WO2020003337A1 - Server device and system - Google Patents

Server device and system Download PDF

Info

Publication number
WO2020003337A1
WO2020003337A1 PCT/JP2018/023928 JP2018023928W WO2020003337A1 WO 2020003337 A1 WO2020003337 A1 WO 2020003337A1 JP 2018023928 W JP2018023928 W JP 2018023928W WO 2020003337 A1 WO2020003337 A1 WO 2020003337A1
Authority
WO
WIPO (PCT)
Prior art keywords
sam
identification information
command
client device
server device
Prior art date
Application number
PCT/JP2018/023928
Other languages
French (fr)
Japanese (ja)
Inventor
三露 学
Original Assignee
Quadrac株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quadrac株式会社 filed Critical Quadrac株式会社
Priority to PCT/JP2018/023928 priority Critical patent/WO2020003337A1/en
Publication of WO2020003337A1 publication Critical patent/WO2020003337A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present disclosure relates to a server device and a system.
  • Patent Document 1 A system having one SAM and a plurality of non-contact IC chips has been proposed in Patent Document 1 (Patent Document 1).
  • Patent Document 1 one SAM has all the encryption keys stored in each of a plurality of non-contact IC chips, and one SAM can read and write information from or to any of the non-contact IC chips. Have been.
  • Is the second user device selects one of the plurality of SAM devices, the second SAM device, and selects the selected one of the second SAM devices.
  • Requesting command encryption for the second SAM device receiving the encrypted command from the selected one of the second SAM devices, transmitting the encrypted command to the second user device via the client device, Receiving an encrypted response from the second user device via the client device, reselecting the same one second SAM device as the selected one second SAM device, and reselecting the reselected one
  • a server device that requests the second SAM device to decrypt the received encrypted response, receives the decrypted response from the reselected one of the second SAM devices, and processes the response.
  • SAM devices are allocated to each service provider (that is, key information of a plurality of service providers is not mixed in one SAM device), and different service providers are used. It is possible to read and write data in a plurality of user devices that contract with the user. Therefore, it is possible to provide a server device and a system that can easily manage key information and can suppress a decrease in security due to a mixture of key information of a plurality of service providers in one SAM device.
  • FIG. 1 is a diagram illustrating a configuration example of a system 1 according to a first embodiment.
  • FIG. 3 is a sequence diagram illustrating an operation example of the system 1 according to the first embodiment.
  • FIG. 3 is a sequence diagram illustrating an operation example of the system 1 according to the first embodiment.
  • FIG. 6 is a diagram illustrating an example of a SAM device management table.
  • FIG. 13 is a sequence diagram partially showing an operation example of the system according to the second embodiment.
  • FIG. 1 is a diagram illustrating a configuration example of a system 1 according to the first embodiment.
  • the system 1 includes at least one first user device 11 that stores first key information A, at least one second user device 12 that stores second key information B, A client device 20 for performing short-range wireless communication with the device 11 or the second user device 12, a server device 30 connected to the client device 20 via a network NW, and a first key information A connected to the server device 30;
  • This is a system including a plurality of SAM devices including at least one first SAM device 41 that stores therein and at least one second SAM device 42 that stores second key information B. The details will be described below.
  • the first user device 11 and the second user device 12 are devices owned and operated by the user. More specifically, the first user device 11 is a user device used by a user who makes a contract with a first service provider, and the second user device 12 is used by a user who makes a contract with a second service provider. User device.
  • the first user device 11 and the second user device 12 include a smartphone, an IC card (Integrated Circuit Card) or a smart card (Smart Card) in which a non-contact IC chip or a non-contact IC chip function is incorporated. Can be
  • the first user device 11 and the second user device 12 (more specifically, for example, a storage area in the above-described non-contact IC chip or a storage area of a device having a non-contact IC chip function) store the first data
  • the second data is respectively stored.
  • the first data and the second data are data handled in the system 1.
  • personal information such as name, date of birth, gender, address, card ID, expiration date of the card, floor Limits and card usage history can be included in this.
  • the floor limit is the minimum amount that requires authorization (credit approval).
  • Authorization means that a credit card member store confirms the credit of a card user (card member) with a card company.
  • the authorization can be set to be unnecessary, and the settlement can be completed without performing the authorization.
  • the floor limit it is also possible to set the floor limit to 0 yen, and in this case, authorization is required for virtually all settlements.
  • the first user device 11 and the second user device 12 have a first key.
  • Information A and second key information B are respectively stored.
  • the second key information B is key information different from the first key information A. That is, the first key information A takes a value different from that of the second key information B.
  • the system 1 has one first user device 11 and one second user device 12, but the number of first user devices 11 and second user devices 12 May be two, three, or four or more. Also, in addition to the first user device 11 and the second user device 12, a user device that stores key information different from the first user device 11 and the second user device 12, such as a third user device and a fourth user device. May exist.
  • the client device 20 is a device capable of performing short-range wireless communication with any of the first user device 11 and the second user device 12, for example, a cash register device installed in a supermarket or a convenience store, a ticket gate of a station, and the like.
  • Ticket gate installed at the entrance
  • ETC Electronic Toll Collection System
  • terminals installed at government offices
  • terminals installed at leisure facilities such as amusement parks, movie theaters and zoos (entrance And / or a terminal that charges when leaving)
  • a cash register of a restaurant such as a restaurant, and the like.
  • a reader / writer that enables communication with the first user device 11 or the second user device 12 is built in or externally attached to the client device 20.
  • the client device 20 can communicate with the first user device 11 and the second user device 12 via the reader / writer.
  • the client device 20 can communicate with either the first user device 11 or the second user device 12, but can communicate with only one of the user devices at a time.
  • time-division communication being performed at a relatively high speed, there may be cases where communication can be regarded as simultaneous with a plurality of user devices.
  • the short-range wireless communication includes a method in which the client device 20 and the first user device 11 and the second user device 12 perform communication without contact, such as NFC (Near Field Communication), and a client device, such as ISO7816.
  • a method of performing communication by contacting the first user device 11 and the second user device 12 with the user device 20 may be included.
  • the system 1 has one client device 20, but the number of client devices 20 may be two, three, or four. There may be more than one.
  • the server device 30 is a device connected to the client device 20 via the network NW.
  • the network NW is, for example, the Internet. Communication between the client device 20 and the server device 30 is performed in accordance with a protocol such as HTTPS, TCP / IP, or UDP.
  • the server device 30 includes, for example, an arithmetic device including a CPU and a storage device including a RAM and a hard disk. For example, programs and data are stored in the storage device, and the server device 30 operates when, for example, the arithmetic device reads out and executes the program from the storage device. Note that the data may include a SAM management table described later.
  • the server device 30 may be a single device, but the processing of the server device 30 may be distributed to a plurality of devices. In this case, when viewed from the client device 20, the server device 30 substantially appears to be operating as a single device, and thus the entire plurality of devices are regarded as the server device 30.
  • encrypted commands and responses are transmitted and received between the server device 30 and the client device 20 in a packet format. That is, the server device 30 transmits, for example, a packet including the encrypted command in the payload portion to the client device 20. In other words, the server device 30 transmits the encrypted command or the data obtained by adding other data to the encrypted command to the client device 20 with a header added.
  • the client device 20 extracts the encrypted command from the received packet and transmits the command to the first user device 11 and the second user device 12.
  • the client device 20 transmits, for example, a packet including the encrypted response in the payload portion to the server device 30.
  • the client device 20 transmits the encrypted response or the data obtained by adding other data to the encrypted response to the server device 30 with the header added.
  • the server device 30 extracts an encrypted response from the received packet and transmits the response to the first SAM device 41 and the second SAM device 42.
  • the payload portion or the header portion of the packet transmitted from the client device 20 to the server device 30 preferably includes client device identification information for identifying the client device 20, and further includes key information identification information. Is more preferable. Furthermore, the payload part or the header part of the packet transmitted and received between the client device 20 and the server device 30 may include a session ID, a sequence number, and the like.
  • client device identification information is included in the packet, reselection of the first SAM device 41 and the second SAM device 42 by the server device 30 becomes easy.
  • the key information identification information is included in the packet, the selection of the first SAM device 41 or the second SAM device 42 by the server device 30 becomes easy.
  • the system 1 has one server device 30, but the number of server devices 30 may be two or three. Or four or more.
  • the client device can switch the server device as the communication partner.
  • the communication destination of one or more client devices arranged in a certain area or a commercial facility is set to one server device, and the communication destination is set in another area or a commercial facility.
  • the SAM device is a device having a function of a SAM (Secure Application Module).
  • the plurality of SAM devices include at least one first SAM device 41 that stores first key information A and at least one second SAM device 42 that stores second key information B.
  • the first SAM device 41 is a SAM device that stores key information assigned to a first service provider
  • the second SAM device 42 is a SAM device that stores key information allocated to a second service provider. is there.
  • the first key information A and the second key information B are also stored in the first user device 11 and the second user device 12, respectively. That is, the first SAM device 41 and the first user device 11 store common key information, and the second SAM device 42 and the second user device 12 store common key information.
  • SAM devices include those capable of storing only key information assigned to one service provider and those capable of storing key information assigned to a plurality of service providers. .
  • one SAM device stores only the key information assigned to one service provider.
  • one SAM device stores only the key information assigned to one service provider.
  • Only one key information assigned to one service provider may be stored in one SAM device. For example, when there are 10 SAM devices, one of them stores one piece of key information P assigned to the first service provider, and the remaining four units are assigned to the second service provider.
  • the stored key information Q can be stored. This makes it possible to associate the key information with the SAM device on a one-to-one basis, thereby simplifying the management of the key information.
  • one SAM device may store a plurality of pieces of key information assigned to one service provider. For example, when there are ten SAM devices, a plurality of key information P1... PN (N is an integer of 2 or more) assigned to the first service provider is stored in each of the six SAM devices, and the remaining SAM devices are stored. A plurality of pieces of key information Q1... QN (N is an integer of 2 or more) assigned to the second service provider can be stored in each of the four units. That is, the former six SAM devices each store a plurality of key information P1... PN (N is an integer of 2 or more), and the latter four SAM devices each store a plurality of key information Q1. (N is an integer of 2 or more).
  • the key information is converted from the one key information without replacing the SAM device.
  • security can be ensured.
  • the number of users of one service provider is large, it is possible to store key information assigned to one service provider in a plurality of SAM devices and connect them to a server device in order to improve processing capacity. It is valid.
  • a plurality of SAM devices for one service provider are required when the one key information leaks. For example, it is necessary to perform a recovery operation such as replacing all of the SAMs or storing new key information in all the SAM devices for one service provider.
  • the key can be changed without replacing the SAM apparatus as described above. Information can be switched. Therefore, even when the key information is leaked, security can be easily maintained.
  • the first key information A and the second key information B are key information used in mutual authentication, and are assigned to each service provider. For example, when the first key information A is assigned to the Suica (registered trademark) service provider, a different second key information B is assigned to the Edy (registered trademark) service provider. Shall be. Further, the first key information A is, for example, a secret key of the first SAM device 41 and the first user device 11, and the second key information B is, for example, the second SAM device 42 and the second user device 12 Is the secret key possessed by.
  • Mutual authentication means that the user device authenticates the SAM device and the SAM device authenticates the user device by confirming that the user device and the SAM device have the same key information. Mutual authentication confirms the authenticity of each other. That is, it is confirmed that the SAM device is not forged for the user device, and that the user device is not forged for the SAM device.
  • Mutual authentication can be performed in various ways. An example is as follows. (1) First, the SAM device generates a first random number, encrypts the first random number with the key information of its own device, and transmits it to the user device. (2) Next, the user device receives the encrypted first random number from the SAM device, decrypts the encrypted first random number with the key information of the user device, obtains the first random number, and uses the obtained first random number as the self device. Encrypt with the key information of the device. Further, the user device generates a second random number and encrypts the second random number with key information of the user device. Then, the user device transmits the encrypted first random number and the encrypted second random number to the SAM device.
  • the SAM device receives the encrypted first random number from the user device, decrypts the encrypted first random number with the key information of the own device, obtains the first random number, and obtains the first random number in (1). Compare with the generated first random number. If they match, it is determined that the user device has the same key information, and the user device is authenticated. (4) In addition, the SAM device receives the encrypted second random number from the user device, decrypts the encrypted second random number with the key information of the device itself, obtains the second random number, and transmits the obtained second random number to the device itself. Is encrypted with the key information possessed by. Then, the SAM device transmits the encrypted second random number to the user device.
  • the user apparatus receives the encrypted second random number from the SAM apparatus, decrypts the encrypted second random number with the key information of the user apparatus to obtain the second random number, and obtains the second random number in (2) above. Compare with the generated second random number. If they match, it is determined that the SAM device has the same key information, and the SAM device is authenticated.
  • the first SAM device 41 and the first user device 11 generate a first session key using, for example, a random number generated at the time of mutual authentication. Then, the first SAM device 41 uses the generated first session key to encrypt the command for the first user device 11 and to decrypt the response received from the first user device 11. In addition, the first user device 11 uses the generated first session key to decrypt the command received from the first SAM device 41 and encrypt the response to the first SAM device 41. Similarly, the second SAM device 42 and the second user device 12 generate a second session key using, for example, a random number generated during mutual authentication. Then, the second SAM device 42 uses the generated second session key to encrypt the command for the second user device 12 and to decrypt the response received from the second user device 12.
  • the second user device 12 uses the generated second session key to decrypt the command received from the second SAM device 42 and encrypt the response to the second SAM device 42.
  • the first session key and the second session key are generated by using random numbers generated at the time of mutual authentication (for example, the first random number, the second random number, or a combination thereof), these are used. Since the value of the key may be different for each mutual authentication, security is improved.
  • one session is started by one mutual authentication, and another session is started when the mutual authentication is performed again.
  • the first session key and the second session key are key information that can take different values each time mutual authentication is performed, and are substantially effective only for one mutual authentication, that is, only for one session. For this reason, the first session key and the second session key are referred to as “session keys”.
  • the encryption algorithm is common between service providers, that is, between SAM devices used by each service provider.
  • the algorithm by which the first SAM device 41 performs mutual authentication and generates the first session key is the same as the algorithm by which the second SAM device 42 performs mutual authentication and generates the second session key.
  • the algorithm for encrypting (decrypting) the command is the same.
  • an algorithm in which the first user device 11 decrypts (encrypts) the response using the first session key, and a second SAM device 42 (second user device 12) uses the second session key
  • the algorithm for decrypting (encrypting) the response is the same.
  • the difference in the algorithm corresponds to the difference in the type of the SAM device. That is, if the algorithm is different, the type of the SAM device is different. For example, since algorithms are different between FeliCa (registered trademark) and Mifare (registered trademark), SAM devices based on both standards have different types. Whether or not the same algorithm is used can be determined based on whether or not the data processing procedure and the data processing protocol are the same.
  • the @command is information for identifying a command to be executed by the first user device 11 or the second user device 12, or a command itself to be executed.
  • the instruction may include an instruction for reading (reading) the first data and the second data, and an instruction for writing (writing) the first data.
  • the command for instructing the reading (reading) of the first data or the second data performs the balance inquiry and the identity inquiry of the electronic money. Can be used in some cases.
  • the command for writing the first data or the second data is used to increase or decrease the balance of electronic money, or to update personal information such as an address.
  • the response is information corresponding to a command execution result by the first user device 11 or the second user device 12, and includes a read result and a write result of the first data and the second data.
  • the first data and the second data stored in the first user device 11 and the second user device 12 respond to the command. Can be included.
  • the success or failure of writing may be included in the response.
  • the response includes, in addition to information corresponding to the execution result of the command, mutual authentication performed between the first SAM device 41 and the first user device 11 and between the second SAM device 42 and the second user device 12. May be included.
  • the system 1 has one first SAM device 41 and one second SAM device 42, but the number of the first SAM device 41 and the second SAM device 42 is two. There may be three, or four or more. Also, in addition to the first SAM device 41 and the second SAM device 42, there are a plurality of SAM devices such as a third SAM device and a fourth SAM device that store key information different from those of the first SAM device 41 and the second SAM device 42. Is also good.
  • FIGS. 2A and 2B are sequence diagrams illustrating an operation example of the system 1 according to the first embodiment.
  • the client device 20 is a POS terminal installed in a supermarket
  • the first user device 11 is a smartphone of a first shopper
  • the second user device 12 is a second POS terminal different from the first shopper.
  • a first shopper who is a shopper's smartphone and makes a payment of 1,000 yen with first electronic money (for example, Suica (registered trademark)) at a POS terminal, which is an example of the client device 20,
  • first electronic money for example, Suica (registered trademark)
  • second electronic money for example, Edy (registered trademark)
  • Step 1 the client device 20 requests the server device 30 to transmit a command to be executed by the first user device 11.
  • a POS terminal as an example of the client device 20 reads information of 1,000 yen from a barcode of a product that the first shopper wants to purchase, and transmits a predetermined bit string to the server device 30. Requesting transmission of a command to reduce 1,000 yen.
  • the request can include client device identification information for identifying the client device 20.
  • the server device 30 selects one first SAM device 41 from the plurality of SAM devices. This selection is made, for example, by the server device 30 receiving the key information identification information from the first user device 11 via the client device 20 (Step 2), and storing the SAM device stored in association with the received key information identification information.
  • the identification information is read from the SAM device management table shown in FIG. 3, the SAM device identified by the read SAM device identification information is selected, and the selected SAM device is mutually authenticated with the first user device 11.
  • the notification can be made (Step 3).
  • the server device 30 If the client device identification information is included in the request in Step 1 or the server device 30 has the client device identification information of the client device 20 by another method, the server device 30 The information can be stored in the SAM device management table shown in FIG. 3 in association with the SAM device identification information read in Step 3.
  • Steps 4 and 5 Next, mutual authentication using the first key information A is performed between the selected one first SAM device 41 and the first user device 11, and a first session key is generated (Step 4).
  • the generated first session key is stored in both the first SAM device 41 and the first user device 11.
  • the first SAM device 41 notifies the server device 30 that the mutual authentication has been completed (Step 5).
  • Step 6 the server device 30 requests the selected one of the first SAM devices 41 to encrypt a command to be transmitted to the client device 20. For example, by transmitting a predetermined bit string, a request for command encryption for reducing the amount of 1,000 yen is required.
  • Step 7 the selected one first SAM device 41 generates the requested command and encrypts it.
  • the selected one first SAM device 41 generates a command for reducing the amount of 1,000 yen, and encrypts the command with the first session key generated in Step 4.
  • Step 8 the server device 30 receives the encrypted command from the one selected first SAM device 41.
  • Step 9 the server device 30 transmits the encrypted command to the first user device 11 via the client device 20.
  • Step 10 the first user device 11 decrypts the command received from the server device 30 via the client device 20, executes the decrypted command, encrypts a response corresponding to the result, and transmits the encrypted response.
  • the data is transmitted to the server device 30 via the client device 20.
  • the server device 30 receives the encrypted response from the first user device 11, which is the communication partner of the client device 20.
  • the first user device 11 or the client device 20 can include, for example, client device identification information for identifying the client device 20 in the packet including the response.
  • Step 11 the server device 30 reselects the same first SAM device 41 as the previously selected one first SAM device 41, and the re-selected first SAM device 41 is encrypted and received from the client device 20. Request to decrypt the response.
  • the SAM device identification information stored in association with the client device identification information is described in the SAM device management shown in FIG. This can be performed by reading from the table and selecting the SAM device identified by the read SAM device identification information. This request can be made, for example, by transmitting a predetermined bit string.
  • Step 12 Next, the one reselected first SAM device 41 decrypts the encrypted response.
  • Step 13 the server device 30 receives the decrypted response from the reselected one of the first SAM devices 41 and processes it.
  • This process includes, for example, a process of deleting the client device identification information stored in association with the SAM device identification information identifying one reselected first SAM device 41 from the SAM device management table of FIG. May be included.
  • Step 14 the server device 30 notifies the client device 20 that the process of reducing the 1,000 yen has been completed.
  • Step 21 First, the client device 20 requests the server device 30 to transmit a command to be executed by the second user device 12.
  • a POS terminal which is an example of the client device 20
  • the request can include client device identification information for identifying the client device 20.
  • the server device 30 selects one second SAM device 42 from the plurality of SAM devices. This selection is made, for example, by the server device 30 receiving the key information identification information from the second user device 12 via the client device 20 (Step 22), and storing the SAM device stored in association with the received key information identification information.
  • the identification information is read from the SAM device management table shown in FIG. 3, the SAM device identified by the read SAM device identification information is selected, and the selected SAM device is mutually authenticated with the second user device 12.
  • the notification can be made (Step 23).
  • the server device 30 When the request in Step 21 includes the client device identification information, or when the server device 30 has the client device identification information of the client device 20 by another method, the server device 30 The information can be stored in the SAM device management table shown in FIG. 3 in association with the SAM device identification information read in Step 3.
  • Steps 24 and 25 Next, mutual authentication is performed between the selected one second SAM device 42 and the second user device 12 using the second key information B, and a second session key is generated (Step 24).
  • the generated second session key is stored in both the selected one of the second SAM devices 42 and the second user device 12.
  • the second SAM device 42 notifies the server device 30 that the mutual authentication has been completed (Step 25).
  • Step 26 the server device 30 requests the selected one of the second SAM devices 42 to encrypt a command to be transmitted to the client device 20. For example, by transmitting a predetermined bit string, a request is made to encrypt a command for reducing 3,000 yen.
  • Step 27 the selected one second SAM device 42 generates the requested command and encrypts it.
  • the selected one second SAM device 42 generates a command for reducing 3,000 yen, and encrypts the command with the second session key generated in Step 24.
  • Step28 the server device 30 receives the encrypted command from the selected one second SAM device 42.
  • Step 29 the server device 30 transmits the encrypted command to the second user device 12 via the client device 20.
  • Step 30 the second user device 12 decrypts the command received from the server device 30 via the client device 20, executes the decrypted command, encrypts a response according to the result, and transmits the encrypted response.
  • the data is transmitted to the server device 30 via the client device 20.
  • the server device 30 receives the encrypted response from the second user device 12 that is the communication partner of the client device 20.
  • the second user device 12 or the client device 20 can include, for example, client device identification information for identifying the client device 20 in the packet including the response.
  • Step 31 the server device 30 reselects the same second SAM device 42 as the one second SAM device 42 previously selected, and the re-selected second SAM device 42 receives the encrypted SAM received from the client device 20. Request to decrypt the response.
  • the SAM device identification information stored in association with the client device identification information is described in the SAM device management shown in FIG. This can be performed by reading from the table and selecting the SAM device identified by the read SAM device identification information. This request can be made, for example, by transmitting a predetermined bit string.
  • Step32 Next, the reselected second SAM device 42 decrypts the encrypted response.
  • Step33 the server device 30 receives the decrypted response from the reselected second SAM device 42 and processes it.
  • This process includes, for example, a process of deleting the client device identification information stored in association with the SAM device identification information for identifying one reselected second SAM device 42 from the SAM device management table of FIG. May be included.
  • Step 34 the server device 30 notifies the client device 20 that the process of reducing the 3,000 yen has been completed.
  • the SAM device is assigned to each service provider (that is, key information of a plurality of service providers is not mixed in one SAM device).
  • the SAM device is possible to read and write data in a plurality of user devices that make contracts with different service providers. Therefore, it is possible to provide a server device and a system that can easily manage key information and can suppress a decrease in security due to a mixture of key information of a plurality of service providers in one SAM device.
  • FIG. 3 is a diagram showing an example of the SAM device management table.
  • the SAM device management table can store SAM device identification information, key information identification information, and client device identification information in association with each other.
  • the SAM device identification information and the key information identification information are stored in association with each other in advance, and when the SAM device identified by the SAM device identification information is selected, the client device identification information is associated with the SAM device identification information. It is memorized.
  • the client device identification information stored in association with the SAM device identification information is deleted.
  • the SAM device management table can be stored in a storage device of the server device 30, for example.
  • FIG. 4 is a sequence diagram partially illustrating an operation example of the system according to the second embodiment.
  • the server device 30 transmits the key information identification information from the first user device 11 via the client device 20.
  • the received SAM device identification information is read from the SAM device management table shown in FIG. 3 and stored in association with the received key information identification information, and the SAM identified by the read SAM device identification information is received (Step 2).
  • the server device 30 allows the server device 30 to select one first SAM from among the plurality of SAM devices. The device 41 was selected.
  • the server device 30 requests mutual authentication for one SAM device included in a plurality of SAM devices at random or in accordance with a predetermined rule.
  • a successful SAM device is selected from a plurality of SAM devices as one SAM device.
  • the server device 30 first requests the second SAM device 42 for mutual authentication with the first user device 11 (Step 41).
  • the second SAM device 42 attempts mutual authentication with the first user device 11, but the mutual authentication fails because no common key information is stored (Step 42).
  • the server device 30 requests the first SAM device 41 to perform mutual authentication with the first user device 11 (Step 43).
  • the first SAM device 41 attempts mutual authentication with the first user device 11, but since the common key information is stored, the mutual authentication succeeds (Step 44).
  • the server device 30 selects the SAM device for which the mutual authentication has succeeded as one SAM device.
  • the case where the communication partner of the client device 20 is the second user device 12 can be similarly considered.
  • each of the above-mentioned requests and data may be composed of one data, or may be composed of a plurality of data.
  • transmission of each request and each data described above may be transmitted by one transmission, or may be transmitted by dividing into a plurality of transmissions.
  • reception of each request or each data described above may be received in one reception, or may be received in a plurality of receptions.
  • “a certain request X or certain data Y includes certain data Z” includes not only a case where the request X or the data Y includes the data Z itself but also a case where the data Z which can specify the certain data Z is included. It is assumed that the case includes data other than the data itself.
  • the server device 30 requests the first SAM device 41 and the second SAM device 42 to create a command and encrypt the command.
  • the server device 30 may create the command. That is, the server device 30 creates a command, transmits the created command to the first SAM device 41 and the second SAM device 42, and the first SAM device 41 and the second SAM device 42 encrypt the command received from the server device 30. May be sent back to the server device 30.

Abstract

[Problem] To provide a server device or the like in which the management of key information is simple, and which is capable of suppressing the degradation of security, which is caused by key information of a plurality of service providers intermingled in one SAM device. [Solution] This server device is included in a system provided with: at least one first user device which stores first key information; at least one second user device which stores second key information; a client device which is capable of performing near field communication with any one among the first user device and the second user device; the server device which is connected to the client device through a network; and a plurality of SAM devices which are connected to the server device, and include at least one first SAM device which stores the first key information and at least one second SAM device which stores the second key information.

Description

サーバ装置及びシステムServer device and system
 本開示はサーバ装置及びシステムに関する。 (4) The present disclosure relates to a server device and a system.
 1つのSAMと複数の非接触ICチップとを有するシステムが特許文献1において提案されている(特許文献1)。特許文献1では、1つのSAMが複数の非接触ICチップそれぞれに記憶される暗号鍵をすべて有しており、1つのSAMでいずれの非接触ICチップに対しても情報を読み書きできるように構成されている。 A system having one SAM and a plurality of non-contact IC chips has been proposed in Patent Document 1 (Patent Document 1). In Patent Document 1, one SAM has all the encryption keys stored in each of a plurality of non-contact IC chips, and one SAM can read and write information from or to any of the non-contact IC chips. Have been.
特開2006-98830号公報JP 2006-98830 A
 しかしながら、上記のシステムによると、1つのSAM内に複数のサービス事業者の暗号鍵が混在するため、暗号鍵の管理が困難あるいは煩雑となり、またセキュリティが低下する虞がある。 However, according to the above system, since encryption keys of a plurality of service providers are mixed in one SAM, management of the encryption keys becomes difficult or complicated, and security may be reduced.
 上記の課題は、例えば、次の本発明の一実施形態により解決することができる。 課題 The above problem can be solved, for example, by the following embodiment of the present invention.
 第1鍵情報を記憶する少なくとも1つの第1ユーザ装置と、第2鍵情報を記憶する少なくとも1つの第2ユーザ装置と、前記第1ユーザ装置及び前記第2ユーザ装置のいずれとも近距離無線通信を行うことが可能なクライアント装置と、前記クライアント装置にネットワークを介して接続されるサーバ装置と、前記サーバ装置に接続され、前記第1鍵情報を記憶する少なくとも1つの第1SAM装置と前記第2鍵情報を記憶する少なくとも1つの第2SAM装置とを含む複数のSAM装置と、を備えたシステムにおける前記サーバ装置であって、前記クライアント装置の通信相手が前記第1ユーザ装置である場合は、前記複数のSAM装置の中から一の前記第1SAM装置を選択し、前記選択した一の前記第1SAM装置に対してコマンドの暗号化を要求し、前記選択した一の前記第1SAM装置から前記暗号化されたコマンドを受信して、これを前記クライアント装置を介して前記第1ユーザ装置に対して送信し、前記第1ユーザ装置から前記クライアント装置を介して暗号化されているレスポンスを受信し、前記選択した一の前記第1SAM装置と同じ一の前記第1SAM装置を再選択し、前記再選択した一の前記第1SAM装置に対して前記受信した暗号化されているレスポンスの復号を要求し、前記再選択した一の前記第1SAM装置から復号された前記レスポンスを受信して、これを処理し、前記クライアント装置の通信相手が前記第2ユーザ装置である場合は、前記複数のSAM装置の中から一の前記第2SAM装置を選択し、前記選択した一の前記第2SAM装置に対してコマンドの暗号化を要求し、前記選択した一の前記第2SAM装置から前記暗号化されたコマンドを受信して、これを前記クライアント装置を介して前記第2ユーザ装置に対して送信し、前記第2ユーザ装置から前記クライアント装置を介して暗号化されているレスポンスを受信し、前記選択した一の前記第2SAM装置と同じ一の前記第2SAM装置を再選択し、前記再選択した一の前記第2SAM装置に対して前記受信した暗号化されているレスポンスの復号を要求し、前記再選択した一の前記第2SAM装置から復号された前記レスポンスを受信して、これを処理するサーバ装置。 Short-range wireless communication with at least one first user device that stores first key information, at least one second user device that stores second key information, and with each of the first user device and the second user device Device, a server device connected to the client device via a network, at least one first SAM device connected to the server device and storing the first key information, and the second A plurality of SAM devices including at least one second SAM device for storing key information, and the server device in a system including: a communication partner of the client device is the first user device; Selecting one of the first SAM devices from a plurality of SAM devices, and issuing a command to the selected one of the first SAM devices; Requesting encryption, receiving the encrypted command from the selected one of the first SAM devices, transmitting the encrypted command to the first user device via the client device, Receiving an encrypted response from the device via the client device, reselecting the same one of the selected first SAM devices as the selected one of the first SAM devices, and selecting the reselected one of the first SAM devices; Requesting the client device to decrypt the received encrypted response, receiving the decrypted response from the reselected one of the first SAM devices, processing the response, and communicating with the client device. Is the second user device, selects one of the plurality of SAM devices, the second SAM device, and selects the selected one of the second SAM devices. Requesting command encryption for the second SAM device, receiving the encrypted command from the selected one of the second SAM devices, transmitting the encrypted command to the second user device via the client device, Receiving an encrypted response from the second user device via the client device, reselecting the same one second SAM device as the selected one second SAM device, and reselecting the reselected one A server device that requests the second SAM device to decrypt the received encrypted response, receives the decrypted response from the reselected one of the second SAM devices, and processes the response.
 本発明の一実施形態によれば、サービス事業者ごとにSAM装置を割り当てつつ(つまり、1つのSAM装置の中に複数のサービス事業者の鍵情報が混在しないようにしつつ)、異なるサービス事業者と契約などする複数のユーザ装置内のデータを読み書きすることができる。したがって、鍵情報の管理が簡単で、1つのSAM装置内に複数のサービス事業者の鍵情報が混在することによるセキュリティの低下が抑制できるサーバ装置及びシステムを提供することができる。 According to an embodiment of the present invention, SAM devices are allocated to each service provider (that is, key information of a plurality of service providers is not mixed in one SAM device), and different service providers are used. It is possible to read and write data in a plurality of user devices that contract with the user. Therefore, it is possible to provide a server device and a system that can easily manage key information and can suppress a decrease in security due to a mixture of key information of a plurality of service providers in one SAM device.
実施形態1に係るシステム1の構成例を示す図である。1 is a diagram illustrating a configuration example of a system 1 according to a first embodiment. 実施形態1に係るシステム1の動作例を示すシーケンス図である。FIG. 3 is a sequence diagram illustrating an operation example of the system 1 according to the first embodiment. 実施形態1に係るシステム1の動作例を示すシーケンス図である。FIG. 3 is a sequence diagram illustrating an operation example of the system 1 according to the first embodiment. SAM装置管理テーブルの一例を示す図である。FIG. 6 is a diagram illustrating an example of a SAM device management table. 実施形態2に係るシステムの動作例を部分的に示すシーケンス図である。FIG. 13 is a sequence diagram partially showing an operation example of the system according to the second embodiment.
[実施形態1に係るシステム1]
 図1は実施形態1に係るシステム1の構成例を示す図である。図1に示すように、システム1は、第1鍵情報Aを記憶する少なくとも1つの第1ユーザ装置11と、第2鍵情報Bを記憶する少なくとも1つの第2ユーザ装置12と、第1ユーザ装置11または第2ユーザ装置12と近距離無線通信を行うクライアント装置20と、クライアント装置20にネットワークNWを介して接続されるサーバ装置30と、サーバ装置30に接続され、第1鍵情報Aを記憶する少なくとも1つの第1SAM装置41と第2鍵情報Bを記憶する少なくとも1つの第2SAM装置42とを含む複数のSAM装置と、を備えたシステムである。以下、詳細に説明する。 [System 1 according to Embodiment 1]
FIG. 1 is a diagram illustrating a configuration example of a system 1 according to the first embodiment. As shown in FIG. 1, the system 1 includes at least one first user device 11 that stores first key information A, at least one second user device 12 that stores second key information B, A client device 20 for performing short-range wireless communication with the device 11 or the second user device 12, a server device 30 connected to the client device 20 via a network NW, and a first key information A connected to the server device 30; This is a system including a plurality of SAM devices including at least one first SAM device 41 that stores therein and at least one second SAM device 42 that stores second key information B. The details will be described below.
(第1ユーザ装置11、第2ユーザ装置12)
 第1ユーザ装置11や第2ユーザ装置12は、ユーザが所有し操作する装置である。より具体的には、第1ユーザ装置11は第1のサービス事業者と契約などするユーザが使用するユーザ装置であり、第2ユーザ装置12は第2のサービス事業者と契約などするユーザが使用するユーザ装置である。第1ユーザ装置11や第2ユーザ装置12には、非接触ICチップや非接触ICチップ機能などが内蔵された、スマートフォンや、ICカード(Integrated Circuit Card)ないしはスマートカード(Smart Card)などが含まれ得る。 (First User Device 11, Second User Device 12)
The first user device 11 and the second user device 12 are devices owned and operated by the user. More specifically, the first user device 11 is a user device used by a user who makes a contract with a first service provider, and the second user device 12 is used by a user who makes a contract with a second service provider. User device. The first user device 11 and the second user device 12 include a smartphone, an IC card (Integrated Circuit Card) or a smart card (Smart Card) in which a non-contact IC chip or a non-contact IC chip function is incorporated. Can be
 第1ユーザ装置11と第2ユーザ装置12(より具体的には、例えば上記した非接触ICチップ内の記憶領域や、非接触ICチップ機能を有する装置の記憶領域など)には第1データと第2データがそれぞれ記憶されている。第1データや第2データは、システム1において取り扱われるデータであり、例えば、電子マネーの残高のほか、氏名、生年月日、性別、住所などの個人情報、カードID、カードの有効期限、フロアリミット、カード使用履歴がこれに含まれ得る。フロアリミットとは、オーソリゼーション(信用承認)を必要とする最低金額のことをいう。オーソリゼーションとは、クレジットカードの加盟店が、カード会社に対して、カード利用者(カード会員)の信用確認をすることをいう。フロアリミットに満たない金額の決済については、オーソリゼーションを不要に設定することができ、オーソリゼーションを行うことなく決済を済ませることができる。ただし、フロアリミットを0円に設定することも可能であり、この場合は、事実上、すべての決済についてオーソリゼーションが必要となる。クライアント装置20は、第1SAM装置41から受信したコマンドを第1ユーザ装置11に実行させることにより、第1ユーザ装置11内に記憶される第1データの読み取りまたは書き込み(以下、読み込みのことをリードといい、書き込みのことをライトということがある。)を行う。同様に、クライアント装置20は、第2SAM装置42から受信したコマンドを第2ユーザ装置12に実行させることにより、第2ユーザ装置12内に記憶される第2データのリードまたはライトを行う。 The first user device 11 and the second user device 12 (more specifically, for example, a storage area in the above-described non-contact IC chip or a storage area of a device having a non-contact IC chip function) store the first data The second data is respectively stored. The first data and the second data are data handled in the system 1. For example, in addition to the balance of electronic money, personal information such as name, date of birth, gender, address, card ID, expiration date of the card, floor Limits and card usage history can be included in this. The floor limit is the minimum amount that requires authorization (credit approval). Authorization means that a credit card member store confirms the credit of a card user (card member) with a card company. For the settlement of the amount less than the floor limit, the authorization can be set to be unnecessary, and the settlement can be completed without performing the authorization. However, it is also possible to set the floor limit to 0 yen, and in this case, authorization is required for virtually all settlements. By causing the first user device 11 to execute the command received from the first SAM device 41, the client device 20 reads or writes the first data stored in the first user device 11 (hereinafter, reading is referred to as reading). And writing is sometimes called writing.) Similarly, the client device 20 reads or writes the second data stored in the second user device 12 by causing the second user device 12 to execute the command received from the second SAM device 42.
 第1ユーザ装置11と第2ユーザ装置12(より具体的には、例えば上記した非接触ICチップ内の記憶領域や、非接触ICチップ機能を有する装置の記憶領域など)には、第1鍵情報Aと第2鍵情報Bがそれぞれ記憶されている。第2鍵情報Bは第1鍵情報Aとは異なる鍵情報である。つまり、第1鍵情報Aは第2鍵情報Bとは異なる値をとる。 The first user device 11 and the second user device 12 (more specifically, for example, a storage area in the above-described non-contact IC chip or a storage area of a device having a non-contact IC chip function) have a first key. Information A and second key information B are respectively stored. The second key information B is key information different from the first key information A. That is, the first key information A takes a value different from that of the second key information B.
 本実施形態では、理解を容易にするため、システム1が1つの第1ユーザ装置11と1つの第2ユーザ装置12を有するものとするが、第1ユーザ装置11や第2ユーザ装置12の数は2つであってもよく、3つであってもよく、4つ以上であってもよい。また、第1ユーザ装置11や第2ユーザ装置12に加えて、第3ユーザ装置や第4ユーザ装置などの、第1ユーザ装置11や第2ユーザ装置12とは異なる鍵情報を記憶するユーザ装置が複数存在していてもよい。 In the present embodiment, in order to facilitate understanding, the system 1 has one first user device 11 and one second user device 12, but the number of first user devices 11 and second user devices 12 May be two, three, or four or more. Also, in addition to the first user device 11 and the second user device 12, a user device that stores key information different from the first user device 11 and the second user device 12, such as a third user device and a fourth user device. May exist.
(クライアント装置20)
 クライアント装置20は、第1ユーザ装置11及び第2ユーザ装置12のいずれとも近距離無線通信を行うことが可能な装置であり、例えば、例えばスーパーマーケットやコンビニエンスストアに設置されたレジ装置、駅の改札口に設置された改札機、高速道路の出入り口に設置されたETC(Electronic Toll Collection System)装置、役所に設置された端末、遊園地、映画館、動物園などのレジャー施設に設置された端末(入場時及び/又は退場時に課金を行う端末)、レストランなどの飲食店のレジなどがこれに含まれ得る。クライアント装置20には、例えば第1ユーザ装置11または第2ユーザ装置12との通信を可能にするリーダ/ライタが内蔵又は外付けされている。この場合、クライアント装置20はこのリーダ/ライタを介して第1ユーザ装置11や第2ユーザ装置12と通信を行うことができる。クライアント装置20は、第1ユーザ装置11や第2ユーザ装置12のいずれとも通信可能であるが、一度に通信するのはいずれか一方のユーザ装置1台のみとすることができる。ただし、比較的高速に時分割通信が行われる結果、複数のユーザ装置と同時に通信しているとみなすことができる場合もある。 (Client device 20)
The client device 20 is a device capable of performing short-range wireless communication with any of the first user device 11 and the second user device 12, for example, a cash register device installed in a supermarket or a convenience store, a ticket gate of a station, and the like. Ticket gate installed at the entrance, Electronic Toll Collection System (ETC) installed at the entrance of the highway, terminals installed at government offices, terminals installed at leisure facilities such as amusement parks, movie theaters and zoos (entrance And / or a terminal that charges when leaving), a cash register of a restaurant such as a restaurant, and the like. For example, a reader / writer that enables communication with the first user device 11 or the second user device 12 is built in or externally attached to the client device 20. In this case, the client device 20 can communicate with the first user device 11 and the second user device 12 via the reader / writer. The client device 20 can communicate with either the first user device 11 or the second user device 12, but can communicate with only one of the user devices at a time. However, as a result of the time-division communication being performed at a relatively high speed, there may be cases where communication can be regarded as simultaneous with a plurality of user devices.
 クライアント装置20と第1ユーザ装置11や第2ユーザ装置12との間の通信は、近距離無線通信により行われる。近距離無線通信には、NFC(Near Field Communication)などのようにクライアント装置20と第1ユーザ装置11や第2ユーザ装置12が非接触で通信を行う方式のほか、ISO7816などのようにクライアント装置20と第1ユーザ装置11や第2ユーザ装置12が接触して通信を行う方式が含まれ得る。 Communication between the client device 20 and the first user device 11 or the second user device 12 is performed by short-range wireless communication. The short-range wireless communication includes a method in which the client device 20 and the first user device 11 and the second user device 12 perform communication without contact, such as NFC (Near Field Communication), and a client device, such as ISO7816. A method of performing communication by contacting the first user device 11 and the second user device 12 with the user device 20 may be included.
 本実施形態では、理解を容易にするため、システム1が1つのクライアント装置20を有するものとするが、クライアント装置20の数は2つであってもよく、3つであってもよく、4つ以上であってもよい。 In the present embodiment, in order to facilitate understanding, the system 1 has one client device 20, but the number of client devices 20 may be two, three, or four. There may be more than one.
(サーバ装置30)
 サーバ装置30は、クライアント装置20にネットワークNWを介して接続される装置である。ネットワークNWは例えばインターネットである。クライアント装置20とサーバ装置30との間の通信は例えばHTTPSや、TCP/IP、UDPなどのプロトコルに従って行われる。サーバ装置30は例えばCPUなどからなる演算装置とRAMやハードディスクなどからなる記憶装置を備えている。記憶装置には例えばプログラムやデータが記憶されており、サーバ装置30は、例えば演算装置が記憶装置からプログラムを読み出し実行することにより動作する。なお、データには後述するSAM管理テーブルが含まれ得る。サーバ装置30は1台の装置であってもよいが、サーバ装置30の処理は、複数の装置に分散されていてもよい。この場合は、クライアント装置20からみたときに、実質的にサーバ装置30が1台で動作しているように見えるため、当該複数の装置全体をサーバ装置30とみなす。 (Server device 30)
The server device 30 is a device connected to the client device 20 via the network NW. The network NW is, for example, the Internet. Communication between the client device 20 and the server device 30 is performed in accordance with a protocol such as HTTPS, TCP / IP, or UDP. The server device 30 includes, for example, an arithmetic device including a CPU and a storage device including a RAM and a hard disk. For example, programs and data are stored in the storage device, and the server device 30 operates when, for example, the arithmetic device reads out and executes the program from the storage device. Note that the data may include a SAM management table described later. The server device 30 may be a single device, but the processing of the server device 30 may be distributed to a plurality of devices. In this case, when viewed from the client device 20, the server device 30 substantially appears to be operating as a single device, and thus the entire plurality of devices are regarded as the server device 30.
 サーバ装置30とクライアント装置20との間では、例えば、暗号化されたコマンドやレスポンスが、パケット形式で送受信される。すなわち、サーバ装置30は、例えば、暗号化されたコマンドをペイロード部に含むパケットをクライアント装置20に送信する。換言すると、サーバ装置30は、例えば、暗号化されたコマンドに、あるいはこれにその他のデータを加えたデータに、ヘッダ部を付加してクライアント装置20に送信する。クライアント装置20は、サーバ装置30からパケットを受信した場合、受信したパケットから暗号化されたコマンドを取り出し、第1ユーザ装置11や第2ユーザ装置12に送信する。同様に、クライアント装置20は、例えば、暗号化されたレスポンスをペイロード部に含むパケットをサーバ装置30に送信する。換言すると、クライアント装置20は、例えば、暗号化されたレスポンスに、あるいはこれにその他のデータを加えたデータに、ヘッダ部を付加してサーバ装置30に送信する。サーバ装置30は、クライアント装置20からパケットを受信した場合、受信したパケットから暗号化されたレスポンスを取り出し、第1SAM装置41や第2SAM装置42に送信する。 For example, encrypted commands and responses are transmitted and received between the server device 30 and the client device 20 in a packet format. That is, the server device 30 transmits, for example, a packet including the encrypted command in the payload portion to the client device 20. In other words, the server device 30 transmits the encrypted command or the data obtained by adding other data to the encrypted command to the client device 20 with a header added. When receiving the packet from the server device 30, the client device 20 extracts the encrypted command from the received packet and transmits the command to the first user device 11 and the second user device 12. Similarly, the client device 20 transmits, for example, a packet including the encrypted response in the payload portion to the server device 30. In other words, the client device 20 transmits the encrypted response or the data obtained by adding other data to the encrypted response to the server device 30 with the header added. When receiving the packet from the client device 20, the server device 30 extracts an encrypted response from the received packet and transmits the response to the first SAM device 41 and the second SAM device 42.
 クライアント装置20からサーバ装置30に送信されるパケットのペイロード部またはヘッダ部には、クライアント装置20を識別するクライアント装置識別情報が含まれていることが好ましく、さらに鍵情報識別情報が含まれていることがより好ましい。さらに、クライアント装置20とサーバ装置30の間で送受信されるパケットのペイロード部またはヘッダ部には、セッションIDやシーケンス番号などを含めることもできる。クライアント装置識別情報がパケットに含まれる場合は、サーバ装置30による、第1SAM装置41や第2SAM装置42の再選択が容易になる。鍵情報識別情報がパケットに含まれる場合は、サーバ装置30による、第1SAM装置41や第2SAM装置42の選択が容易になる。 The payload portion or the header portion of the packet transmitted from the client device 20 to the server device 30 preferably includes client device identification information for identifying the client device 20, and further includes key information identification information. Is more preferable. Furthermore, the payload part or the header part of the packet transmitted and received between the client device 20 and the server device 30 may include a session ID, a sequence number, and the like. When the client device identification information is included in the packet, reselection of the first SAM device 41 and the second SAM device 42 by the server device 30 becomes easy. When the key information identification information is included in the packet, the selection of the first SAM device 41 or the second SAM device 42 by the server device 30 becomes easy.
 本実施形態では、理解を容易にするため、システム1が1つのサーバ装置30を有するものとするが、サーバ装置30の数は2つであってもよいし、3つであってもよいし、4つ以上であってもよい。この場合、クライアント装置は、通信相手となるサーバ装置を切り替えることができる。また、クライアント装置が複数配置される場合には、例えば、ある地域や商業施設などに配置される1つ以上のクライアント装置の通信先を一のサーバ装置に設定し、他の地域や商業施設などに配置される1つ以上のクライアント装置の通信先を他のサーバ装置に設定することにより、サーバ装置の負荷を軽減することができる。 In the present embodiment, in order to facilitate understanding, the system 1 has one server device 30, but the number of server devices 30 may be two or three. Or four or more. In this case, the client device can switch the server device as the communication partner. In the case where a plurality of client devices are arranged, for example, the communication destination of one or more client devices arranged in a certain area or a commercial facility is set to one server device, and the communication destination is set in another area or a commercial facility. By setting the communication destination of one or more client devices arranged in the server to another server device, the load on the server device can be reduced.
(複数のSAM装置)
 SAM装置とは、SAM(Secure Application Module)の機能を備えた装置である。複数のSAM装置は、第1鍵情報Aを記憶する少なくとも1つの第1SAM装置41と第2鍵情報Bを記憶する少なくとも1つの第2SAM装置42とを含んでいる。第1SAM装置41は第1のサービス事業者に割り当てられている鍵情報を記憶するSAM装置であり、第2SAM装置42は第2のサービス事業者に割り当てられている鍵情報を記憶するSAM装置である。第1鍵情報Aと第2鍵情報Bは第1ユーザ装置11と第2ユーザ装置12にもそれぞれ記憶されている。つまり、第1SAM装置41と第1ユーザ装置11は共通の鍵情報を記憶しており、第2SAM装置42と第2ユーザ装置12は共通の鍵情報を記憶している。 (Multiple SAM devices)
The SAM device is a device having a function of a SAM (Secure Application Module). The plurality of SAM devices include at least one first SAM device 41 that stores first key information A and at least one second SAM device 42 that stores second key information B. The first SAM device 41 is a SAM device that stores key information assigned to a first service provider, and the second SAM device 42 is a SAM device that stores key information allocated to a second service provider. is there. The first key information A and the second key information B are also stored in the first user device 11 and the second user device 12, respectively. That is, the first SAM device 41 and the first user device 11 store common key information, and the second SAM device 42 and the second user device 12 store common key information.
 SAM装置には、一のサービス事業者に割り当てられている鍵情報のみしか記憶することができないもののほか、複数のサービス事業者に割り当てられている鍵情報を記憶することが可能なものが含まれる。ただし、本実施形態では、後者のSAM装置を用いる場合であっても、一のSAM装置には一のサービス事業者に割り当てられている鍵情報のみしか記憶させないものとする。つまり、後者のSAM装置を用いる場合は、SAM装置の仕様上や構造上は、一のSAM装置に複数のサービス事業者に割り当てられている鍵情報を記憶させることが可能であるが、本実施形態では、このようなSAM装置を用いる場合であっても、一のSAM装置には一のサービス事業者に割り当てられている鍵情報しか記憶させないものとする。 SAM devices include those capable of storing only key information assigned to one service provider and those capable of storing key information assigned to a plurality of service providers. . However, in the present embodiment, even when the latter SAM device is used, one SAM device stores only the key information assigned to one service provider. In other words, in the case of using the latter SAM device, it is possible to store key information assigned to a plurality of service providers in one SAM device according to the specifications and structure of the SAM device. In the embodiment, even when such a SAM device is used, one SAM device stores only the key information assigned to one service provider.
 1つのSAM装置には、一のサービス事業者に割り当てられている一の鍵情報のみを記憶させてもよい。例えば、10台のSAM装置がある場合は、そのうちの6台それぞれに第1サービス事業者に割り当てられている一の鍵情報Pを記憶させ、残りの4台それぞれに第2サービス事業者に割り当てられている一の鍵情報Qを記憶させることができる。このようにすれば、鍵情報とSAM装置を一対一に対応付けることができるため、鍵情報の管理がより簡単になる。 (1) Only one key information assigned to one service provider may be stored in one SAM device. For example, when there are 10 SAM devices, one of them stores one piece of key information P assigned to the first service provider, and the remaining four units are assigned to the second service provider. The stored key information Q can be stored. This makes it possible to associate the key information with the SAM device on a one-to-one basis, thereby simplifying the management of the key information.
 他方、1つのSAM装置には、一のサービス事業者に割り当てられている複数の鍵情報を記憶させてもよい。例えば、10台のSAM装置がある場合は、そのうちの6台それぞれに第1サービス事業者に割り当てられている複数の鍵情報P1・・PN(Nは2以上の整数)を記憶させ、残りの4台それぞれに第2サービス事業者に割り当てられている複数の鍵情報Q1・・QN(Nは2以上の整数)を記憶させることができる。つまり、前者の6台のSAM装置はいずれも複数の鍵情報P1・・PN(Nは2以上の整数)を記憶し、後者の4台のSAM装置はいずれも複数の鍵情報Q1・・QN(Nは2以上の整数)を記憶する。このようにすれば、例えば一のサービス事業者に割り当てられている一の鍵情報が流出などした場合であっても、SAM装置を取り替えることなく、鍵情報を一の鍵情報から、当該一のサービス事業者に割り当てられている他の鍵情報に切り替えることにより、セキュリティを確保することができる。一のサービス事業者のユーザ数が多い場合は、処理能力の向上のため、一のサービス事業者に割り当てられている鍵情報を複数のSAM装置に記憶させ、これらをサーバ装置に接続させることが有効である。しかし、1つのSAM装置に一のサービス事業者に割り当てられている一の鍵情報のみしか記憶させない場合は、当該一の鍵情報が流出した場合に、一のサービス事業者用の複数のSAM装置をすべて取り替えたり、一のサービス事業者用のすべてのSAM装置に対して新たな鍵情報を記憶させ直したり、などする復旧作業が必要になる。しかし、一のサービス事業者用の複数のSAM装置それぞれに、当該一のサービス事業者に割り当てられている複数の鍵情報を記憶させておけば、前記のとおり、SAM装置を取り替えることなく、鍵情報を切り替えることができる。したがって、鍵情報の流出などが生じた場合でも、セキュリティの確保を容易に継続することができる。 {On the other hand, one SAM device may store a plurality of pieces of key information assigned to one service provider. For example, when there are ten SAM devices, a plurality of key information P1... PN (N is an integer of 2 or more) assigned to the first service provider is stored in each of the six SAM devices, and the remaining SAM devices are stored. A plurality of pieces of key information Q1... QN (N is an integer of 2 or more) assigned to the second service provider can be stored in each of the four units. That is, the former six SAM devices each store a plurality of key information P1... PN (N is an integer of 2 or more), and the latter four SAM devices each store a plurality of key information Q1. (N is an integer of 2 or more). In this way, for example, even if one key information assigned to one service provider leaks out, the key information is converted from the one key information without replacing the SAM device. By switching to other key information assigned to the service provider, security can be ensured. When the number of users of one service provider is large, it is possible to store key information assigned to one service provider in a plurality of SAM devices and connect them to a server device in order to improve processing capacity. It is valid. However, when only one key information assigned to one service provider is stored in one SAM device, a plurality of SAM devices for one service provider are required when the one key information leaks. For example, it is necessary to perform a recovery operation such as replacing all of the SAMs or storing new key information in all the SAM devices for one service provider. However, if a plurality of pieces of key information assigned to the one service provider are stored in each of the plurality of SAM apparatuses for one service provider, the key can be changed without replacing the SAM apparatus as described above. Information can be switched. Therefore, even when the key information is leaked, security can be easily maintained.
 第1鍵情報Aと第2鍵情報Bは、相互認証において使用される鍵情報であり、サービス事業者ごとに割り当てられるものとする。例えば、Suica(登録商標)のサービス事業者に対して第1鍵情報Aが割り当てられる場合は、Edy(登録商標)のサービス事業者に対してはこれとは異なる第2鍵情報Bが割り当てられるものとする。また、第1鍵情報Aは、例えば、第1SAM装置41と第1ユーザ装置11とが有している秘密鍵であり、第2鍵情報Bは、例えば第2SAM装置42と第2ユーザ装置12とが有している秘密鍵である。相互認証とは、ユーザ装置とSAM装置が互いに同一の鍵情報を有していること確認することにより、ユーザ装置はSAM装置を、SAM装置はユーザ装置を認証することをいう。相互認証により、互いの真正性が確認される。つまり、ユーザ装置にとってはSAM装置が偽造されたものでないことが確認され、SAM装置にとってはユーザ装置が偽造されたものでないことが確認される。 The first key information A and the second key information B are key information used in mutual authentication, and are assigned to each service provider. For example, when the first key information A is assigned to the Suica (registered trademark) service provider, a different second key information B is assigned to the Edy (registered trademark) service provider. Shall be. Further, the first key information A is, for example, a secret key of the first SAM device 41 and the first user device 11, and the second key information B is, for example, the second SAM device 42 and the second user device 12 Is the secret key possessed by. Mutual authentication means that the user device authenticates the SAM device and the SAM device authenticates the user device by confirming that the user device and the SAM device have the same key information. Mutual authentication confirms the authenticity of each other. That is, it is confirmed that the SAM device is not forged for the user device, and that the user device is not forged for the SAM device.
 相互認証は様々な方法により実行することができる。一例を挙げると例えば次のとおりである。
(1)まず、SAM装置が、第1乱数を生成してこれを自装置が有する鍵情報で暗号化し、ユーザ装置に送信する。
(2)次に、ユーザ装置が、SAM装置から暗号化された第1乱数を受信し、これを自装置が有する鍵情報で復号して第1乱数を取得し、取得した第1乱数を自装置が有する鍵情報で暗号化する。また、ユーザ装置は、第2乱数を生成してこれを自装置が有する鍵情報で暗号化する。そして、ユーザ装置は、暗号化された第1乱数と、暗号化された第2乱数とを、SAM装置へ送信する。
(3)次に、SAM装置は、ユーザ装置から暗号化された第1乱数を受信し、これを自装置が有する鍵情報で復号して第1乱数を取得し、上記(1)で自らが生成した第1乱数と比較する。一致している場合はユーザ装置が同じ鍵情報を有していると判断し、ユーザ装置を認証する。
(4)また、SAM装置は、ユーザ装置から暗号化された第2乱数を受信し、これを自装置が有する鍵情報で復号して第2乱数を取得し、取得した第2乱数を自装置が有する鍵情報で暗号化する。そして、SAM装置は、暗号化された第2乱数をユーザ装置へ送信する。
(5)次に、ユーザ装置は、SAM装置から暗号化された第2乱数を受信し、これを自装置が有する鍵情報で復号して第2乱数を取得し、上記(2)で自らが生成した第2乱数と比較する。一致している場合はSAM装置が同じ鍵情報を有していると判断し、SAM装置を認証する。 Mutual authentication can be performed in various ways. An example is as follows.
(1) First, the SAM device generates a first random number, encrypts the first random number with the key information of its own device, and transmits it to the user device.
(2) Next, the user device receives the encrypted first random number from the SAM device, decrypts the encrypted first random number with the key information of the user device, obtains the first random number, and uses the obtained first random number as the self device. Encrypt with the key information of the device. Further, the user device generates a second random number and encrypts the second random number with key information of the user device. Then, the user device transmits the encrypted first random number and the encrypted second random number to the SAM device.
(3) Next, the SAM device receives the encrypted first random number from the user device, decrypts the encrypted first random number with the key information of the own device, obtains the first random number, and obtains the first random number in (1). Compare with the generated first random number. If they match, it is determined that the user device has the same key information, and the user device is authenticated.
(4) In addition, the SAM device receives the encrypted second random number from the user device, decrypts the encrypted second random number with the key information of the device itself, obtains the second random number, and transmits the obtained second random number to the device itself. Is encrypted with the key information possessed by. Then, the SAM device transmits the encrypted second random number to the user device.
(5) Next, the user apparatus receives the encrypted second random number from the SAM apparatus, decrypts the encrypted second random number with the key information of the user apparatus to obtain the second random number, and obtains the second random number in (2) above. Compare with the generated second random number. If they match, it is determined that the SAM device has the same key information, and the SAM device is authenticated.
 第1SAM装置41と第1ユーザ装置11は、例えば、相互認証の際に生成された乱数を用いて第1セッション鍵を生成する。そして、第1SAM装置41は、この生成した第1セッション鍵を用いて、第1ユーザ装置11に対するコマンドを暗号化するとともに、第1ユーザ装置11から受信したレスポンスを復号する。また、第1ユーザ装置11は、この生成した第1セッション鍵を用いて、第1SAM装置41から受信したコマンドを復号するとともに、第1SAM装置41に対するレスポンスを暗号化する。同様に、第2SAM装置42と第2ユーザ装置12は、例えば、相互認証の際に生成された乱数を用いて第2セッション鍵を生成する。そして、そして、第2SAM装置42は、この生成した第2セッション鍵を用いて、第2ユーザ装置12に対するコマンドを暗号化するとともに、第2ユーザ装置12から受信したレスポンスを復号する。また、第2ユーザ装置12は、この生成した第2セッション鍵を用いて、第2SAM装置42から受信したコマンドを復号するとともに、第2SAM装置42に対するレスポンスを暗号化する。第1セッション鍵や第2セッション鍵を、相互認証の際に生成された乱数(例:上記の第1乱数、第2乱数、あるいはこれらの組み合わせ)を用いて生成するものとすれば、これらの鍵の値が、相互認証の度に異なり得るため、セキュリティが向上する。なお、本実施形態では、1つセッションは一の相互認証により開始されものとし、相互認証が再び行われた場合は別のセッションが開始するものとする。第1セッション鍵や第2セッション鍵は、相互認証の度に異なる値をとる得る鍵情報であり、実質的に、1回の相互認証に限り、つまり1つのセッションに限り有効である。このため、第1セッション鍵や第2セッション鍵を「セッション鍵」と称している。 The first SAM device 41 and the first user device 11 generate a first session key using, for example, a random number generated at the time of mutual authentication. Then, the first SAM device 41 uses the generated first session key to encrypt the command for the first user device 11 and to decrypt the response received from the first user device 11. In addition, the first user device 11 uses the generated first session key to decrypt the command received from the first SAM device 41 and encrypt the response to the first SAM device 41. Similarly, the second SAM device 42 and the second user device 12 generate a second session key using, for example, a random number generated during mutual authentication. Then, the second SAM device 42 uses the generated second session key to encrypt the command for the second user device 12 and to decrypt the response received from the second user device 12. Further, the second user device 12 uses the generated second session key to decrypt the command received from the second SAM device 42 and encrypt the response to the second SAM device 42. If the first session key and the second session key are generated by using random numbers generated at the time of mutual authentication (for example, the first random number, the second random number, or a combination thereof), these are used. Since the value of the key may be different for each mutual authentication, security is improved. In this embodiment, one session is started by one mutual authentication, and another session is started when the mutual authentication is performed again. The first session key and the second session key are key information that can take different values each time mutual authentication is performed, and are substantially effective only for one mutual authentication, that is, only for one session. For this reason, the first session key and the second session key are referred to as “session keys”.
 暗号化のアルゴリズムはサービス事業者間、つまり各サービス事業者が用いるSAM装置の間で共通である。例えば、第1SAM装置41が相互認証を行ったり第1セッション鍵を生成したりなどするアルゴリズムと、第2SAM装置42が相互認証を行ったり第2セッション鍵を生成したりなどするアルゴリズムは同じである。また、第1SAM装置41(第1ユーザ装置11)が第1セッション鍵を用いてコマンドを暗号化(復号)するアルゴリズムと、第2SAM装置42(第2ユーザ装置12)が第2セッション鍵を用いてコマンドを暗号化(復号)するアルゴリズムは同じである。また、第1ユーザ装置11(第1SAM装置41)が第1セッション鍵を用いてレスポンスを復号(暗号化)するアルゴリズムと、第2SAM装置42(第2ユーザ装置12)が第2セッション鍵を用いてレスポンスを復号(暗号化)するアルゴリズムは同じである。なお、アルゴリズムの違いはSAM装置の種別の違いに対応する。つまり、アルゴリズムが異なれば、SAM装置の種別が異なる。例えば、FeliCa(登録商標)とMifare(登録商標)ではアルゴリズムが異なるため、両規格に基づくSAM装置は種別が異なる。なお、アルゴリズムが同じであるかどうかは、データの処理手順やデータの処理に関するプロトコルが同じであるかどうかにより定めることができる。 (4) The encryption algorithm is common between service providers, that is, between SAM devices used by each service provider. For example, the algorithm by which the first SAM device 41 performs mutual authentication and generates the first session key is the same as the algorithm by which the second SAM device 42 performs mutual authentication and generates the second session key. . Also, an algorithm in which the first SAM device 41 (first user device 11) encrypts (decrypts) a command using the first session key and a second SAM device 42 (second user device 12) uses the second session key The algorithm for encrypting (decrypting) the command is the same. Also, an algorithm in which the first user device 11 (first SAM device 41) decrypts (encrypts) the response using the first session key, and a second SAM device 42 (second user device 12) uses the second session key The algorithm for decrypting (encrypting) the response is the same. The difference in the algorithm corresponds to the difference in the type of the SAM device. That is, if the algorithm is different, the type of the SAM device is different. For example, since algorithms are different between FeliCa (registered trademark) and Mifare (registered trademark), SAM devices based on both standards have different types. Whether or not the same algorithm is used can be determined based on whether or not the data processing procedure and the data processing protocol are the same.
 コマンドは、第1ユーザ装置11や第2ユーザ装置12が実行すべき命令を識別する情報あるいは実行すべき命令そのものである。命令には、第1データや第2データの読み出し(リード)を指示するもののほか、第1データの書き込み(ライト)を指示するものが含まれ得る。例えば第1データや第2データが電子マネーの残高やユーザの個人情報である場合、第1データや第2データの読み出し(リード)を命令するコマンドは、電子マネーの残高照会や身元照会を行う場合に用いることができる。また、第1データや第2データの書き込み(ライト)を命令するコマンドは、電子マネーの残高を増額する場合や減額する場合、あるいは住所などの個人情報の更新に用いられる。 The @command is information for identifying a command to be executed by the first user device 11 or the second user device 12, or a command itself to be executed. The instruction may include an instruction for reading (reading) the first data and the second data, and an instruction for writing (writing) the first data. For example, when the first data or the second data is the balance of electronic money or the personal information of the user, the command for instructing the reading (reading) of the first data or the second data performs the balance inquiry and the identity inquiry of the electronic money. Can be used in some cases. The command for writing the first data or the second data is used to increase or decrease the balance of electronic money, or to update personal information such as an address.
 レスポンスは、第1ユーザ装置11や第2ユーザ装置12によるコマンドの実行結果に応じた情報であり、第1データや第2データの読み出し結果や書き込み結果が含まれる。例えば、コマンドが第1データや第2データの読み出し(リード)を命令するもののである場合は、第1ユーザ装置11や第2ユーザ装置12に記憶されている第1データや第2データがレスポンスに含まれ得る。また、例えば、コマンドが第1データや第2データの書き込み(ライト)を命令するもののである場合は、書き込みの成否(成功または失敗の別)がレスポンスに含まれ得る。なお、レスポンスには、コマンドの実行結果に応じた情報のほか、第1SAM装置41と第1ユーザ装置11との間や、第2SAM装置42と第2ユーザ装置12との間で行われる相互認証の演算結果データなども含まれ得る。 The response is information corresponding to a command execution result by the first user device 11 or the second user device 12, and includes a read result and a write result of the first data and the second data. For example, when the command instructs the reading (reading) of the first data and the second data, the first data and the second data stored in the first user device 11 and the second user device 12 respond to the command. Can be included. Further, for example, when the command instructs writing (writing) of the first data or the second data, the success or failure of writing (whether successful or failed) may be included in the response. The response includes, in addition to information corresponding to the execution result of the command, mutual authentication performed between the first SAM device 41 and the first user device 11 and between the second SAM device 42 and the second user device 12. May be included.
 本実施形態では、理解を容易にするため、システム1が1つの第1SAM装置41と1つの第2SAM装置42を有するものとするが、第1SAM装置41や第2SAM装置42の数は2つであってもよく、3つであってもく、4つ以上であってもよい。また、第1SAM装置41や第2SAM装置42に加えて、第3SAM装置や第4SAM装置などの、第1SAM装置41や第2SAM装置42とは異なる鍵情報を記憶するSAM装置が複数存在していてもよい。 In this embodiment, in order to facilitate understanding, the system 1 has one first SAM device 41 and one second SAM device 42, but the number of the first SAM device 41 and the second SAM device 42 is two. There may be three, or four or more. Also, in addition to the first SAM device 41 and the second SAM device 42, there are a plurality of SAM devices such as a third SAM device and a fourth SAM device that store key information different from those of the first SAM device 41 and the second SAM device 42. Is also good.
[実施形態1に係るシステム1の動作例]
 次に、図2A、図2Bを参照しつつ、実施形態1に係るシステム1の動作例について説明する。図2A、図2Bは、実施形態1に係るシステム1の動作例を示すシーケンス図である。以下では、一例として、クライアント装置20がスーパーに設置されたPOS端末であり、第1ユーザ装置11が第1買い物客のスマートフォンであり、第2ユーザ装置12が第1買い物客とは異なる第2買い物客のスマートフォンであり、第1買い物客がクライアント装置20の一例であるPOS端末において第1の電子マネー(例えばSuica(登録商標))で1,000円の決済を行い、続けて、第2買い物客がクライアント装置20の一例であるPOS端末において第2の電子マネー(例えばEdy(登録商標))で3,000円の決済を行うものとして説明を行う。 [Operation Example of System 1 According to First Embodiment]
Next, an operation example of the system 1 according to the first embodiment will be described with reference to FIGS. 2A and 2B. 2A and 2B are sequence diagrams illustrating an operation example of the system 1 according to the first embodiment. Hereinafter, as an example, the client device 20 is a POS terminal installed in a supermarket, the first user device 11 is a smartphone of a first shopper, and the second user device 12 is a second POS terminal different from the first shopper. A first shopper who is a shopper's smartphone and makes a payment of 1,000 yen with first electronic money (for example, Suica (registered trademark)) at a POS terminal, which is an example of the client device 20, The description will be made on the assumption that the shopper makes a payment of 3,000 yen with the second electronic money (for example, Edy (registered trademark)) at the POS terminal which is an example of the client device 20.
 まず、クライアント装置20の通信相手が第1ユーザ装置11である場合について説明する。 First, a case where the communication partner of the client device 20 is the first user device 11 will be described.
(Step1)
 まず、クライアント装置20が、サーバ装置30に対して、第1ユーザ装置11に実行させるコマンドの送信を要求する。例えば、クライアント装置20の一例であるPOS端末が、第1買い物客が購入を希望する商品のバーコードから1,000円の情報を読み取り、サーバ装置30に対して、所定のビット列を送信することにより、1,000円を減額するコマンドの送信を要求する。この要求にはクライアント装置20を識別するクライアント装置識別情報を含めることができる。 (Step 1)
First, the client device 20 requests the server device 30 to transmit a command to be executed by the first user device 11. For example, a POS terminal as an example of the client device 20 reads information of 1,000 yen from a barcode of a product that the first shopper wants to purchase, and transmits a predetermined bit string to the server device 30. Requesting transmission of a command to reduce 1,000 yen. The request can include client device identification information for identifying the client device 20.
(Step2、3)
 次に、サーバ装置30が、複数のSAM装置の中から一の第1SAM装置41を選択する。この選択は、例えば、サーバ装置30が第1ユーザ装置11からクライアント装置20を介して鍵情報識別情報を受信し(Step2)、この受信した鍵情報識別情報に対応付けて記憶されているSAM装置識別情報を図3に記載するSAM装置管理テーブルから読み出し、この読み出したSAM装置識別情報により識別されるSAM装置を選択し、選択されたSAM装置に対して第1ユーザ装置11との相互認証を行うよう通知する(Step3)、ことにより行うことができる。なお、Step1の要求にクライアント装置識別情報が含まれている場合や、その他の方法によりサーバ装置30がクライアント装置20のクライアント装置識別情報を有している場合、サーバ装置30は、このクライアント装置識別情報を、Step3で読み出したSAM装置識別情報に対応付けて、図3に記載するSAM装置管理テーブルに記憶することができる。 (Steps 2 and 3)
Next, the server device 30 selects one first SAM device 41 from the plurality of SAM devices. This selection is made, for example, by the server device 30 receiving the key information identification information from the first user device 11 via the client device 20 (Step 2), and storing the SAM device stored in association with the received key information identification information. The identification information is read from the SAM device management table shown in FIG. 3, the SAM device identified by the read SAM device identification information is selected, and the selected SAM device is mutually authenticated with the first user device 11. The notification can be made (Step 3). If the client device identification information is included in the request in Step 1 or the server device 30 has the client device identification information of the client device 20 by another method, the server device 30 The information can be stored in the SAM device management table shown in FIG. 3 in association with the SAM device identification information read in Step 3.
(Step4、5)
 次に、選択した一の第1SAM装置41と第1ユーザ装置11との間で第1鍵情報Aを用いた相互認証が行われ、第1セッション鍵が生成される(Step4)。生成された第1セッション鍵は、一の第1SAM装置41と第1ユーザ装置11との双方に記憶される。なお、相互認証の完了後、第1SAM装置41は、相互認証が完了した旨をサーバ装置30に対して通知する(Step5)。 (Steps 4 and 5)
Next, mutual authentication using the first key information A is performed between the selected one first SAM device 41 and the first user device 11, and a first session key is generated (Step 4). The generated first session key is stored in both the first SAM device 41 and the first user device 11. After the completion of the mutual authentication, the first SAM device 41 notifies the server device 30 that the mutual authentication has been completed (Step 5).
(Step6)
 次に、サーバ装置30が、選択した一の第1SAM装置41に対して、クライアント装置20に対して送信するコマンドの暗号化を要求する。例えば、所定のビット列を送信することにより、1,000円を減額するコマンドの暗号化を要求する。 (Step 6)
Next, the server device 30 requests the selected one of the first SAM devices 41 to encrypt a command to be transmitted to the client device 20. For example, by transmitting a predetermined bit string, a request for command encryption for reducing the amount of 1,000 yen is required.
(Step7)
 次に、選択された一の第1SAM装置41が、要求を受けたコマンドを生成し、これを暗号化する。例えば、選択された一の第1SAM装置41が、1,000円を減額するコマンドを生成し、これをStep4で生成した第1セッション鍵で暗号化する。 (Step 7)
Next, the selected one first SAM device 41 generates the requested command and encrypts it. For example, the selected one first SAM device 41 generates a command for reducing the amount of 1,000 yen, and encrypts the command with the first session key generated in Step 4.
(Step8)
 次に、サーバ装置30が、選択した一の第1SAM装置41から暗号化されたコマンドを受信する。 (Step 8)
Next, the server device 30 receives the encrypted command from the one selected first SAM device 41.
(Step9)
 次に、サーバ装置30が、暗号化されたコマンドをクライアント装置20を介して第1ユーザ装置11に送信する。 (Step 9)
Next, the server device 30 transmits the encrypted command to the first user device 11 via the client device 20.
(Step10)
 次に、第1ユーザ装置11が、サーバ装置30からクライアント装置20を介して受信したコマンドを復号し、復号したコマンドを実行し、その結果に応じたレスポンスを暗号化し、暗号化されたレスポンスをクライアント装置20を介してサーバ装置30に送信する。これにより、サーバ装置30が、クライアント装置20の通信相手である第1ユーザ装置11から、暗号化されているレスポンスを受信する。第1ユーザ装置11あるいはクライアント装置20は、このレスポンスを含むパケットに、例えば、クライアント装置20を識別するクライアント装置識別情報を含めることができる。 (Step 10)
Next, the first user device 11 decrypts the command received from the server device 30 via the client device 20, executes the decrypted command, encrypts a response corresponding to the result, and transmits the encrypted response. The data is transmitted to the server device 30 via the client device 20. As a result, the server device 30 receives the encrypted response from the first user device 11, which is the communication partner of the client device 20. The first user device 11 or the client device 20 can include, for example, client device identification information for identifying the client device 20 in the packet including the response.
(Step11)
 次に、サーバ装置30が、先に選択した一の第1SAM装置41と同じ第1SAM装置41を再選択し、再選択した第1SAM装置41に対してクライアント装置20から受信した暗号化されているレスポンスの復号を要求する。この再選択は、受信したレスポンスを含むパケットにクライアント装置識別情報が含まれている場合は、このクライアント装置識別情報に対応付けて記憶されているSAM装置識別情報を図3に記載するSAM装置管理テーブルから読み出し、この読み出したSAM装置識別情報により識別されるSAM装置を選択することにより行うことができる。この要求は、例えば、所定のビット列を送信することにより行うこができる。 (Step 11)
Next, the server device 30 reselects the same first SAM device 41 as the previously selected one first SAM device 41, and the re-selected first SAM device 41 is encrypted and received from the client device 20. Request to decrypt the response. In this reselection, when the client device identification information is included in the packet including the received response, the SAM device identification information stored in association with the client device identification information is described in the SAM device management shown in FIG. This can be performed by reading from the table and selecting the SAM device identified by the read SAM device identification information. This request can be made, for example, by transmitting a predetermined bit string.
(Step12)
 次に、再選択した一の第1SAM装置41が、暗号化されているレスポンスを復号する。 (Step 12)
Next, the one reselected first SAM device 41 decrypts the encrypted response.
(Step13)
 次に、サーバ装置30が、再選択した一の第1SAM装置41から復号されたレスポンスを受信して、これを処理する。この処理には、例えば、図3のSAM装置管理テーブルから、再選択した一の第1SAM装置41を識別するSAM装置識別情報に対応付けて記憶されているクライアント装置識別情報を削除する処理などが含まれ得る。 (Step 13)
Next, the server device 30 receives the decrypted response from the reselected one of the first SAM devices 41 and processes it. This process includes, for example, a process of deleting the client device identification information stored in association with the SAM device identification information identifying one reselected first SAM device 41 from the SAM device management table of FIG. May be included.
(Step14)
 次に、サーバ装置30が、1,000円を減額する処理が終了した旨をクライアント装置20に通知する。 (Step 14)
Next, the server device 30 notifies the client device 20 that the process of reducing the 1,000 yen has been completed.
 続けて、クライアント装置20の通信相手が第2ユーザ装置12である場合について説明する。 Next, a case where the communication partner of the client device 20 is the second user device 12 will be described.
(Step21)
 まず、クライアント装置20が、サーバ装置30に対して、第2ユーザ装置12に実行させるコマンドの送信を要求する。例えば、クライアント装置20の一例であるPOS端末が、第2買い物客が購入を希望する商品のバーコードから3,000円の情報を読み取り、サーバ装置30に対して、所定のビット列を送信することにより、3,000円を減額するコマンドの送信を要求する。この要求にはクライアント装置20を識別するクライアント装置識別情報を含めることができる。 (Step 21)
First, the client device 20 requests the server device 30 to transmit a command to be executed by the second user device 12. For example, a POS terminal, which is an example of the client device 20, reads information of 3,000 yen from a barcode of a product that the second shopper wants to purchase, and transmits a predetermined bit string to the server device 30. Requesting transmission of a command to reduce 3,000 yen. The request can include client device identification information for identifying the client device 20.
(Step22、23)
 次に、サーバ装置30が、複数のSAM装置の中から一の第2SAM装置42を選択する。この選択は、例えば、サーバ装置30が第2ユーザ装置12からクライアント装置20を介して鍵情報識別情報を受信し(Step22)、この受信した鍵情報識別情報に対応付けて記憶されているSAM装置識別情報を図3に記載するSAM装置管理テーブルから読み出し、この読み出したSAM装置識別情報により識別されるSAM装置を選択し、選択されたSAM装置に対して第2ユーザ装置12との相互認証を行うよう通知する(Step23)、ことにより行うことができる。なお、Step21の要求にクライアント装置識別情報が含まれている場合や、その他の方法によりサーバ装置30がクライアント装置20のクライアント装置識別情報を有している場合、サーバ装置30は、このクライアント装置識別情報を、Step3で読み出したSAM装置識別情報に対応付けて、図3に記載するSAM装置管理テーブルに記憶することができる。 (Steps 22 and 23)
Next, the server device 30 selects one second SAM device 42 from the plurality of SAM devices. This selection is made, for example, by the server device 30 receiving the key information identification information from the second user device 12 via the client device 20 (Step 22), and storing the SAM device stored in association with the received key information identification information. The identification information is read from the SAM device management table shown in FIG. 3, the SAM device identified by the read SAM device identification information is selected, and the selected SAM device is mutually authenticated with the second user device 12. The notification can be made (Step 23). When the request in Step 21 includes the client device identification information, or when the server device 30 has the client device identification information of the client device 20 by another method, the server device 30 The information can be stored in the SAM device management table shown in FIG. 3 in association with the SAM device identification information read in Step 3.
(Step24、25)
 次に、選択した一の第2SAM装置42と第2ユーザ装置12との間で第2鍵情報Bを用いて相互認証が行われ、第2セッション鍵が生成される(Step24)。生成された第2セッション鍵は選択した一の第2SAM装置42と第2ユーザ装置12との双方に記憶される。なお、相互認証の完了後、第2SAM装置42は、相互認証が完了した旨をサーバ装置30に対して通知する(Step25)。 (Steps 24 and 25)
Next, mutual authentication is performed between the selected one second SAM device 42 and the second user device 12 using the second key information B, and a second session key is generated (Step 24). The generated second session key is stored in both the selected one of the second SAM devices 42 and the second user device 12. After the completion of the mutual authentication, the second SAM device 42 notifies the server device 30 that the mutual authentication has been completed (Step 25).
(Step26)
 次に、サーバ装置30が、選択した一の第2SAM装置42に対して、クライアント装置20に対して送信するコマンドの暗号化を要求する。例えば、所定のビット列を送信することにより、3,000円を減額するコマンドの暗号化を要求する。 (Step 26)
Next, the server device 30 requests the selected one of the second SAM devices 42 to encrypt a command to be transmitted to the client device 20. For example, by transmitting a predetermined bit string, a request is made to encrypt a command for reducing 3,000 yen.
(Step27)
 次に、選択された一の第2SAM装置42が、要求を受けたコマンドを生成し、これを暗号化する。例えば、選択された一の第2SAM装置42が、3,000円を減額するコマンドを生成し、これをStep24で生成した第2セッション鍵で暗号化する。 (Step 27)
Next, the selected one second SAM device 42 generates the requested command and encrypts it. For example, the selected one second SAM device 42 generates a command for reducing 3,000 yen, and encrypts the command with the second session key generated in Step 24.
(Step28)
 次に、サーバ装置30が、選択した一の第2SAM装置42から暗号化されたコマンドを受信する。 (Step28)
Next, the server device 30 receives the encrypted command from the selected one second SAM device 42.
(Step29)
 次に、サーバ装置30が、暗号化されたコマンドをクライアント装置20を介して第2ユーザ装置12に送信する。 (Step 29)
Next, the server device 30 transmits the encrypted command to the second user device 12 via the client device 20.
(Step30)
 次に、第2ユーザ装置12が、サーバ装置30からクライアント装置20を介して受信したコマンドを復号し、復号したコマンドを実行し、その結果に応じたレスポンスを暗号化し、暗号化されたレスポンスをクライアント装置20を介してサーバ装置30に送信する。これにより、サーバ装置30が、クライアント装置20の通信相手である第2ユーザ装置12から、暗号化されているレスポンスを受信する。第2ユーザ装置12あるいはクライアント装置20は、このレスポンスを含むパケットに、例えば、クライアント装置20を識別するクライアント装置識別情報を含めることができる。 (Step 30)
Next, the second user device 12 decrypts the command received from the server device 30 via the client device 20, executes the decrypted command, encrypts a response according to the result, and transmits the encrypted response. The data is transmitted to the server device 30 via the client device 20. Thereby, the server device 30 receives the encrypted response from the second user device 12 that is the communication partner of the client device 20. The second user device 12 or the client device 20 can include, for example, client device identification information for identifying the client device 20 in the packet including the response.
(Step31)
 次に、サーバ装置30が、先に選択した一の第2SAM装置42と同じ第2SAM装置42を再選択し、再選択した第2SAM装置42に対してクライアント装置20から受信した暗号化されているレスポンスの復号を要求する。この再選択は、受信したレスポンスを含むパケットにクライアント装置識別情報が含まれている場合は、このクライアント装置識別情報に対応付けて記憶されているSAM装置識別情報を図3に記載するSAM装置管理テーブルから読み出し、この読み出したSAM装置識別情報により識別されるSAM装置を選択することにより行うことができる。この要求は、例えば、所定のビット列を送信することにより行うこができる。 (Step 31)
Next, the server device 30 reselects the same second SAM device 42 as the one second SAM device 42 previously selected, and the re-selected second SAM device 42 receives the encrypted SAM received from the client device 20. Request to decrypt the response. In this reselection, when the client device identification information is included in the packet including the received response, the SAM device identification information stored in association with the client device identification information is described in the SAM device management shown in FIG. This can be performed by reading from the table and selecting the SAM device identified by the read SAM device identification information. This request can be made, for example, by transmitting a predetermined bit string.
(Step32)
 次に、再選択した一の第2SAM装置42が、暗号化されているレスポンスを復号する。 (Step32)
Next, the reselected second SAM device 42 decrypts the encrypted response.
(Step33)
 次に、サーバ装置30が、再選択した一の第2SAM装置42から復号されたレスポンスを受信して、これを処理する。この処理には、例えば、図3のSAM装置管理テーブルから、再選択した一の第2SAM装置42を識別するSAM装置識別情報に対応付けて記憶されているクライアント装置識別情報を削除する処理などが含まれ得る。 (Step33)
Next, the server device 30 receives the decrypted response from the reselected second SAM device 42 and processes it. This process includes, for example, a process of deleting the client device identification information stored in association with the SAM device identification information for identifying one reselected second SAM device 42 from the SAM device management table of FIG. May be included.
(Step34)
 次に、サーバ装置30が、3,000円を減額する処理が終了した旨をクライアント装置20に通知する。 (Step 34)
Next, the server device 30 notifies the client device 20 that the process of reducing the 3,000 yen has been completed.
 以上説明した実施形態1に係るシステム1及びサーバ装置30によれば、サービス事業者ごとにSAM装置を割り当てつつ(つまり、1つのSAM装置の中に複数のサービス事業者の鍵情報が混在しないようにしつつ)、異なるサービス事業者と契約などする複数のユーザ装置内のデータを読み書きすることができる。したがって、鍵情報の管理が簡単で、1つのSAM装置内に複数のサービス事業者の鍵情報が混在することによるセキュリティの低下が抑制できるサーバ装置及びシステムを提供することができる。 According to the system 1 and the server device 30 according to the first embodiment described above, the SAM device is assigned to each service provider (that is, key information of a plurality of service providers is not mixed in one SAM device). In addition, it is possible to read and write data in a plurality of user devices that make contracts with different service providers. Therefore, it is possible to provide a server device and a system that can easily manage key information and can suppress a decrease in security due to a mixture of key information of a plurality of service providers in one SAM device.
[SAM装置管理テーブル]
 図3はSAM装置管理テーブルに一例を示す図である。図3に示すように、SAM装置管理テーブルには、SAM装置識別情報と鍵情報識別情報とクライアント装置識別情報とを対応付けて記憶することが可能である。SAM装置識別情報と鍵情報識別情報とはあらかじめ対応付けて記憶されており、当該SAM装置識別情報が識別するSAM装置が選択された場合、当該SAM装置識別情報に対応付けてクライアント装置識別情報が記憶される。当該SAM装置識別情報が識別するSAM装置による処理が終了した場合、当該SAM装置識別情報に対応付けて記憶されているクライアント装置識別情報は削除される。SAM装置管理テーブルは、例えばサーバ装置30の記憶装置に記憶することができる。 [SAM device management table]
FIG. 3 is a diagram showing an example of the SAM device management table. As shown in FIG. 3, the SAM device management table can store SAM device identification information, key information identification information, and client device identification information in association with each other. The SAM device identification information and the key information identification information are stored in association with each other in advance, and when the SAM device identified by the SAM device identification information is selected, the client device identification information is associated with the SAM device identification information. It is memorized. When the processing by the SAM device identified by the SAM device identification information ends, the client device identification information stored in association with the SAM device identification information is deleted. The SAM device management table can be stored in a storage device of the server device 30, for example.
[実施形態2に係るシステム]
 次に、実施形態2に係るシステムについて説明する。実施形態2に係るシステムの構成は実施形態1に係るシステム1と同じであるので説明を省略する。 [System according to Embodiment 2]
Next, a system according to the second embodiment will be described. The configuration of the system according to the second embodiment is the same as that of the system 1 according to the first embodiment, and a description thereof will not be repeated.
[実施形態2に係るシステムの動作例]
 次に、実施形態2に係るシステムの動作例について説明する。実施形態2に係るシステムの動作例は、サーバ装置30により複数のSAM装置の中から一のSAM装置を選択する方法の点で、実施形態1に係るシステム1の動作例と相違する。具体的には、Step2、3、4、22、23、24の点で、実施形態1に係るシステム1の動作例と相違する。以下、図4を参照しつつ、実施形態2に係るシステムの動作例について説明する。図4は、実施形態2に係るシステムの動作例を部分的に示すシーケンス図である。 [Operation Example of System According to Second Embodiment]
Next, an operation example of the system according to the second embodiment will be described. An operation example of the system according to the second embodiment is different from the operation example of the system 1 according to the first embodiment in a method of selecting one SAM device from a plurality of SAM devices by the server device 30. Specifically, the operation differs from the operation example of the system 1 according to the first embodiment in Steps 2, 3, 4, 22, 23, and 24. Hereinafter, an operation example of the system according to the second embodiment will be described with reference to FIG. FIG. 4 is a sequence diagram partially illustrating an operation example of the system according to the second embodiment.
 実施形態1に係るシステム1の動作例では、例えば第1ユーザ装置11がクライアント装置20の通信相手である場合、サーバ装置30が第1ユーザ装置11からクライアント装置20を介して鍵情報識別情報を受信し(Step2)、この受信した鍵情報識別情報に対応付けて記憶されているSAM装置識別情報を図3に記載するSAM装置管理テーブルから読み出し、この読み出したSAM装置識別情報により識別されるSAM装置を選択し、選択されたSAM装置に対して第1ユーザ装置11との相互認証を行うよう通知する(Step3)、ことにより、サーバ装置30が、複数のSAM装置の中から一の第1SAM装置41を選択するものとした。しかし、実施形態2に係るシステムに係る動作例では、サーバ装置30が、複数のSAM装置に含まれる一のSAM装置に対してランダムに、あるいは所定の規則に従って相互認証を要求し、相互認証に成功したSAM装置を、一のSAM装置として複数のSAM装置の中から選択する。例えば、サーバ装置30はまず第2SAM装置42に対して第1ユーザ装置11との相互認証を要求する(Step41)。これにより、第2SAM装置42は第1ユーザ装置11との相互認証を試みるが、共通の鍵情報を記憶していないため、この相互認証は失敗する(Step42)。そこで、サーバ装置30は第1SAM装置41に対して第1ユーザ装置11との相互認証を要求する(Step43)。これにより、第1SAM装置41は第1ユーザ装置11との相互認証を試みるが、共通の鍵情報を記憶しているため、この相互認証は成功する(Step44)。サーバ装置30は、この相互認証が成功したSAM装置を一のSAM装置として選択する。クライアント装置20の通信相手が第2ユーザ装置12である場合も同様に考えることができる。 In the operation example of the system 1 according to the first embodiment, for example, when the first user device 11 is a communication partner of the client device 20, the server device 30 transmits the key information identification information from the first user device 11 via the client device 20. The received SAM device identification information is read from the SAM device management table shown in FIG. 3 and stored in association with the received key information identification information, and the SAM identified by the read SAM device identification information is received (Step 2). By selecting the device and notifying the selected SAM device to perform mutual authentication with the first user device 11 (Step 3), the server device 30 allows the server device 30 to select one first SAM from among the plurality of SAM devices. The device 41 was selected. However, in the operation example according to the system according to the second embodiment, the server device 30 requests mutual authentication for one SAM device included in a plurality of SAM devices at random or in accordance with a predetermined rule. A successful SAM device is selected from a plurality of SAM devices as one SAM device. For example, the server device 30 first requests the second SAM device 42 for mutual authentication with the first user device 11 (Step 41). As a result, the second SAM device 42 attempts mutual authentication with the first user device 11, but the mutual authentication fails because no common key information is stored (Step 42). Then, the server device 30 requests the first SAM device 41 to perform mutual authentication with the first user device 11 (Step 43). As a result, the first SAM device 41 attempts mutual authentication with the first user device 11, but since the common key information is stored, the mutual authentication succeeds (Step 44). The server device 30 selects the SAM device for which the mutual authentication has succeeded as one SAM device. The case where the communication partner of the client device 20 is the second user device 12 can be similarly considered.
 なお、上記した各要求や各データなどは1つのデータからなるものであってもよいし、複数のデータからなるものであってもよい。また、上記した各要求や各データなどの送信は1回の送信で送信されてもよいし、複数の送信に分けて送信されてもよい。同様に、上記した各要求や各データなどの受信は1回の受信で受信されてもよいし、複数の受信に分けて受信されてもよい。また、「ある要求XやあるデータYがあるデータZを含む」には、当該要求Xや当該データYが当該データZそのものを含む場合のほか、当該データZを特定することができる当該データZそのものではないデータを含む場合が含まれるものとする。 Note that each of the above-mentioned requests and data may be composed of one data, or may be composed of a plurality of data. Further, transmission of each request and each data described above may be transmitted by one transmission, or may be transmitted by dividing into a plurality of transmissions. Similarly, the reception of each request or each data described above may be received in one reception, or may be received in a plurality of receptions. In addition, “a certain request X or certain data Y includes certain data Z” includes not only a case where the request X or the data Y includes the data Z itself but also a case where the data Z which can specify the certain data Z is included. It is assumed that the case includes data other than the data itself.
 また、上記の実施形態では、サーバ装置30が第1SAM装置41や第2SAM装置42に対してコマンドの作成とその暗号化を要求したが、コマンドの作成はサーバ装置30が行ってもよい。つまり、サーバ装置30がコマンドを作成し、この作成したコマンドを第1SAM装置41や第2SAM装置42に対して送信し、第1SAM装置41や第2SAM装置42はサーバ装置30から受信したコマンドを暗号化し、サーバ装置30に送り返してもよい。 In the above embodiment, the server device 30 requests the first SAM device 41 and the second SAM device 42 to create a command and encrypt the command. However, the server device 30 may create the command. That is, the server device 30 creates a command, transmits the created command to the first SAM device 41 and the second SAM device 42, and the first SAM device 41 and the second SAM device 42 encrypt the command received from the server device 30. May be sent back to the server device 30.
 以上、実施形態について説明したが、これらの説明によって特許請求の範囲に記載された構成は何ら限定されるものではない。 Although the embodiments have been described above, the descriptions described in the claims do not limit the configurations described in the claims.
1  システム
11 第1ユーザ装置
12 第2ユーザ装置
20 クライアント装置
30 サーバ装置
41 第1SAM装置
42 第2SAM装置
NW ネットワーク
  1 System 11 First User Device 12 Second User Device 20 Client Device 30 Server Device 41 First SAM Device 42 Second SAM Device NW Network

Claims (5)

  1.  第1鍵情報を記憶する少なくとも1つの第1ユーザ装置と、
     第2鍵情報を記憶する少なくとも1つの第2ユーザ装置と、
     前記第1ユーザ装置及び前記第2ユーザ装置のいずれとも近距離無線通信を行うことが可能なクライアント装置と、
     前記クライアント装置にネットワークを介して接続されるサーバ装置と、
     前記サーバ装置に接続され、前記第1鍵情報を記憶する少なくとも1つの第1SAM装置と前記第2鍵情報を記憶する少なくとも1つの第2SAM装置とを含む複数のSAM装置と、
     を備えたシステムにおける前記サーバ装置であって、
     前記クライアント装置の通信相手が前記第1ユーザ装置である場合は、
     前記複数のSAM装置の中から一の前記第1SAM装置を選択し、
     前記選択した一の前記第1SAM装置に対してコマンドの暗号化を要求し、
     前記選択した一の前記第1SAM装置から前記暗号化されたコマンドを受信して、これを前記クライアント装置を介して前記第1ユーザ装置に対して送信し、
     前記第1ユーザ装置から前記クライアント装置を介して暗号化されているレスポンスを受信し、
     前記選択した一の前記第1SAM装置と同じ一の前記第1SAM装置を再選択し、前記再選択した一の前記第1SAM装置に対して前記受信した暗号化されているレスポンスの復号を要求し、
     前記再選択した一の前記第1SAM装置から復号された前記レスポンスを受信して、これを処理し、
     前記クライアント装置の通信相手が前記第2ユーザ装置である場合は、
     前記複数のSAM装置の中から一の前記第2SAM装置を選択し、
     前記選択した一の前記第2SAM装置に対してコマンドの暗号化を要求し、
     前記選択した一の前記第2SAM装置から前記暗号化されたコマンドを受信して、これを前記クライアント装置を介して前記第2ユーザ装置に対して送信し、
     前記第2ユーザ装置から前記クライアント装置を介して暗号化されているレスポンスを受信し、
     前記選択した一の前記第2SAM装置と同じ一の前記第2SAM装置を再選択し、前記再選択した一の前記第2SAM装置に対して前記受信した暗号化されているレスポンスの復号を要求し、
     前記再選択した一の前記第2SAM装置から復号された前記レスポンスを受信して、これを処理するサーバ装置。     At least one first user device for storing first key information;
    At least one second user device for storing second key information;
    A client device capable of performing short-range wireless communication with any of the first user device and the second user device;
    A server device connected to the client device via a network,
    A plurality of SAM devices connected to the server device and including at least one first SAM device storing the first key information and at least one second SAM device storing the second key information;
    The server device in a system comprising:
    When the communication partner of the client device is the first user device,
    Selecting one of the first SAM devices from the plurality of SAM devices;
    Requesting the selected one of the first SAM devices to encrypt a command,
    Receiving the encrypted command from the selected one of the first SAM devices and transmitting the encrypted command to the first user device via the client device;
    Receiving an encrypted response from the first user device via the client device;
    Reselecting the same one of the first SAM devices as the selected one of the first SAM devices, and requesting the reselected one of the first SAM devices to decrypt the received encrypted response;
    Receiving the decrypted response from the reselected one of the first SAM devices and processing it;
    When the communication partner of the client device is the second user device,
    Selecting one of the second SAM devices from the plurality of SAM devices;
    Requesting the selected one of the second SAM devices to encrypt a command,
    Receiving the encrypted command from the selected one of the second SAM devices and transmitting the encrypted command to the second user device via the client device;
    Receiving an encrypted response from the second user device via the client device;
    Reselecting the same one second SAM device as the selected one second SAM device, requesting the reselected one second SAM device to decrypt the received encrypted response,
    A server device that receives the decoded response from the reselected one of the second SAM devices and processes the response.
  2.  請求項1に記載のサーバ装置であって、
     前記第1ユーザ装置は、
     第1データを記憶し、
     前記サーバ装置から前記クライアント装置を介して前記第1SAM装置により暗号化されたコマンドを受信した場合、前記受信したコマンドを復号し、前記復号したコマンドを実行し、その結果に応じたレスポンスを暗号化して前記クライアント装置を介して前記サーバ装置に対して送信し、
     前記第2ユーザ装置は、
     第2データを記憶し、
     前記サーバ装置から前記クライアント装置を介して前記第2SAM装置により暗号化されたコマンドを受信した場合、前記受信したコマンドを復号し、前記復号したコマンドを実行し、その結果に応じたレスポンスを暗号化して前記クライアント装置を介して前記サーバ装置に対して送信するサーバ装置。     The server device according to claim 1, wherein
    The first user device comprises:
    Storing the first data,
    When receiving a command encrypted by the first SAM device from the server device via the client device, decrypts the received command, executes the decrypted command, and encrypts a response according to the result. Transmitted to the server device via the client device,
    The second user device includes:
    Storing the second data,
    When a command encrypted by the second SAM device is received from the server device via the client device, the received command is decrypted, the decrypted command is executed, and a response corresponding to the result is encrypted. Server device for transmitting to the server device via the client device.
  3.  請求項1または2に記載のサーバ装置であって、
     前記クライアント装置は、
     前記サーバ装置に対して前記コマンドの送信を要求する場合、クライアント装置識別情報と鍵情報識別情報とを前記サーバ装置に対して送信し、
     前記サーバ装置は、
     前記複数のSAM装置それぞれを識別する複数のSAM識別情報と、前記複数のSAM装置それぞれが記憶する鍵情報の鍵情報識別情報と、を対応付けて記憶する記憶装置を備え、
     前記クライアント装置から前記コマンドの送信を要求された場合、前記記憶装置に記憶されている複数のSAM識別情報の中から、いずれのクライアント装置識別情報も対応付けて記憶されておらず、且つ、前記受信した鍵情報識別情報が対応付けて記憶されているSAM識別情報を選択し、前記選択したSAM識別情報により識別される一のSAM装置に対して、前記送信の要求を受けたコマンドの暗号化を要求し、
     前記受信したクライアント装置識別情報を前記選択したSAM識別情報に対応付けて前記記憶装置に記憶するサーバ装置。     The server device according to claim 1 or 2,
    The client device,
    When requesting the server device to transmit the command, transmitting client device identification information and key information identification information to the server device,
    The server device,
    A storage device that stores a plurality of SAM identification information for identifying each of the plurality of SAM devices and key information identification information of key information stored in each of the plurality of SAM devices in association with each other;
    When the transmission of the command is requested from the client device, from among the plurality of SAM identification information stored in the storage device, no client device identification information is stored in association with the SAM identification information, and the Selecting the SAM identification information in which the received key information identification information is stored in association with the received SAM identification information, and encrypting the command requested to be transmitted to one SAM device identified by the selected SAM identification information; Request,
    A server device that stores the received client device identification information in the storage device in association with the selected SAM identification information.
  4.  請求項3に記載のサーバ装置であって、
     前記クライアント装置は、
     前記サーバ装置に対して前記暗号化されたレスポンスを送信した場合、クライアント装置識別情報と鍵情報識別情報とを前記サーバ装置に対して送信し、
     前記サーバ装置は、
     前記クライアント装置から前記暗号化されたレスポンスを受信した場合、前記記憶装置に記憶されている複数のSAM識別情報の中から、前記受信したクライアント装置識別情報が対応付けて記憶されているSAM識別情報を選択し、前記選択したSAM識別情報により識別される一のSAM装置に対して、前記受信したレスポンスの復号を要求するサーバ装置。     The server device according to claim 3, wherein
    The client device,
    When transmitting the encrypted response to the server device, transmitting client device identification information and key information identification information to the server device,
    The server device,
    When the encrypted response is received from the client device, the SAM identification information stored in association with the received client device identification information from among the plurality of SAM identification information stored in the storage device. And a server device that requests one SAM device identified by the selected SAM identification information to decode the received response.
  5.  請求項1から4のいずれか1項に記載のサーバ装置と、前記サーバ装置に接続された前記複数のSAM装置と、前記サーバ装置にネットワークを介して接続された前記クライアント装置と、を備えたシステム。
          The server device according to claim 1, the plurality of SAM devices connected to the server device, and the client device connected to the server device via a network. system.
PCT/JP2018/023928 2018-06-25 2018-06-25 Server device and system WO2020003337A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/023928 WO2020003337A1 (en) 2018-06-25 2018-06-25 Server device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2018/023928 WO2020003337A1 (en) 2018-06-25 2018-06-25 Server device and system

Publications (1)

Publication Number Publication Date
WO2020003337A1 true WO2020003337A1 (en) 2020-01-02

Family

ID=68984722

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/023928 WO2020003337A1 (en) 2018-06-25 2018-06-25 Server device and system

Country Status (1)

Country Link
WO (1) WO2020003337A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005198205A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system
JP2010165125A (en) * 2009-01-14 2010-07-29 Sony Corp Information processor, information processing method, and program
CN104899532A (en) * 2015-05-20 2015-09-09 李明 Method, apparatus and system for acquiring identity card information
JP6261065B1 (en) * 2017-06-12 2018-01-17 Quadrac株式会社 Relay device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005198205A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system
JP2010165125A (en) * 2009-01-14 2010-07-29 Sony Corp Information processor, information processing method, and program
CN104899532A (en) * 2015-05-20 2015-09-09 李明 Method, apparatus and system for acquiring identity card information
JP6261065B1 (en) * 2017-06-12 2018-01-17 Quadrac株式会社 Relay device and system

Similar Documents

Publication Publication Date Title
US10333721B2 (en) Secure information transmitting system and method for personal identity authentication
US20210312433A1 (en) Systems and methods for code display and use
US11611543B1 (en) Wireless peer to peer mobile wallet connections
JP6531092B2 (en) How to secure wireless communication between a mobile application and a gateway
CN101164086B (en) Methods, system and mobile device capable of enabling credit card personalization using a wireless network
CN107111500B (en) Wireless provisioning of application libraries
JP3933003B2 (en) IC card and payment terminal
KR20190126343A (en) Static Token System and Method for Displaying Dynamic Real Credentials
JP6482601B2 (en) Management of secure transactions between electronic devices and service providers
US20160267280A1 (en) Mutual authentication of software layers
CN107077670A (en) Transaction message is sent
US9471916B2 (en) Wireless establishment of identity via bi-directional RFID
JP2022502888A (en) Systems and methods for cryptographic authentication of non-contact cards
JP2017537421A (en) How to secure payment tokens
KR102574524B1 (en) Remote transaction system, method and point of sale terminal
AU2021215207B2 (en) Mid-range reader interactions
JP2022501873A (en) Systems and methods for cryptographic authentication of non-contact cards
JP5391743B2 (en) Payment processing security information distribution method, payment processing security information distribution system, center device thereof, server device, payment terminal, and program
Urien et al. Secure mobile payments based on cloud services: Concepts and experiments
WO2020003337A1 (en) Server device and system
KR102395871B1 (en) A payment terminal apparatus for providing multi van services using a distributed management network of encryption key based on block chains
JP6801448B2 (en) Electronic information storage media, authentication systems, authentication methods, and authentication application programs
CN117057798A (en) Quantum security digital currency wallet opening method and device
KR20150144361A (en) Method for Processing Payment by using 2-channel Authentication Coupled End-To-End Medium Ownership Authentication and One Time Code Authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18925020

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18925020

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP