JP6720558B2 - Information processing system and encryption communication method - Google Patents

Description

The present invention relates to an information processing system and a cryptographic communication method for performing cryptographic communication based on a predetermined encryption protocol between two sets of information processing devices, and particularly to cryptographic communication between an IC card and another device. The present invention relates to a cryptographic communication technology suitable for.

In order to ensure the safety of communication between the two sets of information processing devices, it is essential to establish a secure encrypted communication path between them and perform encrypted communication via this encrypted communication path. Particularly, in a portable information processing device such as a smart phone or an IC card, there is a possibility that it may fall into the hands of a malicious person due to loss, so it is necessary to take sufficient security measures.

Recently, mobile terminal devices such as smartphones have become widespread, and these terminal devices are usually equipped with IC cards called SIM cards and UIM cards. At present, as such an IC card, one that complies with international specifications such as Java Card (trademark) and GlobalPlatform (registered trademark) is widely used. Information is exchanged between this IC card and a terminal device, or between this IC card and an external server device via a predetermined communication path. At this time, if the information is confidential, it is necessary to establish a secure communication path and exchange encrypted information.

Under such circumstances, various methods have been proposed for establishing a secure communication path between the IC card and the external device and performing encrypted communication. For example, Patent Document 1 below discloses a technique for preventing leakage of confidential information by performing communication via a proxy device having a data conversion processing function based on a predetermined conversion algorithm. In addition, Patent Document 2 discloses a technique for performing encrypted communication using a public key cryptosystem when exchanging information between an IC card and a server device via the Internet. 3 discloses a technique for promptly performing a system recovery process when an abnormality related to security is detected during such encrypted communication.

On the other hand, in Patent Document 4, an IC card corresponding area corresponding to the IC card on a one-to-one basis is provided on the server device side, and a secure communication path is set between this IC card corresponding area and the user terminal device. There is disclosed a technique for integrating a server device and an IC card with each other.

JP, 2002-055961, A JP, 2002-217895, A JP, 2006-190222, A JP, 2010-073188, A

In order to open a secure cryptographic communication path between two sets of information processing devices, both devices must have a cryptographic communication processing function based on a common encryption protocol. That is, the sending side encrypts and sends out the information to be sent using a predetermined encryption key and a predetermined encryption protocol, and the receiving side uses the same encryption key and encryption as the sending side for the received encrypted information. It will be decrypted using the protocol. For this reason, the two sets of information processing apparatuses have a built-in encryption communication processing function using a specific encryption key and encryption protocol in advance.

Even when the same encryption protocol is adopted, if the setting of the detailed encryption processing rule that defines the detailed procedure of the encrypted communication processing is changed, the specific encrypted communication mode performed between the two also changes. Therefore, in the case of a conventional general information processing system, when a program for performing encrypted communication processing is installed, a specific encryption protocol is specified, and specific encryption processing detailed rules are set, and the encryption protocol is set. At the same time, the work of specifying the cryptographic processing rules is performed. In particular, in the case of an information processing system that performs encrypted communication between an IC card and another device, when a management program (usually a program called SD (Security Domain)) is installed on the IC card side, specific encryption is performed. Protocol specification and specific cryptographic processing rules are set.

However, in recent years, communication partners of information processing apparatuses have been diversified, and there are many cases where one IC card communicates with a plurality of partners according to various situations. For example, in the case of an IC card (SIM card or UIM card) attached to a smartphone, there are many cases where information is exchanged with a plurality of application programs in the smartphone. In this case, on the hardware, it means two-way communication between the IC card and the smartphone, but on the software, the management program on the IC card side (the SD (Security Domain) program described above) and the individual smartphone side. Individual communication with each application program will be performed.

Therefore, in practice, even when performing the encrypted communication using the same encryption protocol, the detailed cryptographic processing rule indicating the detailed procedure of the encrypted communication processing according to the encryption protocol should be provided in accordance with the communication partner. It is preferable to be able to set. For example, when the IC card communicates with a smartphone, it is preferable to set an arbitrary cryptographic processing rule for each application program in the smartphone so that the encrypted communication can be performed.

However, in a conventional general system, particularly in a system that communicates with an IC card, it is difficult to set arbitrary cryptographic processing rules every time cryptographic communication is performed. This is because the currently popular IC cards are designed in accordance with international specifications, and in this specification, the detailed rules for cryptographic processing that define detailed procedures for cryptographic communication processing are programs that perform cryptographic communication processing. This is because it is supposed to be initialized at the time of assembling, and it was not supposed to be set each time when communicating with an external device.

Therefore, the present invention establishes an encrypted communication path based on a predetermined encryption protocol between two sets of information processing devices, and when secure communication is performed between the two, the encrypted communication path is opened each time. An object of the present invention is to provide an information processing system and a cryptographic communication method capable of setting a cryptographic processing detailed rule that defines a detailed processing procedure. In addition, the present invention establishes a cryptographic communication path by a method that complies with international specifications for IC cards, particularly when one of the two sets of information processing apparatuses that communicate with each other is an IC card. Each time, the purpose is to provide a concrete method that enables the setting of cryptographic processing rules.

(1) A first aspect of the present invention is an information processing system that includes a first information processing device and a second information processing device, and is capable of encrypted communication between them based on a predetermined encryption protocol.
The first information processing device includes
Based on a predetermined encryption protocol, in accordance with a predetermined encryption processing detailed rule that defines the detailed procedure of encryption communication processing by the encryption protocol, open an encryption communication path for performing encrypted communication, A first cryptographic communication processing unit that performs cryptographic communication with the second information processing apparatus via the
A first encryption key storage unit that holds a key table that stores encryption keys used in the encryption protocol in a plurality of storage locations,
A plurality of storage zones are set for this key table, and a cryptographic processing rule storage unit that holds a zone table indicating the correspondence between each storage zone and each cryptographic processing rule,
Is provided
The second information processing device includes
A second cipher that has a function of performing cipher communication based on the encryption protocol and that performs cipher communication with the first information processing device via the cipher communication path established by the first cipher communication processing unit. A communication processing unit,
A second encryption key storage unit that stores an encryption key used in the encryption protocol;
An encrypted communication path opening instruction unit for giving an encrypted communication path opening command for instructing the first information processing apparatus to open an encrypted communication path for performing encrypted communication;
To provide
The encryption communication path opening command includes storage location designation information indicating a storage location in the key table for a specific encryption key corresponding to the encryption key stored in the second encryption key storage unit,
The first cryptographic communication processing unit receives the cryptographic communication channel opening command, and designates the cryptographic key stored in the designated storage location designated by the storage location designating information included in the cryptographic communication channel opening command as the designated cryptographic key. As a specified encryption processing rule by referring to the zone table and referring to the zone table and corresponding to the storage zone to which the specified storage location belongs, and using the specified encryption key, follow the specified encryption processing rules. Is executed to open an encrypted communication path for performing encrypted communication.

(2) A second aspect of the present invention is the information processing system according to the above-mentioned first aspect,
In the key table, a plurality of storage locations each specified by a key version number are prepared, and each storage zone is configured by one or a plurality of storage locations.
In the encryption communication path opening command, include a specific key version number as storage location specifying information,
The first cryptographic communication processing unit is configured to perform the reading process of the designated cryptographic key and the recognition process of the designated cryptographic processing rules by using the storage location specified by the key version number as the designated storage location.

(3) A third aspect of the present invention is the information processing system according to the above second aspect,
Each storage zone consists of a storage location or multiple storage locations with consecutive key version numbers, each storage zone being associated with a unique numerical range of key version numbers. is there.

(4) A fourth aspect of the present invention is the information processing system according to the above second or third aspect,
Each storage location in the key table is provided with a plurality of storages specified by the respective key IDs, and separate encryption keys are stored in all or some of the storages.
The first cryptographic communication processing unit opens the cryptographic communication channel using the cryptographic keys stored in the plurality of storages in the storage location specified by the key version number included in the cryptographic communication channel opening command. It was done.

(5) A fifth aspect of the present invention is the information processing system according to the first to fourth aspects,
The cryptographic processing detailed rule indicated by the zone table includes the detailed rule that defines the procedure of the mutual authentication processing between the first information processing apparatus and the second information processing apparatus that should be executed before the cryptographic communication path is opened. It was done like this.

(6) A sixth aspect of the present invention is the information processing system according to the fifth aspect,
It appears that the cryptographic processing rules indicated by the zone table include a rule that determines whether to use a true random number or a pseudo random number as the random number generated by the first information processing device for the mutual authentication process. It is the one.

(7) A seventh aspect of the present invention is the information processing system according to the fifth aspect,
The detailed rules for encryption processing indicated by the zone table include detailed rules for defining the number of encryption keys used for mutual authentication processing and encrypted communication processing.

(8) An eighth aspect of the present invention is the information processing system according to the above fifth aspect,
The cryptographic processing detailed rules indicated by the zone table include detailed rules that specify whether mutual authentication processing is performed explicitly using the authentication command or implicitly without using the authentication command. It was made to exist.

(9) A ninth aspect of the present invention is the information processing system according to the first to fourth aspects,
The cryptographic processing detailed rule indicated by the zone table includes a detailed rule that defines a procedure for transmitting a response from the first information processing apparatus to the second information processing apparatus via the established cryptographic communication path. It is a thing.

(10) A tenth aspect of the present invention is the information processing system according to the ninth aspect described above,
The detailed rules for encryption processing indicated by the zone table include detailed rules that determine whether to encrypt response data.

(11) An eleventh aspect of the present invention is the information processing system according to the ninth aspect described above,
The detailed rules for encryption processing indicated by the zone table include detailed rules that determine whether or not to add a check code to response data.

(12) A twelfth aspect of the present invention is the information processing system according to any of the above-described first to fourth aspects,
The cryptographic processing detailed rule indicated by the zone table includes a detailed rule that defines a procedure for transmitting a command from the second information processing apparatus to the first information processing apparatus via the established cryptographic communication path. It is a thing.

(13) A thirteenth aspect of the present invention is the information processing system according to the twelfth aspect described above,
The detailed rules for encryption processing indicated by the zone table include detailed rules defining matters concerning the addition of the check code to the transmission command.

(14) A fourteenth aspect of the present invention is the information processing system according to the first to thirteenth aspects described above,
The first cryptographic communication processing unit has a function of performing cryptographic communication based on a plurality of N (N≧2) encryption protocols, and is designated by the second information processing device among the N encryption protocols. Open a cryptographic communication path for cryptographic communication based on the specified encryption protocol,
The key table stores an encryption key used for each of a plurality N of encryption protocols,
The second cryptographic communication processing unit has a function of performing cryptographic communication based on at least one specific cryptographic protocol among a plurality of N cryptographic protocols, and performs cryptographic communication based on the specific cryptographic protocol. To perform encrypted communication with the first information processing device via an encrypted communication path established for
The zone table shows the correspondence between individual storage zones and individual cryptographic processing rules, as well as the correspondence between individual storage zones and individual encryption protocols.
The first cryptographic communication processing unit refers to the zone table to recognize the designated cryptographic processing rules, and also recognizes the encryption protocol associated with the storage zone to which the designated storage location belongs as the designated encryption protocol. By performing a procedure in accordance with the designated cryptographic processing detailed rules using a designated encryption key based on a designated encryption protocol, an encrypted communication path for performing encrypted communication is opened.

(15) A fifteenth aspect of the present invention is the information processing system according to the first to fourteenth aspects described above,
The first information processing apparatus is configured by incorporating a management program compliant with GlobalPlatform (registered trademark) specifications in an IC card,
As the zone table, a table in which a specific value of the parameter “i” based on the above specifications is associated with each storage zone is used.

(16) According to a sixteenth aspect of the present invention is one in which the first information processing apparatus in the information processing system according to the first to fifteenth aspect described above have configured.

(17) The seventeenth feature of the present invention is one in which the second information processing apparatus in the information processing system according to the first to fifteenth aspect described above have configured.

(18) The eighteenth aspect of the present invention is one in which the first information processing equipment in the information processing system according to the first to fifteenth aspect described above, was constructed by incorporating the program into a computer.
(19) According to a nineteenth aspect of the present invention, the second information processing apparatus in the above-described information processing system according to the first to fifteenth aspects is configured by incorporating a program into a computer.

( 20 ) A twentieth aspect of the present invention is a cryptographic communication method for performing cryptographic communication based on a predetermined encryption protocol between a first information processing device and a second information processing device,
A program preparation step in which the first information processing apparatus prepares a program for performing encrypted communication based on a predetermined encryption protocol in an executable state;
A first information processing device, which prepares a key table in which a plurality of storage locations respectively store the encryption keys used in the above encryption protocol;
The first information processing device sets a plurality of sets of storage zones including one or a plurality of storage locations on the key table, and prepares a zone table showing a correspondence relationship between each storage zone and each cryptographic processing rule. Zone table preparation stage
The second information processing apparatus gives the first information processing apparatus a cryptographic communication channel establishment command for instructing the establishment of a cryptographic communication channel for performing cryptographic communication;
A first information processing device, based on the received encrypted communication path opening command, an encrypted communication path opening step of opening an encrypted communication path for performing encrypted communication based on the predetermined encryption protocol;
A cryptographic communication stage in which the first information processing apparatus and the second information processing apparatus perform cryptographic communication via the established cryptographic communication path;
To run
The encryption communication path opening command includes storage location designation information indicating a specific storage location in the key table,
At the stage of opening the encrypted communication path, the encryption key stored in the specified storage location specified by the storage location specification information included in the encrypted communication path opening command is read as the specified encryption key, and the specified storage is performed by referring to the zone table. To perform cryptographic communication by recognizing the detailed cryptographic processing rules associated with the storage zone to which the location belongs as the designated detailed cryptographic processing rules and executing the procedure according to the designated detailed cryptographic processing rules using the designated encryption key. The cryptographic communication path is established.

According to the present invention, in the first information processing apparatus, a key table storing encryption keys in a plurality of storage locations, and a zone indicating a correspondence relationship between the storage zones defined on the key table and the cryptographic processing rules. A table and are prepared. Then, when the second information processing apparatus gives the first information processing apparatus an encryption communication path opening command including storage location designating information designating a specific storage location, the first information processing apparatus By using the encryption key stored in the designated storage location and executing the procedure according to the detailed cryptographic processing rules associated with the storage zone to which the designated storage location belongs, the encryption communication path can be opened. .. That is, the second information processing apparatus can specify the specific cryptographic processing rule each time by the storage location specifying information included in the encryption communication path opening command. As described above, according to the present invention, an encryption communication path based on a predetermined encryption protocol is established between two sets of information processing devices, and an encryption communication path is established when performing secure communication between them. Each time, it becomes possible to set a cryptographic processing detailed rule that defines the detailed procedure of the cryptographic communication processing.

In particular, the present invention is suitable when one of the two sets of information processing devices is an IC card, and the storage location designation information indicating the storage location of the encryption key is included in the encryption communication path opening command, and the storage location is specified. Since the method of designating the detailed encryption processing rules is adopted according to the storage zone to which the location belongs, when the encryption communication path opening command is given using the encryption communication path opening command that complies with the international specifications for IC cards. Moreover, it becomes possible to transmit the setting of the specific cryptographic processing rule to the IC card side.

FIG. 3 is a block diagram showing a mode of information communication between a general smartphone 10, a SIM card 11, and an external server 20. 1 shows an example of a program configuration for performing cryptographic communication between the SIM card 11 (first information processing device 100) shown in FIG. 1 and the smartphone 10 or the external server 20 (second information processing device 200). It is a block diagram. It is a figure which shows the specific example of the key table shown in FIG. FIG. 4 is a diagram showing a general data structure of an encryption key Key stored in the key table shown in FIG. 3 and an outline of a data structure of an encryption communication path opening command using the encryption key. A diagram showing a specific example of various commands exchanged between the SIM card 11 (first information processing device 100) and the smartphone 10 (second information processing device 200) shown in FIG. 2 and a response thereto. Is. It is a figure which shows the format example of the specific command given to the IC card based on the specification of GlobalPlatform (trademark). 9A and 9B are a table showing a first example of a cryptographic process detailed rule specifying parameter (parameter "i") and a table showing its specific content. 9 is a table showing a second example of a cryptographic process detailed rule specifying parameter (parameter “i”). It is a table|surface which shows the concrete content of the 2nd example of a cryptographic process detailed designation|designated parameter (parameter "i"). It is a table which shows the 3rd example of a cryptographic process detailed rule specification parameter (parameter "i"). 9 is a table in which specific cryptographic processing rules are defined based on the first example of the cryptographic processing detailed rule specifying parameter (parameter “i”) illustrated in FIG. 7. It is a block diagram showing composition of an information processing system concerning a basic embodiment of the present invention. 13 is a table showing specific examples of a key table Tk and a zone table Tz used in the information processing system shown in FIG. 12. It is a block diagram which shows the structure of the information processing system which concerns on the modification of this invention. 15 is a table showing a specific example of a key table TkA and a zone table TzA used in the information processing system shown in FIG. 14. It is a block diagram which shows the structure of the information processing system which concerns on another modification of this invention. It is a flow chart which shows the basic procedure of the encryption communication method concerning the present invention.

Hereinafter, the present invention will be described based on illustrated embodiments.

<<<<§1. Conventional general communication form for IC card >>>
The present invention relates to a technique for performing encrypted communication between two sets of information processing devices based on a predetermined encryption protocol, and particularly to encrypted communication suitable for performing encrypted communication between an IC card and another device. It is about technology. Therefore, here, first, a conventional general communication mode for an IC card will be briefly described.

FIG. 1 is a block diagram showing an aspect of information communication between a general smartphone 10, a SIM card 11, and an external server 20. Normally, the smartphone 10 is used with the SIM card 11 mounted therein, and communicates with the external server 20 via a predetermined communication path (Internet or telephone line) as necessary. Here, the SIM card 11 (also referred to as UIM card) is an IC card that complies with international specifications that are de facto standards, such as Java Card (trademark) and GlobalPlatform (registered trademark), and is used as an external device. Is communicated in the form of a command given from the external device and a response to the command.

Focusing on the SIM card 11, both the smartphone 10 and the external server 20 are external devices, and communication with these external devices is performed via a predetermined communication path. Although only the communication path between the smartphone 10 and the external server 20 is shown in FIG. 1, in reality, the communication path between the SIM card 11 and the smartphone 10 or between the SIM card 11 and the external server 20 is also shown. A communication path is formed. Then, commands and responses are exchanged with the SIM card 11 via these communication paths.

FIG. 2 is a block diagram showing an example of a program configuration for performing encrypted communication between the SIM card 11 shown in FIG. 1 and the smartphone 10 or the external server 20. INDUSTRIAL APPLICABILITY The present invention is not limited to an IC card, but is a technology that can be widely applied when performing cryptographic communication between two general information processing devices. It is possible. Therefore, FIG. 2 shows an example in which a communication path is established between the first information processing apparatus 100 and the second information processing apparatus 200 to communicate with each other.

However, as described above, the present invention is a technology particularly suitable for performing encrypted communication with an IC card, and here, the first information processing apparatus 100 is the SIM card 11 mounted on the smartphone 10, and The case where the information processing device 200 of No. 2 is the smartphone 10 (or may be the external server 20) will be described below.

IC cards such as the SIM card 11 usually incorporate a plurality of application programs. The first information processing apparatus 100 (SIM card 11) shown in FIG. 2 shows a state in which two sets of general application programs AP1 and AP2 are incorporated. Further, the IC card usually incorporates at least one set of management programs SD (Security Domain programs). The management program SD is a kind of application program in terms of classification, but plays a role of managing the operation of the entire IC card and other application programs under management in cooperation with the OS program. Therefore, in the present application, among the application programs installed in the information processing apparatus 100 (SIM card 11), the Security Domain program is called a “management program”, and the other application programs are “general application programs (abbreviation: general application)”. I will call it.

The management program SD has various functions such as a loading function, an installing function, and a deleting function for the application program under management. The function directly related to the present invention is the encryption communication path opening function. The management program SD shown in FIG. 2 incorporates an encryption communication path opening routine R1 and a key table T1 necessary for the encryption communication path opening function. The key table T1 stores the encryption key used to open the encryption communication path. In the case of the information processing device 100 including an IC card, a secure encrypted communication channel is normally established with the second information processing device 200 based on a predetermined encryption protocol called "SCP: Secure Channel Protocol". Encrypted communication is performed. In order to realize such a function, an encryption communication path opening routine R1 and a key table T1 are incorporated in the management program SD.

On the other hand, the second information processing apparatus 200 is also provided with an application program AP3 having a function of performing encrypted communication according to this, and incorporates an encrypted communication path opening routine R2 and a key table T2. For example, when the second information processing device 200 is the smartphone 10, the application program AP3 is one of the application programs installed in the smartphone 10.

The cryptographic communication path opening routine R1 on the first information processing apparatus 100 side and the cryptographic communication path opening routine R2 on the second information processing apparatus 200 side establish a secure cryptographic communication path between both devices, and are the same. This is a routine for performing encrypted communication based on an encryption protocol, and the same encryption key is stored in the key table T1 and the key table T2. Therefore, in the case of the illustrated example, the same encryption protocol using the same encryption key is used between the first information processing apparatus 100 and the second information processing apparatus 200 by the management program SD and the application program AP3. A cryptographic communication path for performing cryptographic communication based on is established.

As an encryption protocol used for encrypted communication with an IC card, protocols such as SCP01 and SCP02 have long been used. However, the problem of compromise has been pointed out in the encryption algorithm called "Triple-DES" used in these protocols, and in recent years, SCP03 that uses an encryption algorithm based on the standard called AES (Advanced Encryption Standard) has become available. The protocol is also becoming popular as a specification compliant with Global Platform (registered trademark). In addition, the use of protocols such as SCP80 and SCP81, which are established mainly by standardization organizations such as 3GPP/ETSI, has become widespread.

Further, as the key table T for the management program SD incorporated in the IC card, a specification using a key space as illustrated in FIG. 3 is generalized. The illustrated key table T is composed of a matrix that defines a key version number in the vertical direction and a key ID (key ID) in the horizontal direction, and the key version number is in the range of 0x01 to 0x7F. Is allocated, and an address space within the range of 0x00 to 0x7F is allocated to the key ID (0x at the beginning of the address indicates that the following numerical values are hexadecimal numbers).

Each encryption key will be stored in any cell of this key table T, and is specified by the combination of the key version number and the key ID. For example, the encryption key KeyA is specified by the combination of the key version number “0x01” and the key ID “0x01”. As a storage example of each encryption key, the figure shows a state in which KeyA to KeyU are stored in a specific cell. Of course, the encryption key does not have to be stored in all cells, and it is sufficient if the required encryption key is stored in a predetermined cell. In addition, if necessary, a new encryption key can be written in an empty cell later.

In a certain encryption protocol, a certain key version number is specified, and an encryption process or a decryption process is executed using one or a plurality of sets of encryption keys stored in the cell having the key version number. To be done. In the case of the example shown in the figure, a state in which some encryption keys are stored in each row of key version numbers “0x01”, “0x02”, “0x20”, “0x21”, “0x22”, “0x7E”, “0x7F” is shown. Has been done. Further, in the case of the illustrated example, the encryption keys are stored in the cells at the three key IDs “0x01”, “0x02”, and “0x03” for each key version number.

This is because each of the key version numbers corresponds to the encryption protocol (for example, SCP01, SCP02, SCP03 described above) using three different encryption keys. For example, when the key version number “0x20” is specified, the three encryption keys KeyG, KeyH, and KeyI stored in the cells with the key IDs “0x01”, “0x02”, and “0x03” are encrypted or decrypted. It will be used for processing. In other words, one or a plurality of sets of encryption keys having the same key version number will be used for the encryption process or the decryption process based on the specific encryption protocol. Of course, for an encryption protocol that requires a total of 5 encryption keys, the encryption keys are prepared in 5 cells having the same key version number. In short, in the key table T shown in FIG. 3, one set or a plurality of sets of encryption keys accommodated in cells in the same row are always used for the encryption process or the decryption process based on a specific encryption protocol. become.

On the other hand, FIG. 4A is a diagram showing a general data structure of the encryption keys KeyA to KeyU stored in the individual cells of the key table T shown in FIG. The data structure of the encryption key Key shown in the figure shows the standard format of the encryption key Key defined as the international standard specifications for the above-mentioned IC card, and the type information (key type) A, The key length L and the key value data V are arranged side by side. Here, the type information (key type) A is the type of the encryption algorithm adopted by the encryption protocol that is supposed to use the encryption key Key, such as “AES”, “Triple-DES”, and “RSA”. The key length L is information indicating the data length (byte) of the subsequent key value data (key value) V, and the last key value data (key value) V is encrypted. And the key value data itself used for the decryption operation.

As described above, in the key table T shown in FIG. 3, a plurality of sets of encryption keys contained in cells in the same row are used for encryption processing or decryption processing based on a certain encryption protocol. Therefore, the type information A included in the plurality of sets of encryption keys contained in the cells in the same row is always the same information. For example, the three sets of encryption keys “KeyA, KeyB, and KeyC” stored in the first row of the key table T shown in FIG. 3 have the same type information A, and these three sets of encryption keys are , Which is an encryption key used in an encryption protocol that adopts the specific encryption algorithm indicated by the type information A. The same applies to the encryption keys “KeyD, KeyE, KeyF” and “KeyG, KeyH, KeyI”.

FIG. 4B is a diagram showing an outline of the data structure of the encrypted communication path opening command CMD. The actual command will have a more complicated data structure that complies with standards such as ISO (eg, ISO7816-4), but for convenience, only the information necessary for explanation is extracted in Fig. 4(b). I will show the conceptual data structure that I did. The illustrated example shows an encryption communication path opening command used when the above-described encryption protocols SCP01, SCP02, SCP03 are adopted, and is a character string "INITIALIZE UPDATE" for instructing the opening of the encryption communication path. Indicates the command character string information (actually, it is instruction byte information that means the command "INITIALIZE UPDATE", but for the sake of convenience, it will be described as a character string "INITIALIZE UPDATE") and the storage location of a specific encryption key. The storage location designation information (actually, a specific key version number) and a predetermined random number are used.

For example, when an encryption communication path is opened using three pairs of encryption keys “KeyG, KeyH, KeyI” stored in the key table T shown in FIG. 3, the character string “INITIALIZE UPDATE” becomes “0x20”. It is only necessary to give the IC card an encrypted communication path opening command CMD in which the key version number is followed by a predetermined random number. The random number added at the end of the encrypted communication path opening command CMD is used to authenticate that the external device (second information processing device 200) uses the IC card (first information processing device 100) as a regular communication partner. Used for. In other words, the cryptographic communication channel opening command CMD serves as an instruction command for executing the cryptographic communication channel opening processing with respect to the IC card, and an authentication command requesting that an authentication code corresponding to a predetermined random number be returned. Also plays a role as.

FIG. 5 shows a management program SD installed in the SIM card 11 (first information processing device 100) shown in FIG. 2 and an application program AP3 installed in the smartphone 10 (second information processing device 200). It is a diagram which shows the specific example of various commands exchanged between them, and the response to this. As shown in steps S1 to S6, in both cases, a predetermined command is transmitted from the smartphone 10 side to the SIM card 11 side, and a response to the command is returned from the SIM card 11 side to the smartphone 10 side. Information is exchanged. In the case of this example, the exchange of information in steps S1 to S4 is performed via a normal unencrypted communication channel, but the exchange of information in steps S5 and S6 is performed by the encryption program established by the management program SD. It is performed via a communication path.

First, step S1 is a process of transmitting a "SELECT command" from the smartphone 10 side to the SIM card 11 side. This "SELECT command" is a command that should be called an "application selection command", and is a command that specifies a specific channel number and selects a specific application program (management program SD in this case) on the SIM card 11 side. Is. On the SIM card 11 side, when the channel number and the management program SD are associated with each other and a command having the same channel number is subsequently given, the management program SD is processed. When the “SELECT command” is normally accepted, a response is returned from the SIM card 11 side to the smartphone 10 side.

The following step S2 is a process of transmitting a "GET DATA command". The commands after step S2 are given the same channel numbers as in step S1, and are processed by the management program SD on the SIM card 11 side. This "GET DATA command" is a command for reading predetermined data from the SIM card 11 side to the smartphone 10 side based on the "data reading function" of the management program SD, and specifies the data to be read. Information is added. In response to the command, the management program SD reads the specified data from the memory in the SIM card 11 and sends it back to the smartphone 10 as a response to the command.

According to the specifications of GlobalPlatform (registered trademark), when the management program SD executes the "data reading function", the exchange of information via the encrypted communication path is not essential. The process of step S2 in FIG. 5 shows an example in which the data read processing capable of reading information without performing the encrypted communication path is performed before the encrypted communication path is opened. Although this data reading process is not directly related to the present invention, it will be described here as an example of the communication process performed without passing through the encrypted communication path.

Succeeding steps S3 and S4 are processes for preparing to open the encrypted communication path, and are processes directly related to the present invention, as will be described later. First, in step S3, an "INITIALIZE UPDATE command" is transmitted. This command is the "encryption communication path opening command CMD" having the data structure shown in Fig. 4(b), and as mentioned above, the form in which the key version number and random number are added to the command character string information "INITIALIZE UPDATE". With. This command also serves as an authentication command for the smartphone 10 (second information processing device 100) to authenticate the SIM card 11 (first information processing device 100) as a legitimate contact.

In order to perform such authentication, the smartphone 10 side generates a random number Ra for authentication, and transmits the generated random number in the encrypted communication path opening command CMD. Specifically, for example, a command having a format such as “INITIALIZE UPDATE, 0x20, Ra” will be transmitted. Here, “0x20” is the key version number of the key table T shown in FIG. 3, and “Ra” is the generated random number.

On the other hand, the SIM card 11 that has received the encrypted communication path opening command CMD "INITIALIZE UPDATE, 0x20, Ra" receives three sets of encryption codes corresponding to the specified key version number "0x20" from the key table T shown in FIG. The key “KeyG, KeyH, KeyI” is taken out, the cryptographic communication channel setting process (preparation for the encryption process and the decryption process) is performed, and a predetermined algorithm using these cryptographic keys is applied to the given random number Ra. The calculation result Ra′ is obtained (card authentication code). The notation “Ra→Ra′” shown in step S3 of FIG. 5 indicates such an operation. Subsequently, the SIM card 11 generates another random number Rb, and returns the card authentication code Ra′ and the random number Rb to the smartphone 10 side as a response to the encrypted communication path opening command CMD.

On the other hand, the smartphone 10 verifies whether or not the card authentication code Ra′ included in the returned response is a correct operation result based on the random number Ra generated earlier, and if the operation result is correct. First, the SIM card 11 currently in communication is authenticated as an authorized communication partner. Specifically, for the random number Ra, the operation based on the same algorithm is executed by using the same encryption key as the encryption key used for the operation performed on the SIM card 11 side to calculate the operation result Ra′. Then, it is confirmed that the calculated Ra' matches the card authentication code Ra' included in the response. As described above, the random number Ra is used by the smartphone 10 to authenticate the SIM card 11 as a regular communication partner.

In the subsequent step S4, the "EXTERNAL AUTHENTICATE command" is transmitted. This command is an “external authentication command”, and is used by the SIM card 11 (first information processing device 100) to authenticate the smartphone 10 (second information processing device 200 that is an external device) as an authorized communication partner. It is an authentication command. The smartphone 10 executes a calculation based on a predetermined algorithm using a predetermined encryption key on the random number Rb returned in response to step S3, and obtains a calculation result Rb' (host authentication code). The notation “Rb→Rb′” shown in step S4 of FIG. 5 indicates such an operation. Subsequently, the smartphone 10 transmits to the SIM card 11 an "EXTERNAL AUTHENTICATE command" including the host authentication code Rb'.

The SIM card 11 that has received this "EXTERNAL AUTHENTICATE command" verifies whether or not the host authentication code Rb' included in the command is a correct operation result based on the random number Rb generated earlier, and obtains a correct operation result. If so, the smartphone 10 currently in communication is authenticated as an authorized communication partner. Specifically, for the random number Rb generated earlier, an operation based on the same algorithm is executed by using the same encryption key as the encryption key used for the operation performed on the smartphone 10 side, and the operation result Rb ′ Is calculated, and the match between the calculated Rb′ and the host authentication code Rb′ included in the command is confirmed. As described above, the random number Rb is used by the SIM card 11 to authenticate the smartphone 10 as a regular communication partner.

The mutual authentication process in steps S3 and S4 is executed as a process at the preparatory stage for opening the encryption communication path. In order to perform encrypted communication between the SIM card 11 and the smartphone 10, both have the same encryption key and have a function of performing encryption processing and decryption processing based on the same encryption algorithm. It is a prerequisite. On the basis of such a premise, the above mutual authentication processing causes the random numbers generated by each to execute arithmetic processing based on the same cryptographic algorithm using the same cryptographic key, and if the arithmetic results match, the other party is authenticated. It can be said that the process is to authenticate as a legitimate contact.

The specific process of this encryption and decryption is a well-known technique that is generally used, and therefore a detailed description thereof is omitted here. In this way, when the mutual authentication between the SIM card 11 and the smartphone 10 is completed, an encryption communication path is established between them. The commands after step S5 shown below the broken line in the figure will be given through this encrypted communication path. That is, the substantial content portion of the command after step S5 is encrypted based on a predetermined encryption protocol and transmitted as a command protected by "SCP: Secure Channel Protocol".

Note that, in steps S5 and S6 of FIG. 5, an example in which the command given from the smartphone 10 to the SIM card 11 is transmitted via the encrypted communication path shown as a solid-line cylinder is shown. Regarding the response returned from the smartphone 11 to the smartphone 10, an example is shown in which the response is returned via the communication path shown as a broken-line cylinder. This is because the response data can be set to be encrypted and returned, or can be returned as plain text without being encrypted, as a detailed encryption processing rule. If the cryptographic processing rules for encrypting the response are set, the response data will also be returned via the cryptographic communication path, but the cryptographic processing rules for not encrypting the response are set. In this case, the response data will be returned in plain text via an ordinary communication path.

<<<<§2. How to set detailed rules for cryptographic processing in conventional IC cards >>>
In the case of the example shown in FIG. 2, the encrypted communication path opening routine R1 executed by the management program SD incorporated in the first information processing apparatus 100 (SIM card 11) and the second information processing apparatus 200 (for example, the smartphone 10). By cooperating with the encryption communication path opening routine R2 executed by the application AP3 incorporated in (1), encryption communication based on a predetermined encryption protocol is performed between the two. As the encryption protocol, various formats such as SCP01, SCP02, SCP03, SCP80, and SCP81 are currently defined, but both parties performing encrypted communication perform encryption processing and decryption based on the same encryption protocol. It needs to be processed.

Therefore, in the case of an IC card that conforms to the GlobalPlatform (registered trademark) specifications, when the management program SD is installed, a method of designating an encryption protocol supported by the management program SD is adopted. For example, in the case of the example shown in FIG. 2, when the management program SD is installed in the SIM card 11, by designating a specific encryption protocol, it has an encryption processing function according to the specified specific encryption protocol. The routine R1 will be incorporated. As the protocol to be specified at the time of installation, the protocol adopted by the routine R2 incorporated in the application AP3 of the smartphone 10 which is the communication partner may be selected.

However, even when the same encryption protocol is adopted, if the setting of the detailed cryptographic processing rule that defines the detailed procedure of the cryptographic communication processing is changed, the specific cryptographic communication mode performed between the two also changes. For example, as described in the example of the encrypted communication shown in steps S5 and S6 of FIG. 5, when the response is returned from the SIM card 11 to the smartphone 10, detailed procedures such as whether or not the response data is encrypted are described. , It is a matter set by the detailed rules of cryptographic processing. Similarly, a detailed procedure of whether the random number Rb generated in step S3 of FIG. 5 is a true random number or a pseudo random number is also a matter set by the cryptographic processing rule. In addition, the detailed procedure of encryption communication processing for each encryption protocol, such as whether to add a check code to response data, how to add a check code to a transmission command, and the number of encryption keys used for encryption processing. The detailed cryptographic processing rules that set the above are set.

In short, the encryption protocol is a rule that defines a rough procedure of cryptographic communication processing, whereas the "detailed rules of cryptographic processing" here is a rule that defines a detailed procedure that falls within the same encryption protocol. It turns out that. In the case of an IC card that conforms to the GlobalPlatform (registered trademark) specifications, a method of making detailed designations when installing the management program SD is also adopted for this cryptographic processing detailed rule. Specifically, some bit rules for encryption are set by the individual bit flags of the 1-byte data called the parameter “i”. The specific content of this parameter "i" will be described later in detail.

After all, in the case of an IC card that conforms to the GlobalPlatform (registered trademark) specifications, a specific encryption protocol is specified and a specific encryption protocol is specified when the management program SD that carries out encrypted communication processing with an external device is installed. You will be working to specify specific cryptographic rules for cryptographic protocols. Then, the installed management program SD opens an encrypted communication path for performing encrypted communication according to the specified specific cryptographic processing rule based on the specified specified encryption protocol, and the established encrypted communication path. The encrypted communication is performed with the external device via the. Therefore, here, for convenience, the installation procedure of the management program SD in the conventional IC card will be briefly described with reference to related commands.

FIG. 6 is a diagram showing a format example of a specific command given to an IC card conforming to the GlobalPlatform (registered trademark) specifications. Although various other commands are used as IC card commands, only some commands relevant to the present invention are shown in FIGS. 6(a) to 6(e). .. Hereinafter, the format of each of these commands and the processing contents executed on the IC card side according to the command will be briefly described. The data structure of each command format shown in FIG. 6 is a conceptual data structure in which only a part of information is extracted, and does not show the actual data structure itself.

(a) Application Selection Command First, the “application selection command” shown in FIG. 6(a) will be described. This command is the command described in step S1 of the diagram of FIG. 5, and is a command for designating a specific channel number and selecting a specific application program on the IC card (first information processing device 100) side. .. As shown in the figure, the instruction has a data structure of “SELECT (#n)+application name”, specifies the channel number #n, and selects an application program specified by the “application name”.

The channel number #n is used when the external device (second information processing device 200) gives a command to the IC card to identify which application program the command is directed to. Since a plurality of application programs are stored in the IC card, it is necessary to add the channel number #n to each command given from the external device so that the command can be identified. The "application selection command" plays a role of making an initial setting for associating a specific channel number #n with a specific application program.

For example, when the application selection command “SELECT (#3)+SD” is given to the IC card, the management program SD is associated with the channel number #3. Specifically, the OS program in the IC card that has received the command records that the management program SD is associated with the channel number #3. After that, all the commands with the channel number #3 are treated as commands addressed to the management program SD, and are executed by the management program SD.

(b) Application Load Command Next, the “application load command” shown in FIG. 6B will be described. This command is a command executed as the first step when incorporating a new application program. Actually, as shown, it is composed of two commands.

The load command in the first stage has a data structure of "INSTALL for load (#n) + package name", and specifies the channel number #n to load the package specified by "package name". It becomes a command that conveys instructions. The load command of the second stage has a data structure of "LOAD (#n) + binary data", specifies the channel number #n, and instructs to store the subsequent binary data package in the memory as it is. Will be a command to convey.

Here, the "application load command" will be described by taking the procedure of incorporating the management program SD as a new application program as an example. This new application program incorporation process is executed by the management program ISD already incorporated in the IC card. Therefore, the work of newly incorporating the “management program SD” is executed by another “management program ISD” that has already been incorporated. It is possible to embed multiple sets of "management programs" in a hierarchical structure to each other in the IC card, and to newly install the "lower management program" under the already installed "upper management program". Is possible. Here, the highest-level management program is called ISD (Issuer Security Domain), and is already installed at the time of factory shipment of the IC card.

Hereinafter, for convenience, in the state where the upper management program ISD is already associated with the channel number #3 by the application selection command “SELECT (#3)+ISD” illustrated in FIG. The case where a work for newly incorporating the lower management program SD is performed will be described as an example. In this case, a command such as "INSTALL for load (#3) + PackSD" is given as the first stage load command shown in Fig. 6(b), and a second stage load command is "LOAD (#3) + You will give a command like "binary data".

Since the application load command consisting of the above two steps is a command to which the channel number “#3” is added, it is processed by the higher-level management program ISD associated with “#3”. The upper-level management program ISD stores the "binary data" part included in the load command of the second stage as it is in a predetermined location in the memory, and confirms whether the "binary data" is the package name "PackSD" I do. Here, the substance of the “binary data” is the program data for the newly incorporated lower management program SD.

As described above, the “application load command” is a command for storing a package of a specific application program in the memory of the IC card, and in the above example, by executing the command, the lower management program to be newly incorporated. The binary data of SD will be stored in the memory in the IC card.

(c) Application Program Installation Command Next, the “application program installation command” shown in FIG. 6C will be described. This command is a command executed as a step of the second stage when incorporating a new application program under the control of a specific management program. Therefore, the installation of the application program mentioned here is a process of expanding the package of the application program stored in the memory by loading the application as an application instance in the memory and making it executable by the CPU. Is. In other words, the installation of the application program is a process of expanding the already loaded package on the memory and generating an application instance.

As shown in the figure, the installation command of this application program has a data structure of "INSTALL for install (#n) + package name + application name + parameter". It is a command that transmits an instruction to expand the specified package, generate an application instance, and give the application instance a name specified by the “app name”. In the installation command that conforms to the GlobalPlatform (registered trademark) specifications, the data "class name" is placed after the "package name", and the application instance specified by the "class name" is generated. However, in the present application, description of the “class name” is omitted for convenience.

In the case of the above example, by executing the “application load command” shown in FIG. 6(b), the binary data of the lower management program SD to be newly incorporated is already stored in the memory in the IC card with the package name “PackSD”. Therefore, as the “install command” shown in FIG. 6C, a command such as “INSTALL for install (#3)+PackSD+SD+parameter” may be given. Since the channel number “#3” is also assigned to this command, the command is processed by the higher-level management program ISD associated with “#3”.

That is, the higher-level management program ISD executes an installation process of creating an application instance by expanding an application program package already loaded under the package name “PackSD” on the memory. The newly-installed lower-level management program is given the designated application name "SD", and is placed under the control of the higher-level management program ISD in the hierarchical structure.

As shown in FIG. 6C, a parameter is added to the end of the installation command of the application program. As shown in the figure, this parameter includes an “encryption protocol designation parameter” and a “cryptographic processing detailed rule designation parameter”. Actually, some other individual parameters are also included, but they are not directly related to the present invention, and thus the description thereof is omitted here.

Here, the encryption protocol designation parameter is a parameter that designates the encryption protocol adopted by the encryption communication path opening function of the newly incorporated management program SD, and an example in which "SCP03" is designated is shown in the figure. ing. On the other hand, the cryptographic process detailed rule specifying parameter is a parameter generally called a parameter "i", and the figure shows an example in which the detailed rule "use pseudo random number/do not encrypt response/add check code" is specified. Has been done.

As described above, the install command shown in FIG. 6(c) is executed by the upper management program ISD. The higher-level management program ISD executes an installation process for creating an application instance functioning as the lower-level management program SD according to the command. At this time, the lower-level management program SD after the installation specifies the above parameters. The setting is made so that it operates in a mode according to. Therefore, in the case of the above example, the lower-level management program SD after installation is based on the specified encryption protocol “SCP03” and the specified detailed encryption processing rule “use pseudo random number/do not encrypt response/add check code” The encrypted communication is followed.

As described above, in the installation command of the application program for the management program SD, an encryption protocol to be used by the management program SD in the future and a detailed procedure of encrypted communication processing by the protocol are defined in the parameter part. The installed management program SD includes the information specifying the detailed cryptographic processing rules, and when an external device gives an encrypted communication path opening command, the installed management program SD follows the encryption protocol and the detailed cryptographic processing rules specified at the time of installation. A cryptographic communication path will be opened.

(d) Cryptographic Communication Path Opening Command Next, the "cryptographic communication path opening command" shown in FIG. 6(d) will be described. As described above, this command is a command for instructing the IC card to open the encryption communication path. That is, this encrypted communication path opening command has a data structure of "INITIALIZE UPDATE (#n)+parameter" as shown in FIG. 6(d), and corresponds to the management program SD specified by the channel number #n. , Is a command that gives an instruction to open an encrypted communication path and requests a response that the external device uses to authenticate the IC card as a regular communication partner.

A key version number and a random number are added as parameters to this encryption communication path opening command. As described above, the management program SD that has received the command extracts the encryption key specified by the key version number added to the command from the key table T shown in FIG. 3, and extracts the encryption key and the predetermined encryption. A protocol is used to open a cryptographic communication path with an external device, and a random number Ra added to the command is calculated according to a predetermined algorithm. Reply as a response to. Such processing has already been described in step S3 of the diagram of FIG.

(e) External Authentication Command Next, the “external authentication command” shown in FIG. 6(e) will be described. This command is a command for the management program SD specified by the channel number #n to authenticate the external device that is currently communicating as a regular communication partner, and as shown in the figure, "EXTERNAL AUTHENTICATE (#n)" + Host authentication code". On the IC card side receiving the command, the management program SD specified by the channel number #n authenticates the host authentication code added to the command, and if it is legitimate, the external device is made a regular communication partner. To judge.

Specifically, the authentication process already described in step S4 of the diagram of FIG. 5 is performed. That is, the host authentication code added to this command is the calculation result Rb′ obtained by the calculation process of Rb→Rb′ in the smartphone 10 (external device) in FIG. 5, and the management program SD is also the same as Rb→Rb→ By performing a calculation process of Rb′ and confirming that the obtained calculation result matches the host authentication code Rb′, the smartphone 10 (external device) is authenticated as a regular communication partner.

In this way, when the mutual authentication processing in steps S3 and S4 in the diagram of FIG. 5 is completed, the encrypted communication path is opened and the encrypted communication in steps S5 and S6 is executed. In the case of the above example, as described above, based on the encryption protocol "SCP03" specified at the time of installation, the encryption according to the encryption processing detailed rule "Use pseudo random number/No response encryption/Check code addition" specified at installation Communication is performed.

<<<< §3. Examples of cryptographic processing detailed specification parameters >>>
A parameter is added to the end of the “application program installation command” shown in FIG. 6C, and this parameter includes the “encryption protocol specification parameter” and the “encryption processing detailed specification parameter”. What has already been done is as described in §2. Here, the “encryption processing detailed specification parameter” is a 1-byte numerical value generally called the parameter “i”, and indicates the encryption communication processing of the specific encryption protocol specified by the “encryption protocol specification parameter”. It defines detailed rules that define detailed procedures. Here, some actual examples of currently used cryptographic process detailed rule specifying parameters (parameter “i”) will be illustrated.

(a) Parameter "i" for encryption protocol SCP03
FIG. 7(a) is a table showing an example of the detailed cryptographic processing rules defined by the parameter “i” for the encryption protocol SCP03, and FIG. 7(b) is a table showing the specific contents of each cryptographic processing detailed rule. Is. As described above, the parameter “i” is data consisting of a 1-byte value, and b1 to b8 in FIG. 7A indicate each bit (b1 is LSB, b8 is MSB) of the parameter “i”. There is.

Item (1) in the table of FIG. 7A indicates that the bits b1 to b4 (bits marked with X) of the parameter “i” are RFU (Reserved for Future Use). Therefore, at present, it is decided to set the bit value to "0". In the table of FIG. 7(a), the bit with "-" written in the line of each item indicates that the bit is irrelevant to the item.

Items (2) and (3) indicate that bit b5 (0 or 1 bit in the figure) of parameter “i” uses a true random number as a random number generated by the IC card at the time of mutual authentication, or uses a pseudo random number. It is a bit indicating whether or not. When the bit value of the bit b5 of the parameter “i” is “0”, the IC card generates a random number Rb using a true random number in step 3 of FIG. 5, and the bit value of the bit b5 of the parameter “i” is “1”. In this case, the IC card will generate a random number Rb using a pseudo random number in step S3 of FIG. The specific generation method of the pseudo-random number is defined in GlobalPlatform (registered trademark), and thus its description is omitted here.

Items (4) to (6) are data in which bits b6 and b7 (one of 00, 01, and 11 in the figure) of the parameter "i" define the processing rules regarding the response data to be returned after the encrypted communication path is opened. It shows that there is. Specifically, the bit b7 of the parameter “i” defines whether or not the response data in steps S5 and S6 of FIG. 5 is encrypted, and the IC card sets the bit value of the bit b7 to “0”. If the bit value of the bit b7 is "1", the reply is made without encryption. On the other hand, the bit b6 of the parameter "i" determines whether or not a check code is added to the response data in steps S5 and S6 of FIG. 5, and the IC card determines that the bit value of the bit b6 is "0". Replies without adding a check code, and when the bit value of bit b6 is "1", it replies with a check code.

Item (7) indicates that the bit b8 (the X-marked bit) of the parameter “i” is a reserved bit. This bit b8 cannot be used for designating the detailed cryptographic processing rule. Hereinafter, the description will be given assuming that the bit value of the bit b8 is fixed to "0".

The details of the cryptographic processing detailed rules shown in the items (1) to (7) of FIG. 7A described above are summarized in the table of FIG. 7B. When "SCP03" is specified by the encryption protocol specification parameter in the install command shown in FIG. 6C, the value of the encryption process detailed rule specification parameter (parameter "i") is the encryption process detailed rule shown in each item of FIG. Function as a parameter that determines The parameter “i” is always set in correspondence with a specific encryption protocol, and is written as, for example, “SCP03 i=10h”. Here, h at the end indicates that the value “10” is a hexadecimal number (the same applies hereinafter). "10h" corresponds to the bit string "00010000" (the value of bit b5 is "1"). Therefore, “SCP03 i=10h” corresponds to the item (3) in FIG. 7A, and is a cryptographic process detailed rule designation parameter indicating that a pseudo random number is used for the random number generated by the IC card.

(b) Parameter "i" for encryption protocol SCP02
FIG. 8 is a table showing an example of the detailed cryptographic processing rules defined by the parameter “i” for the encryption protocol SCP02, and FIG. 9 is a table showing the specific contents of the respective detailed cryptographic processing rules. Also in the table of FIG. 8, the parameter “i” is data consisting of a 1-byte value, and b1 to b8 indicate each bit (b1 is LSB, b8 is MSB) of this parameter “i”. Again, the bit with "-" written in the line of each item indicates that the bit is irrelevant to the item.

Items (1) and (2) in the table of FIG. 8 indicate that the bit b1 (0 or 1 bit in the figure) of the parameter “i” indicates that the number of encryption keys used for the mutual authentication process and the encrypted communication process is It is defined that the bit is one set or three sets. In the case of the key table T shown in FIG. 3, in one row designated by each key version number, each encryption key is stored in three cells designated by the key IDs “0x01”, “0x02”, and “0x03”. By specifying one key version number, three sets of encryption keys can be specified. When the bit value of the bit b1 of the parameter "i" is "1", these three sets of encryption keys are used for the mutual authentication process and the encrypted communication process (item (1)). On the other hand, when the bit value of the bit b1 of the parameter “i” is “0”, a pair of encryption keys (for example, only the encryption key stored in the cell with the key ID “0x01”) is subjected to the mutual authentication process and the encrypted communication process. Used for.

Items (3) and (4) indicate that the bit b2 (0 or 1 bit in the figure) of the parameter “i” does not modify the transmission command when the external device transmits the command to the IC card. It is specified that the bit is used as the material for the check code operation or as the material for the check code operation after the transmission command is modified. The external device will perform a process of adding a check code when a command is transmitted via the encrypted communication path. However, if the bit value of the bit b2 of the parameter “i” is “1”, the check code is not corrected. When the bit value of the bit b2 of the parameter "i" is "0" as the material for the calculation, the data is corrected and used as the material for the check code calculation.

Specifically, as illustrated in FIG. 6, each command includes a channel number #n, and when the check code is created, this channel number is also a material for calculation, but the bit b2 is When the bit number is "1", the channel number is not modified and the calculation is performed as it is. When the bit b2 is "0", the channel number is modified to "#0" only when the check code is calculated. Will be done. Since the details are defined in GlobalPlatform (registered trademark), the description is omitted here.

Note that the detailed cryptographic processing rules defined by these items (3) and (4) are the processing executed by the external device side (check code calculation processing of the transmission command), not by the IC card side. Since the calculation process of (1) also affects the calculation process of the process (check code confirmation process of the received command) executed on the IC card side, it is necessary to also notify the IC card side of the above correction. Bit b2 of parameter "i" will play a role in this transfer.

Items (5) and (6) specify that the bit b3 (0 or 1 bit in the figure) of the parameter “i” indicates the mutual authentication process performed at the preparation stage for establishing the encrypted communication path by using a command. It is defined as a bit that indicates whether the bit is to be executed in step 1 or implicitly without using a command. When the bit value of the bit b3 of the parameter “i” is “1”, the mutual authentication process is explicitly performed using the command, and when the bit value of the bit b3 of the parameter “i” is “0”, the command is executed. Mutual authentication processing is implicitly performed without using.

Specifically, when the bit value of the bit b3 of the parameter "i" is "1", the mutual authentication process includes "INITIALIZE UPDATE command" and "EXTERNAL AUTHENTICATE command" as shown in steps S3 and S4 of FIG. Will be implemented explicitly. On the other hand, when the bit value of the bit b3 of the parameter "i" is "0", the mutual authentication process is performed by an implicit method instead of the format using the explicit command. Since the details of the mutual authentication processing procedure by this implicit method are defined in GlobalPlatform (registered trademark), description thereof is omitted here.

Items (7) and (8) indicate which value the bit b4 (0 or 1 bit in the figure) of the parameter “i” is used as the ICV (Initial Chaining Vector) of the check code generated first. It is defined as a bit to indicate. When the bit value of the bit b4 of the parameter “i” is “1”, the result of the cryptographic operation using the application name of the target application that transmits and receives the command is used as ICV, and the bit value of the bit b4 of the parameter “i” is used. When is 0, 8-byte “00h” is used as the ICV. The details of the role of ICV and the generation procedure are defined in GlobalPlatform (registered trademark), and thus the description thereof is omitted here.

The items (9) and (10) define that the bit b5 (bit 0 or 1 in the figure) of the parameter "i" is a bit indicating whether or not the ICV is encrypted. When the bit value of the bit b5 of the parameter "i" is "1", the ICV is encrypted and transmitted, and when the bit value of the bit b5 of the parameter "i" is "0", the ICV is plaintext without encryption. It will be sent as is.

Items (11) and (12) define that the bit b6 (0 or 1 bit in the figure) of the parameter "i" is a bit indicating whether to add a check code to the response data. .. When the bit value of the bit b6 of the parameter "i" is "1", the response data is returned with the check code added, and when the bit value of the bit b6 of the parameter "i" is "0", the response data is returned. Is returned without a check code.

Items (13) and (14) indicate that bit b7 (0 or 1 bit in the figure) of the parameter “i” uses a true random number as the random number generated by the IC card at the time of mutual authentication, or uses a pseudo random number. It is a bit indicating whether or not. When the bit value of the bit b7 of the parameter "i" is "0", the IC card generates a random number Rb using a true random number in step 3 of FIG. 5, and the bit value of the bit b7 of the parameter "i" is "1". In this case, the IC card will generate a random number Rb using a pseudo random number in step S3 of FIG. As described above, the specific generation method of the pseudo random numbers is defined in GlobalPlatform (registered trademark), and therefore the description thereof is omitted here.

Item (15) indicates that the bit b8 (the X-marked bit) of the parameter “i” is a reserved bit. This bit b8 cannot be used for designating the detailed cryptographic processing rule. Hereinafter, the description will be given assuming that the bit value of the bit b8 is fixed to "0".

The contents of the detailed cryptographic processing rules shown in the items (1) to (15) of FIG. 8 described above are summarized in the table of FIG. In the install command shown in FIG. 6C, when "SCP02" is specified by the encryption protocol specification parameter, the value of the encryption process detailed rule specification parameter (parameter "i") is the encryption process detailed rule shown in each item of FIG. Function as a parameter that determines

(c) Parameter "i" for other encryption protocols
Although the content of the detailed cryptographic processing rule by the parameter “i” for the encryption protocols SCP03 and SCP02 has been illustrated above, the content of the detailed cryptographic processing rule specified by the parameter “i” is different for each encryption protocol. ..

For example, FIG. 10 is a table showing an example of the detailed cryptographic processing rules defined by the parameter “i” for the cryptographic protocol SCP81. The content thereof is the same as the content of the cryptographic protocols SCP03 and SCP02 described so far. The nature is quite different. That is, in the example shown in FIG. 10, the parameter “i” is used to specify the TLS (Transport Layer Security) protocol used for communication.

Specifically, items (1) to (3) in the table of FIG. 10 indicate which version of the TLS used for the encrypted communication based on the encryption protocol SCP81 is used for the bits b1 to b3 of the parameter “i”. It defines that it is a bit. Here again, the bit with "-" written in the line of each item indicates that the bit is irrelevant to the item. However, only one of the bits b1 to b3 is set to take the value "1". When the bit b1 is "1", "TLS v1.0" is used and the bit b2 is "1". It indicates that "TLS v1.1" is used in the case of "1" and "TLS v1.2" is used in the case of bit b3 being "1".

Item (4) indicates that bits b4 to b7 (bits marked with X) of the parameter "i" are RFU (Reserved for Future Use), and at present, In both cases, it is decided to set the bit value to "0". On the other hand, the item (5) indicates that the bit b8 (the X-marked bit) of the parameter “i” is a reserved bit. This bit b8 cannot be used for designating the detailed cryptographic processing rule.

Note that there is an encryption protocol that does not adopt the method for specifying the detailed encryption processing rule by the parameter "i". For example, for the encryption protocol SCP80, since the parameter "i" does not exist, "00h" is contained as "ALL RFU (set to 0)" in the data area containing the parameter "i" for convenience. ..

<<<<§4. Basic concept of the present invention >>>
As described in §2, in the conventional general IC card, a specific encryption protocol is specified and a specific encryption protocol is specified when installing the management program SD that handles the encrypted communication processing with an external device. The task will be to specify the specific cryptographic rules for the encrypted protocol. Therefore, when the installation of the management program SD is completed, the encryption protocol used when the management program SD opens the encrypted communication path and the encryption procedure defining the detailed procedure of the communication process using the encrypted protocol are defined. The processing rules are fixed.

When the installation of the management program SD is completed in this way, it is difficult to specify an arbitrary cryptographic processing rule each time the management program SD subsequently executes the encryption communication path opening processing. As shown in FIG. 6(d), this is a specification that includes a key version number and a random number in the parameters added to the GlobalPlatform (registered trademark) compliant encrypted communication path opening command "INITIALIZE UPDATE". However, this is because the specification does not include the information such as the parameter “i” that specifies the detailed cryptographic processing rule. In other words, as long as the cryptographic communication channel opening command "INITIALIZE UPDATE" conforming to the above specifications is used, it is not possible to add a parameter that directly specifies the cryptographic processing rules to the cryptographic communication channel opening command.

On the other hand, practically, it is desirable to be able to specify the detailed cryptographic processing rules each time when the cryptographic communication channel opening command "INITIALIZE UPDATE" is given to the IC card to open the cryptographic communication channel. It is rare. This is because, when the IC card communicates with an external device such as a smartphone, it is preferable that an arbitrary cryptographic processing rule can be set and encrypted communication can be performed each time according to each application program in the external device. Is.

For example, in the case of an application for online banking, since it is necessary to attach importance to security, it is necessary to use a true random number for mutual authentication processing, encrypt response data and receive it, and add a check code to the response data. Would be desired. On the other hand, in the case of a game application that plays in a time consuming manner, security is not important, but simpler processing is preferable, so pseudo-random numbers are used for mutual authentication processing, response data is not encrypted, and check code Operation without receiving would be desired.

With the diversification of application programs incorporated in such external devices, the present invention provides a specific method that enables setting of a cryptographic processing rule suitable for the occasion each time a cryptographic communication path is opened. It is intended for that.

As described in §2, in the conventional general IC card, the encryption command detailed rule specifying parameter (parameter "i") is added to the install command "INSTALL for install" to specify the cryptographic process detailed rules at the time of installation. Was taken. Then, in §3, some examples of the cryptographic processing rules specified by the parameter "i" are shown. Therefore, if the value of this parameter "i" can be transmitted to the IC card by using the encrypted communication path opening command "INITIALIZE UPDATE" by any method, an arbitrary encryption process is performed every time the encrypted communication path is opened. It becomes possible to set detailed rules.

As described above, the parameter “i” is composed of 1-byte, that is, 8-bit data. However, since it is not specified in the GlobalPlatform (registered trademark) specifications, even if the data is only 1 byte for an IC card that complies with the specifications, it will be used as a parameter in the encrypted communication path opening command "INITIALIZE UPDATE". It cannot be added and transmitted. According to the specifications, the only parameters that can be added to the encrypted communication path opening command "INITIALIZE UPDATE" are "key version number" and "random number".

Therefore, the inventor of the present application decided to seek various methods based on the idea that the information of the parameter “i” could be transmitted to the IC card by using the “key version number”. However, as shown in the key table T of FIG. 3, the “key version number” is data indicating an address space within the range of “0x01 to 0x7F”, and it is sufficient to be configured by 1-byte data. .. Therefore, it is not possible to incorporate 1-byte parameter "i" information into this "key version number".

However, although the parameter "i" is information having 1 byte, that is, 256 kinds of values from 0 to 255, some of the bits are reserved bits and are not actually used, Further, it is not always necessary to arbitrarily set all the cryptographic processing rules when the cryptographic communication path is opened. Therefore, the amount of information of the detailed cryptographic processing transmitted to the IC card side does not need to be 1 byte.

For example, the table shown in FIG. 11 is a table in which specific cryptographic processing rules are defined by using the cryptographic processing detailed rule specifying parameter (parameter “i”) for SCP03 shown in FIG. 7. In the "Value of "i"" column of this table, there are four examples of the value of the parameter "i": "32", "48", "96", "112" (each is displayed in decimal). It is shown. In addition, the configuration of each bit b1 to b8 (encryption processing detailed rule designating parameter) corresponding to these four values is shown in the “each bit of parameter “i”” column, In the column of “”, the detailed cryptographic processing rules designated corresponding to these four values are shown. It can be easily understood that such a result can be obtained by comparing the value of each bit with the tables of FIGS. 7(a) and 7(b).

Specifically, for example, when the value of “i” is “32”, the encryption processing detailed rule is that “a true random number is used as a random number used for mutual authentication processing, response data is not encrypted but a check code is added”. Will show the contents of. In fact, if each time the cryptographic communication channel is opened, it is possible to select and set any one of the four types of cryptographic processing detailed rules illustrated in FIG. 11, it is possible to operate with a high degree of freedom in practical use. become. Moreover, the information indicating that any one of the contents of the four types of cryptographic processing rules can be selected can be represented by at most 2 bits.

The inventor of the present application further indirectly sets the information by using the “key version number” by setting a storage zone for the “key version number” if the information is about several bits. I got the idea that it could be transmitted to the card. The “key version number” in the key table T shown in FIG. 3 is data indicating an address space within the range of “0x01 to 0x7F”. For example, in the address space of the “key version number” on the key table T , The range of "0x01-0x1F" is defined as storage zone Z1, the range of "0x20-0x3F" is defined as storage zone Z2, the range of "0x40-0x5F" is defined as storage zone Z3, and the range of "0x60-0x7F" is defined as storage zone Z4. To do.

On the other hand, the contents of the four types of detailed encryption processing rules shown in FIG. 11 are associated with each of the storage zones Z1 to Z4. Specifically, for example, the value "32" of "i" is associated with the storage zone Z1, the value "48" of "i" is associated with the storage zone Z2, and the value "96" of "i" is associated with the storage zone. The value "112" of "i" may be associated with the storage zone Z4 in association with Z3. By doing so, when sending the encryption communication path opening command "INITIALIZE UPDATE" from the external device to the IC card, one of the four rules of encryption processing will be specified by the "key version number" added as a parameter. It becomes possible to indirectly transmit information to the effect that the selection is made to the IC card.

Specifically, for example, if a key version number of "0x20" is added to the encrypted communication path opening command "INITIALIZE UPDATE" and transmitted, the IC card that receives this is designated from the key table T shown in FIG. The encryption key KeyG, KeyH, and KeyI corresponding to the generated key version number "0x20" is read out to perform the encryption communication path opening process. At this time, the key version number "0x20" belongs to the storage zone Z2. Therefore, it is possible to recognize that the value "48" of "i" associated with the zone Z2 is designated. Therefore, the IC card performs the cryptographic communication process in accordance with the cryptographic process detailed rule that "the pseudo random number is used as the random number used for the mutual authentication process and the response data is not encrypted but the check code is added".

Of course, the application program on the external device side wants cryptographic communication processing in accordance with the cryptographic processing rule that "a true random number is used as a random number used for mutual authentication processing, response data is not encrypted but a check code is added". For example, a key version number such as "0x01" (key version number belonging to the storage zone Z1) may be added to the encrypted communication path opening command "INITIALIZE UPDATE" and transmitted. If you want encrypted communication processing in accordance with the detailed encryption processing rule that "uses pseudo-random numbers and encrypts the response data and also adds a check code", the encrypted communication path opening command "INITIALIZE UPDATE", for example, the key "0x7E" The version number (key version number belonging to the storage zone Z4) may be added and transmitted.

The above is the basic concept of the present invention. If this basic concept is introduced, each time a cryptographic communication path is established between two sets of information processing devices, the storage location designation information indicating the storage location of the cryptographic key included in the cryptographic communication path establishment command is used. It becomes possible to indirectly transmit the cryptographic processing detailed rule that defines the detailed procedure of the cryptographic communication processing from one device to the other device. Therefore, it is possible to set the cryptographic processing detailed rule every time the cryptographic communication path is opened. Hereinafter, in §5, a basic embodiment of the present invention based on the above basic concept will be described.

<<<<§5. Basic embodiment of the present invention >>>
FIG. 12 is a block diagram showing the configuration of the information processing system according to the basic embodiment of the present invention. The information processing system shown in FIG. 12 includes the first information processing apparatus 100 and the second information processing apparatus 200, and is an information processing system capable of performing encrypted communication between them based on a predetermined encryption protocol. .. Here, as in the example shown in FIG. 2, a device in which the management program SD is incorporated in the SIM card 11 is used as the first information processing device 100, and the SIM card 11 is mounted as the second information processing device 200. The following description will be made on an example in which a device in which a predetermined application program (application AP3) is incorporated in the smartphone 10 that is a partner is used.

As shown in the figure, the first information processing apparatus 100 includes a first cryptographic communication processing unit 110 that performs a process of opening a cryptographic communication path, a first cryptographic key storage unit 120 that stores an cryptographic key, and a cryptographic process. A cryptographic processing detailed rule storage unit 130 for storing detailed rules is provided, and the first cryptographic communication processing unit 110 uses the cryptographic key stored in the first cryptographic key storage unit 120. According to the detailed cryptographic processing rule stored in the storage unit 130, the processing for opening the cryptographic communication path is performed.

In the case of the embodiment shown here, the first cryptographic communication processing unit 110 is actually realized as a function of the management program SD installed in the SIM card 11, and the first cryptographic key storage unit 120. The cryptographic processing rule storage unit 130 is realized as an area of a part of the memory built in the SIM card 11 managed by the management program SD.

On the other hand, in the second information processing apparatus 200, a second cryptographic communication processing unit 210 that performs cryptographic communication using the cryptographic communication path established by the first cryptographic communication processing unit 110, and a second cryptographic communication processing unit 210 that stores the cryptographic key. A second encryption key storage unit 220 and an encryption communication path opening instruction unit 230 for instructing the first encryption communication processing unit 110 to open an encryption communication path are provided.

In the case of the embodiment shown here, the second encrypted communication processing unit 210 and the encrypted communication path opening instruction unit 230 are actually realized as the functions of the application program (application AP3) installed in the smartphone 10. That is, the second encryption key storage unit 220 is realized as a partial area of the memory built in the smartphone 10.

As described above, in practice, the first information processing apparatus 100 according to the present invention can be realized by incorporating a dedicated program such as the management program SD into a computer that constitutes an IC card or other information processing apparatus. The second information processing apparatus 200 according to the invention can be realized by incorporating a predetermined program into a computer that constitutes a smartphone or another information processing apparatus.

In the information processing system shown in FIG. 12, when the encrypted communication path opening command CMD is transmitted from the encrypted communication path opening instruction unit 230 to the first encrypted communication processing unit 110, the first Based on the command, the cryptographic communication processing unit 110 uses a predetermined cryptographic key stored in the first cryptographic key storage unit 120 and follows a predetermined cryptographic processing rule stored in the cryptographic process detailed rule storage unit 130. , Performs processing for opening a cryptographic communication path. After that, the second cryptographic communication processing unit 210 uses the cryptographic key stored in the second cryptographic key storage unit 220 to perform the cryptographic communication via the cryptographic communication path.

Next, the function of each of the above components will be described in more detail. First, the first cryptographic communication processing unit 110 performs cryptographic communication based on a predetermined cryptographic protocol P in accordance with a predetermined cryptographic processing detailed rule that defines a detailed procedure of cryptographic communication processing by the cryptographic protocol P. An encrypted communication path is opened, and encrypted communication is performed with the second information processing device 200 via the opened encrypted communication path. Here, the encryption protocol P is specified when the management program SD is installed, as described in §2.

The first encryption key storage unit 120 is a component that holds the key table Tk. The key table Tk is provided with a plurality of storage locations, and each storage location stores an encryption key used for the encryption protocol P. For convenience of description, FIG. 12 shows a state in which four storage locations L11 to L14 are prepared in the key table Tk, and the encryption keys Keys11 to Keys14 are stored in the respective storage locations.

The cryptographic process detailed rule storage unit 130 is a component that holds a zone table Tz indicating the correspondence between each storage zone and each cryptographic process detailed rule for the plurality of storage zones set for the key table Tk. In the case of the illustrated example, two sets of storage zones Z1 and Z2 are set on the key table Tk, and each storage location L11 to L14 belongs to one of the storage zones. In the zone table Tz, the cryptographic processing rules C1 and C2 are associated with the respective storage zones Z1 and Z2, respectively.

Note that FIG. 12 illustrates an example in which one encryption key is stored in each of the four storage locations L11 to L14 on the key table Tk for convenience of description, but the specifications of GlobalPlatform (registered trademark) are not included. In the base key table T, as shown in FIG. 3, the "individual key" is stored in each of the matrix cells in which the "key version number" is set vertically and the "key ID" is set horizontally. In this case, one row of cells having the same “key version number” constitutes one storage location. Therefore, when the key table T shown in FIG. 3 is adopted as the key table Tk shown in FIG. 12, each of the four storage locations L11 to L14 corresponds to one row of cell groups in the key table T shown in FIG. This means that three sets of "individual keys" are stored in one storage location.

As described above, each of the encryption keys Keys11 to Keys14 stored in the key table Tk shown in FIG. 12 may be an “individual key”, but when the key table T shown in FIG. 3 is adopted, Each may be a “key group consisting of multiple sets of keys”. Specifically, for example, when the storage location L11 shown in FIG. 12 corresponds to the first row (row of key version number: 0x01) of the key table T shown in FIG. 3, “Keys11” shown in FIG. This corresponds to the three sets of individual keys “KeyA, KeyB, KeyC” shown in FIG. Such a case is assumed that the cryptographic keys Keys 11 to Keys 14 are expressed in a plural form as “Keys”.

In the present application, for the sake of convenience, “individual keys” such as “KeyA” in FIG. 3 and “key groups consisting of a plurality of keys” such as “KeyA, KeyB, KeyC” in FIG. 3 are particularly confused. Unless otherwise noted, we will simply call it "encryption key".

Subsequently, components of the second information processing apparatus 200 will be described. First, the second cryptographic communication processing unit 210 has a function of performing cryptographic communication based on the cryptographic protocol P (the same as the cryptographic protocol used by the first cryptographic communication processing unit 110). It is a component that performs cryptographic communication with the first information processing apparatus 100 via the cryptographic communication path established by the communication processing unit 110. The figure shows a state in which an encryption communication path is established between them.

The second encryption key storage unit 220 is a component that stores an encryption key used for the encryption protocol P. In order to perform cryptographic communication between the first cryptographic communication processing unit 110 and the second cryptographic communication processing unit 210, it is necessary that both use the same encryption protocol P and use the same encryption key. Become. Therefore, at least the same specific encryption key as one of the encryption keys stored in the key table Tk in the first encryption key storage unit 120 is stored in the second encryption key storage unit 220, When performing encrypted communication, both parties perform the encryption process using the same encryption key. The illustrated example shows an example in which the specific encryption key Keys 13 is stored in the second encryption key storage unit 220. The specific encryption key Keys13 is the same as the encryption key stored in the storage location L13 of the key table Tk held in the first encryption key storage unit 120.

The encrypted communication path opening instruction unit 230 is a component that gives the first information processing apparatus 100 an encrypted communication path opening command CMD for instructing the opening of an encrypted communication path for performing encrypted communication. The encrypted communication path opening command CMD includes storage location designation information indicating a storage location in the key table Tk for a specific encryption key corresponding to the encryption key stored in the second encryption key storage unit 220. ing. In the illustrated example, the encryption key stored in the second encryption key storage unit 220 is Keys13, so the storage location L13 in the key table Tk in which the specific encryption key Keys13 corresponding to this is stored is The storage location designation information shown is transmitted as a part of the encrypted communication path opening command CMD.

The first encrypted communication processing unit 110 that has received this encrypted communication path opening command CMD performs the encrypted communication path opening processing by the following method. First, the designated storage location L13 designated by the storage location designation information included in the encrypted communication path opening command CMD is recognized, and the encryption key Keys13 stored in the designated storage location L13 of the key table Tk is designated as the designated encryption key. read out. Further, the storage zone Z2 to which the designated storage location L13 belongs is recognized, and the cryptographic processing detailed rule C2 associated with the storage zone Z2 to which the designated storage location L13 belongs is recognized as the designated cryptographic processing detailed law by referring to the zone table Tz. To do. Then, by using the read designated encryption key Keys13, a procedure in accordance with the recognized designated cryptographic processing rule C2 is executed to open an encrypted communication path for performing encrypted communication.

According to the GlobalPlatform (registered trademark) specifications, as shown in FIG. 6C, the parameter added to the installation command when the management program SD is installed includes the cryptographic process detailed specification parameter “i”. The parameter “i” is incorporated in the encryption processing routine of the management program SD as a default encryption processing detailed rule at the time of installation. According to the present invention, as described above, a new cryptographic processing rule (parameter “i”) is designated every time when the cryptographic communication channel opening command CMD is received, so that the default cryptographic processing rule is newly overridden. The specified cryptographic processing rules will be applied.

According to the information processing system having such a configuration, each time the encrypted communication path is opened between the two sets of information processing apparatuses 100 and 200, the encryption key included in the encrypted communication path opening command CMD is changed. By the storage location designation information indicating the storage location, the information designating a specific cryptographic processing rule can be transmitted from the second information processing apparatus 200 to the first information processing apparatus 100. Therefore, it is possible to set the cryptographic processing detailed rule every time the cryptographic communication path is opened.

For example, in the case of the example shown in FIG. 12, the application AP3 in the smartphone 10 uses the specific encryption key Keys13 to instruct the management program SD in the SIM card 11 to open the encryption communication path. As described above, the cryptographic process procedure according to the designated cryptographic process detailed rule C2 is executed. On the other hand, another application AP4 (not shown) is incorporated in the smartphone 10, and the other application AP4 uses the specific encryption key Keys12 for the management program SD in the SIM card 11. When instructing to open a cryptographic communication path by using the cryptographic communication path opening command CMD, the storage location designated by the command CMD is L12. It will be.

Thus, even when the same smartphone 10 communicates with the same SIM card 11, when the application AP3 communicates, the procedure of the encryption process according to the encryption process detailed rule C2 is executed, and the application AP4 communicates. When performing, the procedure of the cryptographic process according to the cryptographic process rule C1 is executed, and the cryptographic communication using different cryptographic process rules can be performed depending on the application program. Similarly, even when a completely different smartphone 10′ is used as the second information processing apparatus 200, the same method enables encrypted communication using different cryptographic processing rules.

Of course, the plurality of encryption keys stored in the key table Tk may include the same one. For example, consider the case where the encryption key Keys 12 and the encryption key Keys 13 in the example shown in FIG. 12 are the same encryption key. In this case, comparing the case where the encryption key Keys12 is specified by the encryption communication path opening command CMD and the case where the encryption key Keys13 is specified, both are based on the same encryption protocol P and are encrypted using the same encryption key. There is no change in the point that a communication channel is opened, but in the former case, the cryptographic processing procedure according to the cryptographic processing detailed rule C1 is executed, and in the latter case, the cryptographic processing procedure according to the cryptographic processing detailed rule C2 is executed. become. Therefore, in this case, the difference between the designation of the encryption key Keys12 and the designation of the encryption key Keys13 is the difference between whether the cryptographic processing detailed rule C1 or the cryptographic processing detailed rule C2 is applied.

<<<<§6. More Specific Embodiments of the Present Invention >>>
As described above, the GlobalPlatform (registered trademark) specification uses a key table T as shown in FIG. Therefore, here, a more specific embodiment of the present invention using the key table Tk according to the specification and the parameter “i” described in §3 will be described.

FIG. 13 is a table showing a specific example of the key table Tk and the zone table Tz used in the information processing system shown in FIG. That is, the key table Tk shown in FIG. 13A is a table held in the first encryption key storage unit 120, and the zone table Tz shown in FIG. 13B is in the cryptographic process rule storage unit 130. Is a table held by. Any table may be incorporated together when the management program SD is installed in the SIM card 11. Of course, after the installation, a write command may be given to write these tables, or the contents of these tables may be updated as needed.

The key table Tk shown in FIG. 13(a) is obtained by setting a storage zone in the key table T shown in FIG. The key table Tk is provided with a plurality of storage locations each specified by a key version number, and each storage zone is configured by one or a plurality of storage locations.

More specifically, this key table Tk has 127 storage locations specified by the key version numbers “0x01” to “0x7F”, and each storage location has a key ID “0x00”. ~ 128 cells specified by "0x7F" are prepared. Each cell functions as a storage for storing one "individual key".

In the case of the example shown in the figure, among all the cells forming the key table Tk, some cells actually store the "individual key", and many cells are blank. Then, for the row in which the encryption key is actually stored, a total of four sets of storage zones Z1 to Z4 are set. That is, one line corresponding to the key version number “0x01” corresponds to the storage zone Z1, and one line corresponding to the key version number “0x02” corresponds to the storage zone Z2 and the key version numbers “0x20”, “0x21”, and “0x22”. 3 rows are set in the storage zone Z3, and 2 rows corresponding to the key version numbers "0x7E" and "0x7F" are set in the storage zone Z4.

As described above, the storage zone set in the present invention may be a zone that includes only one storage location (row specified by one key version number), or a plurality of storage locations (multiple key versions). It may be a zone including a line specified by a number). Further, it is not necessary to set the storage zone in the entire area of the key table Tk, and a part of the area in which the storage zone is not set may exist as in the illustrated example.

In the key table Tk shown in FIG. 13A, each storage location is specified by a key version number. Therefore, the encrypted communication path opening command CMD should include a specific key version number as storage location designation information. You can do this. The first cryptographic communication processing unit 110 performs the reading process of the designated cryptographic key and the recognition process of the designated cryptographic process rules by using the storage location specified by the key version number as the designated storage location.

On the other hand, the zone table Tz shown in FIG. 13B is a table in which the four sets of cryptographic processing rules illustrated in FIG. 11 are associated with each other. In this zone table Tz, first, numerical ranges are defined for the four storage zones Z1 to Z4, respectively. This numerical range indicates the range of key version numbers and defines the settings of the storage zones Z1 to Z4 shown in FIG. Specifically, the storage zone Z1 is "0x01", the storage zone Z2 is "0x02", the storage zone Z3 is "0x20" to "0x22", and the storage zone Z4 is "0x7E" to "0x7F". Is defined by the numerical range of. In short, in the example shown here, each storage zone consists of one storage location or multiple storage locations with consecutive key version numbers, each storage zone corresponding to a unique numerical range of key version numbers. Will be attached.

In the zone table Tz shown in FIG. 13B, the four storage zones Z1 to Z4 are associated with specific values of the parameter “i”. Specifically, the storage zones Z1 to Z4 are associated with 8-bit data forming the parameter “i”. In the table of the figure, for convenience of description, data "32", "48", "96", "112" in which the value of the parameter "i" is displayed in decimal is also described. The program that executes the encryption protocol P in the first encryption communication processing unit 110 includes a routine that interprets the contents of the detailed encryption processing rule indicated by the value of the parameter “i”, and the specified encryption processing is performed. Cryptographic communication processing according to the detailed rules is executed.

As described above, the parameter “i” consisting of 8-bit data functions as a cryptographic process detailed rule specifying parameter, and in the case of the embodiment shown here, as shown in FIG. 11, the type of “random number used for mutual authentication process”, It is a parameter that determines the three detailed rules for encryption processing, that is, whether or not "response data is encrypted" and whether or not "check code is added to response data". For example, if the value of "i" is "32", indicate the details of the cryptographic processing rule that "a true random number is used as the random number used for mutual authentication processing, and the response data is not encrypted but a check code is added". become.

Therefore, if the encrypted communication path opening command CMD given from the encrypted communication path opening instruction unit 230 to the first encrypted communication processing unit 110 includes the key version number “0x01” as the storage location designation information, First, the encrypted communication processing unit 110 can read out the encryption key corresponding to the key version number “0x01” from the key table Tk shown in FIG.

In the case of the key table Tk shown in FIG. 13(a), each storage location (each row of the table) is provided with a plurality of storages (cells) specified by a key ID. Part of each stores a different encryption key. Therefore, the first cryptographic communication processing unit 110 uses the cryptographic keys stored in the plurality of storages in the storage location specified by the key version number included in the cryptographic communication channel opening command CMD to establish the cryptographic communication channel. It will be opened. Specifically, when the key version number “0x01” is specified, the encryption communication path is opened using the encryption keys “KeyA, KeyB, KeyC”.

Further, the first encrypted communication processing unit 110 refers to the zone table Tz shown in FIG. 13(b), and the parameter "i" (which corresponds to the storage zone Z1 to which the key version number "0x01" belongs) ( The value "32") can be recognized. Therefore, the first cryptographic communication processing unit 110 interprets the cryptographic processing rule corresponding to each bit of the parameter “i” to “use a true random number as the random number used for the mutual authentication process and not encrypt the response data. Check code is added. As a result, using the encryption keys “KeyA, KeyB, and KeyC”, an encryption communication path for performing encryption communication is opened according to the grasped detailed rules of the encryption processing, and the second information processing device is opened via the opened encryption communication path. The encrypted communication with 200 will be performed.

It should be noted that FIG. 11 shows three rules as the cryptographic processing rules: the type of “random number used in mutual authentication processing”, the presence/absence of “encryption of response data”, and the presence/absence of “giving a check code to response data”. Although an example in which the above is defined is shown, as the cryptographic processing detailed rule, any other rule can be defined. In §3, an actual example of the parameter “i” actually defined in the encryption protocol SCP03 or SCP02 is shown. Based on this example, some examples of cryptographic processing rules that can be used in implementing the present invention will be listed below.

(1) Detailed Rules for Cryptographic Processing Related to Mutual Authentication Processing As shown in the diagram of FIG. 5, the first information processing device 100 and the second information processing are performed before the cryptographic communication path is opened as a preparatory process. Mutual authentication processing needs to be performed with the device 200, and various procedures have been put to practical use for this mutual authentication processing. Therefore, the rule that defines the procedure of the mutual authentication process is one of the cryptographic processing rules that can be used in implementing the present invention.

Specifically, a rule that determines whether a true random number or a pseudo random number is used as the random number Rb generated by the first information processing apparatus 100 for the mutual authentication process is used as a cryptographic process detailed rule. You can For example, in the case of the encryption protocol SCP03, as shown in items (2) and (3) of FIG. 7(a), the above rule is defined in the bit b5 of the parameter "i", and in the case of the encryption protocol SCP02. As shown in items (13) and (14) of FIG. 9, the above rule is defined in the bit b7 of the parameter "i".

Further, a rule that determines the number of encryption keys used in the mutual authentication process and the cryptographic communication process can also be used as a cryptographic process detailed rule. For example, in the case of the encryption protocol SCP02, the above rule is defined in the bit b1 of the parameter "i" as shown in items (1) and (2) of FIG.

Furthermore, a rule that determines whether the mutual authentication process is explicitly performed by using the authentication command or implicitly without the authentication command can be used as the cryptographic processing rule. For example, in the case of the encryption protocol SCP02, the above rule is defined in the bit b3 of the parameter "i" as shown in items (5) and (6) of FIG.

Therefore, if a table in which a specific value of the parameter “i” is associated with each storage zone is used as the zone table, the above-mentioned cryptographic processing rules relating to the procedures of the mutual authentication processing will be established. It can be set by command.

(2) Detailed rules for cryptographic processing regarding response transmission procedure Various different procedures are also defined for the method of transmitting a response from the first information processing apparatus to the second information processing apparatus via the established cryptographic communication channel. Therefore, the rule that defines the procedure for transmitting this response is also one of the cryptographic processing rules that can be used in implementing the present invention.

Specifically, a rule that defines whether to encrypt response data can be used as a detailed cryptographic process rule. For example, in the case of the encryption protocol SCP03, the above rule is defined in the bit b7 of the parameter "i" as shown in items (4) to (6) of FIG. 7(a). Similarly, the detailed rule that determines whether or not the check code is added to the response data can be used as the cryptographic process detailed rule. For example, in the case of the encryption protocol SCP03, as shown in items (4) to (6) of FIG. 7A, the above rule is defined in the bit b6 of the parameter "i", and the encryption protocol SCP02 is used. As shown in items (11) and (12) of FIG. 8, the above rule is defined in the bit b6 of the parameter "i".

Therefore, if a table in which a specific value of the parameter “i” is associated with each storage zone is used as the zone table, the detailed encryption processing rules relating to the above-described response transmission procedure are set by the encryption communication path opening command. It will be possible.

(3) Cryptographic processing rules concerning command transmission procedure Various different procedures are also defined for the method of transmitting a command from the second information processing apparatus to the first information processing apparatus via the established cryptographic communication channel. Therefore, the rule that defines the transmission procedure of this command is also one of the cryptographic processing detailed rules that can be used in implementing the present invention.

Specifically, a rule that defines matters relating to the addition of a check code to a transmission command can be used as a detailed cryptographic processing rule. For example, in the case of the encryption protocol SCP02, as shown in items (3) and (4) of FIG. 8, the rule "b2" of the parameter "i" determines whether or not the transmission command is corrected when the check code is calculated. In addition, as shown in items (7) to (10) of FIG. 8, rules regarding ICV are defined in bits b4 and b5 of the parameter "i".

Therefore, if a table in which a specific value of the parameter "i" is associated with each storage zone is used as the zone table, the detailed encryption processing rules relating to the command transmission procedure described above are set by the encryption communication path opening command. It will be possible.

<<<< §7. Modification to specify encryption protocol >>>
A feature of the present invention is that a plurality of storage zones are set on the key table Tk, and a zone table Tz in which a predetermined cryptographic processing rule is associated with each storage zone is prepared. When a specific storage location on the key table Tk is designated by the opening command CMD, it is possible to recognize the detailed cryptographic processing rules associated with the storage zone to which the designated storage location belongs, and The point is that a desired cryptographic processing rule can be designated each time opening is performed.

On the other hand, Japanese Patent Application No. 2015-168868 discloses an invention (hereinafter referred to as a prior invention) in which a desired encryption protocol can be designated every time an encrypted communication path is opened based on the same idea. ing. A feature of the invention of this prior application is that a plurality of storage zones are set on the key table Tk, and a zone table Tz in which a predetermined encryption protocol is associated with each storage zone is prepared. When a specific storage location on the key table Tk is designated by the path opening command CMD, the encryption protocol associated with the storage zone to which the designated storage location belongs can be recognized. The point is that the desired encryption protocol can be designated each time the opening of the.

As described above, in both the present invention and the prior invention, a plurality of storage zones are set on the key table Tk, and a specific storage location on the key table Tk is designated by the encrypted communication path opening command CMD. In addition, it is common to use the technical idea of recognizing the storage zone to which the designated storage location belongs to grasp "some information" associated with each storage zone. However, in the case of the invention of the prior application, “information for specifying the encryption protocol” is used as “some information”, whereas in the present invention, the “rules of cryptographic processing” are used as “some information”. The points are different.

As described above, since the present invention and the prior invention use the common technical idea, they can be implemented in combination. The modified example described here corresponds to the embodiment related to such a combination.

In the end, the feature of this modified example is that a plurality of storage zones are set on the key table Tk, and a zone table Tz is prepared in which each storage zone is associated with both a predetermined encryption protocol and cryptographic processing rules. By doing so, when a specific storage location on the key table Tk is designated by the encryption communication path opening command CMD, the encryption protocol and the detailed cryptographic processing rule associated with the storage zone to which the designated storage location belongs. Both of them can be recognized, and a desired encryption protocol and a detailed cryptographic processing rule can be designated each time a cryptographic communication path is opened.

FIG. 14 is a block diagram showing the configuration of such an information processing system according to a modification of the present invention. The basic configuration of the information processing system shown in FIG. 14 is almost the same as the basic configuration of the information processing system according to the basic embodiment shown in FIG. Therefore, each component of the information processing system shown in FIG. 14 is indicated by using a symbol with “A” added to the end of the symbol of the corresponding component of the information processing system shown in FIG.

Specifically, the information processing system shown in FIG. 14 includes a first information processing apparatus 100A and a second information processing apparatus 200A, and information that enables encrypted communication between them based on a predetermined encryption protocol. It is a processing system. Also here, as the first information processing device 100A, a device in which the management program SDA is incorporated in the SIM card 11 is used, and as the second information processing device 200A, the smartphone 10 to which the SIM card 11 is attached is provided with a predetermined information. The following description will be made on an example in which a device incorporating an application program (app AP6) is used.

As shown in the figure, in the first information processing apparatus 100A, a first cryptographic communication processing unit 110A that performs a process of opening a cryptographic communication path, a first cryptographic key storage unit 120A that stores a cryptographic key, and a cryptographic process. An encryption processing detailed rule storage unit 130A for storing detailed rules is provided, and the first cryptographic communication processing unit 110A uses the encryption key stored in the first encryption key storage unit 120A. In accordance with the detailed cryptographic processing rules stored in the storage unit 130A, the processing for opening the cryptographic communication path is performed.

Also in the case of the modification shown here, the first cryptographic communication processing unit 110A is actually realized as a function of the management program SDA installed in the SIM card 11, and the first cryptographic key storage unit. The 120A and the cryptographic processing rule storage unit 130A are realized as a partial area of the memory built in the SIM card 11 managed by the management program SDA.

On the other hand, the second information processing apparatus 200A stores a second cryptographic communication processing unit 210A that performs cryptographic communication using the cryptographic communication path established by the first cryptographic communication processing unit 110A, and a cryptographic key storage unit. A second encryption key storage unit 220A and an encryption communication path opening instruction unit 230A for instructing the first encryption communication processing unit 110A to open an encryption communication path are provided.

In the case of the modified example shown here, the second encrypted communication processing unit 210A and the encrypted communication path opening instruction unit 230A are actually realized as the functions of the application program (application AP6) installed in the smartphone 10. That is, the second encryption key storage unit 220A is realized as a partial area of the memory built in the smartphone 10.

Thus, the basic configuration of the modification shown in FIG. 14 and the basic configuration of the basic embodiment shown in FIG. 12 are almost the same. However, there are some differences in the detailed processing operation of each component. Hereinafter, this difference will be described.

The first cryptographic communication processing unit 110A establishes a cryptographic communication path for performing cryptographic communication based on a predetermined cryptographic protocol and in accordance with a predetermined cryptographic processing detailed rule that defines a detailed procedure of cryptographic communication processing by the cryptographic protocol. It is opened and encrypted communication is performed with the second information processing apparatus 200A via the opened encrypted communication path. However, the first encrypted communication processing unit 110A is provided with a plurality of N (N≧2) encryption protocols P1 to PN, and any one of the N encryption protocols P1 to PN is used. It has a function to perform encrypted communication based on the encryption protocol. When the cryptographic communication path opening command CMD is given from the second information processing apparatus 200A, the designated encryption protocol designated by the second information processing apparatus 200A among the N types of cryptographic protocols P1 to PN. Based on the above, an encrypted communication path for performing encrypted communication is established.

On the other hand, the first encryption key storage unit 120A is a component that holds the key table TkA. The key table TkA is provided with a plurality of storage locations, and each storage location stores an encryption key used for each of the N encryption protocols P1 to PN. A plurality of storage zones are set in this key table TkA. FIG. 14 shows a state in which eight storage zones Z1 to Z8 are set on the key table TkA. In reality, each of these storage zones Z1 to Z8 includes one or a plurality of storage locations, but these storage locations are not shown here. Of course, since the key table based on the GlobalPlatform (registered trademark) specifications has a form as shown in FIG. 13, each of the storage zones Z1 to Z8 is defined by the range of the "key version number".

The cryptographic processing rule storage unit 130A holds a zone table TzA relating to the individual storage zones Z1 to Z8 set on the key table TkA. In the case of the embodiments described so far, the zone table is a table showing the correspondence between the individual storage zones and the individual cryptographic processing rules, but the zone table TzA in this modification is the individual storage zone Z1. In addition to the correspondence between Z8 to Z8 and individual cryptographic processing rules, the correspondence between each storage zone Z1 to Z8 and each encryption protocol is also shown. That is, the column of the specific storage zone in the zone table TzA includes not only the information specifying the predetermined cryptographic processing rule but also the information specifying the predetermined encryption protocol. Therefore, when one storage zone is determined, one cryptographic processing rule is determined, and further one encryption protocol is determined.

Subsequently, components of the second information processing apparatus 200A will be described. First, the second cryptographic communication processing unit 210A has a function of performing cryptographic communication based on at least one specific encryption protocol among the plurality of N types of encryption protocols P1 to PN described above. It is a component that performs encrypted communication with the first information processing apparatus 100A via an encrypted communication path opened for performing encrypted communication based on the encrypted protocol. The illustrated example is an example in which the second encrypted communication processing unit 210A has a function of performing encrypted communication based on the first encryption protocol P1, and the two sets of the information processing devices 100A and 200A are Cryptographic communication is performed based on the first encryption protocol P1. The figure shows a state in which an encryption communication path based on the first encryption protocol P1 is established between them.

The second encryption key storage unit 220A is configured to store an encryption key used for a specific encryption protocol (the first encryption protocol P1 in the illustrated example) used by the second encryption communication processing unit 210A. Is an element. In order to perform cryptographic communication between the first cryptographic communication processing unit 110A and the second cryptographic communication processing unit 210A, it is necessary that both use the same encryption protocol and use the same encryption key. .. Therefore, in the case of the illustrated example, the second encryption key storage unit 220A has the same encryption key as that used for the first encryption protocol P1 stored in the key table TkA in the first encryption key storage unit 120A. The specific encryption key KeysX is stored. Then, the encrypted communication between the two is executed based on the first encryption protocol P1 using this encryption key KeysX.

The encrypted communication path opening instruction unit 230A instructs the first information processing apparatus 100A to open an encrypted communication path for performing encrypted communication, as in the basic embodiments described above. It is a component that gives an opening command CMD. This encrypted communication path opening command CMD includes storage location designation information indicating the storage location in the key table TkA for the cryptographic key corresponding to the specific cryptographic key KeysX stored in the second cryptographic key storage unit 220A. Has been.

The first encrypted communication processing unit 110 that has received this encrypted communication path opening command CMD performs the encrypted communication path opening processing by the following method. First, the designated storage location designated by the storage location designation information included in the encrypted communication path opening command CMD is recognized, and the encryption key KeysX stored in the designated storage location of the key table TkA is read as the designated encryption key. .. Further, the storage zone to which this designated storage location belongs is recognized, the cryptographic processing detailed rule associated with the storage zone to which the designated storage location belongs is recognized as the designated cryptographic processing detailed law by referring to the zone table TzA, and Recognize the encryption protocol associated with the storage zone as the specified encryption protocol. Then, based on the recognized designated encryption protocol, the read designated encryption key KeysX is used to execute a procedure in accordance with the recognized detailed designated encryption processing rule, thereby establishing an encrypted communication path for performing encrypted communication.

For example, when the storage location of the designated encryption key KeysX belongs to the i-th storage zone Zi, the information associated with the storage zone Zi of the zone table TzA is referred to. For example, when the storage zone Zi is associated with the detailed encryption processing rule Cj and the encryption protocol Pk, the first encrypted communication processing unit 110 uses the specified encryption key KeysX based on the specified encryption protocol Pk. By executing the procedure according to the designated cryptographic processing detailed rule Cj, the cryptographic communication path for performing cryptographic communication is established.

According to the information processing system having such a configuration, each time the encryption communication path is opened between the two sets of information processing apparatuses 100A and 200A, the encryption key included in the encryption communication path opening command CMD is changed. By the storage location designation information indicating the storage location, the information designating the specific encryption protocol and the specific cryptographic processing rule can be transmitted from the second information processing apparatus 200 to the first information processing apparatus 100. .. Therefore, it is possible to set the encryption protocol and the detailed cryptographic processing rule each time the cryptographic communication path is opened.

In the case of the example shown in FIG. 14, the application AP6 in the smartphone 10 uses the specific encryption protocol P1 and the specific encryption key KeysX to instruct the management program SDA in the SIM card 11 to open an encryption communication path. However, another application AP7 is incorporated in the smartphone 10, and the other application AP7 establishes an encryption communication path for the management program SDA in the SIM card 11 by using another encryption protocol. When instructing, the encrypted communication path opening command CMD may include the storage location designation information in the storage zone corresponding to the different encryption protocol.

FIG. 15 is a table showing a specific example of the key table TkA and the zone table TzA used in the information processing system shown in FIG. The basic configuration of the key table TkA shown in FIG. 15(a) is the same as that of the key table Tk shown in FIG. However, here, the display format of the table is changed to show that eight storage zones Z1 to Z8 are set. Similar to the key table Tk shown in FIG. 13, the key table TkA shown in FIG. 15(a) is also assigned an address space in the range of “0x01 to 0x7F” as the key version number, but the storage zone is set. Is performed only for the range of “0x01 to 0x3F”, and the encryption key Key is also stored only in the address space within this range.

In the case of the illustrated example, each of the storage zones Z1 to Z8 is configured by seven or eight storage locations (seven or eight storage locations in the key table Tk shown in FIG. 13). Similar to the key table Tk shown in FIG. 13, a cell (storage) specified by a key ID in the range of “0x00 to 0x7F” is arranged in one storage location, and each cell has an individual cell. The encryption key Key is stored (not shown).

On the other hand, FIG. 15(b) shows a specific example of the zone table TzA corresponding to the zone configuration of the key table TkA shown in FIG. 15(a). That is, the numerical range of the key version number is shown for each of the eight storage zones Z1 to Z8, and the predetermined encryption protocol and the value of the parameter “i” are associated with each of the storage zones Z1 to Z8. There is. Note that, for convenience of explanation, regarding the parameter "i", each bit of "i" is displayed and the value of "i" in decimal notation is displayed. However, in the actual zone table TzA, the numerical range is shown. It suffices that the data indicating "", the data indicating the encryption protocol, and each bit of "i" are associated with each other.

Here, the parameter “i” is a cryptographic process detailed rule designating parameter and plays a role of defining a specific cryptographic process detailed rule according to each encryption protocol, similarly to the basic embodiments described so far. The illustrated example is an example corresponding to two types of encryption protocols (N=2 is set in FIG. 14, and the first encrypted communication processing unit 110A corresponds to two types of encryption protocols P1 and P2. When the storage location belonging to the storage zones Z1 to Z4 is designated by the encrypted communication path opening command CMD, the encryption using the first encryption protocol P1 (specifically, the protocol SCP03) is performed. When the communication path is opened and the storage location belonging to the storage zones Z5 to Z8 is designated, the encrypted communication path using the second encryption protocol P2 (specifically, the protocol SCP02) is opened. become.

In this way, the encryption communication path opening command CMD serves to specify either one of the two encryption protocols, and when any encryption protocol is specified, one of the four rules of encryption processing is specified. It also plays the role of specifying one. For example, when the storage location belonging to the storage zone Z1 is specified, the encryption protocol SCP03 is specified, and the encryption processing detailed rule corresponding to the value "32" of "i" is specified. This is a detailed rule of the cryptographic process shown in the first line of the table of FIG. 11, and a rule of the content that "a true random number is used as the random number used for the mutual authentication process and the response data is not encrypted but the check code is added". Is shown.

Of course, since the individual cryptographic processing rules indicated by the value of the parameter "i" are defined for each individual encryption protocol, the meaning of the value of the parameter "i" is the encryption protocol SCP03 and the encryption protocol. It is different from SCP02. The program that executes each encryption protocol has a routine that interprets the details of the cryptographic processing rules indicated by the value of this parameter "i", and executes the cryptographic communication processing in accordance with the specified cryptographic processing rules. To be done.

Finally, a further modification of the information processing system shown in FIG. 14 will be described with reference to the block diagram of FIG. The basic configuration of the information processing system shown in FIG. 16 is almost the same as the basic configuration of the information processing system shown in FIG. That is, the information processing system shown in FIG. 16 is an information processing system that includes the first information processing apparatus 100A and the second information processing apparatus 200B and is capable of performing encrypted communication between them based on a predetermined encryption protocol. is there. Here, the first information processing apparatus 100A is exactly the same as the first information processing apparatus 100A shown in FIG. 14, but the second information processing apparatus 200B is the second information processing apparatus shown in FIG. It is a slightly modified version of the 200A.

That is, the second information processing apparatus 200B illustrated in FIG. 16 is configured by incorporating a predetermined application program (application AP8) in the smartphone 10, and the second information processing apparatus 200B performs encrypted communication with the first information processing apparatus 100A. To the first information processing apparatus 100A and the second encryption key storage unit 220B storing the encryption key used for the encryption protocol used by the second encryption communication processing unit 210B. , And an encrypted communication path opening instruction unit 230A which gives an encrypted communication path opening command CMD for instructing the opening of an encrypted communication path for performing encrypted communication.

Here, the encrypted communication path establishment instruction unit 230A is the same component as the encrypted communication path establishment instruction unit 230A shown in FIG. Therefore, in the information processing system shown in FIG. 16, the second cryptographic communication processing unit 210A in the information processing system shown in FIG. 14 is replaced with the second cryptographic communication processing unit 210B, and the second cryptographic key storage unit 220A is replaced with the second cryptographic key storage unit 220A. It is replaced with the second encryption key storage unit 220B.

The second information processing apparatus 210A in the information processing system shown in FIG. 14 is a component that performs encrypted communication based only on the first encryption protocol P1 incorporated as a specific encryption protocol. The second information processing apparatus 210B in the information processing system shown corresponds to a plurality of encryption protocols (the first encryption protocol P1 and the second encryption protocol P2 in the illustrated example) It is possible to perform encrypted communication by selecting one encryption protocol.

The second encryption key storage unit 220A in the information processing system shown in FIG. 14 is a component that stores only the encryption key KeysX as a specific encryption key, but the second encryption key storage unit 220A in the information processing system shown in FIG. The encryption key storage unit 220B stores a plurality of encryption keys (in the illustrated example, three pairs of encryption keys KeysX, KeysY, and KeysZ), and selects one encryption key to use for encryption communication. be able to.

In short, in the second information processing apparatus 200A in the information processing system shown in FIG. 14, the number of the encryption protocol and the encryption key used for the cryptographic communication is limited to one, but in the second information processing system shown in FIG. In the information processing apparatus 200B, a plurality of encryption protocols and encryption keys used for encrypted communication are prepared, and any one can be selectively used.

However, in order to perform the encrypted communication with the first information processing apparatus 100A, the encryption protocol and the encryption key used on the first information processing apparatus 100A side and the encryption used on the second information processing apparatus 200B side. Since the encrypted protocol and the encryption key need to correspond to each other, when transmitting the encrypted communication path establishment command CMD by the encrypted communication path establishment instructing unit 230A, the encryption protocol and the encryption key used by both should match. In addition, it is necessary to properly specify the storage location specification information.

Specifically, for example, in the case where the second information processing apparatus 200B side intends to perform encrypted communication using the second encryption protocol P2 and the encryption key KeysY, the second information processing apparatus 200B side displays the second information on the zone table TzA. The encryption communication path opening command CMD may be transmitted by designating the storage location of the encryption key KeysY belonging to the specific zone associated with the encryption protocol P2 as the storage location designating information.

As described above, in the present invention, the second cryptographic communication processing unit, which is a component of the second information processing apparatus, may be a component that supports only a specific encryption protocol, or a plurality of encryption protocols. It may be a component that corresponds to the protocol and can selectively use it. Similarly, in the present invention, the second encryption key storage unit, which is a component of the second information processing apparatus, may be a component that stores only a specific encryption key, or may store a plurality of encryption keys. However, it may be a component that can selectively utilize this. This also applies to the basic embodiments described up to §6.

<<<<§8. Embodiment as Method Invention >>>
Finally, an embodiment when the present invention is understood as a method invention called a cryptographic communication method will be described. FIG. 17 is a flowchart showing the basic procedure of the encrypted communication method according to the present invention. This cryptographic communication method is a cryptographic communication method for performing cryptographic communication between the first information processing apparatus and the second information processing apparatus based on a predetermined encryption protocol, and as shown in the figure, the program preparation step S11. The key table preparation step S12, the zone table preparation step S13, the encrypted communication path opening instruction step S14, the encrypted communication path opening step S15, and the encrypted communication step S16. Note that the description on the right side of the block showing each step in the flow chart of FIG. 17 indicates whether the step is a procedure executed by the first information processing apparatus 100 shown in FIG. It shows whether the procedure is performed by.

The program preparation step of step S11 is a step in which the first information processing apparatus 100 prepares a program for performing encrypted communication based on a predetermined encryption protocol in an executable state. Specifically, when the first information processing apparatus 100 is composed of an IC card such as SIM11, the encryption communication function is realized by the management program SD. Therefore, the program preparation step of step S11 is performed by the process of installing the management program SD. When the modification shown in FIG. 14 is applied, a program for performing cryptographic communication based on a plurality of N (N≧2) cryptographic protocols becomes executable.

The key table preparation step of step S12 is a step in which the first information processing apparatus 100 prepares the key table Tk in which the encryption keys used in the encryption protocol are stored in a plurality of storage locations. Specifically, the first encryption key storage unit 120 stores a key table Tk as shown in FIG. 13(a). This key table preparation step can be executed by giving a data write command to the first information processing apparatus 100 from an external device.

In the zone table preparation stage of step S13, the first information processing apparatus 100 sets a plurality of storage zones including one or a plurality of storage locations on the key table Tk, and sets each storage zone and each encryption zone. It is a stage of preparing a zone table showing the correspondence with the processing rules. Specifically, the cryptographic processing rule storage unit 130 stores a zone table Tz as shown in FIG. 13(b). This zone table preparation stage can also be executed by giving a data write command to the first information processing apparatus 100 from an external device. When the modified example shown in FIG. 14 is applied, as shown in FIG. 15(b), not only the correspondence between individual storage zones and individual cryptographic processing rules is shown, but also individual storage zones and individual cryptographic rules are shown. The zone table TzA indicating the correspondence with the encryption protocol is prepared.

In the encryption communication channel opening instruction step of step S14, the second information processing apparatus 200 instructs the first information processing apparatus 100 to execute the step S12 based on the encryption protocol prepared in the program preparation step of step S11. In the encryption key storage step, the encryption communication path opening command CMD for instructing the opening of the encryption communication path for performing the encryption communication using the specific encryption key stored in the specific storage location is transmitted. The encrypted communication path opening command CMD includes storage location designation information indicating a specific storage location in the key table Tk.

In the cryptographic communication channel opening stage of step S15, the first information processing apparatus 100 establishes a cryptographic communication channel for performing cryptographic communication based on a predetermined cryptographic protocol based on the received cryptographic communication channel establishment command CMD. It is a stage. That is, the first information processing apparatus 100 reads, as the designated encryption key, the encryption key stored in the designated storage location designated by the storage location designation information included in the received encrypted communication path opening command CMD. Then, by referring to the zone table Tz prepared in step S13, the cryptographic processing detailed rule associated with the storage zone to which the designated storage location belongs is recognized as the designated cryptographic processing detailed rule, and the read designated cryptographic key is used. A cryptographic communication path for performing cryptographic communication is established by executing a procedure in accordance with the specified cryptographic processing detailed rules. When the modification shown in FIG. 14 is applied, the encryption protocol associated with the storage zone to which the designated storage location belongs is recognized as the designated encryption protocol by further referring to the zone table Tz, and this designation is performed. An encryption communication path for performing encryption communication using the encryption protocol will be established.

The encrypted communication step of step S16 is a step in which the first information processing apparatus 100 and the second information processing apparatus 200 perform the encrypted communication via the encrypted communication path established in step S15. Actually, at the time of transmission, the transmission data is encrypted and transmitted, and at the time of reception, the received data is decrypted and fetched.

10: smartphone 11: SIM card 20: external server 100, 100A: first information processing device 110, 110A: first cryptographic communication processing unit 120, 120A: first cryptographic key storage unit 130, 130A: detailed cryptographic processing rule Storage units 200, 200A, 200B: second information processing devices 210, 210A, 210B: second cryptographic communication processing units 220, 220A, 220B: second cryptographic key storage units 230, 230A: cryptographic communication channel opening instruction unit A: Type information AP1 to AP5: General application programs b1 to b8: Bits C1 and C2 of the parameter “i”: Detailed encryption processing rules CMD: Cryptographic communication path opening command Key, KeyA to KeyU: Encryption keys Keys11 to Keys14, KeysX to KeysZ: encryption key(s)
L: Key length L11 to L14: Storage location P, P1, Pi, PN: Encryption protocol R1, R2: Cryptographic communication path opening routine Ra, Ra', Rb, Rb': Random number for authentication S1 to S6: Diagram Steps S11 to S16: Flow chart steps SD, SDA: Management programs T, T1, T2: Key table Tk, TkA: Key table Tz, TzA: Zone table V: Key value data Z1 to Z8: Storage zone

Claims (20)

An information processing system comprising a first information processing device and a second information processing device, capable of performing encrypted communication between them based on a predetermined encryption protocol,
The first information processing device is
Based on a predetermined encryption protocol, in accordance with a predetermined encryption processing detailed rule that defines the detailed procedure of encryption communication processing by the encryption protocol, open an encryption communication path for performing encrypted communication, A first cryptographic communication processing unit that performs cryptographic communication with the second information processing apparatus via
A first encryption key storage unit that holds a key table storing encryption keys used for the encryption protocol in a plurality of storage locations,
A plurality of storage zones are set for the key table, and a cryptographic processing rule storage unit that holds a zone table indicating a correspondence relationship between each storage zone and each cryptographic processing rule,
Have
The second information processing device is
A second function having a function of performing encrypted communication based on the encryption protocol, and performing encrypted communication with the first information processing apparatus via an encrypted communication path established by the first encrypted communication processing unit. A cryptographic communication processing unit of
A second encryption key storage unit that stores an encryption key used in the encryption protocol;
An encrypted communication path opening instruction unit for giving an encrypted communication path opening command for instructing the first information processing apparatus to open an encrypted communication path for performing encrypted communication;
Have
The encryption communication path opening command includes storage location designation information indicating a storage location in the key table for a specific encryption key corresponding to the encryption key stored in the second encryption key storage unit. Cage,
The first cryptographic communication processing unit receives the cryptographic communication channel opening command and stores the cryptographic key stored in the designated storage location designated by the storage location designating information included in the cryptographic communication channel opening command. As the designated encryption key, refers to the zone table, recognizes the cryptographic processing detailed rule associated with the storage zone to which the designated storage location belongs as the designated cryptographic processing detailed rule, and uses the designated cryptographic key to An information processing system, wherein an encrypted communication path for performing encrypted communication is established by executing a procedure in accordance with specified cryptographic processing rules. The information processing system according to claim 1,
The key table is provided with a plurality of storage locations each identified by a key version number, and each storage zone is composed of one or a plurality of storage locations.
The encryption communication path opening command includes a specific key version number as storage location specifying information.
An information processing system, wherein the first cryptographic communication processing unit performs a process of reading a designated cryptographic key and a process of recognizing a detailed rule of a designated cryptographic process, with a storage location specified by the key version number as a designated storage location. The information processing system according to claim 2,
Each storage zone is constituted by one storage location or a plurality of storage locations having consecutive key version numbers, and each storage zone is associated with a unique numerical range of the key version number. Information processing system. The information processing system according to claim 2 or 3,
Each storage location in the key table is provided with a plurality of storages specified by the respective key IDs, and separate encryption keys are stored in all or some of the storages.
The first cryptographic communication processing unit uses the cryptographic keys stored in the plurality of storages in the storage location specified by the key version number included in the cryptographic communication channel opening command to open the cryptographic communication channel. A characteristic information processing system. The information processing system according to any one of claims 1 to 4,
The cryptographic processing detailed rule indicated by the zone table includes the detailed rule that defines the procedure of the mutual authentication processing between the first information processing apparatus and the second information processing apparatus that should be executed before the cryptographic communication path is opened. An information processing system characterized by the above. The information processing system according to claim 5,
The cryptographic processing detailed rule indicated by the zone table includes a detailed rule that determines whether a real random number or a pseudo random number is used as the random number generated by the first information processing device for the mutual authentication process. Information processing system characterized by. The information processing system according to claim 5,
An information processing system, characterized in that the detailed rules for encryption processing indicated by the zone table include detailed rules for defining the number of encryption keys used for mutual authentication processing and encrypted communication processing. The information processing system according to claim 5,
The cryptographic processing detailed rules indicated by the zone table include detailed rules that specify whether mutual authentication processing is performed explicitly using the authentication command or implicitly without using the authentication command. Information processing system characterized by being present. The information processing system according to any one of claims 1 to 4,
The detailed rules for the cryptographic processing indicated by the zone table include a detailed rule that defines a procedure for transmitting a response from the first information processing device to the second information processing device via the opened cryptographic communication path. Information processing system. The information processing system according to claim 9,
An information processing system, characterized in that the detailed rules for encryption processing indicated by the zone table include detailed rules that determine whether or not to encrypt response data. The information processing system according to claim 9,
An information processing system, characterized in that the detailed rules for encryption processing indicated by the zone table include detailed rules for determining whether or not to add a check code to response data. The information processing system according to any one of claims 1 to 4,
The detailed rules for encryption processing indicated by the zone table include detailed rules defining a procedure for transmitting a command from the second information processing apparatus to the first information processing apparatus via the established encryption communication path. Information processing system. The information processing system according to claim 12,
An information processing system characterized in that the detailed rules for encryption processing indicated by the zone table include detailed rules defining matters concerning the addition of a check code to a transmission command. The information processing system according to any one of claims 1 to 13,
The first cryptographic communication processing unit has a function of performing cryptographic communication based on a plurality of N (N≧2) encryption protocols, and is designated from the second information processing device among the N encryption protocols. Established an encrypted communication path for performing encrypted communication based on the specified specified encryption protocol,
The key table stores the encryption key used for each of the plurality N of encryption protocols,
The second cryptographic communication processing unit has a function of performing cryptographic communication based on at least one specific encryption protocol of the plurality of N types of encryption protocols, and performs the cryptographic communication based on the specific encryption protocol. To perform cryptographic communication with the first information processing device through the cryptographic communication channel established for performing
The zone table shows the correspondence between individual storage zones and individual cryptographic processing rules, as well as the correspondence between individual storage zones and individual encryption protocols.
The first cryptographic communication processing unit refers to the zone table, recognizes the designated cryptographic processing rules, and recognizes the encryption protocol associated with the storage zone to which the designated storage location belongs as the designated encryption protocol. Then, based on the specified encryption protocol, a specified encryption key is used to execute a procedure in accordance with detailed rules for specified encryption processing, thereby establishing an encrypted communication path for encrypted communication. system. The information processing system according to any one of claims 1 to 14,
The first information processing device is a device configured by incorporating a management program compliant with GlobalPlatform (registered trademark) specifications into an IC card,
An information processing system characterized by using, as a zone table, a table in which a specific value of a parameter "i" based on the above specifications is associated with each storage zone. First information processing equipment in the information processing system according to any one of claims 1 to 15. The second information processing equipment in the information processing system according to any one of claims 1 to 15. A program that causes a computer as the first information processing equipment in the information processing system according to any one of claims 1 to 15. A program that causes a computer to function as the second information processing device in the information processing system according to claim 1. A cryptographic communication method for performing cryptographic communication between a first information processing device and a second information processing device based on a predetermined encryption protocol,
A program preparation step in which the first information processing apparatus prepares a program for performing encrypted communication based on a predetermined encryption protocol in an executable state;
A key table preparation step in which the first information processing apparatus prepares a key table in each of which a plurality of storage locations stores an encryption key used for the encryption protocol;
The first information processing device sets a plurality of sets of storage zones including one or a plurality of storage locations on the key table, and indicates a correspondence relationship between each storage zone and each cryptographic processing rule. Zone table preparation stage,
An encryption communication path opening instruction stage in which the second information processing apparatus gives to the first information processing apparatus an encryption communication path opening command instructing to open an encryption communication path for performing encrypted communication;
An encryption communication path opening step in which the first information processing apparatus opens an encryption communication path for performing encrypted communication based on the predetermined encryption protocol based on the received encryption communication path opening command;
A cryptographic communication step in which the first information processing apparatus and the second information processing apparatus perform cryptographic communication via an established cryptographic communication path;
Have
The encryption communication path opening command includes storage location designation information indicating a specific storage location in the key table,
In the encryption communication path opening step, the encryption key stored in the specified storage location specified by the storage location specification information included in the encryption communication path opening command is read as a specified encryption key, and the zone table is referred to. Then, the cryptographic processing detailed rule associated with the storage zone to which the specified storage location belongs is recognized as the specified cryptographic processing detailed rule, and the procedure according to the specified cryptographic processing detailed rule is executed using the specified cryptographic key. According to the above, a cryptographic communication method for opening a cryptographic communication path for performing cryptographic communication.

Images