JP5847345B1 - Information processing apparatus, authentication method, and program - Google Patents

Abstract

[PROBLEMS] To improve the safety of transactions. An information processing apparatus according to an embodiment of the present disclosure includes a communication unit, a presentation unit, a storage unit, and an authentication unit. The communication means includes one or more approval contents requiring input from a user only through a communication function of trusted software in which at least one authority of manufacturing and modification is limited to a specific person directly or indirectly by hardware. Is received from the other party. The presenting means presents the one or more approval contents to the user only through the display function of the trusted software. The storage means stores a key used for authentication with the communication partner. The authentication unit generates an authentication code using the key in response to an instruction from the user acquired only through the input function of the trusted software. [Selection] Figure 2

Description

  The present invention relates to an information processing apparatus, an authentication method, and a program.

With the spread of the Internet in recent years, bank transactions and settlement transactions can be easily performed using Internet banking and the like, and convenience for users is increasing. On the other hand, an operating system (OS) originally used on a PC or the like has been designed so that a user can freely develop and introduce a program, and an application running on the OS or OS is malware or the like. There is a high possibility of being infected with a virus. For example, the damage of a MitB (Man in the Browser) attack that gains illegal profits by maliciously replacing or falsifying transaction contents is becoming more serious. In recent years, the same problem has become serious in mobile terminals such as so-called smartphones that operate the Android (registered trademark) OS, and countermeasures are urgently needed.
To solve the above-mentioned problem, there is a technique for taking a MitB attack countermeasure by connecting a USB device and performing communication processing different from the processing of the PC (for example, see Non-Patent Document 1).

Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Horing, Peter Buhler, and Michael Baentsch, “The Zurich Trusted Information Channel- an Efficient Defense Against Man-in-the-Middle and Malicious software Attacks”, TRUST 2008, LNCS 4968, pp 75-91, 2008.

  However, in the above-described method, a device dedicated to payment processing is required in addition to the smartphone at the time of authentication, which causes trouble for the user from the viewpoint of portability and transaction convenience.

  The present invention has been made in view of the above-described circumstances, and an object thereof is to provide an information processing apparatus, an authentication method, and a program that can further enhance the safety of transactions.

  In order to solve the above-described problem, the information processing apparatus according to the present embodiment includes a communication unit, a presentation unit, a storage unit, and an authentication unit. The communication means includes one or more approval contents requiring input from a user only through a communication function of trusted software in which at least one authority of manufacturing and modification is limited to a specific person directly or indirectly by hardware. Is received from the other party. The presenting means presents the one or more approval contents to the user only through the display function of the trusted software. The storage means stores a first key used for authentication with the communication partner. The authentication unit generates an authentication code using the first key in response to an instruction from the user acquired only through the input function of the trusted software.

  According to the information processing apparatus, authentication method, and program of the present invention, it is possible to further improve the safety of transactions.

The figure which shows the architecture of the terminal containing the information processing apparatus which concerns on this embodiment. The block diagram which shows the information processing apparatus which concerns on this embodiment. The sequence diagram which shows the time series of the communication process of information processing apparatus and a communicating party. The block diagram which shows the detail of the information processing apparatus in the case of changing a key for every communicating party. The block diagram containing the secure element in the case of using the application authenticated by the information processing apparatus by Access Control as trust software.

  Hereinafter, an information processing apparatus, an authentication method, and a program according to an embodiment of the present invention will be described in detail with reference to the drawings. Note that, in the following embodiments, the same numbered portions are assumed to perform the same operation, and repeated description is omitted.

An architecture of a terminal including the information processing apparatus according to the present embodiment will be described with reference to FIG.
FIG. 1 shows an architecture 100 of a terminal on which an OS such as a so-called smartphone operates.

  The architecture 100 includes a secure element 101, trust software 102, an OS (Operating System) 103, and applications 104-1 and 104-2.

  The secure element 101 includes the information processing apparatus according to the present embodiment, and is hardware having tamper resistance such as SIM (Subscriber Identity Module), USIM (Universal SIM), and the like.

Reliability software 102 is software rights of manufacturing and modifications are limited to directly or indirectly identify the person through the hardware, if reliable software 102 is the firmware and OS, the manufacturer, such as a carrier, The firmware and OS are technically limited by the hardware and the like for the authority of manufacturing and correction to some businesses that manufacture and sell hardware . When the trusted software 102 is an application, it is an application in which the authority to manufacture and modify software is limited to a specific application vendor by a technical method such as hardware, firmware, or code signing incorporated in the OS.

An example of the trusted software 102 is an application that is authenticated by an information processing device using Access Control defined in SIM Application Toolkit, BIOS, GSMA Handset APIs & Requirements, and GlobalPlatformTrustedExtended. The trust software 102 has at least a communication function, a display function, and an input function. The communication function, the display function, and the input function of the trusted software 102 are not hindered by the OS 103 or the application 104 operating on the OS, and can communicate with the communication partner, display a screen to the user, It can accept input.

  Note that when the application authenticated by the information processing apparatus by the Access Control defined in GSMA Handset APIs & Requirements is used as the trusted software 102, a part of the OS 103 and the application 104 is used.

  The OS 103 is a general OS for operating the system, and corresponds to an Android (registered trademark) OS, for example.

  The application 104-1 and the application 104-2 are software manufactured by a general business operator or an individual using an OS, and are software that a user uses via a function of the OS. Examples of the application 104 include an online bank application and an Internet browser.

Next, the information processing apparatus according to the present embodiment will be described with reference to the block diagram of FIG.
The information processing apparatus 200 according to the present embodiment includes a communication unit 201, a key storage unit 202, an authentication unit 203, and a presentation unit 204.

  The communication unit 201 receives the approval content from the communication partner only through the communication function of the trusted software 102. The communication partner is, for example, a provider such as a bank or an online shop, and is a communication partner that requires confidentiality and MitB attack resistance in transactions. Note that the communication partner is not limited to these communication partners, and may be a communication partner that does not require confidentiality or MitB attack resistance in transactions. The approval contents are contents that require some input from the user, including user approval, such as transaction contents with a bank and payment contents in an online shop. In the following description, it is assumed that a single approval content is received and processed, but the same processing can be performed even when a plurality of approval details are received. When the communication unit 201 receives encrypted data from the authentication unit 203 described later, the communication unit 201 outputs the encrypted data to a communication partner (or an external device) only through the communication function of the trusted software 102.

  Note that the communication unit 201 may acquire information from a communication partner via the Internet or provide information to the communication partner via the Internet, or may use a short mail service (SMS) and non-contact communication ( Information may be acquired using NFC or the like, or information may be provided using SMS and NFC.

  The key storage unit 202 stores a key used for authentication with a communication partner. As a key, when using a common key cryptosystem, it is only necessary to store the same common key as the communication partner. When using a public key cryptosystem (ID-based cryptosystem), a key center (not shown) is used. It is only necessary to store a unique secret key to be distributed. The key storage unit 202 stores, in addition to a key used for authentication with a communication partner as a key, an identifier for specifying a unique user for each secure element and incidental information including a generation that is an arbitrary value. Also good.

  The authentication unit 203 receives the approval content from the communication unit 201 and the key from the key storage unit 202. When at least one of a digital signature and an authentication code is attached to the approval content, the authentication unit 203 performs an authentication process on the digital signature or the authentication code attached to the approval content, and indicates whether the authentication processing has been successful. Generate authentication result.

  Further, when acquiring the user instruction only through the input function of the trusted software 102, the authentication unit 203 receives the key from the key storage unit 202, and generates an authentication code using the key in accordance with the user instruction. The authentication unit 203 encrypts a user instruction to be transmitted to the outside using an authentication code, and generates encrypted data. Note that the authentication unit 203 generates an authentication code using HMAC (Hash-based Message Authentication Code) described in IETF RFC 2104, for example, when using a common key encryption method when generating encrypted data, Encryption is performed using an encryption algorithm such as AES (Advanced Encryption Standard) defined in ISO / IEC 18033-3. In the case of using an ID-based encryption method, an ID-based signature may be transmitted as an authentication code encrypted with ID-based encryption.

  Further, when the common key cryptosystem is used, the authentication unit 203 may generate a short one-time password obtained by extracting a partial bit string from an authentication code generated by HMAC or the like as an authentication code.

  When the presentation unit 204 receives an authentication result indicating whether the authentication code or the digital signature attached to the approval content received from the provider from the authentication unit 203 is authentic, and the authentication result indicates that the authentication process has been successful, Approval content for confirming whether or not the transaction information may be executed only through the display function of the trusted software 102 is presented to the user. When the digital signature or the authentication code is not attached to the approval content, the presentation unit 204 may receive the approval content from the communication unit 201 without performing the authentication process of the authentication unit 203.

Next, communication processing between the information processing apparatus 200 according to the present embodiment and a communication partner will be described with reference to the sequence diagram of FIG.
FIG. 3 is a sequence diagram illustrating an example of communication processing related to a settlement transaction between the user 351 and the bank 352 that is a communication partner in time series. A user 351 shows an example in which a transaction is performed using a terminal (mobile phone, smartphone, tablet, or the like) on which the information processing apparatus 200 and the trusted software 102 are mounted. In the example of FIG. 3, it is assumed that a common key encryption method is used as an encryption method for communication processing, and the common keys k ₁ and k ₂ are held between the bank 352 and the information processing apparatus 200. Suppose that

  In step S <b> 301, the transaction content x is transmitted from the user 351 to the bank 352 using a Web browser or application that runs on the OS of the terminal.

In step S302, the bank 352 receives transaction details x from the user 351, to encrypt the contents of transaction x, to generate encrypted data _{e 1} of x. For example, x may be encrypted as follows. First, an authentication code c ₁ is generated by calculating an arbitrary function H _k1 for the key k ₁ using the transaction content x, time information t ₁ and a random value r using a cryptographic random number of 160 bits or more as parameters. To do. Subsequently, using the transaction content x, time information t ₁ , random value r and authentication code c ₁ as parameters, the calculation result of calculating an arbitrary function E _k2 for the key k ₂ is used as the encrypted data e ₁ of x. That's fine. The time information t ₁ is the time when the authentication code e ₁ is generated.

The bank 352 stores (r, x, t ₁ ) in a database (not shown) using the random value r as the transaction ID.

In step S303, the bank 352, and transmits the encrypted data _{e 1} to the terminal of the user 351.

In step S304, the trusted software 102 of the terminal receives the encrypted data e from the bank 352 using the communication function, and the communication unit 201 of the information processing apparatus 200 receives the encrypted data e ₁ via the trusted software 102. Receive.

In step S305, the authentication unit 203 of the information processing device 200 decrypts the encrypted data e ₁ to obtain (x, t ₁ , r, c ₁ ). The authentication unit 203 determines whether or not the following two conditions are satisfied.
(1) Whether the authentication code c ₁ matches, that is, H _k1 (x, t ₁ , r) = c ₁
(2) Whether the time information t ₁ is within the error w, that is, tε [time-w, time + w]
If the conditions (1) and (2) are satisfied, the authentication unit 203 generates an authentication result indicating that the authentication process has been successful. If at least one of the conditions (1) and (2) is not satisfied, the communication process is terminated because the authentication process has failed. Here, it is assumed that an authentication result indicating that the authentication process is successful is obtained.

  In step S306, since the authentication process is successful, the presenting unit 204 of the information processing apparatus 200 presents the decrypted transaction result x to the user 351 via the display function of the trusted software 102. Specifically, the transaction content x is displayed on the terminal screen only by the display function of the trusted software 102, and the user 351 can view the transaction content x.

  In step S307, the user 351 determines whether the transaction result x displayed via the display function of the trusted software 102 is OK or NG, and uses only the input function of the trusted software 102 as the determination result. Use to input OK or NG. In this case, OK or NG is selected, but a numerical value or a character string may be input.

  In step S308, the communication unit 201 of the information processing apparatus acquires “OK” or “NG” input from the user 351 to the input function of the trusted software 102 as the user instruction y. Specifically, the trusted software 102 converts “OK” or “NG” input to the input function of the trusted software 102 into a user instruction y that can be handled by the information processing apparatus 200, and performs communication of the information processing apparatus 200. To the unit 201. For example, “1” is generated when “OK” is input, and “0 (zero)” is generated when “NG” is input. Here, it is assumed that a user instruction “y = 1” is generated assuming that “OK” is input.

At step S309, the authentication unit 203 of the information processing apparatus 200 generates the encrypted data _{e 2} encrypts the user instruction y. The method for generating the encrypted data e _2, as in step S302, first, the user instruction y, the time information t ₂ and a random value r as a parameter, to calculate any function H _k1 of keys k ₁ generates an authentication code _{c 2.} Subsequently, a calculation result obtained by calculating an arbitrary function E _k2 for the key k _{2 using} the user instruction y, the time information t ₂ , the random value r, and the authentication code c ₂ as parameters may be used as the encrypted data e _2. .
Note that the time information t ₂ may be obtained, for example, the time when the authentication code c ₂ is generated via the trust software 102.

At step S310, the communication unit 201 of the information processing apparatus 200 transmits the encrypted data _{e 2} through the communication function of the confidence software 102.

In step S311, the bank 352 receives the encrypted data _{e 2} from the user 351, to decrypt the encrypted data _{e 2.} Assuming decoding is successful, it is possible to obtain a user instruction y, time information t ₂ and a random value r.
The bank 352 determines whether or not the following two conditions are satisfied.
(3) Whether the authentication codes c ₂ match, that is, H _k1 (x, t ₂ , r) = c ₂
(4) Whether the time information t ₂ is within the error w, that is, t ₂ ∈ [time-w, time + w]
When the conditions of (3) and (4) are satisfied, the bank 352 searches the transaction content x and time information t ₁ corresponding to the random value r from the database storing the random value r as the transaction ID, and the timeout time t _It is determined whether “t <t ₂ ≦ time and t ₂ <t + t ₀ ” is satisfied for ₀ and “user instruction y = 1” is satisfied. Here, the timeout time t ₀ is a time that is a threshold for canceling the transaction between the bank 352 and the user 351.

In step S312, when the bank 352 satisfies “t <t ₂ ≦ time and t ₂ <t + t ₀ ” and satisfies “user instruction y = 1”, the transaction x may be executed. Thus, the communication process between the information processing apparatus 200 and the communication partner is completed.

  When communicating with a communication partner such as a provider, it is desirable to change the key and user identifier for each provider from the viewpoint of security at the time of key leakage.

Details of the information processing apparatus when changing the key for each communication partner will be described with reference to the block diagram of FIG.
An information processing apparatus 400 illustrated in FIG. 4 includes a communication unit 201, a key storage unit 202, a presentation unit 204, a first identifier storage unit 401, a second identifier storage unit 402, an identifier conversion unit 403, a key conversion unit 404, and an authentication unit 405. including.
The communication unit 201, the key storage unit 202, and the presentation unit 204 are the same as the operations in the information processing apparatus 200 shown in FIG.

The first identifier storage unit 401 stores its own identifier (also referred to as a first identifier).
The second identifier storage unit 402 stores the identifier of the communication partner. Note that the second identifier storage unit 402 may store the communication partner identifier in association with the accompanying information including the generation. The generation is an arbitrary value, and may be a counter value such as 1, 2, 3,..., A physical random number of about 128 bits, a cryptographic pseudorandom number, or the like.

The identifier conversion unit 403 receives the first identifier from the first identifier storage unit 401 and the identifier of the communication partner from the second identifier storage unit 402, and determines the first identifier according to the communication partner represented by the identifier of the communication partner. Convert to generate a second identifier. The conversion from the first identifier to the second identifier may be performed using, for example, an arbitrary hash function.
The key conversion unit 404 receives the key from the key storage unit 202 and the identifier of the communication partner from the second identifier storage unit 402, converts the first key according to the communication partner, and generates a second key. The conversion from the first key to the second key may be performed using, for example, an arbitrary hash function.

  Authentication unit 405 performs substantially the same operation as authentication unit 203 described above, but receives the second identifier from identifier conversion unit 403 and the second key from key conversion unit 404, and uses the second identifier and the second key. The point of authentication is different.

  Next, an authentication process when the information processing apparatus 400 uses a common key encryption method will be described. Here, an authentication process in communication between the information processing apparatus 400 and the provider is assumed.

From the key center, K _i that can derive a key K _ij between an arbitrary provider (and accompanying information) and the secure element 101 is distributed to the information processing apparatus 400 as a user key. If the master key of the key center is M, it can be expressed as K _i = E _M (i).

A key set Kj corresponding to the provider identifier (and accompanying information) is distributed from the key center to the provider. If the provider identifier (and accompanying information) is j, it can be expressed as K _j = {K _1j , K _2j ,..., K _nj } (n is an integer of 3 or more). The information processing apparatus 400 and the provider can derive K _ij from each other. For example, in the information processing apparatus 400, when the key conversion unit 404 converts K _i (first key) into K _ij (second key). And may be derived using the following equation (1).

Therefore, encryption communication and message authentication using K _ij as a common key can be performed between the information processing apparatus 400 and the provider.

On the other hand, for the identifier, the identifier conversion unit 403 converts the user i (first identifier) into ID _ij (second identifier) using Expression (2) in accordance with the provider identifier j.

By using a compact key derivation algorithm with a small size in the information processing apparatus 400 and increasing the storage size of the key on the provider side, the storage area of the secure element 101 whose storage capacity is severely restricted can be greatly saved. it can. In addition to the provider identifier, a key is generated using the accompanying information such as the generation, so that even if there is a key leak on the provider side, the generation only needs to be updated, and the key K _ij is maintained while retaining the same identifier. Can be changed. Therefore, it is possible to maintain a high level of transaction safety while maintaining convenience.

Next, processing when the information processing apparatus 400 uses an ID-based encryption method will be described.
A secret key K _i is distributed to the information processing apparatus 400. If the master secret key of the key center is S, it can be expressed by K _i = Gen (S, i).

A secret key K _j is distributed to the provider to the provider j. If the master secret key S is used, it can be expressed as K _j = Gen (S, j).

When performing encrypted communication, the information processing apparatus 400 generates a ciphertext c by the encryption algorithm E using the identifier i and the message m transmitted to the communication partner. That is, it can be expressed by c = E _i (m).

The decoding side, a provider, by using the ciphertext c and the secret key K _i, to decrypt the message by decryption algorithm D. That is,

It can be expressed as
In the case of creating a digital signature, a signature s is created using a signature algorithm S from a secret key K _j and a message m. That is,

It can be expressed as
In the case of verification, it may be determined whether or not the result of passing through the verification algorithm V using the signature s and the signer identifier j matches the message m.

In all the above algorithms, the public parameter P is also input.
Further, for example, in the equations shown in the following equations (3) and (4), the key conversion unit 404 uses the homomorphism of ID-based encryption to convert K _i (first key) to i ′, Ki ′ (first (2 keys) may be used respectively.

  Equations (3) and (4) are examples in which identifier conversion and key conversion according to the identifier of the other party are performed on the RFC5091 BB04 system, and h is one-way property of {0, 1} * → Zq *. Hq is a hash function, and Gq is a public parameter of the RFC5091 BB04 system.

On the other hand, for the identifier, the identifier conversion unit 403 converts the user i (first identifier) into ID _ij (second identifier) using Expression (5) according to the provider identifier j.

  If the above ID-based encryption method is used, it is only necessary to store the provider identifier and incidental information in the information processing apparatus 400, so that the necessary storage capacity can be saved. Also, the security level can be maintained by updating the incidental information such as the generation for the key leakage of the provider.

Next, a case where an application authenticated by the information processing apparatus 200 with the Access Control defined in the GSMA Handset APIs & Requirements is used as the trust software will be described with reference to FIG.
The block diagram shown in FIG. 5 shows to which architecture each element belongs.
In FIG. 5, an application area 551, a native user area 552, a system area 553, and a secure element area 554 are shown as the architecture.

The application area 551 includes a provider application 501 and a SIM-OTP access unit 502.
The native user area 552 includes a native code portion 509.

The system area 553 includes a runtime unit 503, an Open Mobile API unit 504, a certificate storage unit 505, a screen display library 510, and a display driver 511.
The secure element area 554 includes a certificate hash storage unit 506, an in-secure element access control unit 507, and an information processing device 508.

The provider application 501 is an application installed by the user. The provider application 501 can be downloaded only from the regular route.
The SIM-OTP access unit 502 transmits / receives data to / from the secure element area 554.

The runtime unit 503 is, for example, an Android runtime, includes a Dalvik virtual machine, and processes data from the SIM-OTP access unit 502 and the Open Mobile API unit 504 by Java (registered trademark) code. Note that the processing using the Java code is only processing for extracting information from the secure element.
The Open Mobile API unit 504 is an API standardized by SIM Alliance, and includes Access Control. Access Control is a function standardized by GSMA.

The certificate storage unit 505 stores the UID of the provider application 501 and application certificate information in association with each other.
The certificate hash storage unit 506 stores in advance the hash value (SHA1) of the application certificate of the application that accesses the information processing device 508 when the information processing device 508 is registered in the secure element area 554.

The access control unit 507 in the secure element is a function standardized by GSMA. The hash value based on the application certificate information stored in the certificate storage unit 505 and the hash value stored in the certificate hash storage unit 506 Compare
The information processing device 508 performs the same operation as the information processing devices 200 and 400 described above, and generates an OTP, exchanges a session key, encrypts transaction information, and transmits encrypted transaction information.

The native code unit 509 exchanges session keys, decrypts encrypted transaction information, and transmits the transaction information using a native code.
The screen display library 510 is a library for performing screen display.
The display driver 511 is a driver for displaying transaction information and the like on the display.

Next, the access control process using the trust software shown in FIG. 5 will be specifically described.
Here, SIM is assumed as the secure element, and a bank application is assumed as the provider application 501. Further, it is assumed that the hash value of the application certificate related to the bank application is stored in the certificate hash storage unit 506 in advance.

In step S1, when a bank application is installed, the UID of the bank application and application certificate information are registered in association with the certificate storage unit 505 in the system area 553 simultaneously with the installation.
In step S2, a processing execution request is made from the bank application to the information processing device 508 in the SIM. In this case, the bank application accesses the Open Mobile API unit 504 via the SIM-OTP access unit 502 and the runtime unit 503.

In step S3, the Open Mobile API unit 504 acquires the UID of the bank application included in the process execution request.
In step S4, the Open Mobile API unit 504 searches the certificate storage unit 505 for application certificate information corresponding to the UID and acquires it.

In step S5, the Open Mobile API unit 504 passes application certificate information to the secure element access control unit 507 in the secure element region 554 via the access control.
In step S <b> 6, the secure element access control unit 507 compares the hash value that matches the application certificate information with the hash value stored in the certificate hash storage unit 506.

In step S <b> 7, when the two compared hash values are the same, it is determined that the processing is normal, and the Open Mobile API unit 504 passes a processing execution request to the information processing device 508. Thereafter, the information processing apparatus 508 transmits the processing result to the bank application via the Open Mobile API unit 504, the runtime unit 503, and the SIM-OTP access unit 502.
On the other hand, if the two compared hash values are different, it is determined that the access is unauthorized, and an error code is returned to the bank application via the Open Mobile API unit 504, the runtime unit 503, and the SIM-OTP access unit 502. This completes the access control process.

  According to this embodiment described above, in communication processing including settlement processing with a communication partner, an information processing device included in a secure element having tamper resistance, and a communication function, a display function, and an input function of trusted software By performing settlement processing using only the OS, communication processing can be performed without going through the OS or application infected with malware even when the OS or an application running on the OS is infected by malware or the like. Therefore, it is possible to dramatically improve the safety of transactions compared to executing communication processing via an application.

The instructions shown in the processing procedure shown in the above-described embodiment can be executed based on a program that is software. The general-purpose computer system stores this program in advance and reads this program, so that the same effect as that obtained by the information processing apparatus described above can be obtained. The instructions described in the above-described embodiments are, as programs that can be executed by a computer, magnetic disks (flexible disks, hard disks, etc.), optical disks (CD-ROM, CD-R, CD-RW, DVD-ROM, DVD). ± R, DVD ± RW, Blu-ray (registered trademark) Disc, etc.), semiconductor memory, or a similar recording medium. As long as the recording medium is readable by the computer or the embedded system, the storage format may be any form. If the computer reads the program from the recording medium and causes the CPU to execute instructions described in the program based on the program, the same operation as the information processing apparatus of the above-described embodiment can be realized. Of course, when the computer acquires or reads the program, it may be acquired or read through a network.
In addition, the OS (operating system), database management software, MW (middleware) such as a network, etc. running on the computer based on the instructions of the program installed in the computer or embedded system from the recording medium implement this embodiment. A part of each process for performing may be executed.
Furthermore, the recording medium in the present embodiment is not limited to a medium independent of a computer or an embedded system, and includes a recording medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.
Further, the number of recording media is not limited to one, and when the processing in this embodiment is executed from a plurality of media, it is included in the recording medium in this embodiment, and the configuration of the media may be any configuration.

The computer or the embedded system in the present embodiment is for executing each process in the present embodiment based on a program stored in a recording medium. The computer or the embedded system includes a single device such as a personal computer or a microcomputer. The system may be any configuration such as a system connected to the network.
In addition, the computer in this embodiment is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions in this embodiment by a program. ing.

  Although several embodiments of the present invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

DESCRIPTION OF SYMBOLS 100 ... Architecture, 101 ... Secure element, 102 ... Reliable software, 103 ... Operating system, 104-1, 104-2 ... Application, 200, 400 ... Information processing apparatus, 201・ ・ ・ Communication unit, 202 ... Key storage unit, 203 ... Authentication unit, 204 ... Presentation unit, 351 ... User, 352 ... Bank, 401 ... First identifier storage unit, 402 ... second identifier storage unit, 403 ... identifier conversion unit, 404 ... key conversion unit, 405 ... authentication unit, 501 ... provider application, 502 ... SIM-OTP access unit, 503: Runtime unit, 504 ... Open Mobile API unit, 505 ... Certificate storage unit, 506 ... Certificate hash storage unit, 5 07: Access control part in secure element, 508 ... Information processing device, 509 ... Native code part, 510 ... Screen display library, 511 ... Display driver, 551 ... Application area, 552 ... Native user area, 553 ... System area, 554 ... Secure element area.

Claims (8)

Only through the communication function of the trust software, communication means for receiving one or more authorized contents that require input from the user from the communication partner,
Presenting means for presenting the one or more approval contents to the user only through the display function of the trusted software;
Key storage means for storing a first key used for authentication with the communication partner;
Said acquired via the input function of the confidence software only in response to an instruction from the user, a information processing apparatus you anda authentication means for generating an authentication code using the first key,
The information processing apparatus is included in a SIM (Subscriber Identity Module),
The trusted software includes an application that is authenticated to the information processing apparatus by the access control defined in GSMA Handset APIs & Requirements, a trusted application defined by the Global Platform Trusted Execution Entitlement, and one of the authorized applications defined by the Global Platform Trusted Environment. An information processing apparatus characterized by firmware, OS, and hardware guaranteed to be limited to the above-mentioned persons. First identifier storage means for storing its own first identifier;
Second identifier storage means for storing an identifier of the communication partner;
Identifier conversion means for converting the first identifier according to the communication partner and generating a second identifier;
A key conversion unit that converts the first key according to the communication partner and generates a second key;
The information processing apparatus according to claim 1, wherein the authentication unit generates an authentication code using the second identifier and the second key. The first key is a key in a common key cryptosystem,
The key conversion means generates the second key by the common key encryption method,
The information processing apparatus according to claim 2, wherein the communication unit performs cryptographic communication and message authentication with the communication partner by the common key encryption method using the second key. The first key is a secret key in an ID-based encryption method,
The key conversion means generates the second key by the ID-based encryption method,
The information processing apparatus according to claim 2, wherein the communication unit performs cryptographic communication and message authentication with the communication partner by the ID-based encryption method using the second key.   The said 2nd identifier storage means matches with the identifier of the said communicating party, and further stores the incidental information containing the generation which is arbitrary values, The any one of Claims 2-4 characterized by the above-mentioned. Information processing device. The authentication means performs an authentication process on the digital signature and the authentication code when at least one of a digital signature and the authentication code is attached to the one or more approval contents,
The information processing apparatus according to any one of claims 1 to 5, wherein the presenting unit presents the one or more approval contents to the user when the authentication process is successful. Only through the communication function of the trust software to receive one or more authorized contents that require input from the user from the communication partner,
Presenting the one or more approval contents to the user only through the display function of the trusted software,
Storing a key used for authentication with the communication partner in a storage means;
Said acquired via the input function of the confidence software only in response to an instruction from the user, a certification process that generates an authentication code using the key,
The authentication method is included in a SIM (Subscriber Identity Module),
The trusted software includes an application that is authenticated to the authentication method by the Access Control defined in GSMA Handset APIs & Requirements, a trusted application defined by the Global Platform Trusted Execution Entitlement, and a modified application specified by the Global Application Trusted Application. A firmware, OS, and hardware guaranteed to be limited to a user. Computer
Only through the communication function of the trust software, communication means for receiving one or more authorized contents that require input from the user from the communication partner,
Presenting means for presenting the one or more approval contents to the user only through the display function of the trusted software;
Storage means for storing a key used for authentication with the communication partner;
In accordance with an instruction from the user acquired only through the input function of the trust software, an authentication program for functioning as an authentication unit that generates an authentication code using the key ,
The authentication program is stored in a SIM (Subscriber Identity Module),
The trusted software includes an application authenticated by the authentication program with the Access Control defined in the GSMA Handset APIs & Requirements, a trusted application defined by the Global Platform Trusted Execution Entitlement, and a modified application defined by the Global Application Trusted Application. An authentication program characterized by firmware, OS, and hardware guaranteed to be limited to a user .