JP2021033645A5 - - Google Patents
Download PDFInfo
- Publication number
- JP2021033645A5 JP2021033645A5 JP2019153190A JP2019153190A JP2021033645A5 JP 2021033645 A5 JP2021033645 A5 JP 2021033645A5 JP 2019153190 A JP2019153190 A JP 2019153190A JP 2019153190 A JP2019153190 A JP 2019153190A JP 2021033645 A5 JP2021033645 A5 JP 2021033645A5
- Authority
- JP
- Japan
- Prior art keywords
- information
- information processing
- certificate
- processing apparatus
- predetermined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000010365 information processing Effects 0.000 claims 23
- 238000004891 communication Methods 0.000 claims 10
- 238000012795 verification Methods 0.000 claims 7
- 238000009434 installation Methods 0.000 claims 2
- 238000000034 method Methods 0.000 claims 2
Claims (13)
外部サーバーとの暗号化通信を行う際に用いられるルート証明書を管理する管理手段と、
アプリケーションから前記外部サーバーとの暗号化通信の要求を受け付けた際に、当該アプリケーションが、前記情報処理装置における所定の情報を利用するか否かを判定する判定手段と、
前記判定手段にて前記アプリケーションが前記所定の情報を利用すると判定された場合、前記管理手段にて管理されているルート証明書のうち、所定の属性情報が設定されたルート証明書を用いて、前記外部サーバーのサーバー証明書を検証する検証手段と
を有することを特徴とする情報処理装置。 An information processing device capable of operating one or more applications,
a management means for managing a root certificate used when performing encrypted communication with an external server;
determining means for determining whether or not the application uses predetermined information in the information processing device when a request for encrypted communication with the external server is received from the application;
when the determination means determines that the application uses the predetermined information, using a root certificate in which predetermined attribute information is set among the root certificates managed by the management means, and verification means for verifying a server certificate of the external server.
前記管理手段は、前記インストール手段にてインストールされたルート証明書には前記所定の属性情報を設定しないことを特徴とする請求項1に記載の情報処理装置。 further comprising installation means for installing a new root certificate based on user instructions;
2. The information processing apparatus according to claim 1, wherein said management means does not set said predetermined attribute information to the root certificate installed by said installation means.
前記管理手段は、前記アップデート手段によるアップデートに用いられるデータに含まれるルート証明書には前記所定の属性情報を設定することを特徴とする請求項1または2に記載の情報処理装置。 further comprising update means for updating firmware provided in the information processing device;
3. The information processing apparatus according to claim 1, wherein said management means sets said predetermined attribute information in a root certificate included in data used for updating by said update means.
前記判定手段は、アプリケーションから前記外部サーバーとの暗号化通信の要求を受け付けた際に、当該アプリケーションから前記所定の情報を利用するか否かを示す指示を受け付けたか否かを判定し、
前記指示を受け付けていない場合、前記第2の管理手段にて管理されている情報に基づいて、当該アプリケーションが、前記所定の情報を利用するか否かを判定することを特徴とする請求項1乃至4のいずれか一項に記載の情報処理装置。 further comprising second management means for managing information of applications installed in the information processing device;
The determining means, when receiving a request for encrypted communication with the external server from an application, determines whether or not an instruction indicating whether or not to use the predetermined information is received from the application;
2. If the instruction is not received, the application determines whether or not to use the predetermined information based on the information managed by the second management means. 5. The information processing device according to any one of items 1 to 4.
前記検証手段は、前記判定手段にて前記外部サーバーとの暗号化通信の要求を行ったアプリケーションが前記所定の属性を利用せず、かつ、前記設定手段にてサーバー証明書の検証を行わない設定がされている場合に、当該サーバー証明書の検証を行わないことを特徴とする請求項1乃至5のいずれか一項に記載の情報処理装置。 further comprising setting means for setting whether or not to verify the server certificate of the external server;
The verification means is configured such that the application that requests encrypted communication with the external server by the determination means does not use the predetermined attribute and the setting means does not verify the server certificate. 6. The information processing apparatus according to any one of claims 1 to 5, wherein verification of the server certificate is not performed when the server certificate is verified.
前記情報処理装置にインストールされているルート証明書のうち、前記所定の属性情報が設定されたルート証明書を前記生成手段にて生成された共通鍵を用いて暗号化してエクスポートするエクスポート手段と、
前記エクスポート手段にて出力されたデータを前記情報処理装置にインポートする際に、前記生成手段にて生成された共通鍵を用いて暗号化されたルート証明書を復号化してインポートするインポート手段と
を更に有することを特徴とする請求項1乃至6のいずれか一項に記載の情報処理装置。 generating means for generating a common key using information unique to the information processing device;
Export means for encrypting and exporting a root certificate in which the predetermined attribute information is set among the root certificates installed in the information processing device using the common key generated by the generating means;
importing means for, when importing the data output by the exporting means into the information processing apparatus, decrypting and importing the root certificate encrypted using the common key generated by the generating means; 7. The information processing apparatus according to any one of claims 1 to 6, further comprising:
外部サーバーとの暗号化通信を行う際に用いられるルート証明書を管理手段にて管理する管理工程と、
アプリケーションから前記外部サーバーとの暗号化通信の要求を受け付けた際に、当該アプリケーションが、前記情報処理装置における所定の情報を利用するか否かを判定する判定工程と、
前記判定工程にて前記アプリケーションが前記所定の情報を利用すると判定された場合、前記管理手段にて管理されているルート証明書のうち、所定の属性情報が設定されたルート証明書を用いて、前記外部サーバーのサーバー証明書を検証する検証工程と
を有することを特徴とする情報処理装置の制御方法。 A control method for an information processing device capable of operating one or more applications, comprising:
a management step of managing a root certificate used when performing encrypted communication with an external server by management means;
a determination step of determining whether or not the application uses predetermined information in the information processing device when a request for encrypted communication with the external server is received from the application;
When it is determined in the determination step that the application uses the predetermined information, using a root certificate in which predetermined attribute information is set, among the root certificates managed by the management means, and a verification step of verifying a server certificate of the external server.
外部サーバーとの暗号化通信を行う際に用いられるルート証明書を管理する管理手段、
アプリケーションから前記外部サーバーとの暗号化通信の要求を受け付けた際に、当該アプリケーションが、前記コンピューターにおける所定の情報を利用するか否かを判定する判定手段、
前記判定手段にて前記アプリケーションが前記所定の情報を利用すると判定された場合、前記管理手段にて管理されているルート証明書のうち、所定の属性情報が設定されたルート証明書を用いて、前記外部サーバーのサーバー証明書を検証する検証手段
として機能させるためのプログラム。 A computer capable of running one or more applications,
Management means for managing root certificates used for encrypted communication with external servers,
Determination means for determining whether or not the application uses predetermined information in the computer when a request for encrypted communication with the external server is received from the application;
when the determination means determines that the application uses the predetermined information, using a root certificate in which predetermined attribute information is set among the root certificates managed by the management means, A program for functioning as verification means for verifying the server certificate of the external server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2019153190A JP7313232B2 (en) | 2019-08-23 | 2019-08-23 | Information processing device, its control method, and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2019153190A JP7313232B2 (en) | 2019-08-23 | 2019-08-23 | Information processing device, its control method, and program |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2021033645A JP2021033645A (en) | 2021-03-01 |
JP2021033645A5 true JP2021033645A5 (en) | 2022-08-04 |
JP7313232B2 JP7313232B2 (en) | 2023-07-24 |
Family
ID=74675881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2019153190A Active JP7313232B2 (en) | 2019-08-23 | 2019-08-23 | Information processing device, its control method, and program |
Country Status (1)
Country | Link |
---|---|
JP (1) | JP7313232B2 (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5476086B2 (en) | 2009-10-16 | 2014-04-23 | フェリカネットワークス株式会社 | IC chip, information processing apparatus, and program |
JP6623321B2 (en) | 2014-01-21 | 2019-12-25 | サイエンスパーク株式会社 | Method for managing electronic data for network system, program therefor, and recording medium for program |
JP6318948B2 (en) | 2014-07-28 | 2018-05-09 | 富士通株式会社 | Electronic device and authentication device |
JP6635970B2 (en) | 2017-03-31 | 2020-01-29 | セコム株式会社 | Communication device |
-
2019
- 2019-08-23 JP JP2019153190A patent/JP7313232B2/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10985913B2 (en) | Method and system for protecting data keys in trusted computing | |
US10547598B2 (en) | Abstracted cryptographic material management across multiple service providers | |
US9363085B2 (en) | Attestation of data sanitization | |
CA2904615C (en) | Method and apparatus for embedding secret information in digital certificates | |
KR101861401B1 (en) | Binding applications to device capabilities | |
US8886964B1 (en) | Protecting remote asset against data exploits utilizing an embedded key generator | |
US8572368B1 (en) | Systems and methods for generating code-specific code-signing certificates containing extended metadata | |
US8312518B1 (en) | Island of trust in a service-oriented environment | |
US9043456B2 (en) | Identity data management system for high volume production of product-specific identity data | |
US9252958B1 (en) | Systems and methods for providing a self-maintaining PKI infrastructure among loosely connected entities | |
JP2006179007A (en) | Secure license management | |
US20110138177A1 (en) | Online public key infrastructure (pki) system | |
MXPA04001597A (en) | Tying a digital license to a user and tying the user to multiple computing devices in a digital rights management (drm) sytem. | |
WO2022170810A1 (en) | Method and apparatus for processing cloud storage data, and computer system | |
TW201816638A (en) | Method and system for querying data through verification of identity and authorization | |
US20140157368A1 (en) | Software authentication | |
KR101580514B1 (en) | Method and apparatus for managing a password by using the seed key and computer readable recording medium applying the same | |
JP2014174560A5 (en) | ||
WO2016165215A1 (en) | Method and apparatus for loading code signing on applications | |
US9397828B1 (en) | Embedding keys in hardware | |
CN111177693B (en) | Method, device, equipment and medium for verifying terminal root certificate | |
JP7068826B2 (en) | Enhanced obfuscation or randomization for secure product identification and verification | |
US20140230068A1 (en) | System and method for packaging and authenticating a software product | |
US20150262084A1 (en) | Methods for defending static and dynamic reverse engineering of software license control and devices thereof | |
JP2009251977A (en) | Software installation system |