) are the storage locations associated with the storage location list table G shown in FIG. If a positive determination result is obtained, the key writing command may be executed, and if a negative determination result is obtained, the key writing command may be rejected.

For example, consider the case where the key version number included in the key writing command as the writing location specification information is "0x30". Here, since the executable processing functions listed in the function table F'(SSD1) shown in FIG. 18A are "Token Verification" and "SCP02", the storage location list table G shown in FIG. 15 The storage location of the key version number “0x30” is the storage location associated with the executable processing functions “Token Verification” and “SCP02”. Therefore, in this case, a positive determination result is obtained, and the key writing command is executed.

The second modification is an example in which the function table F'' (SSD1) shown in FIG. 18B is used instead of the function table F (SSD1) shown in FIG. While the function table F (SSD1) shown in FIG. 16 is a table showing the correspondence between the processing function that enables the management program SSD1 to be executed after the installation process and the storage location of the encryption key used for the processing function. The function table F'' (SSD1) shown in FIG. 18B is a table listing the storage locations of the encryption keys used for the processing function that enables the management program SSD1 to be executed after the installation process.

In carrying out this second modification, the storage location list table G as shown in FIG. 15 is also stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the management program ISD refers to the storage location list table G shown in FIG. As in the example shown in, a function table F'' (SSD1) that lists the storage locations of the encryption keys used for the functions that can be executed by the application program (SSDI) is created and stored in the data storage unit 112. To do.

Subsequently, when the management program ISD receives the key write command, the book included in the received key write command is included in the received key write command by referring to the function table F'' (SSD1) shown in FIG. 18 (b). It is determined whether or not the storage location specified by the embedded location specification information (key version number) is included in the function table F'' (SSD1), and if it is included, the key is written. The command may be executed, and if it is not included, the key write command may be rejected.

For example, when the key version number included in the key writing command as the writing location specification information is "0x30", "0x30" is the function table F'' (SSD1) shown in FIG. 18 (b). Included in. Therefore, in this case, the key writing command is executed.

In addition, the examples described so far are examples in which the upper management program ISD executes the key writing command to execute the encryption key writing process for the lower management program SSD1 installed under the management. However, the execution of the key writing command can also be executed by the lower management program SSD1 itself, including the determination of whether or not the command can be executed. That is, as described in §3, when the writing command 1 “STORE DATA (#n) + issue data” shown in FIG. 11 (d) is executed, the issue shown in FIG. 11 (h) is issued in advance. By executing the data write target specification command "INSTALL for personalization (#n) + issue target application name", the issue data write target can be specified.

Therefore, the writing process of the issued data (encryption key) for the lower management program SSD1 can be performed by the upper management program ISD or by the lower management program SSD1 itself. In addition, the write command 2 "PUT KEY (#n) + key data" shown in FIG. 11 (d) allows the user to write the encryption key used by himself / herself to an arbitrary management program. This is the command to be executed. Therefore, when the write command 2 is given, the key write command is executed by the lower management program SSD1 itself.

<5.5 Processing procedure in the first embodiment>
Finally, in the first embodiment, the processing procedure when a certain management program incorporates a new application program under its own control will be briefly described with reference to the flow chart of FIG.

First, in step S11, the application load command (first stage) given from the external device 200 is received, and in step S12, the command is executed. This process corresponds to the first stage of the program load process. Subsequently, in step S13, the application load command (second stage) given from the external device 200 is received, and in step S14, the command is executed. This process corresponds to the second stage of the program load process. Such a program load process is as described above as a command process shown in FIG. 11 (b).

Next, in step S15, the installation command of the application program given from the external device 200 is received, and in step S16, the command is executed. This process corresponds to the installation process of expanding and instantiating the binary data of the application program loaded in the processes up to step S14 on the memory. At this time, as described above, the process of creating the function tables F (SSD1), F'(SSD1), F''(SSD1) and the like is performed. Such an installation process is as described above as a command process shown in FIG. 11 (c).

Then, in step S17, the writing command (key writing command) of the issued data for the application for the purpose of writing the encryption key given from the external device 200 is received. In the first embodiment of the present invention, the determination processing in steps S18 and S19 is performed before executing the received key writing command. That is, in step S18, the function table created in step S16 is referred to, and in step S19, whether or not the processing function using the encryption key to be written by the received key write command is an executable function. Is determined. The specific determination method using the function table is as described above.

If a positive result is obtained from the determination in step S19, the received key writing command is executed and the encryption key is written in step S20. In this case, a response indicating the normal termination of the key writing command is returned to the external device 200. On the other hand, if a negative result is obtained by the determination in step S19, the received key writing command is rejected and the encryption key is not written in step S21. In this case, an error response to the key writing command is returned to the external device 200.

<<< §6. Second Embodiment of the present invention >>>
Subsequently, the second embodiment of the present invention will be described in detail.

<6.1 Basic concept of the second embodiment>
The basic configuration of the information processing device according to the second embodiment of the present invention is the same as the basic configuration of the information processing device 100 according to the first embodiment described in §5, as shown in the block diagram of FIG. Is. The first embodiment is based on the basic concept of preventing unnecessary writing of an encryption key when incorporating a new application program into the information processing device 100. When a key write command for an encryption key used for an unexecutable processing function is given, the method of rejecting the command is adopted.

On the other hand, the second embodiment described here assumes that the existing application program that has already been installed is changed in the process function that can be executed later, and the basic concept thereof is as follows. When there is a processing function that has been changed from executable to infeasible due to such a function change, the encryption key used for the processing function that has been changed to be infeasible is deleted.

For example, in §5 described above, as the first embodiment, the upper management program ISD incorporates the lower management program SSD1 as a new application program. In the case of this embodiment, since the two processing functions "Token Verification" and "SCP02" are specified by the function specification information included in the parameters of the installation command, the function table F (SSD1) as shown in FIG. 16 is displayed. Created. Then, the lower management program SSD1 is installed in a form in which the processing function "Token Verification" and the processing function "SCP02" can be executed.

However, the program package of the lower management program SSD1 loaded in the information processing apparatus 100 by the application load command includes not only the above two processing functions but also various processing functions shown as privileges in FIG. 14 (b). In addition, a program routine for executing an encrypted communication path opening function corresponding to various encryption protocols shown as a CP type in FIG. 7 is included. In the case of the above example, the installed lower management program SSD1 can execute only two processing functions, "Token Verification" and "SCP02", but this was not specified by the installation processing by the upper management program ISD. This is because settings are made to limit the execution of processing functions.

For example, when the management program SSD1 is expanded on the memory and instantiated by the installation process, a flag indicating whether or not each processing function can be executed is set (specified by the function specification information included in the parameter of the installation command). The above operation can be performed by limiting the execution of the processing function for which the execution function is set) and the execution function for which the non-execution flag is set.

Therefore, in reality, even after the application program is installed, the executable / non-executable state of each processing function can be changed if necessary. That is, a processing function that was set to be non-executable at the time of installation can be changed to be executable later, and conversely, a processing function that was set to be non-executable at the time of installation can be changed to be non-executable later. .. In the former case, the flag of the corresponding processing function may be changed from infeasible to executable, and in the latter case, the flag of the corresponding processing function may be changed from executable to infeasible.

In order to enable such a function change, an executable function change processing command is prepared in advance, and the management program can execute each processing function according to the executable function change processing command. / It suffices to be able to change the infeasible state (the state of the above flag). Therefore, in the management program in the information processing device according to the second embodiment described here, the processing function that can be executed by the already installed application program is changed according to the executable function change processing command given from the external device. Executable function It is necessary to have a function to execute the change process.

The feature of the second embodiment is that when the executable function change process for the existing application program that has already been installed is performed, there is a process function that is changed from executable to non-executable. The point is to perform a key deletion process that deletes the encryption key used for the processing function that has been changed to be infeasible. By this key deletion process, it is possible to avoid a situation in which an encryption key that is no longer needed is continuously stored as it is. Therefore, as in the first embodiment, the state in which only the minimum necessary encryption key is stored is maintained, the storage capacity of the encryption key storage location is saved, and the security problem is reduced. Effect can be obtained.

<6.2 Specific contents of the second embodiment>
Subsequently, a more specific example of this second embodiment will be described. For example, in the case of the example described in §5, the lower management program SSD1 newly installed by the installation process executed by the upper management program ISD can execute two processing functions of "Token Verification" and "SCP02". The function table F (SSD1) as shown in FIG. 16 is created. In this state, for example, in order to enable the processing function "SCP03" to be executed, the function change processing may be executed by giving the above-mentioned executable function change processing command to the upper management program ISD. Specifically, the management program ISD may perform a process of changing the flag for the processing function "SCP03" set to "executable" when the lower management program SSD1 is installed to "executable".

Of course, in that case, it is preferable to perform a process of adding the function "SCP03" and the key version numbers "0x80 to 0x8F" to the function table F (SSD1) shown in FIG. Then, when the key write command given after the executable function change processing command is executed, the same determination as in the first embodiment described above can be made, and unnecessary encryption key writing can be performed. It can be stopped.

In this way, when changing the processing function that was previously "unexecutable" to "executable", it is possible to prevent unnecessary encryption keys from being written by the first embodiment described above. However, in changing the processing function that has been "executable" to "unexecutable", the above-mentioned first embodiment cannot sufficiently deal with it. For example, in the above example, consider the case where an executable function change processing command for changing a processing function called "Token Verification", which has been set to be executable, is given. The management program ISD that receives such an executable function change processing command changes the flag for the processing function "Token Verification" set to "executable" when the lower management program SSD1 is installed to "unexecutable". Will be done.

Of course, in that case, it is preferable to perform a process of deleting the function "Token Verification" and the key version numbers "0x30 to 0x3F" recorded in the function table F (SSD1) shown in FIG. Then, after that, when the key writing command is given, the correct determination can be made, and the writing of the encryption key used for the function "Token Verification" can be prevented.

However, the encryption key used for the function "Token Verification" still remains on the key table T, and the encryption key for the function "Token Verification" that is no longer needed is stored as it is. ing. In order to cope with such a situation, in the second embodiment described here, when the upper management program ISD executes the executable function change process for the lower management program SSD1, the change process executes the execution from the executable state. When there is a processing function that has been changed to be infeasible, the key deletion process that deletes the encryption key used for the processing function that has been changed to be infeasible from the information storage unit is also executed.

In short, the management program rewrites the executable list (function table F) when executing the executable function change process, and the processing function to be deleted from this executable list (function table F). The key deletion process for deleting the encryption key used for is deleted from the information storage unit is executed. This key deletion process is a process of deleting the data of the encryption key written in the real space on the memory constituting the key table T and releasing the real space on the memory. Possible storage capacity actually increases.

When executing the key deletion process, which storage location data on the key table T is to be deleted is determined by referring to the correspondence information that associates the individual processing functions with the individual storage locations on the key table. You just have to decide. As described in the description of the first embodiment, the management program has a specific processing function that uses an encryption key when executing an installation process for a specific application program, and a key table for storing the encryption key. Correspondence information (for example, the function table F shown in FIG. 16) that associates with the above storage location is created, and a process of storing this in the information storage unit is performed. Therefore, when the management program executes the executable function change process, it refers to this correspondence information and identifies the storage location associated with the process function changed from executable to non-executable. The key deletion process for deleting the encryption key stored in the stored location may be executed.

In the case of the embodiment described here, the key table T is composed of a collection of cells in a two-dimensional matrix in which one cell can be specified by the combination of the key version number and the key ID, but the writing of the encryption key is performed. Since this is performed row by row in the key table T, the management program can specify the storage location of the encryption key to be written or deleted based on the key version number. Therefore, for example, when the function table F (SSD1) as shown in FIG. 16 is created and the function change process for changing the function "Token Verification" from executable to inoperable is performed, the key version number. It is determined that all the encryption keys stored in the range of "0x30 to 0x3F" are no longer needed, and the key deletion process for deleting all these encryption keys may be executed.

After all, in implementing the second embodiment described here, first, the storage location list table G as shown in FIG. 15 is stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the application program (SSDI) can be executed by referring to the storage location list table G. A function table F (SSD1) that associates each of these functions with the storage location of the encryption key used for the function is created, and the function table F (SSD1) is stored in the data storage unit 112. FIG. 16 shows an example of such a function table F (SSD1), and FIG. 17 shows an example in which the function table F (SSD1) is stored in the data storage unit 112 as ISD data.

Subsequently, when the management program ISD receives the executable function change processing command, it rewrites the function table F (SSD1) and associates it with the processing function to be deleted from the function table F (SSD1). The key deletion process for deleting the encryption key stored in the specified storage location may be executed by specifying the stored location.

Of course, also in this second embodiment, the first modification using the function table F'(SSD1) shown in FIG. 18A instead of the function table F (SSD1) shown in FIG. 16 is carried out. Is possible. In carrying out this first modification, the storage location list table G as shown in FIG. 15 is also stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the application program (SSDI) is executed as in the example shown in FIG. 18 (a). A function table F'(SSD1) listing possible functions is created, and this is stored in the data storage unit 112.

Subsequently, when the management program ISD receives the executable function change processing command, it rewrites the function table F'(SSD1) shown in FIG. 18A and refers to the storage location list table G shown in FIG. As a result, the storage location associated with the processing function to be deleted from the function table F'(SSD1) is specified, and the encryption key stored in the specified storage location is deleted. Just do.

For example, when the processing function "Token Verification" is to be deleted from the function table F'(SSD1) shown in FIG. 18A, the storage location list table G shown in FIG. 15 can be referred to as "Token Verification". Since it can be seen that the storage location associated with "" corresponds to the key version number "0x30 to 0x3F", all the encryption keys stored in the range of the key version number "0x30 to 0x3F" in the key table T are stored. The key deletion process to be deleted is executed.

Of course, for this second embodiment, a second modification using the function table F'' (SSD1) shown in FIG. 18B instead of the function table F (SSD1) shown in FIG. 16 is carried out. Is also possible. The function table F'' (SSD1) shown in FIG. 18B is a table listing the storage locations of the encryption keys used for the processing function that enables the management program SSD1 to be executed after the installation process.

In carrying out this second modification, the storage location list table G as shown in FIG. 15 is also stored in the data storage unit 112. This storage location list table G is a table of correspondence information that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions, and is also on the external device 200 side. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, the lower management program SSD1), the management program ISD refers to the storage location list table G shown in FIG. As in the example shown in, a function table F'' (SSD1) that lists the storage locations of the encryption keys used for the functions that can be executed by the application program (SSDI) is created and stored in the data storage unit 112. To do.

Subsequently, when the management program ISD receives the executable function change processing command, the function table F'' (SSD1) shown in FIG. 18B is referred to by referring to the storage location list table G shown in FIG. Rewrite. Then, the storage location to be deleted from the function table F'' (SSD1) may be specified, and the key deletion process for deleting the encryption key stored in the specified storage location may be performed.

For example, when an executable function change processing command for changing the processing function "Token Verification" from executable to non-executable is given, the "Token Verification" can be changed by referring to the storage location list table G shown in FIG. Since it can be seen that the associated storage location corresponds to the key version number "0x30 to 0x3F", the key version number "0x30 to 0x3F" is deleted from the function table F'' (SSD1) shown in FIG. 18 (b). Rewriting is done. On the other hand, for the key table T, a key deletion process for deleting all the encryption keys stored in the range of the deleted key version numbers "0x30 to 0x3F" is executed.

<6.3 Processing procedure in the second embodiment>
Finally, in the second embodiment, an executable function change processing command for changing the executable function of an existing application program already incorporated under its own control is given to a certain management program. In this case, the processing procedure executed by the management program will be briefly described with reference to the flow chart of FIG.

First, in step S31, the executable function change processing command given from the external device 200 is received, and in step S32, the function change processing based on the command is executed. There are two types of function change processing performed here: a processing that makes a processing function that was previously unexecutable executable, and a processing that makes a processing function that was previously executable unexecutable. be. In the case of the above-described embodiment, such a function change process can be performed by a process of switching the flag state. At this time, the function table rewriting process is executed as necessary.

Subsequently, in step S33, it is determined whether or not there is a function that has become infeasible due to the function change process, and if there is a function that has become infeasible, the key deletion process in step S34 is executed. As already described, this process is a process of deleting the encryption key used for the processing function changed to be infeasible from the information storage unit (key table T).

Then, in step S35, it is determined whether or not writing of a new encryption key is necessary, and if necessary, the process proceeds to step S17 shown in FIG. 19, and the key writing process is executed. Specifically, in the function change process of step S32, when there is a processing function changed from infeasible to executable, and the processing function requires an encryption key, a new encryption key is written. It is determined that it is necessary to include the data, and the processes after step S17 are executed. The processing contents after step S17 have already been described as the first embodiment, and writing of an unnecessary encryption key is prevented.

10: Smartphone 11: SIM card 20: External server 100: Information processing device 110: Information storage unit 111: Program storage unit 112: Data storage unit 120: Program execution unit 200: External device A: Type information AP1 to AP2, AP01 to AP32: General application program AP3: AP (ISD), AP (SSD1), application program on the external device side CMD: Cryptographic communication path establishment command F (ISD), F (SSD1): Function table F'(SSD1), F''(SSD1): Function table G: Storage location list table ISD: Top-level management program Key, KeyA to KeyR: Encryption key L: Key length OS: OS program R1, R2, R00, R10: Encryption communication path opening routine SD , SSD1 to SSD3: Management programs S1 to S6: Diagram steps S11 to S35: Flow diagram steps T, T1, T2, T00, T10: Key table T (ISD), T (SSD1): Key table V: Key Value data

Claims (12)

An information processing device that has various processing functions using an encryption key.
An information storage unit that stores the program and the data used by the program,
A program execution unit that executes a program stored in the information storage unit, and
With
A program load process that loads a package of an application program that has multiple processing functions that use an encryption key and stores it in the information storage unit according to a load command given from an external device.
In response to the installation command given from the external device, the package loaded by the program load process is expanded to the information storage unit, and the application program is installed.
A key writing process for storing the encryption key used by the installed application program in the information storage unit according to the key writing command given from the external device, and
Has the ability to execute
When executing the installation process, it is possible to execute the specified function specified by the function specification information included in the installation command among the multiple processing functions that use the encryption key for the installed application program. To be
Before executing the key writing process, it is determined whether or not the processing function using the encryption key stored by the key writing process is an executable function, and the executable function is executed. If, the key writing process is executed, and if it is not an executable function, the key writing process is rejected .
When executing the installation process for a specific application program, a key table for storing the encryption key is constructed in the logical key space of the information storage unit for the application program.
When executing the key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table constructed in the logical space.
Correspondence information that associates a specific processing function using an encryption key with a storage location on a key table for storing the encryption key is stored in the information storage unit.
When the key write command is given, the storage location specified by the write location specification information included in the given key write command is associated with the corresponding information. A specific processing function is recognized as a judgment target, and if the judgment target is an executable function, the key writing command is executed, and if the judgment target is not an executable function, the key writing is performed. An information processing device characterized by rejecting a command. In the information processing apparatus according to claim 1,
When executing the installation process for a specific application program, an executable list containing information that identifies the functions that can be executed by the application program is created, stored in the information storage unit, and the key writing process is executed. An information processing apparatus for determining whether or not a processing function to be determined is an executable function by referring to the executable list. In the information processing apparatus according to claim 1 or 2.
The key table consists of a collection of two-dimensional matrix-like cells that can identify one cell by the combination of the key version number and the key ID.
An information processing device characterized in that when a key writing command is given, the storage location of the encryption key is specified based on the key version number included as the writing location designation information in the key writing command. .. In the information processing apparatus according to claim 1,
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, the function that can be executed by the application program and the storage location of the encryption key used for the function can be determined. Create a function table to be associated, store it in the information storage unit, and store it.
When the key write command is given, by referring to the function table, the storage location specified by the write location specification information included in the given key write command is added to the function table. Information characterized by determining whether or not it is included, executing the key writing command if it is included, and rejecting the key writing command if it is not included. Processing equipment. In the information processing apparatus according to claim 1,
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
When executing the installation process for a specific application program, a function table listing the functions that can be executed by the application program is created, and this is stored in the information storage unit.
When a key write command is given, the storage location specified by the write location specification information included in the key write command is for the executable functions listed in the function table. It is determined whether or not the storage location is associated with the storage location list table, and if a positive determination result is obtained, the key writing command is executed and a negative determination result is obtained. An information processing apparatus characterized in that, when obtained, the key writing command is rejected. In the information processing apparatus according to claim 1,
The information storage unit stores a storage location list table that associates various processing functions that use the encryption key with the storage location of the encryption key used for each of these functions.
By referring to the storage location list table when executing the installation process for a specific application program, a function table listing the storage locations of the encryption keys used for the functions that can be executed by the application program is created. , Store this in the information storage
When the key write command is given, by referring to the function table, the storage location specified by the write location specification information included in the given key write command is added to the function table. Information characterized by determining whether or not it is included, executing the key writing command if it is included, and rejecting the key writing command if it is not included. Processing equipment. In the information processing apparatus according to any one of claims 1 to 6.
It has a function to install an application program having a processing function of opening an encrypted communication path with an external device using a predetermined encryption protocol, and is used to open the encrypted communication path in the key writing process. An information processing device characterized by writing a key. In the information processing apparatus according to any one of claims 1 to 6.
At least one management program is stored as an application program in the information storage unit.
The management program is characterized by having a function of executing a program loading process, an installation process, and a key writing process for the new application program in order to keep the new application program under its own control. Information processing device. In the information processing apparatus according to claim 8,
When a key write command is given from an external device after the program load process and installation process for the new application program are completed, the new application program executes the key write process according to the key write command. An information processing device characterized by In the information processing device according to claim 8 or 9.
The management program interprets the privilege parameter "privilege" attached to the installation command specified in the GlobalPlatform (registered trademark) specifications as function specification information, and executes the installation process so that only the specified function can be executed. An information processing device characterized by. In the information processing device according to claim 8 or 9.
The management program interprets the SCP type parameter attached to the installation command specified in the Global Platform (registered trademark) specification as function specification information, and opens an encrypted communication path according to the encryption protocol indicated by the specified SCP type. An information processing device characterized by executing an installation process that enables the process to be executed. A program that causes a computer to function as the information processing device according to any one of claims 1 to 11.

Images