JP4738785B2 - Information processing system and information processing apparatus - Google Patents

Description

The present invention relates to an information processing system and an information processing apparatus , and more particularly to an information processing system and an information processing apparatus that enable an encryption key to be transferred while ensuring security.

  In recent years, electronic money has been charged to a contactless IC chip such as FeliCa (registered trademark) embedded in a credit card or mobile phone, and the charged electronic money is used to pay for the purchase of the product. It is becoming popular.

  When paying the price, the user can quickly pay the price because the user simply holds his / her credit card or mobile phone over a terminal (reader / writer) installed in the store.

  Such an electronic money system has a configuration as shown in FIG. 1, for example.

  The server side of the electronic money system includes a server apparatus 1 and a SAM (Secure Application Module) 2, and the client side includes a client apparatus 3 and an R / W (reader / writer) 4. The server device 1 and the client device 3 are connected via a network 5.

  In the example of FIG. 1, the mobile phone 6 with the non-contact IC chip 13 built in is close to the R / W 4 on the client side, and is connected to the client device 3 via short-range communication using electromagnetic induction. ing.

  The server application 11 installed in the server device 1 communicates with the client application 12 installed in the client device 3 and generates a command (executed by the non-contact IC chip 13) in response to a request from the client application 12. Command) to be output to SAM2. Further, when an encrypted command is supplied from the SAM 2, the server application 11 transmits it to the client application 12 of the client device 3 via the network 5.

  The SAM 2 is a tamper-resistant device, and performs encryption processing and management of keys used in the encryption processing. The SAM 2 encrypts the command supplied from the server application 11 and outputs the encrypted command to the server application 11. The SAM 2 and the non-contact IC chip 13 have a common key, and encrypted communication is realized between the SAM 2 and the non-contact IC chip 13 by transmitting and receiving information encrypted with the key.

  The client application 12 of the client device 3 transmits a predetermined request to the server application 11 of the server device 1, and when a command is transmitted from the server application 11, the command is transmitted via the R / W 4 to the non-contact IC chip 13. To send and execute.

  The non-contact IC chip 13 decrypts the encryption applied to the command transmitted from the SAM 2 via the R / W 4 or the like and executes it. When the content of the command is rewriting of electronic money, this command includes information on the amount of money to be rewritten.

  For example, in the electronic money system having such a configuration, when paying for a product purchased by the user of the mobile phone 6 using the electronic money stored in the contactless IC chip 13, the client application 12 of the client device 3 is used. Is sent to the server application 11 of the server device 1, and a command for requesting the contactless IC chip 13 to read out the balance of the electronic money by the server application 11 that has received the request. Read command) is generated.

  The Read command generated by the server application 11 is encrypted by the SAM 2 and then contactless IC via the server application 11 of the server device 1, the network 5, the client application 12 of the client device 3, and the R / W 4. After being transmitted to the chip 13 and decoded by the non-contact IC chip 13, it is executed. The balance read by executing the Read command is encrypted by the non-contact IC chip 13, and then, as a response to the server application 11, the R / W 4, the client application 12 of the client device 3, the network 5 , And the server application 11 of the server device 1. In the SAM 2, the encryption applied to the balance transmitted from the non-contact IC chip 13 is decrypted, and the decrypted balance is transmitted to the server application 11.

  Accordingly, the server application 11 can check the current electronic money balance stored in the non-contact IC chip 13.

  When the balance is confirmed, the server application 11 of the server device 1 issues a command (Write command) for requesting the contactless IC chip 13 to rewrite the balance of electronic money (rewrite to the balance reduced by the price of the product). Generated.

  The write command generated by the server application 11 is encrypted by the SAM 2 and then the server application 11 of the server device 1, the network 5, and the client application 12 of the client device 3 in the same manner as the previously transmitted Read command. And is transmitted to the non-contact IC chip 13 via the R / W 4 and is decrypted in the non-contact IC chip 13 and then executed. This Write command includes information indicating how much the balance will be. As a result, the balance of electronic money stored in the non-contact IC chip 13 is reduced by the price of the product.

  For example, after processing such as a message notifying that the balance reduction has been completed is transmitted from the non-contact IC chip 13 to the server application 11, a series of processing ends. By such a series of processes, payment for the price of the product is realized.

  From the server-client system having such a configuration, the client device 3 is provided in addition to the payment of the price of the product as described above, for example, management of points issued by a store or ticket gate of a train station. If it is, payment of the boarding fee is realized. Also in the case of point management and boarding fee payment, basically the same processing as in the case of payment of the above-mentioned price is performed by each device in FIG.

A server-client system configured as shown in FIG. 1 is disclosed in Patent Document 1.
JP 2003-141063 A

  By the way, the encryption key for the non-contact IC chip managed in the SAM 2 (the key used when encrypting the command transmitted to the non-contact IC chip or decrypting the response transmitted from the non-contact IC chip). Only the server application that can use it by requesting it from SAM2, for example, can rewrite the information of electronic money, so it has the authority to access a specific area of a non-contact IC chip. Give. Further, it is used when a special process is executed in a non-contact IC chip, such as newly forming an area for storing certain information.

  Therefore, it is necessary to strictly manage the encryption key in order to prevent unauthorized use. If the encryption key is acquired by a malicious person, the balance of electronic money may be illegally rewritten.

  For this reason, it is desirable that the encryption key is not stored once in a tamper-resistant device such as SAM2 and then taken out from there, but this encryption key is the owner of the encryption key. However, it may be used not only by operators of systems using non-contact IC chips but also by other operators.

  For example, when sharing information of multiple services on one non-contact IC chip, or when giving a specific operator access to a storage area with a non-contact IC chip, the encryption key is given by a person other than the owner. In these cases, the encryption key is transferred from the SAM of one operator to the SAM of the other operator.

  In this case, as a matter of course, it is desirable for security that the encryption key is not exposed outside both SAMs. In addition, the encryption key is transferred from the business that has received the encryption key to a third-party business, such as being transferred to a person other than the business licensed by the original owner of the encryption key, It is desirable to prevent the transport encryption key from being used without the consent of the original owner.

  The present invention has been made in view of such circumstances, and enables an encryption key used for controlling an IC chip to be transported while ensuring security. Further, it is possible to prevent the encryption key from being transferred from the person who has received the transfer of the encryption key to another person.

  An information processing system of the present invention is connected to a first server device connected via a network to a client device that controls a reader / writer, and the first information processing device as a key information transfer source, and the client device And the second information processing apparatus connected to the second server apparatus connected via the network and serving as the transfer destination of the key information, the first information processing apparatus A common key corresponding to a key set in each area formed in the memory of the non-contact IC chip close to the reader / writer, and used for encryption of a command transmitted to the non-contact IC chip A plurality of the key information is stored, the identification information of each of the key information, and right information indicating whether or not the transfer of each of the key information is permitted Storage means for storing correspondence information associated with each other, the identification information of the key information to be transferred, and the secret provided by the second information processing device provided by the second information processing device An acquisition means for acquiring a public key corresponding to the key; and the right information of the key information identified by the identification information acquired by the acquisition means in the correspondence information stored in the storage means is transferred. If it represents permission, the key information to be transferred and the right information of the key information to be transferred are encrypted using the public key, and encrypted by the encryption processing means. Included in the correspondence information stored in the storage means and transfer means for transferring the transferred key information and the right information of the key information to be transferred to the second information processing apparatus. Control means for rewriting the right information of the key information to be transferred in the right information so as to indicate that transfer is not possible, and the second information processing apparatus includes the first information processing. Decryption processing means for decrypting the key information to be transported transferred from the apparatus and the right information of the key information to be transported using the secret key, and the key information for the transport target obtained by decryption And managing means for adding and managing the right information indicating that transfer to another apparatus is impossible.

  A first information processing apparatus according to the present invention is connected to a first server apparatus connected via a network with a client apparatus that controls a reader / writer, and the reader / writer is an information processing apparatus that is a key information transfer source. Is a common key corresponding to a key set in each area formed in the memory of the non-contact IC chip close to the plurality of keys, and is used for encrypting a command transmitted to the non-contact IC chip. Storage means for storing correspondence information in which the key information is stored and the identification information of each of the key information is associated with right information indicating whether or not the transfer of the key information is permitted; Connected to the identification information of the key information to be transferred and a second server device connected to the client device via the network, and serves as a transfer destination of the key information In the correspondence information stored in the storage means, the obtaining means for obtaining a public key corresponding to a secret key managed by the other information processing apparatus provided from the other information processing apparatus When the right information of the key information identified by the identification information acquired by the acquisition means indicates that transfer is permitted, the key information to be transferred and the right information of the key information to be transferred Encryption processing means for encrypting using the public key, the key information to be transferred encrypted by the encryption processing means, and the right information of the key information to be transferred to the other information processing This means that the right information of the key information to be transferred among the right information included in the correspondence information stored in the storage means and the transfer means for transferring to the device cannot be transferred. In the other information processing apparatus, the key information to be transferred transferred by the transfer means and the right information of the key information to be transferred are decrypted using the secret key. Then, the key information to be transferred obtained by decryption is managed by adding the right information indicating that transfer to another device is impossible.

The second information processing apparatus of the present invention is connected to a first server apparatus connected via a network to a client apparatus that controls a reader / writer, and the client apparatus in the information processing apparatus that is a destination of key information transfer And another information processing device that is connected to the second server device connected via the network and that is the source of the key information is formed in the memory of the non-contact IC chip close to the reader / writer A common key corresponding to a key set in each area, storing a plurality of pieces of key information used for encryption of a command transmitted to the contactless IC chip, and storing each of the key information Correspondence information in which identification information is associated with right information indicating whether or not transfer of each key information is permitted is stored, and the identification of the key information to be transferred is stored. And another information, the provided from the transfer destination to become the information processing apparatus of the key information to obtain a public key corresponding to the private key that is managed by the information processing apparatus as a transfer destination of the key information, When the right information of the key information identified by the identification information acquired in the stored correspondence information indicates that the transfer is permitted, the key information to be transferred and the key information to be transferred The information processing apparatus encrypts the right information of the key using the public key, and the encrypted key information of the transfer target and the right information of the key information of the transfer target serve as a transfer destination of the key information. The right information of the key information to be transferred among the right information included in the stored correspondence information is rewritten so as to indicate that transfer is impossible, and the other information Information processing equipment Decryption processing means for decrypting the key information to be transported transferred from the right information of the key information to be transported using the secret key, and the key information of the transport target obtained by decrypting And management means for adding and managing the right information indicating that transfer to another apparatus is impossible.

  According to the present invention, an encryption key can be transferred while ensuring security.

  Further, according to the present invention, it is possible to prevent the encryption key from being transferred from the person who has received the transfer of the encryption key to another person.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 2 is a block diagram showing a configuration example of a server-client system to which the present invention is applied.

  The server-client system shown in FIG. 2 has basically the same configuration as the electronic money system shown in FIG. The same components as those in FIG. 1 are denoted by the same reference numerals.

  In the example of FIG. 2, the server side includes server devices 1A and 1B and SAMs 2A and 2B connected to the server devices 1A and 1B, respectively. The client side includes a client device 3 and an R / W 4. The server device 1A and the client device 3, and the server device 1B and the client device 3 are connected via a network 5, respectively.

  In the example of FIG. 2, the mobile phone 6 incorporating the non-contact IC chip 13 is close to the R / W 4 on the client side, and is connected to the client device 3 via short-range communication using electromagnetic induction. It is connected.

  The server application 11A installed in the server apparatus 1A communicates with the client application 12 installed in the client apparatus 3, and generates a command (executed by the non-contact IC chip 13) in response to a request from the client application 12. Command) to be output to the SAM 2A. When the encrypted command is supplied from the SAM 2A, the server application 11A transmits it to the client application 12 via the network 5.

  Similarly, the server application 11B mounted on the server apparatus 1B communicates with the client application 12, outputs a command generated in response to a request from the client application 12 to the SAM 2B, and has been supplied from the SAM 2B. The encrypted command is transmitted to the client application 12.

  Services using the non-contact IC chip 13 are provided by the server apparatus 1A (server application 11A) and the server apparatus 1B (server application 11B). For example, the point service A managed by the business operator A is provided by the server device 1A, and the point service B managed by the business operator B is provided by the server device 1B.

  The SAM 2A is a tamper-resistant device, and performs encryption processing and management of keys used in the encryption processing. The SAM 2A encrypts the command (command to be executed by the non-contact IC chip 13 for realizing the point service A) supplied from the server application 11A, and outputs the encrypted command to the server application 11A.

  Similar to SAM 2A, SAM 2B has tamper resistance, and is a device that manages cryptographic processing and keys used in the cryptographic processing. The SAM 2B encrypts the command supplied from the server application 11B (command to be executed by the non-contact IC chip 13 for realizing the point service B), and outputs the encrypted command to the server application 11B.

  The client application 12 of the client apparatus 3 transmits a predetermined request to the server application 11A of the server apparatus 1A and the server application 11B of the server apparatus 1B, and also transmits the command transmitted from the server applications 11A and 11B via the R / W 4. Is transmitted to the non-contact IC chip 13 and executed.

  The non-contact IC chip 13 has a memory, and stores information on points issued from the business operators A and B therein. When a command is transmitted from the SAM 2A or 2B via the R / W 4 or the like, the non-contact IC chip 13 decrypts the applied encryption and executes the command. When the content of the command is a point update (rewrite), the command includes information on the amount to be rewritten.

  Here, a region formed in the non-contact IC chip 13 (memory of the non-contact IC chip 13) will be described.

  The areas formed in the non-contact IC chip 13 include, for example, three conceptual areas of system, area, and service, and each area is hierarchically formed in that order. That is, one or more areas are formed in the system, and one or more services are formed in each area. For example, information on points issued from the operator A and information on points issued from the operator B are stored in different services.

  A key is set in each area formed in the non-contact IC chip 13, and only the SAM having a key (corresponding key) common to the key of the non-contact IC chip 13 is included in the non-contact IC chip 13. Each area can be accessed (a command can be executed to write information in each area).

  For example, the SAM 2A in FIG. 2 has a key that is the same as the key set for the service of the contactless IC chip 13 in which the information on the points issued by the operator A is stored. As a result, the SAM 2A can read or rewrite the point information issued by the operator A.

  In addition, the SAM 2B has a key that is the same as the key set for the service of the contactless IC chip 13 in which the information on the points issued by the operator B is stored. As a result, the SAM 2B can read or rewrite the information on the points issued by the operator B.

  As described above, since the information stored in the non-contact IC chip 13 cannot be accessed without the key, the key gives the authority to access the information stored in the non-contact IC chip 13. It can be said that.

  In the communication system having the above-described configuration, for example, as shown in FIG. 3, the case where the encryption key A-2 (area 1 encryption key) of the SAM 2A is transferred to the SAM 2B is considered. This is performed when the SAM 2B can access the area 1 of the non-contact IC chip 13. When the SAM 2B can access the area 1, the SAM 2B can newly form a service in the area 1 of the non-contact IC chip 13 and store the information of the points issued by the business operator B.

  As will be described later, the key to be transferred is encrypted and transferred by the SAM 2A, which is the transfer source device, using a public key corresponding to the secret key managed by the SAM 2B, which is the transfer destination device.

  In the example of FIG. 3, a correspondence table indicating correspondence between areas of the non-contact IC chip 13 and encryption keys necessary for accessing the respective areas is managed by the SAMs 2A and 2B.

  The correspondence table managed by the SAM 2A indicates that the encryption key for accessing the system 0 is the encryption key A-1, and the encryption key for accessing the area 1 is the encryption key A-2. ing. Also, it is shown that the encryption key for accessing the service 1 is the encryption key A-3, and the encryption key for accessing the service 2 is the encryption key A-4.

  Similarly, in the correspondence table managed by the SAM 2B, the encryption key for accessing the system 1 is the encryption key B-1, and the encryption key for accessing the area 2 is the encryption key B-2. It is shown. It is also shown that the encryption key for accessing the service 3 is the encryption key B-3.

  In the correspondence table managed by the SAMs 2A and 2B, right information indicating whether the transfer of each encryption key is permitted is also described. A series of processing of the SAMs 2A and 2B for realizing key transfer will be described later with reference to a flowchart.

  FIG. 4 is a block diagram illustrating a hardware configuration example of the SAM 2A of FIG.

  A CPU (Central Processing Unit) 31 executes various processes according to a program stored in a ROM (Read Only Memory) 32 or a program loaded from a storage unit 37 to a RAM (Random Access Memory) 33. The RAM 33 also stores data necessary for the CPU 31 to execute various processes as appropriate.

  The CPU 31, ROM 32, and RAM 33 are connected to each other via a bus 34. An input / output interface 35 is also connected to the bus 34.

  Connected to the input / output interface 35 are an input unit 36 such as a keyboard and a mouse, a storage unit 37 configured by a hard disk, and a communication unit 38 that performs communication processing with the server apparatus 1A. The storage unit 37 stores key information and the like in addition to the correspondence table of FIG.

  A drive 39 is also connected to the input / output interface 35 as necessary. A removable medium 40 including a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is appropriately installed in the drive 39, and a computer program read therefrom is installed in the storage unit 37 as necessary.

  The SAM 2B has the same configuration as that of the SAM 2A as shown in FIG. In the following, the configuration of FIG. 4 will be described with reference to the configuration of the SAM 2B as appropriate.

  FIG. 5 is a block diagram illustrating a functional configuration example of the SAM 2A.

  At least a part of the functional units of the SAM 2A shown in FIG. 5 is realized by executing a predetermined program by the CPU 31 of FIG.

  The SAM 2A includes a selection device 51 and encryption processing logic 52. For example, the selection device 51 selects an encryption key identified by the encryption key identification information input by the administrator of the SAM 2A by operating the input unit 36 with reference to the correspondence table, and selects the selected encryption key The information (“Yes”) is output to the cryptographic processing logic 52.

  In the correspondence table in FIG. 5 referred to by the selection device 51, in addition to the correspondence between the encryption key identification information and the encryption key as in the correspondence table in FIG. 3, the right indicating whether or not the transfer of each encryption key is permitted. Information is set. When the setting of the right information is “Yes”, it indicates that the key can be transferred, and when it is “No”, it indicates that the key cannot be transferred.

  The selection device 51 outputs the encryption key specified by the encryption key identification information to the encryption processing logic 52 only when the right information is “present”, and prohibits it when it is “none”. . For example, the right information of the encryption key selected as the transfer target and output to the encryption processing logic 52 is rewritten to “None”, and further transfer is impossible.

  For example, when “area 1” is input as the encryption key identification information, the selection device 51 refers to the correspondence table, selects the encryption key A-2 corresponding to “area 1”, and selects the selected encryption key. A-2 is output to the cryptographic processing logic 52.

  The encryption processing logic 52 encrypts the encryption key and the right information supplied from the selection device 51 using the public key P provided by the SAM 2B that is the device to which the encryption key is transferred, and the encrypted encryption key And transfer information M including right information.

  For the cryptographic processing logic 52 (SAM2A), for example, the public key P is input offline via the removable medium 40 by the administrator of the SAM2A. This public key P corresponds to the secret key S (FIG. 6) managed by the SAM 2B. Note that the public key P may be supplied from the SAM 2B to the SAM 2A online via a network.

  The transfer information M output from the cryptographic processing logic 52 is provided to the SAM 2B, which is the encryption key transfer destination apparatus, offline via the removable medium 40 or online via the network.

  6 and 7 are block diagrams illustrating an example of the functional configuration of the SAM 2B. At least a part of the functional units of the SAM 2B shown in FIGS. 6 and 7 is realized by executing a predetermined program by the CPU 31 of the SAM 2B.

  The public key generation logic 61 in FIG. 6 is implemented in the SAM 2B before the encryption key is transferred from the SAM 2A (before the transfer information M is transmitted). For example, the public key generation logic 61 generates a secret key S and a public key P that is a key corresponding to the secret key S in response to an instruction from the administrator of the SAM 2B, and outputs only the generated public key P. The public key P output from the public key generation logic 61 is provided, for example, to the SAM 2A, which is the encryption key transfer source device, via the removable medium 40. On the other hand, the private key S cannot be taken out and managed only in the SAM 2B.

  If the public key P and the private key S have already been generated before the instruction from the administrator, the public key P and the private key S are newly generated, or the generated public key P and the private key are generated. The administrator may be able to select whether to use S as it is.

  The decryption processing logic 62 and the setting device 63 in FIG. 7 are realized in the SAM 2B when the transfer information M is transmitted from the SAM 2A. When the decryption processing logic 62 is supplied with the transfer information M (the encryption key (for example, the encryption key A-2) and the right information encrypted with the public key P) offline or online from the SAM 2A, The transport information M is decrypted using the secret key S, and the transport target encryption key and right information obtained by decryption are output to the setting device 63.

  The setting device 63 registers the encryption key supplied from the decryption processing logic 62 in the correspondence table, and stores it in the storage unit 37 together with encryption keys (encryption keys B-1 to B-3) managed by itself. To do.

  As a result, the encryption key A-2 to be transferred is handled in the same manner as other encryption keys managed in advance, and the SAM 2B uses the encryption key A-2 in the same way as other encryption keys. it can.

  As shown in FIG. 7, in the correspondence table managed by the SAM 2B, the right information of the encryption key A-2 transferred from the SAM 2A is “None” indicating that the subsequent transfer is impossible. Is set. As a result, the encryption key A-2 is transferred from the SAM 2B to another SAM, and the encryption key A- is arbitrarily obtained by a third party without the permission of the administrator of the SAM 2A who is the original owner of the encryption key A-2. 2 can be prevented from being used.

  Next, a series of processing for transferring the encryption key from SAM 2A to SAM 2B will be described.

  First, the processing of the SAM 2A for transferring the encryption key will be described with reference to the flowchart of FIG.

  In step S1, the selection device 51 of the SAM 2A acquires, for example, encryption key identification information input by an administrator of the SAM 2A.

  In step S2, the cryptographic processing logic 52 acquires the public key P that has been provided offline or online from the SAM 2B that is the encryption key transfer destination device.

  In step S3, the selection device 51 refers to the correspondence table, selects an encryption key identified by the encryption key identification information, proceeds to step S4, and whether or not the transfer of the selected encryption key is permitted, that is, Then, it is determined whether or not the right information setting is “present”.

  If the selection device 51 determines in step S4 that the setting of the right information of the encryption key selected in step S3 is not “present” (“not present”), the selection device 51 proceeds to step S5 and is provided in the SAM 2A. An error message notifying that transfer cannot be performed is output on a display (not shown). Thereafter, the process is terminated.

  On the other hand, if it is determined in step S4 that the setting of the right information of the encryption key selected in step S3 is “Yes”, the selection device 51 proceeds to step S6 and reads the selected encryption key from the storage unit 37. get.

  In step S7, the selection device 51 rewrites the setting of the right information of the encryption key read from the storage unit 37 to “None”, and disables further transfer. The encryption key acquired by the selection device 51 is output to the encryption processing logic 52 together with the rights information as an encryption key to be transferred.

  In step S8, the encryption processing logic 52 encrypts the encryption key and the right information supplied from the selection device 51 using the public key P acquired in step S2, and proceeds to step S9, where the encrypted encryption key is encrypted. And transfer information M including right information.

  The transfer information M output from the cryptographic processing logic 52 is provided to the SAM 2B, which is the key transfer destination device, offline via the removable medium 40 or online via the network.

  Next, processing of the SAM 2B for acquiring the encryption key will be described with reference to the flowchart of FIG.

  In step S21, the public key generation logic 61 (FIG. 6) generates a public key P based on the secret key S, and provides the generated public key P to the SAM 2A. In response to the provision of the public key P from the SAM 2B to the SAM 2A, the transport information M including the encryption key to be transported encrypted by the public key P is transmitted from the SAM 2A offline or online.

  In step S22, the decryption processing logic 62 (FIG. 7) determines whether or not the transfer information M has been transmitted, and waits until it is transmitted. When the decryption processing logic 62 determines in step S22 that the transport information M has been transmitted, the decryption processing logic 62 proceeds to step S23.

  In step S <b> 23, the decryption processing logic 62 of the SAM 2 </ b> B decrypts the transport information M transmitted from the SAM 2 </ b> A using the secret key S, and outputs the encryption key and right information obtained by decryption to the setting device 63.

  In step S24, the setting device 63 registers the encryption key supplied from the decryption processing logic 62 in the correspondence table, and stores it in the storage unit 37 together with the encryption key managed by itself. Further, the setting device 63 sets the right information of the transferred encryption key as “None” indicating that the subsequent transfer is impossible, and ends the processing.

  Through the series of processes described above, the encryption key can be transferred from the SAM 2A to the SAM 2B while ensuring security. Further, the transferred encryption key is prevented from being transferred from the SAM 2B to another SAM.

  In the above processing, the case where the information to be transferred is only the encryption key and the right information has been described. For example, various other types of information that have been managed by the SAM 2A that is the encryption key transfer source device have been described. Information may be transferred. In this case, transfer information M is generated based on all information to be transferred, and transferred to SAM 2B, which is a transfer destination device.

  In the above description, the transfer information M is generated from one encryption key and its right information. However, the transfer information M may be generated from a plurality of encryption keys and their right information. Good. Thereby, a plurality of encryption keys can be transferred simultaneously.

  Next, another encryption key transfer method performed between SAM2A and SAM2B will be described.

  FIG. 10 is a block diagram showing another functional configuration example of SAM 2A and SAM 2B. As shown by the white arrow in FIG. 10, the case where the encryption key is transferred from SAM 2A to SAM 2B is also considered here.

  In the example of FIG. 10, the SAM 2A includes a key management system 101, a security module 102, a key management unit 103, a key DB (Data Base) 104, and an access control unit 105, and the SAM 2B includes a key management system 111, security The module 112 includes a key management unit 113, a key DB 114, and an access control unit 115.

  The SAM 2A key management system 101 communicates with the SAM 2B key management system 111 via a network, and outputs the public key transmitted from the key management system 111 to the security module 102, for example.

  The security module 102 generates the encryption key, encrypts the newly generated encryption key using the public key corresponding to the secret key managed by the SAM 2B, and newly generates the encryption key to be transferred. Manages encryption processing such as encryption using encryption keys.

  The key management unit 103 manages the encryption key stored in the key DB 104 and outputs the encryption key to be transferred to the security module 102.

  The access control unit 105 controls access of the key management system 101 to the security module 102 as necessary.

  The SAM 2B key management system 111 communicates with the SAM 2A key management system 101 and outputs the cryptographic information transmitted from the key management system 101 to the security module 112. As will be described later, this encryption information is generated by the security module 102 and the result obtained by encrypting the encryption key generated by the security module 102 of the SAM 2A using the public key provided by the key management system 111. The result obtained by encrypting the encryption key to be transferred using the encryption key is included.

  The security module 112 decrypts the cryptographic information supplied from the key management system 111 by using a secret key managed by itself, and the cryptographic key obtained by the decryption (generated by the security module 102 of the SAM 2A). Encryption processing, such as processing for decrypting the encryption key to be transferred, is managed.

  The key management unit 113 manages the encryption key stored in the key DB 114 and stores the transferred encryption key in the key DB 114.

  The access control unit 115 controls access of the key management system 111 to the security module 112 as necessary.

  In FIG. 10, the security module 102 is mounted outside the key management system 101. However, as shown in FIG. 11, it can be mounted inside the security module 102.

  Here, with reference to FIG. 12, the encryption key used when transferring the encryption key from SAM 2A to SAM 2B in FIG. 10 and the encryption processing performed using the encryption key will be described.

As shown in the upper part of FIG. 12, in the SAM 2A, which is the encryption key transfer source device, a new encryption key K _db is generated in response to a request from the SAM 2B, and the generated encryption key K _db is generated from the SAM 2B. It is encrypted with the supplied public key PkB. As a result, the encryption information E _db that is the encryption result of the encryption key K _db by the public key PkB (E (PkB, K _db ) if the result of encrypting the information B with the key A is represented by E (A, B)) Is obtained.

In addition, the encryption key Key to be transferred is encrypted using the generated encryption key K _db, and encryption information E _Key (E (K _db , Key)) as an encryption result is obtained. The encrypted information E _db and the encrypted information E _Key obtained by the encryption are transmitted to the SAM 2B that is the transfer destination device.

On the other hand, as shown in the lower part of FIG. 12, in the SAM 2B that is the encryption key transfer destination device, the encryption information E _db transmitted from the SAM 2A is decrypted by using the secret key SkB managed by the SAM 2B. The encryption key K _db (the encryption key generated by the SAM 2A) is obtained.

Further, by using the encryption key K _db obtained by the decryption, the encryption information E _Key that has been transmitted is decoded from SAM2A, the encryption key Key transfer target is obtained. The obtained encryption key Key is stored in the key DB 114 of the SAM 2B, thereby realizing the transfer of the encryption key Key.

  Here, a series of processes of SAM 2A and SAM 2B for transferring the encryption key will be described with reference to the flowcharts of FIGS.

First, processing (processing shown in the upper part of FIG. 12) until encryption information E _db and encryption information E _Key are transmitted from SAM 2A to SAM 2B will be described with reference to the flowchart of FIG.

  In step S101, the SAM2B key management system 111 that is the encryption key transfer destination device transmits a key transfer request document for requesting the encryption key transfer to the SAM2A key management system 101 that is the transfer source device. A certificate CertB issued by the system B (key management system 111) is added to this request form.

  In step S111, the SAM2A key management system 101 receives the key transfer request document and the certificate CertB transmitted from the SAM2B key management system 111. If the management is performed by the security module 102, the security module 102 is made to verify the received certificate CertB (step S131).

  In step S112, when the validity of the certificate CertB is verified, the key management system 101 acquires the public key PkB corresponding to the secret key SkB managed by the SAM 2B (security module 112).

  In step S113, the key management system 101 outputs a key transfer request document to the access control unit 105, and confirms whether or not the transfer of the encryption key requested by the SAM 2B is permitted.

  In step S121, the access control unit 105 receives the key transfer request document supplied from the key management system 101, proceeds to step S122, and confirms whether or not the requested transfer of the encryption key is permitted. The access control unit 105 manages information such as the above-described right information (for example, FIG. 5), and confirms whether transfer is permitted based on the setting.

  In step S123, the access control unit 105 outputs the transfer permission confirmation result to the key management system 101.

  In step S114, the key management system 101 receives the confirmation result from the access control unit 105, and if the transfer is permitted, performs the subsequent processing. The confirmation of whether or not this transfer is permitted (the processing of steps S113 and S114 by the key management system 101 and the processing of steps S121 to S123 by the access control unit 105) is performed only when necessary for operation. It may be performed.

  In step S115, the key management system 101 requests the security module 102 to transfer the encryption key, and outputs the public key PkB acquired in step S112 to the security module 102. The request to the security module 102 includes encryption key identification information of an encryption key that indicates which encryption key is to be transferred.

  In step S132, the security module 102 receives the request from the key management system 101 and the public key PkB, proceeds to step S133, and requests the key management unit 103 to acquire an encryption key to be transferred.

  In step S141, the key management unit 103 receives a request from the security module 102, proceeds to step S142, and acquires an encryption key Key that is an encryption key to be transferred. In step S143, the key management unit 103 outputs the acquired encryption key Key to the security module 102.

  In step S134, the security module 102 receives the encryption key Key supplied from the key management unit 103, and proceeds to step S135.

In step S <b> 135, the security module 102 generates an encryption key K _db used for the current transfer, and encrypts the generated encryption key K _db with the public key PkB supplied from the key management system 101. Thereby, the encryption information _{Edb of} FIG. 12 is obtained.

In step S135, the security module 102 encrypts the encryption key Key to be transferred using the generated encryption key _Kdb . Thereby, the encryption information E _{Key of} FIG. 12 is obtained. The encryption information E _db and encryption information E _Key obtained by encryption are output from the security module 102 to the key management system 101 in step S136.

In step S116, the key management system 101 receives the encryption information E _db and the encryption information E _Key supplied from the security module 102, proceeds to step S117, and transmits them to the key management system 111 of the SAM 2B. The transmitted encryption information E _db and encryption information E _Key are received by the key management system 111 of the SAM 2B in step S102, and the process ends.

  Next, processing (processing shown in the lower part of FIG. 12) performed following the processing of FIG. 13 will be described with reference to the flowchart of FIG.

In step S151, the key management system 101 of SAM2A transmits the encrypted information E _db and encryption information E _{Key Canada} in the key management system 111 of SAM2B. This process corresponds to the process in step S117 of FIG.

In step S161, the key management system 111 of the SAM 2B receives the encryption information E _db and the encryption information E _Key transmitted from the key management system 101 of the SAM 2A. This process corresponds to the process in step S102 of FIG.

  In step S162, the key management system 111 outputs to the access control unit 115 the same key transfer request document that was transmitted to the key management system 101 of the SAM 2A, and whether or not it is permitted to receive the transfer of the encryption key. Ask for confirmation.

  In step S171, the access control unit 115 receives the key transfer request document supplied from the key management system 111, proceeds to step S172, and confirms whether or not it is permitted to receive the encryption key transfer. In step S <b> 173, the access control unit 115 outputs a confirmation result as to whether or not the transfer is permitted to the key management system 111.

  In step S163, the key management system 111 receives the confirmation result from the access control unit 115, and performs the subsequent processing if it is permitted to receive the transfer. It is to be noted that confirmation of whether or not this transfer is permitted (the processing of steps S162 and S163 by the key management system 111 and the processing of steps S171 to S173 by the access control unit 115) is necessary for operation. It may be performed only in cases.

In step S164, the key management system 111 outputs the encryption information E _db and the encryption information E _Key to the security module 112.

In step S181, the security module 112 receives the encryption information E _db and the encryption information E _Key transmitted from the key management system 111, and proceeds to step S182.

In step S182, the security module 112 decrypts the encryption information E _db using the secret key SkB, and acquires the encryption key K _db (the encryption key generated by the SAM 2A). The security module 112 decrypts the encrypted information E _Key sent from SAM2A using an encryption key K _db obtained by decoding, to obtain the encryption key Key transfer target.

  In step S183, the security module 112 outputs the encryption key Key to the key management unit 113 and requests storage of the encryption key Key.

  In step S191, the key management unit 113 receives the encryption key Key supplied from the security module 112, proceeds to step S192, and stores it in the key DB 114. Thereby, the transfer of the encryption key Key is realized.

  When the encryption key Key is stored in the key DB 114, the key management unit 113 outputs a storage result indicating that the storage of the encryption key is completed to the security module 112 in step S193.

  In step S184, the security module 112 receives the storage result supplied from the key management unit 113, proceeds to step S185, and outputs it to the key management system 111.

  In step S165, the key management system 111 receives the storage result supplied from the security module 112, proceeds to step S166, and transmits it to the key management system 101 of the SAM 2A.

  In step S152, the SAM2A key management system 101 receives the storage result transmitted from the SAM2B key management system 111, and ends the processing.

  With the series of processes described above, the encryption key can be transferred while ensuring security.

  The series of processes described above can be executed by hardware, but can also be executed by software.

  When a series of processing is executed by software, a program constituting the software may execute various functions by installing a computer incorporated in dedicated hardware or various programs. For example, it is installed from a network or a recording medium into a general-purpose personal computer or the like.

  As shown in FIG. 4, the recording medium is distributed to provide a program to the user separately from the apparatus main body, and includes a magnetic disk (including a flexible disk) on which the program is recorded, an optical disk (CD- ROM (Compact Disk-Read Only Memory), DVD (including Digital Versatile Disk)), magneto-optical disk (including MD (registered trademark) (Mini-Disk)), or removable media 40 made of semiconductor memory, etc. In addition, it is configured by a ROM 32 in which a program is recorded and a hard disk included in the storage unit 37 provided to the user in a state of being incorporated in the apparatus main body in advance.

  In the present specification, each step includes not only processing performed in time series according to the described order but also processing executed in parallel or individually, although not necessarily performed in time series.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

It is a block diagram which shows the structural example of the conventional electronic money system. It is a block diagram which shows the structural example of the server client system to which this invention is applied. It is a figure which shows the example of transfer of an encryption key. It is a block diagram which shows the hardware structural example of SAM2A. It is a block diagram which shows the function structural example of SAM2A. It is a block diagram which shows the function structural example of SAM2B. It is a block diagram which shows the other function structural example of SAM2B. It is a flowchart explaining the encryption key transfer process of SAM2A. It is a flowchart explaining the encryption key acquisition process of SAM2B. It is a figure which shows the other example of transfer of an encryption key. It is a block diagram which shows the structural example of SAM. It is a figure which shows the other example of transfer of an encryption key. FIG. 11 is a flowchart for explaining processing of SAM 2A and SAM 2B of FIG. FIG. 14 is a flowchart following FIG. 13 for explaining the processing of SAM 2A and SAM 2B of FIG.

Explanation of symbols

  1A, 1B server device, 2A, 2B SAM, 3 client device, 4 R / W, 5 network, 6 mobile phone, 11A, 11B server application, 12 client application, 13 contactless IC chip, 51 selection device, 52 cryptographic processing Logic, 61 public key generation logic, 62 decryption processing logic, 63 setting device, 101 key management system, 102 security module, 103 key management unit, 104 key DB, 105 access control unit, 111 key management system, 112 security module, 113 Key management unit, 114 key DB, 115 access control unit

Claims (3)

Connected to a first server device connected via a network to a client device that controls a reader / writer, and connected to the first information processing device serving as a key information transfer source, and the client device via the network. An information processing system including a second information processing apparatus connected to the second server apparatus and serving as a transfer destination of the key information,
The first information processing apparatus includes:
A common key corresponding to a key set in each area formed in a memory of a non-contact IC chip close to the reader / writer, and used for encryption of a command transmitted to the non-contact IC chip A plurality of pieces of key information, and correspondence information in which identification information of each of the key information is associated with right information indicating whether transfer of the key information is permitted or not is stored. Means,
Obtaining means for obtaining the identification information of the key information to be transferred and a public key provided from the second information processing apparatus and corresponding to a secret key managed by the second information processing apparatus; ,
When the right information of the key information identified by the identification information acquired by the acquisition means in the correspondence information stored in the storage means indicates that the transfer is permitted, the key to be transferred Encryption processing means for encrypting information and the right information of the key information to be transferred using the public key;
Transfer means for transferring the key information to be transferred encrypted by the encryption processing means and the right information of the key information to be transferred to the second information processing apparatus;
Control means for rewriting the right information of the key information to be transferred among the right information included in the correspondence information stored in the storage means so as to indicate that transfer is impossible, and
The second information processing apparatus
Decryption processing means for decrypting, using the secret key, the key information to be transferred and the right information of the key information to be transferred transferred from the first information processing apparatus;
An information processing system comprising: management means for adding and managing the right information indicating that the transfer target key information obtained by decryption cannot be transferred to another device. In an information processing apparatus connected to a first server apparatus connected via a network with a client apparatus that controls a reader / writer,
A common key corresponding to a key set in each area formed in a memory of a non-contact IC chip close to the reader / writer, and used for encryption of a command transmitted to the non-contact IC chip A plurality of pieces of key information, and correspondence information in which identification information of each of the key information is associated with right information indicating whether transfer of the key information is permitted or not is stored. Means,
The identification information of the key information to be transferred, and provided from another information processing apparatus that is connected to the second server apparatus connected to the client apparatus via the network and serves as a transfer destination of the key information Obtaining means for obtaining a public key corresponding to a secret key managed by the other information processing apparatus;
When the right information of the key information identified by the identification information acquired by the acquisition means in the correspondence information stored in the storage means indicates that the transfer is permitted, the key to be transferred Encryption processing means for encrypting information and the right information of the key information to be transferred using the public key;
Transfer means for transferring the key information to be transferred encrypted by the encryption processing means and the right information of the key information to be transferred to the other information processing apparatus;
Control means for rewriting the right information of the key information to be transferred among the right information included in the correspondence information stored in the storage means so as to indicate that transfer is impossible, and
In the other information processing apparatus, the key information of the transfer target transferred by the transfer means and the right information of the key information of the transfer target are decrypted using the secret key and obtained by decryption An information processing apparatus in which the key information to be transferred is managed by adding the right information indicating that transfer to another apparatus is impossible. In an information processing apparatus connected to a first server apparatus connected via a network to a client apparatus that controls a reader / writer,
The other information processing apparatus connected to the second server apparatus connected to the client apparatus via the network and serving as a transfer source of the key information is stored in the memory of the non-contact IC chip close to the reader / writer. It is a common key corresponding to a key set in each formed area, and stores a plurality of pieces of key information used for encryption of commands transmitted to the non-contact IC chip, and Storing correspondence information in which identification information of key information is associated with right information indicating whether or not each key information is permitted to be transferred, the identification information of the key information to be transferred, and the key provided from the information processing apparatus serving as a transfer destination of the information, it obtains a public key corresponding to the private key that is managed by the information processing apparatus as a transfer destination of the key information, remember When the right information of the key information identified by the identification information acquired in the correspondence information represents that the transfer is permitted, the key information to be transferred and the right of the key information to be transferred Information is encrypted using the public key, and the encrypted key information to be transferred and the right information of the key information to be transferred are transferred to the information processing apparatus to which the key information is transferred. A device that rewrites the right information of the key information to be transferred among the right information included in the stored correspondence information so as to indicate that transfer is impossible,
Decryption processing means for decrypting the key information to be transferred transferred from the other information processing apparatus and the right information of the key information to be transferred using the secret key;
An information processing apparatus comprising: management means for adding and managing the right information indicating that the transfer target key information obtained by decryption cannot be transferred to another apparatus.

Images