JP2023164669A - Information processing device, server device, communication system, communication method, and program - Google Patents

Abstract

To provide an information processing device, a server device, a communication system, a communication method, and a program that can perform communication using individual keys without writing individual information in advance.SOLUTION: An information processing device includes: a communication unit that communicates with a communication destination server device; a storage unit that stores a master key; an individual key generation unit that generates an individual key using the master key and a predetermined ID; and an information processing unit that performs communication with the server device using the individual key as a common key. The individual key generation unit generates a first individual key used for authentication of an information processing device by the server device and a second individual key to be used for authentication of the server device by the information processing device on the basis of the combination of the same master key and the predetermined ID.SELECTED DRAWING: Figure 2

Description

The present invention relates to an information processing device, a server device, a communication system, a communication method, and a program.

In recent years, systems that aggregate environmental data such as temperature and humidity, imaging data, etc. (hereinafter referred to as environmental data, etc.) at various locations have become widespread. In such a system, devices equipped with sensors are installed in various locations, and each device transmits environmental data, etc. measured by the sensor at that location to a server, and the data is aggregated. Ru. Furthermore, in such systems, a dedicated microcomputer chip for verifying communication content is often incorporated into the device. By verifying the contents of communication exchanged between the server device and the device device, the microcomputer chip can prevent fraud such as impersonation and data falsification, and maintain communication security. Such a microcomputer chip performs, for example, a process (authentication process) for authenticating the validity of a communication destination device. Patent Document 1 discloses a technique for determining the validity of a repeater that relays communication data.

The authentication process is performed using, for example, a challenge and response method. In a challenge-and-response method using a common key cryptosystem, a challenge side (for example, a server device) sends a challenge (host random number) to a response side (for example, a microcomputer chip). The response side encrypts the host random number. Encryption is performed using a common key shared in advance by the challenge side and the response side. The response side notifies the challenge side of the encrypted host random number. The challenger decrypts the encrypted host random number. Decryption is performed using a common key shared in advance by the challenge side and the response side. If the decrypted host random number matches the transmitted host random number, the challenger authenticates that the responder is a valid device as a communication destination.

JP2017-33225A

However, in order to perform such mutual authentication, it is necessary that the challenge side and the response side share a common key in advance. If the common key is not exchanged using public key cryptography, the common key must be written in the server device and the microcomputer chip in advance. In the above-described system, the server device usually communicates with a plurality of microcomputer chips. The task of writing different individual common keys into each of a large number of microcomputer chips becomes more complicated and time-consuming compared to writing the same information to microcomputer chips. Furthermore, there is a problem in that it is necessary to manage the written individual keys, which increases management costs.

The present invention has been made in view of the above situation, and its purpose is to provide an information processing device, a server device, a communication system, and a server device that can perform communication using individual keys without writing individual information. Its purpose is to provide communication methods and programs.

In order to solve the above-mentioned problems, one aspect of the present invention uses a communication unit that communicates with a server device of a communication destination, a storage unit that stores a master key, and the master key and a predetermined ID. The information processing apparatus is characterized by comprising an individual key generation unit that generates a key, and an information processing unit that performs communication with the server device using the individual key.

Further, in the information processing device according to one aspect of the present invention, the information processing unit may be configured to delete the master key stored in the storage unit after the individual key is generated by the individual key generation unit. It's okay.

Further, in the information processing device according to one aspect of the present invention, the information processing unit, after receiving communication content encrypted using the individual key from the server device, stores the master key stored in the storage unit. It may also be configured to erase the information.

Further, in the information processing device according to one aspect of the present invention, when the information processing unit receives an instruction to delete information related to generation of an individual key from the server device, the information processing unit is configured to The configuration may be such that the master key is deleted.

Further, in the information processing device according to one aspect of the present invention, the storage unit stores an individual key generation program corresponding to the process executed by the individual key generation unit, and the information processing unit stores the individual key generation program. The individual key generation program stored in the storage unit may be deleted after the individual key is generated by the storage unit.

Further, in the information processing device according to one aspect of the present invention, the information processing unit determines whether or not to update the individual key, and the individual key generation unit updates the individual key by the information processing unit. If it is determined that this is the case, the individual key after being updated may be generated using the individual key before being updated and a predetermined ID.

Further, one aspect of the present invention provides a server communication unit that receives an ID from a communication destination information processing device, a storage unit that stores a master key, and a server communication unit that uses the master key and the ID received from the information processing device. , comprising: an individual key generation unit that generates an individual key; and a server control unit that notifies the information processing device of communication content encrypted using the individual key generated by the individual key generation unit. It is a server device that performs

Furthermore, in the server device according to one aspect of the present invention, the server control unit erases information related to generation of the individual key stored in the information processing device after the individual key is generated by the individual key generation unit. The configuration may be such that the information processing device is notified of a command to that effect.

Further, one aspect of the present invention is a communication system including the above-described information processing device and the above-described server device.

Further, one aspect of the present invention is a communication method for an information processing apparatus including a storage unit that stores a master key, wherein the communication unit communicates with a server device as a communication destination, and the individual key generation unit stores the master key. This communication method is characterized in that an individual key is generated using the information processing unit and a predetermined ID, and the information processing unit performs communication with the server device using the individual key.

Further, one aspect of the present invention provides a communication means for communicating with a communication destination server device, a computer of an information processing device including a storage unit that stores a master key, and an individual key using the master key and a predetermined ID. This program functions as an individual key generation means for generating the individual key, and an information processing means for communicating with the server device using the individual key.

According to the present invention, communication using an individual key can be performed without writing individual information in advance.

FIG. 1 is a system configuration diagram showing an example of the configuration of a communication system 1 according to a first embodiment. FIG. 2 is a block diagram showing an example of the configuration of a microcomputer chip 20 according to the first embodiment. FIG. 2 is a block diagram showing an example of the configuration of a server device 40 according to the first embodiment. FIG. 3 is a diagram showing an example of data stored in the microcomputer storage unit 26 of the first embodiment. FIG. 2 is a sequence diagram showing the flow of processing of the communication system 1 according to the first embodiment. It is a flowchart showing the flow of processing performed by the microcomputer chip 20 of the first embodiment. FIG. 2 is a diagram illustrating a method by which the microcomputer chip 20 of the first embodiment generates an individual key. It is a figure showing an example of data stored in microcomputer storage part 26A of a 2nd embodiment. It is a sequence diagram which shows the flow of processing of communication system 1B of a 3rd embodiment.

Hereinafter, an information processing device, a communication system, a communication method, and a program according to embodiments will be described with reference to the drawings.

(First embodiment)
First, a first embodiment will be described.
FIG. 1 is a system configuration diagram showing an example of the configuration of a communication system 1 according to an embodiment. The communication system 1 includes, for example, a plurality of devices 10 (devices 10-1, 10-2, . . . 10-N), a server device 40, a manufacturer 50, and a communication network 60. N is any natural number.

The server device 40 and the device device 10 are connected to each other via a communication network 60 so that they can communicate with each other. Note that although FIG. 1 shows an example in which a plurality of device apparatuses 10 are communicably connected to one server apparatus 40, the present invention is not limited to this. In the communication system 1, one device device 10 may be connected to one server device 40, or a plurality of device devices 10 may be connected to a plurality of device devices 10. Moreover, one device apparatus 10 may be connected to a plurality of server apparatuses 40.

Each of the device devices 10 includes a control chip 30 (control chips 30-1, 30-2,...30-N) and a microcomputer chip 20 (microcomputer chips 20-1, 20-2,...20-N) (device device 10-1, 10-2, ...10-N) are incorporated. Here, the microcomputer chip 20 is an example of an "information processing device."

The device device 10 transmits environmental data and the like to the server device 40. The device device 10 includes, for example, a communication module, a control chip 30, a plurality of sensor modules, and a microcomputer chip 20. The communication module communicates with the server device 40 via the communication network 60. The control chip 30 controls the device 10 in an integrated manner. The control chip 30 controls turning on and off power to the microcomputer chip 20, for example. The sensor module is a module that measures (senses) various data, and is, for example, a temperature sensor that measures temperature or an imaging module that has an imaging function.

The microcomputer chip 20 verifies the communication content. The microcomputer chip 20 is, for example, a device called an IC chip, SE (secure element), secure IC chip, secure chip, secure IC, secure microcomputer, etc., in which an integrated circuit is mounted on a semiconductor substrate. The microcomputer chip 20 is incorporated into the device device 10 and communicates with the device device 10 and also communicates with the server device 40 via the device device 10. The communication content sent from the device device 10 to the server device 40 is encrypted. Furthermore, the microcomputer chip 20 verifies the communication content received by the device apparatus 10 and then decrypts the encrypted communication content.

Note that the microcomputer chip 20 may be an IC card or a SIM card (Subscriber Identity Module Card) in which the functions of the microcomputer chip 20 are mounted on a card material such as plastic. In this case, the microcomputer chip 20 is removably attached to the device device 10 via a contact portion (not shown) of an IC card or SIM card.

The communication network 60 is, for example, a communication network that includes some or all of the Internet, a WAN (Wide Area Network), a LAN (Local Area Network), a provider device, a wireless base station, a dedicated line, and the like.

The server device 40 receives environmental data and the like from the device device 10, stores the received communication data, and provides various services. The various services here refer to services that present accumulated data, such as graphs showing time-series changes in environmental data or graphs showing time-series changes in imaged data in response to operations by a user operating the server device 40. This is a service that displays images, etc.

The manufacturer 50 is, for example, a manufacturer of the device apparatus 10. For example, the manufacturer 50 purchases the microcomputer chip 20 on which nothing is written from a microcomputer manufacturing vendor. The manufacturer 50 writes various types of information to the microcomputer chip 20 during the manufacturing process of the device device 10 in which the purchased microcomputer chip 20 is incorporated into the device device 10 . The various types of information written to the microcomputer chip 20 here include a program for causing the microcomputer chip 20 to execute processing for detecting communication content, and variables used in the program.

In this embodiment, when communication is performed by encrypting communication contents, encryption is performed using a common key encryption method. The common key encryption method uses the same key for encryption and decryption. The common key cryptosystem has the advantage that the time required for encryption and decryption is shorter than the public key cryptosystem that uses different keys for encryption and decryption. In the following description, an individual key used by each of the plurality of microcomputer chips 20 when encrypting the content of communication with the server device 40 will be referred to as an "individual key."

In this embodiment, the microcomputer chip 20 and the server device 40 (hereinafter referred to as the microcomputer chip 20, etc.) do not hold individual keys at the time of shipment. The microcomputer chip 20 and the like generate individual keys using the master key at predetermined timing, and perform encrypted communication using the generated individual keys. The predetermined timing is, for example, the timing at which encryption or decryption is required, such as when starting up for the first time. Specifically, in the microcomputer chip 20 or the like, not the individual key itself but information necessary for generating the individual key is written and stored in advance at the time of shipment.

Here, the information necessary to generate the individual key is information common to all of the plurality of microcomputer chips 20 that communicate with the server device 40. The information necessary to generate an individual key is specifically information indicating a "master key," an "ID generation program," and an "individual key generation program." A "master key" is a numerical value that is assumed to not overlap or coincidentally occur even if it is not specially managed. The "master key" is, for example, a 128-bit key in AES (Advanced Encryption Standard) encryption. The "ID generation program" is a program that generates an ID. The ID is an identification number (numeric value) that uniquely identifies the individual key. Like the master key, the ID is, for example, a 128-bit identifier in UUID (Universally Unique Identifier) Version 4 on the premise that no duplication or coincidence will occur even if no particular management is performed. For example, the ID may be a MAC (Media Access Control) address set in the microcomputer communication unit 25, a microcomputer-specific serial number set by the microcomputer manufacturer, or the like. For example, the serial number assigned to the microcomputer chip 20 may be used as it is as the ID, or a number processed based on the serial number may be used as the ID. Processing here means to generate a number different from the serial number based on the serial number, for example, by executing a predetermined algorithm (for example, hash calculation) with the serial number as an argument. It refers to generating a number (hash value). The "individual key generation program" is a program that generates an individual key using a master key and an ID.

That is, in this embodiment, since it is only necessary to write common information to the plurality of microcomputer chips 20 connected to the server device 40, there is no need to write individual information to each. That is, it becomes possible to perform encrypted communication using an individual key without writing individual information to the microcomputer chip 20.

For example, consider a case where mutual authentication is performed using a challenge-and-response method using common key cryptography.
First, device authentication is performed in which the server device 40 authenticates the microcomputer chip 20. In this case, the microcomputer chip 20 generates an individual key. Specifically, the microcomputer chip 20 generates an ID, and uses the generated ID and master key to execute an individual key generation program to generate an individual key. Next, the microcomputer chip 20 transmits the generated ID to the server device 40 as the host ID.

The server device 40 receives an ID (host ID) from the microcomputer chip 20. The server device 40 transmits a server challenge (random number) to the microcomputer chip 20. The microcomputer chip 20 encrypts the received server challenge (random number) using an individual key. The microcomputer chip 20 transmits the encrypted server challenge (random number) to the server device 40.

The server device 40 receives an encrypted server challenge (random number) from the microcomputer chip 20. The server device 40 decrypts the encrypted server challenge (random number). Here, the server device 40 generates an individual key to decrypt the encrypted server challenge (random number). The server device 40 generates an individual key by executing an individual key generation program using the ID received from the microcomputer chip 20 and the master key stored in the server device 40. Here, the individual key generated by the server device 40 is generated using the same program (individual key generation program) using the same variables (ID and master key) as those used when the microcomputer chip 20 generates the individual key. ) was generated by executing That is, the individual key generated by the server device 40 and the individual key generated by the microcomputer chip 20 have the same numerical value (unless the microcomputer chip 20 is a spoofing device that does not know the correct ID and master key).
The server device 40 determines whether the decrypted value matches the server challenge (random number) that it transmitted. If the two match, the server device 40 determines that the microcomputer chip 20 is legitimate and sends a notification to the microcomputer chip 20 indicating that the authentication was successful. On the other hand, if the two do not match, the server device 40 determines that the microcomputer chip 20 is not legitimate and sends a notification to the microcomputer chip 20 indicating that the authentication has failed.

Next, server authentication is performed in which the microcomputer chip 20 authenticates the server device 40. In this case, the microcomputer chip 20 transmits the ID as a host ID to the server device 40, and also transmits a device challenge (random number) to the server device 40.

The server device 40 receives a device challenge (random number) from the microcomputer chip 20 and encrypts the received device challenge (random number). If the server device 40 has not generated an individual key for encryption, the server device 40 executes an individual key generation program using the ID received from the microcomputer chip 20 and the master key stored in the server device 40. By doing this, an individual key is generated. The server device 40 transmits the encrypted device challenge (random number) to the microcomputer chip 20.
The microcomputer chip 20 receives an encrypted device challenge (random number) from the server device 40, and decrypts the received encrypted device challenge (random number). The microcomputer chip 20 determines whether or not the decoded value matches the device challenge (random number) that it transmitted. If the two match, the microcomputer chip 20 determines that the server device 40 is legitimate and sends a notification to the server device 40 indicating that the authentication was successful. On the other hand, if the two do not match, the microcomputer chip 20 determines that the server device 40 is not legitimate and sends a notification to the server device 40 indicating that the authentication has failed.

FIG. 2 is a block diagram showing an example of the configuration of the microcomputer chip 20 of the first embodiment. The functional units constituting the microcomputer chip 20 are realized by a processor such as a CPU executing a program (software). Further, some or all of these functional units may be realized by hardware such as LSI (Large Scale Integration), ASIC (Application Specific Integrated Circuit), or FPGA (Field-Programmable Gate Array), or may be realized by software. It may also be realized by cooperation between and hardware.

The microcomputer chip 20 includes, for example, a microcomputer control section 21, a microcomputer communication section 25, and a microcomputer storage section 26. The microcomputer control section 21 includes an ID generation section 22, an individual key generation section 23, and a microcomputer processing section 24. The microcomputer storage unit 26 includes a master key storage unit 27, an ID storage unit 28, and an individual key storage unit 29. Here, the microcomputer communication section 25 is an example of a "communication section." Furthermore, the microcomputer processing section 24 is an example of an "information processing section."

The microcomputer control unit 21 controls the microcomputer chip 20 in an integrated manner. The ID generation unit 22 generates an ID by executing an ID generation program stored in the microcomputer storage unit 26. The ID generation program is a program that generates a 128-bit ID by, for example, generating random numbers or using the current time. In this case, the ID generation unit 22 generates an ID using random numbers. The ID generation unit 22 outputs the generated ID to the individual key generation unit 23. Further, the ID generation unit 22 stores the generated ID in the ID storage unit 28.

The individual key generation unit 23 generates an individual key derived from the master key by executing an individual key generation program using the ID as a parameter. The ID is a 128-bit numerical value generated by the ID generation unit 22. The master key is a 128-bit numerical value stored in the master key storage unit 27. The individual key generation program is a program stored in the microcomputer storage section 26. The method by which the individual key generation unit 23 generates an individual key (algorithm of the individual key generation program) will be described in detail later. The individual key generation unit 23 stores the generated individual key in the individual key storage unit 29.

The microcomputer processing section 24 performs various processes performed by the microcomputer chip 20. The microcomputer processing unit 24 performs, for example, a process of authenticating the server device 40 as a challenger. When the microcomputer processing unit 24 receives a server challenge (random number) from the server device 40, the microcomputer processing unit 24 serves as a response side and transmits the encrypted server challenge to the server device 40 as a response. The microcomputer processing unit 24, for example, encrypts the environmental data etc. acquired by the device apparatus 10. The microcomputer processing unit 24 decrypts the encrypted communication content received by the device 10.

Furthermore, the microcomputer processing unit 24 may delete the master key stored in the master key storage unit 27 after the individual key generation unit 23 generates the individual key. As a result, even if the individual key generation program is leaked for some reason, it is possible to prevent the individual key from being duplicated using the ID.

Alternatively, the microcomputer processing unit 24 may delete the master key stored in the master key storage unit 27 after mutual authentication with the server device 40 is completed. This allows you to remember the master key until mutual authentication is completed, and even if mutual authentication fails for some reason, you can regenerate the individual key and perform mutual authentication again. It is possible to take measures such as:

Further, the microcomputer processing unit 24 may erase the individual key generation program together with the master key or in place of the master key at the timing of erasing the master key described above. Further, the microcomputer processing unit 24 may erase the master key and/or the individual key generation program in response to a command from the server device 40 after mutual authentication with the server device 40 is completed. Further, the microcomputer processing unit 24 may erase the ID generation program together with the individual key generation program.

The microcomputer communication unit 25 communicates with the server device 40 via the communication network 60.
The microcomputer storage unit 26 is realized by, for example, an HDD (Hard Disc Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), or a RAM (Random Access Memory). The microcomputer storage unit 26 stores an individual key generation program and an ID generation program written in advance at the time of shipment. The master key storage unit 27 stores a master key that is preset at the time of shipment. The individual key storage unit 29 stores the individual key generated by the individual key generation unit 23.

FIG. 3 is a block diagram showing an example of the configuration of the server device 40 of the first embodiment. Similar to the microcomputer chip 20, the functional units constituting the server device 40 are realized by a processor such as a CPU executing a program (software).

The server device 40 includes, for example, a server control section 41, a server communication section 45, and a server storage section 46. The server control unit 41 includes an individual key generation unit 43 and a server processing unit 44. The server storage unit 46 includes, for example, a master key storage unit 47 and an individual key storage unit 49. The function of generating an individual key in the server device 40 is similar to the function of the microcomputer chip 20. That is, the individual key generation section 43 has the same function as the individual key generation section 23, the master key storage section 47 has the same function as the master key storage section 27, and the individual key storage section 49 has the same function as the individual key storage section 29. Therefore, descriptions of the functions of these functional units will be omitted, and only operations that differ from the above-mentioned configuration will be described.

The server control unit 41 controls the server device 40 in an integrated manner. The individual key generation unit 43 generates an individual key used for communication with the microcomputer chip 20 using the host ID from the microcomputer chip 20, and stores the generated individual key in the individual key storage unit 49.
Note that the individual key may be generated each time the microcomputer chip 20 that has notified the ID is authenticated. In this case, for example, after the communication with the microcomputer chip 20 ends, the individual key stored in the individual key storage section 49 is deleted.
Alternatively, an individual key that has been generated once may be used continuously. In this case, for example, the individual key generated by the individual key generation unit 43 is stored in association with the ID used to generate the individual key. Then, when the server control unit 41 is notified of the ID from the microcomputer chip 20, it refers to the individual key storage unit 49 based on the notified ID. If an individual key corresponding to the notified ID is stored, the server control unit 41 performs mutual authentication using the individual key. On the other hand, if the individual key corresponding to the notified ID is not stored, the server control unit 41 causes the individual key generation unit 43 to generate an individual key corresponding to the ID.

The server processing unit 44 performs various processes performed by the server device 40. The server processing unit 44 performs, for example, a process of authenticating the microcomputer chip 20 as a challenger. When the server processing unit 44 receives the host ID and device challenge (random number) from the microcomputer chip 20, it causes the microcomputer chip 20 to transmit an encrypted device challenge as a response side. For example, the server processing unit 44 decrypts encrypted environment data etc. from the device device 10 and stores it in the server storage unit 46. The server processing unit 44 encrypts the communication content notified from the server device 40 to the device device 10 and causes it to be transmitted.

Further, after mutual authentication with the microcomputer chip 20 is completed, the server processing unit 44 may transmit to the microcomputer chip 20 an instruction to delete information related to generation of the individual key stored in the microcomputer chip 20. Information regarding generation of individual keys is, for example, a master key and an individual key generation program.

The server communication unit 45 communicates with the device device 10 and an external terminal device via the communication network 60.

FIG. 4 is a diagram showing a configuration example of information stored in the microcomputer storage section 26. As shown in FIG. The microcomputer storage unit 26 includes, for example, a variable area E1, a user program area E2, and a firmware area E3. The areas E1 to E3 are provided in, for example, an EEPROM that is an electrically rewritable nonvolatile memory.

Data used when the microcomputer chip 20 performs various processes is stored in the area E1. Among the programs that execute the processes performed by the microcomputer chip 20, a program (user program) whose contents can be rewritten by the microcomputer chip 20 is stored in the area E2. Among the programs that execute the processes performed by the microcomputer chip 20, a program (firmware) whose contents cannot be rewritten by itself is stored in the area E3. The firmware is rewritten by a device (for example, a management server of the communication system 1, not shown) that has authority to rewrite the firmware (firmware update). For example, the management server transmits data in which the firmware update program is encrypted to the microcomputer chip 20 via the communication network 60.

As shown in FIG. 4, the area E1 is provided with data D1 indicating a master key, data D2 indicating an individual key, and data D3 indicating an ID. The area E2 is provided with a program P1 indicating an ID generation program and a program P2 indicating an individual key generation program. The microcomputer chip 20 erases the data D1 and/or the program P2, for example, after generating the individual key or after mutual authentication is completed.

FIG. 5 is a sequence diagram showing the flow of processing performed in the communication system 1. As shown in FIG. 5, in the communication system 1, processing is performed according to each phase of server setting, device manufacturing, device initialization processing, and device usage start.

First, the server configuration phase will be explained.
In step S101, the manufacturer 50 notifies the server device 40 of data indicating a master key and a program (individual key generation program). The manufacturer 50 may transmit the data via the communication network 60, or may notify the data by delivering a storage medium on which the data is stored. The server device 40 stores data received from the manufacturer 50. That is, the server device 40 stores the individual key generation program in the server storage section 46 and stores the master key in the master key storage section 47.

Next, the phases of device manufacturing will be explained.
In step S102, the manufacturer 50 writes data indicating a master key and programs (an ID generation program and an individual key generation program) into the microcomputer chip 20. That is, the microcomputer chip 20 causes the microcomputer storage unit 26 to store the ID generation program and the individual key generation program, and stores the master key in the master key storage unit 27.
In step S103, the manufacturer 50 incorporates the microcomputer chip 20 with the data written into the device 10.

Next, the phases of device initialization processing will be explained.
In step S104, the device apparatus 10 turns on the power to the microcomputer chip 20 via the control chip 30, thereby turning on the microcomputer chip 20.
In step S105, microcomputer initialization processing is performed. In the microcomputer initialization process, an ID and an individual key are set as initial settings. Details of the microcomputer initialization process will be explained in detail later.
In step S106, the microcomputer chip 20 sends a completion notification to the device apparatus 10 indicating that the initial settings have been completed.
In step S107, the device apparatus 10 receives the completion notification from the microcomputer chip 20, cuts off the power to the microcomputer chip 20, and turns the microcomputer chip 20 into a power-off state.

Next, the phase of starting to use the device will be explained.
In step S108, the device apparatus 10 powers on the microcomputer chip 20.
In step S109, the microcomputer chip 20 notifies the server device 40 of the ID and device challenge (random number) and issues an authentication request for mutual authentication.
In step S110, the server device 40 generates an individual key using the ID notified from the microcomputer chip 20.
In step S111, the server device 40 performs mutual authentication using the generated individual key. Specifically, the server device 40 transmits to the microcomputer chip 20 a response in which the device challenge (random number) notified from the microcomputer chip 20 is encrypted. Further, the server device 40 notifies the microcomputer chip 20 of the server challenge (random number) generated by the server device 40 and issues an authentication request for mutual authentication.
In step S112, after mutual authentication is completed, the microcomputer chip 20 and the server device 40 perform encrypted communication using an individual key. Here, the microcomputer chip 20 and the server device 40 may perform encrypted communication using a session key. A session key is a so-called disposable encryption key that is valid only for a certain period of time or from the start to the end of communication.
The microcomputer chip 20 and the server device 40, for example, calculate the exclusive OR of the server challenge and device challenge used in mutual authentication, and encrypt the calculation result with an individual key. Then, the encrypted calculation result (exclusive OR) is used as the session key.
In step S113, when the communication between the microcomputer chip 20 and the server device 40 ends, the device device 10 turns off the power of the microcomputer chip 20.

FIG. 6 is a flowchart showing the flow of processing performed by the microcomputer chip 20 of the first embodiment. FIG. 6 shows the flow of microcomputer initialization processing shown in step S105 in the sequence diagram of FIG.

In step S200, the microcomputer chip 20 uses the ID generation unit 22 to generate an ID. In step S201, the microcomputer chip 20 stores the ID generated by the ID generation unit 22 in the ID storage unit 28.
In step S202, the microcomputer chip 20 causes the individual key generation unit 23 to execute an individual key generation program using the ID as a parameter, thereby generating an individual key derived from the master key. In step S203, the microcomputer chip 20 stores the individual key generated by the individual key generation unit 23 in the individual key storage unit 29.
In step S204, the microcomputer chip 20 erases the master key stored in the master key storage unit 27 by the microcomputer processing unit 24.

Here, a method for generating an individual key will be explained using FIG. 7.
FIG. 7 is a diagram illustrating a method for generating an individual key according to the first embodiment. Here, a case where the microcomputer chip 20 generates an individual key will be described as an example, but the same applies to a case where the server device 40 generates an individual key.

In step S300, the individual key generation unit 23 of the microcomputer chip 20 obtains the ID generated by the ID generation unit 22.
In step S301, the individual key generation unit 23 performs MD5 (Message Digest algorithm 5) processing using the ID. MD5 processing is processing that generates a 128-bit hash value as a cryptographic hash function of an input (ID).
In step S302, the individual key generation unit 23 obtains the MD5 value (128 bits) of the ID. In step S303, the individual key generation unit 23 combines the ID (128 bits) obtained in step S300 with the MD5 value (128 bits) of the ID obtained in step S302, and in step S304, the extended ID (256 bits) is combined with the ID (128 bits) obtained in step S300. ) to obtain.
In step S305, the individual key generation unit 23 performs a process of encrypting the extended ID using the master key (128 bits). The encryption process may be performed using any commonly used encryption method.
In step S306, the individual key generation unit 23 acquires the encrypted extension ID (256 bits), and in step S307, the individual key generation unit 23 acquires a part of the extension ID as an individual key (128 bits). do. For example, the individual key generation unit 23 generates the first 128 bits of the encrypted extended ID (256 bits) as an individual key (individual key for device authentication) used to authenticate the device 10, and the second half 128 bits as the server device 40. This is the individual key used for authentication (individual key for server authentication).

In the above description, an example has been described in which the microcomputer chip 20 performs mutual authentication with the server device 40 using an individual key, but the present invention is not limited to this. The microcomputer chip 20 may perform mutual authentication with the device 10 using an individual key. In this case, the device device 10 is an example of a "server device."
When the microcomputer chip 20 performs mutual authentication with the device 10 using an individual key, the individual key generation unit 23 generates an individual key used for authentication of the device 10, as shown in step S306. The functional unit (for example, the control chip 30) of the device device 10 has the same function as the individual key generating functional unit (at least the individual key generation unit 43 and the master key storage unit 47) included in the server device 40. . Further, in this case, the device apparatus 10 is an example of an "information processing apparatus."

As described above, the microcomputer chip 20 of the first embodiment includes a microcomputer communication section 25, a master key storage section 27, an individual key generation section 23, and a microcomputer processing section 24. The microcomputer communication unit 25 communicates with a server device 40 as a communication destination. The master key storage unit 27 stores a 128-bit numerical value indicating a master key. The individual key generation unit 23 generates an individual key using the master key and a specific ID. The microcomputer processing unit 24 notifies the server device 40 of the ID and the device challenge (random number), and performs communication with the server device 40 using an individual key. Communication using the individual key here includes mutual authentication using the individual key, and encrypted communication using the individual key or a session key shared in the process of mutual authentication.
Thereby, the microcomputer chip 20 of the first embodiment can generate an individual key using the master key and a specific ID, and there is no need to store the individual key in advance. Therefore, it is possible to perform encrypted communication using the individual key without writing individual information (individual key) to the microcomputer chip 20.

When writing common information to the microcomputer chip 20, it is possible to write it in the state of a silicon wafer. On the other hand, when writing individual information, it is necessary to dice the silicon wafer into individual chips and then write each chip. At this time, since the information to be written differs from chip to chip, a step of individually selecting data also occurs. In this way, the writing process at the manufacturing stage is completely different when writing common information to the microcomputer chip 20 and when writing individual information. Therefore, if only common information can be written, the effort and cost required for writing can be greatly reduced compared to the case where only individual information is written.

Furthermore, in the microcomputer chip 20 of the first embodiment, the microcomputer processing unit 24 erases the master key stored in the master key storage unit 27 after the individual key generation unit 23 generates the individual key. As a result, even if the individual key generation program is leaked for some reason, it is possible to prevent the individual key from being duplicated using the ID notified by the microcomputer chip 20 to the server device 40. It is.

Furthermore, in the microcomputer chip 20 of the first embodiment, the microcomputer processing unit 24 may erase the master key stored in the master key storage unit 27 after mutual authentication with the server device 40 is completed. . This allows the master key to be stored until mutual authentication is completed, and even if mutual authentication fails for some reason, it is possible to generate an individual key again and perform authentication again. It is possible to respond.

Further, in the microcomputer chip 20 of the first embodiment, the microcomputer processing unit 24 may erase the master key stored in the master key storage unit 27 in response to an erase command from the server device 40. Thereby, the master key can be deleted in accordance with the timing at which the server device 40 determines to delete the master key stored in the microcomputer chip 20.

Furthermore, in the microcomputer chip 20 of the first embodiment, the microcomputer processing unit 24 may delete the individual key generation program together with the master key or instead of the master key at the timing of erasing the master key. Thereby, even if the information stored in the microcomputer chip 20 is stolen for some reason, it is possible to prevent the algorithm for generating the individual key from being leaked.

Further, the server device 40 of the first embodiment includes a server communication section 45, a master key storage section 47, an individual key generation section 43, and a server processing section 44. The server communication unit 45 receives the ID from the microcomputer chip 20 as the communication destination. Master key storage section 47 stores a master key. The individual key generation unit 43 generates an individual key using the master key and the ID received from the microcomputer chip 20. The server processing unit 44 causes the microcomputer chip 20 to transmit the communication content encrypted using the individual key generated by the individual key generation unit 43. Thereby, the server device 40 of the first embodiment can generate an individual key from the ID notified from the microcomputer chip 20, and there is no need to store the individual key in advance.

Further, in the server device 40 of the first embodiment, the server processing unit 44 erases the information regarding the generation of the individual key stored in the microcomputer chip 20 after the individual key is generated by the individual key generation unit 43. The command is notified to the microcomputer chip 20. This produces effects similar to those described above.

(Second embodiment)
Next, a second embodiment will be described. This embodiment differs from the above-described embodiments in that the data and programs used to generate individual keys (master key, ID, individual key generation program, and ID generation program) are stored in a part of the firmware. do. In this case, the microcomputer chip 20 does not have the authority to rewrite the firmware, so after generating the individual key, it is not possible to erase the data or program used to generate the individual key.

In the following description, configurations in which this embodiment differs from the above-described embodiments will be described with an "A" appended to the end of the reference numerals, such as the communication system 1A and the microcomputer chip 20A. Components that are equivalent to those of the embodiment described above are given the same reference numerals and their descriptions will be omitted. Further, although the microcomputer chip 20A will be explained below as an example, the same applies to the server device 40A.

The microcomputer chip 20A includes a microcomputer control section 21, a microcomputer communication section 25, and a microcomputer storage section 26A.

FIG. 8 is a diagram showing a configuration example of information stored in the microcomputer storage section 26A. Areas E1 to E3 are similar to those in FIG. 4, and therefore their description will be omitted. As shown in FIG. 7, in this embodiment, data D1 to D3 and programs P1 and P2 are stored in the firmware area E3 of the microcomputer storage unit 26A.

After the mutual authentication with the microcomputer chip 20A is completed, the management server having the authority to rewrite the firmware updates the contents of the firmware of the microcomputer chip 20A to one that does not include the program used to generate the individual key. Specifically, the management server transmits the encrypted updated firmware (which does not include the program used to generate the individual key) to the microcomputer chip 20A. The microcomputer chip 20A decrypts the encrypted updated firmware and writes it into the area E3.

As described above, the communication system 1 of the second embodiment includes a management server that has the authority to rewrite the firmware of the microcomputer chip 20A. After the mutual authentication by the microcomputer chip 20A is completed, the management server updates the firmware of the microcomputer chip 20A to one that does not include at least the master key or the individual key generation program. Thereby, in the communication system 1 of the second embodiment, effects similar to those described above are achieved.

(Third embodiment)
Next, a third embodiment will be described. This embodiment differs from the above-described embodiments in that the individual key is updated. In the following description, configurations in which this embodiment differs from the above-described embodiments will be described with "B" added to the end of the reference numerals, such as the communication system 1B and the microcomputer chip 20B. Components that are equivalent to those of the embodiment described above are given the same reference numerals and their descriptions will be omitted. Moreover, although the case where the microcomputer chip 20B updates the individual key will be described below as an example, the same applies to the case where the server device 40B updates the individual key.

The microcomputer chip 20B includes a microcomputer control section 21B, a microcomputer communication section 25, and a microcomputer storage section 26. The microcomputer control section 21B includes an ID generation section 22, an individual key generation section 23B, and a microcomputer processing section 24B.

The microcomputer processing unit 24B determines whether or not to update the individual key. For example, the microcomputer processing unit 24B determines to update the individual key every time the device device 10 communicates with the server device 40B. In this case, the individual key is a key that is used on a one-time basis for each communication. Alternatively, the microcomputer processing unit 24B may determine that the individual key is to be updated when a predetermined period (for example, three months) has elapsed. Further, the microcomputer processing unit 24B may determine to update the individual key when receiving an instruction to update the individual key from the server device 40B or the management server. When determining that the individual key is to be updated, the microcomputer processing unit 24B causes the individual key generation unit 23 to generate an individual key.

The individual key generation unit 23B updates the individual key in response to instructions from the microcomputer processing unit 24B. The individual key generation unit 23B generates an updated individual key (hereinafter referred to as new individual key) using the ID and the individual key before update (hereinafter referred to as old individual key).

FIG. 9 is a sequence diagram showing the flow of processing performed in the communication system 1B. The sequence shown in FIG. 9 shows the flow of processing corresponding to the phase of starting device use when updating the individual key. This phase is performed, for example, after the device usage start phase in the sequence diagram shown in FIG. 5. Further, the processes shown in steps S400, S404, S405, and S408 to S410 in FIG. 9 are the same as steps S104, S107, S108, and S111 to S113 in FIG. 5, and therefore the description thereof will be omitted.

In step S401, the microcomputer chip 20B generates a new individual key derived from the old individual key by causing the individual key generation unit 23B to execute an individual key generation program using the ID as a parameter.
In step S402, the microcomputer chip 20B stores the new individual key generated by the individual key generation unit 23B in the individual key storage unit 29. At this time, the old individual key stored in the individual key storage section 29 is deleted.
In step S403, the microcomputer chip 20B sends a completion notification to the device apparatus 10 indicating that the update of the individual key has been completed.
In step S406, the microcomputer chip 20B notifies the server device 40B of the ID and issues an update request to update the individual key.
In step S407, the server device 40B identifies the old individual key from the ID notified from the microcomputer chip 20B, and generates a new individual key using the ID and the old individual key.

As explained above, in the microcomputer chip 20B of the third embodiment, the individual key generation unit 23B generates a new individual key using the ID, the old individual key, and the ID. Thereby, in the microcomputer chip 20B of the third embodiment, the individual key can be updated, and communication can be maintained more safely.

Note that a program for realizing all or part of the functions of the communication system 1 (1A), the microcomputer chip 20 (20A, 20B), and the server device 40 (40A, 40B) in the present invention may be stored in a computer-readable recording medium. Processing may be performed by recording the program and having the computer system read and execute the program recorded on the recording medium. Note that the "computer system" herein includes hardware such as an OS and peripheral devices.
Furthermore, the term "computer system" includes a WWW system equipped with a home page providing environment (or display environment). Furthermore, the term "computer-readable recording medium" refers to portable media such as flexible disks, magneto-optical disks, ROMs, and CD-ROMs, and storage devices such as hard disks built into computer systems. Furthermore, "computer-readable recording medium" refers to volatile memory (RAM) inside a computer system that serves as a server or client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. This also includes programs that are retained for a certain period of time.

Further, the program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in a transmission medium. Here, the "transmission medium" that transmits the program refers to a medium that has a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Moreover, the above-mentioned program may be for realizing a part of the above-mentioned functions. Furthermore, it may be a so-called difference file (difference program) that can realize the above-described functions in combination with a program already recorded in the computer system.

Although several embodiments of the invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, substitutions, and changes can be made without departing from the gist of the invention. These embodiments and their modifications are included within the scope and gist of the invention as well as within the scope of the invention described in the claims and its equivalents.

1 (1A, 1B)...Communication system, 10...Device device, 20...Microcomputer chip, 21...Microcomputer control section, 22...ID generation section, 23...Individual key generation section, 24...Microcomputer processing section, 25...Microcomputer communication section , 26...Microcomputer storage unit, 27...Master key storage unit, 28...ID storage unit, 29...Individual key storage unit, 30...Control chip, 40...Server device, 41...Server control unit, 43...Individual key generation unit, 44... Server processing section, 45... Server communication section, 46... Server storage section, 47... Master key storage section, 49... Individual key storage section, 50... Manufacturer

Claims (12)

An information processing device that communicates with a server device,
a communication unit that communicates with the server device;
a storage unit that stores a master key;
an individual key generation unit that generates an individual key using the master key and a predetermined ID;
an information processing unit that communicates with the server device using the individual key;
Equipped with
The individual key generation unit generates a first individual key used for authentication of the information processing device by the server device and a second individual key used for authentication of the server device by the information processing device, using the same individual key. Generate based on a combination of a master key and the predetermined ID,
Information processing device. The information processing unit erases the master key stored in the storage unit after the individual key generation unit generates the individual key.
The information processing device according to claim 1. The information processing unit deletes the master key stored in the storage unit after receiving the communication content encrypted using the individual key from the server device.
The information processing device according to claim 2. The information processing unit deletes the master key stored in the storage unit when receiving a command from the server device indicating that information regarding generation of an individual key is deleted.
The information processing device according to any one of claims 1 to 3. The storage unit stores an individual key generation program corresponding to the process executed by the individual key generation unit,
The information processing unit erases the individual key generation program stored in the storage unit after the individual key is generated by the individual key generation unit.
The information processing device according to any one of claims 1 to 4. The information processing unit determines whether to update the individual key,
When the information processing unit determines that the individual key is to be updated, the individual key generation unit generates the individual key after update using the individual key before update and a predetermined ID.
The information processing device according to any one of claims 1 to 4. The individual key generation unit creates an extended ID represented by a 2×N bit number from the predetermined ID represented by an N bit number (N is a natural number), encrypts the extended ID, and x Of the N-bit encrypted extended ID, an N-bit value is used as the first individual key, and the other N-bit value is used as the second individual key;
The information processing device according to claim 1. A server device that communicates with an information processing device,
a server communication unit that receives an ID from the information processing device;
a server storage unit that stores a master key;
a server individual key generation unit that generates an individual key using the master key and an ID received from the information processing device;
a server control unit that notifies the information processing device of communication content encrypted using the individual key generated by the server individual key generation unit;
Equipped with
The server individual key generation unit is configured to generate a first individual key used for authentication of the information processing device by the server device and a second individual key used for authentication of the server device by the information processing device. generated based on the combination of the master key and the received ID;
server equipment. After the individual key is generated by the server individual key generation unit, the server control unit notifies the information processing device of an instruction to delete information related to generation of the individual key stored in the information processing device. ,
The server device according to claim 8. Comprising an information processing device and a server device,
The information processing device includes:
a communication unit that communicates with the server device;
a storage unit that stores a master key;
an individual key generation unit that generates an individual key using the master key and a predetermined ID;
an information processing unit that communicates with the server device using the individual key;
Equipped with
The individual key generation unit generates a first individual key used for authentication of the information processing device by the server device and a second individual key used for authentication of the server device by the information processing device, using the same individual key. Generated based on the combination of the master key and the predetermined ID,
The server device includes:
a server communication unit that receives the predetermined ID from the information processing device;
a server storage unit that stores the master key;
a server individual key generation unit that generates the individual key using the master key and the predetermined ID received from the information processing device;
a server control unit that notifies the information processing device of communication content encrypted using the individual key generated by the server individual key generation unit;
Equipped with
The server individual key generation unit generates the first individual key used for authentication of the information processing device by the server device, and the second individual key used for authentication of the server device by the information processing device, Generate based on a combination of the same master key and the predetermined ID,
Communications system. A communication method for an information processing device including a storage unit that stores a master key, the method comprising:
The communication unit communicates with the communication destination server device,
an individual key generation unit generates an individual key using the master key and a predetermined ID,
an information processing unit communicates with the server device using the individual key;
The individual key generation unit generates a first individual key used for authentication of the information processing device by the server device and a second individual key used for authentication of the server device by the information processing device, using the same individual key. Generate based on a combination of a master key and the predetermined ID,
Communication method. A computer of an information processing device including a storage unit that stores a master key,
a communication means for communicating with a communication destination server device;
individual key generation means for generating an individual key using the master key and a predetermined ID;
information processing means for communicating with the server device using the individual key;
function as
The individual key generation means may generate a first individual key used for authentication of the information processing apparatus by the server apparatus and a second individual key used for authentication of the server apparatus by the information processing apparatus, using the same individual key. Generate based on a combination of a master key and the predetermined ID,
program.

Images