JP7136237B2 - Information processing device and program - Google Patents

Description

The present invention relates to an information processing apparatus and a program, and more particularly, an information processing apparatus having a function of establishing an encrypted communication path with an external device to perform encrypted communication and a function of performing other processing using an encryption key. and program.

When an information processing device exchanges information with an external device, in order to ensure the safety of communication, a secure encrypted communication path is established between them, and encrypted communication is performed via this encrypted communication path. is essential. In particular, portable information processing devices such as smart phones and IC cards may fall into the wrong hands if lost, so sufficient security measures must be taken.

Recently, mobile terminal devices such as smartphones have become popular, and these terminal devices are usually equipped with an IC card called a SIM card or a UIM card. Information is exchanged between this IC card and a terminal device, or between this IC card and an external server device, via a predetermined communication path. At this time, if the information is confidential, it is necessary to establish a secure communication path and exchange encrypted information.

Under these circumstances, various methods have been proposed for establishing a secure communication path between an IC card and an external device to perform encrypted communication. For example, Japanese Unexamined Patent Application Publication No. 2002-200002 discloses a technique for preventing leakage of confidential information by performing communication via a proxy device having a data conversion processing function based on a predetermined conversion algorithm. Further, Patent Document 2 discloses a technique of performing encrypted communication using public key cryptography when information is exchanged between an IC card and a server device via the Internet. 3 discloses a technique for quickly performing system recovery processing when an abnormality related to security is detected during such encrypted communication.

On the other hand, in Japanese Unexamined Patent Application Publication No. 2002-100000, an IC card compatible area corresponding to an IC card on a one-to-one basis is provided on the server device side, and a secure communication path is set between this IC card compatible area and the user terminal device. A technique for integrating a server device and an IC card is disclosed.

JP-A-2002-055961 JP-A-2002-217895 JP 2006-190222 A JP 2010-073188 A

In order to establish a secure encrypted communication path between an information processing device and an external device, both devices must have an encrypted communication processing function based on a common encryption protocol. That is, the sending side uses a predetermined encryption key and a predetermined encryption protocol to encrypt information to be transmitted and sends it out, and the receiving side encrypts the received encrypted information with the same encryption key and encryption protocol as the sending side. It will be decrypted using the protocol. Therefore, the information processing device and the external device are pre-installed with an encryption communication processing function using a specific encryption key and encryption protocol.

However, in recent years, communication partners of information processing apparatuses have diversified, and there are many cases in which one IC card communicates with a plurality of partners according to various situations. For example, in the case of an IC card (SIM card or UIM card) attached to a smartphone, since multiple application programs are installed in the smartphone as an external device, information can be exchanged between these multiple application programs. need to do. In this case, in terms of hardware, two-way communication is performed between the IC card and the smartphone, but in terms of software, individual communication is performed between the IC card-side program and the smartphone-side individual application programs. will be done.

In addition, recently, encryption protocols with higher security have been recommended, and the types of encryption protocols that are actually used are diversified. Therefore, in practice, one IC card is provided with encryption communication functions based on a plurality of encryption protocols in advance, and depending on the convenience of the external device that communicates with the IC card (for example, It is preferable to be able to select an arbitrary encryption protocol and carry out encrypted communication each time, depending on the convenience of the application program. For that purpose, it is necessary to store a plurality of encryption keys in advance in the IC card, and when a specific encryption protocol is selected, read out and use the encryption key required for that protocol as appropriate. .

Moreover, cryptographic keys are not only used for establishing encrypted communication channels, but also for various processes such as verification processing to check data tampering, verification processing using tokens, and decryption processing of encrypted programs. used. Therefore, in practice, an IC card in which an application program having various processing functions using encryption keys is installed must store a large number of encryption keys used for each of these processing functions. For this reason, a general IC card is provided with a key table capable of storing a plurality of encryption keys, and an operation is adopted in which necessary encryption keys are stored in individual storage locations of this key table.

However, since the storage capacity of the built-in memory is limited in portable small information processing devices such as smartphones and IC cards, even when storing multiple encryption keys, it is necessary to reduce waste as much as possible and use the minimum necessary encryption. It is important to keep only the key stored. In other words, it is desirable to avoid as much as possible the storage of useless encryption keys that will never be used, or the continued storage of encryption keys that are no longer needed due to changes in application program functions. . In addition, if an unnecessary encryption key is stored, security problems will increase if it is leaked to the outside. In other words, even if the encryption key is unnecessary for the information processing device, if it leaks to the outside, it becomes a factor that threatens the security of the entire system including the external device.

Therefore, in an information processing apparatus having various processing functions that use encryption keys, the present invention maintains a state in which only the minimum necessary encryption keys are stored, saves the storage capacity of the encryption key storage location, The purpose is to reduce security problems.

(1) A first aspect of the present invention is an information processing device having various processing functions using an encryption key,
an information storage unit for storing programs and data used by the programs;
a program execution unit that executes the program stored in the information storage unit;
provided,
a program load process of loading an application program package having a plurality of processing functions each using an encryption key in response to a load command given from an external device and storing the package in an information storage unit;
installation processing for expanding the package loaded by the program load processing into an information storage unit and installing the application program in response to an installation command given from an external device;
a key writing process for storing an encryption key used by an installed application program in an information storage unit in response to a key writing command given from an external device;
with the ability to execute
When executing the installation process, for the installed application program, among the multiple processing functions that use the encryption key, the designated function designated by the function designation information included in the installation command can be executed. west,
Before executing the key writing process, it is determined whether or not the processing function using the encryption key stored by the key writing process is executable. If there is, the key writing process is executed, and if the function is not executable, the key writing process is rejected.

(2) A second aspect of the present invention is the information processing device according to the first aspect described above,
When executing installation processing for a specific application program, create an executable list including information specifying functions executable by the application program, store this in the information storage unit, and execute key writing processing. By referring to the executable list, it is determined whether or not the processing function to be determined is an executable function.

(3) A third aspect of the present invention is the information processing device according to the first or second aspect described above,
constructing a key table for storing an encryption key in a logical key space of an information storage unit when executing an installation process for a specific application program;
When executing the key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table constructed on the logical space.

(4) A fourth aspect of the present invention is the information processing device according to the above-described third aspect,
Corresponding information that associates a specific processing function that uses an encryption key with a storage location on a key table for storing the encryption key is stored in an information storage unit,
When a key write command is given, by referring to the correspondence information, it is associated with the storage location specified by the write location specification information included in the given key write command. Recognizes a specific processing function as a judgment target, executes a key write command if the judgment target is an executable function, and executes a key write command if it is not an executable function. It was designed to be rejected.

(5) A fifth aspect of the present invention is the information processing device according to the fourth aspect described above,
The key table consists of a collection of cells in a two-dimensional matrix that can identify one cell by a combination of a key version number and a key ID,
When a key write command is given, the storage location of the encryption key is specified based on the key version number included as write location specifying information in the key write command.

(6) A sixth aspect of the present invention is the information processing device according to the first aspect described above,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
When executing the installation process for a specific application program, by referring to the storage location list table, the functions that can be executed by the application program correspond to the storage location of the encryption key used for that function. Create a function table to attach to, store this in the information storage unit,
When a key write command is given, by referring to the function table, the storage location specified by the write location specification information included in the given key write command is included in the function table. If it is included, the key write command is executed, and if it is not included, the key write command is rejected.

(7) A seventh aspect of the present invention is the information processing device according to the first aspect described above,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
creating a function table listing functions that can be executed by the application program when executing the installation process for a specific application program, and storing the table in an information storage unit;
When a key write command is given, the storage location specified by the write location specification information included in the key write command is stored for the executable functions listed in the function table. It is determined whether or not it is a storage location that is associated in the location list table, and if a positive determination result is obtained, the key write command is executed, and a negative determination result is obtained. In some cases, the key write command is rejected.

(8) An eighth aspect of the present invention is the information processing device according to the first aspect described above,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
creating a function table listing storage locations of encryption keys used for functions executable by the application program by referring to the storage location list table when executing installation processing for a specific application program; Store this in the information storage unit,
When a key write command is given, by referring to the function table, the storage location specified by the write location specification information included in the given key write command is included in the function table. If it is included, the key write command is executed, and if it is not included, the key write command is rejected.

(9) A ninth aspect of the present invention is an information processing device having various processing functions using an encryption key,
an information storage unit for storing programs and data used by the programs;
a program execution unit that executes the program stored in the information storage unit;
provided,
a program load process of loading an application program package having a plurality of processing functions each using an encryption key in response to a load command given from an external device and storing the package in an information storage unit;
installation processing for expanding the package loaded by the program load processing into an information storage unit and installing the application program in response to an installation command given from an external device;
a key writing process for storing an encryption key used by an installed application program in an information storage unit in response to a key writing command given from an external device;
an executable function change process for changing a process function executable by an already installed application program according to an executable function change process command given from an external device;
with the ability to execute
When executing the installation process, for the installed application program, among the multiple processing functions that use the encryption key, the designated function designated by the function designation information included in the installation command can be executed. west,
When executing the executable function change processing, if there is a processing function that has been changed from executable to non-executable by the change processing, the encryption key used for the processing function that has been changed to non-executable is A key deletion process for deleting the key from the storage unit is also executed.

(10) A tenth aspect of the present invention is the information processing device according to the above-described ninth aspect,
creating an executable list including information specifying functions that can be executed by the application program when executing installation processing for a specific application program, and storing the list in an information storage unit;
When executing the executable function change processing, the executable list is rewritten, and the encryption key used for the processing function deleted from the executable list is deleted from the information storage unit. is designed to execute

(11) An eleventh aspect of the present invention is the information processing device according to the ninth or tenth aspect described above,
constructing a key table for storing an encryption key in a logical key space of an information storage unit when executing an installation process for a specific application program;
When executing the key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table constructed on the logical space,
When the key deletion process is executed, the encryption key data written in the real space is deleted, and the real space on the memory is released.

(12) A twelfth aspect of the present invention is the information processing device according to the above-described eleventh aspect,
Corresponding information that associates a specific processing function that uses an encryption key with a storage location on a key table for storing the encryption key is stored in an information storage unit,
When executing the executable function change processing, the correspondence information is referenced to identify the storage location associated with the processing function changed from executable to non-executable, and store in the identified storage location. In this case, a key deletion process is executed to delete the encryption key that has been encrypted.

(13) A thirteenth aspect of the present invention is the information processing device according to the above-described twelfth aspect,
The key table consists of a collection of cells in a two-dimensional matrix that can identify one cell by a combination of a key version number and a key ID,
Based on the key version number, the storage location of the encryption key to be written or deleted is specified.

(14) A fourteenth aspect of the present invention is the information processing device according to the above-described ninth aspect,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
When executing the installation process for a specific application program, by referring to the storage location list table, the functions that can be executed by the application program correspond to the storage location of the encryption key used for that function. Create a function table to attach to, store this in the information storage unit,
When executing the executable function change process, the function table is rewritten, the storage location associated with the processing function to be deleted from the function table is identified, and stored in the identified storage location. In this case, a key deletion process is executed to delete the encryption key that has been encrypted.

(15) A fifteenth aspect of the present invention is the information processing device according to the above-described ninth aspect,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
creating a function table listing functions that can be executed by the application program when executing the installation process for a specific application program, and storing the table in an information storage unit;
When executing the executable function change process, the function table is rewritten, and the storage location associated with the processing function to be deleted from the function table is changed by referring to the storage location list table. A key deletion process for deleting the encryption key stored in the specified storage location is executed.

(16) A sixteenth aspect of the present invention is the information processing device according to the above-described ninth aspect,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
creating a function table listing storage locations of encryption keys used for functions executable by the application program by referring to the storage location list table when executing installation processing for a specific application program; Store this in the information storage unit,
When the executable function change process is executed, the function table is rewritten by referring to the storage location list table, the storage location to be deleted from the function table is specified, and the specified storage location is A key deletion process for deleting the stored encryption key is executed.

(17) A seventeenth aspect of the present invention is the information processing device according to the first to sixteenth aspects described above,
It has a function to install an application program that has a processing function to open an encrypted communication path with an external device using a predetermined encryption protocol. It is designed for writing.

(18) An eighteenth aspect of the present invention is the information processing device according to the first to sixteenth aspects described above,
The information storage unit stores at least one management program as an application program,
The management program has a function of executing program load processing, installation processing, and key writing processing for the new application program in order to put the new application program under its own control. It is what I did.

(19) A nineteenth aspect of the present invention is the information processing device according to the eighteenth aspect described above,
After program load processing and installation processing for a new application program are completed, when a key write command is given from an external device, the new application program executes key write processing according to the key write command. It is designed to

(20) A twentieth aspect of the present invention is the information processing device according to the eighteenth or nineteenth aspect described above,
The management program interprets the privilege parameter "privilege" that accompanies the installation command defined in the GlobalPlatform (registered trademark) specifications as function specifying information, and executes the installation process so that only the specified functions can be executed. It is the one that was made.

(21) A twenty-first aspect of the present invention is the information processing device according to the eighteenth or nineteenth aspect described above,
The management program interprets the SCP type parameter attached to the installation command defined in the GlobalPlatform (registered trademark) specifications as function designation information, and establishes an encrypted communication path according to the encryption protocol indicated by the designated SCP type. The installation process is executed so that the process can be executed.

(22) A twenty-second aspect of the present invention is to independently provide a program that causes a computer to function as the information processing apparatus according to the first to twenty-first aspects.

According to the first embodiment of the present invention, before writing a new encryption key, it is determined whether or not the processing function using the encryption key to be written is executable. The actual write is done only if it was a possible function. Therefore, it is possible to avoid a situation in which a useless encryption key that is never used is written. Therefore, in an information processing device having various processing functions that use encryption keys, it is possible to maintain a state in which only the minimum necessary encryption keys are stored, save the storage capacity of the encryption key storage location, and improve security. problem can be reduced.

Further, according to the second embodiment of the present invention, when there is a processing function that has been executable until now but is changed to be unexecutable by the function change processing, the function is changed to be unexecutable. A key deletion process is executed to delete the encryption key used for the processing function. Therefore, it is possible to avoid a situation in which an encryption key that is no longer needed continues to be stored as it is. Therefore, in an information processing device having various processing functions that use encryption keys, it is possible to maintain a state in which only the minimum necessary encryption keys are stored, save the storage capacity of the encryption key storage location, and improve security. problem can be reduced.

1 is a block diagram showing a mode of information communication among a general smartphone 10, SIM card 11, and external server 20; FIG. 2 is a block diagram showing an example of a program configuration for encrypted communication between SIM card 11 (information processing device) shown in FIG. 1 and smartphone 10 or external server 20 (external device). FIG. 3 is a diagram showing a specific example of a key table shown in FIG. 2; FIG. 4 is a diagram showing an outline of a general data structure of an encryption key Key stored in the key table shown in FIG. 3 and a data structure of an encrypted communication channel opening command using the encryption key; FIG. 3 is a diagram showing specific examples of various commands exchanged between the SIM card 11 (information processing device) and the smartphone 10 (external device) shown in FIG. 2 and responses thereto; FIG. 3 is a diagram showing the data structure of a general encrypted communication path establishment command CMD and its variations; 4 is a table showing a correspondence relationship between command string information and encryption algorithm type information used for each encryption protocol; 2 is a diagram showing the hierarchical structure of application programs built in a SIM card 11 (information processing device) (FIG. (a)) and the function of a management program SD (FIG. (b)); FIG. 2 is a block diagram showing an example of a mode of information communication between an information processing device (SIM card 11) and an external device (smartphone 10 or external server 20) at factory shipment; FIG. 2 is a block diagram showing an example of a mode of information communication between an information processing device (SIM card 11) and an external device (smartphone 10 or external server 20) at the start of use; FIG. FIG. 10 is a diagram showing an example format of a specific command given to an IC card conforming to GlobalPlatform (registered trademark) specifications; 1 is a block diagram showing a basic configuration of an information processing device (SIM card 11) according to the present invention and an aspect of information communication between an external device (smartphone 10 or external server 20); FIG. FIG. 11C is a diagram showing the contents of parameters attached to the installation command of the application program shown in FIG. 11C. FIG. 14 is a table showing specific contents of a privilege parameter (privilege) shown in FIG. 13; FIG. FIG. 4 is a diagram showing a specific example of a storage location list table used in the information processing apparatus according to the present invention; FIG. 4 is a diagram showing an example of a function table used in the information processing apparatus according to the present invention; FIG. It is a figure which shows the structural example of the data for ISD stored in the data storage part of the information processing apparatus which concerns on this invention, and the data for SSD1. FIG. 5 is a diagram showing a modified example of the function table used in the information processing apparatus according to the present invention; It is a flowchart which shows the processing procedure of the 1st Embodiment of this invention. It is a flowchart which shows the processing procedure of the 2nd Embodiment of this invention.

Hereinafter, the present invention will be described based on illustrated embodiments.

<<<§1. Conventional general communication form for IC card >>>
The present invention is an invention suitable for use in an information processing apparatus having a function of performing encrypted communication with an external device, and particularly relates to a technique suitable for use in an information processing apparatus comprising an IC card. Therefore, here, first, a conventional general communication form with respect to the IC card will be briefly described.

FIG. 1 is a block diagram showing how information is communicated between a general smartphone 10, SIM card 11, and external server 20. As shown in FIG. Normally, the smartphone 10 is used with the SIM card 11 installed inside, and communicates with the external server 20 via a predetermined communication path (Internet or telephone line) as necessary. Here, the SIM card 11 (also called UIM card) is an IC card conforming to de facto standard international specifications such as Java Card (trademark) and GlobalPlatform (registered trademark). communication is performed in the form of a command given from the external device and a response to the command.

Focusing on the SIM card 11, both the smartphone 10 and the external server 20 are external devices, and communication with these external devices is performed via a predetermined communication path. Although FIG. 1 only shows a communication path between the smartphone 10 and the external server 20, in reality, communication paths between the SIM card 11 and the smartphone 10 and between the SIM card 11 and the external server 20 are also shown. A communication path is formed. Commands and responses are exchanged with the SIM card 11 via these communication paths.

FIG. 2 is a block diagram showing an example of a program configuration for performing encrypted communication between the SIM card 11 shown in FIG. 1 and the smartphone 10 or the external server 20. An example of establishing a communication path between and communicating with each other is shown. As described above, the present invention is a technology that is particularly suitable for application to IC cards. Therefore, here, the information processing device 100 is the SIM card 11 attached to the smartphone 10, and the external device 200 is the smartphone 10. (or the external server 20 may be used) will be described below.

An IC card such as the SIM card 11 usually incorporates a plurality of application programs. The information processing apparatus 100 (SIM card 11) in FIG. 2 shows a state in which two sets of general application programs AP1 and AP2 are installed. Also, an IC card usually incorporates at least one management program SD (Security Domain program). Although this management program SD is classified as a kind of application program, it cooperates with the OS program to play a role of managing the operation of the entire IC card and other application programs under its control. Therefore, in the present application, among the application programs incorporated in the information processing apparatus 100 (SIM card 11), the Security Domain program is called a "management program", and the other application programs are called a "general application program (abbreviation: general application)". I will call it

As will be described in detail later, the management program SD has a load function, an install function, a delete function, an issue data write function (for example, an encryption key write function), an encryption channel Various functions such as opening function are provided. The management program SD shown in FIG. 2 incorporates an encrypted communication path opening routine R1 and a key table T1, which are elements for realizing the encrypted communication path opening function. In the case of the information processing device 100 made up of an IC card, a secure encrypted communication path is normally established between the information processing device 100 and the external device 200 based on a predetermined encryption protocol called "SCP: Secure Channel Protocol" to enable encrypted communication. done. In order to implement such a function, the management program SD incorporates an encrypted communication path opening routine R1 and a key table T1.

On the other hand, the external device 200 is also provided with an application program AP3 having a function of performing encrypted communication according to this, and an encrypted communication path opening routine R2 and a key table T2 are incorporated. For example, if the external device 200 is the smart phone 10 , the application program AP3 is one of the application programs installed on this smart phone 10 .

An encrypted communication channel opening routine R1 on the information processing device 100 side and an encrypted communication channel opening routine R2 on the external device 200 side establish a secure encrypted communication channel between the two devices, and perform encrypted communication based on the same encryption protocol. The same encryption key is stored in the key table T1 and the key table T2. Therefore, in the illustrated example, the management program SD and the application program AP3 perform encrypted communication based on the same encryption protocol using the same encryption key between the information processing apparatus 100 and the external apparatus 200. cipher communication path will be established.

Protocols such as SCP01 and SCP02 have long been used as encryption protocols used for encrypted communication with IC cards. However, the encryption algorithm "Triple-DES" used in these protocols has been pointed out to be compromised, and in recent years, SCP03, which uses an encryption algorithm based on the AES (Advanced Encryption Standard) standard Protocols are also beginning to spread as specifications conforming to GlobalPlatform (registered trademark). In addition, the use of protocols such as SCP80 and SCP81 developed mainly by standardization organizations such as 3GPP/ETSI has become widespread.

Further, as the key table T for the management program SD incorporated in the IC card, specifications using a key space as illustrated in FIG. 3 have become common. The illustrated key table T is composed of a two-dimensional matrix defining key version numbers in the vertical direction and key IDs in the horizontal direction. An address space within the range is allocated, and an address space within the range of 0x00 to 0x7F is allocated for the key ID (0x at the beginning of the address indicates that the following numerical values are hexadecimal numbers).

Each encryption key is stored in one of the cells of this key table T, and is specified by a combination of a key version number and a key ID. For example, the combination of the key version number "0x01" and the key ID "0x01" identifies the encryption key KeyA. The figure shows a state in which KeyA to KeyR are stored in specific cells as an example of storage of individual encryption keys. Of course, it is not necessary to store encryption keys in all cells, and it is sufficient if necessary encryption keys are stored in predetermined cells.

In one encryption protocol, one key version number is specified, and encryption processing or decryption processing using one or more encryption keys stored in the cell having the key version number is executed. be. In the illustrated example, each row of key version numbers "0x01", "0x20", "0x21", "0x22", "0x7E", and "0x7F" indicates a state in which some encryption key is stored. In the illustrated example, encryption keys are stored in three cells with key IDs "0x01", "0x02", and "0x03" for any key version number.

This is because any key version number corresponds to an encryption protocol using three different encryption keys (for example, SCP01, SCP02, SCP03, etc. described above). For example, when the key version number "0x20" is specified, the three encryption keys KeyD, KeyE, and KeyF stored in the cells with key IDs "0x01", "0x02", and "0x03" are encrypted or decrypted. will be used for processing. In other words, one or more encryption keys with the same key version number are used for encryption or decryption based on a specific encryption protocol. Of course, for an encryption protocol that requires a total of 5 encryption keys, 5 cells with the same key version number will each be provided with encryption keys.

On the other hand, FIG. 4(a) is a diagram showing the general data structure of the encryption keys KeyA to KeyR stored in individual cells of the key table T shown in FIG. The illustrated data structure of the encryption key key shows the standard format of the encryption key defined as the international standard specifications for the above-mentioned IC card. A key length (L) and key value data (Key value) V are arranged. Here, the type information (key type) A is information including the type of encryption algorithm adopted by the encryption protocol that is supposed to use the encryption key Key, such as "AES", "DES", and "RSA". , and the key length L is information indicating the data length (byte) of the subsequent key value data (key value) V, and the last key value data (key value) V is used for the encryption operation. It is the key value data itself that is used.

FIG. 4(b) is a diagram showing an overview of the data structure of the encrypted communication channel opening command CMD. Actual commands have a more complicated data structure that complies with ISO standards (e.g., ISO7816-4). I will show a conceptual data structure that The illustrated example shows the cryptographic communication channel opening command used when the above-described encryption protocols SCP01, SCP02, and SCP03 are adopted. Indicates command string information (actually, it is instruction byte information that means the command "INITIALIZE UPDATE", but for the sake of convenience, it will be explained as a string "INITIALIZE UPDATE") and the storage location of a specific encryption key. It consists of storage location designation information (actually, a specific key version number) and a predetermined random number.

For example, when establishing an encrypted communication channel using the three encryption keys KeyD, KeyE, and KeyF stored in the key table T shown in FIG. followed by a predetermined random number is given to the IC card. The random number added to the end of this encrypted communication channel opening command CMD is used by the external device to authenticate the IC card as a legitimate communication partner. In other words, the encrypted communication path opening command CMD serves as an instruction command for executing the encryption communication path opening process to the IC card, as well as an authentication command requesting the IC card to return an authentication code corresponding to a predetermined random number. also serves as a

FIG. 5 shows various data exchanged between the management program SD incorporated in the SIM card 11 (information processing device 100) shown in FIG. 2 and the application program AP3 incorporated in the smartphone 10 (external device 200). FIG. 10 is a diagram showing specific examples of commands and responses thereto; FIG. As shown in steps S1 to S6, the smartphone 10 side transmits a predetermined command to the SIM card 11 side, and a response to the command is sent back from the SIM card 11 side to the smartphone 10 side. , information is exchanged between them. In this example, the exchange of information from steps S1 to S4 is carried out through a normal unencrypted communication channel, but the exchange of information at steps S5 and S6 is carried out through an encrypted communication channel established by the management program SD. It is done via a communication channel.

First, step S1 is a process of transmitting a "SELECT command" from the smartphone 10 side to the SIM card 11 side. This "SELECT command" should be called an "application selection command", and is a command for designating a specific channel number and selecting a specific application program (in this case, management program SD) on the SIM card 11 side. is. On the SIM card 11 side, the channel number and the management program SD are associated with each other, and thereafter, when a command having the same channel number is given, it will be processed by the management program SD. When the "SELECT command" is normally received, a response is returned from the SIM card 11 side to the smartphone 10 side.

The following step S2 is a process of transmitting a "GET DATA command". The commands in step S2 and subsequent steps are given the same channel number as in step S1, and are processed by the management program SD on the SIM card 11 side. This "GET DATA command" is a command for reading predetermined data from the SIM card 11 side to the smartphone 10 side based on the "data reading function" of the management program SD, and specifies the data to be read. Information is added. The management program SD reads the specified data from the memory in the SIM card 11 according to the command, and returns it to the smartphone 10 side as a response to the command.

GlobalPlatform (registered trademark) specifications do not require information to be exchanged via an encrypted communication channel when an SD program executes a "data readout function." The process of step S2 in FIG. 5 shows an example in which data readout processing is performed before the opening of the encrypted communication path, which enables information to be read without the encrypted communication path.

The following steps S3 and S4 are processes for preparing to open an encrypted communication path. First, in step S3, an "INITIALIZE UPDATE command" is transmitted. This command is an "encrypted communication channel opening command" having the data structure shown in Fig. 4(b). Have. This command also serves as an authentication command for the smartphone 10 (external device 200) to authenticate the SIM card 11 (information processing device 100) as a legitimate communication partner.

That is, the management program SD in the SIM card 11 that has received the "INITIALIZE UPDATE command" retrieves the encryption key corresponding to the specified key version number from the key table T1, prepares for encryption processing, and A calculation based on a predetermined algorithm is performed on the received random number, and the result of the calculation is returned as a response to the command. On the other hand, the application program AP3 in the smartphone 10 verifies whether the returned calculation result is a correct calculation result for the given random number, and if the calculation result is correct, the SIM card currently in communication 11 as a legitimate contact.

In the subsequent step S4, an "EXTERNAL AUTHENTICATE command" is transmitted. This command is an "external authentication command", and is an authentication command for the SIM card 11 (information processing device 100) to authenticate the smartphone 10 (external device 200) as a legitimate communication partner. The smartphone 10 performs an operation based on a predetermined algorithm on the data returned as a response in step S<b>3 , adds the operation result to command character string information “EXTERNAL AUTHENTICATE”, and transmits the result to the SIM card 11 . The SIM card 11 (management program SD) verifies whether or not the calculation result sent by the "EXTERNAL AUTHENTICATE command" is a correct calculation result, and if it is a correct calculation result, the smartphone currently in communication is verified. 10 as a legitimate contact.

Since the specific process of mutual authentication in steps S3 and S4 is a commonly used known technique, detailed description is omitted here. Thus, when the mutual authentication between the SIM card 11 and the smartphone 10 is completed, an encrypted communication path is established between them. Commands after step S5 shown below the dashed line in the figure are given via this encrypted communication path. That is, the substantial contents of the command after step S5 are encrypted based on a predetermined encryption protocol and transmitted as a command protected by "SCP: Secure Channel Protocol".

According to the current standard, it is possible to set the SCP level when an encrypted communication channel is opened (when an "EXTERNAL AUTHENTICATE command" is processed). Specifically, "Level 1: Addition of check code for detecting command tampering" and "Level 2: Addition of check code for detecting command tampering + Encryption of command data field" are defined. The level set at the time of opening will be applied to the exchanged commands. When the SCP level is set in this way, the data field of the command after step S5 is encrypted only when level 2 is set. In the example of steps S5 and S6, the response to the command is not protected by SCP and is returned in plaintext via a normal communication channel. may also be returned via an encrypted communication channel.

<<<§2. Management Program Security Strength and Hierarchical Structure >>>
In the above §1, the procedure for establishing an encrypted communication path with the external device 200 by the management program SD installed in the information processing device 100 and performing encrypted communication therebetween was briefly described. Here, the difference in security strength between encrypted communication paths opened by the management program SD and the fact that a plurality of management programs SD are built into the information processing apparatus 100 in a hierarchical structure will be described.

FIG. 6 is a diagram showing the data structure of an encrypted communication path opening command CMD currently defined as a specification for IC cards. In the case of the example described in §1, the data structure of the encrypted communication path opening command CMD consists of "command character string information", "storage location specification information", "random number Specifically, as shown in FIG. 6(b), the format is such that the character string "INITIALIZE UPDATE" is at the head, followed by "key version encryption" and "random number".

As described above, the "command character string information (INITIALIZE UPDATE)" at the beginning is a character string indicating that the command is a command for opening an encrypted communication channel. The following "storage location designation information" is encryption key designation information for designating a specific encryption key used to establish an encrypted communication path. consists of a "key version number". The final “random number” is data used by the smartphone 10 to authenticate the SIM card 11 as a legitimate communication partner, as described above.

The data structure of the cryptographic channel opening command CMD illustrated in FIGS. 6(a) and 6(b) is defined as encryption protocols SCP01, SCP02, and SCP03 in international specifications such as GlobalPlatform (registered trademark) and 3GPP/ETSI. It is what is done. The specification also defines specifications for several encryption protocols, and the data structure of the encrypted communication channel opening command CMD has a different data structure depending on each specification. For example, for the encryption protocol SCP80, as shown in FIG. 6(c), an encrypted communication path opening command CMD with a character string "ENVELOPE" at the beginning is defined. As shown in (d), a cryptographic channel opening command CMD is defined with a character string "MANAGE SECURITY ENVIRONMENT" at the beginning. As described above, the data structure of each command CMD is a conceptual data structure in which only a part of information is extracted for convenience of explanation, and does not represent the actual data structure itself.

FIG. 7 is a table showing the correspondence between command string information used for each encryption protocol and encryption algorithm type information. Here, character strings such as SCP01, SCP02, SCP03, SCP10, SCP80, and SCP81 shown in each column of the table are information specifying individual encryption protocols (referred to as SCP types in this application). Also, the vertical headings of the table indicate the type of encryption algorithm used by each encryption protocol, and the horizontal headings of the table indicate command string information used for each encryption protocol. Note that "SCPxx" in this table indicates an encryption protocol that has not been specified by GlobalPlatform (registered trademark) at present, but may be established in the future.

As described above, at present, many encryption protocols have been defined, and it is expected that new encryption protocols will be additionally formulated in the future. Also, it is expected that the cryptographic algorithms used by each cryptographic protocol will be diversified. The important point here is that the security strength differs depending on the individual encryption protocol. For example, with respect to encryption algorithms, AES is theoretically considered to have a higher security strength than Triple-DES, so in the example shown in FIG. increases security strength.

Moreover, even if the same encryption algorithm is used, the security strength differs depending on the specifications of the encryption protocol. For example, in the case of the example shown in FIG. 7, the encryption protocols SCP01 and SCP02 both use Triple-DES as an encryption algorithm, but the encryption protocol SCP02 is said to have a higher security strength than SCP01. .

As described in §1, a general IC card incorporates at least one set of management program SD (Security Domain program), and the encrypted communication path between external devices is controlled by this management program SD. is opened. Management program SD is configured to support any one or more of a variety of encryption protocols as shown in the table of FIG. Therefore, when a plurality of management programs SD are installed in the same information processing apparatus 100, it is not uncommon for each management program SD to employ a different encryption protocol. For example, the first management program SD employs only the encryption protocol SCP81, while the second management program SD employs both the encryption protocols SCP01 and SCP02.

Naturally, depending on which encryption protocol is adopted, the security strength of the encrypted communication channel opened by the management program SD will differ. Of course, the application program AP3 on the external device 200 side requests the specific management program SD in the information processing device 100 to open an encrypted communication path for communication. Even if information is to be exchanged via the network, the application program AP3 is aware of this and designates the specific management program SD. It won't.

FIG. 8(a) is a diagram showing a hierarchical structure of application programs constructed in the SIM card 11 (information processing apparatus 100). In this figure, the ISD (Issuer Security Domain) arranged at the top of the hierarchical structure is a management program called an issuer SD, which is written into the SIM card 11 when it is shipped from the factory. In the illustrated example, programs SSD1, SSD2, AP01 and AP02 are arranged below the ISD, AP11 and AP12 are arranged below the SSD1, and SSD3, AP21, AP22 and AP23 are arranged below the SSD2. are arranged, and AP31 and AP32 are arranged below SSD3.

Each program indicated by a block in FIG. 8(a) is an application program installed in the SIM card 11 (information processing apparatus 100). Here, SSD1, SSD2, and SSD3 (Supplemental Security Domain) are management programs like the ISD. SSD3 will be a program placed under the ISD or another SSD.

As mentioned above, the management program is also one of the application programs. ) can be placed and placed under control. Therefore, in the illustrated example, only two sets of general application programs AP11 and AP12 are arranged below the management program SSD1, but one set of separate management programs is arranged below the management program SSD2. SSD3 and three sets of general application programs AP21, AP22, AP23 are arranged, and two sets of general application programs AP31, AP32 are arranged below the management program SSD3.

The management program SD has a function of managing the entire SIM card 11 (information processing apparatus 100) and a function of managing lower application programs. Specifically, a general SD program has the following functions. A list of these functions is also provided in FIG. 8(b).
<Function 1> IC card life cycle management <Function 2> Application program life cycle management <Function 3> Application instance life cycle management <Function 4> Application program loading <Function 5> Application instance generation (installation)
<Function 6> Deleting application programs and instances <Function 7> Writing issued data for applications <Function 8> Reading data <Function 9> Securing a secure communication path

However, not all management programs SD have the above nine functions. Usually, the ISD of the highest hierarchy has all the functions, but some functions of the SSD placed in the lower hierarchy may be restricted. For example, function 1 "IC card life cycle management" is usually provided only in ISDs. Also, some of the above functions are functions provided for application programs arranged in a lower hierarchy of the self (application programs under self control).

Some functions related to the present invention among the above nine functions will be briefly described below. First, in order for the management program SD to incorporate an application program under its own control and make it operable, the application program is loaded by the function 4, and then the application program is loaded by the function 5. An instance is generated, and furthermore, by the above function 7, the application issue data is written.

More specifically, the process of function 4 "load application program" is a process of storing the application program package in memory in response to a load command given from an external device. The process of function 5 "generate an instance of an application program" is a so-called installation process, in which a loaded application program package is developed on the memory in response to an installation command given from an external device, and an application instance is created. This is the process to generate. Execution of the application program is the process of executing this instantiated program code.

The processing of the function 7 "write application issue data" is a process of storing data (issue data) necessary for executing the application program in the memory. For example, in the case of an application program with a credit settlement function, it is necessary to write the credit card number, the user's personal information, etc. as issue data in order to make the program executable. In addition, in the case of the management program SD, in order to make the program executable, it is necessary to perform a process of writing the key information necessary for establishing an encrypted communication path as issue data (a process of writing the encryption key to the key table T). There is

The processing of the final function 9 "Securing a secure communication channel" is, as described in Section 1, based on a predetermined encryption protocol called "SCP: Secure Channel Protocol". This is a function to establish a secure encrypted communication path and perform encrypted communication. In order to implement such a function, as shown in FIG. 2, the management program SD incorporates an encrypted communication path opening routine R1 and a key table T1. The cryptographic channel opening routine R1 is incorporated by function 5 "Generate application program instance", and the contents of the key table T1 are written by function 7 "Write issued data for application". Become.

In addition, according to the GlobalPlatform (registered trademark) specifications, when the management program SD performs the above-mentioned "functions 1 to 7", information is exchanged via an encrypted communication channel (a secure communication channel established by function 9). However, for "function 8: read data", it is not mandatory to open an encrypted communication path. The process of step S2 in FIG. 5 shows an example in which data readout processing enabling information exchange without an encrypted communication path is performed before opening the encrypted communication path. On the other hand, commands for executing processing such as function 4 (load function), function 5 (install function), function 7 (issue function), etc. are protected by SCP as in steps S5 and S6 in FIG. will be sent in an encrypted state as an encrypted command.

FIG. 9 is a block diagram showing an example of an aspect of information communication between information processing device 100 (SIM card 11) and external device 200 (smartphone 10 or external server 20) at factory shipment. In the illustrated example, the information processing apparatus 100 stores an OS program, an ISD (issuer SD: management program in the highest hierarchy), and two sets of application programs AP01 and AP02 when shipped from the factory. It is ready for operation. Here, the management program ISD incorporates an encrypted communication path opening routine R00 and a key table T00, which can be used to open an encrypted communication path based on a predetermined encryption protocol. be.

Here, for convenience of explanation, let us consider a case where an external device 200 (smartphone 10 or external server 20) as shown in FIG. 9 is prepared. The application program AP (ISD) provided in the external device 200 is a program for establishing an encrypted communication path with the management program ISD in the information processing device 100. Like the management program ISD, the application program AP (ISD) is used for encrypted communication. A path opening routine R00 and a key table T00 are incorporated. On the other hand, the illustrated external device 200 is also provided with an application program AP (SSD1). This program AP (SSD1) is a program for opening an encrypted communication path between it and a management program SSD1 that will be installed later in the information processing apparatus 100, and includes an encrypted communication path opening routine R10 and a key table T10. is

Here, in the information processing apparatus 100 shown in FIG. 9 at the time of shipment from the factory, the management program ISD is installed, but the management program SSD1 is not yet installed. That is, it can be said that the hierarchical structure of the information processing apparatus 100 shown in FIG. 9 is in a state where only the blocks of ISD, AP01 and AP02 in the hierarchical structure diagram of FIG. 8 exist. The hierarchical structure diagram of FIG. 8 shows the state after the user who acquired the information processing apparatus 100 shown in FIG. 9 has installed various application programs.

FIG. 10 is a block diagram showing an example of a mode of information communication between information processing device 100 (SIM card 11) and external device 200 (smartphone 10 or external server 20) at the start of use. The management program SSD1 is newly stored in the information processing apparatus 100 shown in FIG. 10, and is in an operable state. The illustrated management program SSD1 incorporates an encrypted communication path opening routine R10 and a key table T10. It is possible to establish an encrypted communication path and perform encrypted communication.

According to the GlobalPlatform (registered trademark) specification, when a plurality of management programs SD are installed in the SIM card 11, the key tables T used by each management program SD are stored as separate tables. Therefore, in the example shown in FIG. 10, the key table T00 and the key table T10 are separate and independent key tables.

However, in carrying out the present invention, the key table T used by each management program SD does not necessarily have to be a separate table. For example, a common key table T as shown in FIG. Tables T00 and T10 may be configured as a partial area of this key table T. FIG. For example, if the key table T00 is composed of a row area of key version "0x20" and the key table T10 is composed of a row area of key version "0x21", the encryption key recorded in the key table T00 is KeyD, KeyE, and KeyF, and the encryption keys recorded in the key table T10 are KeyG, KeyH, and KeyI.

In order to bring the information processing apparatus 100 from the state shown in FIG. 9 to the state shown in FIG. It is necessary to perform processing to incorporate the program SSD1. For this purpose, first, an encrypted communication channel opening command is given from the external device 200 to the management program ISD of the information processing device 100, and the communication between the two devices is performed by the function 9 "Secure communication channel" processing of the management program ISD. After opening an encrypted communication path to the client, the following commands can be given via this encrypted communication path.

First, a load command is given from the external device 200 to the management program ISD of the information processing device 100 to cause the management program ISD to execute function 4 "load application program". By this processing, the binary data of the program package that constitutes the new management program SSD1 is stored in the memory within the information processing apparatus 100. FIG. This program package is a pre-installed program, and is not ready for execution by the CPU.

Subsequently, an installation command is given from the external device 200 to the management program ISD of the information processing device 100 to cause the management program ISD to execute the process of function 5 "generate application program instance". By this process, the program package stored in the memory is expanded on the memory, and an application instance that configures the management program SSD1 is generated. Although this application instance is a routine that can be executed by the CPU, it still lacks issue data (in this case, encryption key) to operate as the management program SSD1. In other words, at this point, the cryptographic channel opening routine R10 depicted in the block of SSD1 in FIG. ) is not yet stored in memory.

Therefore, finally, the external device 200 gives a command to write the issued data to the management program ISD of the information processing device 100, and the management program ISD performs function 7 "write issued data for application" processing (key write processing). ). Through this processing, the issued data (encryption key) required for the operation of the management program SSD1 is written in the memory. That is, the encryption key, which is the contents of the key table T10 shown in FIG. 10, is written in the memory as issued data. As a result, the new management program SSD1 is incorporated in an operable state under the management of the management program ISD. Therefore, the management program SSD1 can use the encrypted communication path establishment routine R10 and the key table T10 to execute function 9 "secure communication path" as necessary.

The management program SSD2 shown in the hierarchical structure diagram of FIG. 8(a) is also installed in an operable state under the control of the management program ISD by a similar procedure. Then, after having the management program SSD1 establish an encrypted communication path, the application programs AP11 and AP12 can be incorporated under its management in an operable state by the same procedure. Also, after opening an encrypted communication path to the management program SSD2, the application programs AP21 to AP23 and the management program SSD3 can be installed in an operable state under the same procedure. Furthermore, after opening an encrypted communication path to the management program SSD3, the application programs AP31 and AP32 can be installed in an operable state under its management.

Keeping in mind that such a procedure is performed, after all, when a certain management program is designated and another application program is installed under its management, function 9 "secure communication" of the designated management program is performed. Securing a path" to open an encrypted communication path, and via the encrypted communication path, to the designated management program, function 4 "load application program", function 5 "create application program instance (install) , and the function 7, 'write issue data for application'. In short, when a new application program is embedded in the lower hierarchy of a certain management program, a command to instruct loading, installation, and issuing processing for the new application program via the encrypted communication path established by the management program. will be given.

<<<§3. Specific commands given to the IC card >>>
FIG. 11 is a diagram showing a format example of a specific command given to an IC card conforming to GlobalPlatform (registered trademark) specifications. Of course, various other commands are used as IC card commands, but the commands shown in FIGS. Commands associated with specific embodiments described below. The format of each of these commands and the content of processing executed by the IC card according to the command will be briefly described below. The data structure of each command format shown in FIG. 11 is, like the data structure of the command format shown in FIG. not shown.

<3-1. Application selection command>
First, the "application selection command" shown in FIG. 11(a) will be described. This command is the command explained in step S1 in the diagram of FIG. 5, and is a command for designating a specific channel number and selecting a specific application program on the information processing apparatus 100 side. As illustrated, it has a data structure of "SELECT (#n)+application name", and is an instruction to designate a channel number #n and select an application program specified by "application name".

Channel number #n is used to identify which application program the command is addressed to when a command is given from external device 200 to information processing device 100 . Since a plurality of application programs are stored in the information processing apparatus 100, it is necessary to add a channel number #n to each command given from an external device so that it can be identified. The "application selection command" plays a role of initial setting for associating a specific channel number #n with a specific application program.

For example, when an application selection command "SELECT (#3)+ISD" is given to information processing apparatus 100, management program ISD is associated with channel number #3. Specifically, the OS program in the information processing apparatus 100 that received the command records that the management program ISD is associated with the channel number #3. From then on, all commands assigned channel number #3 are treated as commands addressed to the management program ISD and are executed by the management program ISD.

<3-2. Application load command>
Next, the "application load command" shown in FIG. 11(b) will be described. This command is a command for executing function 4 of the SD program shown in FIG. 8(b), and is executed as the first step when installing a new application program under the control of a specific management program SD. is a command. Actually, as shown, it consists of two commands.

The load command in the first stage has a data structure of "INSTALL for load (#n) + package name", specifies the channel number #n, and loads the package specified by "package name". It becomes a command that gives instructions. The load command in the second stage has a data structure of "LOAD (#n) + binary data", specifies the channel number #n, and instructs to store the subsequent binary data package in memory as it is. It is a command that tells

Here, the "application load command" will be explained by taking as an example the procedure for installing a new low-level management program SSD1 under the control of the high-level management program ISD. For convenience of explanation, it is assumed that the management program ISD has already been associated with channel number #3 by the application selection command "SELECT (#3)+ISD". In this case, a command such as "INSTALL for load (#3) + PackSSD1" is given as the first stage load command, and a command such as "LOAD (#3) + binary data" is given as the second stage load command. will give

Since the application load commands in the above two stages are all commands assigned with the channel number "#3", they are processed by the host management program ISD associated with "#3". The upper management program ISD stores the "binary data" part included in the load command in the second stage as it is in a predetermined location in the memory, and confirms whether the "binary data" is the package name "PackSSD1". I do. Here, the entity of "binary data" is program data for the newly installed lower-level management program SSD1.

<3-3. Application program installation command>
Next, the "application program install command" shown in FIG. 11(c) will be described. This command is a command for executing function 5 of the SD program shown in FIG. 8(b), and is executed as the second step when installing a new application program under the control of a specific management program SD. command.

The installation of an application program here means the process of expanding the application program package, which has been stored in memory by loading the application, as an application instance in memory and making it ready for execution by the CPU. . In other words, installation of an application program is a process of developing an already loaded package on the memory and generating an application instance.

The installation command for this application program has a data structure of "INSTALL for install (#n) + package name + application name + parameter", as shown in the figure, and specifies the channel number #n, with "package name" It is a command to expand the specified package, generate an application instance, and give an instruction to give the name specified by "application name" to the application instance. In addition, in the installation command conforming to the GlobalPlatform specifications, the data "class name" is placed after the "package name", and the application instance specified by the "class name" is generated, but in this application For the sake of convenience, the explanation of "class name" is omitted.

Note that the "parameter" part attached to this install command includes function designation information. This function designation information is information that designates processing functions that can be executed by the application program to be installed. After installation, the application program can execute the predetermined processing functions designated by this function designation information. be possible. In other words, processing functions not specified by this function specifying information cannot be executed. This is because execution of processing functions not specified by the function specifying information is restricted at the time of installation.

The "binary data" loaded by the application load command originally contains program routines for executing various processing functions, and the installed application program itself has various processing functions. there is However, when the installation process is completed, only the functions designated by the function designation information are ready for execution. The reason why only specified functions are allowed to be executed in this manner is for security considerations. That is, according to the authority to be given to the application program to be installed, the installation process is performed so that only necessary processing functions can be executed.

In the explanation of the command format example (b) above, the case where the lower management program SSD1 is newly installed under the control of the upper management program ISD is taken as an example, and "INSTALL for load (#3) + PackSSD1" and "LOAD (# 3) The procedure for loading the package "PackSSD1" into the memory of the information processing apparatus 100 by the application load command "+binary data" has been described. Here, as a continuation of that, specific processing when an application program installation command such as "INSTALL for install (#3)+PackSSD1+SSD1+parameter" is given will be described. Since this command is also given the channel number "#3", it is processed by the host management program ISD associated with "#3".

Therefore, the management program ISD uses the function 5 of the SD program shown in FIG. 8B to expand the application program package already loaded with the package name "PackSSD1" on the memory and create an application instance. to run. The new application program installed in this way is given the designated application name "SSD1" and is placed under the control of the management program ISD in terms of hierarchical structure.

According to the specifications of GlobalPlatform (registered trademark), when performing this installation process, the encryption communication path opening function using the specific encryption protocol specified by the function specification information in the "parameter" will be set. . Normally, the management program loaded as a package includes cryptographic communication path opening routines based on multiple encryption protocols, but at the time of installation, the function specification information in the above "parameters" must be specified. will select only specific encryption protocols and install with only the processing functions associated with the selected encryption protocols enabled. As will be described later, the function designation information can specify various processing functions other than the encryption communication path opening function, and such various processing functions are also installed in an executable state as necessary. .

For example, let us assume that the package "PackSSD1" contains encryption channel opening routines for two encryption protocols "SCP01 (Triple-DES)" and "SCP02 (Triple-DES)". In this case, if "SCP01 (Triple-DES)" is specified in the parameter (function specifying information) of the installation command of the application program, the cryptographic channel opening routine for "SCP01 (Triple-DES)" will be installed. , the management program SSD1 opens an encrypted communication channel using the encryption protocol "SCP01 (Triple-DES)". On the other hand, if "SCP02 (Triple-DES)" is specified in the parameter (function specifying information), an encrypted communication channel opening routine for "SCP02 (Triple-DES)" is installed, and thereafter the management program SSD1 An encrypted communication path is established using the encryption protocol "SCP02 (Triple-DES)".

<3-4. Command for writing issued data for applications>
Here, the "write command for application issue data" shown in FIG. 11(d) will be described. This command is a command for executing function 7 of the SD program shown in FIG. 8(b), and is a command for writing issue data for a predetermined application program.

As already mentioned, many application programs, including the management program, cannot operate normally just by installing them, and perform the issuing process to store the data necessary for execution (issue data) in memory. There is a need. For example, in the case of an application program with a credit settlement function, in order to make the program executable, it is necessary to perform an issuing process in which the credit card number, the user's personal information, etc. are written as issuing data. Similarly, in the case of the management program SD, in order to make the program executable, it is necessary to perform an issue process of writing an encryption key required for establishing an encrypted communication path as issue data.

FIG. 11(d) shows two types of write commands for writing such issued data. Write command 1 is a general-purpose write command for writing issue data, has a data structure of "STORE DATA (#n) + issue data", designates channel number #n, and executes "issue It is a command that transmits an instruction to write the data in the "data" portion as the issued data. This command is a general-purpose command that can be given not only to the management program but also to general application programs. As described above, if it is given to an application program having a credit settlement function, credit card numbers, user's personal information, key data used for settlement processing, etc. can be written as "issuance data". Also, if it is given to the management program SD, it is possible to write key data necessary for establishing an encrypted communication path as "issue data". The contents of the key table T illustrated in FIG. 3 can also be written as "issuance data".

On the other hand, the write command 2 is a dedicated write command for writing key data (encryption key), has a data structure of "PUT KEY (#n) + key data", and has channel number #n. It is a command to instruct to specify and write the data of the "key data" portion to the key table T (only an empty storage location is prepared at the time of installation) illustrated in FIG. The contents of the key table T illustrated in FIG. 3 can be written as issue data by the write command #1 described above, or can be written as key data by the write command #2.

In the explanation of the command format examples (b) and (c) above, the case of installing a new lower-level management program SSD1 under the control of the higher-level management program ISD is taken as an example. explained. Although the storage location for the key table T is secured in the management program SSD1 installed in this way, the content remains empty, and unless the key data is written, the encrypted communication path cannot be established. can't. Therefore, it is necessary to write the key data into the key table T by giving a write command of the issued data as the final stage of the embedding process of the low-level management program SSD1.

When key data is written using the write command 1, an issue data write command of "STORE DATA (#n)+key data" should be given (key data becomes issue data). As will be described in detail later, the channel number "#n" in this command may be a number designating the upper management program ISD or a number designating the lower management program SSD1. That is, by specifying a write target in advance by means of "(h) Issuance data write target specification command", which will be described later, the management program that executes this command can write the given write data to the specified write data. can be written as key data for inclusion objects. Therefore, in the case of the above example, the key data can be written as key data for the lower management program SSD1.

On the other hand, when the key data is written using the write command 2, the issue data write command "PUT KEY (#n)+key data" should be given. This command is a command for causing the management program itself that received the command to write the key data that it uses. Therefore, in the case of the above example, the channel number "#n" in this command becomes a number designating lower management program SSD1, and the key data is written as key data for lower management program SSD1.

The general format of the write command 1 is "STORE DATA (#n) + issue data". The rule is to use a predetermined specifier in the issued data portion to indicate that it is key data. Therefore, when receiving a write command in the form of "STORE DATA (#n) + key data" in which the issued data part is the key data, it recognizes that the write command is a key data write command. be able to. On the other hand, since the write command 2 is a command dedicated to writing key data, it is possible to recognize that it is a write command for key data when the write command is received.

When writing key data into a key table T consisting of a collection of cells in a two-dimensional matrix as shown in FIG. 3, it is necessary to specify the cell that will be the storage position. Each cell is identified by a key version number and a key ID. For key IDs, as shown in the figure, for example, a storage rule such as "store cells starting with 0x01 in order" is applied. Once defined, the writing position of the key data can be specified only by specifying the key version number. In this case, the write command may include information specifying the key version number as write location specifying information specifying the write location.

<3-5. Encryption communication path opening command >
Next, the "encryption communication path opening command" shown in FIG. 11(e) will be described. This command is a command for executing the function 9 of the SD program shown in FIG. 8(b), and is a command for opening an encrypted communication path to a specific management program SD. This cryptographic channel opening command has already been explained in step S3 in the diagram of FIG. 5, and its format has already been explained with reference to FIG.

That is, as shown in the diagram, this encrypted communication path opening command has a data structure of "INITIALIZE UPDATE (#n) + parameter", and opens the encrypted communication path to the management program SD specified by the channel number #n. It is a command that gives an instruction to open and requests a response that is used by the external device 200 to authenticate the information processing device 100 as a legitimate communication partner.

As described above, a key version number and a random number are added as parameters to this encrypted communication channel opening command. The management program SD extracts the encryption key specified by the key version number attached to the command from the key table T shown in FIG. Then, the random number added to the command is calculated based on a predetermined algorithm, and the result of the calculation is returned as a response to the command.

<3-6. External authentication command>
Next, the "external authentication command" shown in FIG. 11(f) will be described. This command is a command for the management program SD specified by the channel number #n to authenticate the external device 200 with which communication is currently being performed as a regular communication partner. I have explained.

As described in §3-5, the encrypted communication path opening command "INITIALIZE UPDATE (#n) + parameter" gives an instruction to open an encrypted communication path and allows the external device 200 to perform regular communication with the information processing device 100. This command requests a response to be used for authenticating the other party. If the response is valid, the external device 200 determines that the information processing device 100 is a legitimate communication partner.

The external authentication command described here has a data structure of "EXTERNAL AUTHENTICATE (#n) + host authentication code" as shown in the figure, designates the channel number #n, and designates the external device 200 as a regular communication partner. A host authentication code is added for authentication. The information processing device 100 determines that the external device 200 is a legitimate communication partner if the host authentication code is valid.

In this way, the external authentication command "EXTERNAL AUTHENTICATE (#n) + host authentication code" is a command given following the encrypted communication path opening command "INITIALIZE UPDATE (#n) + parameter". Mutual authentication is performed between the device 100 and the external device 200 .

<3-7. Control program change command>
Next, the "management program change command" shown in FIG. 11(g) will be described. This command is a command used to change the hierarchical structure of the management program. FIG. 8(a) shows an example of the hierarchical structure of the application program, but using the management program change command, such a hierarchical structure can be changed.

As shown in FIG. 11(g), this management program change command has a data structure of "INSTALL for extradition (#n) + name of new management program + name of application to be moved". It is a command to specify a program SD and transmit an instruction to the management program SD to move the application program to be moved, which is currently under its own control, to be under the control of a new management program.

For example, in the hierarchical structure shown in FIG. 8A, consider a case where the management program SSD3 is moved from under the management of the management program SSD2 to under the management of the management program SSD1. In this case, a management program change command "INSTALL for extradition (#n)+SSD1+SSD3" is given to the current upper management program SSD2. As a result, the current upper management program SSD2 executes processing to move the lower management program SSD3 to be moved under the control of the new upper management program SSD1 to be the destination. At this time, the general application programs AP31 and AP32, which are lower layers of the management program SSD3, also move together.

Such migration is often performed when the load function and the install function are restricted for the management program SSD1. In this case, the management program SSD1 cannot directly install the management program SSD3 under itself, so for the time being, the management program SSD2 having the installation function is installed under itself and moved under the management program SSD1. After that, the issuing data (encrypted data) is written. That is, the write processing of the issued data for the management program SSD3 is performed via the encrypted communication path established by the destination management program SSD1.

Ultimately, the substance of this management program change command is, like the install command, a command for placing a lower management program under the management of a higher management program. Therefore, the "installation command" in the present application includes not only the application program installation command (command (c)) described in §3-3, but also the management program change command (command (g)) described here. shall be

<3-8. Issuing data write target specification command>
Finally, the "issued data write target designation command" shown in FIG. 11(h) will be described. In §3-4, "Issue data write command 1" was explained, but the "Issue data write target specification command" described here gives "Issue data write command 1" This is a command for designating in advance a write target of issue data.

As shown in FIG. 11(h), this issue data write target specification command has a data structure of "INSTALL for personalization (#n) + issue target application name", and the channel number #n indicates a specific management program SD. is designated as a command for designating the application program designated as the "application name to be issued" to the management program SD as a write target of the issuance data.

Here again, the following description will be given by taking as an example the case where the lower management program SSD1 is newly installed under the control of the higher management program ISD. As described above, once the steps up to loading and installing the management program SSD1 in the lower hierarchy of the upper management program ISD are completed, all that remains is to write the key data for the lower management program SSD1 as the final step. At this time, in order to write the key data using the write command 1 shown in FIG. It is necessary to give a write command to cause the lower management program SSD1 to execute the key data write process.

However, if the issue data write target designation command is used, while the issue data write command "STORE DATA (#n) + key data" is given to the upper management program ISD, the write command is delivered to the lower management program SSD1 and executed by the lower management program SSD1. For this purpose, before giving the upper management program ISD a command to write the issue data "STORE DATA (#n) + key data", "INSTALL for personalization (#n) + SSD1 , and specify that the key data write target for the subsequent issue data write command is the lower management program SSD1.

<<<§4. Problems to be solved by the present invention >>>
In the above, §1 to §3 explained the basic configuration of a general IC card conforming to the GlobalPlatform (registered trademark) specifications and the basic functions of the management program. Based on these explanations, the problems to be solved by the present invention will be specifically described here.

FIG. 12 is a block diagram showing the basic configuration of the information processing apparatus 100 according to the present invention and the mode of information communication between the external apparatus 200 and the external apparatus 200. As shown in FIG. Here, as in the descriptions in §1 to §3, it is assumed that the information processing device 100 is the SIM card 11 attached to the smartphone 10, and the external device 200 is the smartphone 10 or the external server 20. Therefore, the following explanation will be given.

The information processing device 100 has a function of encrypted communication with the external device 200, and includes an information storage unit 110 and a program execution unit 120 as shown. In this embodiment, the information storage unit 110 is configured by a non-volatile memory and plays a role of storing programs and data used by the programs. More specifically, the information storage unit 110 includes a program storage unit 111 for storing programs and a data storage unit 112 for storing data.

On the other hand, the program execution unit 120 plays a role of executing programs stored in the information storage unit 110 . More specifically, the program execution unit 120 includes a CPU and, if necessary, a working memory such as a RAM. Run the program that is A communication path is provided between the program execution unit 120 and the external device 200 . The program execution unit 120 executes a command given from the external device 200 via this communication path and returns the result to the external device 200 as a response.

As illustrated, the information storage unit 110 stores various programs and data. First, the program storage unit 111 stores an OS program and an application program. As described in §1, the application program consists of a management program and a general application program. In the illustrated example, two sets of management programs ISD and SSD1 and two sets of general application programs AP01 and AP02 are stored. is shown. Here, a hierarchical relationship is defined between the management programs ISD and SSD1, as shown in the hierarchical structure diagram of FIG. 8(a).

In the embodiment shown in FIG. 12, the program storage unit 111 stores two sets of management programs and two sets of general application programs as application programs. The information processing apparatus does not necessarily store a plurality of management programs and a plurality of general application programs. If so, it is possible to implement the present invention.

Here, as already described, the management programs ISD and SSD1 regard themselves as the upper hierarchy and another application program (regardless of whether it is a general application program or a management program) as the lower hierarchy. A program that puts a program under its own control, and uses a predetermined encryption protocol and a predetermined encryption key for itself or an application program under its own control, and uses a predetermined encryption protocol and a predetermined encryption key to communicate with the external device 200. , and the function is executed based on an encrypted communication path opening command given from the external device 200 .

Both of the management programs ISD and SSD1 also have a function of incorporating a new application program (regardless of whether it is a general application program or a management program) under their own control. Specifically, as described in §2, load processing, installation processing, and issuing processing for a new application program are executed.

On the other hand, the data storage unit 112 also stores data used by the OS program and each application program. The figure shows a state in which OS data, ISD data, SSD1 data, AP01 data, and AP02 data are stored corresponding to each program stored in the program storage unit 111 . there is Each program will be executed using each corresponding data. As described above, the management program requires a key table T as shown in FIG. 3. In the illustrated example, the key table T (ISD) for the management program ISD is stored as part of the ISD data. , the key table T(SSD1) for the management program SSD1 is stored as part of the data for SSD1.

However, the configuration itself shown in the block diagram of FIG. 12 is exactly the same as the configuration of the conventional information processing apparatus described so far. A feature of the information processing apparatus 100 according to the present invention is that the management program ISD or SSD1 is newly provided with an additional processing function. This processing function keeps the key table stored as a part of the ISD data or SSD1 data in a state in which only the minimum necessary encryption keys are always stored, thereby saving the storage capacity and improving security. It has a unique effect of reducing the problem of

As described in §2, the management program ISD (Issuer Security Domain) is the highest-level management program written at the time of shipment from the factory, and is an essential program already written when the information processing apparatus 100 is shipped. be. Of course, the same applies to the OS program. On the other hand, the management program SSD (Supplemental Security Domain) installed in the lower hierarchy of the management program ISD is usually an incidental program installed as necessary after the information processing apparatus 100 is shipped from the factory.

Therefore, the management program SSD1 shown in FIG. 12 is an application program newly installed after the information processing apparatus 100 is shipped from the factory. It will be executed by the upper management program ISD. That is, by giving the application load command shown in FIG. 11(b) to the management program ISD, the load processing for loading the program package to be the management program SSD1 is executed. 11(d) to the management program ISD. A key write process for writing the encryption key to be used is executed. As described in §3, this key writing process can be executed by the management program SSD1 that has just been installed. An example in which a write process is performed will be described.

Here, the storage of the encryption key is divided into the following two stages, the preparation stage and the writing stage. The preparation stage is a process executed at the time of installation (when the installation command in FIG. 11(c) is given). It is a process to prepare. However, the key table T (SSD1) prepared in this preparatory stage is a virtual table composed of empty storage locations, and does not record real data of the encryption key. In other words, the preparation stage during installation only prepares a key table for storing the encryption key in the logical key space, and memory storage capacity is wasted at this stage. never

On the other hand, the write stage is a process that is executed when the key is written (when the write command in FIG. 11(d) is given). This is the process of writing the actual key data (encryption key) to the storage location. That is, the encryption key data is actually written in the real space on the memory corresponding to the predetermined location of the key table T (SSD1) built on the logical space. Therefore, executing this writing step consumes a storage capacity corresponding to the actual data of the encryption key. For this reason, if an encryption key that is originally unnecessary is actually written in the writing stage, the memory will be wasted.

In the case of portable compact information processing devices such as smartphones and IC cards, the storage capacity of the built-in memory is small, so it is important to eliminate waste as much as possible and keep only the minimum necessary encryption keys stored. . In particular, memories for IC cards often require a higher level of security than general USB memories and the like, and therefore expensive memories with more robust security are often used. Therefore, it is difficult to incorporate a large-capacity memory in terms of cost reduction, and there is a strong demand for saving storage capacity in terms of operation. Furthermore, Japanese Patent Application No. 2015-168868 discloses a technique for switching and using a plurality of encryption protocols. It is expected that the number of encryption keys will further increase, and efficient use of key space will become more and more important.

Moreover, if unnecessary encryption keys are stored, security problems will arise in the event that they are leaked to the outside. That is, even if the encryption key is unnecessary for a specific information processing apparatus 100, if it is leaked to the outside, the security of the entire system including the external apparatus 200 and other information processing apparatuses is threatened. Therefore, storing unnecessary encryption keys in the key table T (SSD1) is not preferable in terms of security.

Of course, there is no need to bother to write unnecessary encryption keys, so normally only necessary encryption keys should be written in the key table T (SSD1). However, in practice, it is often the case that an encryption key that is not originally required is written to the key table T (SSD1) after the above write processing is executed. This is because the write process is uniquely executed based on the write command (FIG. 11(d)) given from the external device 200. FIG.

In other words, when the conventional management program ISD is given a specific encryption key write command from the external device 200, the management program SSD1 installed below does not need the specific encryption key. faithfully executes the write command, and executes the process of writing the specific encryption key to the specified location of the key table T (SSD1). Of course, if the external device 200 side conducts sufficient examination and selects only the encryption key necessary for the installed management program SSD1 and gives the write command, no problem will arise. If the application program (a program for newly incorporating the management program SSD1 into the information processing apparatus 100) is a crude program that does not take such consideration into consideration, an unnecessary encryption key may be written. is inevitable.

In particular, information processing devices such as smartphones and IC cards are widely used as items that are indispensable for social life, and various application programs are provided by various businesses, from large companies to small and medium-sized enterprises. It is For this reason, the application programs prepared on the external device 200 side are also miscellaneous. Consideration is often not given.

As described above, the install command shown in FIG. 11(c) is accompanied by parameters, and these parameters include function designation information. When the management program ISD receives this installation command (command to install the management program SSD1), the processing function ( For example, a measure is taken so that only the cryptographic communication path opening function using the cryptographic protocol indicated by the SCP type "SCP02" can be executed. In this case, the subsequent write command should normally give an instruction to write only the encryption key used by "SCP02". In the case of a program, there are many cases in which a process of transmitting write commands for all encryption keys is always performed without such detailed consideration.

For example, in order to be able to handle any of the multiple SCP types shown in FIG. A specification in which the embedded commands are transmitted in order may be adopted. In this case, it suffices if the external device 200 prepares a crude application program consisting of a simple program routine that saves the trouble of examining the contents specified by the function specifying information of the install command. In fact, even such a crude application program does not cause any problems in operation. Moreover, although it is not such an easy intention, there may be a case where a write command instructing write processing of an unnecessary encryption key is transmitted due to some kind of bug.

Thus, if a rough application program is prepared on the external device 200 side, an unnecessary encryption key will be written in the key table T (SSD1) for the management program SSD1 to be installed. As described above, when the actual data of the encryption key is written in the key table T, the storage capacity corresponding to the actual data is actually consumed. Such a problem occurs not only when the application program to be installed is a management program, but also when it is a general application. That is, application programs having processing functions that use some kind of encryption key exist not only in management programs but also in general applications. This is because cryptographic keys are used not only for establishing cryptographic communication channels, but also for various processes such as verification processing to check data tampering, verification processing using tokens, and decryption processing of encrypted programs. This is because it will be used.

According to the GlobalPlatform (registered trademark) specification, as shown in FIG. 13, "privilege parameter" and "SCP type parameter" can be included in the parameter part of the installation command shown in FIG. It is defined. All of these parameters are "function designation information" referred to in the present application. Processing is performed to make it executable.

Here, the "SCP type parameter" is a parameter added when the application program to be installed is a management program (that is, a program having a function to open an encrypted communication path), and the management program to be installed is , the information that identifies the cryptographic protocols to support after installation. Specifically, at present, various encryption protocols (SCP types) as exemplified in FIG. 7 are generally used, but as the SCP type parameter shown in FIG. In this case, the management program to be installed will support only the encryption protocol specified by the SCP type "SCP02" after installation.

On the other hand, "privilege parameters (privilege)" are parameters for specifying various functions of the application program to be installed. is defined. Specifically, this "privilege parameter (privilege)" consists of a total of 3 bytes (24 bits). , are defined as shown in FIG. 14(b). Here, in each column of the table of FIG. 14(a), "1" indicates that the relevant bit is "1", "0" indicates that the relevant bit is "0", and "-" indicates that the value of the relevant bit is irrelevant. Bit pattern #20 is a pattern reserved for future function expansion, and in each column of the table, "X" indicates that the bit is "0".

For example, a bit pattern #0 in which bit b8 of the first byte is "1" indicates that the application program to be installed is a management program (Security Domain program). Therefore, when the first byte bit b8 of the "privilege parameter (privilege)" is "1", the installation command parameters include not only the "privilege parameter (privilege)" but also the "SCP type parameters” will also be attached.

Similarly, bit pattern #1 in which bit b7 of the first byte is "1" and bit b1 is "0" indicates that the application program to be installed has the processing function of "DAP Verification". Bit pattern #7, in which bit b7 of the first byte is "1" and bit b1 is "1", indicates that the application program to be installed has the processing function of "Mandated DAP Verification". showing. The reason why bit b8 of the first byte of bit patterns #1 and #7 is "1" is that these processing functions are provided only to the management program.

Since most of the bits in each bit pattern are "-", it is actually possible to specify a combination of multiple bit patterns. For example, a “privilege parameter” of “11100000 00100000 010000000” indicates that the application program to be installed is a management program (#0), “DAP Verification” (#1), and “Delegated Management” (#2). ), “Token Verification” (#10), and “Ciphered Load File Data Block” (#17).

FIG. 14(b) is a table showing privilege names corresponding to bit patterns #0 to #20 of the "privilege parameters" and outlines (meanings) thereof. Here, a privilege whose column of privilege name is indicated by a bold frame indicates that a processing function using an encryption key is granted. Therefore, if the privilege indicated by the thick frame is specified as the function specifying information, the encryption key writing process will be performed following the installation process.

The individual processing functions given by each privilege are well-known functions defined in the GlobalPlatform (registered trademark) specifications, so detailed explanations are omitted here. , refers to a verification processing function that checks falsification of data using an encryption key, "Token Verification" (#10) refers to a verification processing function that uses a token, and "Ciphered Load File Data Block" (#17) refers to , refers to the decryption processing function of the encrypted program. The processing capabilities specified by the "privilege parameter" will be the available processing capabilities after installation.

As a result, the function designation information shown in FIG. 13 is information (privilege parameter (privilege parameter)) that designates which of the various privileges shown in FIG. )), and if the installation target is a management program, furthermore, which of the various SCP types shown in FIG. It is the information (SCP type parameter) that designates whether to perform an installation that makes it executable). After the installation process is completed, the processing function using the encryption key specified by "privilege" (the processing function indicated by the bold frame in Fig. 14(b)) and the "SCP type parameter" It is necessary to execute a key write process for writing the encryption key used in the specified encrypted communication path establishment function.

After all, the encryption key to be written by the key writing process after the installation process includes not only the encryption key used for the encryption communication path opening function, but also the encryption key used for some processing functions specified by the privilege parameter (privilege). A key will also be included. Therefore, originally, the application program prepared on the external device 200 side examines the contents of the privilege parameter (privilege) and the SCP type parameter included in the installation command, and writes only the necessary encryption key. However, as mentioned above, in the case of a crude program, all encryption keys required for all processing functions are written for the time being without such detailed consideration. There are many cases where sloppy methods are adopted.

As a result, a large number of useless cryptographic keys that are not actually used will be stored, resulting in wasted storage capacity and lower security. The present invention proposes new means for solving such problems. The specific method will be described below in detail with respect to the first embodiment (§5) and the second embodiment (§6).

<<<§5. First embodiment of the present invention >>>
First, the first embodiment of the present invention will be described in detail.

<5.1 Configuration of Information Processing Apparatus According to First Embodiment>
As shown in FIG. 12, the information processing apparatus 100 according to the first embodiment of the present invention has a function of performing encrypted communication with an external apparatus 200, and stores programs and data used by the programs. and a program execution unit 120 for executing the program stored in the information storage unit 110 . At least one management program is stored in the information storage unit 110 . FIG. 12 shows a state in which two sets of management programs ISD and SSD1 are stored, but here, for convenience of explanation, it is assumed that only the upper management program ISD is stored.

As already mentioned, the management program ISD loads an application program package having a plurality of processing functions each using an encryption key in response to a load command (FIG. 11(b)) given from the external device 200, It has a function of executing program load processing to be stored in the information storage unit 110 . Here, consider a case where the application program to be loaded is the management program SSD1 in the lower hierarchy. In this case, the original package of the management program SSD1 is loaded.

In addition, the management program ISD develops the package loaded by the program loading process in the information storage unit 110 according to the installation command (FIG. 11(c)) given from the external device 200, and the application program (management program It has a function to execute an installation process for installing SSD1). That is, a process of expanding the package of the loaded application program and generating an application instance is performed. Execution of the installed application program is the process of executing this instantiated program code.

At this time, instantiation is performed so that only the specified function specified by the function specifying information included in the parameter of the install command as shown in FIG. 13 can be executed. For example, if the processing function "Token Verification" is specified by the "privilege parameter" that constitutes the function specifying information, and "SCP02" is specified by the "SCP type parameter", the processing function "Token Verification" is specified. , and a routine necessary for establishing an encrypted communication path using an encryption protocol corresponding to "SCP02" are instantiated so that they can be executed. According to the GlobalPlatform (registered trademark) specification, processing functions not specified are disabled.

That is, when the management program ISD executes the installation process, the installed application program (management program SSD1) is selected by the function designation information included in the installation command among the plurality of processing functions that use the encryption key. Processing is performed so that only the designated function (in the case of the above example, the processing function "Token Verification" and the encrypted communication path opening function using the encryption protocol corresponding to "SCP02") can be executed.

Note that the management program ISD stores an encryption key in the logical key space of the information storage unit 110 for the application program as necessary when executing the installation process for a specific application program. A process of building a key table T for In the case of the above example, the application program to be installed is the management program SSD1, so processing for constructing the key table T (SSD1) is performed. As described above, the key space constructed here is a logical space, so even if the key space is a two-dimensional matrix like the one shown in FIG. do not have.

Subsequently, key write processing is executed. The management program ISD stores the encryption key used by the installed application program (management program SSD1) in the information storage unit 110 according to the key write command (FIG. 11(d)) given from the external device 200. It has a function to execute write processing. In this key writing process, the encryption key data is written in the real space on the memory corresponding to the predetermined location of the key table T (SSD1) constructed on the logical space. storage capacity is actually consumed. Of course, the instruction “what kind of encryption key to write in which storage location on the key table T (SSD1)” follows the instruction of the key write command given from the external device 200 .

As the key write command, as shown in FIG. A "write command 2" dedicated to key writing given as key data may be used. In this case, the key write process is executed by the management program SSD1 itself, not by the management program ISD. According to the specifications of GlobalPlatform (registered trademark), key data is written row by row in a two-dimensional matrix key table T as shown in FIG.

In the case of the embodiment shown here, the key table T is a collection of two-dimensional matrix-like cells that can identify one cell by a combination of a key version number and a key ID. The key write command contains a key version number as write location specification information (omitted in FIG. 11(d)). The storage location of the encryption key is specified based on the version number, and the actual data of the encryption key included as issue data or key data in the write command shown in FIG. 11(d) is written to the specified storage location. process.

In this way, the content of "which encryption key is to be written in which column of the key table T" is exclusively specified by the key write command given from the external device 200. FIG. Therefore, as described in §4, if the application program prepared on the side of the external device 200 is a crude program that gives sloppy instructions, a useless encryption key that should not be used is written. A problem arises in that valuable storage capacity is wasted and security is lowered.

For example, as shown in the above example, for the management program SSD1, the installation processing was performed so that only the processing function "Token Verification" and the encrypted communication path opening function using the encryption protocol "SCP02" can be executed. In this case, in the subsequent key write processing, it is preferable to write only the encryption keys required for these functions. It is often given.

<5.2 Basic concept of the first embodiment>
The basic concept of the first embodiment of the present invention is that even if the management program ISD or the management program SSD1 receives a key write command (FIG. 11(d)) from the external device 200 in the situation described above, , when the received write command is a command instructing to write an unnecessary encryption key, the command is rejected so as not to be executed. That is, before executing the key writing process, the management program according to the first embodiment of the present invention determines whether the processing function using the encryption key stored by the key writing process is executable. If the function is executable, the key writing process is executed. If the function is not executable, the key writing process is rejected.

According to the specifications of GlobalPlatform (registered trademark), as described above, the encryption key is written into the key table T in units of rows, and one key version number is specified in the key write command given from the external device 200. and the actual data of the encryption key to be written in the line corresponding to the key version number. Therefore, in the case of the above example, when a key write command specifying one key version number is given, the management program ISD determines whether or not the encryption key to be stored in the row corresponding to the key version number is necessary. However, if it is an unnecessary encryption key, a process of rejecting the key write command is performed. In other words, among the key write commands given from the external device 200, only the commands instructing the writing of necessary encryption keys are executed, and the commands instructing the writing of unnecessary encryption keys are rejected.

In order to determine whether or not an encryption key whose writing has been instructed by the key write command, the management program ISD executes installation processing for a specific application program. An executable list containing information specifying the functions is created and stored in the information storage unit 110. FIG. Then, by referring to this executable list, it is possible to determine whether or not the processing function to be determined is an executable function before executing the key writing process.

For example, as in the above example, for the management program SSD1, the installation processing is performed so that only the processing function "Token Verification" and the encrypted communication path opening function using the encryption protocol "SCP02" can be executed. In such a case, an executable list including information specifying these two processing functions may be created and stored in the data storage unit 112 as part of the ISD data or SSD1 data. Then, by referring to this executable list, it is possible to check which processing functions are executable before executing the key writing process.

Normally, however, the key write command includes information about "where to write which encryption key", but does not include information about "for which processing function the encryption key is used". For example, according to the GlobalPlatform (registered trademark) specifications, the key write command (Fig. 11(d)) includes the actual data of the encryption key and the key version number, so the write location on the key table T is can be recognized, but it is not possible to recognize for which processing function the encryption key to be written is used.

Therefore, in the embodiment described here, correspondence information that associates a specific processing function that uses an encryption key with a storage location on the key table for storing the encryption key is created and stored in the information storage unit 110. store it. Then, when the management program receives the key write command, it refers to this correspondence information to store the key in the storage location specified by the write location specification information included in the received key write command. Recognizes the associated specific processing function as a judgment target, executes the received key write command if the judgment target is an executable function, and if it is not an executable function can reject received key write commands.

<5.3 Specific contents of the first embodiment>
In order to create the correspondence information described above, it is sufficient to associate each specific storage location with each processing function that uses an encryption key in advance. FIG. 15 is a diagram showing a specific example of the storage location list table G showing such associations. In this storage location list table G, a specific key version number range is associated with each of a total of 11 sets of functions. Here, the five sets of functions in the first half are processing functions specified by "privilege parameters" shown in FIG. These are processing functions (processing functions requiring an encryption key) corresponding to the privileges of #10, #16, and #17. On the other hand, the latter six functions are processing functions specified by the "SCP type parameter" shown in FIG. It corresponds to the communication path opening function.

By predetermining such a storage location list table G and making it information shared between the information processing apparatus 100 and the external apparatus 200, any processing function using an encryption key can be assigned a specific key version number. will be automatically assigned. Therefore, for example, when the external device 200 transmits to the information processing device 100 a key write command for writing the encryption key used for the processing function "DAP Verification", the write location specification information must be: It is an implicit convention to specify a key version number in the range "0x10-0x1F". In fact, the specifications of GlobalPlatform (registered trademark) define such a storage location list table G (note that the table G shown in FIG. 15 is a table created in consideration of the convenience of explanation, and GlobalPlatform (registered trademark) (not a table based on the specifications of the registered trademark)).

By preparing a storage location list table G as shown in FIG. Information can be created. A table showing such correspondence information is called a function table F here.

FIG. 16 shows an example of the function table F (SSD1) created when the management program SSD1 was installed. SCP02" (encryption communication path opening processing function using the encryption protocol "SCP02") can be executed. In addition, it indicates that the storage location of the encryption key used for the processing function "Token Verification" is in the range of the key version number "0x30 to 0x3F", and the storage location of the encryption key used for the processing function "SCP02". is in the range of key version numbers "0x70 to 0x7F".

The function table F (SSD1) shown in FIG. 16 is created in the process in which the upper management program ISD incorporates the management program SSD1 into its lower hierarchy, as in the examples described so far. Specifically, an installation command (FIG. 11(c)) for newly installing the management program SSD1 is given to the management program ISD, and "Token Verification" is given as an accompanying parameter (function specifying information). and an "SCP type parameter" of "SCP02" are included, the management program ISD creates a function table F (SSD1) shown in FIG. It is stored in the data storage unit 112 as a part.

In short, the function table F (SSD1) shown in FIG. 16 can be said to be an executable list containing information specifying functions executable by a specific application program (management program SSD1). It can also be said to be correspondence information that associates the processing function with the storage location on the key table for storing the encryption key.

The information "Token Verification" and "SCP02" in the "function" column of this function table F (SSD1) can be obtained from parameters (function designation information) attached to the install command. On the other hand, the information "0x30 to 0x3F" and "0x70 to 0x7F" in the "key version number" column can be obtained by referring to the storage location list table G shown in FIG.

Therefore, after execution of the installation command by the management program ISD, as shown in FIG. is stored, and the key table T (SSD1) used by the lower management program SSD1 itself is stored as data for SSD1. At this point, however, the key table T (SSD1) is a virtual table built on a logical key space, and does not store real data of encryption keys.

Therefore, subsequently, a key write command is given from the external device 200 to write the actual data of the encryption key in the key table T (SSD1). When the management program ISD receives this key write command, the storage location specified by the write location specification information included in the key write command is not included in the function table F (SSD1). If it is included, the key write command is executed, and if it is not included, the key write command is rejected.

For example, if the key version number included as the write location specification information in the key write command is within the range of "0x30 to 0x3F" and "0x70 to 0x7F", the key write command is installed. It can be determined that the key write command is for the encryption key used for the processing function "Token Verification" or "SCP02" that can be executed by the management program SSD1. The key will be written. On the other hand, if the key version number included as the write location specification information in the key write command is outside the above range, the encryption key used for the processing function executable by the installed management program SSD1 This key write command is rejected. In this case, an error response is returned to the key write command.

After all, when implementing the first embodiment described here, first, a storage location list table G as shown in FIG. 15 is stored in the data storage unit 112 . This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes installation processing for a specific application program (for example, lower management program SSD1), the application program (SSDI) can be executed by referring to this storage location list table G. A function table F (SSD1) that associates each function with the storage location of the encryption key used for that function is created and stored in the data storage unit 112 . FIG. 16 shows an example of such a function table F (SSD1), and FIG. 17 shows an example in which this function table F (SSD1) is stored in the data storage unit 112 as ISD data. If the lower management program SSD1 itself executes the key writing process, the function table F (SSD1) may be stored as SSD1 data.

Subsequently, when the management program ISD receives the key write command, it refers to the function table F (SSD1) to obtain the write location specification information (key version number) included in the received key write command. ) is included in the function table F (SSD1), and if it is included, the key write command is executed, and if it is not included In this case, a process of rejecting the key write command may be performed.

<5.4 Modification of First Embodiment>
Here, some modifications of the first embodiment described so far will be described. A first modified example is an example in which a function table F' (SSD1) shown in FIG. 18(a) is used instead of the function table F (SSD1) shown in FIG. While the function table F (SSD1) shown in FIG. 16 is a table showing the correspondence relationship between the processing functions that can be executed by the management program SSD1 after the installation processing and the storage locations of the encryption keys used for the processing functions. Therefore, the function table F' (SSD1) shown in FIG. 18(a) is simply a table listing the processing functions that can be executed by the management program SSD1 after the installation process.

In carrying out this first modification, the data storage unit 112 also stores a storage location list table G as shown in FIG. This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes installation processing for a specific application program (for example, lower management program SSD1), the application program (SSDI) is executed as shown in the example shown in FIG. A function table F' (SSD1) listing possible functions is created and stored in the data storage unit 112. FIG.

Subsequently, when the management program ISD receives the key write command, the storage location specified by the write location specification information (key version number) included in the received key write command is shown in FIG. a) Determining whether or not the executable functions listed in the function table F' (SSD1) shown in FIG. If a positive determination result is obtained, the key write command is executed, and if a negative determination result is obtained, the key write command is rejected.

For example, let us consider a case where the key version number included as the write location specification information in the key write command is "0x30". Here, since the executable processing functions listed in the function table F' (SSD1) shown in FIG. 18(a) are "Token Verification" and "SCP02", the storage location list table G shown in FIG. , the storage location with the key version number “0x30” is the storage location associated with the executable processing functions “Token Verification” and “SCP02”. Therefore, in this case, a positive determination result is obtained and the key write command is executed.

The second modification is an example of using a function table F'' (SSD1) shown in FIG. 18(b) instead of the function table F (SSD1) shown in FIG. While the function table F (SSD1) shown in FIG. 16 is a table showing the correspondence relationship between the processing functions that can be executed by the management program SSD1 after the installation processing and the storage locations of the encryption keys used for the processing functions. The function table F'' (SSD1) shown in FIG. 18(b) is a table listing the storage locations of the encryption keys used for the processing functions that make the management program SSD1 executable after the installation process.

In carrying out this second modification, the data storage unit 112 also stores a storage location list table G as shown in FIG. This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, lower-level management program SSD1), it refers to the storage location list table G shown in FIG. 3, a function table F'' (SSD1) listing the storage locations of encryption keys used for functions executable by the application program (SSDI) is created and stored in the data storage unit 112. make sure to

Subsequently, when the management program ISD receives the key write command, it refers to the function table F'' (SSD1) shown in FIG. It is determined whether or not the storage location specified by the write location specification information (key version number) is included in the function table F'' (SSD1). If the command is not included, the process of rejecting the key write command may be performed.

For example, if the key version number included as the write location specification information in the key write command is "0x30", "0x30" corresponds to the function table F'' (SSD1) shown in FIG. 18(b). included in Therefore, in this case, the key write command will be executed.

The embodiment described so far is an example in which the upper management program ISD executes the key write command to write the encryption key for the lower management program SSD1 installed under its control. However, it is also possible for the lower-level management program SSD1 itself to execute the key write command, including the determination of whether or not it can be executed. That is, as described in §3, when executing write command 1 "STORE DATA (#n) + issue data" shown in FIG. By executing the data write target specification command "INSTALL for personalization (#n) + application name to be issued", it is possible to specify the write target of the issued data.

Therefore, the process of writing the issue data (encryption key) for the lower management program SSD1 can be performed by the upper management program ISD or by the lower management program SSD1 itself. Also, the write command 2 "PUT KEY (#n) + key data" shown in FIG. This is the command to run. Therefore, when this write command 2 is given, the key write command is executed by the lower management program SSD1 itself.

<5.5 Processing Procedure in First Embodiment>
Finally, in the first embodiment, a processing procedure when a management program installs a new application program under its own management will be briefly described with reference to the flow chart of FIG.

First, in step S11, an application load command (first stage) given from the external device 200 is received, and in step S12, the command is executed. This process corresponds to the first stage of the program load process. Subsequently, in step S13, an application load command (second stage) given from the external device 200 is received, and in step S14, the command is executed. This process corresponds to the second stage of the program load process. Such program load processing has already been described as the command processing shown in FIG. 11(b).

Next, in step S15, an application program installation command given from the external device 200 is received, and in step S16, the command is executed. This processing corresponds to the installation processing of developing the binary data of the application program loaded in the processing up to step S14 on the memory and instantiating it. At this time, as described above, processing for creating function tables F (SSD1), F' (SSD1), F'' (SSD1), etc. is performed. Such installation processing has already been described as the command processing shown in FIG. 11(c).

Then, in step S17, a write command (key write command) of issued data for an application for the purpose of writing the encryption key given from the external device 200 is received. In the first embodiment of the present invention, determination processing in steps S18 and S19 is performed before executing the received key write command. That is, in step S18, the function table created in step S16 is referenced, and in step S19, it is determined whether the processing function using the encryption key to be written by the received key write command is an executable function. is determined. A specific determination method using the function table is as described above.

If the determination in step S19 yields a positive result, the received key write command is executed in step S20 to write the encryption key. In this case, a response indicating normal completion of the key write command is returned to the external device 200 . On the other hand, if the determination in step S19 yields a negative result, the received key write command is rejected in step S21, and the encryption key is not written. In this case, an error response to the key write command is returned to the external device 200 .

<<<§6. Second embodiment of the present invention >>>
Next, a second embodiment of the invention will be described in detail.

<6.1 Basic concept of the second embodiment>
The basic configuration of the information processing apparatus according to the second embodiment of the present invention is the same as the basic configuration of the information processing apparatus 100 according to the first embodiment described in Section 5, and is shown in the block diagram of FIG. is. The first embodiment is based on the basic concept of preventing unnecessary writing of an encryption key when installing a new application program in the information processing apparatus 100. Specifically, It adopts a method of rejecting a key write command for an encryption key used for an unexecutable processing function when the command is given.

On the other hand, the second embodiment described here assumes that the executable processing function of an already installed application program is later changed, and its basic concept is as follows. If there is a processing function changed from executable to non-executable by such a function change, the encryption key used for the processing function changed to non-executable is deleted.

For example, in the above §5, as the first embodiment, the upper management program ISD incorporates the lower management program SSD1 as a new application program. In the case of this embodiment, the two processing functions "Token Verification" and "SCP02" are specified by the function specifying information included in the parameter of the install command, so the function table F (SSD1) as shown in FIG. created. The low-level management program SSD1 is installed in such a manner that the processing function "Token Verification" and the processing function "SCP02" can be executed.

However, the program package of the low-level management program SSD1 loaded into the information processing apparatus 100 by the application load command includes not only the above two processing functions but also various processing functions shown as privileges in FIG. 14(b). , and program routines for executing cryptographic channel opening functions corresponding to various cryptographic protocols indicated as SCP types in FIG. In the above example, the installed lower management program SSD1 can only execute two processing functions, "Token Verification" and "SCP02", which were not specified by the installation process by the upper management program ISD. This is because settings are made to restrict the execution of processing functions.

For example, when the management program SSD1 is expanded on the memory and instantiated by the installation process, a flag indicating whether or not each processing function can be executed is set (specified by the function designation information included in the parameter of the install command). The above operation can be performed by setting an executable flag only for the processing function) and restricting the execution of the processing function for which the non-executable flag is set.

Therefore, actually, even after the application program is installed, the executable/non-executable status of individual processing functions can be changed if necessary. That is, a processing function that was set to be non-executable at the time of installation can be changed to be executable later, and conversely, a processing function that was set to be executable at the time of installation can be changed to be non-executable later. . In the former case, the flag of the corresponding processing function should be changed from non-executable to executable, and in the latter case, the flag of the corresponding processing function should be changed from executable to non-executable.

In order to enable such function change, an executable function change processing command is prepared in advance, and the management program changes the executable function of each processing function according to the executable function change processing command. / It suffices to make it possible to change the non-executable state (state of the above flag). Therefore, the management program in the information processing apparatus according to the second embodiment described here changes the executable processing function of the already installed application program according to the executable function change processing command given from the external device. must have a function to execute the executable function change process.

A feature of the second embodiment is that when the executable function change processing is performed for an existing application program that has already been installed, there is a processing function that has been changed from executable to non-executable. The second is to perform key deletion processing for deleting the encryption key used for the processing function that has been changed to be unexecutable. By this key deletion processing, it is possible to avoid a situation in which an encryption key that is no longer needed continues to be stored as it is. Therefore, as in the first embodiment, a state in which only the minimum required encryption key is stored is maintained, the storage capacity of the storage location of the encryption key is saved, and security problems are reduced. effect is obtained.

<6.2 Specific contents of the second embodiment>
Next, this second embodiment will be described with a more specific example. For example, in the case of the example described in §5, the lower management program SSD1 newly installed by the installation process executed by the upper management program ISD is in a state where two processing functions, "Token Verification" and "SCP02" can be executed. , and a function table F (SSD1) as shown in FIG. 16 is created. In this state, in order to make the processing function "SCP03" executable, for example, the above-described executable function change processing command is given to the host management program ISD to cause the function change processing to be executed. Specifically, the management program ISD may change the flag of the processing function "SCP03", which was set to "unexecutable" when the lower management program SSD1 was installed, to "executable".

Of course, at that time, it is preferable to add the function "SCP03" and the key version number "0x80 to 0x8F" to the function table F (SSD1) shown in FIG. By doing so, when executing the key write command given subsequent to the executable function change processing command, it is possible to perform the same determination as in the first embodiment described above, and write unnecessary encryption keys. can be prevented.

In this way, when changing a processing function that has hitherto been "unexecutable" to "executable", it is possible to prevent unnecessary encryption keys from being written according to the first embodiment described above. However, the above-described first embodiment cannot adequately deal with changing a processing function that has hitherto been "executable" to "inexecutable". For example, in the above example, consider a case where an executable function change processing command is given to change the processing function "Token Verification", which has been set to be executable, to be unexecutable. The management program ISD, which has received such an executable function change processing command, changes the flag of the processing function "Token Verification", which was set to "executable" when the lower management program SSD1 was installed, to "unexecutable". will be performed.

Of course, at that time, it is preferable to delete the function "Token Verification" and the key version numbers "0x30 to 0x3F" recorded in the function table F (SSD1) shown in FIG. Then, when a key write command is given thereafter, correct determination can be made, and writing of the encryption key used for the function "Token Verification" can be prevented.

However, the encryption key used for the function "Token Verification" still remains on the key table T, and the encryption key for the function "Token Verification", which is no longer needed, is stored as it is. ing. In order to cope with such a situation, in the second embodiment described here, when the high-level management program ISD executes executable function change processing for the low-level management program SSD1, execution is changed from executable to executable by the change processing. When there is a processing function that has been changed to be disabled, a key deletion process is also executed to delete the encryption key used for the processing function that has been changed to be disabled from the information storage unit.

In short, when executing the executable function change process, the management program rewrites the executable list (function table F), and deletes the processing function from this executable list (function table F). Key deletion processing is executed to delete the encryption key used for the data storage from the information storage unit. This key deletion process deletes the encryption key data written in the real space on the memory that constitutes the key table T, and releases the real space on the memory. The available storage capacity actually increases.

When executing the key deletion process, which storage location on the key table T is to be deleted is determined by referring to correspondence information that associates each processing function with each storage location on the key table. Just decide. As described in the description of the first embodiment, when executing installation processing for a specific application program, the management program uses a specific processing function that uses an encryption key and a key table for storing the encryption key. Correspondence information (for example, function table F shown in FIG. 16) that associates the above storage location is created, and processing is performed to store this in the information storage unit. Therefore, when executing the executable function change processing, the management program refers to this correspondence information to identify the storage location associated with the processing function changed from executable to non-executable. A key deletion process may be executed to delete the encryption key stored in the specified storage location.

In the case of the embodiment described here, the key table T consists of a collection of cells in a two-dimensional matrix that can identify one cell by a combination of a key version number and a key ID. , the management program can identify the storage location of the encryption key to be written or deleted based on the key version number. Therefore, for example, in a state where the function table F (SSD1) as shown in FIG. All the encryption keys stored in the range of "0x30 to 0x3F" are determined to be unnecessary, and key deletion processing for deleting all these encryption keys can be executed.

After all, in carrying out the second embodiment described here, first, a storage location list table G as shown in FIG. 15 is stored in the data storage unit 112 . This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes installation processing for a specific application program (for example, lower management program SSD1), the application program (SSDI) can be executed by referring to this storage location list table G. A function table F (SSD1) that associates each function with the storage location of the encryption key used for that function is created and stored in the data storage unit 112 . FIG. 16 shows an example of such a function table F (SSD1), and FIG. 17 shows an example in which this function table F (SSD1) is stored in the data storage unit 112 as ISD data.

Subsequently, when the management program ISD receives the executable function change processing command, it rewrites this function table F (SSD1), and associates it with the processing function to be deleted from the function table F (SSD1). A key deletion process for deleting the encryption key stored in the identified storage location may be executed.

Of course, in this second embodiment as well, the first modification using the function table F' (SSD1) shown in FIG. 18(a) instead of the function table F (SSD1) shown in FIG. 16 can be implemented. is possible. In carrying out this first modification, the data storage unit 112 also stores a storage location list table G as shown in FIG. This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes installation processing for a specific application program (for example, lower management program SSD1), the application program (SSDI) is executed as shown in the example shown in FIG. A function table F' (SSD1) listing possible functions is created and stored in the data storage unit 112. FIG.

Subsequently, when the management program ISD receives the executable function change processing command, it rewrites the function table F' (SSD1) shown in FIG. 18(a) and refers to the storage location list table G shown in FIG. As a result, a key deletion process of identifying the storage location associated with the processing function to be deleted from the function table F' (SSD1) and deleting the encryption key stored in the identified storage location. should be done.

For example, if the processing function "Token Verification" is to be deleted from the function table F' (SSD1) shown in FIG. 18(a), referring to the storage location list table G shown in FIG. ” corresponds to the key version number “0x30 to 0x3F”. Key deletion processing to be deleted is executed.

Of course, a second modification using the function table F'' (SSD1) shown in FIG. 18(b) instead of the function table F (SSD1) shown in FIG. is also possible. The function table F'' (SSD1) shown in FIG. 18(b) is a table listing the storage locations of the encryption keys used for the processing functions that make the management program SSD1 executable after the installation process.

In carrying out this second modification, the data storage unit 112 also stores a storage location list table G as shown in FIG. This storage location list table G is a correspondence information table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions. The same correspondence information is shared.

Then, when the management program ISD executes the installation process for a specific application program (for example, lower-level management program SSD1), it refers to the storage location list table G shown in FIG. 3, a function table F'' (SSD1) listing the storage locations of encryption keys used for functions executable by the application program (SSDI) is created and stored in the data storage unit 112. make sure to

Subsequently, when the management program ISD receives the executable function change processing command, it refers to the storage location list table G shown in FIG. rewrite. Then, the storage location to be deleted from the function table F'' (SSD1) is specified, and key deletion processing for deleting the encryption key stored in the specified storage location is performed.

For example, when an executable function change processing command is given to change the processing function "Token Verification" from executable to non-executable, referring to the storage location list table G shown in FIG. Since it is found that the associated storage location corresponds to the key version number "0x30 to 0x3F", the key version number "0x30 to 0x3F" is deleted from the function table F'' (SSD1) shown in FIG. 18(b). Rewriting is done. On the other hand, for the key table T, key deletion processing is executed to delete all encryption keys stored within the range of the deleted key version number "0x30 to 0x3F".

<6.3 Processing Procedure in Second Embodiment>
Finally, in the second embodiment, an executable function change processing command is given to a certain management program to change the executable functions of an existing application program already incorporated under its control. In this case, the processing procedure executed by the management program will be briefly described with reference to the flowchart of FIG.

First, in step S31, an executable function change processing command given from the external device 200 is received, and in step S32, function change processing based on the command is executed. There are two forms of the function change processing that is performed here: processing that makes a previously unexecutable processing function executable, and processing that makes a previously executable processing function unexecutable. be. In the case of the above-described embodiment, such function change processing can be performed by processing for switching the state of the flag. At this time, the function table is rewritten as necessary.

Subsequently, in step S33, it is determined whether or not there is a function disabled by the function change processing, and if there is a function disabled, key deletion processing is executed in step S34. As already described, this process is a process of deleting from the information storage unit (key table T) the encryption key used for the processing function that has been changed to be unexecutable.

Then, in step S35, it is determined whether or not writing of a new encryption key is necessary, and if necessary, the process proceeds to step S17 shown in FIG. 19, and key writing processing is executed. Specifically, in the function change processing of step S32, if there is a processing function that has been changed from non-executable to executable and that processing function requires an encryption key, a new encryption key is written. It is determined that the loading is necessary, and the processing from step S17 onwards is executed. The contents of processing after this step S17 are as already explained in the first embodiment, and unnecessary writing of the encryption key is prevented.

10: smart phone 11: SIM card 20: external server 100: information processing device 110: information storage unit 111: program storage unit 112: data storage unit 120: program execution unit 200: external device A: type information AP1-AP2, AP01- AP32: General application program AP3: AP (ISD), AP (SSD1), application program on the external device side CMD: Encrypted communication path opening command F (ISD), F (SSD1): Function table F' (SSD1), F''(SSD1): function table G: storage location list table ISD: top management program Key, KeyA to KeyR: encryption key L: key length OS: OS program R1, R2, R00, R10: encrypted communication path opening routine SD , SSD1 to SSD3: Management programs S1 to S6: Diagram steps S11 to S35: Flowchart steps T, T1, T2, T00, T10: Key table T (ISD), T (SSD1): Key table V: Key value data

Claims (11)

An information processing device having various processing functions using an encryption key,
an information storage unit for storing programs and data used by the programs;
a program execution unit that executes a program stored in the information storage unit;
with
a program load process of loading an application program package having a plurality of processing functions each using an encryption key in response to a load command given from an external device and storing the package in the information storage unit;
an installation process of expanding the package loaded by the program loading process into the information storage unit and installing the application program in response to an installation command given from an external device;
a key writing process of storing an encryption key used by an installed application program in the information storage unit in response to a key writing command given from an external device;
an executable function change process for changing a process function executable by an already installed application program according to an executable function change process command given from an external device;
has the function of executing
When executing the installation process, the installed application program can execute a designated function designated by function designation information included in the installation command, among a plurality of processing functions using an encryption key. so that
When the executable function changing process is executed, if there is a processing function changed from executable to non-executable by the executable function changing process, the encryption used for the processing function changed to be non-executable Also executing key deletion processing for deleting the key from the information storage unit,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
When executing the installation process for a specific application program, by referring to the storage location list table, the functions that can be executed by the application program and the storage location of the encryption key used for the function are determined, respectively. Create a function table to be associated, store it in the information storage unit,
When executing the executable function change process, the function table is rewritten,
A storage location associated with the processing function to be deleted from the function table is specified, and a key deletion process is executed to delete the encryption key stored in the specified storage location. information processing equipment. An information processing device having various processing functions using an encryption key,
an information storage unit for storing programs and data used by the programs;
a program execution unit that executes a program stored in the information storage unit;
with
a program load process of loading an application program package having a plurality of processing functions each using an encryption key in response to a load command given from an external device and storing the package in the information storage unit;
an installation process of expanding the package loaded by the program loading process into the information storage unit and installing the application program in response to an installation command given from an external device;
a key writing process of storing an encryption key used by an installed application program in the information storage unit in response to a key writing command given from an external device;
an executable function change process for changing a process function executable by an already installed application program according to an executable function change process command given from an external device;
has the function of executing
When executing the installation process, the installed application program can execute a designated function designated by function designation information included in the installation command, among a plurality of processing functions using an encryption key. so that
When the executable function changing process is executed, if there is a processing function changed from executable to non-executable by the executable function changing process, the encryption used for the processing function changed to be non-executable Also executing key deletion processing for deleting the key from the information storage unit,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
creating a function table listing functions that can be executed by the application program when executing an installation process for a specific application program, and storing the table in an information storage unit;
When executing the executable function change process, the function table is rewritten,
By referring to the storage location list table, the storage location associated with the processing function to be deleted from the function table is specified, and the encryption key stored in the specified storage location is deleted. An information processing apparatus, characterized in that it executes a key deletion process that An information processing device having various processing functions using an encryption key,
an information storage unit for storing programs and data used by the programs;
a program execution unit that executes a program stored in the information storage unit;
with
a program load process of loading an application program package having a plurality of processing functions each using an encryption key in response to a load command given from an external device and storing the package in the information storage unit;
an installation process of expanding the package loaded by the program loading process into the information storage unit and installing the application program in response to an installation command given from an external device;
a key writing process of storing an encryption key used by an installed application program in the information storage unit in response to a key writing command given from an external device;
an executable function change process for changing a process function executable by an already installed application program according to an executable function change process command given from an external device;
has the function of executing
When executing the installation process, the installed application program can execute a designated function designated by function designation information included in the installation command, among a plurality of processing functions using an encryption key. so that
When the executable function changing process is executed, if there is a processing function changed from executable to non-executable by the executable function changing process, the encryption used for the processing function changed to be non-executable Also executing key deletion processing for deleting the key from the information storage unit,
The information storage unit stores a storage location list table that associates various processing functions that use encryption keys with storage locations of encryption keys that are used for these functions,
By referring to the storage location list table when executing installation processing for a specific application program, a function table listing storage locations of encryption keys used for functions executable by the application program is created. , store this in the information storage unit,
When executing the executable function change process, the function table is rewritten by referring to the storage location list table, the storage location to be deleted from the function table is specified, and the specified storage location is specified. An information processing apparatus that executes a key deletion process for deleting an encryption key stored in a storage location. In the information processing device according to any one of claims 1 to 3 ,
constructing a key table for storing an encryption key in a logical key space of an information storage unit for the application program when executing an installation process for a specific application program;
When executing the key writing process, write the data of the encryption key in the real space on the memory corresponding to the predetermined location of the key table constructed on the key space,
1. An information processing apparatus, characterized in that, when executing a key deletion process, the data of the encryption key written in the real space is deleted, and the real space on the memory is released. In the information processing device according to claim 4 ,
The key table consists of a collection of cells in a two-dimensional matrix that can identify one cell by a combination of a key version number and a key ID,
1. An information processing apparatus that identifies a storage location of an encryption key to be written or deleted based on a key version number. In the information processing device according to any one of claims 1 to 5 ,
It has a function to install an application program that has a processing function to open an encrypted communication path with an external device using a predetermined encryption protocol, and a cipher used to open the encrypted communication path in the key writing process An information processing device characterized by writing a key. In the information processing device according to any one of claims 1 to 5 ,
The information storage unit stores at least one management program as an application program,
The management program has a function of executing program load processing, installation processing, and key writing processing for the new application program in order to place the new application program under its own control. and information processing equipment. In the information processing device according to claim 7 ,
After program load processing and installation processing for a new application program are completed, when a key write command is given from an external device, the new application program executes key write processing according to the key write command. An information processing device characterized by: The information processing device according to claim 7 or 8 ,
The management program interprets the privilege parameter "privilege" that accompanies the installation command defined in the GlobalPlatform (registered trademark) specifications as function specifying information, and executes the installation process so that only the specified functions can be executed. An information processing device characterized by: The information processing device according to claim 7 or 8 ,
The management program interprets the SCP type parameter attached to the installation command defined in the GlobalPlatform (registered trademark) specifications as function designation information, and establishes an encrypted communication path according to the encryption protocol indicated by the designated SCP type. An information processing apparatus that executes an installation process that makes the process executable. A program that causes a computer to function as the information processing apparatus according to any one of claims 1 to 10 .

Images