WO2015136897A1 - Information processing device and information processing method - Google Patents

Information processing device and information processing method Download PDF

Info

Publication number
WO2015136897A1
WO2015136897A1 PCT/JP2015/001181 JP2015001181W WO2015136897A1 WO 2015136897 A1 WO2015136897 A1 WO 2015136897A1 JP 2015001181 W JP2015001181 W JP 2015001181W WO 2015136897 A1 WO2015136897 A1 WO 2015136897A1
Authority
WO
WIPO (PCT)
Prior art keywords
unit
input
execution environment
information
pin
Prior art date
Application number
PCT/JP2015/001181
Other languages
French (fr)
Japanese (ja)
Inventor
松本 学
Original Assignee
パナソニックIpマネジメント株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニックIpマネジメント株式会社 filed Critical パナソニックIpマネジメント株式会社
Publication of WO2015136897A1 publication Critical patent/WO2015136897A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to an information processing apparatus and an information processing method used for performing a settlement process in a transaction.
  • a terminal device capable of inputting and displaying such a signature has been realized using a smartphone or a tablet terminal.
  • a large number of smartphones and tablet terminals are distributed as consumer devices, and it is possible to construct a payment terminal device by procuring at low cost. That is, such a payment terminal device can be procured at low cost if it can be configured using information terminals that are widely distributed as consumer devices, such as smartphones and tablet terminals.
  • the development platform for applications (software) used for payment processing and other business can be generalized, it is easy to reuse and divert development assets.
  • an information terminal designed to be used as a consumer device does not have the “tamper resistance” necessary to protect customer information and perform transactions safely.
  • “Tamper resistance” refers to resistance to an attack that attempts to steal information from an information terminal.
  • a portion related to authentication information of a card used for payment processing referred to as “secure portion” in Patent Document 1).
  • a mobile device in which a portion having tamper resistance necessary as a terminal device is separated from a general-purpose portion has been proposed (see, for example, Patent Document 1).
  • Patent Document 1 and Patent Document 2 described above have a problem that the configuration of an input device such as a PINPAD or a touch panel is complicated in order to ensure tamper resistance.
  • the present invention provides an information processing apparatus and an information processing method that minimize tampering of the structure and ensure tamper resistance for ensuring information security. With the goal.
  • the present invention separately provides an authentication information input unit that receives input of authentication information, a secure execution environment having tamper resistance, and a non-secure execution environment including a settlement processing unit that does not have tamper resistance.
  • An encryption unit that is provided in the secure execution environment provided by the environment providing unit and the execution environment providing unit, and that can decrypt the authentication information input to the authentication information input unit in a settlement destination device of the settlement processing unit
  • a first encryption unit that encrypts using a key, wherein the execution environment providing unit uses the first encrypted authentication information generated by the first encryption unit.
  • the present invention is an information processing method in an information processing apparatus including a payment processing unit, and includes a secure execution environment having tamper resistance and a non-secure execution environment including the payment processing unit having no tamper resistance.
  • a step of providing the authentication information; a step of accepting input of authentication information; and encrypting the input authentication information using an encryption key that can be decrypted by a settlement destination device of the settlement processing unit in the secure execution environment And a step of causing the payment processing unit to execute a payment process for the payment destination device using the encrypted authentication information generated by the encryption.
  • FIG. 1A is a front view showing an appearance of the settlement terminal device 1 in the present embodiment.
  • FIG. 1B is a side view showing an appearance of the settlement terminal device shown in FIG. 1A.
  • FIG. 2 is a block diagram specifically illustrating an example of a hardware configuration of the settlement terminal device of the present embodiment.
  • FIG. 3 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device of the present embodiment.
  • FIG. 4 is a sequence diagram for explaining the communication operation between the virtual PIN pad and the PIN input unit via the virtual hypervisor.
  • FIG. 5 is a flowchart for explaining in detail the first operation procedure during the payment process of the payment terminal device of the present embodiment.
  • FIG. 6 is a flowchart for explaining in detail the second operation procedure during the settlement process of the settlement terminal device of the present embodiment.
  • FIG. 7 is a flowchart for explaining in detail the operation procedure of PIN input at the virtual PIN pad in step S4 shown in FIG.
  • FIG. 8A is a diagram showing a touch panel screen on which payment amount information and a message prompting a card reading operation are displayed in the payment terminal device.
  • FIG. 8B is a diagram showing a touch panel screen on which a message prompting for input of a PIN is displayed.
  • FIG. 9A is a diagram showing a box screen showing a state in which a single digit of PIN has been input by the user's input operation of PIN information to the keypad unit.
  • FIG. 8A is a diagram showing a box screen showing a state in which a single digit of PIN has been input by the user's input operation of PIN information to the keypad unit.
  • FIG. 9B is a diagram showing a box screen showing a state in which all four digits of the PIN have been input.
  • FIG. 10 is a front view showing an appearance of a payment terminal device in a modification of the present embodiment.
  • FIG. 11 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of a payment terminal device according to a modification of the present embodiment.
  • the present embodiment an embodiment of an information processing apparatus and an information processing method according to the present invention (hereinafter referred to as “the present embodiment”) will be described with reference to the drawings.
  • a payment terminal apparatus used in the payment process in a transaction of goods or services will be described as an example.
  • the present invention is not limited to the information processing apparatus and the information processing method, and the computer-readable recording medium for causing the information processing apparatus to execute the operation of the information processing method, or the information processing method for the information processing apparatus It may be expressed as a program for executing the above operation.
  • FIG. 1A is a front view showing an appearance of the settlement terminal device 1 of the present embodiment.
  • FIG. 1B is a side view showing an appearance of settlement terminal device 1 shown in FIG. 1A.
  • the settlement terminal device 1 of the present embodiment is portable and has a configuration including an information processing unit 2 that performs various types of information processing including settlement processing in merchandise or service transactions, for example.
  • secure refers to a tamper resistance required against a man-in-the-middle attack on information from a third party (malicious third party, virus such as malware or unauthorized application) as a payment terminal device.
  • Non-secure means that such tamper resistance is not provided.
  • the payment terminal device 1 shown in FIG. 1A includes, for example, a slit 5 serving as a magnetic card slide path on the upper side surface 6 of the information processing unit 2 in order to read card information recorded on a magnetic card.
  • the settlement terminal device 1 includes an insertion port 7 into which the contact IC card is inserted in order to read card information recorded on the contact IC card, for example, on the lower surface 8 of the information processing unit 2.
  • the settlement terminal device 1 includes a loop antenna 38 for reading card information recorded on, for example, a non-contact type IC card inside the settlement terminal device 1.
  • the settlement terminal device 1 includes a touch panel 10 that functions as an example of an input unit and a display unit on the front surface 9 of the information processing unit 2 (see FIG. 1A).
  • FIG. 2 is a block diagram specifically illustrating an example of the hardware configuration of the payment terminal device 1 of the present embodiment.
  • the payment terminal apparatus 1 shown in FIG. 2 includes a CPU 21, a local wireless communication unit 22 to which a local wireless communication antenna 23 is connected, a wide area wireless communication unit 24 to which a wide area wireless communication antenna 25 is connected, a display unit 29, Non-contact type IC card reader / writer to which a touch input detection unit 30, a flash ROM 32, a RAM 33, a keypad unit 34, a magnetic card reader unit 35, a power supply unit 36, a battery 37, and a loop antenna 38 are connected. And a contact type IC card reader unit 44.
  • the settlement terminal device 1 provides a virtual secure execution environment and a virtual non-secure execution environment in the virtual hypervisor SW 5 that can be realized using the CPU 21, for example.
  • the virtualization hypervisor SW5 provides a secure execution environment and a non-secure execution environment, for example, using a virtual machine (VM).
  • VM virtual machine
  • the information processing unit 2 of the payment terminal device 1 includes a CPU (Central Processing Unit) 21 that generally manages the processing of each unit of the payment terminal device 1 shown in FIG. In FIG. 2, each unit of the payment terminal device 1 is connected to the CPU 21.
  • CPU Central Processing Unit
  • the local wireless communication unit 22 is connected to the local wireless communication antenna 23, and performs wireless communication by, for example, a wireless local area network (LAN) via a local wireless communication path (not shown).
  • Local wireless communication is not limited to, for example, a wireless LAN, but may be Bluetooth (registered trademark) or the like.
  • the wide area wireless communication unit 24 is connected to the wide area wireless communication antenna 25 and performs wide area wireless communication via a wide area wireless communication path (WAN: Wide Area Network) not shown.
  • Wide-area wireless communication uses, for example, communication using a mobile phone line such as W-CDMA (Wideband Code Division Multiple Access), UMTS (Universal Mobile Telecommunications System), CDMA (Code Division Multiple Access) 2000, LTE (Long Term Evolution). Can do.
  • W-CDMA Wideband Code Division Multiple Access
  • UMTS Universal Mobile Telecommunications System
  • CDMA Code Division Multiple Access 2000
  • LTE Long Term Evolution
  • the display unit 29 is configured using, for example, an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence), and displays information or data instructed by the CPU 21 on the touch panel 10 shown in FIG. 1A.
  • the touch input detection unit 30 detects a touch input of a user (for example, a clerk of a credit card registration member store or a customer who has purchased a product) on the touch panel 10.
  • Flash ROM (Read Only Memory) 32 stores various data.
  • the stored data may be, for example, business-related data or a program for controlling the operation of the payment terminal device 1 (mainly the information processing unit 2).
  • the program includes various programs related to the operation of the payment terminal device 1 such as an application (software) for payment processing.
  • the flash ROM 32 has a function as a recording medium for recording a program.
  • a RAM (Random Access Memory) 33 is used for temporarily storing processing data generated in the middle of calculation processing associated with the operation of the payment terminal device 1 (mainly the information processing unit 2). Working memory.
  • the keypad unit 34 corresponds to the keypad unit 34 of the PIN (Personal Identification Number) input unit HW1 as an example of the authentication information input unit provided in the hardware HW0 illustrated in FIG. 3, and accepts key input from the user. .
  • PIN Personal Identification Number
  • the magnetic card reader unit 35 is arranged inside the slit 5 shown in FIG. 1B and reads a magnetic stripe as card information printed on the magnetic card.
  • the card information read by the magnetic card reader unit 35 is input to the CPU 21.
  • the non-contact type IC card reader / writer unit 43 is connected to the loop antenna 38 and reads card information recorded on the non-contact type IC card.
  • the card information read by the non-contact type IC card reader / writer unit 43 is input to the CPU 21.
  • the contact-type IC card reader unit 44 is arranged inside the insertion slot 7 shown in FIG. 1B, and stores card information recorded on the contact-type IC card via the electrodes of the contact-type IC card inserted into the insertion slot 7. read.
  • the card information read by the contact type IC card reader unit 44 is input to the CPU 21.
  • the power source unit 36 is mainly a power source of the information processing unit 2 and receives power supplied from the battery 37 to supply power to each unit of the information processing unit 2 including the CPU 21.
  • the CPU 21 can control the power supply unit 36 to supply or stop power supply to some or all of the circuits constituting the information processing unit 2.
  • As a power supply destination of the power supply unit 36 in addition to the CPU 21, the local wireless communication unit 22, the wide area wireless communication unit 24, the display unit 29, the touch input detection unit 30, the non-contact type IC card reader / writer unit 43, and the contact type IC card
  • Each unit includes a reader unit 44, a keypad unit 34, a magnetic card reader unit 35, and the like.
  • the settlement terminal device 1 including the above configuration has the following characteristics.
  • the information processing unit 2 includes a touch panel 10 (see FIGS. 1A and 2) configured by the display unit 29 and the touch input detection unit 30, and an external connection destination device (for example, a settlement center 50).
  • the information processing unit 2 employs a general-purpose OS (for example, refer to the virtualized hypervisor SW5 shown in FIG. 3) as a software platform. Accordingly, since the development platform for the payment application (payment application) and other applications used for business (hereinafter referred to as “business application”) is generalized, it is easy to reuse and divert development assets. In addition, if a consumer device can be used for the configuration of the information processing unit 2, the information processing unit 2 has a calculation processing capability high enough to record and play a video without stress. Can be operated flexibly without stress.
  • FIG. 3 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device 1 of the present embodiment.
  • movement performed in CPU21 of the information processing part 2 of the payment terminal device 1 is shown as a functional block of software.
  • the virtualization hypervisor SW5 the secure screen UI application SW11, the LED display application SW12, the IC card input / output driver SW13, the encryption processing unit SW14, the keypad input / output / execution control unit SW15, A decryption unit SW16 and a keypad driver SW17.
  • reference numerals ST1 to ST7 indicate processing procedures relating to PIN information as an example of authentication information in a secure execution environment.
  • the virtualization hypervisor SW5 provides a secure virtual machine (Secure VM) SW1 that provides a secure execution environment to the hardware HW0 of the payment terminal device 1, and a non-secure virtual machine (Non-) that provides a non-secure execution environment.
  • Secure VM) SW3 is provided separately.
  • the secure virtual machine SW1 includes a secure screen UI application SW11, an LED display application SW12, an IC card input / output driver SW13, an encryption processing unit SW14, a keypad input / output / execution control unit SW15, and an encryption release unit SW16.
  • the guest OS (Operating System) 1SW21 is basic software for controlling the secure virtual machine SW1 for realizing a secure execution environment, and is, for example, Windows (registered trademark) or Linux (registered trademark).
  • the keypad driver SW17 controls the operation of the keypad unit 34, inputs an encrypted PIN from the PIN input unit HW1 through a secure communication path 53 described later, and inputs / outputs the keypad through the decryption unit SW16. / Output to execution control unit SW15.
  • the decryption unit SW16 shares a common key with the encryption unit HW2 of the PIN input unit HW1, and decrypts the encrypted PIN output from the keypad driver SW17.
  • the decryption unit SW16 outputs the PIN information obtained by the decryption to the keypad input / output / execution control unit SW15.
  • encryption / decomposition by a public key cryptosystem may be performed instead of the common key.
  • the keypad input / output / execution control unit SW15 controls management of input / output of PIN information that is authentication information (for example, a personal identification number) and execution of operations related to input / output of the PIN information.
  • the keypad input / output / execution control unit SW15 collates the PIN information with the PIN information registered in the IC card, and outputs the PIN information to the encryption processing unit SW14 when it is determined that the two match as a result of the collation. Then, the PIN information is encrypted by the encryption processing unit SW14.
  • the keypad input / output / execution control unit SW15 instructs the secure screen UI application SW11 to display a message prompting the user to input PIN information.
  • the encryption processing unit SW14 as an example of the first encryption unit has an encryption key that can be decrypted in the settlement center 50, and is output from the keypad input / output / execution control unit SW15 using this encryption key.
  • the encrypted PIN information is encrypted and output to the keypad input / output / execution control unit SW15.
  • the encryption processing may be performed by encryption using a common key method using the same key as the settlement center 50, or the encryption processing unit SW14 and the settlement center 50 have their own private keys and the other party's public key Encryption by a public key cryptosystem possessing
  • the secure screen UI application SW11 displays a display screen on which secure information is input on the touch panel 10 in response to an instruction from the keypad input / output / execution control unit SW15. Specifically, the secure screen UI application SW11 displays a message for prompting the user to input PIN information, displays an asterisk (*) in units of digits to hide the input PIN information, or A message indicating that the payment process has been canceled is displayed.
  • the display driver SW18 controls the operation of the display unit 29 constituting the touch panel 10, and acquires character or image data output from, for example, the keypad input / output / execution control unit SW15 or the secure screen UI application SW11 to display the display unit SW18. 29.
  • the LED display application SW12 generates display data of an LED (Light Emitting Diode) (not shown) and outputs it to the LED driver SW20.
  • LED Light Emitting Diode
  • the LED driver SW20 controls the operation of turning on or off the LED according to the display data output from the LED display application SW12.
  • the IC card reader driver SW19 controls the operation of the contact type IC card reader unit 44 and the non-contact type IC card reader / writer unit 43, and passes the read card information to the IC card input / output driver SW13.
  • This IC card reader driver SW19 may be mounted with an independent individual card reader driver for each of the magnetic card reader unit 35, the non-contact type IC card reader / writer unit 43, and the contact type IC card reader unit 44. .
  • the IC card input / output driver SW13 outputs the card information output from the IC card reader driver SW19 to the keypad input / output / execution control unit SW15.
  • the virtual PIN pad (VM_PINPAD) SW4 shown in FIG. 3 converts the PIN information input from the keypad unit 34 of the PIN input unit HW1 into encrypted PIN information encrypted so that it can be decrypted in the settlement center 50.
  • the virtual PIN pad SW4 is provided in the secure virtual machine SW1, and includes a keypad driver SW17, an encryption release unit SW16, a keypad input / output / execution control unit SW15, an encryption processing unit SW14, and a secure screen UI application SW11. And a part of the display driver SW18.
  • the non-secure virtual machine SW3 includes a terminal UI application SW31, a payment application SW32, a center connection application SW33, a display driver SW34, and a guest OS2_SW35.
  • the guest OS 2SW 35 is basic software for controlling the non-secure virtual machine SW3 for realizing a non-secure execution environment, and is, for example, Windows (registered trademark) or Linux (registered trademark).
  • the terminal UI application SW31 displays a display screen on which non-secure information is input on the touch panel 10 in response to an instruction from the payment application SW32. For example, the terminal UI application SW31 displays various information in the payment process and accepts various input operations while the payment application SW32 is activated.
  • the settlement application SW32 is a general-purpose application that communicates with a settlement center 50 as an example of an external settlement destination apparatus connected by the center connection application SW33. Further, the payment application SW32 acquires encrypted PIN information generated by the virtual PIN pad SW4 of the secure virtual machine SW1 from the virtualized hypervisor SW5, and performs a payment process including the encrypted PIN information with the payment center 50. Between.
  • the display driver SW34 controls the operation of the display unit 29 constituting the touch panel 10, and is output from, for example, the payment screen output from the keypad input / output / execution control unit SW15 or the payment application SW32 or the terminal UI application SW31. Character or image data is acquired and displayed on the display unit 29.
  • the center connection application SW33 transmits the application for the payment process using the data output from the payment application SW32 to the local wireless communication unit 22 or the transmission center 50 or the like, which is a connection destination device determined by the payment application SW32. Instructs the wide area wireless communication unit 24.
  • the virtualization hypervisor SW5 as an example of an execution environment providing unit is a program for emulating the hardware HW0 shown in FIG. 3, and includes a plurality of execution environments in which a plurality of OSs operate independently and in parallel. Provide separately.
  • the encryption unit HW2 of the PIN input unit HW1 and the keypad driver SW17 in the secure VM PIN pad generate a dedicated secure communication path 53 therebetween.
  • the PIN information input to the keypad unit of the PIN input unit HW1 is encrypted by the encryption unit HW2.
  • the encrypted PIN information generated by the encryption unit HW2 is output to the keypad driver SW17 via the communication path 53.
  • the virtualization hypervisor SW5 acquires the encrypted PIN information generated by the encryption processing unit SW14 from the keypad input / output / execution control unit SW15 and passes it to the settlement application SW32 of the non-secure virtual machine SW3.
  • the PIN input unit HW1 includes a keypad unit 34 and an encryption unit HW2 as an example of a second encryption unit that encrypts PIN information input by the keypad unit 34.
  • the encryption key used in the encryption of the encryption unit HW2 is a common key shared with the decryption unit SW16, for example. However, the encryption key is not limited to the common key.
  • FIG. 4 is a sequence diagram illustrating a communication operation between the virtual PIN pad SW4 and the PIN input unit HW1 via the virtualized hypervisor SW5.
  • FIG. 4 first, when, for example, a common key cryptosystem is used between the encryption unit HW2 of the PIN input unit HW1 and the decryption unit SW16 of the virtual PIN pad SW4, the virtual PIN pad SW4 and the PIN input are used.
  • a common key exchange (KEY EXCHANGE) is performed with the unit SW7 (T1).
  • a secure communication path 53 for encrypted communication is formed between the virtual PIN pad SW4 and the PIN input unit SW7 (T2).
  • the encrypted PIN information generated by the PIN input unit HW1 is transmitted and received between the virtual PIN pad SW4 and the PIN input unit SW7 (T3).
  • an operation instruction for confirming or canceling the encrypted PIN information is transmitted / received between the virtual PIN pad SW4 and the PIN input unit SW7 (T4).
  • FIG. 5 is a flowchart for explaining in detail the first operation procedure during the payment process of the payment terminal device 1 of the present embodiment.
  • FIG. 6 is a flowchart for explaining in detail the second operation procedure during the payment process of the payment terminal device 1 of the present embodiment.
  • the settlement terminal device 1 causes the settlement application SW 32 (see FIG. 3) installed in the information processing unit 2 (see FIGS. 1A and 2) to execute, and starts the settlement processing procedure.
  • the terminal UI application SW31 when the terminal UI application SW31 receives the payment amount information and the payment method (S1), the terminal UI application SW31 displays a message for prompting the card reading operation on the screen of the touch panel 10 (see FIG. 8A) (S2). .
  • the IC card input / output driver SW13 slides into the slit 5 of the user's IC card, inserts into the insertion slot 7, or the front of the payment terminal device 1.
  • the system waits until the IC card can be read by any of the operations close to 9 (S3).
  • the virtual PIN pad SW4 accepts input of encrypted PIN information (S4). Details of the procedure for inputting the encrypted PIN information in step S4 will be described later with reference to FIG.
  • step S4 whether the virtual PIN pad SW4 in the secure execution environment provided by the secure virtual machine SW1 (secure VM) has received the input of the encrypted PIN information output from the PIN input unit HW1 It is determined whether or not (S5), and if not completed (S5, NO), the operation of the virtual PIN pad SW4 returns to step S4, and the virtual PIN pad SW4 accepts the input of the encrypted PIN information again.
  • step S4 When the input of the encrypted PIN information output from the PIN input unit HW1 is completed (S5, Yes), the keypad input / output / execution control unit SW15 performs step S4 (particularly, step S15 shown in FIG. 7). Whether the PIN information decrypted in step S3 matches the PIN information registered in the IC card read in step S3 is checked (S6).
  • the PIN information input in step S4 is encrypted with a key that can be decrypted by the IC card (not shown) read in step S3. May be used.
  • the PIN information input by the touch panel 10 in step S4 may be output to the encryption processing unit SW14 and may be encrypted by the encryption processing unit SW14.
  • the encryption of the PIN information may be performed by an encryption processing unit (not shown) provided separately from the encryption processing unit SW14. Then, the PIN information (encrypted PIN information) encrypted by the encryption processing unit SW14 or the encryption processing unit (not shown) may be output to the keypad input / output / execution control unit SW15.
  • the keypad input / output / execution control unit SW15 passes the PIN information or the encrypted PIN information to the IC card via the IC card input / output driver SW13 and the IC card reader driver SW19.
  • the IC card collates the data obtained by decrypting the PIN information or the encrypted PIN information obtained from the keypad input / output / execution control unit SW15 with the PIN information registered in advance in the IC card, and the collation result of those PINs Is output (S6).
  • the keypad input / output / execution control unit SW15 inputs the PIN verification result output from the IC card via the IC card reader driver SW19 and the IC card input / output driver SW13.
  • the keypad input / output / execution control unit SW15 inputs the PIN verification result output from the IC card via the IC card reader driver SW19 and the IC card input / output driver SW13.
  • the keypad input / output / execution control unit SW15 if the collation result that the PIN information input in step S4 matches the PIN information registered in the IC card read in step S3 is obtained from the IC card,
  • the OS 1 (SW21), the virtual hypervisor SW5, and the guest OS2 (SW35) are used to instruct the payment application SW32 of the non-secure virtual machine SW3 to perform subsequent sales processing as payment processing (S7, FIG. 3). (Refer to ST7).
  • step S7 sales processing as subsequent settlement processing is performed (S7).
  • the sales processing data after the sales processing is transmitted to the settlement center 50 via the center connection application SW33.
  • the sales processing of the sales processing data shown in step S7 may be executed every time a customer purchases a product or receives a service, or communication between the payment terminal device 1 and the payment center 50. Is performed at a predetermined timing (for example, once a week), and may be processed together with other sales processing data at that time.
  • the keypad input / output / execution control unit SW15 determines that they do not match as a result of the collation in step S6 (S6, NO)
  • the keypad input / output / execution control unit SW15 performs the settlement process on the touch panel 10 for the secure screen UI application SW11.
  • a message for canceling is displayed (S8).
  • the keypad input / output / execution control unit SW15 does not instruct the payment application SW32 to perform sales processing, and the subsequent payment processing procedure is stopped.
  • the keypad input / output / execution control unit SW15 outputs the PIN information to the encryption processing unit SW14, and the PIN information is transmitted to the encryption processing unit. Let SW14 encrypt.
  • the encryption processing unit SW14 encrypts the PIN information output from the keypad input / output / execution control unit SW15 using an encryption key that can be decrypted in the settlement center 50, and outputs the PIN information to the keypad input / output / execution control unit SW15. (S6A, see ST5 and ST6 in FIG. 3).
  • the keypad input / output / execution control unit SW15 sends encrypted PIN information (encrypted input PIN) to the non-secure virtual machine (non-secure) via the guest OS1 (SW21), the virtualized hypervisor SW5, and the guest OS2 (SW35). And pass to the settlement application SW32 on the non-secure virtual machine SW3 provided by the secure VM).
  • the virtualization hypervisor SW5 acquires the encrypted PIN information generated by the encryption processing unit SW14 from the keypad input / output / execution control unit SW15 and passes it to the settlement application SW32 of the non-secure virtual machine SW3 (S7A, FIG. 3). ST7).
  • the payment application SW32 communicates with the payment center 50 via the center connection application SW33, transmits the encrypted PIN information generated in step S6A, and the card read in step S4. Make credit inquiry using card information.
  • the settlement center 50 decrypts the PIN information received from the settlement application SW32 of the settlement terminal device 1, and collates the PIN information managed in the settlement center 50 with the decrypted PIN (S8A). When these two PIN information matches and it is confirmed that there is no problem in dealing with the card to be verified (eg, not on the black list) (S8A, YES), the settlement center 50 is the center of the settlement terminal device 1. Credit is performed to the payment application SW32 via the connection application SW33.
  • the settlement application SW32 of the settlement terminal device 1 receives the credit of the settlement center 50 in step S11A, performs sales processing as subsequent settlement processing (S9A), and ends the communication with the settlement center 50.
  • the sales processing of the sales processing data shown in step S9A may be executed whenever a customer purchases a product or receives a service, or communication between the payment terminal device 1 and the payment center 50 is performed. It may be performed at a predetermined timing (for example, once a week), and may be processed together with other sales processing data at that time.
  • step S8A if the keypad input / output / execution control unit SW15 determines that they do not match as a result of the collation in step S8A (S8A, NO), the keypad input / output / execution control unit SW15 A message for canceling is displayed (S10).
  • the keypad input / output / execution control unit SW15 does not instruct the payment application SW32 to perform sales processing, and the subsequent payment processing procedure is stopped.
  • FIG. 7 is a flowchart for explaining in detail the operation procedure of PIN input in the virtual PIN pad SW4 in step S4 shown in FIG.
  • the virtualization hypervisor SW5 establishes a secure communication path 53 between the virtual PIN pad SW4 and the PIN input unit SW7. That is, a secure communication path 53 for encrypted communication is formed between the virtual PIN pad SW4 and the PIN input unit SW7 (S12, see T2 in FIG. 4).
  • the secure screen UI application SW11 displays a message for prompting the user to input a PIN on the touch panel 10 (see S13, ST1, ST2, and FIG. 8B in FIG. 3).
  • the user confirms the message displayed on the touch panel 10 and inputs a PIN as personal authentication information (for example, a personal identification number) to the keypad unit 34 of the PIN input unit HW1.
  • personal authentication information for example, a personal identification number
  • the encryption unit HW2 encrypts the obtained PIN information and outputs it to the virtualization hypervisor SW5 in response to the user's input to the keypad unit 34.
  • the virtual hypervisor SW5 outputs the encrypted PIN information to the keypad driver SW17 via the communication path 53.
  • the keypad driver SW17 outputs the encrypted PIN information to the decryption unit SW16.
  • the decryption unit SW16 receives the encrypted PIN output from the keypad driver SW17 (see S14, ST3 in FIG. 3, FIG. 9A, and FIG. 9B).
  • the decryption unit SW16 decrypts the input encrypted PIN using the common key exchanged in step S11, thereby decrypting the PIN information (S15, see ST4 in FIG. 3). Thereafter, the process returns to the process of the flowchart shown in FIG. 5 and proceeds to step S5 in FIG.
  • FIG. 8A is a diagram showing a screen of the touch panel 10 on which payment amount information (see step S1 shown in FIG. 5) and a message for prompting a card reading operation (see step S2 shown in FIG. 5) are displayed in the payment terminal device 1. is there. Specifically, in FIG. 8A, the touch panel 10 of the payment terminal device 1 displays characters “Total purchase amount ⁇ 128,000 (tax included)” and “Please read the card” on the screen. Yes.
  • FIG. 8B is a diagram showing a screen of the touch panel 10 on which a message for prompting the input of the PIN (see step S13 shown in FIG. 7) is displayed. Specifically, a box 61 in which a PIN is entered, characters “Please enter your PIN”, and an arrow 63 pointing to the keypad 34 are displayed on the screen.
  • FIG. 9A is a diagram showing a screen of the box 61 showing a state where the PIN is input by one digit by the user's input operation of the PIN information to the keypad unit 34 (see steps S13 and S14 shown in FIG. 7). The entered number is displayed with an asterisk “*”.
  • FIG. 9B is a diagram showing a screen of a box 61 showing a state where all four digits of PIN have been input.
  • the PIN in this embodiment is 4 digits, but it may be a larger number of digits (for example, 12 digits).
  • the settlement terminal device 1 encrypts the authentication information (for example, PIN as a personal identification number) input by the PIN input unit HW1 by using the encryption key that can be decrypted by the settlement center 50.
  • the encrypted PIN information generated by the conversion is passed in the order of the secure virtual machine SW1, the virtual hypervisor SW5, and the non-secure virtual machine SW3, and the payment application SW32 executes the payment process with the payment center 50.
  • the settlement terminal device 1 does not require the PIN input unit HW1 (for example, the keypad unit 34) configured using, for example, hardware resources to have a special specification as in Patent Document 2, so that the virtualization hypervisor SW5 can be used. Since the PIN input in the secure execution environment provided by the method is encrypted using the encryption key that can be decrypted in the settlement center 50, the security of the PIN information input by the user can be ensured accurately. In other words, the settlement terminal device 1 can suppress the complexity of the structure to the minimum, and can ensure tamper resistance for ensuring information security.
  • the payment terminal device 1 is installed with a plurality of applications (for example, payment applications and user applications) that can be executed in the non-secure execution environment of the acquirer, payment center, and registered member store with which the credit card registered member store has a contract. Even if it is, the integrity of the security of the input PIN information can be ensured and tamper resistance can be ensured.
  • applications for example, payment applications and user applications
  • the virtualization hypervisor SW5 uses the hardware resource circuit of the payment terminal device 1 itself. The scale can be reduced.
  • the settlement terminal device 1 encrypts the PIN information input by the PIN input unit HW1 in the encryption unit HW2, and the encrypted PIN information is provided in a secure execution environment via the secure communication path 53. Since the data is transferred to the PIN pad SW4, the security of the PIN information input by the PIN input unit HW1 can be ensured.
  • the payment terminal device 1 displays a message for prompting the user to input the PIN, the convenience regarding the input of the PIN information to the user can be improved.
  • FIG. 10 is a front view showing an appearance of a payment terminal device in a modified example of the present embodiment (hereinafter referred to as “this modified example”).
  • the settlement terminal device 1A of the present modification has a tablet terminal type appearance. Since most of the hardware configuration and software configuration of the settlement terminal device 1A are common to the settlement terminal device 1 of the present embodiment described above, different portions will be described.
  • the keypad unit 34 used for inputting the PIN information is provided.
  • an input is performed below the screen of the large touch panel 10A.
  • a keypad portion 34A displayed as an operable software keyboard is displayed. Note that various input keys 91 and an insertion slot 93 into which a contact type IC card is inserted are arranged below the touch panel 10A.
  • the operation procedure at the time of payment processing of the payment terminal device 1A is substantially the same as that of the payment terminal device 1 of the present embodiment described above. That is, as in FIG. 3, the keypad input / output / execution control unit SW15 in the secure virtual machine SW1 of the settlement terminal device 1A encrypts the PIN (authentication information) input to the touch panel 10A within the same execution environment.
  • the processing unit SW14 (first encryption unit) encrypts the data.
  • the PIN encryption is performed using an encryption key that can be decrypted by the settlement center 50 (the settlement destination device of the settlement application SW32 (payment processing unit) in the non-secure virtual machine SW3).
  • the payment application SW32 (payment processing unit) in the non-secure virtual machine SW3 executes a payment process for the payment center 50 using the encrypted PIN (first encrypted authentication information).
  • FIG. 11 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device 1A according to a modification of the present embodiment.
  • FIG. 11 shows an example of mounting the display drivers SW18 and SW34 in the settlement terminal device 1A of the modification of the present embodiment, and specifically, only the difference with respect to FIG. 3 is shown.
  • the display unit 29 of the touch panel 10A (see FIG. 10) is connected to the display driver SW18 in the secure virtual machine SW1.
  • the display driver SW18 in the secure virtual machine SW1 and the display driver SW34 in the non-secure virtual machine SW3 are connected in a state in which tamper resistance is physically ensured.
  • Display on the display unit 29 by the display driver SW34 in the non-secure virtual machine SW3 is performed under the control of the display driver SW18 in the secure virtual machine SW1.
  • the box 61 indicating the progress of PIN input, the arrow 63, and the keypad 34A used for PIN input are displayed by the display driver SW18 in the secure virtual machine SW1.
  • the display by display driver SW34 in non-secure virtual machine SW3 is interrupted
  • the keypad portion which is hardware can be omitted, and the hardware circuit scale can be simplified.
  • the settlement terminal device 1A can further simplify the user's input operation to the keypad unit 34A indicated by the arrow 63 because the keypad unit 34 and the touch panel 10A exist on the same screen.
  • the secure execution environment and the non-secure execution environment are realized by the same CPU, but may be realized by separate CPUs.
  • the same operation can be performed by using a configuration in which the host OS and the virtualized application are combined instead of using the virtualized hypervisor.
  • the present invention can be applied to devices that require various secure inputs, such as bank ATM devices, in addition to payment terminal devices.
  • the present invention is useful, for example, as an information terminal device and an information processing method that are used in, for example, a settlement process, suppress the complexity of the structure to a minimum, and ensure tamper resistance for ensuring information security.

Abstract

This information processing device is provided with: an authentication information input unit which accepts an input of authentication information; an execution environment provision unit which provides a secure execution environment that has a tamper-resistant property and a non-secure execution environment that does not have the tamper-resistant property and includes a settlement processing unit, separately; and a first encryption unit which is provided in the secure execution environment provided by the execution environment provision unit and encrypts the authentication information inputted to the authentication information input unit using an encryption key that can be decrypted in a settlement destination device of the settlement processing unit, the execution environment provision unit causing the settlement processing unit to execute settlement processing for the settlement destination device using first encrypted authentication information generated by the first encryption unit.

Description

情報処理装置及び情報処理方法Information processing apparatus and information processing method
 本発明は、取引における決済処理を行うために使用される情報処理装置及び情報処理方法に関する。 The present invention relates to an information processing apparatus and an information processing method used for performing a settlement process in a transaction.
 例えば、クレジットカードを使用した物品又は役務の(信用)取引においては、取引を行う人物と取引に使用されるクレジットカードの所有者とが同一人物であるかどうかを確認(本人確認)することにより、取引の安全性(セキュリティ)が確保されている。この本人確認は、取引の決済処理時に取引内容の印字された取引伝票に顧客がサインし、このサインとクレジットカードに記載されているサインとを店員が目視により対比することにより行われている。 For example, in the (credit) transaction of goods or services using a credit card, by confirming (identity verification) whether the person performing the transaction and the owner of the credit card used for the transaction are the same person , Transaction safety (security) is ensured. This identity verification is performed by a customer signing a transaction slip on which transaction details are printed at the time of transaction settlement processing, and a store clerk visually comparing the signature and the signature written on the credit card.
 近年、このような署名の入力及び表示が可能な端末装置は、スマートフォンやタブレット端末を用いて実現されている。スマートフォンやタブレット端末は民生用機器として多数流通しており、安価に調達して決済端末装置を構築することが可能となる。即ち、このような決済端末装置は、スマートフォンやタブレット端末等のように民生用機器として多数流通している情報端末を用いて構成できれば、決済端末装置自体を安価に調達可能である。また、決済処理その他の業務に用いられるアプリケーション(ソフトウェア)の開発プラットフォームの汎用化が可能となるので、開発資産の再利用や流用が容易となる。 In recent years, a terminal device capable of inputting and displaying such a signature has been realized using a smartphone or a tablet terminal. A large number of smartphones and tablet terminals are distributed as consumer devices, and it is possible to construct a payment terminal device by procuring at low cost. That is, such a payment terminal device can be procured at low cost if it can be configured using information terminals that are widely distributed as consumer devices, such as smartphones and tablet terminals. In addition, since the development platform for applications (software) used for payment processing and other business can be generalized, it is easy to reuse and divert development assets.
 しかしながら、民生用機器として使用されることを想定して設計された情報端末には、顧客の情報を保護して取引を安全に行うために必要な「耐タンパ性」が備わっていない。「耐タンパ性」とは、情報端末から情報を盗み出そうとする攻撃に対する耐性である。情報端末から情報を盗み出そうとする攻撃の対策として耐タンパ性を確保するため、決済処理に用いられるカードの認証情報に関わる部分(特許文献1では「セキュア部」と称されている。決済端末装置として必要な耐タンパ性を備える部分。)が汎用部分から分離された移動体装置が提案されている(例えば特許文献1参照)。 However, an information terminal designed to be used as a consumer device does not have the “tamper resistance” necessary to protect customer information and perform transactions safely. “Tamper resistance” refers to resistance to an attack that attempts to steal information from an information terminal. In order to ensure tamper resistance as a countermeasure against an attempt to steal information from an information terminal, a portion related to authentication information of a card used for payment processing (referred to as “secure portion” in Patent Document 1). A mobile device in which a portion having tamper resistance necessary as a terminal device is separated from a general-purpose portion has been proposed (see, for example, Patent Document 1).
 また、汎用な情報端末であっても、例えば暗証番号等のPIN(Personal Identification Number)を入力する際の情報セキュリティを確保することは必要であり、この種の耐タンパ性を確保するために、決済処理においてユーザにより入力されるPINを暗号化するPINPADを含むバンキングシステム(Banking System)が知られている(例えば特許文献2参照)。 Further, even in a general-purpose information terminal, for example, it is necessary to ensure information security when inputting a PIN (Personal Identification Number) such as a personal identification number. In order to ensure this type of tamper resistance, A banking system including a PINPAD that encrypts a PIN input by a user in a settlement process is known (see, for example, Patent Document 2).
米国特許出願公開第2010/0145854号明細書US Patent Application Publication No. 2010/0145854 米国特許第8376219号明細書US Pat. No. 8,376,219
 しかしながら、上述した特許文献1及び特許文献2を含む従来の情報処理装置では、耐タンパ性を確保しようとすると、PINPADやタッチパネル等の入力装置の構成が複雑であるという課題があった。 However, the conventional information processing apparatuses including Patent Document 1 and Patent Document 2 described above have a problem that the configuration of an input device such as a PINPAD or a touch panel is complicated in order to ensure tamper resistance.
 本発明は、上述した従来の問題を解決するために、構造の複雑化を最小限に抑制し、情報セキュリティを担保するための耐タンパ性を確保する情報処理装置及び情報処理方法を提供することを目的とする。 In order to solve the conventional problems described above, the present invention provides an information processing apparatus and an information processing method that minimize tampering of the structure and ensure tamper resistance for ensuring information security. With the goal.
 本発明は、認証情報の入力を受け付ける認証情報入力部と、耐タンパ性を有するセキュアな実行環境と、耐タンパ性を有しない決済処理部を含む非セキュアな実行環境とを別個に提供する実行環境提供部と、前記実行環境提供部により提供された前記セキュアな実行環境に設けられ、前記認証情報入力部に入力された前記認証情報を、前記決済処理部の決済先装置において復号可能な暗号鍵を用いて暗号化する第1の暗号化部と、を備え、前記実行環境提供部は、前記第1の暗号化部により生成された第1の暗号化認証情報を用いた前記決済先装置に対する決済処理を前記決済処理部に実行させる、情報処理装置である。 The present invention separately provides an authentication information input unit that receives input of authentication information, a secure execution environment having tamper resistance, and a non-secure execution environment including a settlement processing unit that does not have tamper resistance. An encryption unit that is provided in the secure execution environment provided by the environment providing unit and the execution environment providing unit, and that can decrypt the authentication information input to the authentication information input unit in a settlement destination device of the settlement processing unit A first encryption unit that encrypts using a key, wherein the execution environment providing unit uses the first encrypted authentication information generated by the first encryption unit. Is an information processing apparatus that causes the payment processing unit to execute a payment process for.
 本発明は、決済処理部を含む情報処理装置における情報処理方法であって、耐タンパ性を有するセキュアな実行環境と、耐タンパ性を有しない前記決済処理部を含む非セキュアな実行環境とを別個に提供するステップと、認証情報の入力を受け付けるステップと、前記セキュアな実行環境において、入力された前記認証情報を、前記決済処理部の決済先装置において復号可能な暗号鍵を用いて暗号化するステップと、前記暗号化により生成された暗号化認証情報を用いた前記決済先装置に対する決済処理を前記決済処理部に実行させるステップと、を有する、情報処理方法である。 The present invention is an information processing method in an information processing apparatus including a payment processing unit, and includes a secure execution environment having tamper resistance and a non-secure execution environment including the payment processing unit having no tamper resistance. A step of providing the authentication information; a step of accepting input of authentication information; and encrypting the input authentication information using an encryption key that can be decrypted by a settlement destination device of the settlement processing unit in the secure execution environment And a step of causing the payment processing unit to execute a payment process for the payment destination device using the encrypted authentication information generated by the encryption.
 本発明によれば、構造の複雑化を最小限に抑制し、情報セキュリティを担保するための耐タンパ性を確保することができる。 According to the present invention, it is possible to minimize tampering of the structure and to secure tamper resistance for ensuring information security.
図1Aは、本実施形態における決済端末装置1の外観を示す正面図である。FIG. 1A is a front view showing an appearance of the settlement terminal device 1 in the present embodiment. 図1Bは、図1Aに示す決済端末装置の外観を示す側面図である。FIG. 1B is a side view showing an appearance of the settlement terminal device shown in FIG. 1A. 図2は、本実施形態の決済端末装置のハードウェア構成の一例を具体的に示すブロック図である。FIG. 2 is a block diagram specifically illustrating an example of a hardware configuration of the settlement terminal device of the present embodiment. 図3は、本実施形態の決済端末装置のソフトウェア機能を主としたシステム構成の一例を具体的に示すブロック図である。FIG. 3 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device of the present embodiment. 図4は、仮想化ハイパーバイザを介した仮想PINパッドとPIN入力部との間の通信動作を説明するシーケンス図である。FIG. 4 is a sequence diagram for explaining the communication operation between the virtual PIN pad and the PIN input unit via the virtual hypervisor. 図5は、本実施形態の決済端末装置の決済処理時における第一の動作手順を詳細に説明するフローチャートである。FIG. 5 is a flowchart for explaining in detail the first operation procedure during the payment process of the payment terminal device of the present embodiment. 図6は、本実施形態の決済端末装置の決済処理時における第二の動作手順を詳細に説明するフローチャートである。FIG. 6 is a flowchart for explaining in detail the second operation procedure during the settlement process of the settlement terminal device of the present embodiment. 図7は、図5に示すステップS4の仮想PINパッドにおけるPIN入力の動作手順を詳細に説明するフローチャートである。FIG. 7 is a flowchart for explaining in detail the operation procedure of PIN input at the virtual PIN pad in step S4 shown in FIG. 図8Aは、決済端末装置における決済金額情報及びカードの読取り操作を促すメッセージが表示されたタッチパネルの画面を示す図である。FIG. 8A is a diagram showing a touch panel screen on which payment amount information and a message prompting a card reading operation are displayed in the payment terminal device. 図8Bは、PINの入力を促すメッセージが表示されたタッチパネルの画面を示す図である。FIG. 8B is a diagram showing a touch panel screen on which a message prompting for input of a PIN is displayed. 図9Aは、キーパッド部に対するユーザのPIN情報の入力操作によりPINが1桁入力された状態を示すボックスの画面を示す図である。FIG. 9A is a diagram showing a box screen showing a state in which a single digit of PIN has been input by the user's input operation of PIN information to the keypad unit. 図9Bは、PINが4桁全て入力された状態を示すボックスの画面を示す図である。FIG. 9B is a diagram showing a box screen showing a state in which all four digits of the PIN have been input. 図10は、本実施形態の変形例における決済端末装置の外観を示す正面図である。FIG. 10 is a front view showing an appearance of a payment terminal device in a modification of the present embodiment. 図11は、本実施形態の変形例における決済端末装置のソフトウェア機能を主としたシステム構成の一例を具体的に示すブロック図である。FIG. 11 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of a payment terminal device according to a modification of the present embodiment.
 以下、本発明に係る情報処理装置及び情報処理方法の実施形態(以下、「本実施形態」という)について、図面を参照して説明する。以下の本実施形態では、本発明に係る情報処理装置の一例として、商品又は役務の取引における決済処理の際に用いられる決済端末装置を例示して説明する。なお、本発明は、情報処理装置及び情報処理方法に限らず、情報処理装置に対して情報処理方法の動作を実行させるためのコンピュータ読み取り可能な記録媒体や、情報処理装置に対して情報処理方法の動作を実行させるためのプログラムとして表現しても良い。 Hereinafter, an embodiment of an information processing apparatus and an information processing method according to the present invention (hereinafter referred to as “the present embodiment”) will be described with reference to the drawings. In the following embodiment, as an example of the information processing apparatus according to the present invention, a payment terminal apparatus used in the payment process in a transaction of goods or services will be described as an example. The present invention is not limited to the information processing apparatus and the information processing method, and the computer-readable recording medium for causing the information processing apparatus to execute the operation of the information processing method, or the information processing method for the information processing apparatus It may be expressed as a program for executing the above operation.
 図1Aは、本実施形態の決済端末装置1の外観を示す正面図である。図1Bは、図1Aに示す決済端末装置1の外観を示す側面図である。本実施形態の決済端末装置1は、可搬型であり、例えば商品又は役務の取引における決済処理を含む各種情報処理を行う情報処理部2を備える構成である。 FIG. 1A is a front view showing an appearance of the settlement terminal device 1 of the present embodiment. FIG. 1B is a side view showing an appearance of settlement terminal device 1 shown in FIG. 1A. The settlement terminal device 1 of the present embodiment is portable and has a configuration including an information processing unit 2 that performs various types of information processing including settlement processing in merchandise or service transactions, for example.
 以下の説明において、「セキュア」とは、決済端末装置として、第三者(悪意のある第三者や、マルウェア等のウイルス若しくは不正アプリケーション)からの情報に対する中間者攻撃に対して必要な耐タンパ性を備えることを意味し、「非セキュア」とは、そのような耐タンパ性を備えていないことを意味する。 In the following description, “secure” refers to a tamper resistance required against a man-in-the-middle attack on information from a third party (malicious third party, virus such as malware or unauthorized application) as a payment terminal device. “Non-secure” means that such tamper resistance is not provided.
 図1Aに示す決済端末装置1は、例えば磁気カードに記録されたカード情報を読み取るために磁気カードのスライド用のパスとなるスリット5を、情報処理部2の上側面6に備える。決済端末装置1は、例えば接触型ICカードに記録されたカード情報を読み取るために接触型ICカードが挿入される挿入口7を、情報処理部2の下側面8に備える。決済端末装置1は、例えば非接触型ICカードに記録されたカード情報を読み取るためのループアンテナ38を決済端末装置1の内部に備える。 The payment terminal device 1 shown in FIG. 1A includes, for example, a slit 5 serving as a magnetic card slide path on the upper side surface 6 of the information processing unit 2 in order to read card information recorded on a magnetic card. The settlement terminal device 1 includes an insertion port 7 into which the contact IC card is inserted in order to read card information recorded on the contact IC card, for example, on the lower surface 8 of the information processing unit 2. The settlement terminal device 1 includes a loop antenna 38 for reading card information recorded on, for example, a non-contact type IC card inside the settlement terminal device 1.
 また、決済端末装置1は、入力部及び表示部の一例として機能するタッチパネル10を、情報処理部2の前面9に備える(図1A参照)。 Further, the settlement terminal device 1 includes a touch panel 10 that functions as an example of an input unit and a display unit on the front surface 9 of the information processing unit 2 (see FIG. 1A).
 (決済端末装置のハードウェア構成)
 図2は、本実施形態の決済端末装置1のハードウェア構成の一例を具体的に示すブロック図である。図2に示す決済端末装置1は、CPU21と、局所無線通信アンテナ23が接続された局所無線通信部22と、広域無線通信アンテナ25が接続された広域無線通信部24と、表示部29と、タッチ入力検出部30と、フラッシュROM32と、RAM33と、キーパッド部34と、磁気カードリーダ部35と、電源部36と、バッテリ37と、ループアンテナ38が接続された非接触型ICカードリーダライタ部43と、接触型ICカードリーダ部44とを含む構成である。 (Hardware configuration of payment terminal device)
FIG. 2 is a block diagram specifically illustrating an example of the hardware configuration of the payment terminal device 1 of the present embodiment. The payment terminal apparatus 1 shown in FIG. 2 includes a CPU 21, a local wireless communication unit 22 to which a local wireless communication antenna 23 is connected, a wide area wireless communication unit 24 to which a wide area wireless communication antenna 25 is connected, a display unit 29, Non-contact type IC card reader / writer to which a touch input detection unit 30, a flash ROM 32, a RAM 33, a keypad unit 34, a magnetic card reader unit 35, a power supply unit 36, a battery 37, and a loop antenna 38 are connected. And a contact type IC card reader unit 44.
 また、決済端末装置1は、図3に示すように、例えばCPU21を用いて実現可能な仮想化ハイパーバイザSW5において、仮想的にセキュアな実行環境と仮想的に非セキュアな実行環境とを提供する。仮想化ハイパーバイザSW5は、セキュアな実行環境と非セキュアな実行環境とを、例えば仮想マシン(VM:Virtual Machine)にて提供する。 Further, as shown in FIG. 3, the settlement terminal device 1 provides a virtual secure execution environment and a virtual non-secure execution environment in the virtual hypervisor SW 5 that can be realized using the CPU 21, for example. . The virtualization hypervisor SW5 provides a secure execution environment and a non-secure execution environment, for example, using a virtual machine (VM).
 決済端末装置1の情報処理部2は、図2に示す決済端末装置1の各部の処理を全体的に司るCPU(Central Processing Unit)21を備える。図2では、決済端末装置1の各部がCPU21に接続されている。 The information processing unit 2 of the payment terminal device 1 includes a CPU (Central Processing Unit) 21 that generally manages the processing of each unit of the payment terminal device 1 shown in FIG. In FIG. 2, each unit of the payment terminal device 1 is connected to the CPU 21.
 局所無線通信部22は、局所無線通信アンテナ23と接続されており、不図示の局所無線通信路を介して、例えば無線LAN(Local Area Network)による無線通信を行う。局所無線通信は、例えば無線LANに限定されず、Bluetooth(登録商標)その他でも良い。 The local wireless communication unit 22 is connected to the local wireless communication antenna 23, and performs wireless communication by, for example, a wireless local area network (LAN) via a local wireless communication path (not shown). Local wireless communication is not limited to, for example, a wireless LAN, but may be Bluetooth (registered trademark) or the like.
 広域無線通信部24は、広域無線通信アンテナ25と接続されており、不図示の広域無線通信路(WAN:Wide Area Network)を介して、広域無線通信を行う。広域無線通信は、例えばW-CDMA(Wideband Code Division Multiple Access)、UMTS(Universal Mobile Telecommunications System)、CDMA(Code Division Multiple Access)2000、LTE(Long Term Evolution)等の携帯電話回線による通信を用いることができる。 The wide area wireless communication unit 24 is connected to the wide area wireless communication antenna 25 and performs wide area wireless communication via a wide area wireless communication path (WAN: Wide Area Network) not shown. Wide-area wireless communication uses, for example, communication using a mobile phone line such as W-CDMA (Wideband Code Division Multiple Access), UMTS (Universal Mobile Telecommunications System), CDMA (Code Division Multiple Access) 2000, LTE (Long Term Evolution). Can do.
 表示部29は、例えばLCD(Liquid Crystal Display)又は有機EL(Electroluminescence)を用いて構成され、CPU21が表示を指示した情報又はデータを図1Aに示すタッチパネル10に対して表示する。タッチ入力検出部30は、タッチパネル10に対するユーザ(例えばクレジットカードの登録加盟店の店員、商品を購入した顧客)のタッチ入力を検出する。 The display unit 29 is configured using, for example, an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence), and displays information or data instructed by the CPU 21 on the touch panel 10 shown in FIG. 1A. The touch input detection unit 30 detects a touch input of a user (for example, a clerk of a credit card registration member store or a customer who has purchased a product) on the touch panel 10.
 フラッシュROM(Read Only Memory)32は、各種のデータを記憶する。記憶されるデータは、例えば業務に関わるデータでも良いし、決済端末装置1(主に情報処理部2)の動作を制御するためのプログラムでも良い。また、プログラムには、決済処理用のアプリケーション(ソフトウェア)等、決済端末装置1の動作に係る各種プログラムが含まれる。このため、フラッシュROM32は、プログラムを記録する記録媒体としての機能を有する。 Flash ROM (Read Only Memory) 32 stores various data. The stored data may be, for example, business-related data or a program for controlling the operation of the payment terminal device 1 (mainly the information processing unit 2). Further, the program includes various programs related to the operation of the payment terminal device 1 such as an application (software) for payment processing. For this reason, the flash ROM 32 has a function as a recording medium for recording a program.
 RAM(Random Access Memory)33は、決済端末装置1(主に情報処理部2)の動作に伴う演算処理等の際に、その途中において発生する処理データを一時的に記憶する等のために用いられるワークメモリである。 A RAM (Random Access Memory) 33 is used for temporarily storing processing data generated in the middle of calculation processing associated with the operation of the payment terminal device 1 (mainly the information processing unit 2). Working memory.
 キーパッド部34は、図3に示すハードウェアHW0に設けられた認証情報入力部の一例としてのPIN(Personal Identification Number)入力部HW1のキーパッド部34に対応し、ユーザからのキー入力を受け付ける。 The keypad unit 34 corresponds to the keypad unit 34 of the PIN (Personal Identification Number) input unit HW1 as an example of the authentication information input unit provided in the hardware HW0 illustrated in FIG. 3, and accepts key input from the user. .
 磁気カードリーダ部35は、図1Bに示すスリット5の内部に配置され、磁気カードに印字されたカード情報としての磁気ストライプを読み取る。磁気カードリーダ部35により読み取られたカード情報はCPU21に入力される。 The magnetic card reader unit 35 is arranged inside the slit 5 shown in FIG. 1B and reads a magnetic stripe as card information printed on the magnetic card. The card information read by the magnetic card reader unit 35 is input to the CPU 21.
 非接触型ICカードリーダライタ部43は、ループアンテナ38と接続されており、非接触型ICカードに記録されたカード情報を読み取る。非接触型ICカードリーダライタ部43により読み取られたカード情報はCPU21に入力される。 The non-contact type IC card reader / writer unit 43 is connected to the loop antenna 38 and reads card information recorded on the non-contact type IC card. The card information read by the non-contact type IC card reader / writer unit 43 is input to the CPU 21.
 接触型ICカードリーダ部44は、図1Bに示す挿入口7の内部に配置され、挿入口7に挿入された接触型ICカードの電極を介して、接触型ICカードに記録されたカード情報を読み取る。接触型ICカードリーダ部44により読み取られたカード情報はCPU21に入力される。 The contact-type IC card reader unit 44 is arranged inside the insertion slot 7 shown in FIG. 1B, and stores card information recorded on the contact-type IC card via the electrodes of the contact-type IC card inserted into the insertion slot 7. read. The card information read by the contact type IC card reader unit 44 is input to the CPU 21.
 電源部36は、主に情報処理部2の電源であり、バッテリ37に蓄積された電力の供給を受けて、CPU21を含む情報処理部2の各部へ電源を供給する。CPU21は、電源部36を制御することで、情報処理部2を構成する一部又は全体の回路に対して電源供給を行ったり停止したりすることが可能である。電源部36の電源供給先としては、CPU21以外に、局所無線通信部22、広域無線通信部24、表示部29、タッチ入力検出部30、非接触型ICカードリーダライタ部43、接触型ICカードリーダ部44、キーパッド部34、磁気カードリーダ部35等の各部である。 The power source unit 36 is mainly a power source of the information processing unit 2 and receives power supplied from the battery 37 to supply power to each unit of the information processing unit 2 including the CPU 21. The CPU 21 can control the power supply unit 36 to supply or stop power supply to some or all of the circuits constituting the information processing unit 2. As a power supply destination of the power supply unit 36, in addition to the CPU 21, the local wireless communication unit 22, the wide area wireless communication unit 24, the display unit 29, the touch input detection unit 30, the non-contact type IC card reader / writer unit 43, and the contact type IC card Each unit includes a reader unit 44, a keypad unit 34, a magnetic card reader unit 35, and the like.
 以上の構成を含む決済端末装置1は、以下のような特徴を有する。 The settlement terminal device 1 including the above configuration has the following characteristics.
 本実施形態では、情報処理部2は、表示部29とタッチ入力検出部30とにより構成されるタッチパネル10(図1A及び図2参照)と、外部の接続先機器(例えば決済センタ50)との通信が可能な局所無線通信部22或いは広域無線通信部24とを含む。 In the present embodiment, the information processing unit 2 includes a touch panel 10 (see FIGS. 1A and 2) configured by the display unit 29 and the touch input detection unit 30, and an external connection destination device (for example, a settlement center 50). A local wireless communication unit 22 or a wide area wireless communication unit 24 capable of communication.
 近年、カードを用いた取引の決済として従来から使用されてきた磁気カードに、接触型ICカード、非接触型ICカード、電子マネーが加わり、カードを用いた取引の決済のスキームは多様化している。新たな決済のスキームの追加に伴って、決済端末装置1の開発費や価格は上昇する一方である。ここで、情報処理部2がスマートフォンやタブレット端末等の多数流通している民生用機器であれば、決済端末装置1自体の価格を安価にすることが可能となるので、決済端末装置1としての開発費の上昇は、最小限に抑えられる。 In recent years, contact-type IC cards, non-contact-type IC cards, and electronic money have been added to magnetic cards that have been used for payment of transactions using cards, and the payment schemes for transactions using cards have been diversified. . With the addition of a new payment scheme, the development cost and price of the payment terminal device 1 are increasing. Here, if the information processing unit 2 is a consumer device such as a smartphone or a tablet terminal, the price of the payment terminal device 1 itself can be reduced. Rise in development costs is minimized.
 この場合、情報処理部2には、汎用OS(例えば図3に示す仮想化ハイパーバイザSW5参照)がソフトウェアプラットフォームとして採用されている。従って、決済用のアプリケーション(決済アプリケーション)及びその他の業務に用いられるアプリケーション(以下、「業務アプリケーション」という)の開発プラットフォームが汎用化されるので、開発資産の再利用や流用は容易となる。また、情報処理部2の構成に民生用機器を用いることができれば、情報処理部2は、動画の録画及び再生がストレスなく可能な程度に高い演算処理能力を備えるため、決済アプリケーションと業務アプリケーションとを、ストレスなく柔軟に動作させることができる。 In this case, the information processing unit 2 employs a general-purpose OS (for example, refer to the virtualized hypervisor SW5 shown in FIG. 3) as a software platform. Accordingly, since the development platform for the payment application (payment application) and other applications used for business (hereinafter referred to as “business application”) is generalized, it is easy to reuse and divert development assets. In addition, if a consumer device can be used for the configuration of the information processing unit 2, the information processing unit 2 has a calculation processing capability high enough to record and play a video without stress. Can be operated flexibly without stress.
 (決済端末装置のソフトウェア機能を主としたシステム構成)
 図3は、本実施形態の決済端末装置1のソフトウェア機能を主としたシステム構成の一例を具体的に示すブロック図である。図3では、決済端末装置1の情報処理部2のCPU21において実行される各動作がソフトウェアの機能ブロックとして示されている。具体的には、仮想化ハイパーバイザSW5と、セキュア画面UIアプリケーションSW11と、LED表示アプリケーションSW12と、ICカード入出力ドライバSW13と、暗号化処理部SW14と、キーパッド入出力/実行制御部SW15と、暗号化解除部SW16と、キーパッドドライバSW17と。ディスプレイドライバSW18と、ICカードリーダドライバSW19と、LEDドライバSW20と、ゲストOS1SW21と、端末UIアプリケーションSW31と、決済アプリケーションSW32と、センタ接続アプリケーションSW33と、ディスプレイドライバSW34と、ゲストOS2SW35との各機能がCPU21において実行(実装)される。なお、図3において、符号ST1~ST7は、セキュアな実行環境において認証情報の一例としてのPIN情報に関する処理の手順を示す。 (System configuration mainly for software functions of payment terminal devices)
FIG. 3 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device 1 of the present embodiment. In FIG. 3, each operation | movement performed in CPU21 of the information processing part 2 of the payment terminal device 1 is shown as a functional block of software. Specifically, the virtualization hypervisor SW5, the secure screen UI application SW11, the LED display application SW12, the IC card input / output driver SW13, the encryption processing unit SW14, the keypad input / output / execution control unit SW15, A decryption unit SW16 and a keypad driver SW17. The functions of the display driver SW18, IC card reader driver SW19, LED driver SW20, guest OS1SW21, terminal UI application SW31, payment application SW32, center connection application SW33, display driver SW34, and guest OS2SW35 It is executed (implemented) in the CPU 21. In FIG. 3, reference numerals ST1 to ST7 indicate processing procedures relating to PIN information as an example of authentication information in a secure execution environment.
 仮想化ハイパーバイザSW5は、決済端末装置1のハードウェアHW0に対し、セキュアな実行環境を提供するセキュア仮想マシン(Secure VM)SW1と、非セキュアな実行環境を提供する非セキュア仮想マシン(Non-Secure VM)SW3とを別個に提供する。 The virtualization hypervisor SW5 provides a secure virtual machine (Secure VM) SW1 that provides a secure execution environment to the hardware HW0 of the payment terminal device 1, and a non-secure virtual machine (Non-) that provides a non-secure execution environment. Secure VM) SW3 is provided separately.
 セキュア仮想マシンSW1は、セキュア画面UIアプリケーションSW11と、LED表示アプリケーションSW12と、ICカード入出力ドライバSW13と、暗号化処理部SW14と、キーパッド入出力/実行制御部SW15と、暗号化解除部SW16と、キーパッドドライバSW17と、ディスプレイドライバSW18と、ICカードリーダドライバSW19と、LEDドライバSW20と、ゲストOS1_SW21とを含む構成である。 The secure virtual machine SW1 includes a secure screen UI application SW11, an LED display application SW12, an IC card input / output driver SW13, an encryption processing unit SW14, a keypad input / output / execution control unit SW15, and an encryption release unit SW16. A keypad driver SW17, a display driver SW18, an IC card reader driver SW19, an LED driver SW20, and a guest OS1_SW21.
 ゲストOS(Operating System)1SW21は、セキュアな実行環境を実現するためのセキュア仮想マシンSW1を制御する基本ソフトウェアであり、例えばWindows(登録商標)又はLinux(登録商標)である。 The guest OS (Operating System) 1SW21 is basic software for controlling the secure virtual machine SW1 for realizing a secure execution environment, and is, for example, Windows (registered trademark) or Linux (registered trademark).
 キーパッドドライバSW17は、キーパッド部34の動作を制御し、後述するセキュアな通信路53を介してPIN入力部HW1から暗号化PINを入力し、暗号化解除部SW16を介してキーパッド入出力/実行制御部SW15に出力する。 The keypad driver SW17 controls the operation of the keypad unit 34, inputs an encrypted PIN from the PIN input unit HW1 through a secure communication path 53 described later, and inputs / outputs the keypad through the decryption unit SW16. / Output to execution control unit SW15.
 暗号化解除部SW16は、PIN入力部HW1の暗号化部HW2との間で共通鍵を共有しており、キーパッドドライバSW17から出力された暗号化PINを復号する。暗号化解除部SW16は、復号により得られたPIN情報をキーパッド入出力/実行制御部SW15に出力する。ちなみに、PIN入力部HW1と暗号化部HW2との間における暗号化PINの受け渡しについては、共通鍵の代わりに、公開鍵暗号方式による暗号化/複合化が行われてもよい。 The decryption unit SW16 shares a common key with the encryption unit HW2 of the PIN input unit HW1, and decrypts the encrypted PIN output from the keypad driver SW17. The decryption unit SW16 outputs the PIN information obtained by the decryption to the keypad input / output / execution control unit SW15. Incidentally, for the exchange of the encrypted PIN between the PIN input unit HW1 and the encryption unit HW2, encryption / decomposition by a public key cryptosystem may be performed instead of the common key.
 制御部の一例としてのキーパッド入出力/実行制御部SW15は、認証情報(例えば暗証番号)であるPIN情報の入出力の管理、及び当該PIN情報の入出力に関する動作の実行を制御する。キーパッド入出力/実行制御部SW15は、PIN情報とICカードに登録されたPIN情報とを照合し、照合の結果、両者が一致すると判断した場合に、PIN情報を暗号化処理部SW14に出力し、PIN情報を暗号化処理部SW14に暗号化させる。キーパッド入出力/実行制御部SW15は、PIN情報をユーザに対して入力を促す旨のメッセージの表示をセキュア画面UIアプリケーションSW11に指示する。 The keypad input / output / execution control unit SW15 as an example of the control unit controls management of input / output of PIN information that is authentication information (for example, a personal identification number) and execution of operations related to input / output of the PIN information. The keypad input / output / execution control unit SW15 collates the PIN information with the PIN information registered in the IC card, and outputs the PIN information to the encryption processing unit SW14 when it is determined that the two match as a result of the collation. Then, the PIN information is encrypted by the encryption processing unit SW14. The keypad input / output / execution control unit SW15 instructs the secure screen UI application SW11 to display a message prompting the user to input PIN information.
 第1の暗号化部の一例としての暗号化処理部SW14は、決済センタ50において復号可能な暗号鍵を所持しており、この暗号鍵を用いて、キーパッド入出力/実行制御部SW15から出力されたPIN情報を暗号化してキーパッド入出力/実行制御部SW15に出力する。なお、暗号化処理には、決済センタ50と同じ鍵を用いた共通鍵方式による暗号化でも良いし、暗号化処理部SW14及び決済センタ50が各自の秘密鍵を所持し、かつ相手の公開鍵を所持する公開鍵暗号方式による暗号化でも良い。 The encryption processing unit SW14 as an example of the first encryption unit has an encryption key that can be decrypted in the settlement center 50, and is output from the keypad input / output / execution control unit SW15 using this encryption key. The encrypted PIN information is encrypted and output to the keypad input / output / execution control unit SW15. The encryption processing may be performed by encryption using a common key method using the same key as the settlement center 50, or the encryption processing unit SW14 and the settlement center 50 have their own private keys and the other party's public key Encryption by a public key cryptosystem possessing
 セキュア画面UIアプリケーションSW11は、キーパッド入出力/実行制御部SW15からの指示に応じて、セキュアな情報が入力される表示画面をタッチパネル10に表示する。具体的には、セキュア画面UIアプリケーションSW11は、PIN情報の入力をユーザに対して促すためのメッセージを表示し、入力されるPIN情報を隠すためにアスタリスク(*)を桁単位で表示し、又は決済処理を中止した旨のメッセージを表示する。 The secure screen UI application SW11 displays a display screen on which secure information is input on the touch panel 10 in response to an instruction from the keypad input / output / execution control unit SW15. Specifically, the secure screen UI application SW11 displays a message for prompting the user to input PIN information, displays an asterisk (*) in units of digits to hide the input PIN information, or A message indicating that the payment process has been canceled is displayed.
 ディスプレイドライバSW18は、タッチパネル10を構成する表示部29の動作を制御し、例えばキーパッド入出力/実行制御部SW15やセキュア画面UIアプリケーションSW11から出力された文字若しくは画像のデータを取得して表示部29に表示させる。 The display driver SW18 controls the operation of the display unit 29 constituting the touch panel 10, and acquires character or image data output from, for example, the keypad input / output / execution control unit SW15 or the secure screen UI application SW11 to display the display unit SW18. 29.
 LED表示アプリケーションSW12は、不図示のLED(Light Emitting Diode)の表示データを生成してLEDドライバSW20に出力する。 The LED display application SW12 generates display data of an LED (Light Emitting Diode) (not shown) and outputs it to the LED driver SW20.
 LEDドライバSW20は、LED表示アプリケーションSW12から出力された表示データに従って、LEDの点灯又は消灯の動作を制御する。 The LED driver SW20 controls the operation of turning on or off the LED according to the display data output from the LED display application SW12.
 ICカードリーダドライバSW19は、接触型ICカードリーダ部44や非接触型ICカードリーダライタ部43の動作を制御し、読み取られたカード情報をICカード入出力ドライバSW13に渡す。このICカードリーダドライバSW19は、磁気カードリーダ部35、非接触型ICカードリーダライタ部43及び接触型ICカードリーダ部44のそれぞれに対して、独立した個別のカードリーダドライバが実装されてもよい。 The IC card reader driver SW19 controls the operation of the contact type IC card reader unit 44 and the non-contact type IC card reader / writer unit 43, and passes the read card information to the IC card input / output driver SW13. This IC card reader driver SW19 may be mounted with an independent individual card reader driver for each of the magnetic card reader unit 35, the non-contact type IC card reader / writer unit 43, and the contact type IC card reader unit 44. .
 ICカード入出力ドライバSW13は、ICカードリーダドライバSW19から出力されたカード情報をキーパッド入出力/実行制御部SW15に出力する。 The IC card input / output driver SW13 outputs the card information output from the IC card reader driver SW19 to the keypad input / output / execution control unit SW15.
 図3に示す仮想PINパッド(VM_PINPAD)SW4は、PIN入力部HW1のキーパッド部34から入力されたPIN情報を、決済センタ50において復号可能に暗号化された暗号化PIN情報に変換する。仮想PINパッドSW4は、セキュア仮想マシンSW1において設けられ、キーパッドドライバSW17と、暗号化解除部SW16と、キーパッド入出力/実行制御部SW15と、暗号化処理部SW14と、セキュア画面UIアプリケーションSW11の一部と、ディスプレイドライバSW18の一部とを含む構成である。 The virtual PIN pad (VM_PINPAD) SW4 shown in FIG. 3 converts the PIN information input from the keypad unit 34 of the PIN input unit HW1 into encrypted PIN information encrypted so that it can be decrypted in the settlement center 50. The virtual PIN pad SW4 is provided in the secure virtual machine SW1, and includes a keypad driver SW17, an encryption release unit SW16, a keypad input / output / execution control unit SW15, an encryption processing unit SW14, and a secure screen UI application SW11. And a part of the display driver SW18.
 非セキュアな仮想マシンSW3は、端末UIアプリケーションSW31と、決済アプリケーションSW32と、センタ接続アプリケーションSW33と、ディスプレイドライバSW34と、ゲストOS2_SW35とを含む構成である。 The non-secure virtual machine SW3 includes a terminal UI application SW31, a payment application SW32, a center connection application SW33, a display driver SW34, and a guest OS2_SW35.
 ゲストOS2SW35は、非セキュアな実行環境を実現するための非セキュア仮想マシンSW3を制御するための基本ソフトウェアであり、例えばWindows(登録商標)又はLinux(登録商標)である。 The guest OS 2SW 35 is basic software for controlling the non-secure virtual machine SW3 for realizing a non-secure execution environment, and is, for example, Windows (registered trademark) or Linux (registered trademark).
 端末UIアプリケーションSW31は、決済アプリケーションSW32からの指示に応じて、非セキュアな情報が入力される表示画面をタッチパネル10に表示する。例えば、端末UIアプリケーションSW31は、決済アプリケーションSW32が起動している状態において、決済処理における各種の情報を表示させ、各種の入力操作を受け付ける。 The terminal UI application SW31 displays a display screen on which non-secure information is input on the touch panel 10 in response to an instruction from the payment application SW32. For example, the terminal UI application SW31 displays various information in the payment process and accepts various input operations while the payment application SW32 is activated.
 決済アプリケーションSW32は、センタ接続アプリケーションSW33によって接続される外部の決済先装置の一例としての決済センタ50との間で通信を行う汎用的なアプリケーションである。また、決済アプリケーションSW32は、セキュア仮想マシンSW1の仮想PINパッドSW4により生成された暗号化PIN情報を、仮想化ハイパーバイザSW5から取得し、この暗号化PIN情報を含む決済処理を、決済センタ50との間で行う。 The settlement application SW32 is a general-purpose application that communicates with a settlement center 50 as an example of an external settlement destination apparatus connected by the center connection application SW33. Further, the payment application SW32 acquires encrypted PIN information generated by the virtual PIN pad SW4 of the secure virtual machine SW1 from the virtualized hypervisor SW5, and performs a payment process including the encrypted PIN information with the payment center 50. Between.
 ディスプレイドライバSW34は、タッチパネル10を構成する表示部29の動作を制御し、例えばキーパッド入出力/実行制御部SW15や決済アプリケーションSW32から出力された決済画面、又は、端末UIアプリケーションSW31から出力された文字若しくは画像のデータを取得して表示部29に表示させる。 The display driver SW34 controls the operation of the display unit 29 constituting the touch panel 10, and is output from, for example, the payment screen output from the keypad input / output / execution control unit SW15 or the payment application SW32 or the terminal UI application SW31. Character or image data is acquired and displayed on the display unit 29.
 センタ接続アプリケーションSW33は、決済アプリケーションSW32から出力されたデータを用いた決済処理の申請を決済アプリケーションSW32により決定された接続先機器である決済センタ50等に送信するように、局所無線通信部22又は広域無線通信部24に指示する。 The center connection application SW33 transmits the application for the payment process using the data output from the payment application SW32 to the local wireless communication unit 22 or the transmission center 50 or the like, which is a connection destination device determined by the payment application SW32. Instructs the wide area wireless communication unit 24.
 実行環境提供部の一例としての仮想化ハイパーバイザSW5は、図3に示すハードウェアHW0をエミュレートするためのプログラムであり、複数のOSが独立して並列に動作するような複数の実行環境を別個に提供する。PIN入力部HW1の暗号化部HW2と、セキュアなVM PINパッド内にあるキーパッドドライバSW17は、それらの間に専用のセキュアな通信路53を生成する。PIN入力部HW1のキーパッド部に入力されたPIN情報は、暗号化部HW2によって暗号化される。暗号化部HW2により生成された暗号化PIN情報は、通信路53を介してキーパッドドライバSW17に出力される。仮想化ハイパーバイザSW5は、暗号化処理部SW14により生成された暗号化PIN情報をキーパッド入出力/実行制御部SW15から取得し、非セキュア仮想マシンSW3の決済アプリケーションSW32に渡す。 The virtualization hypervisor SW5 as an example of an execution environment providing unit is a program for emulating the hardware HW0 shown in FIG. 3, and includes a plurality of execution environments in which a plurality of OSs operate independently and in parallel. Provide separately. The encryption unit HW2 of the PIN input unit HW1 and the keypad driver SW17 in the secure VM PIN pad generate a dedicated secure communication path 53 therebetween. The PIN information input to the keypad unit of the PIN input unit HW1 is encrypted by the encryption unit HW2. The encrypted PIN information generated by the encryption unit HW2 is output to the keypad driver SW17 via the communication path 53. The virtualization hypervisor SW5 acquires the encrypted PIN information generated by the encryption processing unit SW14 from the keypad input / output / execution control unit SW15 and passes it to the settlement application SW32 of the non-secure virtual machine SW3.
 PIN入力部HW1は、キーパッド部34とキーパッド部34により入力されたPIN情報を暗号化する第2の暗号化部の一例としての暗号化部HW2とを含む構成である。暗号化部HW2の暗号化において用いられる暗号鍵は、例えば暗号化解除部SW16と共有する共通鍵である。但し、暗号鍵は共通鍵に限定されない。 The PIN input unit HW1 includes a keypad unit 34 and an encryption unit HW2 as an example of a second encryption unit that encrypts PIN information input by the keypad unit 34. The encryption key used in the encryption of the encryption unit HW2 is a common key shared with the decryption unit SW16, for example. However, the encryption key is not limited to the common key.
 次に、仮想化ハイパーバイザSW5を介した仮想PINパッドSW4とPIN入力部HW1との間の通信動作について、図4を参照して説明する。図4は、仮想化ハイパーバイザSW5を介した仮想PINパッドSW4とPIN入力部HW1との間の通信動作を説明するシーケンス図である。 Next, a communication operation between the virtual PIN pad SW4 and the PIN input unit HW1 via the virtual hypervisor SW5 will be described with reference to FIG. FIG. 4 is a sequence diagram illustrating a communication operation between the virtual PIN pad SW4 and the PIN input unit HW1 via the virtualized hypervisor SW5.
 図4において、まず、PIN入力部HW1の暗号化部HW2と仮想PINパッドSW4の暗号化解除部SW16との間で、例えば共通鍵暗号方式が用いられる場合には、仮想PINパッドSW4とPIN入力部SW7との間で共通鍵の交換(KEY EXCHANGE)が行われる(T1)。 In FIG. 4, first, when, for example, a common key cryptosystem is used between the encryption unit HW2 of the PIN input unit HW1 and the decryption unit SW16 of the virtual PIN pad SW4, the virtual PIN pad SW4 and the PIN input are used. A common key exchange (KEY EXCHANGE) is performed with the unit SW7 (T1).
 共通鍵の交換が終了した後、仮想PINパッドSW4とPIN入力部SW7との間で、暗号化通信のためのセキュアな通信路53が形成される(T2)。ステップT2の後、ユーザによりPIN情報が入力された場合に、仮想PINパッドSW4とPIN入力部SW7との間で、PIN入力部HW1により生成された暗号化PIN情報が送受信される(T3)。 After the exchange of the common key is completed, a secure communication path 53 for encrypted communication is formed between the virtual PIN pad SW4 and the PIN input unit SW7 (T2). After the step T2, when PIN information is input by the user, the encrypted PIN information generated by the PIN input unit HW1 is transmitted and received between the virtual PIN pad SW4 and the PIN input unit SW7 (T3).
 更に、仮想PINパッドSW4とPIN入力部SW7との間で、暗号化PIN情報の確定或いは取消のための操作指示の送受信が行われる(T4)。 Further, an operation instruction for confirming or canceling the encrypted PIN information is transmitted / received between the virtual PIN pad SW4 and the PIN input unit SW7 (T4).
 (決済端末装置1の決済処理時における動作手順)
 次に、本実施形態の決済端末装置1の決済処理時における動作について、図5を参照して説明する。図5は、本実施形態の決済端末装置1の決済処理時における第一の動作手順を詳細に説明するフローチャートである。図6は、本実施形態の決済端末装置1の決済処理時における第二の動作手順を詳細に説明するフローチャートである。決済端末装置1は、情報処理部2(図1A及び図2参照)にインストールされた決済アプリケーションSW32(図3参照)を実行させて、決済処理の手続を開始する。 (Operation procedure at the time of payment processing of the payment terminal device 1)
Next, the operation | movement at the time of the payment process of the payment terminal device 1 of this embodiment is demonstrated with reference to FIG. FIG. 5 is a flowchart for explaining in detail the first operation procedure during the payment process of the payment terminal device 1 of the present embodiment. FIG. 6 is a flowchart for explaining in detail the second operation procedure during the payment process of the payment terminal device 1 of the present embodiment. The settlement terminal device 1 causes the settlement application SW 32 (see FIG. 3) installed in the information processing unit 2 (see FIGS. 1A and 2) to execute, and starts the settlement processing procedure.
 図5において、端末UIアプリケーションSW31は、決済金額情報及び支払方法の入力を受け付けると(S1)、カードの読取り操作を促すためのメッセージをタッチパネル10の画面(図8A参照)に表示させる(S2)。 In FIG. 5, when the terminal UI application SW31 receives the payment amount information and the payment method (S1), the terminal UI application SW31 displays a message for prompting the card reading operation on the screen of the touch panel 10 (see FIG. 8A) (S2). .
 セキュア仮想マシンSW1(セキュアVM)により提供されるセキュアな実行環境において、ICカード入出力ドライバSW13は、ユーザのICカードのスリット5へのスライド、挿入口7への挿入又は決済端末装置1の前面9への近接のいずれかの操作により、ICカードを読み取れるまで待機する(S3)。ICカードが読み取られると(S3、YES)、仮想PINパッドSW4は、暗号化PIN情報の入力を受け付ける(S4)。ステップS4の暗号化PIN情報の入力手順の詳細については、図7を参照して後述する。 In a secure execution environment provided by the secure virtual machine SW1 (secure VM), the IC card input / output driver SW13 slides into the slit 5 of the user's IC card, inserts into the insertion slot 7, or the front of the payment terminal device 1. The system waits until the IC card can be read by any of the operations close to 9 (S3). When the IC card is read (S3, YES), the virtual PIN pad SW4 accepts input of encrypted PIN information (S4). Details of the procedure for inputting the encrypted PIN information in step S4 will be described later with reference to FIG.
 ステップS4の後、セキュア仮想マシンSW1(セキュアVM)により提供されるセキュアな実行環境内にある仮想PINパッドSW4は、PIN入力部HW1から出力された暗号化PIN情報の入力の受け付けが完了したか否か判別し(S5)、完了していない場合には(S5、NO)、仮想PINパッドSW4の動作はステップS4に戻り、再度、仮想PINパッドSW4は、暗号化PIN情報の入力を受け付ける。 After step S4, whether the virtual PIN pad SW4 in the secure execution environment provided by the secure virtual machine SW1 (secure VM) has received the input of the encrypted PIN information output from the PIN input unit HW1 It is determined whether or not (S5), and if not completed (S5, NO), the operation of the virtual PIN pad SW4 returns to step S4, and the virtual PIN pad SW4 accepts the input of the encrypted PIN information again.
 PIN入力部HW1から出力された暗号化PIN情報の入力の受け付けが完了した場合には(S5,Yes)、キーパッド入出力/実行制御部SW15は、ステップS4(特に図7に示すステップS15)において復号されたPIN情報とステップS3において読み取られたICカードに登録されたPIN情報とが一致するか否かを照合する(S6)。図5に示すPIN照合が必要な決済処理時における第一の動作手順において、ステップS4において入力されたPIN情報は、ステップS3において読み取りを行ったICカード(不図示)が復号可能な鍵によって暗号化されてもよい。ステップS4においてタッチパネル10により入力されたPIN情報は、暗号化処理部SW14に出力され、暗号化処理部SW14により暗号化されてもよい。又は、このようなPIN情報の暗号化は、暗号化処理部SW14とは別に設けられた不図示の暗号化処理部により行われてもよい。そして、暗号化処理部SW14又は不図示の暗号化処理部により暗号化されたPIN情報(暗号化PIN情報)は、キーパッド入出力/実行制御部SW15に出力されてもよい。 When the input of the encrypted PIN information output from the PIN input unit HW1 is completed (S5, Yes), the keypad input / output / execution control unit SW15 performs step S4 (particularly, step S15 shown in FIG. 7). Whether the PIN information decrypted in step S3 matches the PIN information registered in the IC card read in step S3 is checked (S6). In the first operation procedure at the time of settlement processing requiring PIN verification shown in FIG. 5, the PIN information input in step S4 is encrypted with a key that can be decrypted by the IC card (not shown) read in step S3. May be used. The PIN information input by the touch panel 10 in step S4 may be output to the encryption processing unit SW14 and may be encrypted by the encryption processing unit SW14. Alternatively, the encryption of the PIN information may be performed by an encryption processing unit (not shown) provided separately from the encryption processing unit SW14. Then, the PIN information (encrypted PIN information) encrypted by the encryption processing unit SW14 or the encryption processing unit (not shown) may be output to the keypad input / output / execution control unit SW15.
 キーパッド入出力/実行制御部SW15は、PIN情報又は暗号化PIN情報を、ICカード入出力ドライバSW13及びICカードリーダドライバSW19を介して、ICカードに渡す。ICカードは、キーパッド入出力/実行制御部SW15より得られたPIN情報又は暗号化PIN情報を復号したデータとICカードに予め登録されているPIN情報とを照合し、それらのPINの照合結果を出力する(S6)。キーパッド入出力/実行制御部SW15は、ICカードから出力されたPINの照合結果を、ICカードリーダドライバSW19及びICカード入出力ドライバSW13を介して入力する。キーパッド入出力/実行制御部SW15は、ICカードから出力されたPINの照合結果を、ICカードリーダドライバSW19及びICカード入出力ドライバSW13を介して入力する。 The keypad input / output / execution control unit SW15 passes the PIN information or the encrypted PIN information to the IC card via the IC card input / output driver SW13 and the IC card reader driver SW19. The IC card collates the data obtained by decrypting the PIN information or the encrypted PIN information obtained from the keypad input / output / execution control unit SW15 with the PIN information registered in advance in the IC card, and the collation result of those PINs Is output (S6). The keypad input / output / execution control unit SW15 inputs the PIN verification result output from the IC card via the IC card reader driver SW19 and the IC card input / output driver SW13. The keypad input / output / execution control unit SW15 inputs the PIN verification result output from the IC card via the IC card reader driver SW19 and the IC card input / output driver SW13.
 キーパッド入出力/実行制御部SW15は、ステップS4において入力されたPIN情報とステップS3において読み取られたICカードに登録されたPIN情報とが一致するという照合結果がICカードから得られれば、ゲストOS1(SW21)、仮想化ハイパーバイザSW5およびゲストOS2(SW35)を介して、非セキュア仮想マシンSW3の決済アプリケーションSW32に対して、その後の決済処理としての売上処理を指示する(S7、図3のST7参照)。 The keypad input / output / execution control unit SW15, if the collation result that the PIN information input in step S4 matches the PIN information registered in the IC card read in step S3 is obtained from the IC card, The OS 1 (SW21), the virtual hypervisor SW5, and the guest OS2 (SW35) are used to instruct the payment application SW32 of the non-secure virtual machine SW3 to perform subsequent sales processing as payment processing (S7, FIG. 3). (Refer to ST7).
 非セキュア仮想マシンSW3上において、決済アプリケーションSW32は、ステップS4において入力されたPIN情報とステップS3において読み取られたICカードに登録されたPIN情報とが一致するという照合結果が得られれば(S6、YES)、その後の決済処理としての売上処理を行う(S7)。売上処理後の売上処理データは、センタ接続アプリケーションSW33を介して、決済センタ50へと送信される。なお、ステップS7に示す売上処理データの売上処理は、顧客が商品を購入した場合又は役務の提供を受けた場合に都度、実行されても良いし、決済端末装置1と決済センタ50との通信が所定のタイミング(例えば1週間に1回)において行われ、その際に他の売上処理データとともに一括で処理されても良い。 On the non-secure virtual machine SW3, if the settlement application SW32 obtains a collation result that the PIN information input in step S4 matches the PIN information registered in the IC card read in step S3 (S6, YES), sales processing as subsequent settlement processing is performed (S7). The sales processing data after the sales processing is transmitted to the settlement center 50 via the center connection application SW33. Note that the sales processing of the sales processing data shown in step S7 may be executed every time a customer purchases a product or receives a service, or communication between the payment terminal device 1 and the payment center 50. Is performed at a predetermined timing (for example, once a week), and may be processed together with other sales processing data at that time.
 一方、キーパッド入出力/実行制御部SW15は、ステップS6における照合の結果、両者が一致しないと判断した場合(S6、NO)には、セキュア画面UIアプリケーションSW11に対し、タッチパネル10に決済処理を中止する旨のメッセージの表示を実行させる(S8)。キーパッド入出力/実行制御部SW15は決済アプリケーションSW32に対して売上処理を指示せず、その後の決済処理の手続は中止される。 On the other hand, when the keypad input / output / execution control unit SW15 determines that they do not match as a result of the collation in step S6 (S6, NO), the keypad input / output / execution control unit SW15 performs the settlement process on the touch panel 10 for the secure screen UI application SW11. A message for canceling is displayed (S8). The keypad input / output / execution control unit SW15 does not instruct the payment application SW32 to perform sales processing, and the subsequent payment processing procedure is stopped.
 図6に示すPIN照合が必要な決済処理時における第二の動作手順において、キーパッド入出力/実行制御部SW15は、PIN情報を暗号化処理部SW14に出力し、PIN情報を暗号化処理部SW14に暗号化させる。 In the second operation procedure at the time of settlement processing requiring PIN verification shown in FIG. 6, the keypad input / output / execution control unit SW15 outputs the PIN information to the encryption processing unit SW14, and the PIN information is transmitted to the encryption processing unit. Let SW14 encrypt.
 暗号化処理部SW14は、決済センタ50において復号可能な暗号鍵を用いて、キーパッド入出力/実行制御部SW15から出力されたPIN情報を暗号化してキーパッド入出力/実行制御部SW15に出力する(S6A、図3のST5、ST6参照)。 The encryption processing unit SW14 encrypts the PIN information output from the keypad input / output / execution control unit SW15 using an encryption key that can be decrypted in the settlement center 50, and outputs the PIN information to the keypad input / output / execution control unit SW15. (S6A, see ST5 and ST6 in FIG. 3).
 キーパッド入出力/実行制御部SW15は、暗号化PIN情報(暗号化入力PIN)を、ゲストOS1(SW21)、仮想化ハイパーバイザSW5およびゲストOS2(SW35)を介して、非セキュア仮想マシン(非セキュアVM)により提供される非セキュア仮想マシンSW3上の決済アプリケーションSW32に渡す。仮想化ハイパーバイザSW5は、暗号化処理部SW14により生成された暗号化PIN情報をキーパッド入出力/実行制御部SW15から取得して非セキュア仮想マシンSW3の決済アプリケーションSW32に渡す(S7A、図3のST7参照)。非セキュア仮想マシンSW3上において、決済アプリケーションSW32は、センタ接続アプリケーションSW33を介して決済センタ50と通信を行い、ステップS6Aにおいて生成された暗号化PIN情報を送信し、ステップS4において読み取られたカードのカード情報を用いた与信照会を行う。 The keypad input / output / execution control unit SW15 sends encrypted PIN information (encrypted input PIN) to the non-secure virtual machine (non-secure) via the guest OS1 (SW21), the virtualized hypervisor SW5, and the guest OS2 (SW35). And pass to the settlement application SW32 on the non-secure virtual machine SW3 provided by the secure VM). The virtualization hypervisor SW5 acquires the encrypted PIN information generated by the encryption processing unit SW14 from the keypad input / output / execution control unit SW15 and passes it to the settlement application SW32 of the non-secure virtual machine SW3 (S7A, FIG. 3). ST7). On the non-secure virtual machine SW3, the payment application SW32 communicates with the payment center 50 via the center connection application SW33, transmits the encrypted PIN information generated in step S6A, and the card read in step S4. Make credit inquiry using card information.
 決済センタ50は、決済端末装置1の決済アプリケーションSW32から受信したPIN情報を復号し、決済センタ50において管理されているPIN情報と復号されたPINとを照合する(S8A)。これら2つのPIN情報が一致し、かつ照合対象のカードが取引上問題無いと確認された(例えばブラックリストに載っていない)場合(S8A、YES)、決済センタ50は、決済端末装置1のセンタ接続アプリケーションSW33を介して、決済アプリケーションSW32に対して与信を行う。 The settlement center 50 decrypts the PIN information received from the settlement application SW32 of the settlement terminal device 1, and collates the PIN information managed in the settlement center 50 with the decrypted PIN (S8A). When these two PIN information matches and it is confirmed that there is no problem in dealing with the card to be verified (eg, not on the black list) (S8A, YES), the settlement center 50 is the center of the settlement terminal device 1. Credit is performed to the payment application SW32 via the connection application SW33.
 決済端末装置1の決済アプリケーションSW32は、ステップS11Aにおける決済センタ50の与信を受けて、その後の決済処理としての売上処理を行い(S9A)、決済センタ50との通信を終了する。なお、ステップS9Aに示す売上処理データの売上処理は、顧客が商品を購入した場合又は役務の提供を受けた場合に都度実行されても良いし、決済端末装置1と決済センタ50との通信が所定のタイミング(例えば1週間に1回)において行われ、その際に他の売上処理データとともに一括で処理されても良い。 The settlement application SW32 of the settlement terminal device 1 receives the credit of the settlement center 50 in step S11A, performs sales processing as subsequent settlement processing (S9A), and ends the communication with the settlement center 50. Note that the sales processing of the sales processing data shown in step S9A may be executed whenever a customer purchases a product or receives a service, or communication between the payment terminal device 1 and the payment center 50 is performed. It may be performed at a predetermined timing (for example, once a week), and may be processed together with other sales processing data at that time.
 一方、キーパッド入出力/実行制御部SW15は、ステップS8Aにおける照合の結果、両者が一致しないと判断した場合(S8A、NO)には、セキュア画面UIアプリケーションSW11に対し、タッチパネル10に決済処理を中止する旨のメッセージの表示を実行させる(S10)。キーパッド入出力/実行制御部SW15は決済アプリケーションSW32に対して売上処理を指示せず、その後の決済処理の手続は中止される。 On the other hand, if the keypad input / output / execution control unit SW15 determines that they do not match as a result of the collation in step S8A (S8A, NO), the keypad input / output / execution control unit SW15 A message for canceling is displayed (S10). The keypad input / output / execution control unit SW15 does not instruct the payment application SW32 to perform sales processing, and the subsequent payment processing procedure is stopped.
 次に、仮想PINパッドSW4におけるPIN入力の動作手順について、図7を参照して説明する。図7は、図5に示すステップS4の仮想PINパッドSW4におけるPIN入力の動作手順を詳細に説明するフローチャートである。 Next, a PIN input operation procedure in the virtual PIN pad SW4 will be described with reference to FIG. FIG. 7 is a flowchart for explaining in detail the operation procedure of PIN input in the virtual PIN pad SW4 in step S4 shown in FIG.
 図7において、PIN入力部HW1の暗号化部HW2と仮想PINパッドSW4の暗号化解除部SW16との間で、例えば共通鍵暗号方式が用いられる場合には、仮想PINパッドSW4とPIN入力部SW7との間で共通鍵の交換(KEY EXCHANGE)が行われる(S11、図4のT1参照)。 In FIG. 7, when a common key cryptosystem is used between the encryption unit HW2 of the PIN input unit HW1 and the decryption unit SW16 of the virtual PIN pad SW4, for example, the virtual PIN pad SW4 and the PIN input unit SW7 A common key exchange (KEY (EXCHANGE) is performed between the two (S11, see T1 in FIG. 4).
 共通鍵の交換が終了した後、仮想化ハイパーバイザSW5は、仮想PINパッドSW4とPIN入力部SW7との間でセキュアな通信路53を確立する。即ち、仮想PINパッドSW4とPIN入力部SW7との間で、暗号化通信のためのセキュアな通信路53が形成される(S12、図4のT2参照)。 After the exchange of the common key is completed, the virtualization hypervisor SW5 establishes a secure communication path 53 between the virtual PIN pad SW4 and the PIN input unit SW7. That is, a secure communication path 53 for encrypted communication is formed between the virtual PIN pad SW4 and the PIN input unit SW7 (S12, see T2 in FIG. 4).
 ステップS12の後、セキュア画面UIアプリケーションSW11は、PINの入力をユーザに対して促すためのメッセージをタッチパネル10に表示する(S13、図3のST1、ST2、図8B参照)。ユーザは、タッチパネル10に表示されたメッセージを確認して、PIN入力部HW1のキーパッド部34に対し、ユーザ個人の認証情報(例えば暗証番号)としてのPINを入力する。 After step S12, the secure screen UI application SW11 displays a message for prompting the user to input a PIN on the touch panel 10 (see S13, ST1, ST2, and FIG. 8B in FIG. 3). The user confirms the message displayed on the touch panel 10 and inputs a PIN as personal authentication information (for example, a personal identification number) to the keypad unit 34 of the PIN input unit HW1.
 暗号化部HW2は、ユーザのキーパッド部34に対する入力により、得られたPIN情報を暗号化して仮想化ハイパーバイザSW5に出力する。仮想化ハイパーバイザSW5は、暗号化PIN情報を、通信路53を介してキーパッドドライバSW17に出力する。キーパッドドライバSW17は、暗号化PIN情報を暗号化解除部SW16に出力する。 The encryption unit HW2 encrypts the obtained PIN information and outputs it to the virtualization hypervisor SW5 in response to the user's input to the keypad unit 34. The virtual hypervisor SW5 outputs the encrypted PIN information to the keypad driver SW17 via the communication path 53. The keypad driver SW17 outputs the encrypted PIN information to the decryption unit SW16.
 暗号化解除部SW16は、キーパッドドライバSW17から出力された暗号化PINを入力する(S14、図3のST3、図9A、図9B参照)。暗号化解除部SW16は、ステップS11において交換した共通鍵を用いて、入力された暗号化PINを復号することにより、PIN情報の暗号化を解除する(S15、図3のST4参照)。この後、図5に示すフローチャートの処理に復帰して、同図のステップS5に進む。 The decryption unit SW16 receives the encrypted PIN output from the keypad driver SW17 (see S14, ST3 in FIG. 3, FIG. 9A, and FIG. 9B). The decryption unit SW16 decrypts the input encrypted PIN using the common key exchanged in step S11, thereby decrypting the PIN information (S15, see ST4 in FIG. 3). Thereafter, the process returns to the process of the flowchart shown in FIG. 5 and proceeds to step S5 in FIG.
 図8Aは、決済端末装置1における決済金額情報(図5に示すステップS1参照)及びカードの読取り操作を促すメッセージ(図5に示すステップS2参照)が表示されたタッチパネル10の画面を示す図である。具体的には、図8Aでは、決済端末装置1のタッチパネル10には、「購入金額合計 ¥128,000(税込)」及び「カードの読取りを行って下さい。」の文字が画面に表示されている。 FIG. 8A is a diagram showing a screen of the touch panel 10 on which payment amount information (see step S1 shown in FIG. 5) and a message for prompting a card reading operation (see step S2 shown in FIG. 5) are displayed in the payment terminal device 1. is there. Specifically, in FIG. 8A, the touch panel 10 of the payment terminal device 1 displays characters “Total purchase amount ¥ 128,000 (tax included)” and “Please read the card” on the screen. Yes.
 図8Bは、PINの入力を促すメッセージ(図7に示すステップS13参照)が表示されたタッチパネル10の画面を示す図である。具体的に、PINが入力されるボックス61、「暗証番号を入力して下さい」の文字、及びキーパッド部34を指し示す矢印63が画面に表示される。 FIG. 8B is a diagram showing a screen of the touch panel 10 on which a message for prompting the input of the PIN (see step S13 shown in FIG. 7) is displayed. Specifically, a box 61 in which a PIN is entered, characters “Please enter your PIN”, and an arrow 63 pointing to the keypad 34 are displayed on the screen.
 図9Aは、キーパッド部34に対するユーザのPIN情報の入力操作によりPINが1桁入力された状態(図7に示すステップS13及びS14参照)を示すボックス61の画面を示す図である。入力された数字はアスタリスク「*」で表示される。図9Bは、PINが4桁全て入力された状態を示すボックス61の画面を示す図で・BR> る。本実施形態におけるPINは4桁であるが、もっと多くの桁数(例えば12桁)であってもよい。 FIG. 9A is a diagram showing a screen of the box 61 showing a state where the PIN is input by one digit by the user's input operation of the PIN information to the keypad unit 34 (see steps S13 and S14 shown in FIG. 7). The entered number is displayed with an asterisk “*”. FIG. 9B is a diagram showing a screen of a box 61 showing a state where all four digits of PIN have been input. The PIN in this embodiment is 4 digits, but it may be a larger number of digits (for example, 12 digits).
 以上により、本実施形態の決済端末装置1は、PIN入力部HW1により入力された認証情報(例えば暗証番号としてのPIN)を、決済センタ50において復号可能な暗号鍵を用いて暗号化し、この暗号化により生成された暗号化PIN情報を、セキュア仮想マシンSW1、仮想化ハイパーバイザSW5、非セキュア仮想マシンSW3の順に渡して、決済アプリケーションSW32に決済センタ50との間の決済処理を実行させる。 As described above, the settlement terminal device 1 according to the present embodiment encrypts the authentication information (for example, PIN as a personal identification number) input by the PIN input unit HW1 by using the encryption key that can be decrypted by the settlement center 50. The encrypted PIN information generated by the conversion is passed in the order of the secure virtual machine SW1, the virtual hypervisor SW5, and the non-secure virtual machine SW3, and the payment application SW32 executes the payment process with the payment center 50.
 これにより、決済端末装置1は、例えばハードウェア資源を用いて構成されるPIN入力部HW1(例えばキーパッド部34)を特許文献2のような特別な仕様にしなくても、仮想化ハイパーバイザSW5により提供されたセキュアな実行環境において入力されたPINを決済センタ50において復号可能な暗号鍵を用いて暗号化するので、ユーザにより入力されたPIN情報のセキュリティを的確に担保することができる。言い換えると、決済端末装置1は、構造の複雑化を最小限に抑制することができ、情報セキュリティを担保するための耐タンパ性を確保することができる。 As a result, the settlement terminal device 1 does not require the PIN input unit HW1 (for example, the keypad unit 34) configured using, for example, hardware resources to have a special specification as in Patent Document 2, so that the virtualization hypervisor SW5 can be used. Since the PIN input in the secure execution environment provided by the method is encrypted using the encryption key that can be decrypted in the settlement center 50, the security of the PIN information input by the user can be ensured accurately. In other words, the settlement terminal device 1 can suppress the complexity of the structure to the minimum, and can ensure tamper resistance for ensuring information security.
 また、決済端末装置1は、クレジットカードの登録加盟店が契約しているアクワイヤラ、決済センタ及び登録加盟店が非セキュアな実行環境において実行可能なアプリケーション(例えば決済アプリケーションやユーザアプリケーション)が複数インストールされていても、入力されたPIN情報のセキュリティの完全性を担保でき、耐タンパ性を確保できる。 The payment terminal device 1 is installed with a plurality of applications (for example, payment applications and user applications) that can be executed in the non-secure execution environment of the acquirer, payment center, and registered member store with which the credit card registered member store has a contract. Even if it is, the integrity of the security of the input PIN information can be ensured and tamper resistance can be ensured.
 また、決済端末装置1は、仮想化ハイパーバイザSW5がセキュアな実行環境と非セキュアな実行環境とを単一のハードウェア資源を用いて共用するので、決済端末装置1自身のハードウェア資源の回路規模を低減することができる。 In addition, since the payment terminal device 1 shares the secure execution environment and the non-secure execution environment using a single hardware resource, the virtualization hypervisor SW5 uses the hardware resource circuit of the payment terminal device 1 itself. The scale can be reduced.
 また、決済端末装置1は、PIN入力部HW1により入力されたPIN情報を暗号化部HW2において暗号化し、セキュアな通信路53を介して、暗号化PIN情報をセキュアな実行環境に設けられた仮想PINパッドSW4に渡すので、PIN入力部HW1により入力されたPIN情報のセキュリティを確保できる。 Further, the settlement terminal device 1 encrypts the PIN information input by the PIN input unit HW1 in the encryption unit HW2, and the encrypted PIN information is provided in a secure execution environment via the secure communication path 53. Since the data is transferred to the PIN pad SW4, the security of the PIN information input by the PIN input unit HW1 can be ensured.
 また、決済端末装置1は、ユーザに対してPINの入力を促すためのメッセージを表示するので、ユーザに対するPIN情報の入力に関する利便性を向上することができる。 Moreover, since the payment terminal device 1 displays a message for prompting the user to input the PIN, the convenience regarding the input of the PIN information to the user can be improved.
 (本実施形態の変形例)
 図10は、本実施形態の変形例(以下、「本変形例」という)」における決済端末装置の外観を示す正面図である。本変形例の決済端末装置1Aは、タブレット端末型の外観を有する。決済端末装置1Aのハードウェア構成及びソフトウェア構成の主要部分は、上述した本実施形態の決済端末装置1と共通した部分が多いので、異なる部分について説明する。 (Modification of this embodiment)
FIG. 10 is a front view showing an appearance of a payment terminal device in a modified example of the present embodiment (hereinafter referred to as “this modified example”). The settlement terminal device 1A of the present modification has a tablet terminal type appearance. Since most of the hardware configuration and software configuration of the settlement terminal device 1A are common to the settlement terminal device 1 of the present embodiment described above, different portions will be described.
 上述した本実施形態の決済端末装置1では、PIN情報の入力に使用されるキーパッド部34が設けられていたが、本変形例の決済端末装置1Aでは、大きなタッチパネル10Aの画面下方に、入力操作が可能なソフトウェアキーボードとして表示されたキーパッド部34Aが表示される。なお、タッチパネル10Aの下部には、各種の入力キー91、及び接触型ICカードが挿入される挿入口93が配置される。 In the payment terminal device 1 of the present embodiment described above, the keypad unit 34 used for inputting the PIN information is provided. However, in the payment terminal device 1A of the present modification, an input is performed below the screen of the large touch panel 10A. A keypad portion 34A displayed as an operable software keyboard is displayed. Note that various input keys 91 and an insertion slot 93 into which a contact type IC card is inserted are arranged below the touch panel 10A.
 決済端末装置1Aの決済処理時における動作手順は、上述した本実施形態の決済端末装置1とほぼ同様である。すなわち図3と同様に、決済端末装置1Aのセキュア仮想マシンSW1にあるキーパッド入出力/実行制御部SW15は、タッチパネル10Aに入力されたPIN(認証情報)を、同じ実行環境内にある暗号化処理部SW14(第1の暗号化部)に暗号化させる。PINの暗号化は、決済センタ50(非セキュア仮想マシンSW3にある決済アプリケーションSW32(決済処理部)の決済先装置)において復号可能な暗号鍵を用いて行われる。そして非セキュア仮想マシンSW3にある決済アプリケーションSW32(決済処理部)は、暗号化されたPIN(第1の暗号化認証情報)を用いて、決済センタ50に対する決済処理を実行する。 The operation procedure at the time of payment processing of the payment terminal device 1A is substantially the same as that of the payment terminal device 1 of the present embodiment described above. That is, as in FIG. 3, the keypad input / output / execution control unit SW15 in the secure virtual machine SW1 of the settlement terminal device 1A encrypts the PIN (authentication information) input to the touch panel 10A within the same execution environment. The processing unit SW14 (first encryption unit) encrypts the data. The PIN encryption is performed using an encryption key that can be decrypted by the settlement center 50 (the settlement destination device of the settlement application SW32 (payment processing unit) in the non-secure virtual machine SW3). Then, the payment application SW32 (payment processing unit) in the non-secure virtual machine SW3 executes a payment process for the payment center 50 using the encrypted PIN (first encrypted authentication information).
 図11は、本実施形態の変形例における決済端末装置1Aのソフトウェア機能を主としたシステム構成の一例を具体的に示すブロック図である。図11では、特に本実施形態の変形例の決済端末装置1AにおけるディスプレイドライバSW18,SW34の実装例が示されており、具体的には、図3に対する差分のみが図示されている。図11において、タッチパネル10A(図10参照)の表示部29は、セキュア仮想マシンSW1にあるディスプレイドライバSW18と接続される。セキュア仮想マシンSW1にあるディスプレイドライバSW18と非セキュア仮想マシンSW3にあるディスプレイドライバSW34は、物理的に耐タンパ性が確保された状態で接続される。 FIG. 11 is a block diagram specifically illustrating an example of a system configuration mainly including software functions of the settlement terminal device 1A according to a modification of the present embodiment. FIG. 11 shows an example of mounting the display drivers SW18 and SW34 in the settlement terminal device 1A of the modification of the present embodiment, and specifically, only the difference with respect to FIG. 3 is shown. In FIG. 11, the display unit 29 of the touch panel 10A (see FIG. 10) is connected to the display driver SW18 in the secure virtual machine SW1. The display driver SW18 in the secure virtual machine SW1 and the display driver SW34 in the non-secure virtual machine SW3 are connected in a state in which tamper resistance is physically ensured.
 非セキュア仮想マシンSW3にあるディスプレイドライバSW34による表示部29への表示は、セキュア仮想マシンSW1にあるディスプレイドライバSW18の制御の下で行われる。図10において、PIN入力の進捗を示すボックス61,矢印63,PIN入力に用いられるキーパッド部34Aの表示は、セキュア仮想マシンSW1にあるディスプレイドライバSW18によって行われる。これらについては、非セキュア仮想マシンSW3にあるディスプレイドライバSW34による表示は遮断される。したがって、非セキュア仮想マシンSW3に不正なアプリケーションがインストールされることにより、PINを入力するための正規な入力領域が不正に隠される、あるいは不正なアプリケーションにより別の不正な入力領域が表示されることを防止する。その結果として、決済端末装置1Aの使用者が不正な入力領域を正規なものと錯誤してPINを入力し、PINを奪取(フィッシング)される、という可能性は低減される。 Display on the display unit 29 by the display driver SW34 in the non-secure virtual machine SW3 is performed under the control of the display driver SW18 in the secure virtual machine SW1. In FIG. 10, the box 61 indicating the progress of PIN input, the arrow 63, and the keypad 34A used for PIN input are displayed by the display driver SW18 in the secure virtual machine SW1. About these, the display by display driver SW34 in non-secure virtual machine SW3 is interrupted | blocked. Therefore, when an unauthorized application is installed in the non-secure virtual machine SW3, a legitimate input area for entering the PIN is illegally hidden, or another unauthorized input area is displayed by the unauthorized application. To prevent. As a result, it is possible to reduce the possibility that the user of the settlement terminal device 1A inputs a PIN by mistaking an illegal input area as a regular one, and the PIN is taken (phishing).
 このような決済端末装置1Aでは、ハードウェアであるキーパッド部を省くことができ、ハードウェアの回路規模を簡素化することができる。また、決済端末装置1Aは、キーパッド部34とタッチパネル10Aとが同一の画面上に存在することにより、矢印63によって示されるキーパッド部34Aに対するユーザの入力操作を一層簡易化できる。 In such a settlement terminal device 1A, the keypad portion which is hardware can be omitted, and the hardware circuit scale can be simplified. In addition, the settlement terminal device 1A can further simplify the user's input operation to the keypad unit 34A indicated by the arrow 63 because the keypad unit 34 and the touch panel 10A exist on the same screen.
 以上、図面を参照しながら各種の実施形態について説明したが、本発明はかかる例に限定されないことは言うまでもない。当業者であれば、請求の範囲に記載された範疇内において、各種の変更例または修正例に想到し得ることは明らかであり、それらについても当然に本発明の技術的範囲に属するものと了解される。 Although various embodiments have been described above with reference to the drawings, it goes without saying that the present invention is not limited to such examples. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Is done.
 例えば、上記実施形態では、セキュアな実行環境及び非セキュア実行環境を同じCPUで実現していたが、別々のCPUで実現させてもよい。 For example, in the above embodiment, the secure execution environment and the non-secure execution environment are realized by the same CPU, but may be realized by separate CPUs.
 また、仮想化ハイパーバイザを用いる代わりに、ホストOSと仮想化アプリケーションを組み合わせた構成を用いても、同様の動作が可能である。 Also, the same operation can be performed by using a configuration in which the host OS and the virtualized application are combined instead of using the virtualized hypervisor.
 本発明は、決済端末装置の他、銀行のATM装置等、各種のセキュアな入力を必要とする装置に適用可能である。 The present invention can be applied to devices that require various secure inputs, such as bank ATM devices, in addition to payment terminal devices.
 本発明は、例えば決済処理において使用され、構造の複雑化を最小限に抑制し、情報セキュリティを担保するための耐タンパ性を確保する情報端末装置及び情報処理方法として有用である。 The present invention is useful, for example, as an information terminal device and an information processing method that are used in, for example, a settlement process, suppress the complexity of the structure to a minimum, and ensure tamper resistance for ensuring information security.
 1,1A 決済端末装置
 2 情報処理部
 10,10A タッチパネル
 21 CPU
 22 局所無線通信部
 23 局所無線通信アンテナ
 24 広域無線通信部
 25 広域無線通信アンテナ
 29 表示部
 30 タッチ入力検出部
 32 フラッシュROM
 33 RAM
 34,34A キーパッド部
 35 磁気カードリーダ部
 36 電源部
 37 バッテリ
 38 ループアンテナ
 43 非接触型ICカードリーダライタ部
 44 接触型ICカードリーダ部
 50 決済センタ
 SW1 セキュア仮想マシン(Secure_VM)
 SW3 非セキュア仮想マシン(Non-Secure_VM)
 SW4 仮想PINパッド
 SW5 仮想化ハイパーバイザ
 SW13 ICカード入出力ドライバ
 SW14 暗号化処理部
 SW15 キーパッド入出力/実行制御部
 SW16 暗号化解除部
 SW17 キーパッドドライバ
 SW18 ディスプレイドライバ
 SW19 ICカードリーダドライバ
 SW20 LEDドライバ
 SW21 ゲストOS1
 SW31 端末UIアプリケーション
 SW32 決済アプリケーション
 SW33 センタ接続アプリケーション
 SW34 ディスプレイドライバ
 SW35 ゲストOS2
 HW2 暗号化部 1, 1A Payment terminal device 2 Information processing unit 10, 10A Touch panel 21 CPU
22 Local Wireless Communication Unit 23 Local Wireless Communication Antenna 24 Wide Area Wireless Communication Unit 25 Wide Area Wireless Communication Antenna 29 Display Unit 30 Touch Input Detection Unit 32 Flash ROM
33 RAM
34, 34A Keypad part 35 Magnetic card reader part 36 Power supply part 37 Battery 38 Loop antenna 43 Non-contact type IC card reader / writer part 44 Contact type IC card reader part 50 Settlement center SW1 Secure virtual machine (Secure_VM)
SW3 non-secure virtual machine (Non-Secure_VM)
SW4 Virtual PIN pad SW5 Virtualization hypervisor SW13 IC card input / output driver SW14 Encryption processing unit SW15 Keypad input / output / execution control unit SW16 Decryption unit SW17 Keypad driver SW18 Display driver SW19 IC card reader driver SW20 LED driver SW21 Guest OS1
SW31 Terminal UI application SW32 Payment application SW33 Center connection application SW34 Display driver SW35 Guest OS2
HW2 encryption unit

Claims (4)

  1.  耐タンパ性を有するセキュアな実行環境と、耐タンパ性を有しない決済処理部を含む非セキュアな実行環境とを別個に提供する実行環境提供部と、
     前記セキュアな実行環境外に設けられ、認証情報の入力を受け付ける認証情報入力部と、
     前記セキュアな実行環境外に設けられ、前記認証情報入力部に入力された前記認証情報を暗号化する第1の暗号化部と、
     前記セキュアな実行環境に設けられ、前記第1の暗号化部により暗号化された前記認証情報を復号する暗号化解除部と、
     前記セキュアな実行環境に設けられ、前記暗号化解除部により復号された前記認証情報を、前記決済処理部の決済先装置において復号可能な暗号鍵を用いて暗号化する第2の暗号化部と、を備え、
     前記実行環境提供部は、
     前記第2の暗号化部により暗号化された前記認証情報を用いた前記決済先装置に対する決済処理の実行環境を前記決済処理部に提供する、
     情報処理装置。     An execution environment providing unit that separately provides a secure execution environment having tamper resistance and a non-secure execution environment including a settlement processing unit that does not have tamper resistance;
    An authentication information input unit that is provided outside the secure execution environment and receives input of authentication information;
    A first encryption unit that is provided outside the secure execution environment and encrypts the authentication information input to the authentication information input unit;
    An decryption unit that is provided in the secure execution environment and decrypts the authentication information encrypted by the first encryption unit;
    A second encryption unit that is provided in the secure execution environment and encrypts the authentication information decrypted by the decryption unit using an encryption key that can be decrypted by a settlement destination device of the settlement processing unit; With
    The execution environment providing unit includes:
    Providing the settlement processing unit with an execution environment for a settlement process for the settlement destination device using the authentication information encrypted by the second encryption unit;
    Information processing device.
  2.  請求項1に記載の情報処理装置であって、
     表示部と、
     前記認証情報の入力を促す旨を前記表示部に表示させる制御部と、を更に備える、
     情報処理装置。     The information processing apparatus according to claim 1,
    A display unit;
    A control unit that causes the display unit to display a prompt to input the authentication information,
    Information processing device.
  3.  請求項1に記載の情報処理装置であって、
     前記認証情報は、ユーザの暗証番号である、
     情報処理装置。     The information processing apparatus according to claim 1,
    The authentication information is a user password.
    Information processing device.
  4.  決済処理部を含む情報処理装置における情報処理方法であって、
     耐タンパ性を有するセキュアな実行環境と、耐タンパ性を有しない前記決済処理部を含む非セキュアな実行環境とを別個に提供するステップと、
     前記セキュアな実行環境外において、認証情報の入力を受け付けるステップと、
     前記セキュアな実行環境外において、入力された前記認証情報を暗号化する第1暗号化ステップと、
     前記セキュアな実行環境において、前記第1暗号化ステップにて暗号化された前記認証情報を復号するステップと、
     前記セキュアな実行環境において、復号された前記認証情報を、前記決済処理部の決済先装置において復号可能な暗号鍵を用いて暗号化する第2暗号化ステップと、
     前記第2暗号化ステップにより暗号化された前記認証情報を用いた前記決済先装置に対する決済処理の実行環境を前記決済処理部に提供するステップと、を有する、
     情報処理方法。     An information processing method in an information processing apparatus including a settlement processing unit,
    Separately providing a secure execution environment having tamper resistance and a non-secure execution environment including the payment processing unit not having tamper resistance;
    Accepting input of authentication information outside the secure execution environment;
    A first encryption step for encrypting the inputted authentication information outside the secure execution environment;
    Decrypting the authentication information encrypted in the first encryption step in the secure execution environment;
    A second encryption step of encrypting the decrypted authentication information using an encryption key that can be decrypted by a settlement destination device of the settlement processing unit in the secure execution environment;
    Providing the settlement processing unit with an execution environment for settlement processing for the settlement destination device using the authentication information encrypted in the second encryption step,
    Information processing method.
PCT/JP2015/001181 2014-03-10 2015-03-05 Information processing device and information processing method WO2015136897A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014046917A JP5776023B1 (en) 2014-03-10 2014-03-10 Information processing apparatus and information processing method
JP2014-046917 2014-03-10

Publications (1)

Publication Number Publication Date
WO2015136897A1 true WO2015136897A1 (en) 2015-09-17

Family

ID=54071355

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/001181 WO2015136897A1 (en) 2014-03-10 2015-03-05 Information processing device and information processing method

Country Status (2)

Country Link
JP (1) JP5776023B1 (en)
WO (1) WO2015136897A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7056446B2 (en) * 2018-07-30 2022-04-19 日本電信電話株式会社 Information processing equipment, information processing system and information processing method
JP2021026582A (en) * 2019-08-07 2021-02-22 日本電産サンキョー株式会社 Authentication system and authentication method
KR20230036286A (en) * 2021-09-07 2023-03-14 삼성전자주식회사 Electronic device for protecting user’s biometric information

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003016527A (en) * 2001-06-27 2003-01-17 Fujitsu Ltd Transaction terminal device
JP2008244992A (en) * 2007-03-28 2008-10-09 Casio Comput Co Ltd Terminal device and program
JP2011138477A (en) * 2009-12-04 2011-07-14 Ntt Docomo Inc Apparatus and method for notifying state, and program
WO2012166613A1 (en) * 2011-05-27 2012-12-06 Qualcomm Incorporated Secure input via a touchscreen
JP2013117962A (en) * 2011-12-02 2013-06-13 Samsung Electronics Co Ltd Secure method and device
JP2013242644A (en) * 2012-05-18 2013-12-05 Panasonic Corp Virtual computer system, control method, and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003016527A (en) * 2001-06-27 2003-01-17 Fujitsu Ltd Transaction terminal device
JP2008244992A (en) * 2007-03-28 2008-10-09 Casio Comput Co Ltd Terminal device and program
JP2011138477A (en) * 2009-12-04 2011-07-14 Ntt Docomo Inc Apparatus and method for notifying state, and program
WO2012166613A1 (en) * 2011-05-27 2012-12-06 Qualcomm Incorporated Secure input via a touchscreen
JP2013117962A (en) * 2011-12-02 2013-06-13 Samsung Electronics Co Ltd Secure method and device
JP2013242644A (en) * 2012-05-18 2013-12-05 Panasonic Corp Virtual computer system, control method, and program

Also Published As

Publication number Publication date
JP5776023B1 (en) 2015-09-09
JP2015171104A (en) 2015-09-28

Similar Documents

Publication Publication Date Title
US11393300B2 (en) Secure point of sale terminal and associated methods
US20200159914A1 (en) Methods for securely storing sensitive data on mobile device
EP3577851B1 (en) Methods and systems for securely storing sensitive data on smart cards
US11088840B2 (en) Trusted terminal platform
CN105957276B (en) Based on android system intelligence POS security systems and startup, data management-control method
CN107111500A (en) The wireless deposit of application library
EP3394811A1 (en) Method and system for enhancing the security of a transaction
US8874931B2 (en) System and method for securing a user interface
JP2016516230A5 (en)
MX2015000757A (en) Pin verification.
US8620824B2 (en) Pin protection for portable payment devices
CN101930508A (en) Safety treatment system
Zheng et al. TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms
US20140164782A1 (en) System and method for pin entry on mobile devices
JP2015171105A (en) Settlement terminal
JP5776023B1 (en) Information processing apparatus and information processing method
JP5736549B1 (en) Information processing apparatus and information processing method
JP6464817B2 (en) Payment terminal
US20240089102A1 (en) Method for providing financial service through user authentication based on image id, device therefor, and computer-readable recording medium therefor
EP3021249A1 (en) System for securely entering a private code
JP2022011693A (en) Account settlement device and key infusion program
US20150288684A1 (en) Device assembly for carrying out or enabling an electronic service and a method for securely inputting authorization data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15761365

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15761365

Country of ref document: EP

Kind code of ref document: A1