WO2024063047A1 - Mobile communication apparatus - Google Patents

Mobile communication apparatus Download PDF

Info

Publication number
WO2024063047A1
WO2024063047A1 PCT/JP2023/033881 JP2023033881W WO2024063047A1 WO 2024063047 A1 WO2024063047 A1 WO 2024063047A1 JP 2023033881 W JP2023033881 W JP 2023033881W WO 2024063047 A1 WO2024063047 A1 WO 2024063047A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communication
information
private key
smartphone
share
Prior art date
Application number
PCT/JP2023/033881
Other languages
French (fr)
Japanese (ja)
Inventor
純 赤沼
懇辰 前嶋
雅浩 福田
重徳 薄井
Original Assignee
株式会社Nttドコモ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Nttドコモ filed Critical 株式会社Nttドコモ
Publication of WO2024063047A1 publication Critical patent/WO2024063047A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers

Definitions

  • the present invention relates to a mobile communication terminal used for utilizing cryptographic assets.
  • One embodiment of the present invention has been made in consideration of the above, and aims to provide a mobile communications terminal that can be used to utilize cryptographic assets such as private keys and can also safely store confidential information that should be kept secret.
  • a mobile communication terminal is used for the use of cryptographic assets and is equipped with a subscriber authentication module that stores subscriber information used for mobile communication.
  • the mobile communication terminal is capable of configuring a mobile communication terminal, and includes an acquisition unit that acquires a plurality of pieces of divided information in which confidential information that is used for the use of crypto assets and that should be kept confidential is divided, and a mobile communication terminal that acquires a plurality of pieces of divided information obtained by the acquisition unit.
  • a storage section that stores one of the divided information in the subscriber authentication module and one of the divided information in a storage area of the own terminal other than the subscriber authentication module, and a plurality of pieces of divided information that are stored in different storage areas depending on the storage section. and a utilization unit that generates confidential information from the cryptographic asset and uses it to utilize the cryptographic asset.
  • post-divided information can be stored in a plurality of independent storage areas. As a result, confidential information can be safely held.
  • confidential information such as a private key that is used for the use of cryptographic assets and that should be kept secret can be safely held.
  • FIG. 1 is a diagram showing the configuration of a smartphone that is a mobile communication terminal according to an embodiment of the present invention, and the configuration of a system including the smartphone.
  • 2 is a graph showing an example of a private key and multiple shares.
  • 2 is a flowchart showing a process executed when a share is stored in a storage area in a smartphone, which is a mobile communication terminal according to an embodiment of the present invention.
  • 2 is a flowchart showing a process executed when a private key is used in a smartphone, which is a mobile communication terminal according to an embodiment of the present invention.
  • FIG. 1 is a diagram showing a hardware configuration of a smartphone which is a mobile communication terminal according to an embodiment of the present invention.
  • FIG. 1 shows a smartphone 10 that is a mobile communication terminal according to this embodiment.
  • the smartphone 10 is a mobile communication terminal that performs mobile communication in a mobile communication network (by connecting to the mobile communication network).
  • the mobile communication terminal according to this embodiment may be a mobile communication terminal other than the smartphone 10.
  • the smartphone 10 can include a SIM (Subscriber Identity Module) 20 that is a subscriber authentication module that stores subscriber information (profile) used for mobile communication.
  • SIM20 may be detachable from smartphone 10.
  • the subscriber information includes, for example, MSISDN (Mobile Subscriber ISDN Number, telephone number), IMSI (International Mobile Subscriber Identity), which is information provided by the carrier of the mobile communication network, and authentication information.
  • the smartphone 10 performs mobile communication using information stored in a SIM 20 attached to the smartphone 10.
  • a conventional SIM may be used.
  • mobile communication using the information stored in the SIM 20 may be performed in the same manner as in the past.
  • the subscriber authentication module may be other than the SIM 20 as long as it is attached to a mobile communication terminal and stores subscriber information used for mobile communication.
  • the smartphone 10 is also used to use crypto assets (virtual currencies). Specifically, the smartphone 10 is a wallet for crypto assets. For example, a wallet application is installed and executed on the smartphone 10, so that the smartphone 10 becomes a wallet for crypto assets.
  • the crypto assets used by the smartphone 10 may be the same as conventional ones, such as Ethereum, Solana, and Polkadot (crypto assets used on these platforms).
  • Confidential information is used when using crypto assets.
  • Confidential information is information that should be kept secret from anyone other than the owner of the cryptographic asset, ie, the user of the smartphone 10.
  • the confidential information is, for example, a private key.
  • the private key is information for each crypto asset (for example, for each type of crypto asset or account). If the private key is leaked, there is a risk that the crypto assets will be used illegally. Since there is usually no centralized administrator for crypto assets, accounts cannot be suspended or restored by anyone other than the owner of the crypto assets. Therefore, if the private key is leaked, it is impossible to prevent unauthorized use of the cryptographic asset. As will be described later, the smartphone 10 has a function according to this embodiment for safely holding confidential information.
  • the function may be realized by, for example, the above-mentioned wallet application, or may be realized by something else.
  • the confidential information targeted by the function according to this embodiment is a private key, it may be confidential information other than the private key (for example, a secret recovery phrase).
  • the smartphone 10 may have functions provided in conventional mobile communication terminals such as conventional smartphones. Furthermore, the smartphone 10 may have the functions of a conventional crypto asset wallet.
  • the smartphone 10 implements the functions according to the present embodiment using a plurality of storage areas.
  • One of the plurality of storage areas is SIM 20 installed in smartphone 10.
  • SIM 20 installed in smartphone 10.
  • a secure element 20a included in the SIM 20 is used for the functions according to this embodiment.
  • a storage area of the SIM 20 other than the secure element 20a may be used as a storage area used for the function according to this embodiment.
  • One of the multiple storage areas is a storage area provided in the main body of the smartphone 10.
  • it is an application storage area 11 used for a wallet application, which is a preset part of the storage area provided in the main body of the smartphone 10.
  • a storage area provided in the main body of the smartphone 10 other than those described above may be used as a storage area used for the function according to the present embodiment.
  • storage areas other than the above two may be used for the functions according to this embodiment.
  • the smartphone 10 includes an acquisition unit 12, a storage unit 13, and a usage unit 14 as functional units.
  • the acquisition unit 12 is a functional unit that acquires a plurality of pieces of divided information obtained by dividing confidential information that is used for the use of cryptographic assets and is to be kept confidential.
  • the acquisition unit 12 may acquire confidential information and divide the acquired confidential information into a plurality of pieces of divided information.
  • the confidential information is a private key.
  • the acquisition unit 12 acquires the private key using a conventional method. For example, when the user of the smartphone 10 uses a cryptographic asset for the first time, the user obtains a private key from a server (not shown) that is an issuer of the cryptographic asset. Note that the private key is paired with a public key, and the acquisition unit 12 also acquires the public key paired with the private key. Note that the public key may be used in the same manner as conventional public keys when using cryptographic assets.
  • the divided information is obtained by dividing confidential information and is used to generate confidential information.
  • a preset number of divided information is generated by dividing the confidential information.
  • the information after the private key has been divided is called a share.
  • the secret key can be generated (regenerated) from a preset number of different shares (note that this number does not have to match the number of post-division information).
  • a private key cannot be generated from less than a preset number of shares.
  • three shares are generated from a private key, and a private key can be generated from any two of the shares.
  • the private key is, for example, a string of numbers and can be treated as a number.
  • Each share is, for example, a coordinate in a two-dimensional coordinate space.
  • FIG. 2(a) shows an example of the secret key and multiple shares in this case.
  • the y-intercept which is the y-coordinate of the coordinate (0, b) of the intersection of the above-mentioned straight line with the y-axis, becomes the numerical value b of the secret key. If the coordinates of the two shares can be known, a straight line can be calculated, and its y-intercept can be calculated as the value b of the private key.
  • the acquisition unit 12 generates a plurality of shares from the acquired private key using a method stored in advance. For example, the acquisition unit 12 generates a plurality of shares as follows using Shamir's threshold method (low-dimensional example). The acquisition unit 12 sets a predetermined coordinate on the two-dimensional space as a key share, which is one of the plurality of shares to be generated. The key share coordinates may be selected at random or may be calculated based on preset calculation rules. The acquisition unit 12 uses the numerical value b of the private key as the y-intercept and calculates a straight line passing through the coordinates of the key shares.
  • Shamir's threshold method low-dimensional example
  • the acquisition unit 12 sets the coordinates of two different points on the calculated straight line, other than the coordinates of the key share and the y-intercept, as shares (for example, share A and share A' in FIG. 2A).
  • the coordinates to be shared on the straight line may be selected at random, or may be calculated based on preset calculation rules.
  • the acquisition unit 12 acquires the share of the private key for each cryptographic asset. For example, when using three types of cryptographic assets, cryptographic asset A, cryptographic asset B, and cryptographic asset C on the smartphone 10, as shown in FIG. 1, the corresponding private key A, private key B, and private key Obtain the share of C.
  • the acquisition unit 12 outputs the generated shares (for example, the three shares of the key share, share A, and share A' in FIG. 2(a)) to the storage unit 13. Further, the acquisition unit 12 discards the private key after generating the share. For example, the usage unit 14 deletes the private key on the storage area of the smartphone 10. Prevent leakage of the private key by destroying the private key. Further, by discarding the private key, it becomes necessary to generate the private key from a plurality of shares when the private key is subsequently used, that is, when using cryptographic assets.
  • the generated shares for example, the three shares of the key share, share A, and share A' in FIG. 2(a)
  • the splitting of the private key does not necessarily have to be performed as described above, and may be performed using a method other than the above.
  • the secret key and share do not need to be a string of numbers and coordinates as described above, and may be anything as long as a secret key can be generated from a plurality of shares.
  • the storage unit 13 is a functional unit that stores any of the divided information acquired by the acquisition unit 12 in the subscriber authentication module, and stores any of the divided information in the storage area of its own terminal other than the subscriber authentication module. be.
  • the storage unit 13 may store any of the divided information in a device on a mobile communication network related to mobile communication using the subscriber authentication module.
  • the storage unit 13 stores shares, which are post-division information, in the storage area as follows.
  • the storage unit 13 inputs a plurality of shares from the acquisition unit 12.
  • the storage unit 13 stores one of the input shares other than the key share (for example, share A shown in FIG. 1) in the secure element 20a of the SIM 20.
  • the storage unit 13 stores shares other than the key share and the share stored in the secure element 20a of the SIM 20 (for example, share A' shown in FIG. 1) in the application storage area 11. Note that when storing shares in each of the storage areas 20a and 11, it is possible to determine which cryptographic asset's private key the stored share corresponds to (the same applies below).
  • the storage unit 13 transmits key shares other than the shares stored in the secure element 20a of the SIM 20 and the application storage area 11 to the wallet management server 30, and stores the key shares in the wallet management server 30.
  • the wallet management server 30 is a device on a mobile communication network related to mobile communication using the SIM 20.
  • the wallet management server 30 receives and stores the key share sent from the smartphone 10.
  • the wallet management server 30 is provided by a carrier of the mobile communication network.
  • the shares stored in the wallet management server 30 do not need to be key shares, and may be shares other than key shares.
  • the key share may be stored in either the secure element 20a of the SIM 20 or the application storage area 11.
  • the utilization unit 14 is a functional unit that generates confidential information from a plurality of pieces of divided information stored in different storage areas by the storage unit 13 and uses it to utilize the cryptographic asset.
  • the utilization unit 14 may discard the generated confidential information after using it for the use of the cryptographic asset.
  • the utilization unit 14 generates a private key, which is confidential information, as described below and uses it to utilize the cryptographic asset.
  • cryptographic assets in this embodiment is, for example, payment using cryptographic assets for services, NFTs (non-fungible tokens), etc., that is, remittance to another wallet address.
  • cryptographic assets may be used for purposes other than those described above.
  • the utilization unit 14 inputs a trigger for the use of cryptographic assets.
  • the utilization unit 14 inputs a trigger for payment using crypto assets.
  • the trigger for the use of cryptographic assets is, for example, a user's operation on the smartphone 10. Further, the trigger may be other than that.
  • the usage unit 14 may input information specifying the cryptographic asset to be used in conjunction with the trigger.
  • the usage unit 14 reads out the shares related to the cryptographic assets to be used from the secure element 20a of the SIM 20 and the application storage area 11, respectively.
  • the utilization unit 14 generates a private key from each read share.
  • Generating a private key from a plurality of shares may be performed using a method corresponding to the method for generating shares from a private key.
  • a straight line may be calculated from the coordinates of the share, and the y-intercept of the straight line may be used as the private key. Note that the generation of a private key from a share does not necessarily have to be performed as described above, and may be performed using a method other than the above.
  • the usage unit 14 uses the generated private key to use the cryptographic asset.
  • the utilization unit 14 transmits the generated private key to the server 40 to which the cryptographic asset is paid.
  • the server 40 is provided for each type of cryptographic asset used as a service of the Web 3 (for example, for each cryptographic asset A, cryptographic asset B, and cryptographic asset C shown in FIG. 1). Note that when using cryptographic assets, the usage unit 14 may use the private key in the same manner as in the past, including the above-mentioned aspects.
  • the usage unit 14 discards the generated private key when the use of the cryptographic asset is finished. For example, the usage unit 14 deletes the private key on the storage area of the smartphone 10. The utilization unit 14 also discards the share on the storage area of the smartphone 10 (other than the secure element 20a of the SIM 20 and the application storage area 11) that has been read out for use in generating the private key. Note that the share may be discarded at the time the private key is generated. The usage unit 14 generates a private key every time it is used. During a time period when the private key is not used, the smartphone 10 stores only the share of the secure element 20a of the SIM 20 and the application storage area 11 as information related to the private key.
  • the generation of the share by the acquisition unit 12 and the storage by the storage unit 13 are performed, for example, when acquiring the private key from the server of the crypto asset issuer, but they may be performed at other times. Good too. Further, the private key used to generate a new share at this time may be generated from a share that has been generated for the private key in the past and stored in the storage area.
  • the acquisition unit 12 uses the same method as the usage unit 14 to transfer the shares to the secure SIM 20.
  • the private key is read from the element 20a and the application storage area 11, respectively, and a private key is generated and acquired.
  • the acquisition unit 12 generates a share from the acquired private key in the same manner as described above. Note that when regenerating a share, the regenerated share is different from the old share. For example, when generating shares using the method described in FIG. 2(a), each share may be generated by generating a key share different from the old key share as shown in FIG. 2(b).
  • the storage unit 13 also stores the shares generated by the acquisition unit 12 in the storage area in the same manner as described above.
  • the regeneration and re-storage of the shares may be performed, for example, in accordance with an operation by the user of the smartphone 10, an external operation, or certain conditions set in the smartphone 10.
  • all old shares are deleted from the storage area.
  • the share may be regenerated in the other smartphone 10.
  • the acquisition unit 12 of the other smartphone 10 reads the share from the secure element 20a of the SIM 20.
  • the acquisition unit 12 of the other smartphone 10 accesses the wallet management server 30 through mobile communication using the SIM 20 and reads out the key share stored in the wallet management server 30.
  • the acquisition unit 12 of the other smartphone 10 generates and acquires a private key from the read shares and key shares.
  • the acquisition unit 12 of the other smartphone 10 generates a share from the acquired private key in the same manner as described above.
  • the storage unit 13 of the other smartphone 10 stores the share generated by the acquisition unit 12 in the secure element 20a of the SIM 20 of the other smartphone 10, the application storage area 11, and the wallet management server 30.
  • the private key can be regenerated from the key share and the share stored in the secure element 20a of the SIM 20. Therefore, as long as there is a SIM 20 in which the share is stored, even if the smartphone 10 is changed as described above, for example, due to a model change, the private key can be regenerated and the cryptographic assets can be used.
  • the acquisition unit 12 acquires a private key and generates and acquires a share.
  • the acquisition unit 12 may acquire only the share from the outside without acquiring the private key.
  • the wallet management server 30 obtains a private key for the user of the smartphone 10 and generates a share from the private key in the same manner as described above.
  • Wallet management server 30 transmits the generated share to smartphone 10.
  • the acquisition unit 12 receives and acquires the transmitted shares.
  • the device that transmits shares to the smartphone 10 may be a device other than the wallet management server 30.
  • the key share may be stored in the wallet management server 30 without being sent to the smartphone 10.
  • the acquired and generated private key may not be output in a format that can be recognized by the user.
  • the private key may not be displayed on the smartphone 10. If the user cannot recognize the private key in this way, it is possible to prevent the private key from being artificially leaked.
  • the above are the functions of the smartphone 10 according to this embodiment.
  • the process executed by the smartphone 10, which is the mobile communication terminal according to the present embodiment will be explained using the flowcharts of FIGS. 3 and 4.
  • the process when a share is stored in a storage area will be explained using the flowchart of FIG.
  • this process is performed when the user of the smartphone 10 uses crypto assets for the first time.
  • the acquisition unit 12 acquires a plurality of shares, which are a plurality of pieces of post-division information obtained by dividing a private key, which is confidential information (S01).
  • Acquisition of a plurality of shares may be performed by obtaining a private key and dividing the obtained private key into a plurality of shares, or may be performed by receiving a plurality of shares from the outside. Subsequently, the plurality of shares are respectively stored in different storage areas by the storage unit 13 (S02). Specifically, one share is stored in the secure element 20a of the SIM 20. Further, one share is stored in the application storage area 11. Additionally, the key share is stored in the wallet management server 30. The above is the process when shares are stored in the storage area.
  • This process is performed when using a cryptographic asset, specifically when a trigger for using the cryptographic asset is input to the usage unit 14.
  • the usage unit 14 reads out the shares related to the cryptographic assets to be used from the secure element 20a of the SIM 20 and the application storage area 11 (S11). Subsequently, the usage unit 14 generates a private key from each read share (S12). Subsequently, the usage unit 14 uses the generated private key to use the cryptographic asset (S13). Subsequently, the utilization unit 14 discards the private key used for the cryptographic asset (S14). The above is the process when the private key is used.
  • shares can be stored in the secure element 20a of the SIM 20 and the application storage area 11, which are a plurality of independent storage areas. Even if one share among these multiple shares is stolen, a private key cannot be generated. Storing shares in multiple physically isolated environments in this way serves as a countermeasure against hacking, etc. In this manner, according to this embodiment, the private key, which is confidential information, can be safely held.
  • shares does not necessarily need to be performed as in this embodiment, and may be performed in the SIM 20 and a storage area on the smartphone other than the SIM 20. Furthermore, in the present embodiment, shares are stored in two storage areas, the secure element 20a of the SIM 20 and the application storage area 11, on the smartphone 10, but shares are stored in three or more different storage areas. May be stored. Further, a plurality of shares for one private key may be stored in one storage area.
  • the share may be stored in the wallet management server 30, which is a device on a mobile communication network related to mobile communication using the SIM 20.
  • the share key share
  • the wallet management server 30 can function as a safety net.
  • the private key can be easily generated when the SIM 20 is replaced with another smartphone.
  • the device storing the share may be a device other than the wallet management server 30 as long as it is a device on a mobile communication network related to mobile communication using the SIM 20.
  • the generated share does not necessarily need to be stored in a device on a mobile communication network related to mobile communication using the SIM 20, and may be stored only in the SIM 20 and a storage area on a smartphone other than the SIM 20. good.
  • the private key generated from the share for the use of the cryptographic asset may be discarded after being used for the use of the cryptographic asset.
  • the private key may be acquired in the smartphone 10, and the acquired private key may be divided into multiple shares and acquired. According to this configuration, shares can be generated reliably without the shares being known to others, and the private key, which is confidential information, can be held even more safely. However, it is not necessary for the smartphone 10 to generate shares, and shares may be received and acquired from the outside as described above.
  • each functional block may be realized using one physically or logically coupled device, or may be realized using two or more physically or logically separated devices directly or indirectly (e.g. , wired, wireless, etc.) and may be realized using a plurality of these devices.
  • the functional block may be realized by combining software with the one device or the plurality of devices.
  • Functions include judgment, decision, judgment, calculation, calculation, processing, derivation, investigation, exploration, confirmation, reception, transmission, output, access, resolution, selection, selection, establishment, comparison, assumption, expectation, consideration, These include, but are not limited to, broadcasting, notifying, communicating, forwarding, configuring, reconfiguring, allocating, mapping, and assigning. I can't do it.
  • a functional block (configuration unit) that performs transmission is called a transmitting unit or transmitter. In either case, as described above, the implementation method is not particularly limited.
  • the smartphone 10 in an embodiment of the present disclosure may function as a computer that performs the information processing of the present disclosure.
  • FIG. 5 is a diagram illustrating an example of the hardware configuration of the smartphone 10 according to an embodiment of the present disclosure.
  • the smartphone 10 described above may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like.
  • the hardware configurations of the wallet management server 30 and the server 40 may also be as described here.
  • the word “apparatus” can be read as a circuit, a device, a unit, etc.
  • the hardware configuration of the smartphone 10 may be configured to include one or more of each device shown in the figure, or may be configured without including some of the devices.
  • Each function in the smartphone 10 is implemented by loading predetermined software (programs) onto hardware such as the processor 1001 and memory 1002, so that the processor 1001 performs calculations, controls communication by the communication device 1004, and controls communication between the memory 1002 and the memory 1002. This is realized by controlling at least one of reading and writing data in the storage 1003.
  • the processor 1001 controls the entire computer by operating an operating system, for example.
  • the processor 1001 may be configured by a central processing unit (CPU) that includes interfaces with peripheral devices, a control device, an arithmetic unit, registers, and the like.
  • CPU central processing unit
  • each function of the smartphone 10 described above may be realized by the processor 1001.
  • the processor 1001 reads programs (program codes), software modules, data, etc. from at least one of the storage 1003 and the communication device 1004 to the memory 1002, and executes various processes in accordance with these.
  • programs program codes
  • software modules software modules
  • data etc.
  • the program a program that causes a computer to execute at least part of the operations described in the above embodiments is used.
  • each function in the smartphone 10 may be realized by a control program stored in the memory 1002 and operated in the processor 1001.
  • Processor 1001 may be implemented by one or more chips.
  • the program may be transmitted from a network via a telecommunications line.
  • the memory 1002 is a computer-readable recording medium, and includes at least one of ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), and RAM (Random Access Memory). may be done.
  • Memory 1002 may be called a register, cache, main memory, or the like.
  • the memory 1002 can store executable programs (program codes), software modules, and the like to implement information processing according to an embodiment of the present disclosure.
  • the storage 1003 is a computer-readable recording medium, such as an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, or a magneto-optical disk (for example, a compact disk, a digital versatile disk, or a Blu-ray disk). (registered trademark disk), smart card, flash memory (eg, card, stick, key drive), floppy disk, magnetic strip, etc.
  • Storage 1003 may also be called an auxiliary storage device.
  • the storage medium included in the smartphone 10 may be, for example, a database including at least one of the memory 1002 and the storage 1003, a server, or other appropriate medium.
  • the communication device 1004 is hardware (transmission/reception device) for communicating between computers via at least one of a wired network and a wireless network, and is also referred to as a network device, network controller, network card, communication module, etc., for example.
  • the input device 1005 is an input device (eg, keyboard, mouse, microphone, switch, button, sensor, etc.) that accepts input from the outside.
  • the output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that performs output to the outside. Note that the input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).
  • each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information.
  • the bus 1007 may be configured using a single bus, or may be configured using different buses for each device.
  • the smartphone 10 may also be configured to include hardware such as a microprocessor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a programmable logic device (PLD), or a field programmable gate array (FPGA), and some or all of the functional blocks may be realized by the hardware.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • PLD programmable logic device
  • FPGA field programmable gate array
  • the processor 1001 may be implemented using at least one of these pieces of hardware.
  • LTE Long Term Evolution
  • LTE-A Long Term Evolution-Advanced
  • SUPER 3G IMT-Advanced
  • 4G 4th generation mobile communication system
  • 5G 5th generation mobile communication system
  • FRA Fluture Radio Access
  • NR new Radio
  • W-CDMA registered trademark
  • GSM registered trademark
  • CDMA2000 Code Division Multiple Access 2000
  • UMB Universal Mobile Broadband
  • IEEE 802.11 Wi-Fi (registered trademark)
  • IEEE 802.16 WiMAX (registered trademark)
  • IEEE 802.20 UWB (Ultra-WideBand
  • Bluetooth registered trademark
  • a combination of a plurality of systems may be applied (for example, a combination of at least one of LTE and LTE-A and 5G).
  • the input/output information may be stored in a specific location (for example, memory) or may be managed using a management table. Information etc. to be input/output may be overwritten, updated, or additionally written. The output information etc. may be deleted. The input information etc. may be transmitted to other devices.
  • Judgment may be made using a value expressed by 1 bit (0 or 1), a truth value (Boolean: true or false), or a comparison of numerical values (for example, a predetermined value). (comparison with a value).
  • notification of prescribed information is not limited to being done explicitly, but may also be done implicitly (for example, not notifying the prescribed information). Good too.
  • Software shall be construed broadly to mean instructions, instruction sets, code, code segments, program code, programs, subprograms, software modules, applications, software applications, software packages, routines, subroutines, objects, executable files, threads of execution, procedures, functions, etc., whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise.
  • Software, instructions, information, etc. may also be transmitted and received via a transmission medium.
  • a transmission medium For example, if the software is transmitted from a website, server, or other remote source using at least one of wired technologies (such as coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL)), and/or wireless technologies (such as infrared, microwave), then at least one of these wired and wireless technologies is included within the definition of a transmission medium.
  • wired technologies such as coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL)
  • wireless technologies such as infrared, microwave
  • system and “network” are used interchangeably.
  • information, parameters, etc. described in this disclosure may be expressed using absolute values, relative values from a predetermined value, or using other corresponding information. may be expressed.
  • determining may encompass a wide variety of operations.
  • “Judgment” and “decision” include, for example, judging, calculating, computing, processing, deriving, investigating, looking up, search, and inquiry. (e.g., searching in a table, database, or other data structure), and regarding an ascertaining as a “judgment” or “decision.”
  • judgment and “decision” refer to receiving (e.g., receiving information), transmitting (e.g., sending information), input, output, and access.
  • (accessing) may include considering something as a “judgment” or “decision.”
  • judgment and “decision” refer to resolving, selecting, choosing, establishing, comparing, etc. as “judgment” and “decision”. may be included.
  • judgment and “decision” may include regarding some action as having been “judged” or “determined.”
  • judgment (decision) may be read as “assuming", “expecting", “considering”, etc.
  • connection refers to any connection or coupling, direct or indirect, between two or more elements and to each other. It may include the presence of one or more intermediate elements between two elements that are “connected” or “coupled.”
  • the bonds or connections between elements may be physical, logical, or a combination thereof. For example, "connection” may be replaced with "access.”
  • two elements may include one or more electrical wires, cables, and/or printed electrical connections, as well as in the radio frequency domain, as some non-limiting and non-inclusive examples. , electromagnetic energy having wavelengths in the microwave and optical (both visible and non-visible) ranges.
  • the phrase “based on” does not mean “based solely on” unless explicitly stated otherwise. In other words, the phrase “based on” means both “based only on” and “based at least on.”
  • any reference to elements using the designations "first,” “second,” etc. does not generally limit the amount or order of those elements. These designations may be used in this disclosure as a convenient way to distinguish between two or more elements. Thus, reference to a first and second element does not imply that only two elements may be employed or that the first element must precede the second element in any way.
  • a and B are different may mean “A and B are different from each other.” Note that the term may also mean that "A and B are each different from C”. Terms such as “separate” and “coupled” may also be interpreted similarly to “different.”
  • the mobile communication terminal of the present disclosure has the following configuration.
  • a mobile communication terminal that is used for the use of cryptographic assets and can be equipped with a subscriber authentication module that stores subscriber information used for mobile communication, an acquisition unit that acquires a plurality of pieces of divided information in which confidential information that is used for the use of cryptographic assets and is to be kept secret is divided; a storage unit that stores any of the post-divided information acquired by the acquisition unit in the subscriber authentication module, and stores any of the post-divided information in a storage area of the own terminal other than the subscriber authentication module; a usage unit that generates confidential information from a plurality of pieces of divided information stored in different storage areas by the storage unit and uses it for the use of the cryptographic asset;
  • a mobile communication terminal equipped with A mobile communication terminal equipped with.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephone Function (AREA)

Abstract

The present invention safely retains secret information, such as secret keys, which is used for utilization of crypto-assets and which should be kept secret. A smartphone 10 is a mobile communication terminal that is used for utilization of crypto-assets and that is capable of comprising a SIM 20 which is for use in mobile communication and which is a subscriber authentication module for storing therein subscriber information, the smartphone comprising: an acquisition unit 12 that acquires a plurality of divided information items resulting from division of secret information which is used for utilization of crypto-assets and which should be kept secret; a storage unit 13 that stores, in the SIM 20, a portion of the acquired divided information items, and stores, in a storage region 11 of the terminal other than the SIM 20, another portion of the divided information items; and a utilization unit 14 that generates secret information from the plurality of divided information items stored in various storage regions and uses the secret information for utilization of the crypto-assets.

Description

移動通信端末mobile communication terminal
 本発明は、暗号資産の利用に用いられる移動通信端末に関する。 The present invention relates to a mobile communication terminal used for utilizing cryptographic assets.
 従来、暗号資産(仮想通貨)の利用に用いられる秘密鍵を移動通信端末に記憶させることが提案されている(例えば、特許文献1参照)。 Conventionally, it has been proposed to store a private key used for the use of cryptographic assets (virtual currency) in a mobile communication terminal (for example, see Patent Document 1).
特開2020-35106号公報JP 2020-35106 A
 秘密鍵が漏洩すると暗号資産が他者に不正に引き出されてしまうおそれがある。上記のように秘密鍵を単に移動通信端末に記憶させておくだけでは、必ずしも秘密鍵を安全に保持しているとは言えない。 If the private key is leaked, there is a risk that the crypto assets may be illegally withdrawn by someone else. Simply storing a private key in a mobile communication terminal as described above does not necessarily mean that the private key is held securely.
 本発明の一実施形態は、上記に鑑みてなされたものであり、秘密鍵のような暗号資産の利用に用いられると共に秘匿されるべき秘匿情報を安全に保持することができる移動通信端末を提供することを目的とする。 One embodiment of the present invention has been made in consideration of the above, and aims to provide a mobile communications terminal that can be used to utilize cryptographic assets such as private keys and can also safely store confidential information that should be kept secret.
 上記の目的を達成するために、本発明の一実施形態に係る移動通信端末は、暗号資産の利用に用いられると共に、移動体通信に用いられる加入者情報を記憶する加入者認証モジュールを備えることが可能な移動通信端末であって、暗号資産の利用に用いられると共に秘匿されるべき秘匿情報が分割された複数の分割後情報を取得する取得部と、取得部によって取得された分割後情報の何れかを加入者認証モジュールに、分割後情報の何れかを加入者認証モジュール以外の自端末の記憶領域にそれぞれ記憶させる記憶部と、記憶部によって異なる記憶領域に記憶された複数の分割後情報から秘匿情報を生成して暗号資産の利用に用いる利用部と、を備える。 In order to achieve the above object, a mobile communication terminal according to an embodiment of the present invention is used for the use of cryptographic assets and is equipped with a subscriber authentication module that stores subscriber information used for mobile communication. The mobile communication terminal is capable of configuring a mobile communication terminal, and includes an acquisition unit that acquires a plurality of pieces of divided information in which confidential information that is used for the use of crypto assets and that should be kept confidential is divided, and a mobile communication terminal that acquires a plurality of pieces of divided information obtained by the acquisition unit. A storage section that stores one of the divided information in the subscriber authentication module and one of the divided information in a storage area of the own terminal other than the subscriber authentication module, and a plurality of pieces of divided information that are stored in different storage areas depending on the storage section. and a utilization unit that generates confidential information from the cryptographic asset and uses it to utilize the cryptographic asset.
 本発明の一実施形態に係る移動通信端末によれば、複数の独立した記憶領域に分割後情報を記憶させることができる。その結果、秘匿情報を安全に保持することができる。 According to the mobile communication terminal according to an embodiment of the present invention, post-divided information can be stored in a plurality of independent storage areas. As a result, confidential information can be safely held.
 本発明の一実施形態によれば、秘密鍵のような暗号資産の利用に用いられると共に秘匿されるべき秘匿情報を安全に保持することができる。 According to an embodiment of the present invention, confidential information such as a private key that is used for the use of cryptographic assets and that should be kept secret can be safely held.
本発明の実施形態に係る移動通信端末であるスマートフォンの構成、及びスマートフォンを含むシステムの構成を示す図である。1 is a diagram showing the configuration of a smartphone that is a mobile communication terminal according to an embodiment of the present invention, and the configuration of a system including the smartphone. 秘密鍵及び複数のシェアの例を示すグラフである。2 is a graph showing an example of a private key and multiple shares. 本発明の実施形態に係る移動通信端末であるスマートフォンで、シェアが記憶領域に記憶される際に実行される処理を示すフローチャートである。2 is a flowchart showing a process executed when a share is stored in a storage area in a smartphone, which is a mobile communication terminal according to an embodiment of the present invention. 本発明の実施形態に係る移動通信端末であるスマートフォンで、秘密鍵が利用される際に実行される処理を示すフローチャートである。2 is a flowchart showing a process executed when a private key is used in a smartphone, which is a mobile communication terminal according to an embodiment of the present invention. 本発明の実施形態に係る移動通信端末であるスマートフォンのハードウェア構成を示す図である。FIG. 1 is a diagram showing a hardware configuration of a smartphone which is a mobile communication terminal according to an embodiment of the present invention.
 以下、図面と共に本発明に係る移動通信端末の実施形態について詳細に説明する。なお、図面の説明においては同一要素には同一符号を付し、重複する説明を省略する。 Hereinafter, embodiments of a mobile communication terminal according to the present invention will be described in detail with reference to the drawings. In addition, in the description of the drawings, the same elements are denoted by the same reference numerals, and redundant description will be omitted.
 図1に本実施形態に係る移動通信端末であるスマートフォン10を示す。スマートフォン10は、移動体通信網において(移動体通信網に接続して)移動体通信を行う移動通信端末である。なお、本実施形態に係る移動通信端末は、スマートフォン10以外の移動通信端末であってもよい。 FIG. 1 shows a smartphone 10 that is a mobile communication terminal according to this embodiment. The smartphone 10 is a mobile communication terminal that performs mobile communication in a mobile communication network (by connecting to the mobile communication network). Note that the mobile communication terminal according to this embodiment may be a mobile communication terminal other than the smartphone 10.
 スマートフォン10は、移動体通信に用いられる加入者情報(プロファイル)を記憶する加入者認証モジュールであるSIM(Subscriber Identity Module)20を備えることが可能である。SIM20は、スマートフォン10に対して着脱可能となっていてもよい。加入者情報は、例えば、移動体通信網の通信事業者から提供された情報であるMSISDN(Mobile Subscriber ISDN Number、電話番号)、IMSI(International Mobile Subscriber Identity)及び認証用の情報等である。スマートフォン10は、自身に装着されるSIM20に記憶された情報を用いて移動体通信を行う。SIM20としては、従来のSIMが用いられればよい。また、SIM20に記憶された情報を用いた移動体通信も、従来と同様に行われればよい。なお、加入者認証モジュールは、移動通信端末に装着されると共に移動体通信に用いられる加入者情報を記憶するものであればSIM20以外であってもよい。 The smartphone 10 can include a SIM (Subscriber Identity Module) 20 that is a subscriber authentication module that stores subscriber information (profile) used for mobile communication. SIM20 may be detachable from smartphone 10. The subscriber information includes, for example, MSISDN (Mobile Subscriber ISDN Number, telephone number), IMSI (International Mobile Subscriber Identity), which is information provided by the carrier of the mobile communication network, and authentication information. The smartphone 10 performs mobile communication using information stored in a SIM 20 attached to the smartphone 10. As the SIM 20, a conventional SIM may be used. Furthermore, mobile communication using the information stored in the SIM 20 may be performed in the same manner as in the past. Note that the subscriber authentication module may be other than the SIM 20 as long as it is attached to a mobile communication terminal and stores subscriber information used for mobile communication.
 また、スマートフォン10は、暗号資産(仮想通貨)の利用に用いられる。具体的には、スマートフォン10は、暗号資産のウォレットである。例えば、スマートフォン10にウォレット用のアプリケーションがインストールされて実行されることで、スマートフォン10は、暗号資産のウォレットとなる。スマートフォン10によって利用される暗号資産は、従来と同様のものでよく、例えば、イーサリアム、ソラナ及びポルカドット等(これらのプラットフォームで利用される暗号資産)である。 The smartphone 10 is also used to use crypto assets (virtual currencies). Specifically, the smartphone 10 is a wallet for crypto assets. For example, a wallet application is installed and executed on the smartphone 10, so that the smartphone 10 becomes a wallet for crypto assets. The crypto assets used by the smartphone 10 may be the same as conventional ones, such as Ethereum, Solana, and Polkadot (crypto assets used on these platforms).
 暗号資産を利用する際には秘匿情報が用いられる。秘匿情報は、暗号資産の所有者、即ち、スマートフォン10のユーザ以外に対して秘匿されるべき情報である。秘匿情報は、例えば、秘密鍵である。秘密鍵は、暗号資産毎(例えば、暗号資産の種別又は口座毎)の情報である。秘密鍵が流出すると、暗号資産が不正に利用されるおそれがある。通常、暗号資産には中央集権的な管理者が存在しないため、暗号資産の所有者以外によっては、アカウントの停止及び復元を行うことができない。そのため、秘密鍵が流出した場合、暗号資産の不正利用を防止することができない。後述するようにスマートフォン10は、秘匿情報を安全に保持するための本実施形態に係る機能を有する。当該機能は、例えば、上記のウォレット用のアプリケーションによって実現されてもよいし、それ以外によって実現されてもよい。また、本実施形態に係る機能の対象となる秘匿情報は秘密鍵であるとするが、秘密鍵以外の秘匿情報(例えば、シークレットリカバリーフレーズ)であってもよい。 Confidential information is used when using crypto assets. Confidential information is information that should be kept secret from anyone other than the owner of the cryptographic asset, ie, the user of the smartphone 10. The confidential information is, for example, a private key. The private key is information for each crypto asset (for example, for each type of crypto asset or account). If the private key is leaked, there is a risk that the crypto assets will be used illegally. Since there is usually no centralized administrator for crypto assets, accounts cannot be suspended or restored by anyone other than the owner of the crypto assets. Therefore, if the private key is leaked, it is impossible to prevent unauthorized use of the cryptographic asset. As will be described later, the smartphone 10 has a function according to this embodiment for safely holding confidential information. The function may be realized by, for example, the above-mentioned wallet application, or may be realized by something else. Further, although the confidential information targeted by the function according to this embodiment is a private key, it may be confidential information other than the private key (for example, a secret recovery phrase).
 引き続いて、本実施形態に係るスマートフォン10の機能を説明する。なお、スマートフォン10は、従来のスマートフォン等の従来の移動通信端末が備える機能を有していてもよい。また、スマートフォン10は、従来の暗号資産のウォレットが備える機能を有していてもよい。 Subsequently, the functions of the smartphone 10 according to the present embodiment will be explained. Note that the smartphone 10 may have functions provided in conventional mobile communication terminals such as conventional smartphones. Furthermore, the smartphone 10 may have the functions of a conventional crypto asset wallet.
 スマートフォン10は、複数の記憶領域を用いて本実施形態に係る機能を実現する。複数の記憶領域のうちの一つは、スマートフォン10に装着されるSIM20である。例えば、図1に示すように、SIM20に含まれるセキュアエレメント20aが、本実施形態に係る機能に用いられる。なお、セキュアエレメント20a以外のSIM20の記憶領域を、本実施形態に係る機能に用いられる記憶領域として用いてもよい。 The smartphone 10 implements the functions according to the present embodiment using a plurality of storage areas. One of the plurality of storage areas is SIM 20 installed in smartphone 10. For example, as shown in FIG. 1, a secure element 20a included in the SIM 20 is used for the functions according to this embodiment. Note that a storage area of the SIM 20 other than the secure element 20a may be used as a storage area used for the function according to this embodiment.
 複数の記憶領域のうちの一つは、スマートフォン10本体に設けられる記憶領域である。例えば、図1に示すように、スマートフォン10本体に設けられる記憶領域のうちの予め設定される一部である、ウォレット用のアプリケーションに用いられるアプリケーション用記憶領域11である。なお、上記以外のスマートフォン10本体に設けられる記憶領域を、本実施形態に係る機能に用いられる記憶領域として用いてもよい。また、上記の2つ以外の記憶領域が、本実施形態に係る機能に用いられてもよい。 One of the multiple storage areas is a storage area provided in the main body of the smartphone 10. For example, as shown in FIG. 1, it is an application storage area 11 used for a wallet application, which is a preset part of the storage area provided in the main body of the smartphone 10. Note that a storage area provided in the main body of the smartphone 10 other than those described above may be used as a storage area used for the function according to the present embodiment. Furthermore, storage areas other than the above two may be used for the functions according to this embodiment.
 図1に示すように、スマートフォン10は、機能部として、取得部12と、記憶部13と、利用部14とを備える。 As shown in FIG. 1, the smartphone 10 includes an acquisition unit 12, a storage unit 13, and a usage unit 14 as functional units.
 取得部12は、暗号資産の利用に用いられると共に秘匿されるべき秘匿情報が分割された複数の分割後情報を取得する機能部である。取得部12は、秘匿情報を取得して、取得した秘匿情報を複数の分割後情報に分割することで取得してもよい。 The acquisition unit 12 is a functional unit that acquires a plurality of pieces of divided information obtained by dividing confidential information that is used for the use of cryptographic assets and is to be kept confidential. The acquisition unit 12 may acquire confidential information and divide the acquired confidential information into a plurality of pieces of divided information.
 上述したように本実施形態では、秘匿情報は秘密鍵である。取得部12は、従来と同様の方法で秘密鍵を取得する。例えば、スマートフォン10のユーザが初めて暗号資産を利用する際に、当該暗号資産の発行元のサーバ(図示せず)から秘密鍵を取得する。なお、秘密鍵は公開鍵と対になっており、取得部12は、秘密鍵と対になっている公開鍵も取得する。なお、公開鍵は、暗号資産の利用の際に従来の公開鍵と同様に利用されればよい。 As described above, in this embodiment, the confidential information is a private key. The acquisition unit 12 acquires the private key using a conventional method. For example, when the user of the smartphone 10 uses a cryptographic asset for the first time, the user obtains a private key from a server (not shown) that is an issuer of the cryptographic asset. Note that the private key is paired with a public key, and the acquisition unit 12 also acquires the public key paired with the private key. Note that the public key may be used in the same manner as conventional public keys when using cryptographic assets.
 分割後情報は、秘匿情報を分割したものであり、秘匿情報を生成するためのものである。予め設定した数の分割後情報が、秘匿情報から分割されて生成される。本実施形態では、秘密鍵の分割後情報をシェアと呼ぶ。秘密鍵は、予め設定した数(なお、この数は、分割後情報の数と一致していなくてもよい)の異なる複数のシェアから生成(再生成)することができる。秘密鍵は、予め設定した数未満のシェアからは生成することができない。本実施形態では、後述するように、秘密鍵から3つのシェアを生成し、そのうちの任意の2つのシェアから秘密鍵を生成することができる。 The divided information is obtained by dividing confidential information and is used to generate confidential information. A preset number of divided information is generated by dividing the confidential information. In this embodiment, the information after the private key has been divided is called a share. The secret key can be generated (regenerated) from a preset number of different shares (note that this number does not have to match the number of post-division information). A private key cannot be generated from less than a preset number of shares. In this embodiment, as will be described later, three shares are generated from a private key, and a private key can be generated from any two of the shares.
 秘密鍵は、例えば、数字列であり、数値として扱うことができる。各シェアは、例えば、2次元座標空間における座標である。図2(a)に、この場合の秘密鍵及び複数のシェアの例を示す。秘密鍵の数値b及び所定の数値aに対して、x軸及びy軸を有する2次元空間上のy=ax+bで示される直線上の座標がシェアである。この場合、上記の直線のy軸との交点の座標(0,b)のy座標であるy切片が秘密鍵の数値bとなる。2つのシェアである座標を知ることができれば、直線を算出することができ、そのy切片を秘密鍵の数値bとして算出することができる。 The private key is, for example, a string of numbers and can be treated as a number. Each share is, for example, a coordinate in a two-dimensional coordinate space. FIG. 2(a) shows an example of the secret key and multiple shares in this case. With respect to the numerical value b of the private key and the predetermined numerical value a, the coordinates on a straight line represented by y=ax+b on a two-dimensional space having an x-axis and a y-axis are shares. In this case, the y-intercept, which is the y-coordinate of the coordinate (0, b) of the intersection of the above-mentioned straight line with the y-axis, becomes the numerical value b of the secret key. If the coordinates of the two shares can be known, a straight line can be calculated, and its y-intercept can be calculated as the value b of the private key.
 取得部12は、取得した秘密鍵から、予め記憶した方法によって複数のシェアを生成する。例えば、取得部12は、シャミアの閾値法(低次元の例)を用いて以下のように複数のシェアを生成する。取得部12は、2次元空間上の所定の座標を、生成する複数のシェアの1つであるキーシェアとする。キーシェアの座標は、ランダムで選択されてもよいし、予め設定した算出ルールに基づいて算出されたものであってもよい。取得部12は、秘密鍵の数値bをy切片とすると共にキーシェアの座標を通る直線を算出する。即ち、取得部12は、秘密鍵の数値bであるy切片とキーシェアの座標とから、y=ax+bのaを算出する。取得部12は、算出した直線上の、キーシェアの座標及びy切片以外の異なる2つの点の座標をシェア(例えば、図2(a)のシェアA、シェアA´)とする。直線上のシェアとする座標は、ランダムで選択されてもよいし、予め設定した算出ルールに基づいて算出されたものであってもよい。 The acquisition unit 12 generates a plurality of shares from the acquired private key using a method stored in advance. For example, the acquisition unit 12 generates a plurality of shares as follows using Shamir's threshold method (low-dimensional example). The acquisition unit 12 sets a predetermined coordinate on the two-dimensional space as a key share, which is one of the plurality of shares to be generated. The key share coordinates may be selected at random or may be calculated based on preset calculation rules. The acquisition unit 12 uses the numerical value b of the private key as the y-intercept and calculates a straight line passing through the coordinates of the key shares. That is, the acquisition unit 12 calculates a of y=ax+b from the y-intercept, which is the numerical value b of the private key, and the coordinates of the key shares. The acquisition unit 12 sets the coordinates of two different points on the calculated straight line, other than the coordinates of the key share and the y-intercept, as shares (for example, share A and share A' in FIG. 2A). The coordinates to be shared on the straight line may be selected at random, or may be calculated based on preset calculation rules.
 上記の通り、秘密鍵は、暗号資産毎の情報であるため、スマートフォン10で複数の暗号資産を利用する場合には、取得部12は、暗号資産毎の秘密鍵のシェアを取得する。例えば、スマートフォン10で暗号資産A、暗号資産B及び暗号資産Cの3種類の暗号資産を利用する場合には、図1に示すように、それらに対応する秘密鍵A、秘密鍵B及び秘密鍵Cについてのシェアを取得する。 As described above, since the private key is information for each cryptographic asset, when multiple cryptographic assets are used in the smartphone 10, the acquisition unit 12 acquires the share of the private key for each cryptographic asset. For example, when using three types of cryptographic assets, cryptographic asset A, cryptographic asset B, and cryptographic asset C on the smartphone 10, as shown in FIG. 1, the corresponding private key A, private key B, and private key Obtain the share of C.
 取得部12は、生成したシェア(例えば、図2(a)のキーシェア、シェアA、シェアA´の3つのシェア)を記憶部13に出力する。また、取得部12は、シェアを生成したら秘密鍵を破棄する。例えば、利用部14は、スマートフォン10の記憶領域上の秘密鍵を削除する。秘密鍵を破棄することで、秘密鍵の漏洩を防止する。また、秘密鍵を破棄することで、その後、秘密鍵を利用する際、即ち、暗号資産を利用する際には、複数のシェアから秘密鍵を生成することが必要となる。 The acquisition unit 12 outputs the generated shares (for example, the three shares of the key share, share A, and share A' in FIG. 2(a)) to the storage unit 13. Further, the acquisition unit 12 discards the private key after generating the share. For example, the usage unit 14 deletes the private key on the storage area of the smartphone 10. Prevent leakage of the private key by destroying the private key. Further, by discarding the private key, it becomes necessary to generate the private key from a plurality of shares when the private key is subsequently used, that is, when using cryptographic assets.
 なお、秘密鍵の分割、即ち、シェアの生成は、必ずしも上記のように行われる必要はなく、上記以外の方法で行われてもよい。また、秘密鍵及びシェアは、上記のように数字の文字列及び座標である必要はなく、複数のシェアから秘密鍵を生成可能なものであればどのようなものであってもよい。 Note that the splitting of the private key, that is, the generation of shares, does not necessarily have to be performed as described above, and may be performed using a method other than the above. Further, the secret key and share do not need to be a string of numbers and coordinates as described above, and may be anything as long as a secret key can be generated from a plurality of shares.
 記憶部13は、取得部12によって取得された分割後情報の何れかを加入者認証モジュールに、分割後情報の何れかを加入者認証モジュール以外の自端末の記憶領域にそれぞれ記憶させる機能部である。記憶部13は、分割後情報の何れかを、加入者認証モジュールによる移動体通信に係る移動体通信網上の装置に記憶させてもよい。例えば、記憶部13は、以下のように分割後情報であるシェアを記憶領域に記憶させる。 The storage unit 13 is a functional unit that stores any of the divided information acquired by the acquisition unit 12 in the subscriber authentication module, and stores any of the divided information in the storage area of its own terminal other than the subscriber authentication module. be. The storage unit 13 may store any of the divided information in a device on a mobile communication network related to mobile communication using the subscriber authentication module. For example, the storage unit 13 stores shares, which are post-division information, in the storage area as follows.
 記憶部13は、取得部12から複数のシェアを入力する。記憶部13は、入力したシェアのうち、キーシェア以外のシェアの1つ(例えば、図1に示すシェアA)をSIM20のセキュアエレメント20aに記憶させる。記憶部13は、入力したシェアのうち、キーシェア及びSIM20のセキュアエレメント20aに記憶させたシェア以外のシェア(例えば、図1に示すシェアA´)をアプリケーション用記憶領域11に記憶させる。なお、シェアを各記憶領域20a,11に記憶させる際には、記憶させるシェアがどの暗号資産の秘密鍵に対応するものであるか判別できるようにしておく(以下についても同様)。 The storage unit 13 inputs a plurality of shares from the acquisition unit 12. The storage unit 13 stores one of the input shares other than the key share (for example, share A shown in FIG. 1) in the secure element 20a of the SIM 20. Among the input shares, the storage unit 13 stores shares other than the key share and the share stored in the secure element 20a of the SIM 20 (for example, share A' shown in FIG. 1) in the application storage area 11. Note that when storing shares in each of the storage areas 20a and 11, it is possible to determine which cryptographic asset's private key the stored share corresponds to (the same applies below).
 記憶部13は、入力したシェアのうち、SIM20のセキュアエレメント20a及びアプリケーション用記憶領域11に記憶させたシェア以外のシェアであるキーシェアをウォレット管理サーバ30に送信して、ウォレット管理サーバ30にキーシェアを記憶させる。ウォレット管理サーバ30は、SIM20による移動体通信に係る移動体通信網上の装置である。 Among the input shares, the storage unit 13 transmits key shares other than the shares stored in the secure element 20a of the SIM 20 and the application storage area 11 to the wallet management server 30, and stores the key shares in the wallet management server 30. Remember the share. The wallet management server 30 is a device on a mobile communication network related to mobile communication using the SIM 20.
 ウォレット管理サーバ30は、スマートフォン10から送信されたキーシェアを受信して記憶する。キーシェアをウォレット管理サーバ30に記憶させる際には、記憶させるシェアが、どのSIM20及びどの暗号資産の秘密鍵に対応するものであるか判別できるようにしておく。例えば、ウォレット管理サーバ30は、当該移動体通信網の通信事業者によって提供される。ウォレット管理サーバ30によって、シェアの1つが記憶されることで後述するように、ユーザの利便性を高めることできる。なお、ウォレット管理サーバ30に記憶されるシェアは、キーシェアである必要はなく、キーシェア以外のシェアであってもよい。また、キーシェアは、SIM20のセキュアエレメント20a及びアプリケーション用記憶領域11の何れかに記憶されてもよい。 The wallet management server 30 receives and stores the key share sent from the smartphone 10. When storing a key share in the wallet management server 30, it should be possible to determine which SIM 20 and which crypto asset's private key the stored share corresponds to. For example, the wallet management server 30 is provided by a carrier of the mobile communication network. By storing one of the shares by the wallet management server 30, user convenience can be improved as will be described later. Note that the shares stored in the wallet management server 30 do not need to be key shares, and may be shares other than key shares. Further, the key share may be stored in either the secure element 20a of the SIM 20 or the application storage area 11.
 利用部14は、記憶部13によって異なる記憶領域に記憶された複数の分割後情報から秘匿情報を生成して暗号資産の利用に用いる機能部である。利用部14は、生成した秘匿情報を暗号資産の利用に用いた後、破棄してもよい。例えば、利用部14は、以下のように秘匿情報である秘密鍵を生成して暗号資産の利用に用いる。 The utilization unit 14 is a functional unit that generates confidential information from a plurality of pieces of divided information stored in different storage areas by the storage unit 13 and uses it to utilize the cryptographic asset. The utilization unit 14 may discard the generated confidential information after using it for the use of the cryptographic asset. For example, the utilization unit 14 generates a private key, which is confidential information, as described below and uses it to utilize the cryptographic asset.
 本実施形態における暗号資産の利用は、例えば、サービス又はNFT(非代替性トークン)等に対する暗号資産による支払、即ち、別のウォレットアドレスへの送金である。但し、暗号資産の利用は、上記以外のものであってもよい。 The use of cryptographic assets in this embodiment is, for example, payment using cryptographic assets for services, NFTs (non-fungible tokens), etc., that is, remittance to another wallet address. However, cryptographic assets may be used for purposes other than those described above.
 利用部14は、暗号資産の利用のトリガを入力する。例えば、利用部14は、暗号資産による支払のトリガを入力する。暗号資産の利用のトリガは、例えば、ユーザのスマートフォン10に対する操作である。また、当該トリガは、それ以外であってもよい。利用部14は、当該トリガとあわせて利用する暗号資産を特定する情報を入力してもよい。 The utilization unit 14 inputs a trigger for the use of cryptographic assets. For example, the utilization unit 14 inputs a trigger for payment using crypto assets. The trigger for the use of cryptographic assets is, for example, a user's operation on the smartphone 10. Further, the trigger may be other than that. The usage unit 14 may input information specifying the cryptographic asset to be used in conjunction with the trigger.
 利用部14は、当該トリガを入力すると、利用する暗号資産に係るシェアを、SIM20のセキュアエレメント20aと、アプリケーション用記憶領域11とからそれぞれ読み出す。利用部14は、読み出したそれぞれのシェアから秘密鍵を生成する。複数のシェアからの秘密鍵の生成は、秘密鍵からシェアを生成する方法に対応する方法で行われればよい。例えば、図2に示す秘密鍵及びシェアの例では、シェアである座標から直線を算出して、直線のy切片を秘密鍵とすればよい。なお、シェアからの秘密鍵の生成は、必ずしも上記のように行われる必要はなく、上記以外の方法で行われてもよい。 When the trigger is input, the usage unit 14 reads out the shares related to the cryptographic assets to be used from the secure element 20a of the SIM 20 and the application storage area 11, respectively. The utilization unit 14 generates a private key from each read share. Generating a private key from a plurality of shares may be performed using a method corresponding to the method for generating shares from a private key. For example, in the example of the private key and share shown in FIG. 2, a straight line may be calculated from the coordinates of the share, and the y-intercept of the straight line may be used as the private key. Note that the generation of a private key from a share does not necessarily have to be performed as described above, and may be performed using a method other than the above.
 利用部14は、生成した秘密鍵を暗号資産の利用に用いる。例えば、利用部14は、生成した秘密鍵を暗号資産による支払先のサーバ40に送信する。通常、サーバ40は、Web3のサービスとして、利用される暗号資産の種別毎(例えば、図1に示す、暗号資産A、暗号資産B及び暗号資産C毎)に設けられる。なお、暗号資産の利用に際しての、利用部14による秘密鍵の用いられ方は、上記の態様を含む従来と同様のものよい。 The usage unit 14 uses the generated private key to use the cryptographic asset. For example, the utilization unit 14 transmits the generated private key to the server 40 to which the cryptographic asset is paid. Normally, the server 40 is provided for each type of cryptographic asset used as a service of the Web 3 (for example, for each cryptographic asset A, cryptographic asset B, and cryptographic asset C shown in FIG. 1). Note that when using cryptographic assets, the usage unit 14 may use the private key in the same manner as in the past, including the above-mentioned aspects.
 利用部14は、暗号資産の利用が終了すると、生成した秘密鍵を破棄する。例えば、利用部14は、スマートフォン10の記憶領域上の秘密鍵を削除する。また、利用部14は、秘密鍵の生成に用いるために読み出した(SIM20のセキュアエレメント20a及びアプリケーション用記憶領域11以外の)スマートフォン10の記憶領域上のシェアも破棄する。なお、シェアの破棄は、秘密鍵が生成された時点で行われてもよい。利用部14は、秘密鍵を利用する度に生成する。秘密鍵が利用されない時間帯には、スマートフォン10では、秘密鍵に係る情報としては、SIM20のセキュアエレメント20a及びアプリケーション用記憶領域11のシェアのみが記憶される。 The usage unit 14 discards the generated private key when the use of the cryptographic asset is finished. For example, the usage unit 14 deletes the private key on the storage area of the smartphone 10. The utilization unit 14 also discards the share on the storage area of the smartphone 10 (other than the secure element 20a of the SIM 20 and the application storage area 11) that has been read out for use in generating the private key. Note that the share may be discarded at the time the private key is generated. The usage unit 14 generates a private key every time it is used. During a time period when the private key is not used, the smartphone 10 stores only the share of the secure element 20a of the SIM 20 and the application storage area 11 as information related to the private key.
 上記では、取得部12によるシェアの生成及び記憶部13による記憶は、例えば、暗号資産の発行元のサーバから秘密鍵を取得する際に行われることとしていたが、それ以外のタイミングで行われてもよい。また、その際に新たなシェアを生成するために用いる秘密鍵は、過去に当該秘密鍵について生成されて記憶領域に記憶されているシェアから生成されたものであってもよい。 In the above, the generation of the share by the acquisition unit 12 and the storage by the storage unit 13 are performed, for example, when acquiring the private key from the server of the crypto asset issuer, but they may be performed at other times. Good too. Further, the private key used to generate a new share at this time may be generated from a share that has been generated for the private key in the past and stored in the storage area.
 例えば、秘密鍵に係るシェアの一部が漏洩したおそれがある場合(例えば、1つのシェアが盗難された場合)に、取得部12は、利用部14による方法と同様に、シェアをSIM20のセキュアエレメント20aと、アプリケーション用記憶領域11とからそれぞれ読み出し、秘密鍵を生成して取得する。取得部12は、取得した秘密鍵から上記と同様にシェアを生成する。なお、シェアを再生成する場合、再生成されるシェアは、古いシェアとは異なるものにされる。例えば、図2(a)で説明した方法でシェアを生成する場合、図2(b)に示すようにキーシェアを古いキーシェアとは異なるものとして生成して、各シェアを生成すればよい。 For example, when there is a possibility that some of the shares related to the private key have been leaked (for example, when one share is stolen), the acquisition unit 12 uses the same method as the usage unit 14 to transfer the shares to the secure SIM 20. The private key is read from the element 20a and the application storage area 11, respectively, and a private key is generated and acquired. The acquisition unit 12 generates a share from the acquired private key in the same manner as described above. Note that when regenerating a share, the regenerated share is different from the old share. For example, when generating shares using the method described in FIG. 2(a), each share may be generated by generating a key share different from the old key share as shown in FIG. 2(b).
 また、記憶部13は、取得部12によって生成されたシェアを上記と同様に記憶領域に記憶させる。上記のシェアの再生成及び再記憶は、例えば、スマートフォン10のユーザの操作、外部からの操作又はスマートフォン10に設定された一定の条件に従って行われればよい。また、上記のシェアの再生成及び再記憶が行われる場合には、古いシェアは全て記憶領域から削除される。 The storage unit 13 also stores the shares generated by the acquisition unit 12 in the storage area in the same manner as described above. The regeneration and re-storage of the shares may be performed, for example, in accordance with an operation by the user of the smartphone 10, an external operation, or certain conditions set in the smartphone 10. In addition, when the shares are regenerated and re-stored, all old shares are deleted from the storage area.
 また、シェアが記憶されたSIM20を、スマートフォン10と同じ機能を有する別のスマートフォン10に差し替えた場合に、当該別のスマートフォン10においてシェアの再生成が行われてもよい。この場合、当該別のスマートフォン10の取得部12は、シェアをSIM20のセキュアエレメント20aから読み出す。また、当該別のスマートフォン10の取得部12は、SIM20を用いた移動体通信によってウォレット管理サーバ30にアクセスして、ウォレット管理サーバ30に記憶されたキーシェアを読み出す。当該別のスマートフォン10の取得部12は、読み出したシェア及びキーシェアから秘密鍵を生成して取得する。当該別のスマートフォン10の取得部12は、取得した秘密鍵から上記と同様にシェアを生成する。当該別のスマートフォン10の記憶部13は、取得部12によって生成されたシェアを、当該別のスマートフォン10のSIM20のセキュアエレメント20a及びアプリケーション用記憶領域11、並びにウォレット管理サーバ30に記憶させる。 Furthermore, when the SIM 20 in which the share is stored is replaced with another smartphone 10 that has the same functions as the smartphone 10, the share may be regenerated in the other smartphone 10. In this case, the acquisition unit 12 of the other smartphone 10 reads the share from the secure element 20a of the SIM 20. Further, the acquisition unit 12 of the other smartphone 10 accesses the wallet management server 30 through mobile communication using the SIM 20 and reads out the key share stored in the wallet management server 30. The acquisition unit 12 of the other smartphone 10 generates and acquires a private key from the read shares and key shares. The acquisition unit 12 of the other smartphone 10 generates a share from the acquired private key in the same manner as described above. The storage unit 13 of the other smartphone 10 stores the share generated by the acquisition unit 12 in the secure element 20a of the SIM 20 of the other smartphone 10, the application storage area 11, and the wallet management server 30.
 このようにウォレット管理サーバ30にキーシェア(シェア)を記憶させておくことで、キーシェアとSIM20のセキュアエレメント20aとに記憶されているシェアから秘密鍵を再生成することができる。従って、シェアが記憶されているSIM20さえあれば、例えば、機種変更等で上記のようにスマートフォン10を変更したとしても、秘密鍵を再生成することができ、暗号資産を利用することができる。 By storing the key share in the wallet management server 30 in this way, the private key can be regenerated from the key share and the share stored in the secure element 20a of the SIM 20. Therefore, as long as there is a SIM 20 in which the share is stored, even if the smartphone 10 is changed as described above, for example, due to a model change, the private key can be regenerated and the cryptographic assets can be used.
 上記では、取得部12は、秘密鍵を取得してシェアを生成して取得していた。しかしながら、取得部12は、秘密鍵を取得せずに、外部からシェアのみを取得してもよい。例えば、ウォレット管理サーバ30が、スマートフォン10のユーザ用の秘密鍵を取得して、上記と同様に秘密鍵からシェアを生成する。ウォレット管理サーバ30は、生成したシェアをスマートフォン10に送信する。取得部12は、送信されたシェアを受信して取得する。なお、スマートフォン10にシェアを送信する装置は、ウォレット管理サーバ30以外の装置であってもよい。また、ウォレット管理サーバ30によってシェアが生成される場合には、キーシェアはスマートフォン10に送信されずにウォレット管理サーバ30に記憶されてもよい。 In the above, the acquisition unit 12 acquires a private key and generates and acquires a share. However, the acquisition unit 12 may acquire only the share from the outside without acquiring the private key. For example, the wallet management server 30 obtains a private key for the user of the smartphone 10 and generates a share from the private key in the same manner as described above. Wallet management server 30 transmits the generated share to smartphone 10. The acquisition unit 12 receives and acquires the transmitted shares. Note that the device that transmits shares to the smartphone 10 may be a device other than the wallet management server 30. Further, when a share is generated by the wallet management server 30, the key share may be stored in the wallet management server 30 without being sent to the smartphone 10.
 スマートフォン10において、取得及び生成される秘密鍵はユーザによって認識できる形式では出力されないようにしてもよい。例えば、秘密鍵は、スマートフォン10において表示されてないようにしてもよい。このようにユーザが秘密鍵を認識できなければ、人為的な秘密鍵の漏洩を防ぐことができる。以上が、本実施形態に係るスマートフォン10の機能である。 In the smartphone 10, the acquired and generated private key may not be output in a format that can be recognized by the user. For example, the private key may not be displayed on the smartphone 10. If the user cannot recognize the private key in this way, it is possible to prevent the private key from being artificially leaked. The above are the functions of the smartphone 10 according to this embodiment.
 引き続いて、図3及び図4のフローチャートを用いて、本実施形態に係る移動通信端末であるスマートフォン10で実行される処理(スマートフォン10が行う動作方法)を説明する。まず、図3のフローチャートを用いて、シェアが記憶領域に記憶される際の処理を説明する。例えば、本処理は、スマートフォン10のユーザが初めて暗号資産を利用する際等に行われる。本処理では、まず、取得部12によって、秘匿情報である秘密鍵が分割された複数の分割後情報である複数のシェアが取得される(S01)。複数のシェアの取得は、秘密鍵を取得して取得した秘密鍵を複数のシェアに分割することで行われてもよいし、外部から複数のシェアを受信することで行われてもよい。続いて、記憶部13によって、複数のシェアそれぞれが異なる記憶領域にそれぞれ記憶させられる(S02)。具体的には、1つのシェアが、SIM20のセキュアエレメント20aに記憶される。また、1つのシェアが、アプリケーション用記憶領域11に記憶される。また、キーシェアが、ウォレット管理サーバ30に記憶される。以上が、シェアが記憶領域に記憶される際の処理である。 Subsequently, the process executed by the smartphone 10, which is the mobile communication terminal according to the present embodiment (the operation method performed by the smartphone 10), will be explained using the flowcharts of FIGS. 3 and 4. First, the process when a share is stored in a storage area will be explained using the flowchart of FIG. For example, this process is performed when the user of the smartphone 10 uses crypto assets for the first time. In this process, first, the acquisition unit 12 acquires a plurality of shares, which are a plurality of pieces of post-division information obtained by dividing a private key, which is confidential information (S01). Acquisition of a plurality of shares may be performed by obtaining a private key and dividing the obtained private key into a plurality of shares, or may be performed by receiving a plurality of shares from the outside. Subsequently, the plurality of shares are respectively stored in different storage areas by the storage unit 13 (S02). Specifically, one share is stored in the secure element 20a of the SIM 20. Further, one share is stored in the application storage area 11. Additionally, the key share is stored in the wallet management server 30. The above is the process when shares are stored in the storage area.
 続いて、図4のフローチャートを用いて、秘密鍵が利用される際の処理を説明する。本処理は、暗号資産を利用する際、具体的には、利用部14に暗号資産の利用のトリガが入力された際に行われる。本処理では、利用部14によって、利用する暗号資産に係るシェアが、SIM20のセキュアエレメント20aと、アプリケーション用記憶領域11とからそれぞれ読み出される(S11)。続いて、利用部14によって、読み出されたそれぞれのシェアから秘密鍵が生成される(S12)。続いて、利用部14によって、生成された秘密鍵が暗号資産の利用に用いられる(S13)。続いて、利用部14によって、暗号資産に利用に用いられた秘密鍵が破棄される(S14)。以上が、秘密鍵が利用される際の処理である。 Next, the process when the private key is used will be explained using the flowchart in FIG. 4. This process is performed when using a cryptographic asset, specifically when a trigger for using the cryptographic asset is input to the usage unit 14. In this process, the usage unit 14 reads out the shares related to the cryptographic assets to be used from the secure element 20a of the SIM 20 and the application storage area 11 (S11). Subsequently, the usage unit 14 generates a private key from each read share (S12). Subsequently, the usage unit 14 uses the generated private key to use the cryptographic asset (S13). Subsequently, the utilization unit 14 discards the private key used for the cryptographic asset (S14). The above is the process when the private key is used.
 本実施形態によれば、複数の独立した記憶領域であるSIM20のセキュアエレメント20aと、アプリケーション用記憶領域11とにシェアを記憶させることができる。これら複数のシェアのうち1つのシェアが盗難されても秘密鍵を生成することはできない。このように物理的に遮断された複数の環境にシェアを保管することでハッキング等への対策となる。このように本実施形態によれば、秘匿情報である秘密鍵を安全に保持することができる。 According to this embodiment, shares can be stored in the secure element 20a of the SIM 20 and the application storage area 11, which are a plurality of independent storage areas. Even if one share among these multiple shares is stolen, a private key cannot be generated. Storing shares in multiple physically isolated environments in this way serves as a countermeasure against hacking, etc. In this manner, according to this embodiment, the private key, which is confidential information, can be safely held.
 また、物理的に遮断された複数の環境にシェアを記憶させているものの、スマートフォン10という1つの媒体でシェアの分散管理を実現させている。従って、本実施形態は、シェアの管理のためユーザが複数の媒体を有する必要がなく、管理が煩雑になることを防いでいる。 In addition, although shares are stored in multiple physically separated environments, distributed management of shares is achieved using a single medium, the smartphone 10. Therefore, this embodiment does not require users to have multiple media for managing shares, preventing management from becoming complicated.
 なお、シェアの記憶は、必ずしも本実施形態のように行われる必要はなく、SIM20と、SIM20以外のスマートフォン上の記憶領域とに行われればい。また、本実施形態では、スマートフォン10上では、SIM20のセキュアエレメント20aと、アプリケーション用記憶領域11との2つの記憶領域にシェアが記憶されていたが、3つ以上の互いに異なる記憶領域にシェアが記憶されてもよい。また、1つの記憶領域に1つの秘密鍵について複数のシェアが記憶されてもよい。 Note that storage of shares does not necessarily need to be performed as in this embodiment, and may be performed in the SIM 20 and a storage area on the smartphone other than the SIM 20. Furthermore, in the present embodiment, shares are stored in two storage areas, the secure element 20a of the SIM 20 and the application storage area 11, on the smartphone 10, but shares are stored in three or more different storage areas. May be stored. Further, a plurality of shares for one private key may be stored in one storage area.
 また、本実施形態のように、シェアをSIM20による移動体通信に係る移動体通信網上の装置であるウォレット管理サーバ30に記憶させてもよい。上述したようにウォレット管理サーバ30のシェア(キーシェア)を用いることで、(SIM20を含む)スマートフォン10に記憶されたシェアを全て用いなくても秘密鍵を生成することができる。このように、ウォレット管理サーバ30のシェアをセーフティネットとして機能させることができる。あるいは、SIM20を別のスマートフォンに差し替えた場合に容易に秘密鍵を生成することができる。このように、ユーザの利便性を高くすることができる。なお、シェアが記憶される装置は、SIM20による移動体通信に係る移動体通信網上の装置であればウォレット管理サーバ30以外の装置であってもよい。また、生成されたシェアは、必ずしも、SIM20による移動体通信に係る移動体通信網上の装置に記憶される必要はなく、SIM20と、SIM20以外のスマートフォン上の記憶領域とのみに記憶されてもよい。 Furthermore, as in this embodiment, the share may be stored in the wallet management server 30, which is a device on a mobile communication network related to mobile communication using the SIM 20. As described above, by using the share (key share) of the wallet management server 30, a private key can be generated without using all the shares stored in the smartphone 10 (including the SIM 20). In this way, the share of the wallet management server 30 can function as a safety net. Alternatively, the private key can be easily generated when the SIM 20 is replaced with another smartphone. In this way, user convenience can be enhanced. Note that the device storing the share may be a device other than the wallet management server 30 as long as it is a device on a mobile communication network related to mobile communication using the SIM 20. Further, the generated share does not necessarily need to be stored in a device on a mobile communication network related to mobile communication using the SIM 20, and may be stored only in the SIM 20 and a storage area on a smartphone other than the SIM 20. good.
 また、本実施形態のように、暗号資産の利用のためにシェアから生成した秘密鍵は、暗号資産の利用に用いられた後、破棄されてもよい。このように暗号資産の利用の度に秘密鍵の生成及び破棄を行うことで、秘密鍵の漏洩を防止し、秘匿情報である秘密鍵を更に安全に保持することができる。 Furthermore, as in this embodiment, the private key generated from the share for the use of the cryptographic asset may be discarded after being used for the use of the cryptographic asset. By generating and destroying a private key each time a cryptographic asset is used in this manner, leakage of the private key can be prevented and the private key, which is confidential information, can be held even more safely.
 また、本実施形態のように、スマートフォン10において秘密鍵を取得して、取得した秘密鍵を複数のシェアに分割して取得することとしてもよい。この構成によれば、確実かつシェアを他者に知られることなくシェアを生成することができ、秘匿情報である秘密鍵を更に安全に保持することができる。但し、スマートフォン10でシェアの生成が行われる必要はなく、上述したように外部からシェアを受信して取得してもよい。 Furthermore, as in this embodiment, the private key may be acquired in the smartphone 10, and the acquired private key may be divided into multiple shares and acquired. According to this configuration, shares can be generated reliably without the shares being known to others, and the private key, which is confidential information, can be held even more safely. However, it is not necessary for the smartphone 10 to generate shares, and shares may be received and acquired from the outside as described above.
 なお、上記実施形態の説明に用いたブロック図は、機能単位のブロックを示している。これらの機能ブロック(構成部)は、ハードウェア及びソフトウェアの少なくとも一方の任意の組み合わせによって実現される。また、各機能ブロックの実現方法は特に限定されない。すなわち、各機能ブロックは、物理的又は論理的に結合した1つの装置を用いて実現されてもよいし、物理的又は論理的に分離した2つ以上の装置を直接的又は間接的に(例えば、有線、無線などを用いて)接続し、これら複数の装置を用いて実現されてもよい。機能ブロックは、上記1つの装置又は上記複数の装置にソフトウェアを組み合わせて実現されてもよい。 Note that the block diagram used to explain the above embodiment shows blocks in functional units. These functional blocks (components) are realized by any combination of at least one of hardware and software. Furthermore, the method for realizing each functional block is not particularly limited. That is, each functional block may be realized using one physically or logically coupled device, or may be realized using two or more physically or logically separated devices directly or indirectly (e.g. , wired, wireless, etc.) and may be realized using a plurality of these devices. The functional block may be realized by combining software with the one device or the plurality of devices.
 機能には、判断、決定、判定、計算、算出、処理、導出、調査、探索、確認、受信、送信、出力、アクセス、解決、選択、選定、確立、比較、想定、期待、見做し、報知(broadcasting)、通知(notifying)、通信(communicating)、転送(forwarding)、構成(configuring)、再構成(reconfiguring)、割り当て(allocating、mapping)、割り振り(assigning)などがあるが、これらに限られない。たとえば、送信を機能させる機能ブロック(構成部)は、送信部(transmitting unit)又は送信機(transmitter)と呼称される。いずれも、上述したとおり、実現方法は特に限定されない。 Functions include judgment, decision, judgment, calculation, calculation, processing, derivation, investigation, exploration, confirmation, reception, transmission, output, access, resolution, selection, selection, establishment, comparison, assumption, expectation, consideration, These include, but are not limited to, broadcasting, notifying, communicating, forwarding, configuring, reconfiguring, allocating, mapping, and assigning. I can't do it. For example, a functional block (configuration unit) that performs transmission is called a transmitting unit or transmitter. In either case, as described above, the implementation method is not particularly limited.
 例えば、本開示の一実施の形態におけるスマートフォン10は、本開示の情報処理を行うコンピュータとして機能してもよい。図5は、本開示の一実施の形態に係るスマートフォン10のハードウェア構成の一例を示す図である。上述のスマートフォン10は、物理的には、プロセッサ1001、メモリ1002、ストレージ1003、通信装置1004、入力装置1005、出力装置1006、バス1007などを含むコンピュータ装置として構成されてもよい。また、ウォレット管理サーバ30及びサーバ40のハードウェア構成も、ここで説明するものであってもよい。 For example, the smartphone 10 in an embodiment of the present disclosure may function as a computer that performs the information processing of the present disclosure. FIG. 5 is a diagram illustrating an example of the hardware configuration of the smartphone 10 according to an embodiment of the present disclosure. The smartphone 10 described above may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like. Furthermore, the hardware configurations of the wallet management server 30 and the server 40 may also be as described here.
 なお、以下の説明では、「装置」という文言は、回路、デバイス、ユニットなどに読み替えることができる。スマートフォン10のハードウェア構成は、図に示した各装置を1つ又は複数含むように構成されてもよいし、一部の装置を含まずに構成されてもよい。 Note that in the following description, the word "apparatus" can be read as a circuit, a device, a unit, etc. The hardware configuration of the smartphone 10 may be configured to include one or more of each device shown in the figure, or may be configured without including some of the devices.
 スマートフォン10における各機能は、プロセッサ1001、メモリ1002などのハードウェア上に所定のソフトウェア(プログラム)を読み込ませることによって、プロセッサ1001が演算を行い、通信装置1004による通信を制御したり、メモリ1002及びストレージ1003におけるデータの読み出し及び書き込みの少なくとも一方を制御したりすることによって実現される。 Each function in the smartphone 10 is implemented by loading predetermined software (programs) onto hardware such as the processor 1001 and memory 1002, so that the processor 1001 performs calculations, controls communication by the communication device 1004, and controls communication between the memory 1002 and the memory 1002. This is realized by controlling at least one of reading and writing data in the storage 1003.
 プロセッサ1001は、例えば、オペレーティングシステムを動作させてコンピュータ全体を制御する。プロセッサ1001は、周辺装置とのインターフェース、制御装置、演算装置、レジスタなどを含む中央処理装置(CPU:Central Processing Unit)によって構成されてもよい。例えば、上述のスマートフォン10における各機能は、プロセッサ1001によって実現されてもよい。 The processor 1001 controls the entire computer by operating an operating system, for example. The processor 1001 may be configured by a central processing unit (CPU) that includes interfaces with peripheral devices, a control device, an arithmetic unit, registers, and the like. For example, each function of the smartphone 10 described above may be realized by the processor 1001.
 また、プロセッサ1001は、プログラム(プログラムコード)、ソフトウェアモジュール、データなどを、ストレージ1003及び通信装置1004の少なくとも一方からメモリ1002に読み出し、これらに従って各種の処理を実行する。プログラムとしては、上述の実施の形態において説明した動作の少なくとも一部をコンピュータに実行させるプログラムが用いられる。例えば、スマートフォン10における各機能は、メモリ1002に格納され、プロセッサ1001において動作する制御プログラムによって実現されてもよい。上述の各種処理は、1つのプロセッサ1001によって実行される旨を説明してきたが、2以上のプロセッサ1001により同時又は逐次に実行されてもよい。プロセッサ1001は、1以上のチップによって実装されてもよい。なお、プログラムは、電気通信回線を介してネットワークから送信されても良い。 Furthermore, the processor 1001 reads programs (program codes), software modules, data, etc. from at least one of the storage 1003 and the communication device 1004 to the memory 1002, and executes various processes in accordance with these. As the program, a program that causes a computer to execute at least part of the operations described in the above embodiments is used. For example, each function in the smartphone 10 may be realized by a control program stored in the memory 1002 and operated in the processor 1001. Although the various processes described above have been described as being executed by one processor 1001, they may be executed by two or more processors 1001 simultaneously or sequentially. Processor 1001 may be implemented by one or more chips. Note that the program may be transmitted from a network via a telecommunications line.
 メモリ1002は、コンピュータ読み取り可能な記録媒体であり、例えば、ROM(Read Only Memory)、EPROM(Erasable Programmable ROM)、EEPROM(Electrically Erasable Programmable ROM)、RAM(Random Access Memory)などの少なくとも1つによって構成されてもよい。メモリ1002は、レジスタ、キャッシュ、メインメモリ(主記憶装置)などと呼ばれてもよい。メモリ1002は、本開示の一実施の形態に係る情報処理を実施するために実行可能なプログラム(プログラムコード)、ソフトウェアモジュールなどを保存することができる。 The memory 1002 is a computer-readable recording medium, and includes at least one of ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), and RAM (Random Access Memory). may be done. Memory 1002 may be called a register, cache, main memory, or the like. The memory 1002 can store executable programs (program codes), software modules, and the like to implement information processing according to an embodiment of the present disclosure.
 ストレージ1003は、コンピュータ読み取り可能な記録媒体であり、例えば、CD-ROM(Compact Disc ROM)などの光ディスク、ハードディスクドライブ、フレキシブルディスク、光磁気ディスク(例えば、コンパクトディスク、デジタル多用途ディスク、Blu-ray(登録商標)ディスク)、スマートカード、フラッシュメモリ(例えば、カード、スティック、キードライブ)、フロッピー(登録商標)ディスク、磁気ストリップなどの少なくとも1つによって構成されてもよい。ストレージ1003は、補助記憶装置と呼ばれてもよい。スマートフォン10が備える記憶媒体は、例えば、メモリ1002及びストレージ1003の少なくとも一方を含むデータベース、サーバその他の適切な媒体であってもよい。 The storage 1003 is a computer-readable recording medium, such as an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, or a magneto-optical disk (for example, a compact disk, a digital versatile disk, or a Blu-ray disk). (registered trademark disk), smart card, flash memory (eg, card, stick, key drive), floppy disk, magnetic strip, etc. Storage 1003 may also be called an auxiliary storage device. The storage medium included in the smartphone 10 may be, for example, a database including at least one of the memory 1002 and the storage 1003, a server, or other appropriate medium.
 通信装置1004は、有線ネットワーク及び無線ネットワークの少なくとも一方を介してコンピュータ間の通信を行うためのハードウェア(送受信デバイス)であり、例えばネットワークデバイス、ネットワークコントローラ、ネットワークカード、通信モジュールなどともいう。 The communication device 1004 is hardware (transmission/reception device) for communicating between computers via at least one of a wired network and a wireless network, and is also referred to as a network device, network controller, network card, communication module, etc., for example.
 入力装置1005は、外部からの入力を受け付ける入力デバイス(例えば、キーボード、マウス、マイクロフォン、スイッチ、ボタン、センサなど)である。出力装置1006は、外部への出力を実施する出力デバイス(例えば、ディスプレイ、スピーカー、LEDランプなど)である。なお、入力装置1005及び出力装置1006は、一体となった構成(例えば、タッチパネル)であってもよい。 The input device 1005 is an input device (eg, keyboard, mouse, microphone, switch, button, sensor, etc.) that accepts input from the outside. The output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that performs output to the outside. Note that the input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).
 また、プロセッサ1001、メモリ1002などの各装置は、情報を通信するためのバス1007によって接続される。バス1007は、単一のバスを用いて構成されてもよいし、装置間ごとに異なるバスを用いて構成されてもよい。 Further, each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information. The bus 1007 may be configured using a single bus, or may be configured using different buses for each device.
 また、スマートフォン10は、マイクロプロセッサ、デジタル信号プロセッサ(DSP:Digital Signal Processor)、ASIC(Application Specific Integrated Circuit)、PLD(Programmable Logic Device)、FPGA(Field Programmable Gate Array)などのハードウェアを含んで構成されてもよく、当該ハードウェアにより、各機能ブロックの一部又は全てが実現されてもよい。例えば、プロセッサ1001は、これらのハードウェアの少なくとも1つを用いて実装されてもよい。 The smartphone 10 may also be configured to include hardware such as a microprocessor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a programmable logic device (PLD), or a field programmable gate array (FPGA), and some or all of the functional blocks may be realized by the hardware. For example, the processor 1001 may be implemented using at least one of these pieces of hardware.
 本開示において説明した各態様/実施形態は、LTE(Long Term Evolution)、LTE-A(LTE-Advanced)、SUPER 3G、IMT-Advanced、4G(4th generation mobile communication system)、5G(5th generation mobile communication system)、FRA(Future Radio Access)、NR(new Radio)、W-CDMA(登録商標)、GSM(登録商標)、CDMA2000、UMB(Ultra Mobile Broadband)、IEEE 802.11(Wi-Fi(登録商標))、IEEE 802.16(WiMAX(登録商標))、IEEE 802.20、UWB(Ultra-WideBand)、Bluetooth(登録商標)、その他の適切なシステムを利用するシステム及びこれらに基づいて拡張された次世代システムの少なくとも一つに適用されてもよい。また、複数のシステムが組み合わされて(例えば、LTE及びLTE-Aの少なくとも一方と5Gとの組み合わせ等)適用されてもよい。 Each aspect/embodiment described in this disclosure is LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G (4th generation mobile communication system), 5G (5th generation mobile communication system). system), FRA (Future Radio Access), NR (new Radio), W-CDMA (registered trademark), GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi (registered trademark) )), IEEE 802.16 (WiMAX (registered trademark)), IEEE 802.20, UWB (Ultra-WideBand), Bluetooth (registered trademark), and other appropriate systems and systems expanded based on these. It may be applied to at least one next generation system. Furthermore, a combination of a plurality of systems may be applied (for example, a combination of at least one of LTE and LTE-A and 5G).
 本開示において説明した各態様/実施形態の処理手順、シーケンス、フローチャートなどは、矛盾の無い限り、順序を入れ替えてもよい。例えば、本開示において説明した方法については、例示的な順序を用いて様々なステップの要素を提示しており、提示した特定の順序に限定されない。 The order of the processing procedures, sequences, flowcharts, etc. of each aspect/embodiment described in this disclosure may be changed as long as there is no contradiction. For example, the methods described in this disclosure use an example order to present elements of the various steps and are not limited to the particular order presented.
 入出力された情報等は特定の場所(例えば、メモリ)に保存されてもよいし、管理テーブルを用いて管理してもよい。入出力される情報等は、上書き、更新、又は追記され得る。出力された情報等は削除されてもよい。入力された情報等は他の装置へ送信されてもよい。 The input/output information may be stored in a specific location (for example, memory) or may be managed using a management table. Information etc. to be input/output may be overwritten, updated, or additionally written. The output information etc. may be deleted. The input information etc. may be transmitted to other devices.
 判定は、1ビットで表される値(0か1か)によって行われてもよいし、真偽値(Boolean:true又はfalse)によって行われてもよいし、数値の比較(例えば、所定の値との比較)によって行われてもよい。 Judgment may be made using a value expressed by 1 bit (0 or 1), a truth value (Boolean: true or false), or a comparison of numerical values (for example, a predetermined value). (comparison with a value).
 本開示において説明した各態様/実施形態は単独で用いてもよいし、組み合わせて用いてもよいし、実行に伴って切り替えて用いてもよい。また、所定の情報の通知(例えば、「Xであること」の通知)は、明示的に行うものに限られず、暗黙的(例えば、当該所定の情報の通知を行わない)ことによって行われてもよい。 Each aspect/embodiment described in this disclosure may be used alone, in combination, or may be switched and used in accordance with execution. In addition, notification of prescribed information (for example, notification of "X") is not limited to being done explicitly, but may also be done implicitly (for example, not notifying the prescribed information). Good too.
 以上、本開示について詳細に説明したが、当業者にとっては、本開示が本開示中に説明した実施形態に限定されるものではないということは明らかである。本開示は、請求の範囲の記載により定まる本開示の趣旨及び範囲を逸脱することなく修正及び変更態様として実施することができる。したがって、本開示の記載は、例示説明を目的とするものであり、本開示に対して何ら制限的な意味を有するものではない。 Although the present disclosure has been described in detail above, it is clear for those skilled in the art that the present disclosure is not limited to the embodiments described in the present disclosure. The present disclosure can be implemented as modifications and variations without departing from the spirit and scope of the present disclosure as determined by the claims. Therefore, the description of the present disclosure is for the purpose of illustrative explanation and is not intended to have any limiting meaning on the present disclosure.
 ソフトウェアは、ソフトウェア、ファームウェア、ミドルウェア、マイクロコード、ハードウェア記述言語と呼ばれるか、他の名称で呼ばれるかを問わず、命令、命令セット、コード、コードセグメント、プログラムコード、プログラム、サブプログラム、ソフトウェアモジュール、アプリケーション、ソフトウェアアプリケーション、ソフトウェアパッケージ、ルーチン、サブルーチン、オブジェクト、実行可能ファイル、実行スレッド、手順、機能などを意味するよう広く解釈されるべきである。 Software shall be construed broadly to mean instructions, instruction sets, code, code segments, program code, programs, subprograms, software modules, applications, software applications, software packages, routines, subroutines, objects, executable files, threads of execution, procedures, functions, etc., whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise.
 また、ソフトウェア、命令、情報などは、伝送媒体を介して送受信されてもよい。例えば、ソフトウェアが、有線技術(同軸ケーブル、光ファイバケーブル、ツイストペア、デジタル加入者回線(DSL:Digital Subscriber Line)など)及び無線技術(赤外線、マイクロ波など)の少なくとも一方を使用してウェブサイト、サーバ、又は他のリモートソースから送信される場合、これらの有線技術及び無線技術の少なくとも一方は、伝送媒体の定義内に含まれる。 Software, instructions, information, etc. may also be transmitted and received via a transmission medium. For example, if the software is transmitted from a website, server, or other remote source using at least one of wired technologies (such as coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL)), and/or wireless technologies (such as infrared, microwave), then at least one of these wired and wireless technologies is included within the definition of a transmission medium.
 本開示において使用する「システム」及び「ネットワーク」という用語は、互換的に使用される。 As used in this disclosure, the terms "system" and "network" are used interchangeably.
 また、本開示において説明した情報、パラメータなどは、絶対値を用いて表されてもよいし、所定の値からの相対値を用いて表されてもよいし、対応する別の情報を用いて表されてもよい。 In addition, the information, parameters, etc. described in this disclosure may be expressed using absolute values, relative values from a predetermined value, or using other corresponding information. may be expressed.
 本開示で使用する「判断(determining)」、「決定(determining)」という用語は、多種多様な動作を包含する場合がある。「判断」、「決定」は、例えば、判定(judging)、計算(calculating)、算出(computing)、処理(processing)、導出(deriving)、調査(investigating)、探索(looking up、search、inquiry)(例えば、テーブル、データベース又は別のデータ構造での探索)、確認(ascertaining)した事を「判断」「決定」したとみなす事などを含み得る。また、「判断」、「決定」は、受信(receiving)(例えば、情報を受信すること)、送信(transmitting)(例えば、情報を送信すること)、入力(input)、出力(output)、アクセス(accessing)(例えば、メモリ中のデータにアクセスすること)した事を「判断」「決定」したとみなす事などを含み得る。また、「判断」、「決定」は、解決(resolving)、選択(selecting)、選定(choosing)、確立(establishing)、比較(comparing)などした事を「判断」「決定」したとみなす事を含み得る。つまり、「判断」「決定」は、何らかの動作を「判断」「決定」したとみなす事を含み得る。また、「判断(決定)」は、「想定する(assuming)」、「期待する(expecting)」、「みなす(considering)」などで読み替えられてもよい。 As used in this disclosure, the terms "determining" and "determining" may encompass a wide variety of operations. "Judgment" and "decision" include, for example, judging, calculating, computing, processing, deriving, investigating, looking up, search, and inquiry. (e.g., searching in a table, database, or other data structure), and regarding an ascertaining as a "judgment" or "decision." In addition, "judgment" and "decision" refer to receiving (e.g., receiving information), transmitting (e.g., sending information), input, output, and access. (accessing) (e.g., accessing data in memory) may include considering something as a "judgment" or "decision." In addition, "judgment" and "decision" refer to resolving, selecting, choosing, establishing, comparing, etc. as "judgment" and "decision". may be included. In other words, "judgment" and "decision" may include regarding some action as having been "judged" or "determined." Further, "judgment (decision)" may be read as "assuming", "expecting", "considering", etc.
 「接続された(connected)」、「結合された(coupled)」という用語、又はこれらのあらゆる変形は、2又はそれ以上の要素間の直接的又は間接的なあらゆる接続又は結合を意味し、互いに「接続」又は「結合」された2つの要素間に1又はそれ以上の中間要素が存在することを含むことができる。要素間の結合又は接続は、物理的なものであっても、論理的なものであっても、或いはこれらの組み合わせであってもよい。例えば、「接続」は「アクセス」で読み替えられてもよい。本開示で使用する場合、2つの要素は、1又はそれ以上の電線、ケーブル及びプリント電気接続の少なくとも一つを用いて、並びにいくつかの非限定的かつ非包括的な例として、無線周波数領域、マイクロ波領域及び光(可視及び不可視の両方)領域の波長を有する電磁エネルギーなどを用いて、互いに「接続」又は「結合」されると考えることができる。 The terms "connected", "coupled", or any variations thereof, refer to any connection or coupling, direct or indirect, between two or more elements and to each other. It may include the presence of one or more intermediate elements between two elements that are "connected" or "coupled." The bonds or connections between elements may be physical, logical, or a combination thereof. For example, "connection" may be replaced with "access." As used in this disclosure, two elements may include one or more electrical wires, cables, and/or printed electrical connections, as well as in the radio frequency domain, as some non-limiting and non-inclusive examples. , electromagnetic energy having wavelengths in the microwave and optical (both visible and non-visible) ranges.
 本開示において使用する「に基づいて」という記載は、別段に明記されていない限り、「のみに基づいて」を意味しない。言い換えれば、「に基づいて」という記載は、「のみに基づいて」と「に少なくとも基づいて」の両方を意味する。 As used in this disclosure, the phrase "based on" does not mean "based solely on" unless explicitly stated otherwise. In other words, the phrase "based on" means both "based only on" and "based at least on."
 本開示において使用する「第1の」、「第2の」などの呼称を使用した要素へのいかなる参照も、それらの要素の量又は順序を全般的に限定しない。これらの呼称は、2つ以上の要素間を区別する便利な方法として本開示において使用され得る。したがって、第1及び第2の要素への参照は、2つの要素のみが採用され得ること、又は何らかの形で第1の要素が第2の要素に先行しなければならないことを意味しない。 As used in this disclosure, any reference to elements using the designations "first," "second," etc. does not generally limit the amount or order of those elements. These designations may be used in this disclosure as a convenient way to distinguish between two or more elements. Thus, reference to a first and second element does not imply that only two elements may be employed or that the first element must precede the second element in any way.
 本開示において、「含む(include)」、「含んでいる(including)」及びそれらの変形が使用されている場合、これらの用語は、用語「備える(comprising)」と同様に、包括的であることが意図される。さらに、本開示において使用されている用語「又は(or)」は、排他的論理和ではないことが意図される。 Where "include", "including" and variations thereof are used in this disclosure, these terms, like the term "comprising," are inclusive. It is intended that Furthermore, the term "or" as used in this disclosure is not intended to be exclusive or.
 本開示において、例えば、英語でのa, an及びtheのように、翻訳により冠詞が追加された場合、本開示は、これらの冠詞の後に続く名詞が複数形であることを含んでもよい。 In this disclosure, when articles are added by translation, such as a, an, and the in English, the present disclosure may include that the nouns following these articles are plural.
 本開示において、「AとBが異なる」という用語は、「AとBが互いに異なる」ことを意味してもよい。なお、当該用語は、「AとBがそれぞれCと異なる」ことを意味してもよい。「離れる」、「結合される」などの用語も、「異なる」と同様に解釈されてもよい。 In the present disclosure, the term "A and B are different" may mean "A and B are different from each other." Note that the term may also mean that "A and B are each different from C". Terms such as "separate" and "coupled" may also be interpreted similarly to "different."
 本開示の移動通信端末は、以下の構成を有する。
 [1]暗号資産の利用に用いられると共に、移動体通信に用いられる加入者情報を記憶する加入者認証モジュールを備えることが可能な移動通信端末であって、
 暗号資産の利用に用いられると共に秘匿されるべき秘匿情報が分割された複数の分割後情報を取得する取得部と、
 前記取得部によって取得された分割後情報の何れかを前記加入者認証モジュールに、分割後情報の何れかを前記加入者認証モジュール以外の自端末の記憶領域にそれぞれ記憶させる記憶部と、
 前記記憶部によって異なる記憶領域に記憶された複数の分割後情報から秘匿情報を生成して暗号資産の利用に用いる利用部と、
を備える移動通信端末。
 [2]前記記憶部は、分割後情報の何れかを、前記加入者認証モジュールによる移動体通信に係る移動体通信網上の装置に記憶させる[1]に記載の移動通信端末。
 [3]前記利用部は、生成した秘匿情報を暗号資産の利用に用いた後、破棄する[1]又は[2]に記載の移動通信端末。
 [4]前記取得部は、秘匿情報を取得して、取得した秘匿情報を複数の分割後情報に分割することで取得する[1]~[3]の何れかに記載の移動通信端末。 The mobile communication terminal of the present disclosure has the following configuration.
[1] A mobile communication terminal that is used for the use of cryptographic assets and can be equipped with a subscriber authentication module that stores subscriber information used for mobile communication,
an acquisition unit that acquires a plurality of pieces of divided information in which confidential information that is used for the use of cryptographic assets and is to be kept secret is divided;
a storage unit that stores any of the post-divided information acquired by the acquisition unit in the subscriber authentication module, and stores any of the post-divided information in a storage area of the own terminal other than the subscriber authentication module;
a usage unit that generates confidential information from a plurality of pieces of divided information stored in different storage areas by the storage unit and uses it for the use of the cryptographic asset;
A mobile communication terminal equipped with.
[2] The mobile communication terminal according to [1], wherein the storage unit stores any of the divided information in a device on a mobile communication network related to mobile communication by the subscriber authentication module.
[3] The mobile communication terminal according to [1] or [2], wherein the usage unit uses the generated confidential information for use of the cryptographic asset and then discards it.
[4] The mobile communication terminal according to any one of [1] to [3], wherein the acquisition unit acquires confidential information and divides the acquired confidential information into a plurality of divided information.
 10…スマートフォン、11…アプリケーション用記憶領域、12…取得部、13…記憶部、14…利用部、20…SIM、20a…セキュアエレメント、30…ウォレット管理サーバ、40…暗号資産による支払先のサーバ、1001…プロセッサ、1002…メモリ、1003…ストレージ、1004…通信装置、1005…入力装置、1006…出力装置、1007…バス。 10... Smartphone, 11... Storage area for application, 12... Acquisition unit, 13... Storage unit, 14... Usage unit, 20... SIM, 20a... Secure element, 30... Wallet management server, 40... Server for payment destination with crypto assets , 1001...processor, 1002...memory, 1003...storage, 1004...communication device, 1005...input device, 1006...output device, 1007...bus.

Claims (4)

  1.  暗号資産の利用に用いられると共に、移動体通信に用いられる加入者情報を記憶する加入者認証モジュールを備えることが可能な移動通信端末であって、
     暗号資産の利用に用いられると共に秘匿されるべき秘匿情報が分割された複数の分割後情報を取得する取得部と、
     前記取得部によって取得された分割後情報の何れかを前記加入者認証モジュールに、分割後情報の何れかを前記加入者認証モジュール以外の自端末の記憶領域にそれぞれ記憶させる記憶部と、
     前記記憶部によって異なる記憶領域に記憶された複数の分割後情報から秘匿情報を生成して暗号資産の利用に用いる利用部と、
    を備える移動通信端末。     A mobile communication terminal that is used for the use of crypto assets and can be equipped with a subscriber authentication module that stores subscriber information used for mobile communication,
    an acquisition unit that acquires a plurality of pieces of divided information in which confidential information that is used for the use of cryptographic assets and is to be kept secret is divided;
    a storage unit that stores any of the post-divided information acquired by the acquisition unit in the subscriber authentication module, and stores any of the post-divided information in a storage area of the own terminal other than the subscriber authentication module;
    a usage unit that generates confidential information from a plurality of pieces of divided information stored in different storage areas by the storage unit and uses it for the use of the cryptographic asset;
    A mobile communication terminal equipped with.
  2.  前記記憶部は、分割後情報の何れかを、前記加入者認証モジュールによる移動体通信に係る移動体通信網上の装置に記憶させる請求項1に記載の移動通信端末。 The mobile communication terminal according to claim 1, wherein the storage unit stores any of the divided information in a device on a mobile communication network related to mobile communication by the subscriber authentication module.
  3.  前記利用部は、生成した秘匿情報を暗号資産の利用に用いた後、破棄する請求項1に記載の移動通信端末。 The mobile communication terminal according to claim 1, wherein the utilization unit discards the generated confidential information after using it for the use of cryptographic assets.
  4.  前記取得部は、秘匿情報を取得して、取得した秘匿情報を複数の分割後情報に分割することで取得する請求項1に記載の移動通信端末。 The mobile communication terminal according to claim 1, wherein the acquisition unit acquires confidential information and acquires the acquired confidential information by dividing the acquired confidential information into a plurality of divided information.
PCT/JP2023/033881 2022-09-20 2023-09-19 Mobile communication apparatus WO2024063047A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022-148956 2022-09-20
JP2022148956 2022-09-20

Publications (1)

Publication Number Publication Date
WO2024063047A1 true WO2024063047A1 (en) 2024-03-28

Family

ID=90454555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/033881 WO2024063047A1 (en) 2022-09-20 2023-09-19 Mobile communication apparatus

Country Status (1)

Country Link
WO (1) WO2024063047A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005208841A (en) * 2004-01-21 2005-08-04 Ntt Data Corp Communication system, portable terminal and program
JP2010011109A (en) * 2008-06-27 2010-01-14 Kddi Corp Authentication unit, authentication terminal, authentication system, authentication method, and program
JP2020155911A (en) * 2019-03-20 2020-09-24 中西 威人 Electronic tally type storage method and operation system therefor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005208841A (en) * 2004-01-21 2005-08-04 Ntt Data Corp Communication system, portable terminal and program
JP2010011109A (en) * 2008-06-27 2010-01-14 Kddi Corp Authentication unit, authentication terminal, authentication system, authentication method, and program
JP2020155911A (en) * 2019-03-20 2020-09-24 中西 威人 Electronic tally type storage method and operation system therefor

Similar Documents

Publication Publication Date Title
US11669637B2 (en) Decentralized token table generation
CA2865148C (en) Multi-issuer secure element partition architecture for nfc enabled devices
EP2901392A1 (en) Securing personal identification numbers for mobile payment applications by combining with random components
CN105678192A (en) Smart card based secret key application method and application apparatus
US20210209574A1 (en) Security protection of association between a user device and a user
KR20210078437A (en) System, apparatus, and method for secure deduplication
EP3336790A1 (en) Payment authentication method and device for mobile terminal, and mobile terminal
JP2019054363A (en) Server device, secret dispersion management system and secret dispersion management device
JP2021090151A (en) Storage system and data protection method thereof
KR20180009271A (en) Apparatus and method for protecting file from encryption
WO2024063047A1 (en) Mobile communication apparatus
EP4035044A1 (en) System, method, and computer program product for secure key management
US11507958B1 (en) Trust-based security for transaction payments
US9853952B2 (en) Apparatus and method for encryption
JP7431098B2 (en) information processing equipment
JP7574158B2 (en) Terminal and authentication device
JP2014212420A (en) Authentication medium, authentication terminal, authentication system, and authentication method
US20230252476A1 (en) Computationally efficient theft detection
CN111079165B (en) Data processing method, data processing device, equipment and storage medium
CN107516026A (en) The method and its device of fingerprint recognition
US20170178088A1 (en) Performing a ticketing operation
US20230155827A1 (en) Encryption terminal, encryption management device, encrypted communication system, and method
CN115734215A (en) Key retrieving method, server and identification card

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23868168

Country of ref document: EP

Kind code of ref document: A1