JP2005293504A - Program, computer and data processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a program capable of reducing burdens on the computer of a communicating destination when the destination computer determines validity of a starting application program. <P>SOLUTION: A client device 12_1 verifies validity of an application program started by itself, and sends approved data indicating the result to a server device 10. The server device 10 sends contents data to the client device 12_1 based on the approved data, assuming that a desired application program runs on the client device 12_1. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a program, a computer, and a data processing method for determining the validity of an application program activated by a communication destination.

For example, there is a communication system that transmits content data related to copyrights from a server device to a client device on condition that a desired application program having a copyright protection function is activated on the client device.
In such a communication system, the server device determines whether the desired application program is activated on the client device.
At this time, conventionally, for example, the server device holds the hash data (hash value) of the application program in advance, and the hash data and the hash data of the application program generated by the client device based on the hash function are obtained. When it is confirmed that they match, it is determined that the desired application program is operating on the client device.

By the way, various hash functions used for generating the hash data are used depending on the OS (Operating System) of the client apparatus.
In addition, even in an application program having the same function, the hash data differs depending on the program language and version in which the application program is described.
Therefore, a server device that transmits content data to a plurality of client devices needs to hold and manage a huge number of hash data, and there is a problem that the load is large.
In recent years, content data may be transmitted and received between client devices. In such a case, each client device determines whether or not the desired application program is activated on the client device of the communication destination. Therefore, it is not realistic to hold and manage the huge number of hash data described above.

The present invention is made in view of the above-described prior art, and provides a program, a computer, and a data processing method capable of reducing the load on the communication destination when the communication destination determines the validity of the application program to be activated. Objective.
It is another object of the present invention to provide a program, a computer, and a data processing method that can reduce the load for determining the validity of an application program that is started by a communication destination.

  In order to solve the above-described problems of the prior art and achieve the above-described object, a program according to a first invention is a program for causing a computer to execute management of an application program, which is an application program started by the computer. A first procedure for verifying validity and generating proof data indicating identification data of the application program that has been determined to be valid; and a communication destination that provides data used by the application program, the first procedure And causing the computer to execute a second procedure for transmitting the certification data generated in step (b).

The operation of the program of the first invention is as follows.
The program of the first invention is executed by a computer, the validity of an application program started by the computer is verified, and proof data indicating identification data of the application program determined to be valid is generated for the computer The computer executes the first procedure.
Next, the computer is caused to execute a second procedure for transmitting the certification data generated in the first procedure to a communication destination that provides data used by the application program.

  The program of the second invention is a program for causing a computer to execute data transmission to a communication destination, wherein the first procedure for authenticating the validity of the communication destination and the authentication as valid by the first procedure And the second procedure for receiving certification data indicating the identification data of the application program that is determined to be legitimate by the communication destination and started by the communication destination, and the desired identification data is A third procedure for determining whether or not the certification data received in the second procedure is included, and a condition that it is determined that the desired identification data is included in the third procedure And causing the computer to execute a fourth procedure for transmitting data to the communication destination.

The operation of the program of the second invention is as follows.
A program of the second invention is executed by a computer, and causes the computer to execute a first procedure for authenticating the validity of the communication destination.
Next, certifying data indicating identification data of an application program that is determined to be valid by the communication destination and started at the communication destination is provided on the condition that it is authenticated as valid in the first procedure. The computer is caused to execute a second procedure received from the computer.
Next, the computer is caused to execute a third procedure for determining whether or not desired identification data is included in the certification data received in the second procedure.
Next, on the condition that it is determined that the desired identification data is included in the third procedure, the computer is caused to execute a fourth procedure for transmitting data to the communication destination.

  According to a third aspect of the present invention, there is provided a computer having a memory in which an application program is stored, a circuit module having a function of preventing falsification and monitoring of stored data, and storing a boot program, and the application program read from the memory And an execution circuit that executes the boot program read from the circuit module in a secure state, and an interface, the execution circuit being read from the circuit module in a secure state The boot program is executed, the legitimacy of the application program is verified according to the boot program, and proof data indicating identification data of the application program determined to be legitimate is stored in the circuit module. , The circuit module Transmitting the certification data read out from Le to the communication destination via the interface.

The operation of the computer of the third invention is as follows.
The execution circuit executes the boot program read from the circuit module in a secure state.
Then, the execution circuit verifies the validity of the application program according to the boot program, and stores certification data indicating identification data of the application program determined to be valid in the circuit module.
Then, the execution circuit transmits the certification data read from the circuit module to the communication destination via the interface.

  According to a fourth aspect of the present invention, there is provided a computer in which an application program and a boot program are stored, a circuit module having a function of preventing alteration of stored data and monitoring of stored data and internal processing, and the memory. A computer having an execution circuit for executing the read application program and the boot program, and an interface, wherein the circuit module verifies the validity of the boot program read from the memory The boot program is output to the execution circuit in a secure state, and the execution circuit executes the boot program input from the circuit module, and the application program is validated according to the boot program. Verifies sex and determines that it is legitimate The proof data indicating the identification data of the application program is stored in the circuit module, and transmits the certificate data read from the circuit module to the communication destination via the interface.

The operation of the computer of the fourth invention is as follows.
After the circuit module verifies the validity of the boot program read from the memory, the boot module outputs the boot program in a secure state to the execution circuit.
Next, the execution circuit executes the boot program input from the circuit module, verifies the validity of the application program according to the boot program, and determines the validity of the application program. Proof data indicating identification data is stored in the circuit module.
Next, the execution circuit transmits the certification data read from the circuit module to the communication destination via the interface.

  According to a fifth aspect of the present invention, there is provided a computer in which a program is stored, an execution circuit that executes the program read from the memory, and identification data of an application program that is activated at the communication destination and recognized by the communication destination The execution circuit executes a program read from the memory, and the communication destination is valid via the interface according to the program. On the condition that it has been authenticated, it is determined whether or not the desired identification data is included in the certification data received via the interface, and it is determined that the desired identification data is included In addition, data is transmitted to the communication destination via the interface.

  A data processing method according to a sixth aspect of the present invention is a data processing method performed by a computer that manages application programs, wherein the validity of the application program started by the computer is verified, and the application program determined to be valid A first step of generating proof data indicating identification data; and a second step of transmitting the proof data generated in the first step to a communication destination that provides data used by the application program. .

  A data processing method according to a seventh aspect of the present invention is a data processing method in which a computer transmits data to a communication destination, wherein the first step for authenticating the validity of the communication destination and the first step are valid. A second step of receiving, from the communication destination, proof data indicating identification data of an application program that is determined to be valid by the communication destination and is activated at the communication destination on the condition that it is authenticated; A third step of determining whether identification data is included in the certification data received in the second step, and a determination that the desired identification data is included in the third step; And a fourth step of transmitting data to the communication destination.

According to the first, third, fourth, and sixth inventions, there is provided a program, a computer, and a data processing method capable of reducing the load on a communication destination when the communication destination determines the validity of an application program to be activated. Can be provided.
According to the second, fifth, and seventh inventions, it is possible to provide a program, a computer, and a data processing method that can reduce the load for determining the validity of an application program that is started by a communication destination.

First, a related technique of the present invention will be described.
<Related technologies>
1 and 2 are diagrams for explaining a related technique of the present invention.
In the system shown in FIG. 1, for example, a valid boot program BP on the client device.
The content data related to the copyright is transmitted from the server apparatus 110 to the computer PC on the condition that is operating.
In such a system, in the computer PC, the CPU reads the boot program BP from the security module circuit SM1 in a secure state, generates the hash data Hash, and writes this into the security module circuit SM1.
In the security module SM1, the boot program BP and signature key data are stored in the nonvolatile memory 102, and the hash data Hash of the boot program BP is stored in the register 103.
In addition, between the CPU and the security module circuit SM1, the key data is held by both, and the data encrypted based on the key data is sent to the bus, or the key data is shared after mutual authentication between the two. In addition, data is transferred in a secure state by, for example, incorporating the CPU and the security module circuit SM1 into a tamper-resistant module (Multi-Chip Module).

The server device 110 holds the hash data Hash of the boot program BP in advance, and the valid booting is performed on the condition that the hash data Hash and the hash data Hash read from the register 103 by the computer PC match. It is determined that the program BP is operating on the computer PC.
However, in this case, it is unknown whether the hash data Hash transmitted by the computer PC has been properly generated.
On the other hand, if the security module circuit SM1 is valid, it can be determined that the boot program BP is valid.

Further, content data related to copyright may be transmitted from the server apparatus 110 to the computer PC or the like on condition that a desired application program having a copyright protection function is started on the client apparatus such as the computer PC or the like. .
In such a case, the server apparatus 110 stores the hash data Hash of the application program and compares it with the hash data Hash of the application program received from the computer PC or the like.
By the way, various hash functions used for generating the hash data are used depending on the OS (Operating System) of the client apparatus.
In addition, even in an application program having the same function, the hash data differs depending on the program language and version in which the application program is described.
Therefore, for example, as shown in FIG. 2, when the server apparatus 110 transmits content data to a plurality of client apparatuses such as a computer PC1, PC2, PDA (Personal Digital Assistants) and a mobile phone MP, the server apparatus 110 For each client device, it is necessary to store the hash data Hash of the boot program BP and the hash data Hash of the application program AP.

For example, as shown in FIG. 2, the server apparatus 110 needs to store the hash data BP (PC1) Hash of the boot program of the computer PC1 and the hash data AP (PC1) Hash of the application program of the computer PC1. .
Further, the server apparatus 110 needs to store the hash data BP (PC2) Hash of the boot program of the computer PC2 and the hash data AP (PC2) Hash of the application program of the computer PC2.
Further, the server device 110 needs to store the hash data BP (PDA) Hash of the PDA boot program and the hash data AP (PDA) Hash of the PDA application program.
Further, the server apparatus 110 needs to store the hash data BP (MP) Hash of the boot program of the mobile phone MP and the hash data AP (MP) Hash of the application program of the mobile phone MP.

  In recent years, content data may be transmitted and received between client devices. Even in such a case, each client device determines whether or not the desired application program is started on the communication destination client device. In order to make a determination, it is necessary to hold and manage the enormous number of hash data described above, which is burdensome or impractical.

Hereinafter, a communication system according to an embodiment of the present invention that solves the problems of the related art described above will be described.
<First Embodiment>
FIG. 3 is an overall configuration diagram of the communication system 1 according to the embodiment of the present invention.
As illustrated in FIG. 3, the communication system 1 includes, for example, a server device 10 and client devices 12_1 and 12_2.
The server device 10, the client device 12_1, and the client device 12_1 communicate with each other via the network 9.
In this embodiment, a case where communication is performed by a large number of server apparatuses 10 and two client apparatuses 12_1 and 12_3 is illustrated, but the present invention may use a plurality of server apparatuses, or a single or three or more. The client device may be used.

First, an outline of the communication system 1 shown in FIG. 3 will be described.
Each of the client devices 12_1 and 12_2 verifies the validity of the application program started by itself, and transmits certification data AP_CER indicating the result to the server device 10.
Based on the certification data AP_CER, the server device 10 transmits content data to the client devices 12_1 and 12_2 on condition that a desired application program is activated on the client devices 12_1 and 12_2.
In the communication system 1, the server device 10 does not need to hold all the hash data of the application programs executed by the client devices 12_1 and 12_2, and does not need to perform verification processing of the validity. Therefore, it is possible to reduce the load on the server apparatus 10 due to the determination of the validity of the application program activated on the client apparatuses 12_1 and 12_2.
In the present embodiment, the case where content data is transmitted and received between the server device 10 and the client devices 12_1 and 12_2 is illustrated, but the decryption key data for decrypting the encrypted content data instead of the content data itself, Rights information necessary for using the content data may be transmitted and received.

Hereinafter, the present embodiment will be described with reference to FIGS.
First, the correspondence between each component of the present embodiment and the component of the present invention will be described.
The application program AP_S shown in FIG. 4 corresponds to the programs of the second and fifth inventions. A boot program B_PRG shown in FIG. 7 and the like corresponds to the program or the boot program of the first and third inventions.
Also, the client device 12_1 shown in FIG. 3 corresponds to the computers of the first and third inventions, and the server device 10 and the client device 12_2 shown in FIG. 3 correspond to the communication destinations of the first and third inventions. .
Further, the server device 10 shown in FIG. 3 corresponds to the computer of the second invention and the fifth invention, and the client device 12_1 shown in FIG. 3 corresponds to the communication destination of the second and fifth inventions.
Further, the certification data AP_CER corresponds to the certification data of the present invention.

[Server device 10]
FIG. 4 is a configuration diagram of the server apparatus 10 shown in FIG.
As illustrated in FIG. 4, the server device 10 includes, for example, an interface 21, a memory 22, and a CPU 23, which are connected via a data line 20.
Here, the interface 21 corresponds to the interface of the fifth invention, the memory 22 corresponds to the memory of the fifth invention, and the CPU 23 corresponds to the execution circuit of the fifth invention.

The interface 21 transmits and receives data to and from the client devices 12_1 and 12_2 via the network 9.
The memory 22 stores the application program AP_S.
The memory 22 stores the secret key data SK_S, public key data PK_S, public key certification data PKC_S, and identification data ID_S of the server device 10.
Further, the memory 22 stores the public key data PK_C1 and the public key certification data PKC_C1 of the client device 12_1 through communication with the client device 12_1 and the like.
Further, the memory 22 stores the public key data PK_C2 and the public key certification data PKC_C2 of the client device 12_2 through communication with the client device 12_2 or the like.

The CPU 23 executes the application program AP_S and comprehensively controls the operation of the server device 10.
The processing performed by the CPU 23 will be described in association with an operation example of the server device 10.

Hereinafter, an operation example when the server apparatus 10 illustrated in FIG. 4 communicates with the client apparatus 12_1 will be described.
FIG. 5 is a flowchart for explaining an operation example when the server apparatus 10 shown in FIG. 4 communicates with the client apparatus 12_1.
Each step shown below is defined by the application program AP_S.
Note that the processing shown in FIG. 5 may be defined by the boot program of the server device 10.
Step ST1:
The CPU 23 of the server device 10 reads the application program AP_S designated by the user from the memory 22 and executes it.
The application program AP_S is, for example, a program that encrypts and transmits predetermined content data, and is a program that transmits and receives content data only with a program having identification data AP_ID corresponding thereto. The content data relates to copyright, for example.

Step ST2:
For example, the CPU 23 performs mutual authentication with the client device 12_1 via the interface 21 based on the secret key data SK_S, the public key data PK_C1, and the public key certification data PKC_C1 read from the memory 22, for example. That is, mutual authentication using a public key is performed.
As a mutual authentication method, a method such as ISO / IEC 9798-3 can be used.
When the mutual authenticity is confirmed by the mutual authentication, the CPU 23 shares the session key data used for the subsequent communication with the client device 12_1 with the client device 12_1, and based on the session key data in the subsequent communication. Encrypt the data.
In the present embodiment, for example, the CPU 23 may not verify the hash data of the boot program B_PRG of the client device 12_1.
Step ST3:
The CPU 23 proceeds to step ST4 when mutual validity is confirmed by the mutual authentication performed in step ST2, and ends the process or performs error processing if not.

Step ST4:
The CPU 23 receives the certification data AP_CER attached with the signature data SIG from the client device 12_1 via the interface 21.
For example, as will be described later, the certification data AP_CER includes identification data AP_ID, manufacturing identification data MF_ID, version VER, and hash value HASH of the application program AP_C1 that has been activated by the client device 12_1 and has been confirmed to be valid. They are shown in association with each other.

Step ST5:
The CPU 23 verifies the validity of the certification data AP_CER received in step ST4.
At this time, for example, the CPU 23 generates hash data of the certification data AP_CER based on the hash function. Then, the CPU 23 determines whether or not the generated hash data matches the signature data SIG added to the certification data AP_CER shown in FIG. 6, and if they match, the certification data AP_CER1 is falsified. Judge that it is not legitimate.
Here, the hash function is a function that generates fixed-length data from a given original text, and the original text cannot be reproduced from the hash value, and it is extremely difficult to generate different data having the same hash value. It has the characteristic.
Then, the CPU 23 proceeds to step ST6 when determining that the certification data AP_CER is valid, and ends the process when it is not.
When the client device 12_1 encrypts the hash data with the secret key SK_C1 of the client device 12_1 and generates the signature data SIG, the CPU 23
The signature data SIG is decrypted with the public key PK_C1 of the client device 12_1, and the decrypted data is compared with the hash data.
Since the data is encrypted with the session key on the network 9, a desired object can be achieved without using a digital signature technique that takes a long processing time. That is, the hash data itself is encrypted with the session key, and almost the same function as the digital signature can be realized.
Further, in order to prevent illegally reusing data exchanged in the past, usually random number data is added to the data (in this example, the certification data AP_CER shown in FIG. 6), and all data including random numbers is added. Hash data is calculated and used as signature data SIG. Further, when encrypting with the secret key SK_C1, encryption is performed on the hash data for the data including the random number data.

Step ST6:
The CPU 23 determines whether or not the identification data AP_ID of the designated application program AP_C1 is included in the certification data AP_CER received in step ST4, and the identification data AP_ID is included (the application program in the client device 12_1). If it is determined that the validity of AP_C1 has been confirmed and activated, the process proceeds to step ST7, and if not, the process ends.
Here, the application program AP_C1 is, for example, a program having a copyright protection function for content data when the application program AP_S transmits content data related to copyright.
Note that the CPU 23 may verify whether the manufacturing identification data MF_ID and the version data VER are desired in addition to the identification data AP_ID in the verification in the step.
Step ST7:
The CPU 23 encrypts predetermined content data according to the application program AP_S activated in step ST1, and transmits it to the client device 12_1 via the interface 21.

[Client device 12_1]
FIG. 7 is a configuration diagram of the client apparatus 12_1 illustrated in FIG.
As illustrated in FIG. 7, the client device 12_1 includes, for example, an interface 31, a memory 32, a CPU 33, and a security module circuit SM, which are connected via a data line 30.
Here, the interface 31 corresponds to the interface of the third invention, the memory 32 corresponds to the memory of the fifth invention, the security module circuit SM corresponds to the circuit module of the fifth invention, and the CPU 33 corresponds to the fifth invention. This corresponds to the execution circuit of the invention.

The interface 31 performs communication between the server device 10 and the client device 12_2 via the network 9.
The memory 32 stores the application program AP_C1.
The memory 32 is a semiconductor memory or a hard disk drive.
The security module circuit SM includes, for example, a memory 35 and an arithmetic circuit 36.
The security module circuit SM is a circuit having tamper resistance, and has a function of preventing tampering and monitoring of data stored in the memory 35 and monitoring of processing of the arithmetic circuit 36.
A tamper-resistant circuit causes malfunction or leakage of internal data when an attack against the circuit from the outside (an attack that illegally reads internal data or sets the input frequency or input voltage outside of the specified range) is applied. The circuit is configured so as not to exist. Specifically, in order to prevent the reading of internal data, the circuit configuration has a multilayer structure, the memory is arranged at the lowest layer, and dummy layers (for example, aluminum layers) are incorporated in the upper and lower layers, so that the memory can be input from the outside. It is difficult to directly access the output I / F. Further, a tamper-resistant circuit frequency detection circuit and a voltage detection circuit are provided, and are configured not to operate when the frequency and voltage are not within a predetermined range.

The memory 35 stores secret key data SK_C1, public key data PK_C1, public key certification data PKC_C1, and identification data ID_C1 of the client device 12_1.
Further, the memory 35 stores the public key data PK_S and the public key certification data PKC_S of the server device 10 through communication with the server device 10 or the like.
The memory 35 stores the public key data PK_C2 and the public key certification data PKC_C2 of the client device 12_2 through communication with the client device 12_2 or the like.

The CPU 33 reads the boot program B_PRG in a secure state from the memory 35 in the security module circuit SM via the data line 30 and executes it.
Further, the CPU 33 reads the application program AP_C1 from the memory 32 and executes it.
In order to realize reading in the secure state, the CPU 33 and the security module circuit SM share common encryption key data, encrypt the data on the data line 30, and the CPU 33 and the security module circuit SM. The data on the data line 30 is encrypted with the session key data shared with each other, the CPU 33 and the security module circuit SM are molded into one package, and the data on the data line 30 is transferred from the outside. For example, a method of preventing access is used.
In addition, in order to prevent the security module circuit SM from being incorporated into another client device, the client device 12_1 distributes and holds memory data (data such as IDs, random numbers, and keys) unique to the device, thereby providing security at startup. The module circuit SM may verify the memory data. Further, the boot mechanism of the CPU 33 is complicated by making the input / output operation to the interface 31 complicated, and only the licensed manufacturer knows the mechanism so that the boot program B_PRG can be read. The activation reliability may be further increased.

The CPU 33 comprehensively controls the operation of the client device 12_1.
The processing performed by the CPU 33 will be described in association with an operation example of the client device 12_1.

Hereinafter, an operation in which the client device 12_1 illustrated in FIG. 7 generates the certification data AP_CD will be described.
FIG. 8 is a flowchart for explaining an operation in which the client apparatus 12_1 shown in FIG. 7 generates the certification data AP_CD.
Each step shown below is defined by the boot program B_PRG.
Step ST11:
When the client device 12_1 is activated, the arithmetic circuit 36 of the security module circuit SM reads the boot program B_PRG from the memory 35 and verifies the validity of the boot program B_PRG. At this time, for example, the arithmetic circuit 36 generates hash data of the boot program B_PRG based on the hash function, and compares the generated hash data with the hash data of the boot program B_PRG prepared in advance. If they match, it is determined that the boot program B_PRG stored in the memory 35 is valid (not tampered).
Step ST12:
If it is determined in step ST11 that the boot program B_PRG is valid, the client device 12_1 proceeds to step ST13, and if not, performs error processing.

Step ST13:
The CPU 33 of the client device 12_1 reads the boot program B_PRG from the memory 35 through the data line 30 in a secure state.
Step ST14:
The CPU 33 executes the boot program B_PRG read in step ST13.
Step ST15:
In accordance with the boot program B_PRG, the CPU 33 selects an unselected application program AP_C1 among the plurality of application programs AP_C1 specified by the user.

Step ST16:
The CPU 33 reads the application program AP_C1 selected in step ST15 from the memory 32 and verifies its validity.
At this time, for example, the CPU 33 generates hash data of the application program AP_C1 based on the hash function, compares the generated hash data with the hash data of the application program AP_C1 prepared in advance, and if they match, The application program AP_C1 stored in the memory 32 is determined to be valid.
Further, the CPU 33 may verify predetermined signature data associated with the application program AP_C1 based on public key data. The signature data SIG may be added to the application program AP_C1 or may be stored separately in the memory.

Step ST17:
If the CPU 33 determines in step ST16 that the application program AP_C1 is valid, the process proceeds to step ST18, and if not, the process proceeds to step ST20.
Step ST18:
The CPU 33 adds the identification data AP_ID, manufacturing identification data MF_ID, version data VER, and hash data HASH (hereinafter, also simply referred to as identification data AP_ID) of the application program AP_C1 determined to be valid in step ST16 to the certification data AP_CER. .
Step ST19:
The CPU 33 activates the application program AP_C1 determined to be valid in step ST16.
That is, in the present embodiment, the case where the application program AP_C1 is started on the condition that it is determined in step ST16 that the application program AP_C1 is valid is illustrated. However, the application program AP_C1 is not determined to be valid. In such a case, the user may be notified of this and the application program AP_C1 may be activated with the user's consent. However, in this case, the CPU 33 does not add the identification data AP_ID of the application program AP_C1 to the certification data AP_CER.
Step ST20:
The CPU 33 determines whether or not all application programs AP_C1 designated by the user have been selected in step ST15. If it is determined that the application program AP_C1 has been selected, the process ends. If not, the process returns to step ST15.

Hereinafter, an operation example when the client apparatus 12_1 illustrated in FIG. 7 receives content data from the server apparatus 10 will be described.
FIG. 9 is a flowchart for explaining an operation example when the client device 12_1 shown in FIG. 7 receives content data from the server device 10.
Each step shown below is defined by the boot program B_PRG.
Step ST31:
The CPU 33 of the client device 12_1 performs mutual authentication with the server device 10 via the interface 31 based on the secret key data SK_C1, the public key data PK_S1, and the public key certification data PKC_S1 read from the memory 35 of the security module circuit SM. I do. That is, mutual authentication using a public key is performed.
When the mutual authenticity is confirmed by the mutual authentication, the CPU 33 shares the session key data used for the subsequent communication with the server device 10 with the server device 10, and based on the session key data in the subsequent communication. Encrypt the data.
In the mutual authentication, the CPU 33 may authenticate the validity of the server device 10 based on an AC (Attribute Certificate) or URL (Uniform Resource Locator) of the server device 10. Here, AC is electronic data in which a predetermined certification authority (AC issuing authority) is linked to the identification data ID of the public key certification data to prove the functions and attributes of the issuer. This indicates that the server distributes data.
Step ST32:
CPU33 will progress to step ST33, if mutual validity is confirmed by the mutual authentication performed by step ST31, and will complete | finish a process otherwise.

Step ST33:
The CPU 33 generates hash data of the certification data AP_CER generated through the processing described with reference to FIG. 8, and adds this to the certification data AP_CER as signature data SIG.
Step ST34:
The CPU 33 transmits the signed certification data AP_CER generated in step ST33 to the server device 10 via the interface 31.
Step ST35:
The CPU 33 uses content data received from the server device 10 via the interface 31 in accordance with the application program AP_C1.
At this time, as described above, since the application program AP_C1 has a copyright protection function, the copyright of the content data is protected by this function.
In the embodiment described above, the case where the CPU 33 performs the authentication process and the generation process of the signature data SIG based on the boot program B_PRG read from the security module circuit SM is illustrated. The arithmetic circuit 36 may perform the processing.
In this case, the client device 12_1 provides data necessary for authentication among the data received from the server device 10 to the security module circuit SM. Then, the arithmetic circuit 36 of the security module circuit SM performs arithmetic processing based on the data, and transmits the result to the server device 10 via the interface 31. Further, the arithmetic circuit 36 of the security module circuit SM generates the signature data SIG of the certification data AP_CER, and transmits the certification data AP_CER added with the signature data SIG to the server device 10 via the interface 31.

Hereinafter, an operation example when the client apparatus 12_1 illustrated in FIG. 7 transmits and receives content data to and from the client apparatus 12_2 illustrated in FIG. 3 will be described.
FIG. 10 is a flowchart for explaining an operation example when the client apparatus 12_1 shown in FIG. 7 transmits / receives content data to / from the client apparatus 12_2 shown in FIG.
Step ST41:
The CPU 33 of the client device 12_1 performs mutual authentication with the client device 12_2 via the interface 31 based on the secret key data SK_C1, the public key data PK_C2, and the public key certification data PKC_C2 read from the memory 35 of the security module circuit SM. I do. That is, mutual authentication using a public key is performed.
In the present embodiment, the public key data PK_2 and the public key certification data PKC_2 are stored in the memory 35, but may be received from the client device 12_2 prior to authentication.
When the mutual authenticity is confirmed by the mutual authentication, the CPU 33 shares the session key data used for the subsequent communication with the client device 12_2 with the client device 12_2, and based on the session key data in the subsequent communication. Encrypt the data.
Step ST42:
CPU33 will progress to step ST43, if mutual validity is confirmed by the mutual authentication performed by step ST41, and when that is not right, it will complete | finish a process or will perform an error process.

Step ST43:
The CPU 33 generates hash data of the certification data AP_CER1 generated through the processing described with reference to FIG. 8, and adds this to the certification data AP_CER1 as signature data SIG.
Step ST44:
The CPU 33 transmits the signed certification data AP_CER1 generated in step ST43 to the client device 12_2 via the interface 31.
Step ST45:
The CPU 33 receives the certification data AP_CER2 with the signature data SIG generated by the client apparatus 12_2 performing the same process as described with reference to FIG. 9 from the client apparatus 12_2 via the interface 31.
As described above, the certification data AP_CER2 is started by the client device 12_2, and the identification data AP_ID, the manufacturing identification data MF_ID, the version VER, and the hash value HASH of the application program AP_C2 whose validity has been confirmed as shown in FIG. Are shown in association with each other.

Step ST46:
The CPU 33 verifies the validity of the certification data AP_CER2 received in step ST44.
At this time, for example, the CPU 33 generates hash data of the certification data AP_CER2 based on the hash function. Then, the CPU 33 determines whether or not the generated hash data matches the signature data SIG. If they match, the CPU 33 determines that the certification data AP_CER2 is a legitimate one that has not been tampered with.
If the CPU 33 determines that the certification data AP_CER2 is valid, the process proceeds to step ST47. If not, the CPU 33 ends the process or performs error processing.

Step ST47:
The CPU 33 determines whether or not the identification data AP_ID of the application program AP_C1 designated by the user is included in the certification data AP_CER2 received in step ST45, and the identification data AP_ID is included (in the client device 12_2) If it is determined that the validity of the application program AP_C2 has been confirmed and started, the process proceeds to step ST48, and if not, the process is terminated or an error process is performed.
In this step, the CPU 33 may determine whether the manufacturing identification data MF_ID and the version data VER are desired in addition to the identification data AP_ID.
Step ST48:
The CPU 33 encrypts predetermined content data according to the already started application program AP_C1 and transmits it to the client device 12_2 via the interface 31.
The CPU 33 uses the content data received from the client device 12_2 via the interface 31 in accordance with the application program AP_C1.
At this time, as described above, since the application program AP_C1 has a copyright protection function, the copyright of the content data is protected by this function.

  The client device 12_2 has the same configuration as the client device 12_1 described above.

Hereinafter, an overall operation example of the communication system 1 shown in FIG. 3 will be described.
The client devices 12_1 and 12_2 perform the process shown in FIG. 8 to write the certification data AP_CER into the memory 35 in the security module circuit SM shown in FIG. 7 of the client devices 12_1 and 12_2, respectively.
First, when content data is transmitted from the server apparatus 10 to the client apparatus 12_1, for example, the server apparatus 10 performs the process shown in FIG. 5 and the client apparatus 12_1 performs the process shown in FIG.
Further, when content data is transmitted and received between the client device 12_1 and the client device 12_2, each performs the process shown in FIG.

As described above, according to the communication system 1, each of the client devices 12_1 and 12_2 verifies the validity of the application programs AP_C1 and AP_C2 that the client devices 12_1 and 12_2 themselves start, and uses the certification data AP_CER1 and AP_CER2 indicating the results respectively as the server device 10 to send.
Therefore, the server device 10 does not need to hold all the hash data of the application programs executed by the client devices 12_1 and 12_2, and does not need to perform verification processing of the validity. Therefore, it is possible to reduce the load on the server apparatus 10 due to the determination of the validity of the application program activated on the client apparatuses 12_1 and 12_2.

Further, according to the communication system 1, in the client devices 12_1 and 12_2, as shown in FIG. 7, the boot program B_PRG for generating the above-described certification data AP_CER1 and AP_CER2 is stored in the memory 35 in the security module circuit SM. In addition, since it is read to the CPU 33 in a secure state via the data line 30, the reliability of the certification data AP_CER1 and AP_CER2 can be increased.
Further, according to the communication system 1, the server apparatus 10 performs mutual authentication with the client apparatuses 12_1 and 12_2, receives the proof data AP_CER with the signature, and verifies the signature data SIG. Therefore, it is possible to determine the legitimacy of the application program activated on the client devices 12_1 and 12_2 with high reliability.

  Further, according to the communication system 1, not only between the server device 10 and the client devices 12_1 and 12_2 but also when content data is transmitted and received between the client devices 12_1 and 12_2, one of the client devices 12_1 and 12_2. Can determine the legitimacy of the application program activated on the other side with a small load.

The present invention is not limited to the embodiment described above.
For example, as shown in FIG. 11, in the client device 12_1, the boot program B_PRG may be stored in a memory 32 that does not have tamper resistance.
In this case, the security module circuit SM reads the boot program B_PRG from the memory 32, verifies the validity of the boot program B_PRG in the arithmetic circuit 36, and then outputs it to the CPU 33 via the data line 30.
FIG. 11 shows an embodiment of the fourth invention.

In step ST33 of FIG. 9 or step ST43 of FIG. 10, the CPU 33 of the client device 12_1 uses the data received from the server device 10 or the client device 12_2 (for example, a random number generated by the client device 12_2) and the certification data AP_CER. The signature data SIG may be generated by generating hash data for the configured data. By doing so, it is possible to prevent fraud by reusing data once used for communication.
By doing so, it is possible to prevent impersonation by using the certification data AP_CER with the signature exchanged in the past by the client apparatus 12_1.

In the above-described embodiment, the client device 12_1 has exemplified the case where the proof data AP_CER is generated according to the boot program B_PRG. However, another program verified by the boot program B_PRG is the proof data AP_CER. Generation may be performed.
In the above-described embodiment, the boot program B_PRG may be updated after the arithmetic circuit 36 of the security module circuit SM verifies the validity of the updated boot program.

  The mutual authentication described above is not limited to public key authentication, and any authentication method may be used as long as it is a method or system capable of mutual authentication.

  The present invention can be applied to a system that determines the validity of an application program started by a communication destination.

FIG. 1 is a diagram for explaining a related technique of the present invention. FIG. 2 is a diagram for explaining a related technique of the present invention. FIG. 3 is an overall configuration diagram of a communication system according to the embodiment of the present invention. FIG. 4 is a block diagram of the server device shown in FIG. FIG. 5 is a flowchart for explaining an operation example when the server apparatus shown in FIG. 4 communicates with the client apparatus. FIG. 6 is a diagram for explaining the certification data according to the embodiment of the present invention. FIG. 7 is a block diagram of the client device shown in FIG. FIG. 8 is a flowchart for explaining an operation in which the client device shown in FIG. 7 generates proof data. FIG. 9 is a flowchart for explaining an operation example when the client device shown in FIG. 7 receives content data from the server device. FIG. 10 is a flowchart for explaining an operation example when the client apparatus 12_1 shown in FIG. 7 transmits / receives content data to / from the client apparatus 12_2 shown in FIG. FIG. 11 is a diagram for explaining a client device according to a modification of the embodiment of the present invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Communication system, 10 ... Server apparatus, 12_1, 12_2 ... Client apparatus, 20 ... Data line, 21 ... Interface, 22 ... Memory, 23 ... CPU, 30 ... Data line, 31 ... Interface, 32 ... Memory, 33 ... CPU , SM ... security module circuit, 35 ... memory, 36 ... arithmetic circuit, AP_S, AP_C1 ... application program, B_PRG ... boot program, AP_CER ... certification data

Claims (14)

A program for causing a computer to manage application programs,
A first procedure for verifying validity of an application program started by the computer and generating certification data indicating identification data of the application program determined to be valid;
A program that causes the computer to execute a second procedure for transmitting the certification data generated in the first procedure to a communication destination that provides data used by the application program. The program according to claim 1, further comprising: a third procedure in which the application program determined to be valid in the first procedure uses the data received from the communication destination. The program according to claim 1, wherein the first procedure verifies whether or not the application program is falsified, and generates the certification data indicating the identification data when it is determined that the application program has not been falsified. The first procedure generates the certification data indicating at least one of version data and hash data of the application program determined to be valid in association with the identification data. The listed program. A fourth procedure for adding signature data to the certification data generated in the first procedure,
The program according to claim 1, wherein the second procedure transmits the certification data to which the signature data is added in the fourth procedure to the communication destination. The fourth procedure generates the signature data for data including the certification data and data received from the communication destination, and transmits the certification data to which the signature data is added to the communication destination. Item 6. The program according to item 5. It is stored in a memory with a function to prevent tampering and monitoring of stored data,
The program according to claim 1, which is read from the memory in a secure state by the computer and executed by the computer. The first procedure writes the certification data to the memory,
The program according to claim 7, wherein the second procedure transmits the certification data read from the memory to the communication destination. A program for causing a computer to execute data transmission to a communication destination,
A first procedure for authenticating the validity of the communication destination;
On the condition that it is authenticated as valid in the first procedure, proof data indicating identification data of an application program that is judged as valid by the communication destination and started at the communication destination is received from the communication destination. A second procedure;
A third procedure for determining whether desired identification data is included in the certification data received in the second procedure;
A program for causing the computer to execute a fourth procedure for transmitting data to the communication destination on condition that the desired identification data is included in the third procedure. A memory storing application programs;
A circuit module having a function of preventing tampering and monitoring of stored data and storing a boot program;
An execution circuit for executing the application program read from the memory and the boot program read in a secure state from the circuit module;
A computer having an interface,
The execution circuit executes the boot program read in a secure state from the circuit module, verifies the validity of the application program according to the boot program, and determines that the application program is valid. A computer that stores certification data indicating identification data of an application program in the circuit module, and transmits the certification data read from the circuit module to the communication destination via the interface. A memory storing an application program and a boot program;
A circuit module having a function of preventing alteration of stored data and monitoring of stored data and internal processing;
An execution circuit for executing the application program and the boot program read from the memory;
A computer having an interface,
The circuit module, after verifying the validity of the boot program read from the memory, outputs the boot program in a secure state to the execution circuit,
The execution circuit executes the boot program input from the circuit module, verifies the validity of the application program according to the boot program, and obtains identification data of the application program determined to be valid. A proof data to be stored in the circuit module, and the proof data read from the circuit module is transmitted to the communication destination via the interface. Memory in which the program is stored;
An execution circuit for executing the program read from the memory;
A computer having an interface that receives identification data indicating identification data of an application program that is activated at the communication destination and is validated by the communication destination;
The execution circuit executes a program read from the memory, and requests the certification data received via the interface on the condition that the communication destination is authenticated via the interface according to the program. A computer that transmits the data to the communication destination via the interface on the condition that it is determined whether the desired identification data is included. A data processing method performed by a computer that manages application programs,
A first step of verifying validity of an application program started by the computer and generating certification data indicating identification data of the application program determined to be valid;
A data processing method comprising: a second step of transmitting the certification data generated in the first step to a communication destination that provides data used by the application program. A data processing method in which a computer transmits data to a communication destination,
A first step of authenticating the correctness of the communication destination;
On the condition that it is authenticated as valid in the first step, certification data indicating identification data of an application program that is judged valid by the communication destination and started at the communication destination is received from the communication destination. A second step;
A third step of determining whether desired identification data is included in the certification data received in the second step;
A data processing method comprising: a fourth step of transmitting data to the communication destination on condition that it is determined that the desired identification data is included in the third step.

Images