JP6992440B2 - Secure elements, terminals, verification systems, verification methods, and programs - Google Patents

Description

The present invention relates to secure elements, terminal devices, verification systems, verification methods, and programs.

In recent years, a system in which sensors and the like are installed in various places to acquire environmental data and imaging data in each place has become widespread. In such a system, data is transmitted from the terminal device to the server device, and control data is transmitted from the server device to the terminal device. When these data are sent and received via the network, a malicious attacker impersonates the server device to illegally acquire the sensing data from the terminal device or send illegal control data to the terminal device. Can happen. In order to suppress such fraud, a technique for verifying received data by a terminal device is disclosed (for example, Patent Document 1).

Japanese Patent No. 6183629

However, in such a system, the CPU (Central Processing Unit) of the terminal device is designed mainly for controlling the sensor, and in most cases, it does not have the processing ability to verify the received data. .. In such a case, if the terminal device is to verify the received data, it is necessary to redesign the CPU of the terminal device to have a high processing capacity or to increase the memory, which is the design cost of the terminal device. And the equipment cost will increase.

The present invention has been made in view of such a situation, and an object thereof is a secure element, a terminal device, a verification system, and a verification capable of improving safety while suppressing the design cost and device cost of the terminal device. To provide methods and programs.

In order to solve the above-mentioned problems, one aspect of the present invention is a secure element that can be connected to a communication module and a control chip included in a terminal device that can communicate with an external device, from the external device to the terminal device . The acquisition unit that acquires the notification data notified from the communication module to the control chip , the verification unit that verifies the validity of the notification data acquired by the acquisition unit, and the verification unit. If the notification data is determined to be valid, the notification data is output to the control chip , and if the notification data is determined to be invalid, the notification is output. It has a data processing unit that discards data, and when the notification data contains data indicating a request for mutual authentication from the external device, the verification unit performs mutual authentication with the external device and performs mutual authentication. When it is determined that the external device is valid based on the authentication result of the above, the notification data transmitted from the external device determined to be valid is output to the control chip without verifying the validity. It is a feature.

According to the present invention, it is possible to improve the safety while suppressing the design cost and the device cost of the terminal device.

It is a system configuration diagram which shows the configuration example of the verification system 1 of 1st Embodiment. It is a block diagram which shows the structural example of the secure element 40 of 1st Embodiment. It is a figure which shows the layer composition example of the secure element 40 of 1st Embodiment. It is a flowchart which shows the operation example of SE40 of 1st Embodiment. It is a flowchart which shows the operation example of the received data acquisition processing of SE40 of 1st Embodiment. It is a flowchart which shows the operation example of the reception data verification processing of SE40 of 1st Embodiment. It is a flowchart which shows the operation example of the received data processing of SE40 of 1st Embodiment. It is a sequence chart which shows the operation example of the verification system 1 of 1st Embodiment. As a comparative example of the verification system 1 of the first embodiment, it is a sequence chart which shows the operation example of the system which does not have a verification function. It is a block diagram which shows the functional composition example of SE40A of the 2nd Embodiment. It is a flowchart which shows the operation example of SE40A of 2nd Embodiment. It is a flowchart which shows the operation example of the process of mutual authentication of SE40A of 2nd Embodiment. It is a sequence chart which shows the operation example of the verification system 1A of the 2nd Embodiment. It is a sequence chart which shows the operation example which restarts the verification of the verification system 1A of the 2nd Embodiment.

Hereinafter, the secure element, the terminal device, the verification system, the verification method, and the program of the embodiment will be described with reference to the drawings.

<First Embodiment>
First, the first embodiment will be described.

FIG. 1 is a system configuration diagram showing a configuration example of the verification system 1 of the first embodiment. The verification system 1 includes, for example, a server device 10 and a terminal device 30. The server device 10 and the terminal device 30 are connected to each other so as to be able to communicate with each other via the communication network 20. An IC chip (hereinafter referred to as SE (Secure Element)) SE40 having a verification function is connected to the terminal device 30. In the verification system 1, the legitimacy of the data transmitted / received by the terminal device 30 is verified by the SE 40, thereby eliminating malicious and unauthorized data and maintaining the safety of the terminal device 30. The SE 40 may be connected to the terminal device 30 by detachably connecting the IC card in which the SE 40 is incorporated and the terminal device 30. Here, the server device 10 is an example of an "external device".

The server device 10 stores the data transmitted from the terminal device 30. The server device 10 provides various services to the user based on the accumulated data. Further, the server device 10 transmits control data for controlling each functional unit of the terminal device 30 to the terminal device 30.
The server device 10 may be a single or a plurality of cloud servers. When the server device 10 is a plurality of cloud servers, for example, the server device 10 is realized by linking a plurality of cloud servers provided on the network with each other.

The terminal device 30 is an IoT (Internet of Things) device that transmits data via the communication network 20. The terminal device 30 is, for example, a network camera that captures an image of the surroundings of a place where the terminal device 30 is provided and transmits the captured data to the server device 10.
In the following description, the case where the terminal device 30 is a network camera will be described as an example, but the present invention is not limited thereto. The terminal device 30 may be a network sensor that acquires environmental data such as temperature and humidity at the place where the terminal device 30 is provided, or may be a mobile terminal or the like that notifies the position data of the current place. .. The terminal device 30 may be a smart home appliance or the like that notifies the user of the operating status of an electric appliance such as an air conditioner via a network, or starts or stops the electric appliance by the user's operation.

The terminal device 30 includes, for example, a communication module 31, a control chip 32, and a sensor module 34 (sensor modules 34-1, 34-2, ... 34-N) (where N is an arbitrary natural number). Data is exchanged between the control chip 32 and each of the sensor modules 34, for example, by serial communication. For serial communication, for example, UART (Universal Asynchronous Receiver / Transmitter), SPI (Serial Peripheral Interface), I2C (I-squared-C, Inter-Integrated Circuit) and the like are used.

The communication module 31 is, for example, a network communication module.
The communication module 31 receives data transmitted to the terminal device 30 by the server device 10 and other communication devices via the communication network 20. The communication module 31 outputs the received data to the SE 40.
Further, the communication module 31 acquires the sensing data detected by the sensor module 34 via the control chip 32, and transmits the acquired sensing data to the server device 10.

The control chip 32 controls the sensor module 34.
The control chip 32 acquires verified valid data from the SE 40. The control chip 32 controls which of the plurality of sensor modules 34 the sensor module 34 is to be sensed, or which time interval is used for sensing, etc., based on the data acquired from the SE 40.
Further, the control chip 32 acquires the sensing data detected by each of the sensor modules 34 from each of the sensor modules 34. The control chip 32 transmits the acquired sensing data to the server device 10 via the communication module 31.

The sensor module 34 is, for example, an image pickup module having an image pickup function. In this case, the sensor module 34 captures an image of the surrounding scene and outputs the captured data to the control chip. Further, the sensor module 34 may be an environment sensor that detects temperature and humidity. In this case, the sensor module 34 acquires the ambient temperature and humidity, and outputs the acquired data to the control chip.
Further, the sensor module 34 may have a function of not only acquiring the surrounding situation but also outputting to the surroundings. The sensor module 34 may be, for example, a display for displaying an image, a speaker for outputting sound, or the like. When the terminal device 30 is a smart home appliance, the sensor module 34 may output a signal for starting or stopping the home appliance or changing the operating status according to the instruction of the control chip 32.

The SE40 is, for example, a verification chip having a verification function or an encryption function. The SE40 is referred to as, for example, a secure IC chip, a secure chip, a secure IC, or the like. The SE40 may have a robust structure that protects information from malicious attacks from the outside and may have tamper resistance. However, the SE40 may have a verification function or an encryption function, and is not limited to a secure IC chip having tamper resistance. For example, the SE40 may be an IC chip with a cryptographic library.
Further, the SE40 may be an IC card or a SIM card (Subscriber Identity Module Card) in which the SE40 is mounted on a card device such as plastic. In this case, the SE 40 communicates with the terminal device 30 via the contact portion of the IC card or the SIM card. The contact unit has terminals for various signals necessary for the IC card or SIM card to operate. The terminals of various signals are terminals that receive power supply voltage, clock signal, and reset signal from the terminal device 30, and serial data input / output terminals that communicate with the terminal device 30.

FIG. 2 is a block diagram showing a configuration example of SE40 according to the first embodiment. The SE 40 includes a communication unit 400, a control unit 410, and a storage unit 420. Each part shown in FIG. 2 is realized by using the hardware of SE40.
The hardware of the SE40 includes, for example, a UART (Universal Asynchronous Receiver Transmitter), a CPU, a ROM (Read Only Memory), a RAM (Random Access Memory), and an EEPROM (Electrically Erasable Programmable ROM). It is connected via an internal bus.

The communication unit 400 is realized by, for example, a UART, a CPU, and a program stored in a ROM, and communicates between the terminal device 30. The communication unit 400 receives the command from the terminal device 30, and also transmits the response to the command to the terminal device 30. The communication unit 400 stores the received data received from the terminal device 30 in the storage unit 420. Further, the communication unit 400 transmits the transmission data stored in the storage unit 420 to the terminal device 30.

The control unit 410 is realized by, for example, a CPU, a RAM, and a ROM or EEPROM, and controls the SE40 in an integrated manner. The control unit 410 includes a command processing unit 411, an acquisition unit 412, a verification unit 413, and a data processing unit 414.
The command processing unit 411 interprets the command included in the received data of the terminal device 30, and controls each unit corresponding to various processing in the SE 40.
The acquisition unit 412 acquires the received data of the terminal device 30. The acquisition unit 412 outputs the acquired received data to the verification unit 413.

The verification unit 413 verifies the validity of the received data. The verification unit 413 determines that the received data is valid when the data transmitted from the server device 10 to the terminal device 30 has not been tampered with by the time the data is received by the terminal device 30. The verification unit 413 determines that the received data is valid when the data received by the terminal device 30 is data from a device assumed as a communication destination such as the server device 10.
The verification unit 413 verifies the validity of the received data by using, for example, a unidirectional hash function (MD5, SHA1, SHA2, etc.), a common key, an encryption key such as a public key, or the like. The verification unit 413 outputs the verification result of verifying the validity of the received data to the data processing unit 414.
The verification unit 413 may verify the validity of the received data, and may verify the validity of the received data by calculating the electronic signature, message authentication, and the like in addition to the hash function described above. When the verification unit 413 verifies the validity of the received data by using the electronic signature and the message authentication, the verification unit 413 calculates the electronic signature and the message authentication from the received data, and the calculated value and the terminal device 30 are used. By comparing and verifying the added (accompanying) electronic signature and the value corresponding to the message authentication, it is verified whether or not the received data is valid.
The data processing unit 414 processes the received data based on the verification result of the verification unit 413. The data processing unit 414 outputs the received data to the control chip 32 when it is determined that the received data is valid. If it is determined that the received data is not valid, the received data is discarded.

The storage unit 420 is, for example, a storage unit configured by EEPROM, and stores a basic program for operating the control unit 410. The storage unit 420 stores various programs required for the verification process. The storage unit 420 includes a storage area as a work area temporarily used for the control unit 410 to operate. The storage unit 420 includes a reception data storage unit 421, a verification information storage unit 422, and a transmission data storage unit 423. The received data storage unit 421 stores the data received by the SE 40. The verification information storage unit 422 stores information used in the verification process, such as a hash value, a common key, and an encryption key such as a public key. The transmission data storage unit 423 stores data transmitted from the SE 40.

FIG. 3 is a diagram showing a layer configuration example of SE40 of the first embodiment. As shown in FIG. 3, the SE 40 is classified into an application layer 450, a software control layer 460, and a hardware control layer 470.
The application layer 450 is equipped with a communication data verification application 451 corresponding to the verification function unit (acquisition unit 412, verification unit 413, and data processing unit 414) of the SE40, and another application 452 that realizes other functions of the SE40. Will be done.
The software control layer 460 manages various libraries (encryption library 461, IO library 462) for calling the functions implemented in the hardware control layer 470 from the application layer 450, and various applications implemented in the application layer 450. Functions for this (app management 463, and other API 464) are implemented.
The hardware control layer 470 includes a cryptographic processor 471 mounted as a hardware circuit, a memory control 472 that controls a storage area in which various programs corresponding to the storage function unit (storage unit 420) of the SE40 are stored, and the like. Control 473 is implemented. Further, the hardware control layer 470 is equipped with an interface 474 that corresponds to the communication function unit (communication unit 400) of the SE40 and is responsible for communication with the outside.
In the verification system 1, the SE 40 transmits / receives data to / from each part (communication module 31, control chip 32) of the terminal device 30 by serial communication via the interface 474.
The data received on the interface 474 is output to the communication data verification application 451 via the application management 463.
The communication data verification application 451 verifies the validity of the received data by calculating the hash value of the received data using the encryption library 461 or the like. When the communication data verification application 451 determines that the received data is valid, the communication data verification application 451 outputs the received data to the terminal device 30 via the interface 474 to the control chip 32.

Here, the operation of SE40 will be described with reference to FIGS. 4 to 7.
FIG. 4 is a flowchart showing an operation example of SE40 of the first embodiment.
As shown in FIG. 4, first, the SE 40 performs a received data acquisition process of acquiring received data by the acquisition unit 412 (step S110). Next, the SE 40 performs a reception data verification process for verifying the reception data by the verification unit 413 (step S120). Then, the SE 40 performs a received data process of discarding or outputting the received data by the data processing unit 414 (step S130). Hereinafter, each process of steps S110, S120, and S130 will be described in detail.

(About step S110)
FIG. 5 is a flowchart showing an operation example of the received data acquisition process of SE40 according to the first embodiment.
As shown in FIG. 5, the acquisition unit 412 waits for the reception of the received data (step S111). The received data is written to the received data storage unit 421 by the communication module 31 via the communication unit 400.
The acquisition unit 412 periodically refers to the received data storage unit 421 and determines whether or not the received data has been written to the received data storage unit 421 (step S112).
When the received data is written in the received data storage unit 421, the acquisition unit 412 outputs the received data to the verification unit 413 (step S113).
On the other hand, if the received data is not written in the received data storage unit 421, the acquisition unit 412 returns to step S111 and waits for the reception of the received data.

(About step S120)
FIG. 6 is a flowchart showing an operation example of the reception data verification process of SE40 of the first embodiment.
As shown in FIG. 6, the verification unit 413 calculates the hash value of the received data output by the acquisition unit 412 (step S121). The hash value of the received data is information representing the characteristics of the received data. Therefore, when the received data is falsified, the hash value of the falsified received data is different from the hash value of the legitimate received data that has not been falsified. On the other hand, the verification information storage unit 422 stores a hash value of legitimate received data.
The verification unit 413 determines whether or not the calculated hash value (calculation result) matches the hash value stored in the verification information storage unit 422 (step S122).
When the calculation result matches the hash value stored in the verification information storage unit 422, the verification unit 413 determines that the received data is valid (step S123).
On the other hand, if the calculation result does not match the hash value stored in the verification information storage unit 422, the verification unit 413 determines that the received data is not valid (step S124).
The verification unit 413 outputs the received data together with the determination result to the data processing unit 414 (step S125).

Although the hash value can be calculated from the data, the original data cannot be restored from the hash value. That is, legitimate received data cannot be obtained from the hash value stored in the verification information storage unit 422. Therefore, even when the hash value is stored in the verification information storage unit 422, the terminal device 30 needs to receive the received data.

In the flowchart of FIG. 6 described above, the case where the verification unit 413 verifies the received data by calculating the hash value has been described as an example, but the present invention is not limited to this. The verification unit 413 uses, for example, a common key cryptosystem using a common key common to the server device 10 and the terminal device 30 (for example, a cryptosystem using DES, which is encryption algorithm information, AES, etc.), and public key cryptography. The validity of the received data may be verified by performing verification with a certificate based on the above.

(About step S130)
FIG. 7 is a flowchart showing an operation example of data processing of SE40 according to the first embodiment.
As shown in FIG. 7, the data processing unit 414 determines whether or not the received data output by the verification unit 413 is valid (step S131). The data processing unit 414 determines that the received data is valid when it indicates that the determination result is valid according to the determination result output together with the received data by the verification unit 413, and indicates that the determination result is not valid. Judges that the received data is not valid.
When the received data is valid, the data processing unit 414 stores the received data in the transmission data storage unit 423 (step S132).
The communication unit 400 of the SE40 waits for an instruction (transmission instruction) to transmit received data (step S133). The transmission command is acquired by the control chip 32 to the command processing unit 411 via the communication unit 400. The command processing unit 411 outputs a signal indicating an instruction to transmit the received data stored in the transmission data storage unit 423 to the terminal device 30 in the communication unit 400 based on the acquired transmission command.
The communication unit 400 transmits the received data stored in the transmission data storage unit 423 to the terminal device 30 based on the signal from the command processing unit 411 (step S135).
On the other hand, in step S131, the data processing unit 414 discards the received data if the received data is not valid (step S136).

FIG. 8 is a sequence chart showing an operation example of the verification system 1 of the first embodiment.
As shown in FIG. 8, first, the terminal device 30 is activated (step S201). In the terminal device 30, each unit (communication module 31, control chip 32, sensor module 34, and SE40) is activated based on a signal commanding activation from the server device 10.
The server device 10 generates data to be transmitted to the terminal device 30 (step S202). The server device 10 transmits the generated data to the terminal device 30 according to the communication protocol of the communication network 20 (step S203).
The communication module 31 receives the data transmitted by the server device 10 (step S204). The communication module 31 extracts a data area from the received data, and outputs the extracted data to the SE 40 according to the communication protocol of serial communication (step S205).

The SE 40 receives the data transmitted by the communication module 31 and verifies the validity of the received data (step S206). The SE40 verifies the validity of the data by executing each of the processes of steps S110, S120, and S130 described above. Hereinafter, each of steps S207 to S213 is a process when the data is valid. If the validity of the data cannot be confirmed in step S206, the data is discarded and the processes of steps S207 to S213 are not executed.
When the validity of the data can be confirmed, the SE 40 outputs the data to the control chip 32 (step S207).
The control chip 32 executes the process based on the content of the data received from the SE 40 (step S208). The control chip 32 creates processing result data to be notified as a result of the processing executed to the server device 10. The control chip 32 outputs the created processing result data to the SE 40 (step S209).

The SE 40 receives the processing result data transmitted by the control chip 32 and verifies the validity of the data (step S210). The SE40 verifies the validity of the data by executing each of the processes of steps S110, S120, and S130 described above. As a result, for example, even if the processing result data created by the control chip 32 is illegally rewritten by a person who illegally obtains the ID and password of the terminal device 30, the illegal processing result data is transmitted to the server device 10. It suppresses the transmission.
When the validity of the data can be confirmed, the SE 40 outputs the processing result data to the communication module 31 (step S211).
The communication module 31 receives the data output by the SE 40 (step S212). The communication module 31 transmits the received data to the server device 10 according to the communication protocol of the communication network 20 (step S213).

As described above, the SE40 of the first embodiment is an SE40 (secure element) that can be connected between the communication module 31 (first functional unit) and the control chip 32 (second functional unit) that communicate with each other. This is verified by the acquisition unit 412 that acquires the notification data notified from the communication module 31 to the control chip 32, the verification unit 413 that verifies the validity of the data acquired by the acquisition unit 412, and the verification unit 413. Based on the verification result, if the data is determined to be valid, the data is output to the control chip 32, and if the data is determined to be invalid, the data is discarded with the data processing unit 414. Have.
As a result, the SE 40 of the first embodiment can verify the validity of the data by the verification unit 413 and output only the data determined to be valid to the control chip 32, and the data determined to be invalid can be output to the control chip 32. Can be discarded. Therefore, the SE 40 of the first embodiment can suppress the transmission and reception of invalid data between the communication module 31 of the terminal device 30 and the control chip 32, and improve the safety of the terminal device 30. Can be made to. Further, since the validity of the data is verified by the SE 40, the processing load of the control chip 32 does not increase, so that it is not necessary to use an expensive chip in order to increase the processing capacity of the control chip 32. That is, the device cost of the terminal device 30 can be suppressed.
Further, the SE40 of the first embodiment is an SE40 that can be connected between the communication module 31 of the terminal device 30 and the control chip 32 that can communicate with the server device 10 via the communication network 20. The unit 412 acquires the data transmitted from the server device 10 to the terminal device 30. As a result, the SE 40 of the first embodiment can verify the validity of the data notified via the communication network 20, and thus it is determined that the data is not valid, such as when the data has been tampered with on the network. Data can be discarded, it is possible to suppress a malicious attack on the terminal device 30 via the communication network 20, and it is possible to improve the safety thereof.
Further, in the SE40 of the first embodiment, the verification unit 413 determines whether or not the received data is valid by calculating the hash value of the received data. As a result, the verification unit 413 can verify the validity of the received data by a simple method of comparing the calculated hash value with the hash value of the legitimate received data whose received data has not been tampered with.

Here, the effect of the terminal device 30 of the first embodiment will be described with reference to FIG.
FIG. 9 is a sequence chart showing an operation example of a system having no verification function. In a system without a verification function, the terminal device does not have SE40.
As shown in FIG. 9, even in a system having no verification function, the terminal device 30 is first activated (step S301). The terminal device 30 is activated in the same manner as in step S201 described above. However, since the terminal device does not have the SE40, the SE40 will not start. The rogue server device 100 generates rogue data to be transmitted to the terminal device (step S302). The unauthorized server device 100 transmits the generated data to the terminal device (step S303). The communication module 31 receives the illegal data transmitted by the illegal server device 100 (step S304). The communication module 31 extracts a data area from the received invalid data, and outputs the extracted illegal data to the control chip 32 (step S305).
The control chip 32 executes an illegal process based on the content of the illegal data received from the communication module 31 (step S306). As a result, the terminal device having no verification function is subjected to illegal processing such as an illegal change in the operation of the sensor module 34.
After that, the server device 10 generates data to be transmitted to the terminal device (step S307). The server device 10 transmits the generated data to the terminal device 30 (step S308).
The communication module 31 receives the data transmitted by the server device 10 (step S309). The communication module 31 extracts a data area from the received data and outputs the extracted data to the control chip 32 (step S310).
The control chip 32 executes processing based on the content of the data received from the communication module 31 (step S311). However, since the terminal device has been subjected to an illegal process in step S306 described above, the process performed by the control chip 32 in step S311 has an incorrect result. The control chip 32 outputs the invalid processing result data to the SE 40 (step S312). The communication module 31 receives the illegal data from the control chip 32 and transmits the illegal data to the server device 10 (step S314).

As described above, in a system having no verification function, processing based on the illegal data transmitted by the illegal server device 100 or the like is executed, and the illegal data is transmitted to the server device 10. If invalid data is transmitted to the server device 10, it may lead to a situation such as a service stop.
On the other hand, in the verification system 1 of the first embodiment, even when the terminal device 30 receives the illegal data, the SE 40 discards the illegal data, so that the control chip 32 acquires the illegal data. There is no such thing. Therefore, no illegal processing is performed on the sensor module 34.

<Second embodiment>
Next, the second embodiment will be described.
The second embodiment differs from the configuration of the first embodiment in that the server device 10A requires mutual authentication from the terminal device 30A. Here, mutual authentication means that both devices communicating with each other authenticate each other's legitimacy. For example, when the server device 10A and the terminal device 30A communicate with each other, the server device 10A authenticates the validity of the terminal device 30A, and the terminal device 30A authenticates the validity of the server device 10A.

Further, in the second embodiment, mutual authentication is performed with the device that has transmitted data to the terminal device 30A, and when the SE40A has been mutually authenticated with the server device 10A, the server device 10A has already been authenticated. It differs from the configuration of the first embodiment in that the verification of the data is temporarily stopped and the data is output to the control chip 32.
In the second embodiment, the SE40A omits the verification of the validity of the data transmitted from the mutually authenticated device, thereby maintaining the safety of the system and increasing the processing load for the verification. Suppress.

Further, the second embodiment is different from the configuration of the first embodiment in that the mutually authenticated server device 10A requests the restart of the verification when the verification of the data is temporarily stopped. .. It is possible to improve the safety of the system by restarting the verification in response to the request of the mutually authenticated server device 10A.

FIG. 10 is a block diagram showing a functional configuration example of the SE40A of the second embodiment. As shown in FIG. 10, in the second embodiment, the verification unit 413A of the SE40A performs a process different from that of the first embodiment. The SE40A also includes a verification stop information storage unit 424.
The verification stop information storage unit 424 stores the verified flag. The verified flag is a variable indicating whether or not mutual authentication has been performed, and is a variable stored for each device that has transmitted data to the terminal device 30A. If the initial state is not mutual authentication, or if mutual authentication is performed but the validity of the communication destination is not verified, "0" is stored in the verified flag. When the validity of the communication destination is verified as a result of mutual authentication, "1" is stored as the proven flag corresponding to the communication destination.

The verification unit 413A performs mutual authentication with the device that has transmitted data to the terminal device 30A. Hereinafter, a case where the server device 10A transmits data to the terminal device 30A will be described as an example.
When the data transmitted from the server device 10A includes data requesting mutual authentication, the verification unit 413A verifies the validity of the server device 10A. For example, the verification unit 413A acquires a server certificate from the data transmitted from the server device 10A, and compares the acquired server certificate with a valid server certificate stored in advance in the verification information storage unit 422. Verify the validity of the server device 10A. When the verification unit 413A determines that the server device 10A is valid, the verification unit 413A writes "1" in the verified flag and stores it.
When "1" is stored in the verified flag, the verification unit 413A outputs the data transmitted from the server device 10A to the control chip 32 without verification.

When the verification unit 413A determines that the server device 10A is not valid, the verification unit 413A reports to the control chip 32 that the server device 10A is not valid (illegal connection) via the communication unit 400.

Further, when the verification unit 413A stores "1" in the verification flag and the data transmitted from the server device 10A includes data requesting the restart of verification, the verification unit 413A indicates the verification flag. Write "0" in and memorize it.
When "0" is stored in the verified flag, the verification unit 413A verifies the data transmitted from the server device 10A and determines that the data is valid, as in the first embodiment. The data is output to the control chip 32.

The operation of the SE40A of the second embodiment will be described with reference to FIGS. 11 and 12.
FIG. 11 is a flowchart showing an operation example of the SE40A of the second embodiment.
As shown in FIG. 11, first, the SE40A performs a received data acquisition process for acquiring received data by the acquisition unit 412, as in the first embodiment (step S110).
Next, the verification unit 413A determines whether or not the received data requires mutual authentication (step S400). When the verification unit 413A indicates that mutual authentication is required at a predetermined location of the received data, the verification unit 413A determines that the received data requires mutual authentication.
When the verification unit 413A determines that the received data requires mutual authentication, the verification unit 413A performs a mutual authentication process for mutual authentication with the server device 10A (step S401).
The verification unit 413A determines whether or not mutual authentication has been completed normally (step S402). When the mutual authentication is normally completed, the verification unit 413A writes "1" in the mutual authentication completed flag and stores it (step S403).
On the other hand, when the mutual authentication is not completed normally, the verification unit 413A writes "0" in the mutual authentication completed flag and stores it (step S404). Then, the verification unit 413A reports to the control chip 32 that there is an unauthorized connection in which mutual authentication is not normally completed (step S405).

In step S400, the verification unit 413A determines whether or not the received data requires resumption of verification when the received data does not require mutual authentication (step S406). When the received data requests the resumption of verification, the verification unit 413A writes "0" in the mutual authentication completed flag and stores it (step S407).

In step S406, the verification unit 413A determines whether or not the mutual authentication completed flag is "1" when the received data does not request the resumption of verification (step S408). When the received data does not require mutual authentication and does not require resumption of verification, the received data is control data that controls each functional unit (for example, the sensor module 34) of the terminal device 30A.
When the mutual authentication completed flag is "1", the verification unit 413A outputs the received data to the control chip 32 without verifying it.
On the other hand, when the mutual authentication completed flag is "0", the verification unit 413A performs the verification process of step S120 of the first embodiment to verify the validity of the received data.

FIG. 12 is a flowchart showing an operation example of the mutual authentication process of SE40A of the second embodiment.
As shown in FIG. 12, when performing mutual authentication, the verification unit 413A first verifies the mutual authentication data of the server device 10A included in the received data (step S500). The verification unit 413A obtains a server certificate by decrypting the encryption applied to the mutual authentication data of the server device 10A with a common key, and the obtained server certificate is stored in the verification information storage unit 422. If it matches, it is determined that the server device 10A is a legitimate communication destination, and it is determined that the verification of the mutual authentication data has been completed normally. Further, mutual authentication may be performed using random numbers.

The verification unit 413A creates mutual authentication data on the terminal device 30A side to be transmitted to the server device 10A when the verification of the mutual authentication data is completed normally, and the created mutual authentication data is used in the communication unit 400 and the communication module. It is transmitted to the server device 10A via 31 (step S502).
The verification unit 413A transmits the mutual authentication data on the terminal device 30A side to the server device 10A, and then receives the data transmitted from the server device 10A via the communication module 31 or the like (step S503).
The verification unit 413A determines whether or not the received data is a response to the mutual authentication data transmitted to the server device 10A (step S504). When the received data is a response to the transmitted mutual authentication data, the verification unit 413A determines whether or not the response indicates a normal end (step S505). Then, the verification unit 413A determines that the mutual authentication has been completed normally when it indicates that the response has been completed normally (step S506).

On the other hand, when the verification unit 413A indicates that the verification of the mutual authentication data from the server device 10A is not normally completed in step S501 and the response from the server device 10A is not normally completed in step S505, the mutual authentication is performed. It is determined that the process was not completed normally (step S507).

Further, in step S504, when the received data is not a response to the transmitted mutual authentication data, the verification unit 413A considers that the received data is control data for controlling each functional unit (for example, the sensor module 34) of the terminal device 30A. , The verification process of step S120 of the first embodiment is performed to verify the validity of the received data.

FIG. 13 is a sequence chart showing an operation example of the verification system 1A of the second embodiment.
As shown in FIG. 13, first, the above-mentioned mutual authentication is performed between the server device 10A and the SE40A (step S601). After the mutual authentication is normally completed, the server device 10A generates data to be transmitted to the terminal device 30A (step S602). The server device 10A transmits the generated data to the terminal device 30A (step S603).
The communication module 31 receives the data transmitted by the server device 10A (step S604). The communication module 31 extracts a data area from the received data and outputs the extracted data to the SE40A (step S605).
The SE40A receives the data transmitted by the communication module 31 and outputs the data to the control chip 32 (step S607) without verifying the validity of the received data (step S606).
The control chip 32 executes the process based on the content of the data received from the SE40A (step S608). The control chip 32 creates the processing result data to be notified as the result of the processing executed to the server device 10A. The control chip 32 outputs the created processing result data to the SE40A (step S609).

The SE40A receives the processing result data transmitted by the control chip 32 and outputs the data to the communication module 31 without verifying the validity of the data (step S610) (step S611).
The communication module 31 receives the data output by the SE40A (step S612). The communication module 31 transmits the received data to the server device 10A according to the communication protocol of the communication network 20 (step S613).

FIG. 14 is a sequence chart showing an operation example of the process of restarting the verification of the verification system 1A of the second embodiment.
As shown in FIG. 14, first, the above-mentioned mutual authentication is performed between the server device 10A and the SE40A (step S601).
After the mutual authentication is normally completed, the server device 10A generates data requesting the terminal device 30A to restart the verification (step S702). The server device 10A transmits the generated data to the terminal device 30A (step S703).
The communication module 31 receives the data transmitted by the server device 10A (step S604). The communication module 31 extracts a data area from the received data and outputs the extracted data to the SE40A (step S605).
The SE40A receives the data transmitted by the communication module 31, and sets the mutual authentication flag to “0” based on the data requesting the restart of the received verification (step S706). The SE40A creates response data for the received data requesting resumption of verification (step S708). The SE40A outputs the created response data to the communication module 31 (step S709).
The communication module 31 receives the data output by the SE40A (step S710). The communication module 31 transmits the received data to the server device 10A (step S711).

As described above, in the SE40A of the second embodiment, when the received data includes data indicating a request for mutual authentication from the server device 10A, the verification unit 413A performs mutual authentication with the server device 10A. This is done to determine if the server device 10A is legitimate. Thereby, in the SE40A of the second embodiment, it is possible to determine whether or not the server device 10A is a legitimate communication destination.
Further, in the terminal device 30A of the second embodiment, when the verification unit 413A determines that the server device 10A is not valid by mutual authentication, the verification unit 413A outputs the determination result to the terminal device 30A. As a result, in the SE40A of the second embodiment, the terminal device 30A is made to recognize that it may be attacked by a device that is not supposed to be a legitimate communication destination, that is, an unauthorized server device. Can be done.
Further, in the SE40A of the second embodiment, when the verification unit 413A determines that the server device 10A is valid based on the authentication result of the mutual authentication, the verification unit 413A determines that the received data received by the terminal device 30A is valid. The data transmitted from the determined server device 10A to the terminal device 30A is output to the terminal device 30A without verifying its validity.
As a result, in the SE40A of the second embodiment, the verification unit 413A determines whether or not the communication partner is a legitimate device, and if the communication partner is a legitimate device, the verification process can be omitted. The processing load of processing can be reduced.

Further, in the terminal device 30A of the second embodiment, when the verification unit 413A includes data requesting verification of the validity of the data in the data transmitted from the server device 10A to the terminal device 30A. , The validity of the received data is verified, and when it is determined that the received data is valid, the received data is output to the terminal device 30A. As a result, in the SE40A of the second embodiment, even if the verification process is omitted after determining whether or not the communication partner is a legitimate device by the request from the server device 10A, the verification is restarted. It is possible to improve the safety.

In the above-described embodiment, the case where the server device 10 (10A) and the terminal device 30 (30A) communicate with each other via the communication network 20 has been described as an example, but the present invention is not limited thereto. .. The server device 10 (10A) may be any external device that communicates with the terminal device 30 (30A), and may be another terminal device 30 (30A) having the same configuration as the terminal device 30 (30A). Other general-purpose computer terminals, smartphones, tablets, etc. may be used.
The communication network 20 includes a mobile phone network such as 3G (3rd Generation), 4G (4th Generation), LTE (Long Term Evolution), a wireless communication transmission line such as Wi-Fi and Bluetooth (registered trademark), and a USB. It may be a transmission line for wired communication such as connection by (Universal Serial Bus), LAN (Local Area Network) cable, or the like, or may be a combination of the transmission line for wireless communication and the wired communication.

A program for realizing the function of the verification system 1 in the present invention is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by the computer system and executed. You may.
The term "computer system" as used herein includes hardware such as an OS and peripheral devices.
Further, the "computer system" shall also include a WWW system provided with a homepage providing environment (or display environment). Further, the "computer-readable recording medium" refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, or a CD-ROM, and a storage device such as a hard disk built in a computer system. Furthermore, a "computer-readable recording medium" is a volatile memory (RAM) inside a computer system that serves as a server or client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, it shall include those that hold the program for a certain period of time.

Further, the program may be transmitted from a computer system in which this program is stored in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above program may be for realizing a part of the above-mentioned functions. Further, it may be a so-called difference file (difference program) that can realize the above-mentioned function in combination with a program already recorded in the computer system.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and variations thereof are included in the scope of the invention described in the claims and the equivalent scope thereof, as are included in the scope and gist of the invention.

1 ... Verification system, 10 ... Server device, 20 ... Communication network, 30 ... Terminal device, 40 ... SE, 412 ... Acquisition unit, 413 ... Verification unit, 414 ... Data processing unit.

Claims (10)

It is a secure element that can be connected to the communication module and control chip of the terminal device that can communicate with the external device .
An acquisition unit that acquires notification data notified from the external device to the terminal device and notified from the communication module to the control chip .
A verification unit that verifies the validity of the notification data acquired by the acquisition unit, and
When the notification data is determined to be valid based on the verification result verified by the verification unit, the notification data is output to the control chip , and the notification data is determined to be invalid. In some cases, it has a data processing unit that discards the notification data.
When the notification data includes data indicating a request for mutual authentication from the external device, the verification unit performs mutual authentication with the external device, and the authentication result of the mutual authentication indicates that the external device is valid. When determined, the secure element is characterized in that it is output to the control chip without verifying the validity of the notification data transmitted from the external device determined to be valid . The verification unit determines whether or not the notification data is valid by calculating at least one of the hash value, the electronic signature, and the message authentication of the notification data acquired by the acquisition unit.
The secure element according to claim 1 . The secure according to claim 1 or 2 , wherein when the verification unit determines that the external device is not valid based on the authentication result of the mutual authentication, the verification unit outputs the determination result to the control chip. element. When the notification data includes data requesting verification of the validity of the notification data , the verification unit determines that the external device is valid, regardless of whether or not the notification data is valid. The secure element according to any one of claims 1 to 3 , wherein the notification data is output to the control chip when the validity is verified and the notification data is determined to be valid. .. A terminal device that can communicate with an external device.
The secure element according to any one of claims 1 to 4 ,
A control chip that outputs data to the secure element and acquires the data determined to be valid by the secure element from the secure element.
A terminal device characterized by being provided with. The terminal device according to claim 5 , wherein the terminal device communicates with the external device via a communication network. The terminal device according to claim 5 or 6 ,
Provided with an external device for transmitting data including at least one of data requesting mutual authentication with the terminal device or data instructing whether or not to verify the validity of the received data received by the terminal device. A featured verification system. The verification system according to claim 7 , wherein the external device transmits data to the terminal device via a communication network. It is a verification method of the secure element that can be connected to the communication module and control chip of the terminal device that can communicate with the external device .
The acquisition unit acquires the notification data notified from the external device to the terminal device and notified from the communication module to the control chip .
A verification process in which the verification unit verifies the validity of the notification data acquired by the acquisition unit , and
When the data processing unit determines that the notification data is valid based on the verification result verified by the verification unit , the data processing unit outputs the notification data to the control chip , and the notification data is valid. If it is determined that the notification data is not, the notification data is discarded .
When the notification data includes data indicating a request for mutual authentication from the external device, the verification unit performs mutual authentication with the external device, and the authentication result of the mutual authentication indicates that the external device is valid. A verification method for outputting to the control chip without verifying the validity of the notification data transmitted from the external device determined to be valid when the determination is made . For computers with secure elements that can be connected to the communication modules and control chips of terminal devices that can communicate with external devices .
An acquisition step of acquiring notification data notified from the external device to the terminal device and notified from the communication module to the control chip .
A verification process for verifying the validity of the notification data acquired by the acquisition process, and
When the notification data is determined to be valid based on the verification result verified by the verification step, the notification data is output to the control chip , and the notification data is determined to be invalid. In some cases, it is a program that executes the process of discarding the notification data.
In the verification step, when the notification data includes data indicating a request for mutual authentication from the external device, mutual authentication is performed with the external device, and the external device is justified by the authentication result of the mutual authentication. If it is determined, it is output to the control chip without verifying the validity of the notification data transmitted from the external device determined to be valid.
Program .

Images