JP2020061727A - Information processing apparatus, method, and program - Google Patents

Abstract

To make it possible to further improve security of transactions.SOLUTION: The information processing apparatus is mounted on a terminal and includes access control means and signature means. When a transaction is generated by software operating on an operating system of the terminal, the access control means determines whether the software that generated the transaction is authorized software. Only when it is determined that the software that generated the transaction is authorized software, the access control means accesses to a secure element of the terminal, thereby preventing unauthorized transactions from being signed by malware. The signature means executes, using the access by the access control means as a trigger, a process of assigning a digital signature to the transaction in the secure element using a private key stored in the secure element of the terminal.SELECTED DRAWING: Figure 2

Description

  The present invention relates to an information processing device, method and program.

  In virtual currency (also called cryptocurrency) transactions, fraudulent leakage cases such as theft of virtual currency have become a social problem due to falsification of transaction records by malware. To prevent such illegal leakage of virtual currency, users are struggling with how to store virtual currency. Virtual currency storage is actually synonymous with managing a private key. The private key is managed by a so-called "wallet".

  Types of wallets include web wallets, software wallets, hardware wallets, and paper wallets. The web wallet uses a web service on the server to manage the private key on the server. The software wallet stores a secret key in a storage area such as a hard disk (HDD: Hard Disc Drive) of a smartphone or a personal computer (PC). Since both the web wallet and the software wallet store the private key in the computer, there is a risk of leaking the private key due to infection of the computer with malware or leakage of the private key due to hacking.

  On the other hand, a paper wallet stores a private key on a physical medium such as paper. Since the paper wallet is physically separated from the network, there is no danger of leaking through the network, but the processing becomes complicated when using virtual currency, which is inconvenient. Furthermore, it is necessary to pay attention to the storage location of the paper wallet itself, and if it is lost, it cannot be restored.

  Therefore, the number of users who use the "hardware wallet" is increasing in consideration of the risk of leakage and the convenience of using the virtual currency. The hardware wallet is a dongle-type dedicated device that stores the secret key of virtual currency, and is configured separately from the smartphone or PC. It can be used by connecting the dedicated device to the PC via USB (Universal Serial Bus). Become. The hardware wallet is said to be safe because the private key can be physically separated from the network and stored as compared with the software wallet. Further, since the hardware wallet can digitally sign transaction data (transaction) with the dedicated device itself, it is more convenient than a paper wallet.

JP, 2017-207860, A

  However, damage to the hardware wallet, which was said to be safe, has also been reported, and there are cases where transactions generated from a PC via software are rewritten by the malware. Specifically, the destination address that the user originally wanted to remit is rewritten by the address of the attacker by the malware, and an unauthorized transaction not intended by the user is generated. If the user neglects to confirm the destination address displayed on the hardware wallet, he / she will use a private key to give a digital signature to an unauthorized transaction, and the unauthorized transaction with the digital signature will be sent on the network. Sent to. If a fraudulent transaction is authenticated, the user may send virtual currency to the attacker's account, and as a result, the virtual currency may be stolen.

  The present invention has been made in consideration of the above circumstances, and an object of the present invention is to provide an information processing device, method, and program capable of further improving the security of transactions.

  In order to solve the above problems, the information processing apparatus according to the present embodiment is installed in a terminal and includes an access control unit and a signature unit. When a transaction is generated by software operating on the operating system of the terminal, the access control unit determines whether the software that generated the transaction is authorized software, and the software that generated the transaction is Only when it is determined that the software is authorized software, the secure element of the terminal is accessed to prevent the illegal transaction from being signed by the intervention of malware. The signing unit, when triggered by the access by the access control unit, executes a process of assigning a digital signature to the transaction using the secret key stored in the secure element of the terminal in the secure element.

  According to the information processing device, method, and program of the present invention, it is possible to further improve transaction safety.

The conceptual diagram which shows the transaction system containing the information processing apparatus which concerns on this embodiment. The block diagram which shows the information processing apparatus which concerns on this embodiment. The sequence diagram which shows an example of the installation process and activation process (virtual currency account new opening process) of the wallet application (virtual currency utilization software) which concerns on this embodiment. The sequence diagram which shows an example at the time of opening a virtual currency account using the authorized wallet application which concerns on this embodiment. The sequence diagram which shows an example at the time of trading virtual currency using the authorized wallet application which concerns on this embodiment. The sequence diagram which shows an example at the time of opening a virtual currency account or performing a transaction of virtual currency by a wallet application which is not an official wallet application. The flowchart which shows the detail of the verification process of the authorized wallet application which concerns on this embodiment. The figure which shows the example of a display of the message by the presentation part which concerns on this embodiment. FIG. 3 is a block diagram showing a device configuration example of the information processing device according to the embodiment.

  Hereinafter, an information processing apparatus, a method, and a program according to an embodiment of the present invention will be described in detail with reference to the drawings. In addition, in the following embodiments, the same operation is performed for the parts having the same numbers, and the overlapping description will be omitted.

  A transaction system for virtual currencies (also called cryptocurrencies) by the information processing apparatus according to the present embodiment will be described with reference to FIG. In this embodiment, Bitcoin (registered trademark) is assumed as the virtual currency used for transactions. The transaction is not limited to bitcoin, and may be transaction of other virtual currency that stores a secret key and digitally signs with the secret key, that is, altcoin. Alternatively, if the system requires storage of a secret key such as a transaction using a smart contract (relationship between contract and fulfillment of the contract) using Ethereum or the like, the information processing apparatus according to the present embodiment is the same. Applicable to

  The transaction system 1 shown in FIG. 1 includes a terminal 10 and a terminal 30 including the information processing apparatus according to this embodiment, and a block chain network 20. FIG. 1 shows an example in which virtual currency is remitted from a terminal 10 operated by a user to a terminal 30 which is a remittance destination via a block chain network 20.

  Since the terminal 10 and the terminal 30 have the same configuration, the terminal 10 will be described below as an example. Further, for convenience of description, the terminal 10 and the terminal 30 are described separately from the block chain network 20, but the terminal 10 and the terminal 30 also form a part of the block chain network 20.

  The terminal 10 is a communication terminal including a SIM (Subscriber Identity Module), and is assumed to be, for example, a feature phone, a mobile phone such as a smartphone, a tablet terminal, or a tablet PC. The terminal 10 includes the information processing device 100 according to the present embodiment.

  The block chain network 20 is a P2P (Peer to Peer) network using the block chain technology, and the communication media 21 participating in the network are connected to each other as nodes. Unlike a centralized network, a P2P network does not have a server and a hierarchical structure, and basically all nodes are connected in a “flat” state so as to share the load related to service processing. Communication media 21 that participate in the blockchain network 20 are various communication media capable of communicating via a network, such as mobile phones such as smartphones, tablet PCs, notebook PCs, and desktop PCs. With such a communication medium 21, a P2P format network is constructed. Each communication medium 21 has a public ledger 25 in which transactions regarding virtual currency transactions up to now are captured.

  Each public ledger 25 is data used in the blockchain technology, in which the past bitcoin transactions are recorded. Transactions are newly captured as blocks in each public ledger 25 by the proof of work mechanism, and are shared by each public ledger 25. The block chain technology assumed in this embodiment assumes a process used in a general Bitcoin transaction, and thus the description thereof is omitted here.

Next, the information processing apparatus 100 according to the present embodiment will be described with reference to the block diagram of FIG.
The information processing apparatus 100 according to the present embodiment is realized by mutual cooperation among the secure element area 120, the operating system (OS) area 140, and the application area 160, which are the architectures of the terminal 10. Suppose.
The information processing device 100 according to the present embodiment includes an access control unit 101, a storage unit 102, a signature unit 103, a presentation unit 104, a transmission unit 105, and a generation unit 106.

  The secure element area 120 is a software area included in a secure element that is tamper-resistant hardware such as SIM, USIM (Universal SIM), and eSIM (embedded SIM). The secure element area 120 includes a storage unit 102, a signature unit 103, and a generation unit 106.

  The OS area 140 is an area in which a general OS for operating the system operates, and in the present embodiment, for example, it is assumed that an Android (registered trademark) OS operates. The OS area 140 includes the access control unit 101.

  The application area 160 is an area in which software (application such as android application) used by the user operates via the function of the OS. In the present embodiment, it is assumed that a wallet application, which is software for using virtual currency, operates in the application area 160. The application area 160 includes a presentation unit 104 and a transmission unit 105.

  The access control unit 101, the signature unit 103, the presentation unit 104, the transmission unit 105, and the generation unit 106 may be realized by one processing circuit. Alternatively, the access control unit 101, the presentation unit 104, and the transmission unit 105 may be realized by one processing circuit, and the signature unit 103 and the generation unit 106 may be realized by another processing circuit. Furthermore, each unit (access control unit 101, signature unit 103, presentation unit 104, transmission unit 105, and generation unit 106) includes an application-specific integrated circuit (ASIC) and a field programmable gate array (FPGA: Field). Programmable Gate Array) or the like.

When a transaction is generated by the software operating on the OS of the terminal 10, the access control unit 101 verifies the software that generated the transaction and determines whether the software is authorized by the certificate authority. . A transaction is transaction data relating to a transaction of virtual currency, and specifically, includes an address of virtual currency, a transfer amount of virtual currency, and the like. When the access control unit 101 determines that the software that generated the transaction is authorized software, the access control unit 101 accesses the secure element area 120. For example, the access control unit 101 gives the secure element an instruction to add a digital signature to a transaction.
On the other hand, if the software that generated the transaction is not authorized software, the access control unit 101 stops the processing related to the transaction, such as accessing the secure element and adding a digital signature.

  The storage unit 102 stores the signature verification key and the secret key in the secure element. The signature verification key is a key for verifying whether the software that generates the transaction is reliable software. The secret key is a key that is generated by the generation unit 106 when the virtual currency account is opened, and is a key for enabling the transaction of the virtual currency. That is, the information processing apparatus 100 is assumed to use the secure element as a wallet of a secret key.

  If the signature unit 103 verifies by the access control unit 101 that the software that generated the transaction is authorized software, the signature unit 103 uses the private key stored in the storage unit 102 of the secure element area 120 to perform the transaction. A digital signature is given to.

  The presentation unit 104 presents, for example, the display of the terminal 10 with the content related to the transaction with the digital signature.

The transmitting unit 105 broadcasts the transaction with the digital signature to the block chain network 20.
The generation unit 106 generates a pair of a private key and a public key when opening a virtual currency account.

  Not limited to the architecture described above, at least the private key is stored in the storage unit 102 in the secure element area 120, and the private key in the storage unit 102 can be accessed only when the access control unit 101 authenticates the private key. If so, each part may exist in any area of the architectural configuration.

  Next, the installation process and the activation process (virtual currency account opening process) of the virtual currency wallet application (software for using virtual currency) that can be used by using the information processing apparatus 100 according to the present embodiment will be described with reference to FIG. Also, description will be made with reference to the sequence diagram of FIG.

FIG. 3 is a sequence diagram showing the communication between the software certification authority 50 and the terminal 10 in time series. Regarding the terminal 10, the processing in the secure element area 120 and the application area 160 will be shown in more detail in time series.
A software certificate authority is an organization that issues digital certificates that prove the authenticity of submitted software.

  The terminal 10 including the information processing device 100 according to the present embodiment is a communication terminal that uses an Android OS (registered trademark).

  In step S301, the software certification authority 50 authenticates the wallet application. Specifically, the software certificate authority 50 authenticates whether the submitted wallet application is an unauthorized application and whether a malicious program is installed before the wallet application is used on the terminal 10. . It should be noted that since a general method may be applied to the authentication by the software certificate authority 50, detailed description thereof will be omitted here.

  In step S302, if the wallet application is not an unauthorized application and no malicious program is installed in the software certification authority 50, and if there is no problem, then the software certification authority 50 confirms that the wallet application is authorized. The wallet app is code-signed. After that, the wallet application is published on the web, for example, on Google Play (registered trademark) so that the wallet application can be downloaded on the terminal 10. The official wallet app (regular wallet app) is called an official wallet app.

  In step S303, the terminal 10 downloads the official wallet application from the software certification authority 50. At this time, the code signature verification key for verifying the code signature applied to the official wallet application is also downloaded. Here, the code signature verification key is assumed to be a public key of public key cryptosystem.

In step S304, the terminal 10 installs the official wallet application.
In step S305, when the wallet application is installed in the terminal 10, the storage unit 102 of the secure element area 120 receives the code signature verification key from the application area 160 and stores it. When the installation of the official wallet application is completed, the official wallet application can operate in the application area 160.

  By the above processing, the authorized wallet application becomes operable on the terminal 10. However, if the virtual currency account corresponding to the authorized wallet application is not owned, the virtual currency can be received and the virtual currency can be transmitted. You can't do that, so you need to open a new account.

  Next, a case of opening a virtual currency account on the terminal 10 using the wallet application will be described with reference to the sequence of FIG.

In step S401, the authorized wallet application in the application area 160 creates a transaction indicating a virtual currency account creation instruction in response to a user operation.
In step S402, the access control unit 101 in the OS area 140 receives the transaction from the authorized wallet application. The access control unit 101 uses the code signature verification key stored in the secure element area 120 to verify the wallet application that generated the transaction. This is because the information processing apparatus 100 according to the present embodiment does not know in advance whether it is a certified wallet application or a non-certified wallet application, and therefore it is necessary to perform verification processing on any wallet application. is there.

  Specifically, it is determined whether the wallet application that generated the transaction is an authorized wallet application. The detailed verification method will be described later with reference to FIG. In FIG. 4, as a result of the verification, the wallet application that generated the transaction is determined to be an authorized wallet application. The transaction generated by the authorized wallet app is a legitimate transaction. (FIG. 4, verification result OK).

In step S403, the generation unit 106 in the secure element area 120 receives the notification that the transaction is a legitimate transaction from the access control unit 101, and generates a private key / public key pair.
In step S404, the storage unit 102 in the secure element area 120 stores the secret key generated in step S403.

  In step S405, the authorized wallet application in the application area 160 receives the public key from the secure element area 120. Thereby, the virtual currency address can be generated using the public key, and the virtual currency can be traded. With the above, the installation process and the activation process of the authorized wallet application are completed.

  In the present embodiment, a wallet for one type of bitcoin will be described, but other virtual currencies can be similarly opened and managed by one wallet. Specifically, the generation unit 106 may generate a pair of a public key and a secret key for each virtual currency, and the storage unit 102 may store the secret key separately for each virtual currency.

  Next, a sequence for trading virtual currency using the official wallet application will be described with reference to FIG. Here, it is assumed that the virtual currency is remitted from the terminal 10 to the account of another terminal 30.

In step S501, the user creates a transaction related to remittance of virtual currency via the authorized wallet application.
In step S502, the access control unit 101 in the OS area 140 receives a transaction from the authorized wallet application. The access control unit 101 verifies the wallet application that generated the transaction using the code signature verification key stored in the secure element area 120. Here, as a result of the verification, the wallet application that generated the transaction is determined to be an authorized wallet application. Similar to the case of FIG. 4, the transaction generated in step S501 is a regular transaction (FIG. 5, verification result OK).

  In step S503, the signature unit 103 in the secure element area 120 receives the transaction from the access control unit 101. The signature unit 103 digitally signs the transaction with the private key stored in the storage unit 102.

  In step S504, the presentation unit 104 in the application area 160 receives the digitally signed transaction from the secure element area 120. The presentation unit 104 causes the display to display the content related to the digitally signed transaction. The user confirms the content of the transaction displayed on the display of the terminal 10, and if there is no problem in the content, executes the approval. The execution of the approval is a general method of acquiring an action from the user, for example, the user touches or presses a confirmation button, or the user utters "OK" to acquire the approval by voice recognition processing. Can be used.

  In step S505, the transmission unit 105 in the application area 160 broadcasts the signed transaction to the block chain network 20. In the blockchain network 20, the transaction is completed by taking the transaction into a block and adding it to the block of the public ledger. The transaction processing in the block chain network is a general transaction processing in Bitcoin, and thus the description thereof is omitted here.

On the other hand, a sequence when a virtual currency account is opened or virtual currency is traded by a wallet application which is not an authorized wallet application will be described with reference to FIG.
In step S601, the user generates a transaction related to opening a virtual currency account or sending virtual currency through the wallet application.
In step S602, the access control unit 101 in the OS area 140 receives a transaction from the authorized wallet application. The access control unit 101 verifies the wallet application that generated the transaction using the code signature verification key stored in the secure element area 120. Here, as a result of the verification, it is determined that the wallet application that generated the transaction is not the official wallet application (FIG. 6, verification result NG).

In step S603, since the transaction generated in step S601 is not a transaction generated by the authorized wallet application, the access control unit 101 in the OS area 140 determines that the transaction may have been tampered with and processes the transaction. Discontinue.
In step S604, the presentation unit 104 in the application area 160 presents a message indicating that the processing of the transaction has been stopped to the user as necessary.

  Next, details of the wallet application verification processing by the access control unit 101 in steps S402, S502, and S602 will be described with reference to the flowchart in FIG. 7.

In step S701, the access control unit 101 obtains the code signature given to the wallet application, that is, the hash value information encrypted with the secret key of the software certification authority, and the code.
In step S702, the access control unit 101 extracts the code signature verification key from the storage unit, decrypts the encrypted hash value information with the code signature verification key, and generates a decrypted hash value.

In step S703, the access control unit 101 generates a hash value using the hash function from the code received in step S701.
In step S704, the access control unit 101 compares the decrypted hash value with the hash value generated in step S503 to determine whether they are the same. If they are the same, the process proceeds to step S705, and if they are not the same, the process proceeds to step S706.

In step S705, since the hash values are the same, it is determined that the wallet application is an authorized wallet application, and the transaction generated by the authorized wallet application is a regular transaction.
In step S706, the access control unit 101 determines that the wallet application is an unofficial wallet application that is not an official wallet application, and the transaction generated by the unofficial wallet application is unreliable and may have been tampered with by malware. Can be certified.

  As shown in step S707, when it is determined that there is a possibility that the transaction has been tampered with, the presentation unit 104 may display a message indicating that there is the possibility of tampering on the display or the like. Alternatively, instead of the screen display, a message indicating that there is a possibility of falsification may be notified by voice guidance or an alert sound. The message may be notified by combining screen display and voice.

A display example of a message by the presentation unit 104 is shown in FIG.
FIG. 8 is an example of a display screen 801 on the display of the terminal. Present the text and confirmation screen indicating that the transaction processing has been cancelled.

  Further, before displaying the content related to the transaction on the display, it may be verified whether or not the wallet application for displaying the content is an authorized wallet application. Specifically, the access control unit 101 verifies whether or not the wallet application that displays the content related to the transaction is an authorized wallet application using the code signature verification key. If it is determined that the application is an authorized wallet application, the content related to the transaction with the digital signature is displayed.

  On the other hand, if it is determined that the application is not an authorized wallet application, the displayed content may not be the content related to the transaction to which the digital signature is added, so the display of the content related to the transaction is stopped.

  Further, the access control unit 101 may verify whether or not the content regarding the transaction to be presented by the presenting means is the content regarding the transaction to which the digital signature is added.

  In addition, in order to further enhance the security strength at the stage of digitally signing a transaction, the user may be required to have an existing bio-authentication. Examples of biometrics include fingerprint authentication, face authentication, iris authentication, vein authentication, voiceprint authentication, and auricle authentication.

Next, a device configuration example of the information processing device 100 according to the present embodiment will be described with reference to the block diagram of FIG. 9.
Assuming that the information processing device 100 is configured as a single device, the information processing device 100 includes a secure element 910 and a first processing circuit 920. The secure element 910 includes a memory 911 and a second processing circuit 912.
The first processing circuit 920 is, for example, a CPU (Central Processing Unit), executes software that runs on an operating system to generate a transaction, and is software whose software is officially triggered by the generation of the transaction. Or not. The first processing circuit 920 is not limited to the CPU, and may be configured by an integrated circuit such as an ASIC (application specific integrated circuit) and an FPGA (Field Programmable gate array).
The memory 911 is, for example, a RAM (Random Access Memory), a DRAM (Dynamic RAM), or an SRAM (Static RAM), and stores a secret key regarding the use of virtual currency.
The second processing circuit 912 is, for example, an ASIC or an FPGA, and when it is determined that the software is authorized software, the second processing circuit 912 adds a digital signature to the transaction using the private key.

  According to the present embodiment described above, since only the transaction generated by the software wallet authorized by the software certificate authority is digitally signed using the private key stored in the wallet of the secure element, malware is included. Unauthorized software, or tampered transactions, can be discontinued before they are digitally signed.

  Therefore, it is possible to eliminate the possibility of wrongly recognizing a transaction that occurs in a dongle-type hardware wallet due to a PC being infected with malware and the transaction being rewritten. Furthermore, the information processing device according to the present embodiment does not need to use a separate dedicated device such as a dongle, and can be implemented only by a mobile terminal. This can greatly improve convenience.

  Further, in the existing hardware wallet, the contents regarding the transaction are displayed on the display part of the dongle connected by USB. Since the display part of the dongle is smaller and less visible than the display of a PC, even if the remittance contents such as the remittance destination and the remittance amount have been tampered with due to the user's misreading or oversight, the dongle sends without notice. There is also the possibility of doing it. On the other hand, according to the information processing apparatus according to the present embodiment, even when the content of the transaction to which the digital signature is added is displayed, the verification is executed to make the content of the regular transaction similar to the case of generating the transaction. Only the displayed contents are displayed, and the illegal contents are not displayed, so that the user can execute the transaction with peace of mind.

The instructions shown in the processing procedures shown in the above-described embodiments can be executed based on a program that is software. A general-purpose computer system may store the program in advance and read the program to obtain the same effect as the above-described information processing apparatus. The instructions described in the above embodiments are magnetic disks (flexible disks, hard disks, etc.), optical disks (CD-ROM, CD-R, CD-RW, DVD-ROM, DVD) as programs that can be executed by a computer. ± R, DVD ± RW, Blu-ray (registered trademark) Disc, etc.), a semiconductor memory, or a recording medium similar thereto. The storage format may be any form as long as it is a recording medium readable by a computer or an embedded system. The computer can realize the same operation as the information processing apparatus according to the above-described embodiments by reading the program from the recording medium and causing the CPU to execute the instruction described in the program based on the program. Of course, when the computer acquires or reads the program, it may be acquired or read via a network.
Further, an OS (operating system) running on a computer, database management software, MW (middleware) such as a network, etc., which realizes the present embodiment, based on an instruction of a program installed in a computer or an embedded system from a recording medium. You may perform a part of each process for doing.
Further, the recording medium in the present embodiment is not limited to a medium independent of a computer or an embedded system, but includes a recording medium in which a program transmitted via a LAN, the Internet or the like is downloaded and stored or temporarily stored.
Further, the number of recording media is not limited to one, and when the processing in this embodiment is executed from a plurality of media, it is included in the recording media in this embodiment, and the structure of the medium may be any structure.

The computer or the embedded system according to the present embodiment is for executing each process according to the present embodiment based on a program stored in a recording medium. The device may have any configuration such as a network-connected system.
Further, the computer in the present embodiment is not limited to a personal computer, and also includes an arithmetic processing unit, a microcomputer, and the like included in information processing equipment, and is a generic term for equipment and devices that can realize the functions in the present embodiment by a program. ing.

  The invention of the present application is not limited to the above-described embodiment, and can be variously modified at the stage of implementation without departing from the spirit of the invention. In addition, the respective embodiments may be combined as appropriate as much as possible, in which case the combined effects can be obtained. Further, the embodiments include inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent elements.

10, 30 ... Terminal, 20 ... Block chain network, 21 ... Communication medium, 25 ... Public ledger, 50 ... Software certificate authority, 100 ... Information processing apparatus, 101 ... Access control section, 102 ... Storage section, 103 ... Signature section, 104 ... Presentation unit, 105 ... Transmission unit, 106 ... Generation unit, 120 ... Secure element area, 140 ... Operating system area (OS area), 160 ... Application area, 701 ... Display screen, 910 ... Secure element, 920 ... First Processing circuit, 911 ... Memory, 912 ... Second processing circuit.

Claims (12)

An information processing device mounted on a terminal,
When a transaction is generated by software operating on the operating system of the terminal, it is determined whether the software that generated the transaction is certified software, and the software that generated the transaction is certified software. Only when it is determined that there is access control means for preventing unauthorized transaction signing by the intervention of malware by accessing the secure element of the terminal,
A signature unit that executes, in the secure element, a process of assigning a digital signature to the transaction using a secret key stored in a secure element of the terminal, triggered by an access by the access control unit.
An information processing apparatus comprising:   The information processing apparatus according to claim 1, wherein the access control unit suspends processing of the transaction when it is determined that the software that generated the transaction is not authorized software. The secure element further comprises storage means for storing a signature verification key for software certified by a certificate authority,
The access control unit determines whether or not the software that generated the transaction is authorized software by verifying a digital signature attached to the software using the signature verification key. The information processing apparatus according to claim 2. Further comprising presenting means for presenting the contents of the transaction to the user,
The said access control means determines whether the software which displays the content regarding the transaction with which the said digital signature was added is the said authorized software, The statement of any one of Claim 1 to Claim 3. Information processing equipment.   The information processing apparatus according to any one of claims 1 to 4, further comprising a transmitting unit that broadcast-transmits the transaction with the digital signature to a P2P (Peer to Peer) network using a blockchain technology. . Further comprising generation means for generating a public key and private key pair,
The information processing apparatus according to claim 3, wherein the storage unit stores the secret key.   The information processing apparatus according to claim 6, wherein the pair of the public key and the secret key is generated for each virtual currency. The generating means creates a pair of the public key and the private key when the transaction is an account opening instruction regarding virtual currency,
The information processing device according to claim 6 or 7, wherein the created public key is used by the authorized software.   The information processing apparatus according to claim 1, wherein the transaction is an instruction regarding a transaction of virtual currency. When a transaction is generated by software operating on the terminal operating system, it is determined whether the software that generated the transaction is authorized software, and the software that generated the transaction is authorized software. Only when it is determined that the secure element of the terminal is accessed to prevent the signature of an unauthorized transaction by the intervention of malware,
An information processing method, wherein, when triggered by an access to the secure element, a process of assigning a digital signature to the transaction is executed in the secure element using a secret key stored in the secure element of the terminal. On the computer,
When a transaction is generated by software operating on the terminal operating system, it is determined whether the software that generated the transaction is authorized software, and the software that generated the transaction is authorized software. Only when it is determined, by accessing the secure element of the terminal, an access control function to prevent the signature of an unauthorized transaction due to the intervention of malware,
A signature function for executing, in the secure element, a process of assigning a digital signature to the transaction using a secret key stored in the secure element of the terminal, triggered by an access by the access control function,
An information processing program that realizes A transaction is generated by software operating on the operating system of the terminal, and when the transaction is generated, it is determined whether the software that generated the transaction is authorized software, and the software that generated the transaction is A first processing circuit for preventing a false transaction from being signed by the intervention of malware by accessing the secure element of the terminal only when it is determined that the software is authorized.
A secure element including a memory for storing a secret key and a second processing circuit;
The information processing apparatus, wherein the second processing circuit executes, in the secure element, a process of assigning a digital signature to the transaction using the secret key, triggered by an access by the first processing circuit.