JP2009134731A - Safety determination method, safety determination system, first authentication device, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a safety determination method to improve safety and to smoothly transmit/receive information while maintaining appropriate safety. <P>SOLUTION: Biometric information authentication is performed, and the environment information of an information processor 1 is collected. The information processor 1 transmits the collected environment information to a first authentication device 2. The information processor transmits an electronic certificate issued from a second authentication device 3 and information ciphered with personal keys to the first authentication device 2. The first authentication device 2 acquires the public keys of the second authentication device 3 and the public keys of the information processor 1, decodes the ciphered information, and determines whether the ciphered information may be appropriate. The first authentication device 2 refers to an environment information database and the transmitted information, and determines whether the transmitted information may be appropriate. When all the authentication by biometric information authentication, environment information authentication, and electronic certificate authentication is appropriate, the information processor 1 is determined to be safe. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a safety judgment method, a safety judgment system, a safety judgment method for judging the safety of an information processing apparatus, in which an information processing apparatus, a first authentication apparatus, and a second authentication apparatus are connected via a communication network. The present invention relates to a computer program for causing a determination device, a first authentication device, and a computer to function as a safety determination device. In particular, it is incorporated into an information processing device such as a mobile phone, a household electrical appliance, or a personal computer to increase the safety of the information processing device. The present invention relates to a safety judging device for judging.

  With the introduction of IPv6 (Internet Protocol Version 6), information processing devices connected to communication networks such as the Internet are not only personal computers, server computers and mobile phones, but also refrigerators, microwave ovens, air conditioners, TVs, DVDs, etc. Home appliances, copiers, and robots are also connected to the communication network, and information is transmitted and received. As the number of information processing devices connected to the communication network increases, safety (security) decreases.

In particular, home appliances are low in safety, and there is a risk that a program that may interfere with the normal operation of the device is sent from the outside, or a DDoS (Distributed Denial of Service) step. Therefore, in order to increase the safety of such an information processing apparatus, an attempt has been made to install a biometric authentication function using a fingerprint or the like in the information processing apparatus (for example, cited document 1).
JP-A-3-58174

  However, there are cases in which fingerprint information for authentication leaks, and there is a problem that it is difficult to ensure a high level of security with only biometric authentication. In particular, when performing electronic commerce using these information processing devices, whether the information processing device is used by a legitimate owner or is a transaction using the owner's own information processing device, It is preferable to conduct commercial transactions after ensuring safety such as whether a device that impairs safety is connected or software such as an OS (Operating System), a browser, and plug-in software is not installed.

  Also, when patch software, firmware, etc. are provided to these information processing devices, there is a risk that the software being transmitted to a third party may be falsified. It was necessary to ensure sufficient safety. On the other hand, if the level of safety is too high, it becomes difficult to smoothly transmit and receive information.

  The present invention has been made in view of such circumstances, and its object is to authenticate using biometric information, authenticate using an electronic certificate using a certification authority (PKI (Public Key Infrastructure authentication), and information). By combining authentication using environment information that uses the class of the environment in which the processing device is used, safety can be improved and information can be transmitted and received smoothly while maintaining reasonable safety. It is to provide a computer program for causing a computer to function as a safety judgment device, a safety judgment method, a safety judgment system, a safety judgment device, a first authentication device, and a computer.

  In addition, another object of the present invention is to determine a safety that can realize a smooth commercial transaction while ensuring safety by changing the safety class according to the value of the product on which the commercial transaction is performed. To provide a system.

  Furthermore, another object of the present invention is to receive and accumulate patch software using reception communication means that receives power supply from sub power supply means different from the main power supply means. Another object of the present invention is to provide a safety judgment system capable of easily distributing patch software and the like while ensuring safety.

  In the safety determination method according to the present invention, the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and the safety determination method of determining the safety of the information processing device, A biometric information receiving step for receiving biometric information by the information processing device, and a biometric information authentication step for determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device. Collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software; and transmitting the collected environmental information from the information processing apparatus to the first authentication apparatus. An environment information transmission step, an electronic certificate issued in advance from the second authentication device, and information encrypted with a personal key of the information processing device; , Using the public key of the second authentication device acquired from the second authentication device by the first authentication device using the encrypted information transmission step of transmitting from the information processing device to the first authentication device. A digital certificate authenticating step for decrypting the encrypted information with the public key of the information processing apparatus obtained from the digital certificate obtained, and determining whether the decrypted information is proper or not; Referring to the environmental information database storing the environmental conditions classified according to the information and the transmitted information, the first authentication device reads the environmental conditions that the transmitted environmental information is read from the environmental information database. An environmental information authentication step for determining whether or not it is appropriate depending on whether or not it is satisfied; and the biometric information authentication step, the environmental information authentication step, and the electronic certificate authentication step. That the authentication of all the if appropriate the first authentication device, characterized in that it comprises a safety determining step of determining safe the information processing apparatus.

  In the safety determination method according to the present invention, the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and the safety determination method of determining the safety of the information processing device, A biometric information receiving step for receiving biometric information by the information processing device, and a biometric information authentication step for determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device. Collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software; and transmitting the collected environmental information from the information processing apparatus to the first authentication apparatus. An environment information transmission step, an electronic certificate issued from the second authentication device, and software encrypted with the personal key of the first authentication device The first authentication is performed by referring to an encrypted information transmission step for transmitting from the first authentication device to the information processing device, and an environment information database storing environmental conditions classified according to information transmitted and received. An environment information authentication step for determining whether or not the transmitted environment information is appropriate by an apparatus, and the public key of the second authentication apparatus acquired from the second authentication apparatus by the information processing apparatus Whether or not the decrypted software is appropriate by decrypting the encrypted software with the public key of the first authentication device acquired from the transmitted electronic certificate and determining whether or not the tampering has occurred. The electronic certificate authentication step to be determined, and the decryption when the biometric information authentication step, the environment information authentication step, and the authentication by the electronic certificate authentication step are all appropriate. And the software characterized in that it comprises a installation step of installing the information processing apparatus.

  In the safety determination method according to the present invention, the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and the safety determination method of determining the safety of the information processing device, A biometric information receiving step for receiving biometric information by the information processing device, and a biometric information authentication step for determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device. An environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software; and the information received from the second authentication apparatus for the collected environmental information An encryption step of encrypting with the personal key of the processing device, an electronic certificate issued in advance from the second authentication device, and a personal key of the information processing device Encrypted information transmission step for transmitting the encoded environment information from the information processing apparatus to the first authentication apparatus; and the second authentication apparatus acquired from the second authentication apparatus by the first authentication apparatus. Using the public key, the encrypted environment information is decrypted with the public key of the first authentication device obtained from the transmitted electronic certificate, and it is determined whether the decrypted environment information is appropriate. The electronic certificate authenticating step, the environment information database storing the environmental conditions classified according to the information transmitted and received, and the decrypted environment information, and the decrypted environment by the first authenticating device An environment information authentication step for determining whether or not the information is appropriate, and when the biometric information authentication step, the environment information authentication step, and the authentication by the electronic certificate authentication step are all appropriate The first authentication apparatus, characterized by comprising a safety determining step of determining safe the information processing apparatus.

  In the safety determination system according to the present invention, the information processing apparatus, the first authentication apparatus, and the second authentication apparatus are connected via a communication network, and the safety determination system determines the safety of the information processing apparatus. The information processing apparatus includes biometric information accepting means for accepting biometric information, biometric information authenticating means for determining whether or not the accepted biometric information is appropriate, and information on connected peripheral devices or installed software. Environmental information collecting means for collecting environmental information; environmental information transmitting means for transmitting the collected environmental information to the first authentication apparatus; an electronic certificate issued from the second authentication apparatus; Encrypted information transmission means for transmitting information encrypted with a personal key to the first authentication device, wherein the first authentication device acquires the first information acquired from the second authentication device. Using the public key of the authentication device, decrypt the encrypted information with the public key of the information processing device obtained from the transmitted electronic certificate, and determine whether the decrypted information is appropriate The transmitted environmental information is read from the environmental information database with reference to the electronic certificate authenticating means, the environmental information database storing the environmental conditions classified according to the information transmitted and received, and the transmitted information. Environmental information authenticating means for determining whether or not it is appropriate depending on whether or not the environmental condition is satisfied, and when authentication by the biometric information authenticating means, environmental information authenticating means and electronic certificate authenticating means is all appropriate The information processing apparatus includes a safety determining unit that determines that the information processing apparatus is safe.

  In the safety judgment system according to the present invention, the environment information transmission unit and the encrypted information transmission unit encrypt the collected environment information with the personal key and transmit the encrypted environment information together with the electronic certificate to the first authentication device. It is configured.

  The safety judgment system according to the present invention further includes a store computer that transmits and receives information relating to commercial transactions with the information processing device, and the information processing device includes means for receiving information relating to commercial transactions including product information or amount information. The encrypted information transmission means further comprises: an electronic certificate issued from the second authentication device; and information relating to the commercial transaction encrypted with a personal key of the information processing device. The environmental information authentication means reads the environmental condition related to the class corresponding to the transmitted product information or money amount information from the environmental information database, and transmits the environmental condition transmitted to the read environmental condition. It is configured to determine whether or not the information is appropriate based on whether or not the information matches. Ri when the information processing apparatus determines that the safety, and further comprising means for transmitting information on the safety of the information processing apparatus to the store computer.

  In the safety determination system according to the present invention, the first authentication device includes: a sub-biological information receiving unit that receives biometric information; a sub-biological information authentication unit that determines whether the received biometric information is appropriate; Sub-environment information collecting means for collecting environmental information including information on the installed peripheral device or installed software, and the sub-environment information collecting means using the personal key of the first authentication apparatus issued from the second authentication apparatus Sub-encrypting means for encrypting the environment information collected by the above-mentioned, and a sub-encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication apparatus and the encrypted environment information to the information processing apparatus And the information processing device uses the public key of the second authentication device acquired from the second authentication device, and uses the public key of the first authentication device acquired from the transmitted electronic certificate. A sub-electronic certificate authenticating means for decrypting the encrypted environment information with a key and determining whether or not the decrypted environment information is appropriate, and environmental conditions classified according to the information transmitted and received Referring to the stored sub-environment information database and the decoded environment information, it is determined whether or not the transmitted environment information is appropriate depending on whether or not the transmitted environment information satisfies the environment conditions read from the sub-environment information database. When the sub-environment information authenticating means, the sub-biological information authenticating means, the sub-environment information authenticating means, and the sub-electronic certificate authenticating means are all appropriate and are judged safe by the safety judging means, the information A sub-safety judging means for judging that the processing device and the first authentication device are safe are provided.

  In the safety determination system according to the present invention, the information processing apparatus, the first authentication apparatus, and the second authentication apparatus are connected via a communication network, and the safety determination system determines the safety of the information processing apparatus. The information processing apparatus includes biometric information accepting means for accepting biometric information, biometric information authenticating means for determining whether or not the accepted biometric information is appropriate, and information on a connected peripheral device or installed software. Environmental information collecting means for collecting environmental information; and environmental information transmitting means for transmitting the collected environmental information to the first authentication device, wherein the first authentication device is an electronic device that has been issued by the second authentication device. A certificate and encrypted information transmitting means for transmitting software encrypted with the personal key of the first authentication device to the information processing device; Environmental information that refers to an environmental information database that stores the attached environmental conditions and determines whether or not the transmitted environmental information is appropriate depending on whether or not the environmental information read from the environmental information database satisfies the environmental conditions And the information processing device uses the public key of the second authentication device acquired from the second authentication device, and uses the public key of the first authentication device acquired from the transmitted electronic certificate. And decrypting the encrypted software and determining whether or not the decrypted software is proper, and authentication by the biometric information authenticating means, the environment information authenticating means, and the electronic certificate authenticating means And installation means for installing the decrypted software when all of them are appropriate.

  In the safety determination system according to the present invention, the information processing apparatus includes a main power supply unit, a sub power supply unit, a receiving communication unit that receives power from the sub power supply unit, and the main power supply unit. When the power is not supplied, the electronic certificate transmitted by the encrypted information transmitting unit and the software encrypted with the personal key of the first authentication device are received by the receiving communication unit. And storing means for storing the information.

  In the safety judgment system according to the present invention, the electronic certificate authenticating unit reads the electronic certificate and software stored by the storing unit when power is supplied from the main power supplying unit, and Decrypting software encrypted with the public key of the first authentication device acquired from the electronic certificate using the public key of the second authentication device acquired from the second authentication device, and determining whether or not tampering has occurred It is characterized in that it is configured to determine whether or not the software decrypted by the above is proper.

  In the safety judgment system according to the present invention, the software is patch software for software that is preinstalled in the information processing apparatus.

  In the safety judgment system according to the present invention, the information processing apparatus further includes an erasing unit that erases data stored in the storage unit after a predetermined date and time when the software installed by the installation unit is executed. Features.

  In the safety determination system according to the present invention, the information processing apparatus, the first authentication apparatus, and the second authentication apparatus are connected via a communication network, and the safety determination system determines the safety of the information processing apparatus. The information processing apparatus receives biometric information receiving means for receiving biometric information, environmental information collecting means for collecting environmental information including information on connected peripheral devices or installed software, and is issued from the second authentication apparatus. An encryption means for encrypting the biometric information received by the biometric information accepting means with the personal key of the information processing apparatus and the environmental information collected by the environmental information collecting means, and an electronic device issued from the second authentication apparatus. A certificate, and encrypted information transmitting means for transmitting the encrypted biometric information and environment information to the first authentication device, Is encrypted with the public key of the information processing apparatus acquired from the transmitted electronic certificate using the public key of the second authentication apparatus acquired from the second authentication apparatus. And an electronic certificate authenticating means for judging whether the decrypted biometric information and the environment information are proper, an environment information database storing the environment conditions classified according to the information transmitted and received, and the decryption The environmental information authenticating means for judging whether or not the transmitted environmental information is appropriate with reference to the environmental information, and comparing the decrypted biological information with the biological information stored in advance. A biometric information authenticating unit for determining whether the information processing apparatus is appropriate, and a safety unit for determining that the information processing apparatus is safe when the biometric information authenticating unit, the environment information authenticating unit, and the electronic certificate authenticating unit are all appropriate Characterized in that it comprises a determination unit.

  In the safety determination system according to the present invention, the environment information includes information on a name or version of installed software, a device name or version of a connected peripheral device, or a device name or version of the information processing device. It is characterized by that.

  The safety judgment system according to the present invention is characterized in that the biological information is voice, fingerprint, retina, or iris information.

  In the safety determination method according to the present invention, the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and the safety determination method of determining the safety of the information processing device, A biometric information receiving step for receiving biometric information by the information processing device, and a biometric information authentication step for determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device. Collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software; and transmitting the collected environmental information from the information processing apparatus to the first authentication apparatus. Environmental information transmission step, environmental information database storing environmental conditions classified according to information transmitted and received, and transmitted information Referring to the environment information authentication step for determining whether the transmitted environment information is appropriate or not by the first authentication device according to whether the environment information read from the environment information database is satisfied, An encrypted information transmission step of transmitting the electronic certificate issued from the second authentication device and the information encrypted with the personal key of the information processing device from the information processing device to the first authentication device; The first authentication device is encrypted with the public key of the information processing device acquired from the transmitted electronic certificate using the public key of the second authentication device acquired from the second authentication device. The electronic certificate authentication step for decrypting the received information and determining whether the decrypted information is appropriate, the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step. That the authentication of all the if appropriate the first authentication device, characterized in that it comprises a safety determining step of determining safe the information processing apparatus.

  In the safety determination method according to the present invention, the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and the safety determination method of determining the safety of the information processing device, A biometric information receiving step for receiving biometric information by the information processing device, and a biometric information authentication step for determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device. Collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software; and transmitting the collected environmental information from the information processing apparatus to the first authentication apparatus. The environmental information transmission step and an environmental information database storing environmental conditions classified according to information transmitted and received, Encrypted with an authentication information authentication step for determining whether or not the transmitted environment information is appropriate, an electronic certificate issued from the second authentication device, and a personal key of the first authentication device An encrypted information transmission step of transmitting the encrypted software from the first authentication device to the information processing device, and the public key of the second authentication device acquired from the second authentication device by the information processing device. And using the public key of the first authentication device acquired from the transmitted electronic certificate to decrypt the encrypted software and determine whether or not the decrypted software is appropriate. The electronic certificate authentication step for determining whether or not the authentication by the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step is all appropriate. And the software characterized in that it comprises a installation step of installing the information processing apparatus.

  The first authentication device according to the present invention is a first authentication device that determines the safety of an information processing device connected via a communication network. Authentication information receiving means for receiving authentication information, an electronic certificate issued from a second authentication device connected via a communication network, and information encrypted with a personal key of the information processing device, Encrypted with a public key acquired from the electronic certificate of the information processing apparatus transmitted using the public key of the second authentication apparatus acquired from the second authentication apparatus when transmitted from the information processing apparatus The digital certificate authenticating means for decrypting the decrypted information and determining whether the decrypted information is proper, and the peripheral device connected to the information processing apparatus or installed software from the information processing apparatus. information When the received environmental information is received, the received environmental information is read from the environmental information database with reference to the environmental information database storing the environmental conditions classified according to the information transmitted and received and the transmitted information. Environmental information authentication means for determining whether the biometric information is appropriate is received by the authentication information receiving means and the environmental information authentication means for determining whether the biometric information is appropriate or not. And a safety judging means for judging that the information processing apparatus is safe when it is judged that the authentication by the means and the electronic certificate authenticating means is proper.

  The computer program according to the present invention is a computer program for judging the safety of a computer connected to the first authentication device and the second authentication device via a communication network, and the received biological information is appropriate for the computer. A biometric information authentication step for authenticating whether or not, an environment information collection step for causing a computer to collect environment information including information on a connected peripheral device or installed software, and the environment information collected by the computer An environment information transmission step to be transmitted to the first authentication device; an electronic certificate issued from the second authentication device to the computer; and information encrypted with the personal key of the information processing device. An encrypted information transmitting step to be transmitted to the authentication device, and the biometric information authenticating step to the computer The environment information transmitted by the environment information transmission step is determined to be more appropriate by the first authentication apparatus, and the electronic certificate and the encrypted information transmitted by the encryption information transmission step are encrypted. When the information is determined to be appropriate by the first authentication device and information indicating that the information is appropriate is received from the first authentication device, a safety determination step for determining that the computer is safe is executed. .

  The computer program according to the present invention is a computer program for judging the safety of a computer connected to the first authentication device and the second authentication device via a communication network, and the received biological information is appropriate for the computer. A biometric information authentication step for authenticating whether or not, an environment information collection step for causing the computer to collect environment information including information on a connected peripheral device or installed software, and the environment information collected by the computer An environment information transmission step to be transmitted to the first authentication device; and when the computer receives an electronic certificate and encrypted software from the first authentication device, the second authentication device acquired from the second authentication device Encrypted with the public key of the first authentication device obtained from the electronic certificate using the public key An electronic certificate authenticating step for determining whether the decrypted software is proper by decrypting the decrypted software and determining whether or not tampering has occurred, and the biometric information authenticating step and the electronic certificate authenticating step in the computer If the environment information transmitted by the environment information transmission step is determined to be appropriate by the first authentication device and information indicating that the authentication is correct is received, An installation step of installing the decrypted software is executed.

  The safety judgment method according to the present invention includes a sub-biological information receiving step for receiving biometric information by the first authentication device, and whether the received biometric information is appropriate, the information processing device, the first authentication device or A sub-biological information authentication step determined by the second authentication device; a sub-environment information collection step for collecting environment information including information on peripheral devices connected to the first authentication device or installed software; and the second authentication. A sub-encryption step for encrypting the environmental information collected by the sub-environment information collection step with the personal key of the first authentication device issued from the device; an electronic certificate issued from the second authentication device; A sub-encrypted information transmission step of transmitting the encrypted environment information to the information processing device; and the information processing device from the second authentication device. Using the obtained public key of the second authentication device, the encrypted environment information is decrypted with the public key of the first authentication device acquired from the transmitted electronic certificate, and the decrypted environment information is The sub-electronic certificate authentication step for determining whether the information is appropriate, the sub-environment information database storing the environmental conditions classified according to the information to be transmitted / received, and the decrypted environment information with reference to the information The sub-environment information authentication step for determining whether or not the environment information transmitted by the processing device is appropriate, and the authentication by the sub-biological information authentication step, the sub-environment information authentication step, and the sub-electronic certificate authentication step are all appropriate. And a sub-safety judgment step for judging that the information processing device and the first authentication device are safe when the safety judgment step judges that the safety is safe. And butterflies.

  In the safety determination system according to the present invention, the first authentication device includes: a sub-biological information receiving unit that receives biometric information; a sub-biological information authentication unit that determines whether the received biometric information is appropriate; Sub-environment information collecting means for collecting environment information including information on the installed peripheral device or installed software, and the sub-environment information collecting means using the personal key of the first authentication apparatus issued from the second authentication apparatus Sub-encrypting means for encrypting the environment information collected by the above, a digital certificate issued from the second authentication device, and the sub-encryption for transmitting the encrypted environment information to the information processing device An information transmission unit, wherein the information processing device uses the public key of the second authentication device acquired from the second authentication device, and the first authentication device is acquired from the transmitted electronic certificate. Sub-certificate certificate authentication means that decrypts the encrypted environment information with the public key and determines whether or not the decrypted environment information is appropriate, and the environmental conditions classified according to the information sent and received Sub-environment information authentication means for referring to the sub-environment information database storing the information and the decrypted environment information to determine whether the transmitted environment information is appropriate, the sub-biological information authentication means, the sub-environment A sub-safety judgment that judges that the information processing device and the first authentication device are safe when the authentication by the information authentication means and the sub-digital certificate authentication means are all appropriate and the safety judgment means judges that the information is safe. Means.

  In the present invention, biometric information such as a user's fingerprint is received, and it is determined whether the received biometric information is appropriate. In addition, environmental information including information on peripheral devices connected to the information processing apparatus or installed software is collected. Specifically, information such as the device name and version of the information processing device itself, the name of the device connected to the information processing device, the name of the installed browser, the OS name, and the version are applicable. The information processing apparatus transmits the collected environment information to the first authentication apparatus.

  Further, an electronic certificate issued from a second authentication device such as a certification authority in a third party position and information relating to a commercial transaction encrypted with the personal key of the information processing device are transmitted to the first authentication device. . When the first authentication device receives the electronic certificate and the encrypted information, the first authentication device uses the public key of the second authentication device (certificate authority) acquired from the second authentication device to obtain information from the transmitted electronic certificate. Obtain the public key of the processing device. Then, the information encrypted with the acquired public key of the information processing apparatus is decrypted, and it is determined by using a message digest or the like whether or not the decrypted information is appropriate.

  The first authentication device refers to the environment information database storing the conditions of the environment information classified according to the transmitted / received information and the transmitted information, and determines whether or not the transmitted environment information is appropriate. to decide. That is, when it is necessary to ensure a high level of safety for information to be transmitted and received, the environmental information of the information processing apparatus needs to satisfy environmental conditions that are more severe (higher class). For example, when a high level of safety is required (for example, a stock transaction, a transaction of a high-priced product of 50,000 yen or more), the information processing device is provided on condition that the OS of the information processing device is the latest version. If the OS is the latest version, it is determined that the environment authentication is appropriate. If the OS of the information processing apparatus is not the latest version (for example, an old version OS), there is a possibility that there is a security hole. Therefore, it is judged that environmental certification is not appropriate.

  On the other hand, in the case of low-priced product transactions, it is necessary to ensure convenience rather than safety, so there is no need to satisfy the higher class conditions, even if an older OS with a slight security hole is installed. Make the environmental certification appropriate. For example, in the case of a product transaction of about 100 yen, it is determined that environmental authentication is appropriate even if the OS of the information processing apparatus is an old version. Then, when the authentication by biometric information authentication, environment information authentication, and electronic certificate authentication are all appropriate, the information processing apparatus is judged to be safe, for example, a flag indicating safety is set, and The information shown is notified to the store computer that conducts the business transaction, and the information is transmitted and received between the information processing apparatus and the store computer after ensuring safety. Since it comprised in this way, it becomes possible to implement | achieve smooth transmission / reception of information and commercial transaction, ensuring the safety | security of information processing apparatus. Furthermore, biometric information authentication, electronic certificate authentication and environment authentication are also performed in the first authentication device, biometric information authentication, electronic certificate authentication and environment authentication in the information processing device, and first, biometric information authentication in the authentication device, Only the first authentication device and the information processing device are judged to be safe only when all are judged to be appropriate in the electronic certificate authentication and the environment authentication, and it is possible to ensure a higher level of safety. Become.

  Moreover, in this invention, biometric information, such as a user's fingerprint, is received and the personal authentication of whether the received biometric information is appropriate is performed. As described above, the information processing apparatus transmits the collected environment information to the first authentication apparatus, and the first authentication apparatus authenticates the environment information. When transmitting patch software or the like from the first authentication device to the information processing device, the first authentication device processes the electronic certificate issued by the second authentication device and the software encrypted with the personal key. Send to device.

  When the information processing apparatus receives the electronic certificate and the encrypted software, the information processing apparatus requests a public key from the second authentication apparatus, and uses the public key of the certification authority to disclose the first authentication apparatus from the electronic certificate. Get the key. Then, the software encrypted with this public key is decrypted, and it is determined whether or not the decrypted software is appropriate. Finally, if it is determined that the above-described personal authentication, environment authentication, and authentication using an electronic certificate are all appropriate, the decrypted software is installed in the information processing apparatus. With this configuration, it is possible to prevent spoofing by a third party, and it is possible to provide software such as patch software and firmware to the information processing apparatus while maintaining a high level of safety.

  Furthermore, in the present invention, the information processing apparatus includes a main power supply unit and a sub power supply unit, and the receiving communication unit is configured to receive power from the sub power supply unit. When power is not supplied by the main power supply means, that is, when the main power is not turned on, software encrypted with an electronic certificate and a personal key is transmitted from the first authentication device Receives and stores these pieces of information by a receiving communication means using a sub-battery. Then, when power is supplied by the main power supply means, the stored electronic certificate and software are read out, whether or not the transmitted software is appropriate, identity authentication and environment authentication are performed. Therefore, it is possible to distribute a large amount of patch software to customers who are not turned on while ensuring safety. Further, by providing software that erases data stored after a predetermined date and time from the storage unit as software to be provided in particular, it can be effectively prevented from being used as a stepping stone for DDoS attacks.

  In the present invention, biometric information such as a user's fingerprint is received, and it is determined whether the received biometric information is appropriate. In addition, environmental information including information on peripheral devices connected to the information processing apparatus or installed software is collected. The information processing apparatus transmits the collected environment information to the first authentication apparatus. Further, the electronic certificate issued from the second authentication device, information related to the commercial transaction encrypted with the personal key of the information processing device, and the like are transmitted to the first authentication device. When the first authentication device receives the electronic certificate and the encrypted information, the first authentication device uses the public key of the second authentication device (certificate authority) acquired from the second authentication device to obtain information from the transmitted electronic certificate. Obtain the public key of the processing device. Then, the information encrypted with the acquired public key of the information processing apparatus is decrypted, and it is determined whether or not the decrypted information is appropriate.

  The first authentication device refers to the environment information database storing the conditions of the environment information classified according to the transmitted / received information and the transmitted information, and determines whether or not the transmitted environment information is appropriate. to decide. The information processing apparatus is determined to be safe when authentication by biometric information authentication, environment information authentication, and electronic certificate authentication is all appropriate. Since it comprised in this way, it becomes possible to implement | achieve smooth transmission / reception of information and commercial transaction, ensuring the safety | security of information processing apparatus. Further, the biometric information authentication, the electronic certificate authentication and the environment authentication are also performed in the first authentication device, the biometric information authentication, the electronic certificate authentication and the environment authentication in the information processing device, and the biometric information authentication and the electronic in the first authentication device. In both certificate authentication and environment authentication, both the first authentication device and the information processing device are determined to be safe only when all are determined to be appropriate, so that a higher level of safety can be ensured. .

  Moreover, in this invention, a user's biometric information is received and the personal authentication of whether the received biometric information is appropriate is performed. The information processing apparatus transmits the collected environment information to the first authentication apparatus, and the first authentication apparatus authenticates the environment information. When transmitting patch software or the like from the first authentication device to the information processing device, the first authentication device processes the electronic certificate issued by the second authentication device and the software encrypted with the personal key. Send to device. When the information processing apparatus receives the electronic certificate and the encrypted software, the information processing apparatus requests a public key from the second authentication apparatus, and uses the public key of the certification authority from the electronic certificate to the public key of the first authentication apparatus. To get. Then, the software encrypted with this public key is decrypted, and it is determined whether or not the decrypted software is appropriate. Finally, if it is determined that the above-described personal authentication, environment authentication, and authentication using an electronic certificate are all appropriate, the decrypted software is installed in the information processing apparatus. With this configuration, it is possible to prevent spoofing by a third party, and it is possible to provide software such as patch software and firmware to the information processing apparatus while maintaining a high level of safety.

  Furthermore, in the present invention, the information processing apparatus includes a main power supply unit and a sub power supply unit, and the receiving communication unit is configured to receive power from the sub power supply unit. When power is not supplied by the main power supply means, that is, when the main power is not turned on, software encrypted with an electronic certificate and a personal key is transmitted from the first authentication device Receives and stores these pieces of information by a receiving communication means using a sub-battery. Then, when power is supplied by the main power supply means, the stored electronic certificate and software are read out, whether or not the transmitted software is appropriate, identity authentication and environment authentication are performed. Therefore, it is possible to distribute a large amount of patch software to customers who are not turned on while ensuring safety. In particular, as software to be provided, it is possible to effectively prevent a DDoS attack from being used as a stepping stone by providing software that erases data stored after a predetermined date and time from the storage unit. The invention can have excellent effects.

Hereinafter, the present invention will be described in detail with reference to the drawings illustrating embodiments.
Embodiment 1
In the first embodiment, it is assumed that the information processing apparatus is a mobile phone, and the safety judgment system according to the present invention is applied to a commercial transaction using the mobile phone. Note that the information processing apparatus is not limited to a mobile phone, and may be a personal computer, a copy machine, a printer, a fax machine, a refrigerator, a TV, a DVD player, a PDA (Personal Digital Assistant), an air conditioner, a microwave oven, a robot, or the like. There may be.

  FIG. 1 is a schematic diagram showing an outline of a safety judgment system according to the present invention. In the figure, 1 is a mobile phone as an information processing apparatus, 3 is a second authentication apparatus (hereinafter referred to as a certification authority server) of a certification authority that is in a third party position for issuing an electronic certificate, and 2 is a safety decision authority. A central server 4 as a first authentication device for judging the safety of the mobile phone 1 is a store computer (hereinafter referred to as a Web server) of an online shop that performs online product sales processing. The mobile phone 1 is connected to a communication network (hereinafter referred to as the Internet) N via a mobile phone network (not shown). Yes. The cellular phone 1 is provided with a fingerprint acquisition unit 112 as biometric information receiving means, and has a function of scanning a customer's fingerprint and taking it into the cellular phone 1.

  FIG. 2 is a block diagram showing a hardware configuration of the mobile phone 1. A cellular phone 1 as an information processing device includes a cellular phone engine unit 110 that performs normal functions such as communication, text, and image data transmission and reception, and a safety determination device 5 according to the present invention. In the present embodiment, a safety determination device (hereinafter referred to as a security chip) 5 is an LSI (Large Scale Integrated Circuit) chip and is mounted inside the mobile phone 1.

  The hardware configuration of the mobile phone engine unit 110 will be described below. As shown in the figure, a CPU (Central Processing Unit) 11 has a RAM 12, a ROM 15, an antenna unit 16, a power supply unit 113, a microphone / speaker 111, an AD / DA 20, an external connection terminal 19, and a data display via a bus 17. A display unit 14 such as a liquid crystal display and an input unit 13 composed of numeric keys, cursor keys, selection confirmation keys, and the like are connected. The CPU 11 is connected to the above-described hardware units of the mobile phone 1 via the bus 17 and controls them, and executes various software functions according to the control program 15P stored in the ROM 15.

  The external connection terminal 19 is an interface having 16 cores, for example, and is connected to a personal computer (not shown) or a peripheral device via a USB cable or the like. The RAM 12 is configured by an SRAM (Static Random Access Memory), a flash memory, or the like, and stores temporary data generated when the software is executed. The ROM 15 is composed of, for example, an EEPROM (Electrically Erasable and Programmable ROM) or the like, and an OS (Operating System) that provides a basic operating environment of the mobile phone 1, a BIOS (Basic) that controls peripheral devices connected to the external connection terminal 19, etc. Input / Output System) and software such as Java (registered trademark) that is downloaded or installed in advance is stored.

  Apart from the input unit 13 of the mobile phone engine unit 110, a fingerprint acquisition unit 112 that acquires a customer's fingerprint is provided in the vicinity of the input unit 13 of the mobile phone 1. The fingerprint acquisition unit 112 outputs the scanned fingerprint information to the security chip 5. In the present embodiment, fingerprints are used as biometric information. However, the present invention is not limited to this, and information such as voice, retina, or iris may be used. For example, in the case of voice, the voice is obtained from the microphone / speaker 111, the voice is converted into an electric signal using the AD / DA 20, and output to the CPU 11 to be authenticated by comparing with the voice data of the customer stored in advance. I do.

  Next, the hardware configuration of the security chip 5 will be described. The security chip 5 includes a microprocessor (hereinafter referred to as MPU) 51, a RAM 52, and a ROM 55 such as an EEPROM. The MPU 51 is connected to the above-described RAM 52 and ROM 55 via the bus 57, and controls them, and executes various software functions according to a control program 55P stored in the ROM 55. The ROM 55 stores an electronic certificate file 553 that stores the electronic certificate received from the certification authority server 3, a personal key file 554 that stores the personal key of the mobile phone 1 itself, and a fingerprint information file 552 that stores customer fingerprint information in advance. And an environment information file 551 storing the device name / version of the mobile phone 1, the device name / version of the peripheral device, the software name / version of the installed software, and the like. The personal key of the mobile phone 1 is issued by the certification authority server 3, and the public key of the mobile phone 1 that is paired with this personal key is managed by the certification authority server 3.

  The MPU 51 of the security chip 5 collects environment information of the mobile phone 1 and stores the environment information in the environment information file 551. The MPU 51 acquires the device name / version of the mobile phone 1 stored in advance from the ROM 15 and acquires information of the mobile phone 1 itself. For example, when the information processing apparatus is a mobile phone, the device name / version is acquired. When the information processing apparatus is a microwave oven, the manufacturer name, the device name, the model number, and the like are acquired. Also, the MPU 51 refers to the BIOS of the ROM 15 to acquire information on the device connected to the external connection terminal 19 and store it in the environment information file 551 as one piece of environment information. For example, when a computer (not shown) is connected to the external connection terminal 19, the device name of the computer is acquired. When the information processing apparatus is a personal computer and the PC card is connected to the PC card slot as the external connection terminal 19, the device name of the PC card is acquired.

  The environment information further includes information on software installed in the mobile phone 1. The MPU 51 refers to the OS and software in the ROM 15 and acquires the name and version of the installed software. For example, when the information processing apparatus is a personal computer, environmental information such as Windows (registered trademark) or Linux as the OS name and second edition as the version is acquired, and Internet Explorer (registered trademark) of the browser as installed software Information such as SP2 is acquired as the version. In addition, the name of software described in Java (registered trademark) or the like downloaded through the Internet N is applicable. In this way, the MPU 51 constantly monitors the BIOS, OS, etc. in the ROM, and when new software is installed or when a new device is connected to the external connection terminal 19, such information is stored as environmental information. Collected and stored in the environment information file 551.

  The fingerprint information file 552 is used for personal authentication. For example, when the mobile phone 1 is purchased, the customer's fingerprint is acquired at a store and initially registered in the fingerprint information file 552 in the ROM 55. When the fingerprint information is read and output from the fingerprint acquisition unit 112, the MPU 51 compares the output fingerprint information with the fingerprint information stored in the fingerprint information file 552, and determines whether or not it is appropriate. In the present embodiment, the fingerprint information file 552 used for authentication is provided in the cellular phone 1, but the present invention is not limited to this, and the fingerprint information file 552 is provided in the central server 2 or the certification authority server 3 or the like. Authentication may be performed by the engine server 3 or the like. In this case, fingerprint information encrypted with the personal key of the personal key file 554 is transmitted to the central server 2 or the certification authority server 3 together with the electronic certificate for authentication.

  The electronic certificate file 553 stores an electronic certificate issued from the certification authority server 3, and the personal key file 554 also contains a personal key for the cellular phone 1 issued from the certification authority server 3. It is remembered. The public key for the mobile phone 1 is stored in the certification authority server 3. The MPU 51 encrypts the data relating to the commercial transaction to be transmitted / received, the environment information, the fingerprint information, and the like with the personal key together with the message digest, and transmits the encrypted data and the electronic certificate to the central server 2 or the like via the Internet N.

  FIG. 3 is a block diagram showing a hardware configuration of the central server 2. As shown in the figure, a CPU (Central Processing Unit) 21 is a gateway for transmitting and receiving information to and from a RAM 22, a storage unit 25 such as a hard disk, a mobile phone 1, a certification authority server 3, and a Web server 4 via a bus 27. A communication unit 26 such as a LAN card, a display unit 24 such as a liquid crystal display, and an input unit 23 such as a keyboard and a mouse are connected. The CPU 21 is connected to the above-described hardware units of the central server 2 via the bus 27, controls them, and executes various software functions according to the control program 25P stored in the storage unit 25. To do. The storage unit 25 is provided with an environmental information database (hereinafter referred to as an environmental information DB) 251 in which environmental conditions are stored in accordance with the safety class of information transmitted and received.

  FIG. 4 is an explanatory diagram showing a record layout of the environment information DB 251. As shown in the figure, environmental information conditions are stored according to the class. The class field is classified into 1 to 6 according to the importance of the safety of information transmitted and received, and class 1 indicates the highest level of safety and class 6 indicates that the level of safety is the lowest. . As shown in the amount information field and the product information field, if the transaction is a small amount of about 100 yen, or if the product is a low-priced product such as a ringtone (hereinafter called ringtone), a smoother transaction than safety The class is set to 6 because it needs to be emphasized. On the other hand, in the case of a transaction of a high-priced product of 50000 yen or more, if the product is a stock certificate or the like, the class is set to 1 because it is necessary to ensure high safety.

  The device information field in the environmental condition field stores the device name / version of the customer's mobile phone 1 in association with the class. For example, in the case of the class 1, it is a condition that the mobile phone 1 is the latest model S004, F004, and N004. Unless the condition is satisfied as environmental information, it is not determined to be appropriate in environmental authentication. In particular, for S004, the version of the mobile phone 1 is also required to be 2.0 or more. On the other hand, in the case of class 6, in addition to S001, which is an old model, in addition to S001, S002, S003, and S004, similarly, if the cellular phone 1 is F001 to F004 and N001 to N004, it is determined to be appropriate. .

  Similarly, in the peripheral device field, the device name and version of the peripheral device are stored for each class, and are used for environment authentication. For example, in the case of class 6, even if peripheral devices XX, XY, etc. are connected, it is determined as appropriate in environmental authentication. On the other hand, in the case of class 1, the condition of the corresponding peripheral device is not stored, and if the peripheral device information is transmitted from the mobile phone 1 as the environmental information, it is not determined to be appropriate. That is, in the case of class 1, it is determined that the environment authentication is inappropriate even if any peripheral device is connected. These pieces of information store information provided by each vendor.

  Similarly, the software field stores the software name and version according to the class. Class 1 is software C, and it is determined to be appropriate when the version is 3.0 or higher. On the other hand, in the case of class 6, if it is software C and the version is 1.0 or more, it is determined to be appropriate. The reason why safety is determined by providing a class in this way is in consideration of the balance between smooth business transactions and maintenance of safety. For example, when the information processing apparatus is a personal computer, the installed browser differs depending on the customer. For example, in Internet Explorer (registered trademark) of Microsoft (registered trademark), there are a plurality of versions, and the number of security holes decreases as the version increases.

  If a high level of safety is required, it may be possible to obtain environmental information, determine that it is appropriate only if the browser is the latest version without security holes, and allow subsequent commercial transactions. Then, customers who don't have the latest version will not be able to do business at all and lack validity. Therefore, if it is a low-priced product that does not require much safety, the authentication class will be lowered, and even if the browser is a little older, it will be judged to be appropriate under certain conditions and allow commercial transactions. .

  With the above hardware configuration, the safety judgment processing procedure according to the present invention will be described with reference to a flowchart. FIG. 5 is a flowchart showing the procedure of the commercial transaction between the Web server 4 and the mobile phone 1. First, the URL (Uniform Resource Locator) of the Web server 4 of the online shop that conducts the commercial transaction is input to the input unit 13 of the mobile phone 1, and an acquisition request for the product ordering page is made to the Web server 4 (step S51). The Web server 4 as an HTTP (Hypertext Transfer Protocol) server reads a corresponding cHTML (compact hypertext markup language) file from a storage unit (not shown) (step S52), and transmits the read cHTML file to the mobile phone 1 (step S53). .

  The CPU 11 of the mobile phone 1 analyzes the received cHTML using browser software stored in the ROM 15 and displays a Web page for commerce as shown in FIG. 6 (step S54). FIG. 6 is an explanatory diagram showing an image of a Web page. As shown in the figure, the display unit 14 displays information about the product to be ordered, quantity, and amount. The customer operates the input unit 13 to select the product and quantity to be ordered. When the product is selected, the CPU 11 executes the Java script transmitted at the same time as the cHTML file, calculates the total amount, and displays it. The online shop in the present embodiment sells computer-related devices such as personal computers, printers, disk drives, etc., and shows that a customer orders one 29800 yen inkjet printer. That is, the customer inputs money amount information or product information as order information related to the commercial transaction. In addition, an address, telephone number, name, ID, password, and the like may be input.

  In this way, order information is input from the input unit 13, and the CPU 11 accepts the order information (step S55). Then, when the “Place Order” button shown in FIG. 6 is selected, the process proceeds to a safety determination process (step S56). The processing after step S57 will be described later. Hereinafter, a subroutine of the safety determination process that is a feature of the present invention will be described with reference to a flowchart.

  7 to 12 are flowcharts showing the procedure of the safety judgment process. When the order information is input, the MPU 51 of the security chip 5 executes the control program 55P and displays a fingerprint information acquisition request on the display unit 14 (step S71). The contents to be displayed are stored in the ROM 55 in advance. For example, information such as “Put your thumb on the fingerprint acquisition unit” may be read and output to the display unit 14. When fingerprint information is input from the fingerprint acquisition unit 112, the MPU 51 of the security chip 5 receives the fingerprint information (step S72) and temporarily stores it in the RAM 52. Then, the MPU 51 reads the fingerprint information stored in advance in the fingerprint information file 552 of the ROM 55 at the time of purchase of the mobile phone 1 and compares it with the fingerprint information stored in the RAM 52, that is, the fingerprint information authentication is appropriate. It is determined whether or not there is (step S73).

  If the fingerprints match and it is determined that fingerprint information authentication is appropriate (YES in step S73), a fingerprint authentication appropriate flag is set, and the set fingerprint authentication appropriate flag is transmitted to the central server 2 (step S75). On the other hand, if the fingerprints do not match and it is determined that fingerprint information authentication is inappropriate (NO in step S73), the fingerprint authentication inappropriate flag is set, and the set fingerprint authentication inappropriate flag is transmitted to the central server 2. (Step S74). The CPU 21 of the central server 2 stores the transmitted fingerprint authentication flag (fingerprint authentication appropriate flag or fingerprint authentication inappropriate flag) in the storage unit 25 (step S77). In the present embodiment, biometric authentication using a fingerprint is executed in the mobile phone 1, but fingerprint information collected in advance is stored in the authentication authority server 3 or the central server 2, and the authentication authority server 3 Alternatively, the central server 2 may make the determination. Thereby, the biometric authentication using the fingerprint is completed.

  Subsequently, the process proceeds to authentication using an electronic certificate. The MPU 51 of the security chip 5 calculates a message digest using the hash function stored in the ROM 55 for the order information input in step S55 (step S76). The MPU 51 reads from the personal key file 554 the personal key of the mobile phone 1 that has been issued in advance from the certification authority server 3, and encrypts the order information and the message digest (step S81). Further, the MPU 51 reads an electronic certificate issued in advance in the certification authority server 3 from the electronic certificate file 553, and transmits the electronic certificate attached to the encrypted order information and message digest to the central server 2 (step). S82). The CPU 21 of the central server 2 stores the transmitted electronic certificate, encrypted order information, and message digest in the RAM 22.

  The CPU 21 of the central server 2 accesses the certificate authority server 3 described in the electronic certificate and requests acquisition of the public key (certificate authority public key) of the received electronic certificate (step S83). The certification authority server 3 transmits the public key of the electronic certificate to the central server 2 (step S84). The CPU 21 of the central server 2 reads out the stored electronic certificate from the RAM 22, decrypts the electronic certificate using the public key of the certification authority transmitted from the certification authority server 3, and obtains the public key of the mobile phone 1 ( Step S85).

  The CPU 21 of the central server 2 decrypts the order information and message digest encrypted using the acquired public key of the mobile phone 1 (step S91). Further, the CPU 21 calculates a message digest for the decrypted order information using the hash function stored in the storage unit 25 of the central server 2 (step S92). The CPU 21 of the central server 2 determines whether or not the message digest decrypted in step S91 matches the message digest calculated in step S92, that is, whether or not the order information has been tampered with in the middle of transmission, and the authorized customer's mobile phone It is determined whether or not information is transmitted / received from the telephone 1 (step S93).

  If the message digests do not match (NO in step S93), the CPU 21 determines that some tampering or impersonation has occurred, and sets an inappropriate flag for electronic certificate authentication (step S95). On the other hand, if the message digests match (YES in step S93), an appropriate flag for electronic certificate authentication is set assuming that there is no impersonation and tampering (step S94). Then, the CPU 21 of the central server 2 stores an electronic certificate authentication flag (electronic certificate authentication appropriate flag or electronic certificate authentication inappropriate flag) in the storage unit 25 (step S96). Thereby, the authentication using the electronic certificate is completed.

  Next, environmental authentication will be described. The MPU 51 of the security chip 5 acquires the environment information of the mobile phone 1 (step S101). As described above, the environmental information is collected by the MPU 51 residently monitoring the OS, BIOS and installed software in the ROM 15 of the mobile phone 1, and the device name, OS name, version, external connection terminal 19 of the mobile phone 1. This is done by collecting the device name and version of peripheral devices connected to the PC, and the software name and version of software such as an installed browser. The collected environment information is stored in the environment information file 551 (step S102).

  The MPU 51 reads out the environmental information collected from the environmental information file 551 and transmits it to the central server 2 (step S103). The CPU 21 of the central server 2 stores the transmitted environment information in the RAM 22. The CPU 21 of the central server 2 reads out the class corresponding to the order information decrypted in step S91 with reference to the environment information file 251 (step S104). That is, the CPU 21 refers to the price information or product information field, and reads the corresponding class from the class field based on the traded price or product in the order information. For example, when the amount of the product to be ordered exceeds 50,000 yen, class 1 is selected.

  The CPU 21 reads the environment information condition corresponding to the read class from the environment information DB 251 (step S105). That is, based on the read class, the corresponding device name / version, software name / version, and device name / version of the peripheral device are read from the environmental condition field. And CPU21 memorize | stored in RAM22 and judges whether the received environmental information satisfy | fills the conditions of the read environmental information (step S111). If the condition is not satisfied (NO in step S111) (for example, if the class is 1 and version 2.0 of software C is transmitted as environment information, the condition of version 3.0 or higher is not satisfied), environment authentication is not successful. An appropriate flag is set (step S112). On the other hand, if the condition is satisfied (YES in step S111), an environmental authentication appropriate flag is set (step S113). For example, if the class is 1 as the condition, the environment information is “the device name of the mobile phone 1 is the latest model F004, the version is 2.0, the software is the version C of the software C, and the peripheral device is installed. If nothing is connected to ", it is determined that the environment is appropriate. The CPU 21 of the central server 2 stores an environment authentication flag (environment authentication appropriate flag or environment authentication inappropriate flag) in the storage unit 25 (step S114). This completes the environment authentication.

  The CPU 21 reads the fingerprint authentication flag, the electronic certificate flag, and the environment authentication flag stored in the storage unit 25, and whether or not all of the fingerprint authentication appropriate flag, the electronic certificate appropriate flag, and the environment authentication appropriate flag are set in the AND condition. Is determined (step S115). If all the appropriate flags are set (YES in step S115), the mobile phone 1 is determined to be safe and the safety flag is set (step S121). In other words, the mobile phone 1 is determined to be appropriate only when it is determined to be appropriate in all of biometric authentication, electronic certificate authentication (PKI authentication), and environmental authentication. The CPU 21 of the central server 2 transmits safety assurance information and order information indicating safety to the Web server 4 (step S122).

  On the other hand, if any one of the biometric authentication, electronic certificate authentication (PKI authentication), and environment authentication is set, the improper flag is set (step S123). In this case, the CPU 21 transmits danger information indicating that the mobile phone 1 is dangerous to the Web server 4 (step S124), and ends the safety judgment subroutine (step S56).

  In FIG. 5, the Web server 4 determines whether or not the danger information of the mobile phone 1 has been received from the central server 2 (step S57). If the danger information has not been received (NO in step S57), the Web server 4 determines whether or not safety assurance information and order information have been received (step S58). If the safety guarantee information and the order information have not been received (NO in step S58), and if YES in step S57, the mobile phone 1 is likely to be fraudulent, and information requesting the suspension of the commercial transaction is sent to the mobile phone 1. Transmit (step S59). On the other hand, if the safety guarantee information and the order information are received (YES in step S58), it is assumed that the safety of the mobile phone 1 is guaranteed, and the order has been officially received and the order has been received. The received order confirmation information is transmitted to the mobile phone 1 (step S510). In this way, prior to business transactions, identity authentication, PKI authentication and environmental authentication are performed to ensure sufficient safety, and smooth business transactions are realized by changing the authentication level according to the value of the product being traded. It becomes possible.

Embodiment 2
FIG. 13 is a block diagram showing a hardware configuration of mobile phone 1 according to the second embodiment. The computer program to be executed by the mobile phone 1 according to the first embodiment can be preinstalled and provided in the mobile phone 1 as in the second embodiment, or can be provided by a CD-ROM, MO, memory card, etc. It is also possible to provide a portable recording medium. Furthermore, it is also possible to provide a computer program as a carrier wave via a line. That is, instead of mounting the security chip 5, a computer program having the same function as the security chip 5 may be installed in the ROM 15 of the mobile phone 1. The contents will be described below.

  A recording medium 1a (CD-) recorded with a program for causing the mobile phone 1 shown in FIG. 13 to authenticate biometric information, collect environmental information, transmit environmental information, transmit encrypted information, and determine safety. ROM, MO, memory card, DVD-ROM, etc.) are installed in the ROM 15 of the mobile phone 1. As an installation method, a recording medium 1a such as a memory card that can be connected to the external connection terminal 19 is inserted and the program is installed, or the program according to the present invention is downloaded from the central server 2. Such a program is loaded into the RAM 12 of the mobile phone 1 and executed. Thereby, it functions as the mobile phone 1 as the information processing apparatus of the present invention as described above.

Embodiment 3
In the first embodiment, the biometric information is authenticated by the security chip 5, but may be executed by the central server 2 or the certification authority server 3. The third embodiment is a form in which authentication of biometric information is executed in the central server 2, and a form to which the present invention is applied when a security policy is determined in advance will be described.

  FIG. 14 is a block diagram illustrating a hardware configuration of the mobile phone 1 according to the third embodiment, and FIG. 15 is a block diagram illustrating a hardware configuration of the central server 2. As shown in FIGS. 14 and 15, since authentication of biometric information is executed by the central server 2, the fingerprint information file 252 for authentication is stored not in the mobile phone 1 but in the storage unit 25 of the central server 2. For authentication fingerprint information, ask the customer to visit a store, service center, etc. before authentication, confirm the identity with a driver's license or passport, and then read the fingerprint on the spot. You can make initial registration.

  16 to 20 are flowcharts showing the procedure of the safety judgment process according to the third embodiment. First, the MPU 51 of the security chip 5 transmits a signal indicating the start of safety confirmation to the central server 2 in order to perform subsequent communication (step S161). When the CPU 21 of the central server 2 receives the confirmation start signal, it determines a communication safety class (step S162). This class is determined according to a predetermined security policy. For example, if high safety is required for subsequent communications, such as issuance of resident cards, stock transactions, etc., it will be determined as Class 1, and ringtones, standby screen image data, etc. will not require much safety. , Class 6. In addition, in the payment of utility bills, etc., it is determined as Class 3 in order to ensure moderate safety.

  After determining the class, the CPU 21 of the central server 2 transmits a response signal to the confirmation start signal to the mobile phone 1 (step S163). When the response signal is received, the MPU 51 of the security chip 5 executes the control program 55P and displays a fingerprint information acquisition request on the display unit 14 (step S164). The contents to be displayed are stored in the ROM 55 in advance. For example, information such as “Put your thumb on the fingerprint acquisition unit” may be read and output to the display unit 14. When fingerprint information is input from the fingerprint acquisition unit 112, the MPU 51 of the security chip 5 receives the fingerprint information and temporarily stores it in the RAM 52 (step S165).

  Then, the MPU 51 of the security chip 5 acquires the environment information of the mobile phone 1 (step S166). As described above, the environmental information is collected by the MPU 51 residently monitoring the OS, BIOS and installed software in the ROM 15 of the mobile phone 1, and the device name, OS name, version, external connection terminal 19 of the mobile phone 1. This is done by collecting the device name and version of peripheral devices connected to the PC, and the software name and version of software such as an installed browser. The collected environment information is stored in the environment information file 551 (step S167).

  The MPU 51 of the security chip 5 reads out the biological information stored in the RAM 52 and the environmental information stored in the environmental information file 551 (step S168). The MPU 51 of the security chip 5 calculates a message digest using the hash function stored in the ROM 55 for the read biometric information and environment information (step S169). The MPU 51 reads from the personal key file 554 the personal key of the mobile phone 1 that has been issued in advance from the certification authority server 3, and encrypts the biometric information, the environment information, and the message digest (step S171). Further, the MPU 51 reads the electronic certificate issued in advance in the certification authority server 3 from the electronic certificate file 553, and transmits the encrypted biometric information, environment information, and message digest to the central server 2 with the electronic certificate attached thereto. (Step S172). The CPU 21 of the central server 2 stores the transmitted electronic certificate, encrypted biometric information, environment information, and message digest in the RAM 22. In this embodiment, both the biological information and the environment information are encrypted and transmitted. However, only either the biological information or the environment information may be encrypted and transmitted.

  The CPU 21 of the central server 2 accesses the certificate authority server 3 described in the electronic certificate, and requests acquisition of the public key (certificate authority public key) of the received electronic certificate (step S173). The certification authority server 3 transmits the public key of the electronic certificate to the central server 2, and the central server 2 receives the public key of the transmitted electronic certificate (step S174). The CPU 21 of the central server 2 reads the stored electronic certificate from the RAM 22, decrypts the electronic certificate using the public key of the certification authority transmitted from the certification authority server 3, and obtains the public key of the mobile phone 1 (step) S175).

  The CPU 21 of the central server 2 decrypts the biometric information, the environment information, and the message digest encrypted using the acquired public key of the mobile phone 1 (step S181). Further, the CPU 21 calculates a message digest using the hash function stored in the storage unit 25 of the central server 2 for the decrypted biometric information and environment information (step S182). The CPU 21 of the central server 2 determines whether or not the message digest decrypted in step S181 matches the message digest calculated in step S182, that is, whether the biometric information and the environment information are not falsified during transmission, or is authorized. It is determined whether or not information is transmitted / received from the customer's mobile phone 1 (step S183).

  If the message digests do not match (NO in step S183), the CPU 21 determines that there has been any falsification or impersonation, and sets an inappropriate flag for electronic certificate authentication (step S185). On the other hand, if the message digests match (YES in step S183), an appropriate flag for electronic certificate authentication is set assuming that there is no impersonation and tampering (step S184). Then, the CPU 21 of the central server 2 stores an electronic certificate authentication flag (an electronic certificate authentication appropriate flag or an electronic certificate authentication inappropriate flag) in the storage unit 25 (step S186).

  Subsequently, the CPU 21 of the central server 2 reads authentication fingerprint information registered in advance from the fingerprint information file 252 (step S187). The CPU 21 compares the decrypted fingerprint information with the read fingerprint information for authentication and determines whether or not they match, that is, whether or not the fingerprint information authentication is appropriate (step S191).

  If the fingerprints match and it is determined that fingerprint information authentication is appropriate (YES in step S191), a fingerprint authentication appropriate flag is set (step S192). On the other hand, if the fingerprints do not match and it is determined that fingerprint information authentication is inappropriate (NO in step S191), a fingerprint authentication inappropriate flag is set (step S193). The CPU 21 of the central server 2 stores the fingerprint authentication flag (fingerprint authentication appropriate flag or fingerprint authentication inappropriate flag) in the storage unit 25 (step S194).

  The CPU 21 of the central server 2 reads the environment information conditions corresponding to the class determined in step S162 from the environment information DB 251 (step S195). Then, the CPU 21 determines whether or not the decrypted environment information satisfies the condition of the environment information read in step S195 (step S196). If the condition is not satisfied (NO in step S196), the environment authentication inappropriate flag is set (step S198). On the other hand, if the condition is satisfied (YES in step S196), an environmental authentication appropriate flag is set (step S197). The CPU 21 of the central server 2 stores an environment authentication flag (environment authentication appropriate flag or environment authentication inappropriate flag) in the storage unit 25 (step S201).

  The CPU 21 reads the fingerprint authentication flag, the electronic certificate flag, and the environment authentication flag stored in the storage unit 25, and whether or not all of the fingerprint authentication appropriate flag, the electronic certificate appropriate flag, and the environment authentication appropriate flag are set in the AND condition. Is determined (step S202). If all appropriate flags are set (YES in step S202), the mobile phone 1 is determined to be safe and a safety flag is set (step S203). In other words, the mobile phone 1 is determined to be appropriate only when it is determined to be appropriate in all of biometric authentication, electronic certificate authentication (PKI authentication), and environmental authentication. The CPU 21 of the central server 2 transmits a signal indicating that communication is continued to the mobile phone 1 or the Web server 4 (step S204).

  On the other hand, if at least one of the biometric authentication, electronic certificate authentication (PKI authentication), and environment authentication is set, the improper flag is set (step S205). In this case, the CPU 21 transmits a signal indicating the end of communication to the mobile phone 1 or the Web server 4 (step S206).

Embodiment 4
The fourth embodiment relates to a safety judgment system applied when patch software and firmware are provided. In a PDA, a mobile phone, a refrigerator, an air conditioner, a printer, and the like, a bug in the built-in software may be found. In this case, it is necessary to provide patch software. In some cases, firmware having an additional function is provided. In the fourth embodiment, a safety judgment system capable of providing such software to a customer while ensuring safety will be described.

  FIG. 21 is a block diagram showing a hardware configuration of mobile phone 1 according to the fourth embodiment. Reference numeral 114 shown in FIG. 21 denotes main power supply means (hereinafter referred to as a main power supply unit) that supplies power to the mobile phone engine unit 110, and uses a lithium battery or the like. Electric power is supplied from the main power supply unit 114 to the mobile phone engine unit 110 and the security chip 5 by operating an on button (not shown) of the input unit 13, and the mobile phone engine unit 110 is operated from the main power supply unit 114 by operating an off button (not shown). In addition, the power to the security chip 5 is cut off and the mobile phone 1 is turned off.

  On the other hand, the sub power supply means (hereinafter referred to as sub power supply unit) 115 uses, for example, a coin-type lithium battery, and the main power unit 114 does not supply power to the mobile phone engine unit 110 and the security chip 5. Even in this case, power is supplied to the second ROM 116 serving as a storage unit and the sub antenna unit 117 serving as a reception communication unit. When power is supplied from the main power supply unit 114, that is, when the mobile phone is powered on, when software is transmitted from the central server 2, the software receives the software from the antenna unit 16, and the CPU 11 Software is stored in the ROM 15. In this case, power supply by the sub power supply unit 115 is not performed.

  On the other hand, when power is not supplied from the main power supply unit 114, that is, when the mobile phone 1 is turned off, the sub power supply unit 115 supplies power to the sub antenna unit 117 and the second ROM 116. When software is transmitted from the central server 2, the secondary antenna unit 117 receives the software, stores the received software in the second ROM 116, and stores the software stored in the second ROM 116 when power from the main power supply is supplied. Is written into the ROM 15. The sub-antenna unit 117 may be a known FM text multiplex broadcast receiving module, for example. In this case, the central server transmits an FM character broadcast including software via the FM broadcast station. When the FM character multiplex broadcast receiving module which is the sub-antenna unit 117 receives the FM character broadcast, the software data described in the DARC standard character code is converted into the source code described in C language, Java or the like. . Finally, the MPU 51 of the security chip 5 performs personal authentication, PKI authentication, and environment authentication, and then installs software in the ROM 15.

  FIG. 22 is a block diagram showing a hardware configuration of the central server 2. As shown in FIG. 22, the storage unit 25 stores various software such as patch software, firmware, plug-in software, and vaccine that have been authenticated by the certification authority server 3. These software are provided by software companies. The electronic certificate file 253 stores the electronic certificate of the central server 2 that has been issued in advance from the certification authority server 3, and the personal key file 254 similarly has the central certificate that has been issued in advance from the certification authority server 3. The personal key of the server 2 is stored.

  A software providing process in which safety is guaranteed in the above hardware configuration will be described using a flowchart. 23 to 29 are flowcharts showing the procedure of the software providing process according to the fourth embodiment. First, the CPU 21 of the central server 2 makes a call to the mobile phone 1 and makes an acquisition request for information on whether the main power is on or off (step S231). The mobile phone 1 transmits information on whether the main power is on or off (step S232). The central server 2 determines whether or not the main power is on (step S233). If the main power is on (YES in step S233), the safety class is determined as described in step S162 (step S233). S234). This security may be determined by the administrator according to the importance of the software provided. For example, in the case of patch software or vaccine software, class 1 is determined to increase safety, and software with low safety such as game software is determined as class 6.

  The CPU 21 of the central server 2 transmits an authentication start signal to the mobile phone 1 (step S235). The MPU 51 of the security chip 5 that has received the authentication start signal executes the control program 55P and displays a fingerprint information acquisition request on the display unit 14 (step S236). When fingerprint information is input from the fingerprint acquisition unit 112, the MPU 51 of the security chip 5 receives the fingerprint information (step S237) and temporarily stores it in the RAM 52. Then, the MPU 51 reads the fingerprint information stored in advance in the fingerprint information file 552 of the ROM 55 at the time of purchase of the mobile phone 1 and compares it with the fingerprint information stored in the RAM 52, that is, the fingerprint information authentication is appropriate. It is determined whether or not there is (step S241).

  If the fingerprints match and it is determined that fingerprint information authentication is appropriate (YES in step S241), a fingerprint authentication appropriate flag is set (step S243). On the other hand, if the fingerprints do not match and it is determined that fingerprint information authentication is inappropriate (NO in step S241), a fingerprint authentication inappropriate flag is set (step S242). The MPU 51 stores the transmitted fingerprint authentication flag (fingerprint authentication appropriate flag or fingerprint authentication inappropriate flag) in the storage unit 55 (step S244).

  Next, the MPU 51 of the security chip 5 acquires the environment information of the mobile phone 1 (step S245). The collected environment information is stored in the environment information file 551 (step S246). The MPU 51 reads out the environment information collected from the environment information file 551 and transmits it to the central server 2 (step S247). The CPU 21 of the central server 2 stores the transmitted environment information in the RAM 22. The CPU 21 of the central server 2 reads out the environment information condition corresponding to the class determined in step S162 from the environment information DB 251 (step S248).

  Then, the CPU 21 determines whether or not the received environment information satisfies the condition of the read environment information stored in the RAM 22 (step S251). If the condition is not satisfied (NO in step S251), the environment authentication inappropriate flag is set (step S253). On the other hand, if the condition is satisfied (YES in step S251), an environmental authentication appropriate flag is set (step S252). The CPU 21 of the central server 2 stores an environment authentication flag (environment authentication appropriate flag or environment authentication inappropriate flag) in the storage unit 25 (step S254) and transmits it to the mobile phone 1 (step S255). The MPU 51 of the security chip 5 that has received the environment authentication flag stores the environment authentication flag (environment authentication appropriate flag or environment authentication inappropriate flag) in the storage unit 55 (step S256).

  Further, the CPU 21 of the central server 2 reads the software for provision stored in the storage unit 25 from the storage unit 25 (step S257). The CPU 21 calculates a message digest for the read software using the hash function stored in the storage unit 25 (step S258). The CPU 21 reads the personal key of the central server 2 previously issued from the certification authority server 3 from the personal key file 254, and encrypts the software and the message digest (step S259). The CPU 21 reads the electronic certificate issued in advance in the certification authority server 3 from the electronic certificate file 253, attaches the electronic certificate to the encrypted software and message digest, and transmits the electronic certificate to the mobile phone 1 (step S261). The MPU 51 of the security chip 5 stores the transmitted electronic certificate, encrypted software, and message digest in the RAM 52.

  The MPU 51 of the security chip 5 accesses the certification authority server 3 described in the electronic certificate, and requests acquisition of the public key of the received electronic certificate (the public key of the certification authority) (step S262). The certification authority server 3 transmits the public key of the electronic certificate to the mobile phone 1, and the MPU 51 of the security chip 5 receives the transmitted public key (step S263). The MPU 51 reads the stored electronic certificate from the RAM 52, decrypts the electronic certificate using the public key of the certification authority transmitted from the certification authority server 3, and acquires the public key of the central server 2 (step S264).

  The MPU 51 of the security chip 5 decrypts the encrypted software and message digest using the acquired public key of the central server 2 (step S265). Further, the MPU 51 calculates a message digest in the decrypted software using the hash function stored in the ROM 55 of the security chip 5 (step S266). The MPU 51 confirms whether or not the message digest decoded in step S265 matches the message digest calculated in step S266, that is, whether the software has been tampered with in the middle of transmission, and information is transmitted / received from the authorized central server 2. It is determined whether or not it is a new one (step S271).

  If the message digests do not match (NO in step S271), the MPU 51 determines that some tampering or impersonation has occurred, and sets an inappropriate flag for electronic certificate authentication (step S272). On the other hand, if the message digests match (YES in step S271), an appropriate flag for electronic certificate authentication is set assuming that there is no impersonation and tampering (step S273). Then, the MPU 51 of the security chip 5 stores an electronic certificate authentication flag (electronic certificate authentication appropriate flag or electronic certificate authentication inappropriate flag) in the ROM 55 (step S274).

  The MPU 51 reads the fingerprint authentication flag, the electronic certificate flag, and the environment authentication flag stored in the ROM 55, and determines whether all of the fingerprint authentication appropriate flag, the electronic certificate appropriate flag, and the environment authentication appropriate flag are set under the AND condition. (Step S275). If all the appropriate flags are set (YES in step S275), it is determined that the transmitted software is safe and the safety flag is set (step S278). The MPU 51 of the security chip 5 installs the software decrypted in step S265 in the ROM 15 of the mobile phone engine unit 110 (step S2710). Then, the MPU 51 transmits a signal indicating that the installation is completed to the central server 2 (step S2711).

  On the other hand, if any one of the biometric authentication, electronic certificate authentication (PKI authentication), and environment authentication is set (NO in step S275), the inappropriate flag is set (step S279). . In this case, the MPU 51 transmits a signal indicating that installation is refused to the central server 2 (step S2712).

  If NO in step S233, that is, if the main power supply of the mobile phone 1 is off, the CPU 21 of the central server 2 reads the software for provision stored in the storage unit 25 from the storage unit 25 (step S281). The CPU 21 calculates a message digest using the hash function stored in the storage unit 25 in the read software (step S282). The CPU 21 reads the personal key of the central server 2 previously issued from the certificate authority server 3 from the personal key file 254, and encrypts the software and the message digest (step S283). The CPU 21 reads an electronic certificate issued in advance in the certification authority server 3 from the electronic certificate file 253, attaches the electronic certificate to the encrypted software and message digest, and FM broadcast station computer (not shown). (Step S284).

  The FM broadcast station computer converts the digital certificate, encrypted software, and message digest into DARC standard broadcast data, and multiplexes it into FM music data and broadcast data by an FM text broadcast multiplex circuit (not shown). . These data are FM-modulated by an FM modulation oscillator and broadcast. The cellular phone 1 receives the FM text broadcast from the sub-antenna unit 117 (step S285), converts the data described in the DARC standard character code, and extracts the electronic certificate, the encrypted software, and the message digest. A technique related to FM text broadcasting using the DARC standard is disclosed in Japanese Patent Laid-Open No. 10-116237.

  The converted electronic certificate, software, and message digest are stored in the second ROM 116 (step S286). When supply of power by the main power supply unit 114 is started by the operation of the customer input unit 13 (step S291), fingerprint authentication is performed in the same manner as the processing described in steps S236 to S244 (step S292). Environment authentication is performed in the same manner as the processing described in steps S245 to S256 (step S294), and authentication using an electronic certificate is performed in the same manner as the processing described in steps S262 to S274 (step S293). When performing authentication using an electronic certificate, the CPU 51 reads out the electronic certificate, encrypted software, and message digest stored in the second ROM 116, stores them in the RAM 52, and then performs authentication using the electronic certificate. . That is, the public key acquired from the certification authority server 3 is used to acquire the public key from the electronic certificate, the software encrypted with the acquired public key is decrypted, and whether or not the decrypted software is appropriate. Judging.

  The MPU 51 reads the fingerprint authentication flag, the electronic certificate flag, and the environment authentication flag stored in the ROM 55, and determines whether all of the fingerprint authentication appropriate flag, the electronic certificate appropriate flag, and the environment authentication appropriate flag are set under the AND condition. (Step S295). If all appropriate flags are set (YES in step S295), it is determined that the transmitted software is safe, and a safety flag is set (step S296). The MPU 51 of the security chip 5 installs the decrypted software in the ROM 15 of the mobile phone engine unit 110 (step S298). Then, the MPU 51 transmits a signal indicating that the installation is completed to the central server 2 (step S299).

  On the other hand, if at least one of the biometric authentication, electronic certificate authentication (PKI authentication), and environment authentication is set (NO in step S295), the improper flag is set (step S297). . In this case, the MPU 51 transmits a signal indicating that installation is refused to the central server 2 (step S2910).

  The software provided from the central server 2 may be software for deleting software in the mobile phone 1 that has been the target of the DDoS attack, in addition to patch software and the like. For example, when software (program) for performing a DDoS attack is set in a predetermined Web server after several days for some reason, the software that has undergone the authentication of the present invention is provided. The provided software stores date / time information and erases all data stored after the date / time stored by installing and executing the software.

  FIG. 30 is a flowchart showing the processing contents of the installed erasing software. In step S298, erasing software is installed in the ROM 15. The customer causes the CPU 11 to execute deletion software by operating the input unit 13 (step S301). The CPU 11 reads the storage history in the ROM 15 (step S302). Specifically, stored data such as files and installed software, and information on the date and time when those data are stored are read out. The CPU 11 reads date / time information from the execution program of the erasing software (step S303). Then, referring to the read storage history, all the data stored after the read date and time are erased (step S304). Thereby, it is possible to prevent the mobile phone 1 used as a platform for the DDoS attack from being used for the attack.

Embodiment 5
FIG. 31 is a block diagram showing a hardware configuration of mobile phone 1 according to the fifth embodiment. The computer program to be executed by the mobile phone 1 according to the fourth embodiment can be provided by being preinstalled in the mobile phone 1 as in the fifth embodiment, or can be provided by a CD-ROM, MO, memory card, etc. It is also possible to provide a portable recording medium. Furthermore, it is also possible to provide a computer program as a carrier wave via a line. That is, instead of mounting the security chip 5, a computer program having the same function as the security chip 5 may be installed in the ROM 15 of the mobile phone 1. The contents will be described below.

  31 is a recording medium 1a (CD-ROM, CD-ROM, which stores a program for authenticating biometric information, collecting environmental information, transmitting environmental information, authenticating with an electronic certificate, and installing the mobile phone 1 shown in FIG. MO, memory card, DVD-ROM, etc.) are installed in the ROM 15 of the mobile phone 1. As an installation method, a recording medium 1a such as a memory card that can be connected to the external connection terminal 19 is inserted and the program is installed, or the program according to the present invention may be downloaded from the central server 2. . Such a program is loaded into the RAM 12 of the mobile phone 1 and executed. Thereby, it functions as the mobile phone 1 as the information processing apparatus of the present invention as described above.

Embodiment 6
In the present embodiment, when all of the biometric information authentication, the environment authentication, and the electronic certificate authentication are determined to be appropriate in both the mobile phone 1 and the central server 2, the mobile phone 1 and the central server 2 are determined to be safe. A technique for permitting subsequent transmission / reception of information will be described.

  FIG. 32 is a block diagram showing a hardware configuration of the mobile phone 1 according to the sixth embodiment, and FIG. 33 is a block diagram showing a hardware configuration of the central server 2 according to the sixth embodiment. As shown in FIG. 32, in the present embodiment, the environment information DB 151 is prepared in the ROM 15 of the mobile phone 1 in order to perform the environment authentication of the central server 2 also in the mobile phone 1. As in the case described with reference to FIG. 4, the conditions for the environmental information for peripheral devices, PC cards (not shown), installed OS, software, etc. connected to the external communication port 29 of the central server 2 are the security policy. Is stored in association with the class.

  The fingerprint acquisition unit 212 and the security chip 5 are connected to the CPU 21 via the bus 27 so that the central server 2 can also be authenticated by the mobile phone 1. Since these details are the same as those already described in the first embodiment, detailed description thereof is omitted. Reference numeral 29 denotes an external communication port such as a USB port or an RS232C port to which peripheral devices such as a printer, a mouse, a hard disk, and an MO are connected.

  In the present embodiment, when all of the biometric information authentication, the environment authentication, and the electronic certificate authentication are determined to be appropriate in both the mobile phone 1 and the central server 2, the mobile phone 1 and the central server 2 are determined to be safe. In order to permit subsequent transmission / reception of information, after step S115 shown in FIG. 11, that is, after the safety of the mobile phone 1 is confirmed, the following processing is additionally performed.

  34 to 37 are flowcharts showing the procedure of the authentication process according to the sixth embodiment. After step S115, the MPU 51 of the security chip 5 of the central server 2 executes the control program 55P and displays a fingerprint information acquisition request on the display unit 24 (step S341). When fingerprint information is input from the fingerprint acquisition unit 212, the MPU 51 of the security chip 5 receives the fingerprint information (step S342) and temporarily stores it in the RAM 52. Then, the MPU 51 reads the fingerprint information stored in advance in the fingerprint information file 552 of the ROM 55 at the time of purchase of the mobile phone 1 and compares it with the fingerprint information stored in the RAM 52, that is, the fingerprint information authentication is appropriate. It is determined whether or not there is (step S343).

  If the fingerprints match and it is determined that fingerprint information authentication is appropriate (YES in step S343), a fingerprint authentication appropriate flag is set, and the set fingerprint authentication appropriate flag is transmitted to the mobile phone 1 (step S345). On the other hand, if the fingerprints do not match and it is determined that fingerprint information authentication is inappropriate (NO in step S343), the fingerprint authentication inappropriate flag is set, and the set fingerprint authentication inappropriate flag is transmitted to the mobile phone 1. (Step S344). The CPU 11 of the mobile phone 1 stores the transmitted fingerprint authentication flag (fingerprint authentication appropriate flag or fingerprint authentication inappropriate flag) in the ROM 15 (step S346). In the present embodiment, biometric authentication using fingerprints is executed in the central server 2, but fingerprint information collected in advance is stored in the certification authority server 3 or the mobile phone 1, and the certification authority server 3 Alternatively, the determination may be made by the mobile phone 1. Thereby, the biometric authentication using the fingerprint is completed.

  Subsequently, the MPU 51 of the security chip 5 acquires the environment information of the central server 2 (step S347). As described above, the environment information is collected by the MPU 51 residently monitoring the OS, BIOS and installed software of the ROM 15 of the central server 2, and the device name, OS name, version, external communication port 29 of the central server 2. This is done by collecting the device name and version of peripheral devices connected to the software, software name and version of installed software such as a browser. The collected environment information is stored in the environment information file 551 (step S348).

  The MPU 51 of the security chip 5 reads the environment information stored in the environment information file 551 stored in the RAM 52 (step S349). The MPU 51 of the security chip 5 calculates a message digest using the hash function stored in the ROM 55 as the read environment information (step S351). The MPU 51 reads from the personal key file 554 the personal key of the central server 2 that has been issued in advance from the certification authority server 3, and encrypts the environment information and the message digest (step S352). Further, the MPU 51 reads an electronic certificate issued in advance in the certification authority server 3 from the electronic certificate file 553, and transmits the electronic certificate attached to the encrypted environment information and message digest to the mobile phone 1 (step). S353). The CPU 11 of the mobile phone 1 stores the transmitted electronic certificate, encrypted environment information, and message digest in the RAM 12.

  The CPU 11 of the mobile phone 1 accesses the certificate authority server 3 described in the electronic certificate and requests acquisition of the public key (certificate authority public key) of the received electronic certificate (step S354). The certification authority server 3 transmits the public key of the electronic certificate to the mobile phone 1, and the mobile phone 1 receives the public key of the transmitted electronic certificate (step S355). The CPU 11 of the mobile phone 1 reads out the stored electronic certificate from the RAM 12, decrypts the electronic certificate using the public key of the certification authority transmitted from the certification authority server 3, and obtains the public key of the central server 2 (step) S356).

  The CPU 11 of the mobile phone 1 decrypts the environment information and the message digest encrypted using the acquired public key of the central server 2 (step S361). Further, the CPU 11 calculates a message digest using the hash function stored in the ROM 55 of the mobile phone 1 as the decrypted environment information (step S362). The CPU 11 of the mobile phone 1 determines whether or not the message digest decrypted in step S361 matches the message digest calculated in step S362, that is, whether environmental information has not been tampered with in the middle of transmission, and the authorized central server 2 It is determined whether or not information is transmitted / received from (step S363).

  If the message digests do not match (NO in step S363), the CPU 11 determines that some tampering or impersonation has occurred, and sets an inappropriate flag for electronic certificate authentication (step S365). On the other hand, if the message digests match (YES in step S363), an appropriate flag for digital certificate authentication is set assuming that there is no impersonation and tampering (step S364). Then, the CPU 11 of the mobile phone 1 stores an electronic certificate authentication flag (electronic certificate authentication appropriate flag or electronic certificate authentication inappropriate flag) in the ROM 15 (step S366).

  The CPU 11 of the mobile phone 1 reads the environment information conditions corresponding to the class determined in step S104 from the environment information DB 151 (step S371). Then, the CPU 11 determines whether or not the decrypted environment information satisfies the condition of the environment information read in step S371 (step S372). If the condition is not satisfied (NO in step S372), the environment authentication inappropriate flag is set (step S374). On the other hand, if the condition is satisfied (YES in step S372), an environmental authentication appropriate flag is set (step S373). The CPU 11 of the mobile phone 1 stores an environment authentication flag (environment authentication appropriate flag or environment authentication inappropriate flag) in the ROM 15 (step S375).

  The CPU 11 reads the fingerprint authentication flag, the electronic certificate flag, and the environment authentication flag stored in the ROM 15, and determines whether all of the fingerprint authentication appropriate flag, the electronic certificate appropriate flag, and the environment authentication appropriate flag are set under the AND condition. Judgment is made (step S376). If all appropriate flags are set (YES in step S376), the central server 2 is determined to be safe, a safety flag is set, and the process proceeds to step S121 (step S377).

  On the other hand, if any one of the biometric authentication, electronic certificate authentication (PKI authentication), and environment authentication is set (NO in step S376), the improper flag is set, and the process proceeds to step S123. The process proceeds (step S378). As described above, the mobile phone 1 and the central server 2 are determined to be safe only after all of the biometric information authentication, the environment authentication, and the electronic certificate authentication are determined to be appropriate in both the mobile phone 1 and the central server 2. Since the transmission / reception of the information is permitted, it is possible to provide a more secure communication environment.

  In the present embodiment, the mobile phone 1 and the central server 2 are secured when the biometric information authentication, the environment authentication, and the electronic certificate authentication are all determined to be appropriate by both the mobile phone 1 and the central server 2. Although the technology for allowing the transmission and reception of information thereafter is described, similarly, between the mobile phone 1 and the Web server 4 of the online shop (or other information processing devices such as other mobile phones, washing machines, personal computers not shown). For both, when it is determined that both biometric authentication, environment authentication, and electronic certificate authentication are appropriate, the mobile phone 1 and the Web server 4 are determined to be safe, and subsequent transmission / reception of information is permitted. Needless to say.

  The second to sixth embodiments are configured as described above, and the other configurations and operations are the same as those of the first embodiment. Therefore, corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted. .

(Appendix 1)
In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
An encrypted information transmission step of transmitting, from the information processing apparatus to the first authentication apparatus, information encrypted with an electronic certificate issued in advance from the second authentication apparatus and a personal key;
The first authentication device decrypts the encrypted information with the public key obtained from the transmitted electronic certificate using the public key obtained from the second authentication device, and the decrypted information is appropriate. A digital certificate authentication step for determining whether or not there is,
With reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the transmitted information, the first authentication device determines whether or not the transmitted environmental information is appropriate. An environmental information authentication step to judge;
A safety determination step of determining that the information processing apparatus is safe by the first authentication apparatus when all of the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Safety judgment method.

(Appendix 2)
In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
An encrypted information transmission step of transmitting the electronic certificate issued from the second authentication device and software encrypted with a personal key from the first authentication device to the information processing device;
Environmental information authentication in which the first authentication device determines whether or not the transmitted environmental information is appropriate with reference to an environmental information database storing environmental conditions classified according to information to be transmitted and received Steps,
The information processing apparatus decrypts the encrypted software with the public key acquired from the transmitted electronic certificate using the public key acquired from the second authentication apparatus, and the decrypted software is appropriate. Electronic certificate authentication step for determining whether or not,
An installation step for installing the decrypted software in the information processing apparatus when all the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Method.

(Appendix 3)
In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An encryption step of encrypting the collected environmental information with a personal key issued from the second authentication device;
An encrypted information transmission step of transmitting, from the information processing device to the first authentication device, environment information encrypted in advance with an electronic certificate and a personal key issued from the second authentication device;
The first authentication device decrypts the encrypted environment information with the public key obtained from the transmitted electronic certificate using the public key obtained from the second authentication device, and the decrypted environment information is A digital certificate authentication step for determining whether the certificate is appropriate;
Whether or not the decrypted environment information is appropriate by the first authentication device with reference to the environment information database storing the environment conditions classified according to the information to be transmitted and received and the decrypted environment information. Environmental information authentication step to determine
A safety determination step of determining that the information processing apparatus is safe by the first authentication apparatus when all of the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Safety judgment method.

(Appendix 4)
In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device;
An electronic certificate issued from the second authentication device and encrypted information transmission means for transmitting information encrypted with a personal key to the first authentication device;
The first authentication device includes:
Using the public key obtained from the second authentication device, the encrypted information is decrypted with the public key obtained from the transmitted electronic certificate, and it is determined whether the decrypted information is appropriate. Electronic certificate authentication means;
Environmental information authentication means for judging whether or not the transmitted environmental information is appropriate with reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the transmitted information; ,
A safety judgment system comprising: safety judgment means for judging that the information processing apparatus is safe when authentication by the biometric information authentication means, environment information authentication means and electronic certificate authentication means is all appropriate.

(Appendix 5)
The environment information transmitting unit and the encrypted information transmitting unit are configured to encrypt the collected environment information with the personal key and transmit the encrypted environment information together with the electronic certificate to the first authentication device. 4. The safety judgment system according to 4.

(Appendix 6)
It further comprises a store computer that transmits and receives information related to commercial transactions with the information processing device,
The information processing apparatus further includes means for receiving information related to a commercial transaction including product information or money amount information,
The encrypted information transmitting means is configured to transmit to the first authentication device information related to the commercial transaction encrypted with an electronic certificate issued from the second authentication device and a personal key,
The environmental information authentication means reads the environmental conditions related to the class corresponding to the transmitted product information or money amount information from the environmental information database, and whether or not the transmitted environmental information matches the read environmental conditions, It is configured to determine whether it is appropriate,
The first authentication apparatus further includes means for transmitting information related to safety of the information processing apparatus to the store computer when the information processing apparatus determines that the information processing apparatus is safe by the safety determination means. 4. The safety judgment system according to 4.

(Appendix 7)
The first authentication device includes:
Sub-biological information receiving means for receiving biological information;
Sub-biological information authentication means for determining whether or not the received biometric information is appropriate;
Sub-environment information collection means for collecting environment information including information on connected peripheral devices or installed software;
Sub-encrypting means for encrypting environment information collected by the sub-environment information collecting means with a personal key issued from the second authentication device;
Sub-encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device;
The information processing apparatus includes:
Using the public key acquired from the second authentication device, the encrypted environment information is decrypted with the public key acquired from the transmitted electronic certificate, and whether or not the decrypted environment information is appropriate A secondary electronic certificate authenticating means for judging;
Sub-environment information for judging whether or not the transmitted environment information is appropriate with reference to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environment information Authentication means;
When the authentication by the sub-biological information authentication unit, the sub-environment information authentication unit, and the sub-digital certificate authentication unit is all appropriate and the safety determination unit determines that the information is safe, the information processing apparatus and the first authentication The safety judgment system according to appendix 4, further comprising: sub safety judgment means for judging the device as safe.

(Appendix 8)
In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device,
The first authentication device includes:
Encrypted information transmitting means for transmitting to the information processing apparatus software encrypted with an electronic certificate issued from the second authentication apparatus and a personal key;
Environmental information authentication means for determining whether or not the transmitted environmental information is appropriate with reference to an environmental information database storing environmental conditions classified according to information transmitted and received,
The information processing apparatus includes:
Using the public key acquired from the second authentication device, the encrypted software is decrypted with the public key acquired from the transmitted electronic certificate, and it is determined whether or not the decrypted software is appropriate. Electronic certificate authentication means;
The safety judgment system further comprising: an installation unit that installs the decrypted software when authentication by the biometric information authentication unit, the environment information authentication unit, and the electronic certificate authentication unit is all appropriate.

(Appendix 9)
The information processing apparatus includes a main power supply unit, a sub power supply unit, a receiving communication unit that receives power from the sub power supply unit, and power supply by the main power supply unit is not performed. The storage device according to claim 8, further comprising: storage means for receiving and storing the electronic certificate transmitted by the encrypted information transmission means and software encrypted with a personal key by the reception communication means. Safety judgment system.

(Appendix 10)
The electronic certificate authenticating unit reads the electronic certificate and software accumulated by the accumulating unit when power is supplied from the main power supplying unit, and uses the public key acquired from the second authenticating device. And the software encrypted with the public key acquired from the electronic certificate is decrypted to determine whether or not the decrypted software is appropriate. Safety judgment system.

(Appendix 11)
The safety determination system according to any one of appendices 8 to 10, wherein the software is software for software patches installed in advance in the information processing apparatus.

(Appendix 12)
The information processing apparatus according to any one of appendices 8 to 10, further comprising an erasure unit that erases data stored in the storage unit after a predetermined date and time when the software installed by the installation unit is executed. Safety judgment system.

(Appendix 13)
In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
An encryption means for encrypting the biological information received by the biological information receiving means with the personal key issued from the second authentication device and the environmental information collected by the environmental information collecting means;
An electronic certificate issued from the second authentication device, and encrypted information transmission means for transmitting the encrypted biometric information and environment information to the first authentication device;
The first authentication device includes:
Using the public key acquired from the second authentication device, the encrypted biometric information and environment information are decrypted with the public key acquired from the transmitted electronic certificate, and the decrypted biometric information and environment information are appropriate. Electronic certificate authentication means for determining whether or not
Environmental information authentication means for judging whether or not the transmitted environmental information is appropriate with reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environmental information When,
Biometric information authentication means for comparing the decrypted biometric information with prestored biometric information to determine whether it is appropriate;
A safety judgment system comprising: safety judgment means for judging that the information processing apparatus is safe when authentication by the biometric information authentication means, environment information authentication means and electronic certificate authentication means is all appropriate.

(Appendix 14)
Additional information 4 to 13, wherein the environment information includes information on a name or version of installed software, a device name or version of a connected peripheral device, or a device name or version of the information processing apparatus The safety judgment system described in any one.

(Appendix 15)
15. The safety judgment system according to any one of appendices 4 to 14, wherein the biological information is voice, fingerprint, retina, or iris information.

(Appendix 16)
In the safety judgment device for judging the safety of the information processing device connected to the first authentication device and the second authentication device via the communication network,
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collecting means for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device;
Encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication device and information encrypted with a personal key to the first authentication device;
The electronic certificate and the cipher that are judged to be appropriate by the biometric information authenticating means and the environmental information transmitted by the environmental information transmitting means is judged appropriate by the first authenticating device and transmitted by the encrypted information transmitting means And safety judging means for judging that the information processing device is safe when the first authentication device judges that the information is appropriate and receives information indicating that the information is appropriate. Sex judgment device.

(Appendix 17)
In the safety judgment device for judging the safety of the information processing device connected to the first authentication device and the second authentication device via the communication network,
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collecting means for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device;
When the electronic certificate and the encrypted software are received from the first authentication device, the encrypted software is decrypted with the public key acquired from the electronic certificate using the public key acquired from the second authentication device. And an electronic certificate authenticating means for determining whether or not the decrypted software is proper,
It is determined that the authentication by the biometric information authentication unit and the electronic certificate authentication unit is appropriate, and the environment information transmitted by the environment information transmission unit is determined to be appropriate by the first authentication device, indicating that it is appropriate. An installation unit that installs the decrypted software in the information processing apparatus when information is received.

(Appendix 18)
In the first authentication device for judging the safety of the information processing device connected via the communication network,
Authentication information receiving means for receiving authentication information as to whether or not the biometric information received by the information processing apparatus is appropriate;
The public certificate obtained from the second authentication device when the electronic certificate issued from the second authentication device connected via the communication network and the information encrypted with the personal key are transmitted from the information processing. An electronic certificate authenticating means for decrypting encrypted information with a public key obtained from the transmitted electronic certificate using a key, and determining whether the decrypted information is appropriate;
An environment that stores environmental conditions classified according to information transmitted and received when environmental information including information on peripheral devices connected to the information processing apparatus or installed software is received from the information processing apparatus An environmental information authentication means for referring to the information database and the transmitted information to determine whether the received environmental information is appropriate;
When the authentication information receiving means receives authentication information indicating that the biometric information is appropriate and determines that the authentication by the environment information authentication means and the electronic certificate authentication means is appropriate, the information processing apparatus is secured And a safety judging means for judging that the first authentication device.

(Appendix 19)
In a computer program for determining the safety of a computer connected to a first authentication device and a second authentication device via a communication network,
A biometric information authentication step for causing the computer to authenticate whether or not the received biometric information is appropriate;
An environment information collecting step for causing a computer to collect environment information including information on connected peripheral devices or installed software;
An environment information transmitting step for causing the computer to transmit the collected environment information to the first authentication device;
An encrypted information transmission step for causing the computer to transmit to the first authentication device the information encrypted with the electronic certificate and the personal key issued from the second authentication device;
The computer is determined to be appropriate by the biometric information authentication step, and the environment information transmitted by the environment information transmission step is determined to be appropriate by the first authentication device, and is transmitted by the encryption information transmission step. A security judgment step of judging that the computer is safe when the electronic certificate and the encrypted information are judged to be appropriate by the first authentication device and information indicating that the electronic certificate and the encrypted information are appropriate are received from the first authentication device; A computer program for executing

(Appendix 20)
In a computer program for determining the safety of a computer connected to a first authentication device and a second authentication device via a communication network,
A biometric information authentication step for causing the computer to authenticate whether or not the received biometric information is appropriate;
An environment information collecting step for causing a computer to collect environment information including information on connected peripheral devices or installed software;
An environment information transmitting step for causing the computer to transmit the collected environment information to the first authentication device;
When the computer received the electronic certificate and the encrypted software from the first authentication device, it was encrypted with the public key obtained from the electronic certificate using the public key obtained from the second authentication device. A digital certificate authentication step for decrypting the software and determining whether the decrypted software is appropriate;
It is determined that the authentication by the biometric information authentication step and the electronic certificate authentication step is appropriate for the computer, and the environment information transmitted by the environment information transmission step is determined to be appropriate by the first authentication device. When receiving information indicating that there is a computer program, the computer program causes the computer to execute an installation step of installing the decrypted software.

(Appendix 21)
A sub-biological information receiving step of receiving biometric information by the first authentication device;
A sub-biological information authentication step of determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device;
A sub-environment information collection step for collecting environment information including information on peripheral devices connected to the first authentication device or installed software;
A sub-encryption step of encrypting the environment information collected by the sub-environment information collection step with a personal key issued from the second authentication device;
A sub-encrypted information transmission step of transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device;
The information processing device decrypts the encrypted environment information with the public key obtained from the transmitted electronic certificate using the public key obtained from the second authentication device, and the decrypted environment information is appropriate. A sub-digital certificate authentication step for determining whether or not
Whether the environmental information transmitted by the information processing apparatus is appropriate with reference to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environmental information. A sub-environment information authentication step to determine;
When the authentication by the sub-biological information authentication step, the sub-environment information authentication step, and the sub-electronic certificate authentication step are all appropriate and determined safe by the safety determination step, the information processing apparatus and the first authentication The safety judgment method according to appendix 1 or 3, further comprising a sub-safety judgment step for judging the device as safe.

(Appendix 22)
The first authentication device includes:
Sub-biological information receiving means for receiving biological information;
Sub-biological information authentication means for determining whether or not the received biometric information is appropriate;
Sub-environment information collection means for collecting environment information including information on connected peripheral devices or installed software;
Sub-encrypting means for encrypting environment information collected by the sub-environment information collecting means with a personal key issued from the second authentication device;
Sub-encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device;
The information processing apparatus includes:
Using the public key acquired from the second authentication device, the encrypted environment information is decrypted with the public key acquired from the transmitted electronic certificate, and whether or not the decrypted environment information is appropriate A secondary electronic certificate authenticating means for judging;
Sub-environment information for judging whether or not the transmitted environment information is appropriate with reference to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environment information Authentication means;
When the authentication by the sub-biological information authentication unit, the sub-environment information authentication unit, and the sub-digital certificate authentication unit is all appropriate and the safety determination unit determines that the information is safe, the information processing apparatus and the first authentication The safety determination system according to appendix 13, further comprising: a sub-safety determination unit that determines that the device is safe.

It is a mimetic diagram showing the outline of the safety judgment system concerning the present invention. It is a block diagram which shows the hardware constitutions of a mobile telephone. It is a block diagram which shows the hardware constitutions of a central server. It is explanatory drawing which shows the record layout of environmental information DB. It is a flowchart which shows the procedure of the commercial transaction between a web server and a mobile telephone. It is explanatory drawing which shows the image of a web page. It is a flowchart which shows the procedure of the judgment process of safety. It is a flowchart which shows the procedure of the judgment process of safety. It is a flowchart which shows the procedure of the judgment process of safety. It is a flowchart which shows the procedure of the judgment process of safety. It is a flowchart which shows the procedure of the judgment process of safety. It is a flowchart which shows the procedure of the judgment process of safety. 4 is a block diagram showing a hardware configuration of a mobile phone according to Embodiment 2. FIG. 10 is a block diagram showing a hardware configuration of a mobile phone according to Embodiment 3. FIG. It is a block diagram which shows the hardware constitutions of a central server. 10 is a flowchart illustrating a procedure of safety determination processing according to the third embodiment. 10 is a flowchart illustrating a procedure of safety determination processing according to the third embodiment. 10 is a flowchart illustrating a procedure of safety determination processing according to the third embodiment. 10 is a flowchart illustrating a procedure of safety determination processing according to the third embodiment. 10 is a flowchart illustrating a procedure of safety determination processing according to the third embodiment. FIG. 10 is a block diagram showing a hardware configuration of a mobile phone according to a fourth embodiment. It is a block diagram which shows the hardware constitutions of a central server. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. 10 is a flowchart illustrating a procedure of software providing processing according to the fourth embodiment. It is a flowchart which shows the processing content of the installed deletion software. FIG. 10 is a block diagram showing a hardware configuration of a mobile phone according to a fifth embodiment. FIG. 20 is a block diagram showing a hardware configuration of a mobile phone according to a sixth embodiment. FIG. 20 is a block diagram illustrating a hardware configuration of a central server according to a sixth embodiment. 18 is a flowchart showing a procedure of authentication processing according to the sixth embodiment. 18 is a flowchart showing a procedure of authentication processing according to the sixth embodiment. 18 is a flowchart showing a procedure of authentication processing according to the sixth embodiment. 18 is a flowchart showing a procedure of authentication processing according to the sixth embodiment.

Explanation of symbols

1 Mobile phone (information processing equipment)
112 Fingerprint acquisition unit 2 Central server (first authentication device)
3 Certification authority server (second authentication device)
4 Web server (store computer)
N Internet (communication network)
110 Mobile phone engine unit 15 ROM
16 Antenna part 13 Input part 113 Power supply part 19 External connection terminal 5 Security chip (safety judgment device)
552 Fingerprint information file 551 Environment information file 553 Electronic certificate file 554 Personal key file 24 Display unit 23 Input unit 251 Environment information database (environment information DB)
1a Recording medium 114 Main power supply (main power supply means)
115 Sub power supply (sub power supply means)
116 2nd ROM (storage means)

Claims (22)

In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
An encrypted information transmission step of transmitting, from the information processing apparatus to the first authentication apparatus, an electronic certificate issued in advance from the second authentication apparatus and information encrypted with the personal key of the information processing apparatus; When,
Encrypted with the public key of the information processing apparatus acquired from the transmitted electronic certificate using the public key of the second authentication apparatus acquired from the second authentication apparatus by the first authentication apparatus A digital certificate authentication step of decrypting the information and determining whether the decrypted information is appropriate;
With reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the transmitted information, the transmitted environment information is read from the environmental information database by the first authentication device. An environmental information authentication step for determining whether or not it is appropriate depending on whether or not the environmental condition is satisfied;
A safety determination step of determining that the information processing apparatus is safe by the first authentication apparatus when all of the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Safety judgment method. In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
An encrypted information transmission step of transmitting, from the first authentication device to the information processing device, the electronic certificate issued from the second authentication device and the software encrypted with the personal key of the first authentication device; ,
Environmental information authentication in which the first authentication device determines whether or not the transmitted environmental information is appropriate with reference to an environmental information database storing environmental conditions classified according to information to be transmitted and received Steps,
Encrypted by the information processing device using the public key of the first authentication device acquired from the transmitted electronic certificate using the public key of the second authentication device acquired from the second authentication device. An electronic certificate authentication step for determining whether the decrypted software is appropriate by decrypting the software and determining whether or not the falsification has occurred;
An installation step for installing the decrypted software in the information processing apparatus when all the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Method. In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An encryption step of encrypting the collected environment information with the personal key of the information processing device that has been issued from the second authentication device;
Encrypted information transmission for transmitting, from the information processing apparatus to the first authentication apparatus, the electronic certificate issued in advance from the second authentication apparatus and the environment information encrypted with the personal key of the information processing apparatus. Steps,
Encrypted with the public key of the first authentication device acquired from the transmitted electronic certificate by the first authentication device using the public key of the second authentication device acquired from the second authentication device. Decrypting the environmental information and determining whether the decrypted environmental information is appropriate;
Whether or not the decrypted environment information is appropriate by the first authentication device with reference to the environment information database storing the environment conditions classified according to the information to be transmitted and received and the decrypted environment information. Environmental information authentication step to determine
A safety determination step of determining that the information processing apparatus is safe by the first authentication apparatus when all of the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Safety judgment method. In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device;
An electronic certificate issued from the second authentication device, and encrypted information transmission means for transmitting the information encrypted with the personal key of the information processing device to the first authentication device;
The first authentication device includes:
Using the public key of the second authentication device acquired from the second authentication device, the encrypted information is decrypted with the public key of the information processing device acquired from the transmitted electronic certificate. An electronic certificate authenticating means for determining whether the received information is appropriate;
Whether the transmitted environmental information satisfies the environmental conditions read from the environmental information database with reference to the environmental information database storing the environmental conditions classified according to the information transmitted and received and the transmitted information Environmental information authentication means for determining whether or not it is appropriate,
A safety judgment system comprising: safety judgment means for judging that the information processing apparatus is safe when authentication by the biometric information authentication means, environment information authentication means and electronic certificate authentication means is all appropriate.   The environment information transmitting unit and the encrypted information transmitting unit are configured to encrypt the collected environment information with the personal key and transmit the encrypted environment information to the first authentication device together with the electronic certificate. Item 5. The safety judgment system according to Item 4. It further comprises a store computer that transmits and receives information related to commercial transactions with the information processing device,
The information processing apparatus further includes means for receiving information related to a commercial transaction including product information or money amount information,
The encrypted information transmission means transmits the electronic certificate issued from the second authentication device and the information related to the commercial transaction encrypted with the personal key of the information processing device to the first authentication device. It is configured as
The environmental information authentication means reads the environmental conditions related to the class corresponding to the transmitted product information or money amount information from the environmental information database, and whether or not the transmitted environmental information matches the read environmental conditions, It is configured to determine whether it is appropriate,
The said 1st authentication apparatus is further provided with the means to transmit the information regarding the safety | security of this information processing apparatus to the said store computer, when the said information processing apparatus judges that it is safe by the said safety judgment means. Item 5. The safety judgment system according to Item 4. The first authentication device includes:
Sub-biological information receiving means for receiving biological information;
Sub-biological information authentication means for determining whether or not the received biometric information is appropriate;
Sub-environment information collection means for collecting environment information including information on connected peripheral devices or installed software;
Sub-encrypting means for encrypting environmental information collected by the sub-environment information collecting means with the personal key of the first authenticating apparatus issued from the second authenticating apparatus;
Sub-encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device;
The information processing apparatus includes:
Using the public key of the second authentication device acquired from the second authentication device, decrypt the encrypted environment information with the public key of the first authentication device acquired from the transmitted electronic certificate, A sub-electronic certificate authenticating means for determining whether or not the decrypted environment information is appropriate;
Referring to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environment information, the transmitted environment information satisfies the environmental conditions read from the sub-environment information database Sub-environment information authentication means for determining whether or not it is appropriate depending on whether or not
When the authentication by the sub-biological information authentication unit, the sub-environment information authentication unit, and the sub-digital certificate authentication unit is all appropriate and the safety determination unit determines that the information is safe, the information processing apparatus and the first authentication The safety judgment system according to claim 4, further comprising: sub safety judgment means for judging that the apparatus is safe. In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Biometric information authentication means for determining whether or not the received biometric information is appropriate;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
Environmental information transmission means for transmitting the collected environmental information to the first authentication device,
The first authentication device includes:
An electronic certificate issued from the second authentication device, and encrypted information transmitting means for transmitting software encrypted with the personal key of the first authentication device to the information processing device;
It is appropriate depending on whether or not the transmitted environmental information satisfies the environmental conditions read from the environmental information database with reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received. Environmental information authentication means for determining whether or not,
The information processing apparatus includes:
Using the public key of the second authentication device acquired from the second authentication device, the encrypted software is decrypted with the public key of the first authentication device acquired from the transmitted electronic certificate, and decrypted Electronic certificate authenticating means for determining whether or not the installed software is appropriate;
The safety judgment system further comprising: an installation unit that installs the decrypted software when authentication by the biometric information authentication unit, the environment information authentication unit, and the electronic certificate authentication unit is all appropriate.   The information processing apparatus includes a main power supply unit, a sub power supply unit, a receiving communication unit that receives power from the sub power supply unit, and power supply by the main power supply unit is not performed. And a storage means for receiving and storing the electronic certificate transmitted by the encrypted information transmitting means and the software encrypted with the personal key of the first authentication device by the receiving communication means. The safety judgment system according to claim 8 characterized by things.   The electronic certificate authenticating unit reads the electronic certificate and software accumulated by the accumulating unit and supplies the second authentication acquired from the second authenticating device when power is supplied by the main power supplying unit. Whether the software decrypted by decrypting the software encrypted with the public key of the first authentication device obtained from the electronic certificate by using the public key of the device and judging whether or not tampering has occurred is appropriate The safety judgment system according to claim 9, wherein the safety judgment system is configured to judge whether or not.   The safety judgment system according to claim 8, wherein the software is patch software for software installed in the information processing apparatus in advance.   11. The information processing apparatus according to claim 8, further comprising an erasure unit that erases data stored in the storage unit after a predetermined date and time when the software installed by the installation unit is executed. Safety judgment system. In the safety determination system in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and determines the safety of the information processing device,
The information processing apparatus includes:
Biometric information receiving means for receiving biometric information;
Environmental information collection means for collecting environmental information including information on connected peripheral devices or installed software;
An encryption means for encrypting the biometric information received by the biometric information accepting means with the personal key of the information processing apparatus issued from the second authentication apparatus and the environmental information collected by the environmental information collecting means;
An electronic certificate issued from the second authentication device, and encrypted information transmission means for transmitting the encrypted biometric information and environment information to the first authentication device;
The first authentication device includes:
Using the public key of the second authentication device acquired from the second authentication device, decrypt the encrypted biometric information and environment information with the public key of the information processing device acquired from the transmitted electronic certificate. And electronic certificate authenticating means for determining whether or not the decrypted biometric information and environmental information are appropriate,
Environmental information authentication means for judging whether or not the transmitted environmental information is appropriate with reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environmental information When,
Biometric information authentication means for comparing the decrypted biometric information with prestored biometric information to determine whether it is appropriate;
A safety judgment system comprising: safety judgment means for judging that the information processing apparatus is safe when authentication by the biometric information authentication means, environment information authentication means and electronic certificate authentication means is all appropriate.   14. The environment information includes information on a name or version of installed software, a device name or version of a connected peripheral device, or a device name or version of the information processing apparatus. The safety judgment system in any one of.   15. The safety judgment system according to claim 4, wherein the biological information is voice, fingerprint, retina, or iris information. In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
With reference to the environmental information database storing the environmental conditions classified according to the information to be transmitted and received and the transmitted information, the transmitted environment information is read from the environmental information database by the first authentication device. An environmental information authentication step for determining whether or not it is appropriate depending on whether or not the environmental condition is satisfied;
An encrypted information transmission step of transmitting, from the information processing apparatus to the first authentication apparatus, an electronic certificate issued in advance from the second authentication apparatus and information encrypted with the personal key of the information processing apparatus; When,
Encrypted with the public key of the information processing apparatus acquired from the transmitted electronic certificate using the public key of the second authentication apparatus acquired from the second authentication apparatus by the first authentication apparatus A digital certificate authentication step of decrypting the information and determining whether the decrypted information is appropriate;
A safety determination step of determining that the information processing apparatus is safe by the first authentication apparatus when all of the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Safety judgment method. In the safety judgment method in which the information processing device, the first authentication device, and the second authentication device are connected via a communication network, and judges the safety of the information processing device,
A biological information receiving step for receiving biological information by the information processing apparatus;
A biometric information authentication step of determining whether the received biometric information is appropriate by the information processing apparatus, the first authentication apparatus or the second authentication apparatus;
Environmental information collecting step for collecting environmental information including information on peripheral devices connected to the information processing apparatus or installed software;
An environment information transmission step of transmitting the collected environment information from the information processing apparatus to the first authentication apparatus;
Environmental information authentication in which the first authentication device determines whether or not the transmitted environmental information is appropriate with reference to an environmental information database storing environmental conditions classified according to information to be transmitted and received Steps,
An encrypted information transmission step of transmitting, from the first authentication device to the information processing device, the electronic certificate issued from the second authentication device and the software encrypted with the personal key of the first authentication device; ,
Encrypted by the information processing device using the public key of the first authentication device acquired from the transmitted electronic certificate using the public key of the second authentication device acquired from the second authentication device. An electronic certificate authentication step for determining whether the decrypted software is appropriate by decrypting the software and determining whether or not the falsification has occurred;
An installation step for installing the decrypted software in the information processing apparatus when all the authentications in the biometric information authentication step, the environment information authentication step, and the electronic certificate authentication step are appropriate. Method. In the first authentication device for judging the safety of the information processing device connected via the communication network,
Authentication information receiving means for receiving authentication information as to whether or not the biometric information received by the information processing apparatus is appropriate;
When the electronic certificate issued from the second authentication device connected via the communication network and the information encrypted with the personal key of the information processing device are transmitted from the information processing device, Using the public key acquired from the electronic certificate of the information processing device transmitted using the public key of the second authentication device acquired from the second authentication device, the encrypted information is decrypted and the decrypted information An electronic certificate authenticating means for determining whether the certificate is appropriate;
An environment that stores environmental conditions classified according to information transmitted and received when environmental information including information on peripheral devices connected to the information processing apparatus or installed software is received from the information processing apparatus Referring to the information database and the transmitted information, environmental information authentication means for determining whether or not the received environmental information is appropriate based on whether or not the environmental information read from the environmental information database satisfies the conditions;
When the authentication information receiving means receives authentication information indicating that the biometric information is appropriate and determines that the authentication by the environment information authentication means and the electronic certificate authentication means is appropriate, the information processing apparatus is secured And a safety judging means for judging that the first authentication device. In a computer program for determining the safety of a computer connected to a first authentication device and a second authentication device via a communication network,
A biometric information authentication step for causing the computer to authenticate whether or not the received biometric information is appropriate;
An environment information collecting step for causing a computer to collect environment information including information on connected peripheral devices or installed software;
An environment information transmitting step for causing the computer to transmit the collected environment information to the first authentication device;
An encrypted information transmission step for causing the computer to transmit the electronic certificate issued from the second authentication device and the information encrypted with the personal key of the information processing device to the first authentication device;
The computer is determined to be appropriate by the biometric information authentication step, and the environment information transmitted by the environment information transmission step is determined to be appropriate by the first authentication device, and is transmitted by the encryption information transmission step. A security judgment step of judging that the computer is safe when the electronic certificate and the encrypted information are judged to be appropriate by the first authentication device and information indicating that the electronic certificate and the encrypted information are appropriate are received from the first authentication device; A computer program for executing In a computer program for determining the safety of a computer connected to a first authentication device and a second authentication device via a communication network,
A biometric information authentication step for causing the computer to authenticate whether or not the received biometric information is appropriate;
An environment information collecting step for causing a computer to collect environment information including information on connected peripheral devices or installed software;
An environment information transmitting step for causing the computer to transmit the collected environment information to the first authentication device;
When the computer receives the electronic certificate and the encrypted software from the first authentication device, the public key of the second authentication device acquired from the second authentication device is used to obtain the electronic certificate from the electronic certificate. An electronic certificate authentication step for decrypting software encrypted with the public key of the first authentication device and determining whether the decrypted software is appropriate by determining whether or not falsification has occurred;
It is determined that the authentication by the biometric information authentication step and the electronic certificate authentication step is appropriate for the computer, and the environment information transmitted by the environment information transmission step is determined to be appropriate by the first authentication device. When receiving information indicating that there is a computer program, the computer program causes the computer to execute an installation step of installing the decrypted software. A sub-biological information receiving step of receiving biometric information by the first authentication device;
A sub-biological information authentication step of determining whether the received biometric information is appropriate by the information processing device, the first authentication device, or the second authentication device;
A sub-environment information collection step for collecting environment information including information on peripheral devices connected to the first authentication device or installed software;
A sub-encryption step of encrypting the environment information collected by the sub-environment information collection step with the personal key of the first authentication device issued from the second authentication device;
A sub-encrypted information transmission step of transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device;
Encrypted by the information processing device using the public key of the first authentication device acquired from the transmitted electronic certificate using the public key of the second authentication device acquired from the second authentication device. A sub-electronic certificate authentication step for decrypting the environment information and determining whether or not the decrypted environment information is appropriate;
Whether the environmental information transmitted by the information processing apparatus is appropriate with reference to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environmental information. A sub-environment information authentication step to determine;
When the authentication by the sub-biological information authentication step, the sub-environment information authentication step, and the sub-electronic certificate authentication step are all appropriate and determined safe by the safety determination step, the information processing apparatus and the first authentication The safety judgment method according to claim 1, further comprising: a sub-safety judgment step for judging that the device is safe. The first authentication device includes:
Sub-biological information receiving means for receiving biological information;
Sub-biological information authentication means for determining whether or not the received biometric information is appropriate;
Sub-environment information collection means for collecting environment information including information on connected peripheral devices or installed software;
Sub-encrypting means for encrypting environmental information collected by the sub-environment information collecting means with the personal key of the first authenticating apparatus issued from the second authenticating apparatus;
Sub-encrypted information transmitting means for transmitting the electronic certificate issued from the second authentication device and the encrypted environment information to the information processing device,
The information processing apparatus includes:
Using the public key of the second authentication device acquired from the second authentication device, decrypt the encrypted environment information with the public key of the first authentication device acquired from the transmitted electronic certificate, A sub-electronic certificate authenticating means for determining whether or not the decrypted environment information is appropriate;
Sub-environment information for judging whether or not the transmitted environment information is appropriate with reference to the sub-environment information database storing the environmental conditions classified according to the information to be transmitted and received and the decoded environment information Authentication means;
When the authentication by the sub-biological information authentication unit, the sub-environment information authentication unit, and the sub-digital certificate authentication unit is all appropriate and the safety determination unit determines that the information is safe, the information processing apparatus and the first authentication The safety judgment system according to claim 13, further comprising: sub safety judgment means for judging that the device is safe.

Images