[go: up one dir, main page]

WO2025163752A1 - Information processing device, terminal, communication system, communication method, and program - Google Patents

Information processing device, terminal, communication system, communication method, and program

Info

Publication number
WO2025163752A1
WO2025163752A1 PCT/JP2024/002887 JP2024002887W WO2025163752A1 WO 2025163752 A1 WO2025163752 A1 WO 2025163752A1 JP 2024002887 W JP2024002887 W JP 2024002887W WO 2025163752 A1 WO2025163752 A1 WO 2025163752A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
physical security
key
security environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2024/002887
Other languages
French (fr)
Japanese (ja)
Inventor
浩明 前田
直樹 肥後
存史 松本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
NTT Inc USA
Original Assignee
Nippon Telegraph and Telephone Corp
NTT Inc USA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp, NTT Inc USA filed Critical Nippon Telegraph and Telephone Corp
Priority to PCT/JP2024/002887 priority Critical patent/WO2025163752A1/en
Publication of WO2025163752A1 publication Critical patent/WO2025163752A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present invention relates to digital identity wallets.
  • Non-Patent Documents 1 and 2 Self-sovereign identity (SSI) technology is being considered, which allows users to manage their own identifiers and identities and control who receives them, without relying on a centralized identity provider (IdP) (Non-Patent Documents 1 and 2).
  • IdP centralized identity provider
  • Holders such as users who manage/hold their own digital identity data (ID); Issuers, who certify attribute information, qualifications, etc. for users and issue attribute/qualification certificates (e.g., VCs); and Verifiers, who verify the Holder's attributes, qualifications, etc. by requesting and receiving attribute/qualification certificates containing the user's identity information necessary to provide services from the Holder, and make decisions about providing services.
  • ID digital identity data
  • Issuers who certify attribute information, qualifications, etc. for users and issue attribute/qualification certificates
  • Verifiers who verify the Holder's attributes, qualifications, etc. by requesting and receiving attribute/qualification certificates containing the user's identity information necessary to provide services from the Holder, and make decisions about providing services.
  • DIW digital identity wallet
  • UE user's operating terminal
  • cloud wallets that are provided on a platform hosted by a cloud service provider or similar.
  • Using a cloud-based DIW reduces the effort required for users to properly manage their own devices that host ID data and its processing functions (programs, etc.). It also reduces the risk of ID data being accessed externally due to factors such as loss of the user device or inadequate security settings.
  • the present invention was made in consideration of the above points, and aims to provide technology for realizing a cloud wallet that reduces the risk of attacks and fraud from administrators and improves users' privacy and self-sovereignty.
  • An information processing device comprising: a communication unit that transmits to a terminal a message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.
  • the disclosed technology provides a technology for realizing a cloud wallet that reduces the risk of attacks and fraud from administrators and improves user privacy and self-sovereignty.
  • FIG. 1 is a diagram for explaining an overview of an embodiment.
  • 1 is a configuration diagram of a communication system according to an embodiment of the present invention.
  • 3 is a diagram showing a specific example of data stored in a user data DB 230.
  • FIG. 1 is a configuration diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating an example of the configuration of ID data.
  • 1 is a configuration diagram of a communication system according to an embodiment of the present invention.
  • FIG. 2 illustrates an example of a hardware configuration of the apparatus.
  • A/B means “A or B.” Furthermore, in the following explanation, unless otherwise clearly indicated from the context, “A/B” means “A or B.” Furthermore, “A or B” includes A only, B only, and “A and B.”
  • a cloud-based digital identity wallet with improved user privacy and self-sovereignty is realized by providing protection through a physical security environment such as a TEE in a cloud wallet infrastructure (which may also be called a cloud wallet system), and by making the protection status verifiable by the user. Specific technologies for realizing this will be explained below.
  • a user terminal 100 (which may also be referred to as a UE) and a cloud wallet infrastructure 200 are provided.
  • the cloud wallet infrastructure 200 is provided on the cloud, and the user terminal 100 is able to communicate with the cloud wallet infrastructure 200 via a communication network.
  • the user terminal 100 accesses the cloud wallet platform 200 to obtain, for example, ID data to be presented to SSI-based services.
  • the user terminal 100 can also securely store, for example, ID data that it has created itself in the cloud wallet platform 200.
  • the cloud wallet infrastructure 200 has a physical security environment (e.g., HSM, TEE, etc.).
  • HSM and TEE are existing technologies, with HSM disclosed in “https://link.springer.com/chapter/10.1007/978-3-031-33386-6_16” and TEE disclosed in “Introduction-to-Trusted-Execution-Environment-15 May2018.pdf (globalplatform.org).”
  • a wallet application runs within the physical security environment.
  • the wallet application performs processing using ID data or key data within the physical security environment. Details of the configuration and operation of the cloud wallet platform 200 will be described later.
  • “user” refers not only to a person, but also to devices such as terminals used by the user, unless the context clearly indicates that it refers to a person.
  • “app” is an abbreviation for "application.”
  • FIG. 2 shows an example of the configuration of a communication system according to this embodiment.
  • this communication system includes a user terminal 100, a cloud wallet platform 200, and an external service 500.
  • the external service 500 is a device/system equivalent to an issuer/verifier, etc.
  • the user terminal 100 may also be called a "terminal”
  • the cloud wallet platform 200 may also be called a "cloud wallet system” or an "information processing device.”
  • the user terminal 100 has a wallet verification function 110, an authentication function 120, a UI 130, a key DB (database) 140, and a wallet access information DB 150.
  • Figure 2 does not show functions that are generally provided in devices/terminals, such as communication functions.
  • the cloud wallet infrastructure 200 has a wallet application data DB 210, an authentication data DB 220, a user data DB 230, a physical access environment management function 240, an access authentication function 250, a physical security environment 260, and a wallet application communication control unit 270.
  • the wallet application data DB 210, the authentication data DB 220, and the user data DB 230 may be collectively referred to as "databases.”
  • the physical security environment 260 also has a wallet application 261 (ID management function 262).
  • the wallet application 261 is a function that is realized by executing program code that defines the processing procedures of the ID management function 262 on the physical security environment 260.
  • the wallet application 261 may also be called the ID management function 262.
  • wallet application data DB 210 may be provided outside the cloud wallet platform 200.
  • authentication data DB 220 may be provided outside the cloud wallet platform 200.
  • user data DB 230 may be provided outside the cloud wallet platform 200.
  • the physical security environment 260 is generated (constructed) for each user.
  • “physical security environment for each user” also includes a form that provides an isolated virtual security environment for each user using virtualization technology on hardware that realizes a physical security environment, such as a TEE (e.g., AMD-SEV, https://www.amd.com/ja/developer/sev.html).
  • TEE e.g., AMD-SEV, https://www.amd.com/ja/developer/sev.html.
  • a communications system with the above-described configuration provides a wallet app 261 protected by a physical security environment 260 for each user, generates and certifies data encryption keys/decryption keys, ensures that only the user, UE, and the user's physical security environment 260 can decrypt user data, and realizes a mechanism for detecting and preventing data tampering.
  • the authentication function 120 (which may include authentication information for authentication) is a function related to user authentication when the user terminal 100 accesses the cloud wallet infrastructure 200/wallet application 261.
  • the wallet verification function 110 verifies that the wallet application 261 is running on the physical security environment 260 and that it is a legitimate wallet application 261, using information notified from the cloud wallet platform 200. This function corresponds to Solution 1 and Solution 2.
  • the wallet verification function 110 also includes a function for Solution 4.
  • the UI 130 is a browser or client application used to access the cloud wallet platform 200/wallet application 261.
  • Key DB 140 stores keys for encrypting/decrypting data. For example, if the key is a common key, the common key can be used for encryption and decryption. Also, if the key is a pair of a public key and a private key, for example, the public key can be used for encryption and the private key can be used for decryption.
  • Wallet access information DB150 stores wallet access information such as "identifier, private key, password, etc.” for wallet access.
  • the method of user authentication using the authentication function 120 is not limited to a specific method, but the following methods can be used, for example.
  • the user public key for access authentication is provided directly to the cloud wallet infrastructure 200, or the cloud wallet infrastructure 200 has a means of accessing a database or the like in which the user public key is stored.
  • the authentication function 120 then notifies the cloud wallet infrastructure 200 of a message signed with the user private key corresponding to the user public key, and the access authentication function 250 of the cloud wallet infrastructure 200 uses the public key to verify that the signature is correct.
  • access authentication methods may also be used, such as ID/password or biometric authentication such as FIDO.
  • the wallet application data DB 210 stores wallet application data such as application codes and hash values of application codes.
  • the wallet application data is used in, for example, Solution 4.
  • the authentication data DB220 stores authentication data such as the "identifier, public key, password, etc.” used by the cloud wallet platform 200 for user wallet access.
  • User data DB230 stores encrypted user data.
  • User data is, for example, DID/VC or "ID data such as private keys and public keys, and setting data, etc.” linked to the DID.
  • Figure 3 shows a specific example of data stored in user data DB 230.
  • user identifiers such as DIDs are stored in user data DB 230 in association with encrypted user data.
  • data with low privacy requirements may be stored unencrypted.
  • the key for decrypting the encrypted ID data held by the user data DB 230 is handled only within the user terminal 100 and the physical security environment 260 for each user, so that it cannot be obtained by the wallet platform administrator or other applications, and is sent to the user terminal 100 before resources in the physical security environment 260 are released.
  • the encryption key is generated for each user within the physical security environment 260.
  • the access authentication function 250 performs the user authentication described above, as well as authentication of external systems 300 such as issuers/verifiers that are allowed to access the wallet application 260.
  • the user terminal 100 accesses the access authentication function 250 in the cloud wallet platform 200. User authentication is performed by the access authentication function 250.
  • the access authentication function 250 if it is successful in user authentication, it instructs the physical security environment management function 240 to construct a physical security environment 260 and wallet application 261 for the user.
  • the physical security environment management function 240 is, for example, a hypervisor that manages a virtual machine that operates as the physical security environment 260.
  • the physical security environment management function 240 creates, for example, a user TEE environment as the user's physical security environment 260.
  • the physical security environment management function 240 also generates a user's wallet application 261.
  • the physical security environment 260 obtains user data and wallet application data from the database (S4).
  • the physical security environment management function 240 issues access destination information to the user's wallet application 261, performs authorization settings for the access authentication function 250, and performs communication settings for the wallet application communication control unit 270.
  • the access authentication function 250 notifies the user terminal 100 of the access destination information (URL, etc.) of the wallet application 261.
  • the user terminal 100 accesses the wallet application 261 via the wallet application communication control unit 270.
  • the wallet application communication control unit 270 requests authentication from the access authentication function 250, and a decision is made as to whether to allow or deny access based on the authentication result.
  • authentication when accessing the cloud wallet platform 200/wallet application 261 does not have to be key-based; for example, an ID/password-based method may be used.
  • the physical security environment 260 If the access in S6 is the user's first access to the wallet app 261, then in S7 the physical security environment 260 generates a key pair (public key, private key) or a common key for encrypting/decrypting the user's data ("encryption/decryption” means "encryption or decryption") and notifies the user of the key. If the access in S6 is the second or subsequent access to the wallet app 261 from the user terminal 100, the physical security environment 260 receives from the user the private key or common key for encrypting/decrypting the user's data. This type of processing corresponds to Solution 3.
  • the trigger and timing for generating/receiving a key for data encryption/decryption for each user are not limited to the above example.
  • the UI 130 of the wallet app 261 may be provided with a button for key generation and key registration, and when the user operates that button, the key may be generated and sent from the user.
  • the manufacturer of the physical security environment 260 installs into the physical security environment 260 a unique key (specifically, the manufacturer's private key) and a certificate of the manufacturer that are difficult to tamper with later.
  • the generated (activated) physical security environment 260 signs the message addressed to the user terminal 100, including the UK, with the physical security environment 260's unique key (the manufacturer's private key), and notifies the user terminal 100 of the message, the signature, and the manufacturer's certificate as a set.
  • the user terminal 100 uses the manufacturer's public key to verify the authenticity of the signature. If the verification is successful, it is proven that the key (UK) included in the message was generated within a valid physical security environment 260.
  • the public key corresponding to the above private key is either included in the received manufacturer certificate, or is published on the manufacturer's website or in a distributed ledger such as a blockchain, and is therefore available for acquisition. Technologies such as IETF Remote Attestation may be used to notify the above message.
  • the manufacturer's certificate is embedded in the physical security environment 260, but this is not a limitation.
  • an external certificate management system that manages certificates of manufacturers, etc. may be provided, and the user terminal 100 or cloud wallet platform 200 may obtain the manufacturer's certificate from this certificate management system.
  • the user terminal 100 may obtain the manufacturer's certificate separately from the notification of the "message containing the key and the signature."
  • the use of a certificate management system as described above is one example.
  • the user terminal 100 may obtain the manufacturer's certificate by accessing the manufacturer's website or a distributed ledger such as a blockchain.
  • the following processing corresponds to Solution 4.
  • the user terminal 100 acquires (calculates) a user data integrity verification trail for the "user data/encrypted user data" read from the wallet application 261 at a predetermined timing, such as the next time the wallet application 261 is accessed, and compares the user data integrity verification trail with the user data integrity verification trail stored within the user terminal 100 to detect whether the "user data/encrypted user data" has been tampered with.
  • the next time the wallet app 261 is accessed may or may not be after the physical security environment 260 is restarted.
  • the physical security environment 260 and the user terminal 100 share (store) the "user data/encrypted user data" itself, and for example, when the next wallet app 261 is accessed, the user terminal 100 receives the "user data/encrypted user data" from the physical security environment 260 and compares the received "user data/encrypted user data" with the "user data/encrypted user data” that it stores, thereby detecting whether the "user data/encrypted user data" has been tampered with.
  • the user terminal 100 may obtain the certificate separately from the notification of the key and signature.
  • a user data integrity verification trail is a hash value (which may also be called a digest), but any information that can be used to verify user data integrity may be used as a user data integrity verification trail.
  • user data may include “unencrypted user data” and “encrypted user data.”
  • the second operational example of the communication system is an operational example related to wallet integrity proof, and corresponds to solutions 1 and 2.
  • Wallet integrity certification is a mechanism that certifies the integrity of the wallet application 261 operating within the physical security environment 260, and the physical security environment 260, which is the execution environment of the wallet application 261, to an external actor (the user in this embodiment).
  • the cloud wallet infrastructure 200 acquires (calculates) a hash value of the wallet application 261 running on the physical security environment 260, signs the hash value with a key specific to the physical security environment (specifically, the manufacturer's private key), and then notifies the wallet verification function 110 of the user terminal 100 of a message including the hash value, signature, and manufacturer's certificate. This message may be notified using, for example, IETF Remote Attestation.
  • the message in S1 includes the hash value of the wallet application 261, a signature of the hash value (a signature using the unique key of the physical security environment), and the manufacturer's certificate.
  • hash value of wallet application 261 is an example of a trail for verifying the authenticity of wallet application 261.
  • the program code/executable file of wallet application 261 may also be used.
  • other things may also be used as the trail.
  • the trail is signed with the unique key of the physical security environment.
  • Verification data (correct answer information) such as the source code and hash values of the wallet application 261, which are used by the user terminal 100 to match the evidence obtained from the cloud wallet platform 200, is registered and made public in the wallet application data DB 210.
  • the wallet verification function 110 obtains wallet application data (hash value, source code) from the wallet application data DB 210.
  • wallet application data is not limited to being stored in the wallet application data DB 210.
  • wallet application data may be stored in a location not under the control of the cloud wallet operator, using a public blockchain or the like. This can further increase resistance to tampering by the cloud wallet operator.
  • the wallet verification function 110 verifies that the genuine wallet application 261 is running in the physical security environment 260 by comparing the hash value of the wallet application 261 notified by the cloud wallet platform 200 with the hash value obtained from the wallet application data DB 210.
  • the manufacturer's certificate is embedded in the physical security environment 260, but this is not a limitation.
  • an external certificate management system that manages certificates of manufacturers, etc. may be provided, and the user terminal 100 or cloud wallet platform 200 may obtain the manufacturer's certificate from this certificate management system.
  • the user terminal 100 may obtain the manufacturer's certificate separately from the notification of the hash value (an example of a trail) and signature.
  • the use of a certificate management system as described above is one example.
  • the user terminal 100 may obtain the manufacturer's certificate by accessing the manufacturer's website or a distributed ledger such as a blockchain.
  • the public key corresponding to the private key used to verify the signature is included in the manufacturer's certificate, or is made public on the manufacturer's website or in a distributed ledger such as a blockchain, and is therefore available for acquisition.
  • ID data The ID data, ID management function 262, physical security environment 260, etc. will be described in more detail below.
  • the cloud wallet platform 200 which is a cloud service operated by an external cloud operator/administrator, manages users' digital identity data (ID data).
  • ID data digital identity data
  • the cloud wallet service provided to users by the cloud wallet platform 200 protects the confidentiality and integrity of the ID data from others, including the cloud operator/administrator. This reduces the risk of attacks and fraud not only from ordinary third parties, but also from the cloud operator/administrator.
  • the cloud wallet platform 200 has an ID management function 262 (wallet application 261) that manages and stores user ID data.
  • the ID management function 262 accesses the ID data stored in the user data DB 230 and performs ID management.
  • the user data DB 230 may be provided in an external device rather than within the cloud wallet platform 200.
  • access information for the external device may be held in the cloud wallet platform 200, and the ID data may be accessible using this access information.
  • the confidentiality and integrity of ID data is maintained, and the ID management function 262 operates in an environment where integrity is maintained.
  • HSM hardware security module
  • TEE trusted execution environment
  • HSMs offer higher levels of confidentiality and integrity protection than TEEs, but the ID management functions they include are fixed for each product, making TEEs more suitable for cloud providers wanting to implement their own unique ID management functions.
  • ID data (Detailed example of ID data) Next, a detailed example of ID data will be described.
  • ID data (1) to (5) are handled.
  • the user (entity/subject) described below refers to a unit for managing attributes such as people, organizations, devices (including terminals), data, and services, and is not necessarily limited to individuals. Also, only some of the following (1) to (5) may be handled.
  • a single user has multiple user identifiers depending on the purpose, such as an employee number and a payment service membership number.
  • Each key data has key certification data that proves the correspondence between the user identifier and key data.
  • the key data is a key pair for public key cryptography, it has key certification data that proves the correspondence between the user identifier and the public key.
  • Key certification data includes, for example, public key certificates in PKI and DID documents in Distributed Identity (DID). Key certification data becomes effective when the correspondence between a public key and a user identifier is registered with a trusted external service.
  • a trusted external service is a certification authority in the case of public key certificates, or a distributed ledger in the case of a DID document.
  • Each user identifier is associated with corresponding attribute data. For example, "name, organization, and job title" in an employee ID, or "name, bank account number, and service type” in a payment service ID. There are also cases where an ID or its attributes are attributes of another ID. For example, the name in the above example.
  • Attribute certification data proving the correspondence between a user identifier and an attribute
  • Each attribute has attribute certification data that proves the correspondence between the user identifier and the attribute.
  • Attribute certification data is, for example, an attribute certificate in a PKI or a Verification Credential (VC) in a DID.
  • Attribute certification data becomes valid when signed by a trusted external service.
  • the trusted external service is an attribute authority in the case of an attribute certificate, and an issuer in the case of a VC.
  • Attribute certification data registration location validity period
  • usage history usage history
  • expiration regulations Users use attribute authentication based on this data.
  • FIG. 5 shows an example of the structure of ID data based on the above content.
  • the ID management function 262 can access the ID data to manage the ID data and execute the following processes (1) to (6), for example.
  • User Identifier Generation can be generated by the user themselves or generated externally and stored by the user as ID data. Employee numbers and membership numbers for existing services such as payment services are often the latter type, but in systems that emphasize "self-sovereignty," such as DID, the user generates the identifier themselves.
  • the ID management function 262 is used when a user generates a user identifier, and when a user stores an externally generated identifier as ID data. For example, the user accesses the ID management function 262, and the ID management function 262 stores the generated user identifier.
  • the ID management function 262 selects the registration destination service (collects options, determines selection criteria), creates registration application data (parameter setting based on regulations and security policies, signature), verifies and stores registration response data, etc.
  • ID management function 262 authenticates the user ID to others by submitting a signature using key data and key certification data.
  • the ID management function 262 authenticates the user's attributes to others by signing using key data, presenting key certification data, and presenting attribute certification data.
  • the physical security environment 260 in this embodiment has the following functions.
  • Wallet integrity proof (corresponding to solutions 1 and 2)
  • an external actor e.g., a user
  • a wallet application 261 running within the physical security environment 260 generates a key (a key for encrypting/decrypting data for each user) to exchange with an external actor (e.g., a user) and proves to the external actor that the key was generated within the physical security environment 260.
  • a key pair (EK) and the manufacturer's certificate which are installed in the physical security environment 260 by the manufacturer at the time of manufacture and are difficult to tamper with later, are used.
  • the physical security environment 260 can prove to the external actor that the key was generated within the physical security environment 260 by signing the key with its private key (the private key of the key pair). As already explained, it is assumed that the public key corresponding to the private key is published on the manufacturer's website, etc., and is therefore available for acquisition.
  • an EK Endorsement Key
  • an AIK Adorsement Identity Key
  • the AIK is used to prove that yet another key was generated within the physical security environment 260, resulting in a multi-stage certification format.
  • This type of certification format may be used in this embodiment.
  • the physical security environment 260 encrypts the data handled within the physical security environment 260 with a key for each user and stores it in external storage or a database, etc. After the physical security environment 260 is shut down and restarted/reconstructed, it restores this data from the storage, etc. where it was stored.
  • the physical security environment 260 stores a digest of the encrypted data in a "secure element (SE) or storage" associated with the physical security environment 260.
  • SE secure element
  • the physical security environment 260 also transmits the digest to the user terminal 100, which then stores the digest.
  • the user terminal 100 calculates a digest of the encrypted data read from the physical security environment 260, compares this digest with the stored digest, and confirms that they match (that the data has not been tampered with).
  • the user data itself may be shared and stored between the physical security environment 260 and the user terminal 100, and after restarting the physical security environment 260, the user terminal 100 may receive the data, thereby confirming whether the user data has been tampered with.
  • the communication system in this embodiment may have the configuration shown in Fig. 6. As shown in Fig. 6, this communication system includes an information processing device 400 and a terminal 300.
  • the cloud wallet platform 200 is an example of the information processing device 400, and the user terminal 100 is an example of the terminal 300.
  • the terminal 300 includes a receiving unit 310 and a verifying unit 320.
  • the receiving unit 310 receives, for example, from the information processing device 400, a message including a trail for verifying the validity of the wallet application, a signature for the trail, and a certificate corresponding to the signature.
  • the verifying unit 320 verifies the signature and verifies the validity of the wallet application by, for example, comparing the trail with values obtained from an external database.
  • Any of the devices described in this embodiment can be realized by, for example, causing a computer to execute a program.
  • This computer may be a physical computer or a virtual machine on the cloud.
  • the device can be realized by using hardware resources such as the CPU and memory built into the computer to execute a program corresponding to the processing performed by the device.
  • the program can be recorded on a computer-readable recording medium (such as portable memory) and then saved or distributed.
  • the program can also be provided via a network such as the Internet or email.
  • the program that realizes processing on the computer is provided by a recording medium 1001, such as a CD-ROM or memory card.
  • a recording medium 1001 such as a CD-ROM or memory card.
  • the program is installed from the recording medium 1001 to the auxiliary storage device 1002 via the drive device 1000.
  • the program does not necessarily have to be installed from the recording medium 1001; it can also be downloaded from another computer via a network.
  • the auxiliary storage device 1002 stores the installed program as well as necessary files, data, etc.
  • the memory device 1003 When an instruction to start a program is received, the memory device 1003 reads and stores the program from the auxiliary storage device 1002.
  • the CPU 1004 implements the functions related to the device in accordance with the program stored in the memory device 1003.
  • the interface device 1005 is used as an interface for connecting to a network, etc.
  • the display device 1006 displays a GUI (Graphical User Interface) based on the program, etc.
  • the input device 1007 is composed of a keyboard, mouse, buttons, touch panel, etc., and is used to input various operational instructions.
  • the output device 1008 outputs the results of calculations.
  • a physical security environment in which the wallet application operates an information processing device comprising: a communication unit that transmits to a terminal a message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.
  • the physical security environment generates a key for encrypting or decrypting data; 2.
  • the communication unit transmits to the terminal information including a message including the key and a signature for the message generated using a unique key of the physical security environment.
  • a receiving unit that receives a message including a trail for verifying the validity of a wallet application and a signature for the trail from an information processing device that has a physical security environment in which the wallet application operates; a verification unit that verifies the signature and verifies the authenticity of the wallet application by comparing the trail with a value obtained from an external database.
  • the terminal described in Appendix 3 wherein the receiving unit receives information from the information processing device, the information including a message including a key for encrypting or decrypting data and a signature for the message generated using a unique key of the physical security environment, and the verifying unit verifies the signature.
  • the receiving unit receiving and storing user data or a consistency verification trail of the user data from the information processing device, and receiving the user data from the information processing device at a predetermined timing;
  • the verification unit Checking whether the user data has been tampered with by comparing the integrity verification trail of the user data received at the predetermined timing with the integrity verification trail that is stored, or
  • the terminal according to claim 3 or 4 wherein the terminal checks whether the user data has been tampered with by comparing the user data received at the predetermined timing with the user data it holds.
  • a communication system comprising the information processing device according to claim 1 or 2 and the terminal according to any one of claims 3 to 5.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This information processing device comprises: a physical security environment for operating a wallet application; and a communication unit for transmitting, to a terminal, a message including a trail for verifying the validity of the wallet application and a signature for the trail.

Description

情報処理装置、端末、通信システム、通信方法、及びプログラムInformation processing device, terminal, communication system, communication method, and program

 本発明は、デジタルアイデンティティウォレットに関連するものである。 The present invention relates to digital identity wallets.

 中央集権的なアイデンティティプロバイダ(IdP)などに依存せずに、自身の識別子やアイデンティティをユーザが自分自身で管理し、提供先を制御する、自己主権型アイデンティティ(SSI)技術が検討されている(非特許文献1、2)。 Self-sovereign identity (SSI) technology is being considered, which allows users to manage their own identifiers and identities and control who receives them, without relying on a centralized identity provider (IdP) (Non-Patent Documents 1 and 2).

 SSIの世界では、自身のデジタルアイデンティティデータ(ID)を管理/保有するユーザなどのHolder、ユーザ等に対して、属性情報、資格情報などを認定の上、属性/資格証明書(例:VC)を発行するIssuer、及び、Holderに対してサービス提供のために必要なユーザのアイデンティティ情報を含む属性/資格証明書を要求・受信することで、Holderの属性・資格等を検証し、サービス提供判断などを行うVerifierの3者が存在する。 In the world of SSI, there are three parties: Holders, such as users who manage/hold their own digital identity data (ID); Issuers, who certify attribute information, qualifications, etc. for users and issue attribute/qualification certificates (e.g., VCs); and Verifiers, who verify the Holder's attributes, qualifications, etc. by requesting and receiving attribute/qualification certificates containing the user's identity information necessary to provide services from the Holder, and make decisions about providing services.

 また、ユーザ(Holder)のIDデータを保管して本人確認あるいは属性証明に用いるデジタルアイデンティティウォレット(DIW)機能が提案されている(非特許文献3)。DIWの実現形態としては、ユーザの操作端末(UEとも呼ぶ)内に配備するもの(ローカルウォレット)と、クラウド事業者などがホスティングする基盤上で提供されるもの(クラウドウォレット)の2つが存在する。 In addition, a digital identity wallet (DIW) function has been proposed that stores user (holder) ID data and uses it for identity verification or attribute certification (Non-Patent Document 3). DIWs can be implemented in two ways: local wallets that are deployed on the user's operating terminal (also called UE), and cloud wallets that are provided on a platform hosted by a cloud service provider or similar.

"Decentralized Identifiers (DIDs) v1.0," W3C Recommendation, 19 July 2022https://www.w3.org/TR/did-core/"Decentralized Identifiers (DIDs) v1.0," W3C Recommendation, 19 July 2022https://www.w3.org/TR/did-core/ "Verifiable Credentials Data Model v1.1," W3C Recommendation, 03 March 2022 https://www.w3.org/TR/vc-data-model/"Verifiable Credentials Data Model v1.1," W3C Recommendation, 03 March 2022 https://www.w3.org/TR/vc-data-model/ European digital identity wallet Architecture and Reference Framework, January 2023 https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-wallet-architecture-and-reference-frameworkEuropean digital identity wallet Architecture and Reference Framework, January 2023 https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-wallet-architecture-and-reference-framework

 クラウド型のDIWの利用により、IDデータ、及びその処理機能(プログラム等)が配備されたユーザ端末をユーザ自身で適切に管理する手間を削減できる。また、ユーザ端末の紛失、セキュリティ設定の不備等の要因により、IDデータが外部から参照されるなどのリスクを低減することが可能となる。 Using a cloud-based DIW reduces the effort required for users to properly manage their own devices that host ID data and its processing functions (programs, etc.). It also reduces the risk of ID data being accessed externally due to factors such as loss of the user device or inadequate security settings.

 しかし、ユーザのIDデータ及びその処理機能等が、クラウドウォレット基盤管理者(管理者を「事業者」と呼んでもよい)の管理下にあることから、管理者の不正により、IDデータの閲覧など、ユーザのプライバシが侵害されるリスクがある。 However, since user ID data and its processing functions are under the control of the cloud wallet platform administrator (the administrator may also be called the "business operator"), there is a risk that user privacy may be violated by unauthorized access by the administrator, such as by viewing ID data.

 本発明は、上記の点に鑑みてなされたものであり、管理者からの攻撃及び不正のリスクを低減し、ユーザのプライバシ性と自己主権性を向上させたクラウドウォレットを実現するための技術を提供することを目的とする。 The present invention was made in consideration of the above points, and aims to provide technology for realizing a cloud wallet that reduces the risk of attacks and fraud from administrators and improves users' privacy and self-sovereignty.

 開示の技術によれば、ウォレットアプリケーションを動作させる物理セキュリティ環境と、
 前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを端末に送信する通信部と
 を備える情報処理装置が提供される。 According to the disclosed technology, a physical security environment in which a wallet application operates;
An information processing device is provided, comprising: a communication unit that transmits to a terminal a message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.

 開示の技術によれば、管理者からの攻撃及び不正のリスクを低減し、ユーザのプライバシ性と自己主権性を向上させたクラウドウォレットを実現するための技術が提供される。 The disclosed technology provides a technology for realizing a cloud wallet that reduces the risk of attacks and fraud from administrators and improves user privacy and self-sovereignty.

実施の形態の概要を説明するための図である。FIG. 1 is a diagram for explaining an overview of an embodiment. 本発明の実施の形態における通信システムの構成図である。1 is a configuration diagram of a communication system according to an embodiment of the present invention. ユーザデータDB230に格納されるデータの具体例を示す図である。3 is a diagram showing a specific example of data stored in a user data DB 230. FIG. 本発明の実施の形態における通信システムの構成図である。1 is a configuration diagram of a communication system according to an embodiment of the present invention. IDデータの構成例を示す図である。FIG. 2 is a diagram illustrating an example of the configuration of ID data. 本発明の実施の形態における通信システムの構成図である。1 is a configuration diagram of a communication system according to an embodiment of the present invention. 装置のハードウェア構成例を示す図である。FIG. 2 illustrates an example of a hardware configuration of the apparatus.

 以下、図面を参照して本発明の実施の形態(本実施の形態)を説明する。以下で説明する実施の形態は一例に過ぎず、本発明が適用される実施の形態は、以下の実施の形態に限られるわけではない。 Below, an embodiment of the present invention (present embodiment) will be described with reference to the drawings. The embodiment described below is merely an example, and embodiments to which the present invention can be applied are not limited to the following embodiment.

 また、以下の説明において、文脈から他の意味であることが明確である場合を除いて、「A/B」は「A又はB」を意味する。また、「A又はB」は、Aのみ、Bのみ、及び、「A及びB」を含む。 Furthermore, in the following explanation, unless otherwise clearly indicated from the context, "A/B" means "A or B." Furthermore, "A or B" includes A only, B only, and "A and B."

 本実施の形態において、ユーザプライバシ性/自己主権性を向上させたクラウド型のデジタルアイデンティティウォレットを実現するための技術について説明する。本実施の形態では、クラウドウォレット基盤(クラウドウォレットシステムと呼んでもよい)において、TEE等の物理セキュリティ環境による保護を行うとともに、保護状況をユーザから検証可能にする等により、ユーザプライバシ性/自己主権性を向上させたクラウド型のデジタルアイデンティティウォレットを実現している。以下、その実現のための具体的な技術について説明する。 In this embodiment, we will explain the technology for realizing a cloud-based digital identity wallet with improved user privacy and self-sovereignty. In this embodiment, a cloud-based digital identity wallet with improved user privacy and self-sovereignty is realized by providing protection through a physical security environment such as a TEE in a cloud wallet infrastructure (which may also be called a cloud wallet system), and by making the protection status verifiable by the user. Specific technologies for realizing this will be explained below.

 (実施の形態の概要)
 本実施の形態に係る技術を詳細に説明するにあたり、まず、対象とする攻撃と解決策の概要を、図1を参照して説明する。 (Outline of the embodiment)
Before describing the technology according to this embodiment in detail, an outline of the target attack and the solution will be first described with reference to FIG.

 本実施の形態では、ユーザ端末100(UEと呼んでもよい)と、クラウドウォレット基盤200が備えられる。クラウドウォレット基盤200はクラウド上に備えられ、ユーザ端末100は、通信ネットワークを介してクラウドウォレット基盤200と通信することが可能である。 In this embodiment, a user terminal 100 (which may also be referred to as a UE) and a cloud wallet infrastructure 200 are provided. The cloud wallet infrastructure 200 is provided on the cloud, and the user terminal 100 is able to communicate with the cloud wallet infrastructure 200 via a communication network.

 ユーザ端末100は、クラウドウォレット基盤200にアクセスして、例えばSSIベースのサービスに提示するためのIDデータ等を取得する。また、ユーザ端末100は、例えば自身で作成したIDデータをクラウドウォレット基盤200に安全に保管することが可能である。 The user terminal 100 accesses the cloud wallet platform 200 to obtain, for example, ID data to be presented to SSI-based services. The user terminal 100 can also securely store, for example, ID data that it has created itself in the cloud wallet platform 200.

 クラウドウォレット基盤200は、物理セキュリティ環境(例:HSM、TEE等)を有する。なお、HSM及びTEEは既存技術であり、HSMは「https://link.springer.com/chapter/10.1007/978-3-031-33386-6_16」に開示されており、TEEは「Introduction-to-Trusted-Execution-Environment-15May2018.pdf (globalplatform.org)」に開示されている。 The cloud wallet infrastructure 200 has a physical security environment (e.g., HSM, TEE, etc.). HSM and TEE are existing technologies, with HSM disclosed in "https://link.springer.com/chapter/10.1007/978-3-031-33386-6_16" and TEE disclosed in "Introduction-to-Trusted-Execution-Environment-15May2018.pdf (globalplatform.org)."

 物理セキュリティ環境内では、ウォレットアプリが動作する。ウォレットアプリは、物理セキュリティ環境内で、IDデータあるいは鍵データを用いた処理を行う。クラウドウォレット基盤200の構成及び動作の詳細については後述する。 A wallet application runs within the physical security environment. The wallet application performs processing using ID data or key data within the physical security environment. Details of the configuration and operation of the cloud wallet platform 200 will be described later.

 図1の構成により、ユーザのみが、任意のアクセス認証方式を使用して、自身のクラウドウォレットにアクセスできる。また、一般の攻撃者からの不正を防止できることに加えて、クラウド事業者/管理者の不正も防ぐことが可能である。 With the configuration shown in Figure 1, only users can access their own cloud wallets using any access authentication method. Furthermore, in addition to preventing fraud by general attackers, it is also possible to prevent fraud by cloud service providers/administrators.

 なお、本明細書において、「ユーザ」は、文脈からそれが人を指すものであることが明らかな場合を除いて、人のみならず、ユーザが使用する端末等の装置を含む。また、「アプリ」は「アプリケーション」の略称である。 In this specification, "user" refers not only to a person, but also to devices such as terminals used by the user, unless the context clearly indicates that it refers to a person. Also, "app" is an abbreviation for "application."

 対象とする攻撃(1)~(4)と、それぞれの攻撃に対する解決策の概要は下記のとおりである。 The targeted attacks (1) to (4) and an overview of the solutions to each attack are as follows:

 (1)侵害されたウォレットアプリをデプロイして提供
 正当なアプリのデプロイをユーザが検証可能とすることで解決する。これを「解決策1」とする。 (1) Deploying and providing a compromised wallet app This problem can be solved by allowing users to verify the deployment of a legitimate app. This is called "Solution 1."

 (2)物理セキュリティ環境と偽って通常環境で起動されたウォレットアプリを提供
 物理セキュリティ環境内でウォレットアプリが動作していることをユーザが検証可能とすることで解決する。これを「解決策2」とする。 (2) Providing a wallet app launched in a normal environment, disguised as a physical security environment. This problem is solved by enabling users to verify that the wallet app is running in a physical security environment. This is called "Solution 2."

 (3)保存されたIDデータの改ざんあるいは搾取
 ユーザ、UE、及び、ユーザ用に構築された物理セキュリティ環境内のウォレットアプリのみが、暗号化されたユーザデータを復号可能とすることで解決する。これを「解決策3」と呼ぶ。また、データの整合性をユーザが検証可能とすることでも解決可能であり、これを「解決策4」と呼ぶ。 (3) Tampering or Exploitation of Stored ID Data This problem can be solved by making encrypted user data decryptable only by the user, the UE, and the wallet application in the physical security environment built for the user. This is called "Solution 3." It can also be solved by making the integrity of the data verifiable by the user, which is called "Solution 4."

 (4)admin権限での不正アクセス
 これについては、解決策2により、物理セキュリティ環境内で動作していることをユーザが検証可能とすることで解決される。 (4) Unauthorized access with admin privileges This issue is resolved by Solution 2, which allows users to verify that they are operating within a physical security environment.

 (システム構成例)
 図2に、本実施の形態に係る通信システムの構成例を示す。図2に示すように、本通信システムは、ユーザ端末100、クラウドウォレット基盤200、及び外部サービス500を備える。なお、外部サービス500は、Issuer/Verifier等に相当する装置/システムである。また、ユーザ端末100を「端末」と呼び、クラウドウォレット基盤200を、「クラウドウォレットシステム」、あるいは、「情報処理装置」と呼んでもよい。 (System configuration example)
Fig. 2 shows an example of the configuration of a communication system according to this embodiment. As shown in Fig. 2, this communication system includes a user terminal 100, a cloud wallet platform 200, and an external service 500. The external service 500 is a device/system equivalent to an issuer/verifier, etc. The user terminal 100 may also be called a "terminal," and the cloud wallet platform 200 may also be called a "cloud wallet system" or an "information processing device."

 図2に示すように、ユーザ端末100は、ウォレット検証機能110、認証機能120、UI130、鍵DB(データベース)140、及び、ウォレットアクセス用情報DB150を有する。なお、図2には、通信を行う機能等、装置/端末に一般的に備えられている機能については図示していない。 As shown in Figure 2, the user terminal 100 has a wallet verification function 110, an authentication function 120, a UI 130, a key DB (database) 140, and a wallet access information DB 150. Note that Figure 2 does not show functions that are generally provided in devices/terminals, such as communication functions.

 クラウドウォレット基盤200は、ウォレットアプリデータDB210、認証データDB220、ユーザデータDB230、物理アクセス環境管理機能240、アクセス認証機能250、物理セキュリティ環境260、ウォレットアプリ通信制御部270を有する。ウォレットアプリデータDB210、認証データDB220、及びユーザデータDB230を総称して「データベース」と呼んでもよい。 The cloud wallet infrastructure 200 has a wallet application data DB 210, an authentication data DB 220, a user data DB 230, a physical access environment management function 240, an access authentication function 250, a physical security environment 260, and a wallet application communication control unit 270. The wallet application data DB 210, the authentication data DB 220, and the user data DB 230 may be collectively referred to as "databases."

 また、物理セキュリティ環境260は、ウォレットアプリ261(ID管理機能262)を有する。ウォレットアプリ261は、ID管理機能262の処理手順を定義したプログラムコードが物理セキュリティ環境260上で実行されることにより実現される機能である。すなわち、ウォレットアプリ261をID管理機能262と呼んでもよい。 The physical security environment 260 also has a wallet application 261 (ID management function 262). The wallet application 261 is a function that is realized by executing program code that defines the processing procedures of the ID management function 262 on the physical security environment 260. In other words, the wallet application 261 may also be called the ID management function 262.

 なお、ウォレットアプリデータDB210、認証データDB220、及びユーザデータDB230のうちのいずれか1つ又はいずれか2つ又は全部は、クラウドウォレット基盤200の外部に備えられていてもよい。 Note that any one, any two, or all of the wallet application data DB 210, authentication data DB 220, and user data DB 230 may be provided outside the cloud wallet platform 200.

 物理セキュリティ環境260は、ユーザ毎に生成(構築)されるものである。なお、「ユーザ毎の物理セキュリティ環境」には、TEEなどの物理セキュリティ環境を実現するハードウェア上で、さらに仮想化技術などを用いて、ユーザ毎に隔離された仮想セキュリティ環境を提供する形態(例:AMD-SEV、https://www.amd.com/ja/developer/sev.html)も含まれる。 The physical security environment 260 is generated (constructed) for each user. Note that "physical security environment for each user" also includes a form that provides an isolated virtual security environment for each user using virtualization technology on hardware that realizes a physical security environment, such as a TEE (e.g., AMD-SEV, https://www.amd.com/ja/developer/sev.html).

 上述した構成を備える通信システムにより、ユーザ毎の物理セキュリティ環境260で保護されたウォレットアプリ261の提供、データの暗号化鍵/復号化鍵の生成と証明、ユーザ、UE、ユーザ毎の物理セキュリティ環境260のみしかユーザデータを復号できない仕組み、及び、データ改ざん検知/防止の仕組みが実現される。 A communications system with the above-described configuration provides a wallet app 261 protected by a physical security environment 260 for each user, generates and certifies data encryption keys/decryption keys, ensures that only the user, UE, and the user's physical security environment 260 can decrypt user data, and realizes a mechanism for detecting and preventing data tampering.

 上記の仕組みの実現に関わる、機能の概要、データベースのデータ内容、及び、通信システムの動作例を説明する。 This section explains the overview of the functions, the data contents of the database, and an example of the operation of the communication system involved in realizing the above mechanism.

 <ユーザ端末100>
 認証機能120(認証のための認証情報を含んでもよい)は、ユーザ端末100からクラウドウォレット基盤200/ウォレットアプリ261へのアクセスの際のユーザ認証に関わる機能である。 <User terminal 100>
The authentication function 120 (which may include authentication information for authentication) is a function related to user authentication when the user terminal 100 accesses the cloud wallet infrastructure 200/wallet application 261.

 ウォレット検証機能110は、ウォレットアプリ261が、物理セキュリティ環境260上で動作していることと、正当なウォレットアプリ261であることを、クラウドウォレット基盤200側から通知される情報を用いて検証する。当該機能は、解決策1と解決策2に対応する。また、ウォレット検証機能110は、解決策4のための機能も含む。 The wallet verification function 110 verifies that the wallet application 261 is running on the physical security environment 260 and that it is a legitimate wallet application 261, using information notified from the cloud wallet platform 200. This function corresponds to Solution 1 and Solution 2. The wallet verification function 110 also includes a function for Solution 4.

 UI130は、クラウドウォレット基盤200/ウォレットアプリ261にアクセスする際に用いる、ブラウザあるいはクライアントアプリ等である。 The UI 130 is a browser or client application used to access the cloud wallet platform 200/wallet application 261.

 鍵DB140には、データの暗号化/復号化のための鍵が格納される。例えば、当該鍵が共通鍵であれば、当該共通鍵を暗号化と復号化に使用できる。また、当該鍵が、公開鍵と秘密鍵のペアであれば、例えば、公開鍵を暗号化に使用し、秘密鍵を復号化に使用することができる。 Key DB 140 stores keys for encrypting/decrypting data. For example, if the key is a common key, the common key can be used for encryption and decryption. Also, if the key is a pair of a public key and a private key, for example, the public key can be used for encryption and the private key can be used for decryption.

 ウォレットアクセス用情報DB150には、ウォレットアクセス用情報として、例えば、ウォレットアクセス用の「識別子、秘密鍵、パスワード等」が格納される。 Wallet access information DB150 stores wallet access information such as "identifier, private key, password, etc." for wallet access.

 認証機能120(及びクラウドウォレット基盤200側のアクセス認証機能250)を用いたユーザ認証の方法は特定の方法に限定されないが、例えば、下記の方法を用いることができる。 The method of user authentication using the authentication function 120 (and the access authentication function 250 on the cloud wallet platform 200 side) is not limited to a specific method, but the following methods can be used, for example.

 アクセス認証用のユーザ公開鍵をクラウドウォレット基盤200に直接提供する、または、クラウドウォレット基盤200においてユーザ公開鍵の保管されたデータベース等へのアクセス手段を備える。そして、認証機能120は、当該ユーザ公開鍵に対応するユーザ秘密鍵による署名付きメッセージをクラウドウォレット基盤200に通知し、クラウドウォレット基盤200のアクセス認証機能250は、正しい署名であることを、公開鍵を用いて検証する。 The user public key for access authentication is provided directly to the cloud wallet infrastructure 200, or the cloud wallet infrastructure 200 has a means of accessing a database or the like in which the user public key is stored. The authentication function 120 then notifies the cloud wallet infrastructure 200 of a message signed with the user private key corresponding to the user public key, and the access authentication function 250 of the cloud wallet infrastructure 200 uses the public key to verify that the signature is correct.

 その他、ID/パスワード、あるいは、FIDO等の生体認証、をベースとしたアクセス認証方式を用いてもよい。 Other access authentication methods may also be used, such as ID/password or biometric authentication such as FIDO.

 <クラウドウォレット基盤200>
 ウォレットアプリデータDB210には、ウォレットアプリデータとして、例えば、アプリコード、アプリコードのハッシュ値等が格納される。ウォレットアプリデータは、例えば、解決策4に使用される。 <Cloud Wallet Platform 200>
The wallet application data DB 210 stores wallet application data such as application codes and hash values of application codes. The wallet application data is used in, for example, Solution 4.

 認証データDB220には、認証データとして、例えば、ユーザのウォレットアクセス用の、クラウドウォレット基盤200で使用する「識別子、公開鍵、パスワード等」が格納される。 The authentication data DB220 stores authentication data such as the "identifier, public key, password, etc." used by the cloud wallet platform 200 for user wallet access.

 ユーザデータDB230には、暗号化されたユーザデータが格納される。ユーザデータは、例えば、DID/VCあるいはDIDに紐づく「秘密鍵、公開鍵等のIDデータ、及び設定用データ等」である。 User data DB230 stores encrypted user data. User data is, for example, DID/VC or "ID data such as private keys and public keys, and setting data, etc." linked to the DID.

 ユーザデータDB230に格納されるデータの具体例を図3に示す。図3に示すように、ユーザデータDB230には、DID等のユーザ識別子と、暗号化されたユーザデータとが対応付けて格納されている。 Figure 3 shows a specific example of data stored in user data DB 230. As shown in Figure 3, user identifiers such as DIDs are stored in user data DB 230 in association with encrypted user data.

 ユーザデータDB230に格納されるデータに関して、TEE環境あるいはアプリの構築に必要なユーザ設定データの内、プライバシ性の低いデータについては、暗号化せずに非暗号化のまま格納しておいてもよい。 With regard to the data stored in the user data DB 230, among the user setting data required for building the TEE environment or application, data with low privacy requirements may be stored unencrypted.

 なお、ユーザデータDB230が持つ暗号化されたIDデータの復号化のための鍵は、ウォレット基盤管理者及び他のアプリ等が取得できないように、ユーザ毎に、ユーザ端末100内、及び、物理セキュリティ環境260内でのみ扱い、物理セキュリティ環境260におけるリソース解放前に、ユーザ端末100に送信される。暗号化の鍵は、物理セキュリティ環境260内でユーザ毎に生成される。これらの機能は、解決策3に対応する。 The key for decrypting the encrypted ID data held by the user data DB 230 is handled only within the user terminal 100 and the physical security environment 260 for each user, so that it cannot be obtained by the wallet platform administrator or other applications, and is sent to the user terminal 100 before resources in the physical security environment 260 are released. The encryption key is generated for each user within the physical security environment 260. These functions correspond to Solution 3.

 なお、ユーザ端末100の紛失等のリスクに備えて、ユーザ端末100が受信した暗号化の鍵を、ユーザ端末100から、クラウドウォレット基盤200の管理者とは別の管理者下のクラウドストレージなどにバックアップしておく形態も想定される。 In addition, to prepare for the risk of the user terminal 100 being lost, it is also possible to back up the encryption key received by the user terminal 100 from the user terminal 100 to cloud storage or the like under an administrator other than the administrator of the cloud wallet platform 200.

 アクセス認証機能250は、前述したユーザ認証とともに、ウォレットアプリ260にアクセスしてよいIssuer/Verifierなどの外部システム300の認証を行う。 The access authentication function 250 performs the user authentication described above, as well as authentication of external systems 300 such as issuers/verifiers that are allowed to access the wallet application 260.

 (通信システムの動作例1)
 通信システムの動作例1を、図2に示すステップ番号(S1など)に沿って説明する。 (Operation example 1 of communication system)
The first example of the operation of the communication system will be described in accordance with the step numbers (S1, etc.) shown in FIG.

 S1において、ユーザ端末100は、クラウドウォレット基盤200におけるアクセス認証機能250にアクセスする。アクセス認証機能250により、ユーザ認証が行われる。 In S1, the user terminal 100 accesses the access authentication function 250 in the cloud wallet platform 200. User authentication is performed by the access authentication function 250.

 S2において、アクセス認証機能250は、ユーザ認証に成功すると、物理セキュリティ環境管理機能240に対して、ユーザ用の物理セキュリティ環境260及びウォレットアプリ261の構築指示を行う。なお、物理セキュリティ環境管理機能240は、例えば、物理セキュリティ環境260として動作する仮想マシンを管理するハイパーバイザである。 In S2, if the access authentication function 250 is successful in user authentication, it instructs the physical security environment management function 240 to construct a physical security environment 260 and wallet application 261 for the user. The physical security environment management function 240 is, for example, a hypervisor that manages a virtual machine that operates as the physical security environment 260.

 S3-1において、物理セキュリティ環境管理機能240は、ユーザ用の物理セキュリティ環境260として、例えばユーザ用TEE環境を作成する。また、物理セキュリティ環境管理機能240は、ユーザ用のウォレットアプリ261を生成する。生成にあたって、物理セキュリティ環境260は、データベースから、ユーザデータ及びウォレットアプリデータを取得する(S4)。 In S3-1, the physical security environment management function 240 creates, for example, a user TEE environment as the user's physical security environment 260. The physical security environment management function 240 also generates a user's wallet application 261. During generation, the physical security environment 260 obtains user data and wallet application data from the database (S4).

 S3-2において、物理セキュリティ環境管理機能240は、ユーザ用のウォレットアプリ261へのアクセス先情報を払い出し、アクセス認証機能250に対して認可設定を行うとともに、ウォレットアプリ通信制御部270に対して通信設定を行う。 In S3-2, the physical security environment management function 240 issues access destination information to the user's wallet application 261, performs authorization settings for the access authentication function 250, and performs communication settings for the wallet application communication control unit 270.

 S5において、アクセス認証機能250は、ウォレットアプリ261のアクセス先情報(URL等)をユーザ端末100に通知する。 In S5, the access authentication function 250 notifies the user terminal 100 of the access destination information (URL, etc.) of the wallet application 261.

 S6において、ユーザ端末100は、ウォレットアプリ通信制御部270を介して、ウォレットアプリ261にアクセスする。なお、ユーザ端末100とウォレットアプリ261との間の通信は、暗号化にて行われる。また、S6において、ウォレットアプリ通信制御部270からアクセス認証機能250への認証依頼が行われ、認証結果に基づくアクセス許可/拒否の判断が行われる。 In S6, the user terminal 100 accesses the wallet application 261 via the wallet application communication control unit 270. Note that communication between the user terminal 100 and the wallet application 261 is encrypted. Also in S6, the wallet application communication control unit 270 requests authentication from the access authentication function 250, and a decision is made as to whether to allow or deny access based on the authentication result.

 なお、S1及びS6において、クラウドウォレット基盤200/ウォレットアプリ261へのアクセス時の認証は、鍵ベースの方式でなくてもよく、例えば、ID/パスワードベースの方式を用いることとしてもよい。 In S1 and S6, authentication when accessing the cloud wallet platform 200/wallet application 261 does not have to be key-based; for example, an ID/password-based method may be used.

 S6のアクセスが、当該ユーザによる1回目のウォレットアプリ261へのアクセスの場合、S7において、物理セキュリティ環境260は、当該ユーザのデータの暗号化/復号化(「暗号化/復号化」は「暗号化又は復号化」を意味する)のための、鍵ペア(公開鍵、秘密鍵)または共通鍵を生成し、当該鍵をユーザに通知する。S6のアクセスが、ユーザ端末100からの2回目以降のウォレットアプリ261へのアクセスの場合には、物理セキュリティ環境260は、当該ユーザのデータの暗号化/復号化のための秘密鍵または共通鍵をユーザから受信する。このような処理は、解決策3に対応する。 If the access in S6 is the user's first access to the wallet app 261, then in S7 the physical security environment 260 generates a key pair (public key, private key) or a common key for encrypting/decrypting the user's data ("encryption/decryption" means "encryption or decryption") and notifies the user of the key. If the access in S6 is the second or subsequent access to the wallet app 261 from the user terminal 100, the physical security environment 260 receives from the user the private key or common key for encrypting/decrypting the user's data. This type of processing corresponds to Solution 3.

 ユーザ毎のデータ暗号化/復号化のための鍵の生成/受信のトリガー及びタイミングは、上記の例に限定されない。例えば、ウォレットアプリ261のUI130上に、鍵生成と鍵登録のボタンを備え、当該ボタンをユーザが操作したタイミングで、鍵の生成と、ユーザからの鍵送信が実施されることとしてもよい。 The trigger and timing for generating/receiving a key for data encryption/decryption for each user are not limited to the above example. For example, the UI 130 of the wallet app 261 may be provided with a button for key generation and key registration, and when the user operates that button, the key may be generated and sent from the user.

 物理セキュリティ環境260が、データの暗号化/復号化のための鍵(UKと呼ぶ)をユーザ端末100に送信する際には、その鍵が正当な物理セキュリティ環境260内で生成されたものであることを証明する必要がある。この証明は例えば下記の動作/処理により実現される。 When the physical security environment 260 sends a key (called UK) for encrypting/decrypting data to the user terminal 100, it must prove that the key was generated within the legitimate physical security environment 260. This proof is achieved, for example, by the following operations/processing.

 物理セキュリティ環境260の製造メーカーが、物理セキュリティ環境260の製造時において、物理セキュリティ環境260に、後から改ざんすることが困難な物理セキュリティ環境260の固有鍵(具体的には製造メーカーの秘密鍵)と製造メーカーの証明書を搭載する。 When manufacturing the physical security environment 260, the manufacturer of the physical security environment 260 installs into the physical security environment 260 a unique key (specifically, the manufacturer's private key) and a certificate of the manufacturer that are difficult to tamper with later.

 生成(起動)された物理セキュリティ環境260は、UKを含むユーザ端末100宛のメッセージを、物理セキュリティ環境260の固有鍵(製造メーカーの秘密鍵)で署名し、当該メッセージと、当該署名と、製造メーカーの証明書とをセットでユーザ端末100に通知する。 The generated (activated) physical security environment 260 signs the message addressed to the user terminal 100, including the UK, with the physical security environment 260's unique key (the manufacturer's private key), and notifies the user terminal 100 of the message, the signature, and the manufacturer's certificate as a set.

 ユーザ端末100(例えばウォレット検証機能110)は、当該製造メーカーの公開鍵を利用して当該署名の正当性を検証する。検証に成功すれば、メッセージに含まれる鍵(UK)は、正当な物理セキュリティ環境260内で生成されたものであることが証明される。 The user terminal 100 (e.g., wallet verification function 110) uses the manufacturer's public key to verify the authenticity of the signature. If the verification is successful, it is proven that the key (UK) included in the message was generated within a valid physical security environment 260.

 なお、上記の秘密鍵に対応する公開鍵は、受信した製造メーカーの証明書に含まれるか、製造メーカーのWebサイト、ブロックチェーンなどの分散台帳等で公開されており、取得可能であることを想定する。上記のメッセージの通知には、IETF Remote Attestation等の技術を利用してもよい。 It is assumed that the public key corresponding to the above private key is either included in the received manufacturer certificate, or is published on the manufacturer's website or in a distributed ledger such as a blockchain, and is therefore available for acquisition. Technologies such as IETF Remote Attestation may be used to notify the above message.

 なお、上記の例では、製造メーカーの証明書を物理セキュリティ環境260に埋め込んでおく形態を想定しているが、このような形態に限定されない。例えば、製造メーカー等の証明書を管理する証明書管理システムを外部に備えることとして、当該証明書管理システムから、ユーザ端末100又はクラウドウォレット基盤200が、製造メーカーの証明書を取得してもよい。 In the above example, it is assumed that the manufacturer's certificate is embedded in the physical security environment 260, but this is not a limitation. For example, an external certificate management system that manages certificates of manufacturers, etc. may be provided, and the user terminal 100 or cloud wallet platform 200 may obtain the manufacturer's certificate from this certificate management system.

 また、ユーザ端末100は、「鍵を含むメッセージと署名」の通知とは別に、製造メーカーの証明書を取得してもよい。上記のように証明書管理システムを用いる例は、その一例である。このような形態の他、ユーザ端末100は、製造メーカーのWebサイトやブロックチェーンなどの分散台帳にアクセスして製造メーカーの証明書を取得してもよい。 Furthermore, the user terminal 100 may obtain the manufacturer's certificate separately from the notification of the "message containing the key and the signature." The use of a certificate management system as described above is one example. In addition to this, the user terminal 100 may obtain the manufacturer's certificate by accessing the manufacturer's website or a distributed ledger such as a blockchain.

 また、クラウドウォレット基盤200側に保管されたユーザデータに対して、基盤管理者が削除、改ざんなどを行った場合に検知可能とするために、例えば、下記の処理が行われる。下記の処理は解決策4に対応するものである。 Furthermore, in order to make it possible to detect if the platform administrator deletes or tampers with user data stored on the cloud wallet platform 200 side, for example, the following processing is performed. The following processing corresponds to Solution 4.

 物理セキュリティ環境260は、「ユーザデータ/暗号化されたユーザデータ」のハッシュ値などのユーザデータ整合性検証証跡を、データ更新の都度、あるいは、ウォレットログアウト時などの任意のタイミングで取得し、ウォレットアプリ通信制御部270を介してユーザ端末100に送信する。つまり、当該ユーザデータ整合性検証証跡を物理セキュリティ環境260とユーザ端末100とで共有する。 The physical security environment 260 acquires a user data integrity verification trail, such as a hash value of "user data/encrypted user data," each time data is updated or at any time, such as when the user logs out of the wallet, and transmits this trail to the user terminal 100 via the wallet application communication control unit 270. In other words, the user data integrity verification trail is shared between the physical security environment 260 and the user terminal 100.

 ユーザ端末100(例えばウォレット検証機能110)は、次のウォレットアプリ261へのアクセス時などの所定のタイミングで、ウォレットアプリ261から読み込んだ「ユーザデータ/暗号化されたユーザデータ」のユーザデータ整合性検証証跡を取得(計算)し、当該ユーザデータ整合性検証証跡と、ユーザ端末100内で保管されたユーザデータ整合性検証証跡とを比較することで、「ユーザデータ/暗号化されたユーザデータ」の改ざんの有無を検知する。 The user terminal 100 (e.g., wallet verification function 110) acquires (calculates) a user data integrity verification trail for the "user data/encrypted user data" read from the wallet application 261 at a predetermined timing, such as the next time the wallet application 261 is accessed, and compares the user data integrity verification trail with the user data integrity verification trail stored within the user terminal 100 to detect whether the "user data/encrypted user data" has been tampered with.

 「次のウォレットアプリ261へのアクセス時」とは、物理セキュリティ環境260の再起動後であってもよいし、物理セキュリティ環境260の再起動後でなくてもよい。 "The next time the wallet app 261 is accessed" may or may not be after the physical security environment 260 is restarted.

 また、物理セキュリティ環境260とユーザ端末100とが、「ユーザデータ/暗号化されたユーザデータ」そのものを共有し(保管し)、例えば次のウォレットアプリ261へのアクセス時に、ユーザ端末100が、その「ユーザデータ/暗号化されたユーザデータ」を物理セキュリティ環境260から受信し、受信した「ユーザデータ/暗号化されたユーザデータ」と自身が保管する「ユーザデータ/暗号化されたユーザデータ」とを比較することで、「ユーザデータ/暗号化されたユーザデータ」の改ざんの有無を検知することも可能である。 Furthermore, the physical security environment 260 and the user terminal 100 share (store) the "user data/encrypted user data" itself, and for example, when the next wallet app 261 is accessed, the user terminal 100 receives the "user data/encrypted user data" from the physical security environment 260 and compares the received "user data/encrypted user data" with the "user data/encrypted user data" that it stores, thereby detecting whether the "user data/encrypted user data" has been tampered with.

 上記の処理において、ユーザデータ整合性検証証跡あるいは「ユーザデータ/暗号化されたユーザデータ」を物理セキュリティ環境260からユーザ端末100に通知する際には、前述した鍵(UK)の通知と同様に、物理セキュリティ環境固有の鍵で署名して、証明書とともに通知する。前述したとおり、ユーザ端末100は、鍵と署名との通知とは別に証明書を取得してもよい。 In the above process, when the user data integrity verification trail or "user data/encrypted user data" is notified from the physical security environment 260 to the user terminal 100, it is signed with a key specific to the physical security environment and notified together with a certificate, just as with the notification of the key (UK) described above. As described above, the user terminal 100 may obtain the certificate separately from the notification of the key and signature.

 なお、ユーザデータ整合性検証証跡の一例はハッシュ値(ダイジェストと呼んでもよい)であるが、ユーザデータ整合性検証を行うことができる情報であれば、どのような情報をユーザデータ整合性検証証跡として使用してもよい。 Note that one example of a user data integrity verification trail is a hash value (which may also be called a digest), but any information that can be used to verify user data integrity may be used as a user data integrity verification trail.

 また、「ユーザデータ」が、その意味として、「暗号化しないユーザデータ」と「暗号化したユーザデータ」とを含むこととしてもよい。 Furthermore, the meaning of "user data" may include "unencrypted user data" and "encrypted user data."

 (通信システムの動作例2)
 続いて、通信システムの動作例2を、図4を参照して説明する。通信システムの動作例2は、ウォレット完全性証明に関する動作例であり、解決策1,2に対応するものである。 (Operation example 2 of communication system)
Next, a second operational example of the communication system will be described with reference to Fig. 4. The second operational example of the communication system is an operational example related to wallet integrity proof, and corresponds to solutions 1 and 2.

 ウォレット完全性証明は、物理セキュリティ環境260内で動作するウォレットアプリ261、及びウォレットアプリ261の実行環境である物理セキュリティ環境260を証明対象として、この証明対象の完全性を、外部のアクタ(本実施の形態ではユーザ)に証明する仕組みである。 Wallet integrity certification is a mechanism that certifies the integrity of the wallet application 261 operating within the physical security environment 260, and the physical security environment 260, which is the execution environment of the wallet application 261, to an external actor (the user in this embodiment).

 S1において、ユーザによるクラウドウォレット基盤200へのアクセス時(図3のS6)、あるいは、ユーザによるクラウドウォレット基盤200への本処理の要求時などのタイミングで、クラウドウォレット基盤200は、物理セキュリティ環境260上で動作するウォレットアプリ261のハッシュ値を取得(計算)し、ハッシュ値に対して物理セキュリティ環境固有の鍵(具体的には製造メーカーの秘密鍵)による署名をした上で、ハッシュ値と署名と製造メーカーの証明書とを含むメッセージをユーザ端末100のウォレット検証機能110に通知する。本メッセージの通知は、例えば、IETF Remote Attestationを利用してもよい。 In S1, when the user accesses the cloud wallet infrastructure 200 (S6 in Figure 3), or when the user requests this process from the cloud wallet infrastructure 200, the cloud wallet infrastructure 200 acquires (calculates) a hash value of the wallet application 261 running on the physical security environment 260, signs the hash value with a key specific to the physical security environment (specifically, the manufacturer's private key), and then notifies the wallet verification function 110 of the user terminal 100 of a message including the hash value, signature, and manufacturer's certificate. This message may be notified using, for example, IETF Remote Attestation.

 上記のとおり、S1におけるメッセージには、ウォレットアプリ261のハッシュ値、ハッシュ値の署名(物理セキュリティ環境の固有鍵による署名)、及び製造メーカーの証明書が含まれる。 As described above, the message in S1 includes the hash value of the wallet application 261, a signature of the hash value (a signature using the unique key of the physical security environment), and the manufacturer's certificate.

 なお、ウォレットアプリ261のハッシュ値はウォレットアプリ261の正当性を検証するための証跡の一例である。ウォレットアプリ261のハッシュ値以外の証跡として、ウォレットアプリ261のプログラムコード/実行ファイルなどを用いてもよい。また、証跡として、これら以外のものを使用してもよい。当該証跡に対して、物理セキュリティ環境の固有鍵で署名がなされる。 Note that the hash value of wallet application 261 is an example of a trail for verifying the authenticity of wallet application 261. As a trail other than the hash value of wallet application 261, the program code/executable file of wallet application 261 may also be used. Furthermore, other things may also be used as the trail. The trail is signed with the unique key of the physical security environment.

 ウォレットアプリデータDB210には、ウォレットアプリ261のソースコードやハッシュ値など、ユーザ端末100がクラウドウォレット基盤200から取得した証跡とマッチングを行うための検証データ(正解情報)が登録され、公開されている。 Verification data (correct answer information) such as the source code and hash values of the wallet application 261, which are used by the user terminal 100 to match the evidence obtained from the cloud wallet platform 200, is registered and made public in the wallet application data DB 210.

 S2において、ウォレット検証機能110は、ウォレットアプリデータDB210からウォレットアプリデータ(ハッシュ値、ソースコード)を取得する。 In S2, the wallet verification function 110 obtains wallet application data (hash value, source code) from the wallet application data DB 210.

 なお、ウォレットアプリデータは、ウォレットアプリデータDB210に保存する形態に限定されない。例えば、ウォレットアプリデータを、クラウドウォレット事業者の管理下でない場所かつパブリックブロックチェーン等を利用して保管することとしてもよい。これにより、クラウドウォレット事業者による改ざん耐性をより高めることができる。 Note that wallet application data is not limited to being stored in the wallet application data DB 210. For example, wallet application data may be stored in a location not under the control of the cloud wallet operator, using a public blockchain or the like. This can further increase resistance to tampering by the cloud wallet operator.

 S3において、ウォレット検証機能110は、クラウドウォレット基盤200から通知されたウォレットアプリ261のハッシュ値とウォレットアプリデータDB210から取得したハッシュ値とを突合(比較)することで、正規のウォレットアプリ261が物理セキュリティ環境260上で動作していることを検証する。 In S3, the wallet verification function 110 verifies that the genuine wallet application 261 is running in the physical security environment 260 by comparing the hash value of the wallet application 261 notified by the cloud wallet platform 200 with the hash value obtained from the wallet application data DB 210.

 なお、上記の例では、製造メーカーの証明書を物理セキュリティ環境260に埋め込んでおく形態を想定しているが、このような形態に限定されない。例えば、製造メーカー等の証明書を管理する証明書管理システムを外部に備えることとして、当該証明書管理システムから、ユーザ端末100又はクラウドウォレット基盤200が、製造メーカーの証明書を取得してもよい。 In the above example, it is assumed that the manufacturer's certificate is embedded in the physical security environment 260, but this is not a limitation. For example, an external certificate management system that manages certificates of manufacturers, etc. may be provided, and the user terminal 100 or cloud wallet platform 200 may obtain the manufacturer's certificate from this certificate management system.

 また、ユーザ端末100は、ハッシュ値(証跡の例)と署名の通知とは別に、製造メーカーの証明書を取得してもよい。上記のように証明書管理システムを用いる例は、その一例である。このような形態の他、ユーザ端末100は、製造メーカーのWebサイトやブロックチェーンなどの分散台帳にアクセスして製造メーカーの証明書を取得してもよい。 Furthermore, the user terminal 100 may obtain the manufacturer's certificate separately from the notification of the hash value (an example of a trail) and signature. The use of a certificate management system as described above is one example. In addition to this, the user terminal 100 may obtain the manufacturer's certificate by accessing the manufacturer's website or a distributed ledger such as a blockchain.

 また、署名の検証に使用する、秘密鍵に対応する公開鍵は、通信システムの動作例1の場合と同様に、製造メーカーの証明書に含まれるか、製造メーカーのWebサイト、ブロックチェーンなどの分散台帳等で公開されており、取得可能であることを想定する。 Furthermore, as in the case of communication system operation example 1, it is assumed that the public key corresponding to the private key used to verify the signature is included in the manufacturer's certificate, or is made public on the manufacturer's website or in a distributed ledger such as a blockchain, and is therefore available for acquisition.

 (詳細説明)
 以下、IDデータ、ID管理機能262、物理セキュリティ環境260等についてより詳細に説明する。 (Detailed explanation)
The ID data, ID management function 262, physical security environment 260, etc. will be described in more detail below.

 本実施の形態では、例えば外部のクラウド事業者/管理者が運営するクラウドサービスであるクラウドウォレット基盤200が、ユーザのデジタルアイデンティティデータ(IDデータ)の管理を実施する。当該クラウドウォレット基盤200によりユーザに提供されるクラウドウォレットサービスにより、クラウド事業者/管理者を含む他者に対してIDデータの機密性と完全性が保護される。これにより、一般の他者のみならず、クラウド事業者/管理者からの攻撃/不正リスクの低減も実現することができる。 In this embodiment, for example, the cloud wallet platform 200, which is a cloud service operated by an external cloud operator/administrator, manages users' digital identity data (ID data). The cloud wallet service provided to users by the cloud wallet platform 200 protects the confidentiality and integrity of the ID data from others, including the cloud operator/administrator. This reduces the risk of attacks and fraud not only from ordinary third parties, but also from the cloud operator/administrator.

 図3に示したとおり、クラウドウォレット基盤200は、ユーザのIDデータを管理・保管する機能であるID管理機能262(ウォレットアプリ261)を備える。ID管理機能262は、ユーザデータDB230に格納されたIDデータにアクセスして、ID管理を行う。 As shown in Figure 3, the cloud wallet platform 200 has an ID management function 262 (wallet application 261) that manages and stores user ID data. The ID management function 262 accesses the ID data stored in the user data DB 230 and performs ID management.

 なお、ユーザデータDB230は、クラウドウォレット基盤200内ではなく、外部の装置に備えてもよい。この場合、例えば、当該外部の装置へのアクセス情報をクラウドウォレット基盤200で保有し、当該アクセス情報を用いて、IDデータへアクセス可能としてもよい。 The user data DB 230 may be provided in an external device rather than within the cloud wallet platform 200. In this case, for example, access information for the external device may be held in the cloud wallet platform 200, and the ID data may be accessible using this access information.

 IDデータは、機密性と完全性が維持され、ID管理機能262は、完全性が維持された環境で動作する。 The confidentiality and integrity of ID data is maintained, and the ID management function 262 operates in an environment where integrity is maintained.

 具体的には、ID管理機能262を、既存技術であるハードウェアセキュリティモジュール(HSM)またはトラステッド実行環境(TEE)で保管し、動作させることにより、IDデータ及びID管理機能262の機密性及び完全性を、データの処理中を含めて保護する。 Specifically, by storing and running the ID management function 262 in a hardware security module (HSM) or trusted execution environment (TEE), which are existing technologies, the confidentiality and integrity of the ID data and the ID management function 262 are protected, including while the data is being processed.

 一般的に、HSMは、TEEよりも機密性・完全性の保護レベルが高いが、搭載するID管理機能は製品ごとに固定であり、クラウド事業者が独自のID管理機能を搭載するにはTEEのほうが適している。 In general, HSMs offer higher levels of confidentiality and integrity protection than TEEs, but the ID management functions they include are fixed for each product, making TEEs more suitable for cloud providers wanting to implement their own unique ID management functions.

 そのため、本実施の形態では、TEEを使用することを想定しているが、原理的にはHSMでも同様の構成を実現することは可能である。クラウドウォレット基盤200に備えられる物理セキュリティ環境260は、TEEとHSMのいずれを使用してもよい。 For this reason, although this embodiment assumes the use of TEE, in principle it is possible to achieve a similar configuration with HSM. The physical security environment 260 provided in the cloud wallet platform 200 may use either TEE or HSM.

 前述したとおり、ウォレットアプリ261は、ID管理機能262の処理手順を定義したプログラムコードである。本実施の形態に係るクラウドウォレット基盤200は、物理セキュリティ環境260を搭載し、そこでウォレットアプリ261が実行される。また、正当な物理セキュリティ環境260で正当なウォレットアプリ261が動作し、ユーザデータが改ざんされていないことを、ユーザなどの外部アクタから検証可能にするための仕組みが提供されている。 As mentioned above, the wallet application 261 is program code that defines the processing procedures of the ID management function 262. The cloud wallet infrastructure 200 according to this embodiment is equipped with a physical security environment 260, in which the wallet application 261 is executed. In addition, a mechanism is provided that allows an external actor, such as a user, to verify that a legitimate wallet application 261 is operating in a legitimate physical security environment 260 and that user data has not been tampered with.

 (IDデータの詳細例)
 次に、IDデータの詳細例を説明する。 (Detailed example of ID data)
Next, a detailed example of ID data will be described.

 <IDデータの基本的事項>
 本実施の形態におけるデジタルアイデンティティの管理においては、例えば下記の(1)~(5)のIDデータを扱う。なお、以下で説明するユーザ(entity/subject)とは、人、組織、装置(端末を含む)、データ、サービスなどの属性を管理する単位のことを示し、必ずしも個人に限定しない。また、下記の(1)~(5)のうちの一部のみを扱うこととしてもよい。 <Basics of ID data>
In the management of digital identities in this embodiment, for example, the following ID data (1) to (5) are handled. Note that the user (entity/subject) described below refers to a unit for managing attributes such as people, organizations, devices (including terminals), data, and services, and is not necessarily limited to individuals. Also, only some of the following (1) to (5) may be handled.

 (1)ユーザに対応する複数のユーザ識別子
 1人のユーザは目的に応じて複数のユーザ識別子を持つ。例えば社員番号、及び決済サービス会員番号などである。 (1) Multiple User Identifiers Corresponding to a User A single user has multiple user identifiers depending on the purpose, such as an employee number and a payment service membership number.

 (2)ユーザ識別子に対応する鍵データ
 個々のユーザ識別子は、これを認証するために生成した鍵データに対応付けられる。鍵データは、例えばパスワード、公開鍵暗号の鍵ペアなどである。 (2) Key Data Corresponding to User Identifiers Each user identifier is associated with key data generated to authenticate the user. The key data may be, for example, a password or a public key cryptography key pair.

 (3)ユーザ識別子と鍵データとの対応を証明する鍵証明データ
 個々の鍵データは、ユーザ識別子と鍵データとの対応を証明する鍵証明データを持つ。特に、鍵データが公開鍵暗号の鍵ペアである場合、ユーザ識別子と公開鍵との対応関係を証明する鍵証明データを持つ。 (3) Key certification data that proves the correspondence between the user identifier and key data Each key data has key certification data that proves the correspondence between the user identifier and key data. In particular, if the key data is a key pair for public key cryptography, it has key certification data that proves the correspondence between the user identifier and the public key.

 鍵証明データは例えばPKIにおける公開鍵証明書、Distributed Identity(DID)におけるDID documentなどである。鍵証明データは、公開鍵とユーザ識別子の対応を信頼される外部のサービスに登録することによってその効力を生じる。信頼される外部のサービスとは、公開鍵証明書の場合は認証局、DID documentの場合は分散台帳等である。 Key certification data includes, for example, public key certificates in PKI and DID documents in Distributed Identity (DID). Key certification data becomes effective when the correspondence between a public key and a user identifier is registered with a trusted external service. A trusted external service is a certification authority in the case of public key certificates, or a distributed ledger in the case of a DID document.

 (4)ユーザ識別子に対応する複数の属性
 個々のユーザ識別子は、これに対応する属性データと対応付けられる。例えば、社員IDにおける「氏名、所属組織、及び役職」、決済サービスIDにおける「氏名、銀行口座番号、及びサービス種別」などである。あるIDまたはその属性が他のIDの属性であるケースもある。例えば上記の例における氏名などである。 (4) Multiple Attributes Corresponding to User Identifiers Each user identifier is associated with corresponding attribute data. For example, "name, organization, and job title" in an employee ID, or "name, bank account number, and service type" in a payment service ID. There are also cases where an ID or its attributes are attributes of another ID. For example, the name in the above example.

 (5)ユーザ識別子と属性との対応を証明する属性証明データ
 個々の属性は、ユーザ識別子と属性との対応関係を証明する属性証明データを持つ。属性証明データは、例えばPKIにおける属性証明書、DIDにおけるVerification Credential(VC)などである。属性証明データは信頼される外部のサービスが署名を行うことによってその効力を生じる。信頼される外部のサービスとは、属性証明書の場合は属性認証局、VCの場合はIssuerである。 (5) Attribute certification data proving the correspondence between a user identifier and an attribute Each attribute has attribute certification data that proves the correspondence between the user identifier and the attribute. Attribute certification data is, for example, an attribute certificate in a PKI or a Verification Credential (VC) in a DID. Attribute certification data becomes valid when signed by a trusted external service. The trusted external service is an attribute authority in the case of an attribute certificate, and an issuer in the case of a VC.

 <付随情報>
 ユーザは、上記の各IDデータに対して付随する下記情報も合わせて扱う必要があり、下記の情報もIDデータの一部と捉えることができる。なお、付随情報を使用しない場合があってもよい。 <Additional information>
The user must also handle the following information that accompanies each of the above ID data, and the information below can also be considered as part of the ID data. Note that there may be cases where the accompanying information is not used.

 ・IDの用途、登録先、利用履歴、解約/失効時の規定:ユーザはこれらのデータに基づき、IDを利用する。 - ID purpose, registration destination, usage history, cancellation/expiration rules: Users will use their ID based on this data.

 ・鍵データの生成方法、暗号属性(アルゴリズム、鍵サイズ、その他パラメータ)、有効期間、失効時の規定:ユーザはこれらのデータに基づき鍵データを安全に管理する。 - Key data generation method, cryptographic attributes (algorithm, key size, other parameters), validity period, and expiration date: Users will securely manage key data based on this information.

 ・鍵証明データの登録先、有効期間、利用履歴、失効時の規定:ユーザはこれらのデータに基づき、ID認証を利用する。 - Key certification data registration location, validity period, usage history, and expiration regulations: Users use this data for ID authentication.

 ・属性証明データの登録先、有効期間、利用履歴、失効時の規定:ユーザはこれらのデータに基づき、属性認証を利用する。 - Attribute certification data registration location, validity period, usage history, and expiration regulations: Users use attribute authentication based on this data.

 <IDデータの構成>
 図5に、上述した内容に基づくIDデータの構成例を示す。 <ID Data Structure>
FIG. 5 shows an example of the structure of ID data based on the above content.

 (ID管理機能262の詳細)
 ID管理機能262は、IDデータの管理のために、IDデータにアクセスして例えば下記の(1)~(6)の処理を実行することができる。 (Details of ID management function 262)
The ID management function 262 can access the ID data to manage the ID data and execute the following processes (1) to (6), for example.

 (1)ユーザ識別子生成
 ユーザ識別子は、ユーザが自ら生成するものと、外部で生成されたものをIDデータとしてユーザが保管するものがある。社員番号や決済サービス等の既存サービスの会員番号は後者が多いが、DIDなど「自己主権」を重視する形態では、ユーザ自らが生成する。 (1) User Identifier Generation User identifiers can be generated by the user themselves or generated externally and stored by the user as ID data. Employee numbers and membership numbers for existing services such as payment services are often the latter type, but in systems that emphasize "self-sovereignty," such as DID, the user generates the identifier themselves.

 ユーザがユーザ識別子を生成する際、及び、外部で生成されたものをIDデータとしてユーザが保管する際に、ID管理機能262が利用される。例えば、ユーザは、ID管理機能262にアクセスし、ID管理機能262が、生成されたユーザ識別子の保管を行う。 The ID management function 262 is used when a user generates a user identifier, and when a user stores an externally generated identifier as ID data. For example, the user accesses the ID management function 262, and the ID management function 262 stores the generated user identifier.

 (2)鍵データ生成
 鍵も同様にユーザが自ら生成するものと、外部で生成されたものをIDデータとしてユーザが保管するものがある。鍵証明データ登録サービスにおいて同時に生成されるケースもある。鍵データ生成の場合も、ユーザ識別子生成の場合と同様にID管理機能262が、保管処理等に利用される。 (2) Key Data Generation Similarly, keys can be generated by the user themselves or generated externally and stored by the user as ID data. In some cases, keys are generated simultaneously in the key certification data registration service. In the case of key data generation, the ID management function 262 is used for storage processing, etc., just as in the case of user identifier generation.

 (3)鍵証明データ登録
 ID管理機能262により、登録先サービスの選択(選択肢の収集、選択基準の決定)、登録申請データの作成(規約、セキュリティポリシに基づくパラメータ設定、署名)、登録応答データの確認と保管等が行われる。 (3) Key certification data registration The ID management function 262 selects the registration destination service (collects options, determines selection criteria), creates registration application data (parameter setting based on regulations and security policies, signature), verifies and stores registration response data, etc.

 (4)属性証明データ登録
 ID管理機能262により、登録先のサービスの選択(選択肢の収集、選択基準の決定)、登録申請データの作成(規約、セキュリティポリシに基づくパラメータ設定、署名)、登録応答データの確認と保管等が行われる。 (4) Attribute certification data registration The ID management function 262 selects the service to register to (collects options, determines selection criteria), creates registration application data (parameter settings based on regulations and security policies, signature), verifies and stores registration response data, etc.

 (5)ID認証
 ID管理機能262により、鍵データを用いた署名と、鍵証明データの提示によって、利用者IDを他者に証明することが行われる。 (5) ID Authentication The ID management function 262 authenticates the user ID to others by submitting a signature using key data and key certification data.

 (6)属性認証
 ID管理機能262により、鍵データを用いた署名と、鍵証明データの提示と、属性証明データの提示によって、利用者の属性を他者に証明することが行われる。 (6) Attribute Authentication The ID management function 262 authenticates the user's attributes to others by signing using key data, presenting key certification data, and presenting attribute certification data.

 (物理セキュリティ環境による保護と保護内容の証明)
 続いて、本実施の形態における物理セキュリティ環境260の機能をより詳細に説明する。本実施の形態における物理セキュリティ環境260は、以下の機能を有する。 (Protection by physical security environment and proof of protection)
Next, the functions of the physical security environment 260 in this embodiment will be described in more detail. The physical security environment 260 in this embodiment has the following functions.

 (a)ウォレット完全性証明(解決策1、2に対応)
 物理セキュリティ環境260内で動作するウォレットアプリ261及びウォレットアプリ261の実行環境である物理セキュリティ環境260を証明対象として、この証明対象の完全性を、外部のアクタ(例:ユーザ)に証明する。具体例は、図4を参照して説明したとおりである。 (a) Wallet integrity proof (corresponding to solutions 1 and 2)
Wallet application 261 operating within physical security environment 260 and physical security environment 260, which is the execution environment of wallet application 261, are used as the subject of attestation, and the integrity of this subject of attestation is proven to an external actor (e.g., a user). A specific example is as described with reference to FIG. 4.

 (b)データの暗号化/復号化のための鍵の生成と、生成した鍵の証明(解決策3に対応)
 物理セキュリティ環境260内で動作するウォレットアプリ261が外部アクタ(例:ユーザ)と交換する鍵(ユーザ毎のデータ暗号化/復号化のための鍵)を生成し、物理セキュリティ環境260内で生成された鍵であることを外部アクタに証明する。 (b) Generating a key for encrypting/decrypting data and verifying the generated key (corresponding to Solution 3)
A wallet application 261 running within the physical security environment 260 generates a key (a key for encrypting/decrypting data for each user) to exchange with an external actor (e.g., a user) and proves to the external actor that the key was generated within the physical security environment 260.

 具体的には、例えば、物理セキュリティ環境260の製造メーカーが製造時に物理セキュリティ環境260に搭載し、後から改ざんすることが困難な鍵ペア(EK)および製造メーカーの証明書を利用する。 Specifically, for example, a key pair (EK) and the manufacturer's certificate, which are installed in the physical security environment 260 by the manufacturer at the time of manufacture and are difficult to tamper with later, are used.

 物理セキュリティ環境260は、物理セキュリティ環境260内で生成した任意の鍵を外部アクタに送信する際に、鍵に対し、その秘密鍵(鍵ペアの中の秘密鍵)で署名をすることで、当該物理セキュリティ環境260内で生成された鍵であることを外部のアクタに証明することができる。既に説明したように、秘密鍵に対応する公開鍵は、製造メーカーのWebサイト等で公開されており、取得可能であることを想定する。 When sending any key generated within the physical security environment 260 to an external actor, the physical security environment 260 can prove to the external actor that the key was generated within the physical security environment 260 by signing the key with its private key (the private key of the key pair). As already explained, it is assumed that the public key corresponding to the private key is published on the manufacturer's website, etc., and is therefore available for acquisition.

 なお、TPM (Trusted Platform Module)を用いる場合、EK(Endorsement Key)を用いることで、別の鍵であるAIK(Attestation Identity Key)の生成を証明し、AIKを用いることで、さらに別の鍵が物理セキュリティ環境260内で生成されたものであることを証明するという、多段的な証明形態となる。本実施の形態では、このような証明形態を用いることとしてもよい。 When a TPM (Trusted Platform Module) is used, an EK (Endorsement Key) is used to prove the generation of another key, an AIK (Attestation Identity Key), and the AIK is used to prove that yet another key was generated within the physical security environment 260, resulting in a multi-stage certification format. This type of certification format may be used in this embodiment.

 (c)ウォレットにおけるユーザデータの永続化と改ざん検知/防止(解決策3、4に対応)
 TEEのような物理セキュリティ環境260において、ユーザデータやウォレットアプリ261を永続化させられない場合がある。例えば、物理セキュリティ環境260を削除すると環境内のデータが揮発する場合である。 (c) Persistence of user data in the wallet and detection/prevention of tampering (corresponding to solutions 3 and 4)
In a physical security environment 260 such as a TEE, there are cases where user data and wallet application 261 cannot be made permanent, for example, when deleting physical security environment 260, the data in the environment is volatilized.

 このような場合、物理セキュリティ環境260は、物理セキュリティ環境260内で扱うデータをユーザ毎の鍵で暗号化の上、外部のストレージあるいはデータベース等に保管する。物理セキュリティ環境260は、自身の停止の後、再起動/再構築した後に、これらのデータを、保管したストレージ等からリストアする。 In such cases, the physical security environment 260 encrypts the data handled within the physical security environment 260 with a key for each user and stores it in external storage or a database, etc. After the physical security environment 260 is shut down and restarted/reconstructed, it restores this data from the storage, etc. where it was stored.

 また、上記のようにしてリストアしたデータが改ざんされていないことを、ユーザが検知できる仕組みが備えられる。 In addition, a mechanism is provided that allows users to detect that data restored in the manner described above has not been tampered with.

 例えば、物理セキュリティ環境260は、物理セキュリティ環境260に付随する「セキュアエレメント(SE)あるいはストレージ」に、暗号化データのダイジェストを保管する。また、物理セキュリティ環境260は、ユーザ端末100に対して、上記ダイジェストを送信し、ユーザ端末100は当該ダイジェストを保管する。 For example, the physical security environment 260 stores a digest of the encrypted data in a "secure element (SE) or storage" associated with the physical security environment 260. The physical security environment 260 also transmits the digest to the user terminal 100, which then stores the digest.

 ユーザ端末100は、例えば物理セキュリティ環境260の再起動後に、物理セキュリティ環境260から読み込んだ暗号化データのダイジェストを計算し、当該ダイジェストと、保管しておいたダイジェストとを比較し、これらが一致すること(データが改ざんされていないこと)を確認する。また、前述したように、物理セキュリティ環境260とユーザ端末100との間でユーザデータそのものを共有の上、保管し、物理セキュリティ環境260の再起動後に、ユーザ端末100がそのデータを受信することで、ユーザデータの改ざん有無を確認することとしてもよい。 For example, after restarting the physical security environment 260, the user terminal 100 calculates a digest of the encrypted data read from the physical security environment 260, compares this digest with the stored digest, and confirms that they match (that the data has not been tampered with). As mentioned above, the user data itself may be shared and stored between the physical security environment 260 and the user terminal 100, and after restarting the physical security environment 260, the user terminal 100 may receive the data, thereby confirming whether the user data has been tampered with.

 (他の構成例)
 なお、本実施の形態における通信システムは、図6に示す構成であってもよい。図6に示すように、本通信システムは、情報処理装置400と端末300を備える。クラウドウォレット基盤200は情報処理装置400の例であり、ユーザ端末100は端末300の例である。 (Other configuration examples)
The communication system in this embodiment may have the configuration shown in Fig. 6. As shown in Fig. 6, this communication system includes an information processing device 400 and a terminal 300. The cloud wallet platform 200 is an example of the information processing device 400, and the user terminal 100 is an example of the terminal 300.

 情報処理装置400は、ウォレットアプリケーションを動作させる物理セキュリティ環境410と通信部420を含む。通信部420は、例えば、前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名と、前記署名に対応する証明書とを有するメッセージを端末300に送信する。 The information processing device 400 includes a physical security environment 410 that runs the wallet application, and a communication unit 420. The communication unit 420 transmits to the terminal 300, for example, a message that includes a trail for verifying the validity of the wallet application, a signature for the trail, and a certificate corresponding to the signature.

 端末300は、受信部310と検証部320を含む。受信部310は、例えば、情報処理装置400から、ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名と、前記署名に対応する証明書とを有するメッセージを受信する。検証部320は、例えば、前記署名の検証を行うとともに、前記証跡と、外部のデータベースから取得した値とを比較することにより、前記ウォレットアプリケーションの正当性を検証する。 The terminal 300 includes a receiving unit 310 and a verifying unit 320. The receiving unit 310 receives, for example, from the information processing device 400, a message including a trail for verifying the validity of the wallet application, a signature for the trail, and a certificate corresponding to the signature. The verifying unit 320 verifies the signature and verifies the validity of the wallet application by, for example, comparing the trail with values obtained from an external database.

 (ハードウェア構成例)
 本実施の形態で説明したいずれの装置(クラウドウォレット基盤、情報処理装置、端末、ユーザ端末、UE等)も、例えば、コンピュータにプログラムを実行させることにより実現できる。このコンピュータは、物理的なコンピュータであってもよいし、クラウド上の仮想マシンであってもよい。 (Example of hardware configuration)
Any of the devices described in this embodiment (cloud wallet platform, information processing device, terminal, user terminal, UE, etc.) can be realized by, for example, causing a computer to execute a program. This computer may be a physical computer or a virtual machine on the cloud.

 すなわち、当該装置は、コンピュータに内蔵されるCPUやメモリ等のハードウェア資源を用いて、当該装置で実施される処理に対応するプログラムを実行することによって実現することが可能である。上記プログラムは、コンピュータが読み取り可能な記録媒体(可搬メモリ等)に記録して、保存したり、配布したりすることが可能である。また、上記プログラムをインターネットや電子メール等、ネットワークを通して提供することも可能である。 In other words, the device can be realized by using hardware resources such as the CPU and memory built into the computer to execute a program corresponding to the processing performed by the device. The program can be recorded on a computer-readable recording medium (such as portable memory) and then saved or distributed. The program can also be provided via a network such as the Internet or email.

 図7は、上記コンピュータのハードウェア構成例を示す図である。図7のコンピュータは、それぞれバスBSで相互に接続されているドライブ装置1000、補助記憶装置1002、メモリ装置1003、CPU1004、インタフェース装置1005、表示装置1006、入力装置1007、出力装置1008等を有する。なお、当該コンピュータは、更にGPUを備えてもよい。 FIG. 7 is a diagram showing an example of the hardware configuration of the computer. The computer in FIG. 7 has a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, and the like, all of which are interconnected by a bus BS. The computer may also be equipped with a GPU.

 当該コンピュータでの処理を実現するプログラムは、例えば、CD-ROM又はメモリカード等の記録媒体1001によって提供される。プログラムを記憶した記録媒体1001がドライブ装置1000にセットされると、プログラムが記録媒体1001からドライブ装置1000を介して補助記憶装置1002にインストールされる。但し、プログラムのインストールは必ずしも記録媒体1001より行う必要はなく、ネットワークを介して他のコンピュータよりダウンロードするようにしてもよい。補助記憶装置1002は、インストールされたプログラムを格納すると共に、必要なファイルやデータ等を格納する。 The program that realizes processing on the computer is provided by a recording medium 1001, such as a CD-ROM or memory card. When the recording medium 1001 storing the program is inserted into the drive device 1000, the program is installed from the recording medium 1001 to the auxiliary storage device 1002 via the drive device 1000. However, the program does not necessarily have to be installed from the recording medium 1001; it can also be downloaded from another computer via a network. The auxiliary storage device 1002 stores the installed program as well as necessary files, data, etc.

 メモリ装置1003は、プログラムの起動指示があった場合に、補助記憶装置1002からプログラムを読み出して格納する。CPU1004は、メモリ装置1003に格納されたプログラムに従って、当該装置に係る機能を実現する。インタフェース装置1005は、ネットワーク等に接続するためのインタフェースとして用いられる。表示装置1006はプログラムによるGUI(Graphical User Interface)等を表示する。入力装置1007はキーボード及びマウス、ボタン、又はタッチパネル等で構成され、様々な操作指示を入力させるために用いられる。出力装置1008は演算結果を出力する。 When an instruction to start a program is received, the memory device 1003 reads and stores the program from the auxiliary storage device 1002. The CPU 1004 implements the functions related to the device in accordance with the program stored in the memory device 1003. The interface device 1005 is used as an interface for connecting to a network, etc. The display device 1006 displays a GUI (Graphical User Interface) based on the program, etc. The input device 1007 is composed of a keyboard, mouse, buttons, touch panel, etc., and is used to input various operational instructions. The output device 1008 outputs the results of calculations.

 (実施の形態の効果)
 以上説明したとおり、本実施の形態で説明した技術により、管理者からの攻撃及び不正のリスクを低減し、ユーザのプライバシ性と自己主権性を向上させたクラウドウォレットを実現することが可能となる。 (Effects of the embodiment)
As described above, the technology described in this embodiment makes it possible to realize a cloud wallet that reduces the risk of attacks and fraud from administrators and improves users' privacy and self-sovereignty.

 以上の実施形態に関し、更に以下の付記を開示する。 The following additional notes are provided regarding the above embodiments.

 <付記>
(付記項1)
 ウォレットアプリケーションを動作させる物理セキュリティ環境と、
 前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを端末に送信する通信部と
 を備える情報処理装置。
(付記項2)
 前記物理セキュリティ環境は、データを暗号化又は復号化するための鍵を生成し、
 前記通信部は、前記鍵を含むメッセージと、当該メッセージに対する、前記物理セキュリティ環境の固有鍵を用いて生成された署名とを含む情報を前記端末に送信する
 付記項1に記載の情報処理装置。
(付記項3)
 ウォレットアプリケーションを動作させる物理セキュリティ環境を備える情報処理装置から、前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを受信する受信部と、
 前記署名の検証を行うとともに、前記証跡と、外部のデータベースから取得した値とを比較することにより、前記ウォレットアプリケーションの正当性を検証する検証部と
 を備える端末。
(付記項4)
 前記受信部は、データを暗号化又は復号化するための鍵を含むメッセージと、当該メッセージに対する、前記物理セキュリティ環境の固有鍵を用いて生成された署名とを含む情報を、前記情報処理装置から受信し、前記検証部は、当該署名を検証する
 付記項3に記載の端末。
(付記項5)
 前記受信部は、
 ユーザデータ又は当該ユーザデータの整合性検証証跡を前記情報処理装置から受信して保持し、所定のタイミングで、前記ユーザデータを前記情報処理装置から受信し、
 前記検証部は、
 前記所定のタイミングで受信した前記ユーザデータの整合性検証証跡と、保持している前記整合性検証証跡とを比較することにより、前記ユーザデータの改ざん有無を確認する、又は、
 前記所定のタイミングで受信した前記ユーザデータと、保持している前記ユーザデータとを比較することにより、前記ユーザデータの改ざん有無を確認する
 付記項3又は4に記載の端末。
(付記項6)
 付記項1又は2に記載の情報処理装置と、付記項3ないし5のうちいずれか1項に記載の端末とを備える通信システム。
(付記項7)
 ウォレットアプリケーションを動作させる物理セキュリティ環境を備える情報処理装置が実行する通信方法であって、
 前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを端末に送信する通信ステップ
 を備える通信方法。
(付記項8)
 コンピュータを、付記項3ないし5のうちいずれか1項に記載の端末における各部として機能させるためのプログラムを記憶した非一時的記憶媒体。 <Additional Notes>
(Additional note 1)
A physical security environment in which the wallet application operates;
an information processing device comprising: a communication unit that transmits to a terminal a message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.
(Additional note 2)
the physical security environment generates a key for encrypting or decrypting data;
2. The information processing device according to claim 1, wherein the communication unit transmits to the terminal information including a message including the key and a signature for the message generated using a unique key of the physical security environment.
(Additional note 3)
a receiving unit that receives a message including a trail for verifying the validity of a wallet application and a signature for the trail from an information processing device that has a physical security environment in which the wallet application operates;
a verification unit that verifies the signature and verifies the authenticity of the wallet application by comparing the trail with a value obtained from an external database.
(Additional note 4)
The terminal described in Appendix 3, wherein the receiving unit receives information from the information processing device, the information including a message including a key for encrypting or decrypting data and a signature for the message generated using a unique key of the physical security environment, and the verifying unit verifies the signature.
(Additional note 5)
The receiving unit
receiving and storing user data or a consistency verification trail of the user data from the information processing device, and receiving the user data from the information processing device at a predetermined timing;
The verification unit
Checking whether the user data has been tampered with by comparing the integrity verification trail of the user data received at the predetermined timing with the integrity verification trail that is stored, or
The terminal according to claim 3 or 4, wherein the terminal checks whether the user data has been tampered with by comparing the user data received at the predetermined timing with the user data it holds.
(Additional note 6)
A communication system comprising the information processing device according to claim 1 or 2 and the terminal according to any one of claims 3 to 5.
(Supplementary Note 7)
A communication method executed by an information processing device having a physical security environment in which a wallet application operates, comprising:
A communication method comprising: a communication step of transmitting a message to a terminal, the message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.
(Supplementary Note 8)
A non-transitory storage medium storing a program for causing a computer to function as each unit of the terminal described in any one of appendixes 3 to 5.

 以上、本実施の形態について説明したが、本発明はかかる特定の実施形態に限定されるものではなく、特許請求の範囲に記載された本発明の要旨の範囲内において、種々の変形・変更が可能である。 Although the present embodiment has been described above, the present invention is not limited to this specific embodiment, and various modifications and variations are possible within the scope of the gist of the present invention as set forth in the claims.

100 ユーザ端末
110 ウォレット検証機能
120 認証機能
130 UI
140 鍵DB
150 ウォレットアクセス用情報DB
200 クラウドウォレット基盤
210 ウォレットアプリデータDB
220 認証データDB
230 ユーザデータDB
240 物理アクセス環境管理機能
250 アクセス認証機能
260 物理セキュリティ環境
261 ウォレットアプリ
262 ID管理機能
270 ウォレットアプリ通信制御部
300 端末
310 受信部
320 検証部
400 情報処理装置
410 物理セキュリティ環境
420 通信部
500 外部サービス
1000 ドライブ装置
1001 記録媒体
1002 補助記憶装置
1003 メモリ装置
1004 CPU
1005 インタフェース装置
1006 表示装置
1007 入力装置
1008 出力装置 100 User terminal 110 Wallet verification function 120 Authentication function 130 UI
140 Key DB
150 Wallet access information DB
200 Cloud wallet platform 210 Wallet application data DB
220 Authentication Data DB
230 User Data DB
240 Physical access environment management function 250 Access authentication function 260 Physical security environment 261 Wallet application 262 ID management function 270 Wallet application communication control unit 300 Terminal 310 Receiving unit 320 Verification unit 400 Information processing device 410 Physical security environment 420 Communication unit 500 External service 1000 Drive device 1001 Recording medium 1002 Auxiliary storage device 1003 Memory device 1004 CPU
1005 Interface device 1006 Display device 1007 Input device 1008 Output device

Claims (8)

 ウォレットアプリケーションを動作させる物理セキュリティ環境と、
 前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを端末に送信する通信部と
 を備える情報処理装置。 A physical security environment in which the wallet application operates;
an information processing device comprising: a communication unit that transmits to a terminal a message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.  前記物理セキュリティ環境は、データを暗号化又は復号化するための鍵を生成し、
 前記通信部は、前記鍵を含むメッセージと、当該メッセージに対する、前記物理セキュリティ環境の固有鍵を用いて生成された署名とを含む情報を前記端末に送信する
 請求項1に記載の情報処理装置。 the physical security environment generates a key for encrypting or decrypting data;
The information processing apparatus according to claim 1 , wherein the communication unit transmits to the terminal information including a message including the key and a signature for the message generated using a unique key of the physical security environment.  ウォレットアプリケーションを動作させる物理セキュリティ環境を備える情報処理装置から、前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを受信する受信部と、
 前記署名の検証を行うとともに、前記証跡と、外部のデータベースから取得した値とを比較することにより、前記ウォレットアプリケーションの正当性を検証する検証部と
 を備える端末。 a receiving unit that receives a message including a trail for verifying the validity of a wallet application and a signature for the trail from an information processing device that has a physical security environment in which the wallet application operates;
a verification unit that verifies the signature and verifies the authenticity of the wallet application by comparing the trail with a value obtained from an external database.  前記受信部は、データを暗号化又は復号化するための鍵を含むメッセージと、当該メッセージに対する、前記物理セキュリティ環境の固有鍵を用いて生成された署名とを含む情報を、前記情報処理装置から受信し、前記検証部は、当該署名を検証する
 請求項3に記載の端末。 The terminal according to claim 3, wherein the receiving unit receives information from the information processing device, the information including a message including a key for encrypting or decrypting data and a signature for the message generated using a unique key of the physical security environment, and the verifying unit verifies the signature.  前記受信部は、
 ユーザデータ又は当該ユーザデータの整合性検証証跡を前記情報処理装置から受信して保持し、所定のタイミングで、前記ユーザデータを前記情報処理装置から受信し、
 前記検証部は、
 前記所定のタイミングで受信した前記ユーザデータの整合性検証証跡と、保持している前記整合性検証証跡とを比較することにより、前記ユーザデータの改ざん有無を確認する、又は、
 前記所定のタイミングで受信した前記ユーザデータと、保持している前記ユーザデータとを比較することにより、前記ユーザデータの改ざん有無を確認する
 請求項3に記載の端末。 The receiving unit
receiving and storing user data or a consistency verification trail of the user data from the information processing device, and receiving the user data from the information processing device at a predetermined timing;
The verification unit
Checking whether the user data has been tampered with by comparing the integrity verification trail of the user data received at the predetermined timing with the integrity verification trail that is stored, or
The terminal according to claim 3 , wherein the terminal checks whether the user data has been tampered with by comparing the user data received at the predetermined timing with the user data it holds.  請求項1に記載の情報処理装置と、請求項3に記載の端末とを備える通信システム。 A communication system comprising the information processing device of claim 1 and the terminal of claim 3.  ウォレットアプリケーションを動作させる物理セキュリティ環境を備える情報処理装置が実行する通信方法であって、
 前記ウォレットアプリケーションの正当性を検証するための証跡と、前記証跡に対する署名とを含むメッセージを端末に送信する通信ステップ
 を備える通信方法。 A communication method executed by an information processing device having a physical security environment in which a wallet application operates, comprising:
a communication step of transmitting a message to a terminal, the message including a trail for verifying the legitimacy of the wallet application and a signature for the trail.  コンピュータを、請求項3ないし5のうちいずれか1項に記載の端末における各部として機能させるためのプログラム。 A program for causing a computer to function as each component of a terminal described in any one of claims 3 to 5.
PCT/JP2024/002887 2024-01-30 2024-01-30 Information processing device, terminal, communication system, communication method, and program Pending WO2025163752A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2024/002887 WO2025163752A1 (en) 2024-01-30 2024-01-30 Information processing device, terminal, communication system, communication method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2024/002887 WO2025163752A1 (en) 2024-01-30 2024-01-30 Information processing device, terminal, communication system, communication method, and program

Publications (1)

Publication Number Publication Date
WO2025163752A1 true WO2025163752A1 (en) 2025-08-07

Family

ID=96590166

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/002887 Pending WO2025163752A1 (en) 2024-01-30 2024-01-30 Information processing device, terminal, communication system, communication method, and program

Country Status (1)

Country Link
WO (1) WO2025163752A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020061614A (en) * 2018-10-05 2020-04-16 さくら情報システム株式会社 Information processing apparatus, method, and program
US20210287770A1 (en) * 2020-03-10 2021-09-16 Lumedic Acquisition Co, Inc. Electronic patient credentials
WO2023186786A1 (en) * 2022-03-30 2023-10-05 Sony Group Corporation A concept for recovering access to a cryptocurrency wallet on a remote server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020061614A (en) * 2018-10-05 2020-04-16 さくら情報システム株式会社 Information processing apparatus, method, and program
US20210287770A1 (en) * 2020-03-10 2021-09-16 Lumedic Acquisition Co, Inc. Electronic patient credentials
WO2023186786A1 (en) * 2022-03-30 2023-10-05 Sony Group Corporation A concept for recovering access to a cryptocurrency wallet on a remote server

Similar Documents

Publication Publication Date Title
KR102318637B1 (en) Methods of data transmission, methods of controlling the use of data, and cryptographic devices
US7689828B2 (en) System and method for implementing digital signature using one time private keys
US7568114B1 (en) Secure transaction processor
EP2204008B1 (en) Credential provisioning
CA2357792C (en) Method and device for performing secure transactions
CN101965574B (en) Authentication information generation system, authentication information generation method and a client device
US20190230057A1 (en) System and Method for Resetting Passwords on Electronic Devices
JP2011515961A (en) Authentication storage method and authentication storage system for client side certificate authentication information
CN110750803A (en) Method and device for providing and fusing data
CN109361668A (en) A method of reliable data transmission
CN112765626B (en) Method, device, system and storage medium for authorized signature based on managed key
EP4096147A1 (en) Secure enclave implementation of proxied cryptographic keys
JP6627043B2 (en) SSL communication system, client, server, SSL communication method, computer program
EP4145763B1 (en) Exporting remote cryptographic keys
US12450385B2 (en) Integration of identity access management infrastructure with zero-knowledge services
EP3292654B1 (en) A security approach for storing credentials for offline use and copy-protected vault content in devices
JP2010231404A (en) Secret information management system, secret information management method, and secret information management program
CN117063174A (en) Security module and method for mutual trust between apps through app-based identity
JP6712707B2 (en) Server system and method for controlling a plurality of service systems
JP2014022920A (en) Electronic signature system, electronic signature method, and electronic signature program
JP6045018B2 (en) Electronic signature proxy server, electronic signature proxy system, and electronic signature proxy method
Dumas et al. Localpki: An interoperable and iot friendly pki
KR102827883B1 (en) Method of creating account for 2FA authenticaed electronic signature by secure multi-party computation
CN118802159A (en) Authentication and authorization method, device, electronic device, storage medium and product
Kim et al. Secure user authentication based on the trusted platform for mobile devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24922385

Country of ref document: EP

Kind code of ref document: A1