JP2002152196A - Method for program authentication without secret key, program id communication processing control method, program id communication range control method, and method for providing communication line by open key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent personation of communication in an environment wherein readout and forgery are allowed. SOLUTION: Portable equipment 11 confirms by a built-in function part 111 that a hash value 11231 is generated by a program main body 1121 and a secret key paired with an open key 11221 indicating the origin of a program 112. Master equipment 12 authenticates the portable equipment 11 by an open key system which uses an open key 11232 and the secret key 1131 and then decides whether or not the program 112 has the authentic origin according to the hash value confirmation result of the portable equipment 11 when the authentication is successful. When the master equipment 12 successfully authenticates the portable equipment 11 and the program 112 has the authentic origin, it is considered that the program 112 is authenticated with the open key 11221.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a program authentication method, an access control method for processing generated by inter-program communication in a distributed environment, and a program communication range control method in a distributed environment.

[0002]

2. Description of the Related Art As an example of a conventional information system, as shown in FIG. 19, for example, a public key group 101 representing the origin of a program body 10121 and a program 1012 is shown.
221 to 10122n and the secret key group 101241 to 101
24n, a program 1012 composed of a pair
The program 1012 is formed by the portable device 101 which is a program execution / communication device based on the program 1012. The process 10120 is performed on the program 1012 based on the program 1012.
The main part is constituted by a portable device 101 that generates and executes the data, and a parent device 102 that is a communication / processing device that communicates with the portable device 101.

An example of a conventional information system includes, as shown in FIG. 19, a program 1012, a portable device 101 which is a program execution / communication device for generating and executing a process 10120 based on the program 1012, and a portable device 101. Device 1 that is a communication / processing device that communicates with the
02, the main part was constituted.

[0004] The program 112 is a program
121, a public key group 101221 to 10122n indicating the origin of the program 1012, and a public key group 10122
Private key group 101241-1 paired with 1-10122n
0124n.

[0005] The portable device 101 includes an embedded function unit 101.
1 and a process 1012 for executing the program 1012
0, a public key 10132 attached to the portable device 101,
It was composed of a secret key 10131 paired with the public key 10132 and user password information 10190.

The parent device 102 has a public key 10132 attached to the portable device 101, which is an ID representing a partner with which communication is possible.
And user password information 10190 indicating a user who can communicate.

In such a conventional information system, before the portable device 101 communicates with the parent device 102 by the processing of the process 10120 generated based on the program 1012, the parent device 102 Public key 101221 representing the origin of the source of the program 1012 that is the source of the process 10120 that causes the
And a step of obtaining parent keys 102 from the public key group 101 representing the origin of the program 1012 that is the source of the process 10120 that causes the portable device 101 to communicate with each of the obtained public keys 101221 to 10122n.
221 to 10122n and a secret key group 101241-1
By performing authentication using 0124n, the process 1
If the program 1012 that is the basis of 0120 has all the public keys that have been successfully authenticated, the authentication has been performed.

Another example of the conventional information system is a portable device 101 which is a program 1012 and a program execution / communication device for generating and executing a process 10120 based on the program 1012 as shown in FIG.
The main part is comprised of the parent device 102 which is a communication / processing device that communicates with the portable device 101.

The portable device 101 has a built-in function unit 101.
1 and a process 1012 for executing the program 1012
0, a public key 10132 and a secret key 10131 attached to the portable device 101, and the user / password information 101.
90.

The parent device 102 has a public key 101 attached to the portable device 101 as a public key indicating a partner with which communication is possible.
32 and user password information 10190.

In such a conventional information system, the portable device 101 authenticates the user password information 10190, and a process 10120 for executing the program 1012 holds the user password information 10190. When a communication request occurs when the process 10120 attempts to communicate with the parent device 102, the parent device 102
The public key 10132 is received from the portable device 101, and if the public key 10132 matches the public key 10132, the portable device 101
Is authenticated with respect to the public key 10132, and if the authentication is successful, the program 1012 in the portable device 101 is executed.
The communication between the process 10120 that executes the process and the parent device 102 is permitted, and the access control for the processing generated by the communication is performed by the same access control regardless of the communication partner, or by the user / user of the process 10120 of the communication partner. The password information 10190 is taken over, and if user authentication is successful, access control is performed based on that.

Further, conventionally, another example of the information system is as follows.
For example, as shown in FIG. 21, a main part of the portable device 101 and the parent device 102 is configured.

The portable device 101 has a built-in function unit 101.
1, a program 1012, a process 10120 for executing the program 1012, a secret key 10131 associated with the portable device 101, a public key 10132 paired with the secret key 10131, and a public key 10
232.

The parent device 102 includes an embedded function unit 1021
, A program 1022, a process 10220 for executing the program 1022, a secret key 10231 associated with the parent device 102, a public key 10232 paired with the secret key 10231, and a public key 1013 indicating a partner with whom communication is possible.
And 2.

In such a conventional information system, when a process 10120 and a process 10220 attempt to communicate and a communication request is generated, the built-in function unit 101
1 and 1021 are first public keys 10132 and 1
0232 to each other, and a public key 102 indicating a party with whom the received public keys 10232 and 10132 may communicate.
32 and 101032, respectively. If they match, each of the built-in function units 1011 and 1021 performs mutual authentication using the received public keys 10232 and 10132. If the mutual authentication succeeds, the process 10120 and the process 10220 allow communication. On the other hand, if the received public keys 10232 and 10132 are different from the public keys 10133 and 10233 indicating the parties that can communicate with each other, or if mutual authentication with the public keys 10232 and 10132 fails, the process 10120 and the process 102
Did not allow communication with the 20. Further, the communication path resource group has not been virtually provided as a separate resource for each public key.

[0016]

A first problem is that in order to prevent spoofing during communication, the security level of an area (memory, disk, etc.) where a program exists must be read and falsified. It is. The reason is that the program needs to have a secret key.

The second problem is that in a distributed environment, it is necessary to hold and maintain common information similar to user password information. The reason is that it is necessary to share information similar to the same user password information for authentication.

A third problem is that when information similar to user password information is not used, the process is executed with the same authority regardless of the communication partner. The reason is,
This is because information that can guarantee the validity of access control cannot be obtained.

A fourth problem is that when designing a device, a program or a system, it is necessary to individually design a device, a program, or a program with which a process communicates. The reason is that the communication partner is determined by the setting of the public key that the communication partner should have.

A fifth problem is that it takes much time to expand the system and to enter a plurality of systems. The reason is that when designing equipment, programs or systems for system expansion and entry of multiple systems, it is necessary to individually redesign which equipment, programs or processes communicate with which programs. Because.

A sixth problem is that the system tends to be fixed to a specific service. The reason for this is that much effort is required when expanding the system and installing a plurality of systems.

A seventh problem is that it is necessary to design and manage which communication path corresponds to which public key. The reason is that the communication path resource group is not provided virtually as a separate resource for each public key.

A first object of the present invention is to provide a method for authenticating a program without a secret key, which prevents impersonation in communication in an environment where reading and falsification is possible as a security level of an area where a program exists.

A second object of the present invention is to provide a program ID communication processing control method for controlling access to processing generated by inter-program communication in a distributed environment that is not under centralized management.

A third object of the present invention is to provide a program ID communication range control method in which the range of communication, that is, the range of information distribution is previously limited in a distributed environment, and the system design relating to the communication range is easy. It is in.

A fourth object of the present invention is that when communication is performed for each public key, which communication path is occupied by which public key is limited in advance, and system design relating to the communication path is easy. An object of the present invention is to provide a communication path providing method for each public key.

As a prior art document, Japanese Patent Application Laid-Open No. 2000-2000
There is 148469, "Access control to services between modular applications" disclosed in this publication.
The method determines whether the first computer program module has been digitally signed with the power to grant access to the service from the second computer program module, and if so, gives the first computer program module the digital computer signature. It is intended to provide access to services. However, the method includes storing the first computer program module and the second computer program module at the same address on the same computing node so that the first computer program module can access services from the second computer program module. This is for enabling the program to be executed in a space, and is not for allowing different programs to cooperate via communication on different program execution / communication apparatuses as in the present invention.

[0028]

According to the present invention, there is provided a method for authenticating a program without a secret key, comprising: a program; a program execution / communication device for generating and executing a process based on the program; and a communication with the program execution / communication device. An information system including a communication / processing device for performing the program execution / communication device, a public key and a secret key attached to the program execution / communication device, and a process generated and executed based on the program. Wherein the program includes a program body, a public key indicating the origin of the program, and a signature performed on the program body with a secret key paired with the public key. The signature is generated by the program itself and a private key paired with a public key representing the origin of the program. Confirming whether the communication / processing device has been executed, and before the program execution / communication device performs communication with the communication / processing device by processing a process generated based on the program, the communication / processing device Authenticating the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device; and publicly displaying the signature indicating the origin of the program body and the program. When it can be confirmed that the program is generated by the key and the secret key forming a pair, the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program. Before performing, the communication and processing device obtains a public key representing the origin of the program, and Succeeded in testimony,
And, when a public key indicating the origin of the program is obtained, the communication / processing device authenticates the public key as indicating the origin of the program.

Further, in the method for authenticating a program without a secret key according to the present invention, the program execution / communication device may be configured such that the signature is generated by the program body and a secret key paired with a public key indicating the origin of the program. In the step of confirming whether or not the signature is obtained, the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a secret key paired with a public key representing the origin of the program, The program execution / communication device decrypts the signature value with a public key representing the origin of the program to obtain a digest, and hashes the program body with a hash function to obtain a digest. Is determined.

Further, in the method of authenticating a program without a secret key according to the present invention, the communication / processing device may be configured so that the communication / processing device uses a public key method using a public key and a secret key attached to the program execution / communication device. In the step of performing authentication, the communication / processing device includes a public key indicating a partner with which communication is possible, and a public key indicating the partner with which communication is possible and a public key attached to the program execution / communication device are included. It is characterized in that it is determined whether or not they match, and when they match, the program execution / communication device is authenticated.

Further, in the method for authenticating a program without a secret key according to the present invention, the communication / processing device may execute the program execution / communication by a public key method using a public key and a secret key attached to the program execution / communication device. In the step of authenticating the device, a one-time password method using a public key is used, the communication / processing device sends a random character string to the program execution / communication device, and the program execution / communication device The character string is encrypted with a secret key attached to the program execution / communication device and sent back to the communication / processing device, and the communication / processing device communicates with the communication / processing device that holds the encrypted character string in advance. And decrypting the program execution / communication device if the decrypted character string matches the previously transmitted character string. That.

[0032] Further, the program authentication method without a secret key according to the present invention provides a program, a program execution / communication device for generating and executing a process based on the program, and a communication / process for communicating with the program execution / communication device. In an information system constituted by a device, the program execution / communication device includes a public key and a secret key attached to the program execution / communication device, and a process generated and executed based on the program, The program
A program body, a public key group representing the origin of the program, and a signature group performed by each private key paired with each public key on data created by combining the program body and the public key group. The program execution / communication device, wherein each signature is generated by data created by combining the program body and the public key group and each private key paired with each public key corresponding to each signature. And obtaining a set of public keys corresponding to the signature confirmed to be generated, and processing of a process generated by the program execution / communication device based on the program. The communication
Before communicating with the processing device, the communication / processing device
The program execution / communication device uses a public key and a public key attached to the communication device to execute the program execution /
A step of performing authentication of the communication device, and, when one or more public keys corresponding to the signature confirmed to be generated are obtained, the program execution / communication device generates the program based on the program. Before performing communication with the communication and processing device by the processing of the process, the communication and processing device obtains a public key representing the origin of the program, and succeeded in authentication of the program execution and communication device, And when the public key indicating the origin of the program is obtained, the communication / processing device authenticates each public key of the signature confirmation result by the program execution / communication device as indicating the origin of the program. And a step.

Further, in the method for authenticating a program without a secret key according to the present invention, the program execution / communication device may be configured such that each signature has data created by combining the program body and the public key group and each public key corresponding to each signature. In the step of confirming whether or not each is generated by a secret key forming a pair with a key and obtaining a set of public keys corresponding to the confirmed signature, each signature is a combination of the program body and the public key group. The digest created by hashing the data created by the hash function is composed of each signature value encrypted with each private key paired with each public key representing the origin of the program, and the program execution / communication device includes:
Decrypting each signature value with each public key representing the origin of the program to obtain a digest group, and hashing data created by a combination of the program body and the public key group with a hash function to obtain a digest, It is characterized in that it is determined whether or not the digest matches the digest group.

Further, in the method for authenticating a program without a secret key according to the present invention, the communication / processing device may execute the program execution / communication using a public key method using a public key and a secret key attached to the program execution / communication device. In the step of performing device authentication, the communication / processing device includes a public key indicating a partner with which communication is possible, a public key indicating the partner with which communication is possible, and a public key associated with the program execution / communication device. It is characterized in that whether the program execution / communication device is authenticated is determined if they match.

Further, in the method for authenticating a program without a secret key according to the present invention, the communication / processing device may execute the program
In the step of performing the program execution / authentication of the communication device by a public key method using a public key and a secret key attached to the communication device, a one-time password method using a public key is used, and the communication / processing device includes: Sending a random character string to the program execution / communication device, the program execution / communication device encrypts the character string with a secret key attached to the program execution / communication device, and sends it back to the communication / processing device; The communication / processing device decrypts the encrypted character string with a public key that indicates in advance the communication partner that can hold the encrypted character string, and executes the program if the decrypted character string matches the character string sent earlier. -It is characterized in that the communication device is authenticated.

On the other hand, the program ID communication processing control method of the present invention comprises a program, a program execution / communication device for generating and executing a process based on the program, and a communication / process for communicating with the program execution / communication device. In an information system constituted by a device, the program includes a program main body and an ID group indicating a source of the program, and the program execution / communication device generates and executes the program based on the program. And before the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program, the communication / processing device determines the source of the program that is the source of the process. Obtaining a part or all of the ID group representing the origin, and the ID representing the origin
When one or more are obtained, the communication / processing device communicates with the program execution / communication device by a process of a process generated based on the program; and・ The processing device
Performing access control based on an ID group indicating the origin derived from the program execution / management device.

Further, the program ID communication processing control method of the present invention provides a program, a program execution / communication device for generating and executing a process based on the program, and a communication / process for communicating with the program execution / communication device. In the information system constituted by the apparatus, the program includes a program main body, a public key indicating the origin of the program, and a secret key paired with the public key, and the program execution / communication apparatus includes the program execution / communication apparatus. Including a process that is generated and executed based on, before the program execution and communication device communicates with the communication and processing device by the process of the process generated based on the program,
Wherein the communication / processing device obtains a public key representing the origin of the program as a source of a process for causing the program execution / communication device to communicate from the program execution / communication device; and Authenticating the program by a public key method using a public key and a secret key representing the origin of the program, and, when the program is authenticated, the communication / processing device, based on the public key, Performing communication with the program execution / communication device by the access control described above.

Further, in the program ID communication processing control method according to the present invention, the communication / processing device may perform the above-described public key processing on the obtained public key by a public key system using a public key and a secret key indicating the origin of the program. In the step of performing program authentication, a one-time password method using a public key is used, the program execution / communication device sends the public key to the communication / processing device, and the communication / processing device Send a random character string to the execution and communication device, the program execution and communication device,
The character string obtained by encrypting the character string with the secret key is transmitted to the communication
The communication / processing device decrypts the encrypted character string with the transmitted public key, and if the decrypted character string matches the previously transmitted character string, the program is transmitted to the processing device. It is characterized by authentication.

Furthermore, a program ID communication processing control method according to the present invention provides a program, a program execution / communication device for generating and executing a process based on the program,
In an information system including a communication / processing device that performs communication with the program execution / communication device, the program execution / communication device includes a public key and a secret key attached to the program execution / communication device, The program includes a process that is originally generated and executed.The program includes a program main body, a public key representing the origin of the program, and a signature performed on the program main body with a private key paired with the public key. The program execution and communication device, the step of confirming whether the signature is generated by the program body and a secret key that is paired with a public key representing the origin of the program, the A program execution / communication device communicates with the communication / processing device by processing a process generated based on the program. A step in which the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a private key attached to the program execution / communication device; And a public key indicating the origin of the program and a secret key forming a pair with the public key, the program execution / communication device performs processing of a process generated based on the program. Before performing communication with the communication and processing device, the communication and processing device obtains a public key representing the origin of the program,
If the authentication of the program execution / communication device is successful and a public key indicating the origin of the program is obtained, the communication / processing device indicates the origin of the program from the program execution / communication device. Get the public key,
Performing communication with the program execution / communication device by access control based on the public key.

In the program ID communication processing control method according to the present invention, the program execution / communication device may be configured such that the signature is generated by the program body and a secret key paired with a public key indicating the origin of the program. In the step of confirming whether or not the signature is obtained, the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a secret key paired with a public key representing the origin of the program, The program execution / communication device decrypts the signature value with a public key representing the origin of the program to obtain a digest, and hashes the program body with a hash function to obtain a digest. Is determined.

Further, in the program ID communication processing control method according to the present invention, the communication / processing apparatus may be configured so that the communication / processing apparatus uses a public key method using a public key and a secret key attached to the program execution / communication apparatus. In the step of performing the authentication, the communication / processing device includes a public key indicating a partner with which communication is possible, and a public key attached to the program execution / communication device and a public key indicating the partner with which communication is possible are included. It is characterized by determining whether they match.

Further, in the program ID communication processing control method according to the present invention, the communication / processing device may execute the program execution / communication by a public key method using a public key and a secret key attached to the program execution / communication device. In the step of authenticating the device, a one-time password method using a public key is used, and the communication / processing device sends a random character string to the program execution / communication device,
The program execution / communication device encrypts the character string with a secret key attached to the program execution / communication device, and sends the encrypted character string back to the communication / processing device. When the decrypted character string matches the previously transmitted character string, the program execution / communication device is authenticated.

A program ID communication processing control method according to the present invention provides a program, a program execution / communication device for generating and executing a process based on the program, and a communication / process for communicating with the program execution / communication device. In an information system constituted by a device, the program execution / communication device includes a public key and a secret key attached to the program execution / communication device, and a process generated and executed based on the program, A signature generated by the program using a program body, a public key group representing the origin of the program, and data generated by combining the program body and the public key group with each private key paired with each public key. The program execution / communication device, wherein each signature sets the program body and the public key group. Checks whether it is generated by the data created together and each private key that forms a pair with each public key corresponding to each signature, and responds to the signature that is confirmed to be generated Obtaining a set of public keys to be executed, and before the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program, the communication / processing device executes the program Authenticating the program execution / communication device by a public key method using a public key and a private key attached to the execution / communication device; and a public key corresponding to the signature confirmed to be generated. When one or more are obtained, before the program execution / communication device performs communication with the communication / processing device by processing of a process generated based on the program, A step of said communication and processing unit to obtain a public key representing the derived origin of the program, succeeded in authenticating the program execution and communication device,
And when the public key indicating the origin of the program is obtained, the communication / processing device executes the program execution /
Performing communication with the program execution / communication device by access control based on a part or all of the public key collection of the signature confirmation result by the communication device.

Further, in the program ID communication processing control method according to the present invention, the program execution / communication device may be configured such that each signature is created by combining the program body and the public key group, and each public key corresponding to each signature. In the step of confirming whether or not each of the signatures is generated by each secret key forming a pair with the key, a digest obtained by hashing data created by combining the program main body and the public key group with a hash function is used. Each digest composed of each signature value encrypted with each private key paired with each public key representing the source of the program, and the program execution / communication device decrypts each signature value with each public key, The data created by combining the program body and the public key group is obtained by hashing with a hash function. And judging whether the digest and match.

Still further, in the program ID communication processing control method according to the present invention, the communication / processing device may execute the program execution / communication by a public key method using a public key and a secret key attached to the program execution / communication device. In the step of performing authentication of the device, the communication / processing device includes a public key indicating a partner with whom the communication / processing unit can communicate, and executes the program execution /
It is characterized in that it is determined whether or not the public key attached to the communication device matches the public key indicating the party with whom communication is possible.

Further, in the program ID communication processing control method according to the present invention, the communication / processing device may be configured so that the communication / processing device uses a public key method using a public key and a secret key attached to the program execution / communication device. In the step of performing authentication, a one-time password method using a public key is used, the communication / processing device sends a random character string to the program execution / communication device, and the program execution / communication device The character string is encrypted with a secret key attached to the program
The communication / processing device decrypts the encrypted character string with a public key that indicates a partner with which communication is possible and holds the encrypted character string in advance, and the decrypted character string matches the character string sent earlier. Then, the program execution / communication device is authenticated.

On the other hand, the program ID communication range control method according to the present invention comprises a program and a plurality of program execution / execution programs each of which generates and executes a process based on the program.
In an information system including a communication device, the program includes a program main body and an ID group indicating a source of the program, and a process generated by a program execution / communication device based on a program executes the process. Before communicating with another process generated by another program execution / communication device based on a program or another program, both program execution / communication devices communicate with the other program execution / communication device. Obtaining a part or all of an ID group representing the origin of the program, and when the ID group representing the origin is obtained, both the program execution / communication devices indicate the obtained origin. Compare the ID group and the ID group representing the origin of the program as the source of the process in the own program execution / communication device, ID representing the source from the match said program characterized by comprising a step of opening a communication channel if there are one or more.

A program ID communication range control method according to the present invention is an information system comprising a program and a plurality of program execution / communication devices for generating and executing each process based on each program. , A program body, a public key indicating the origin of the program, and a private key paired with the public key, and a process generated by a program execution / communication device based on a program is executed by the program or another program. Before communicating with another process generated by another program execution / communication device based on one program, both program execution / communication devices are transmitted from the other program execution / communication device to the other program execution / communication device. Obtaining a public key representing the source of the program as a source of the process; The system execution / communication device determines whether the public key obtained from the partner program execution / communication device matches the public key indicating the origin of the program that is the source of the process in the own program execution / communication device. And the two program execution / communication devices use the public key and the secret key representing the origin of the program that is the source of the process in the other program execution / communication device. The step of performing mutual authentication of the original program and the public key obtained from the partner program execution / communication device and the public key indicating the origin of the program as the source of the process in the own program execution / communication device are identical. When both programs execute and communicate with each other, and the program that is the source of the process in the Location is characterized by comprising the step of opening the communication path.

Further, in the program ID communication range control method according to the present invention, the two program execution / communication devices exchange a public key and a secret key representing the origin of the program which is the source of the process in the partner program execution / communication device. In the step of performing the mutual authentication of the program that is the source of the process in the partner program execution / communication device using a one-time password method using a public key, both program execution / communication devices perform their own program execution / communication The public key attached to the device is sent to the partner program execution / communication device, a random character string is sent to the partner program execution / communication device, and the partner program execution / communication device sends the character string to the partner program execution / communication device. Encrypted with a private key paired with a public key representing the origin of the program that is the source of the process The character string is sent back to the own program execution / communication device, and the own program execution / communication device decrypts the encrypted character string with the corresponding public key, and if the decrypted character string matches the character string sent earlier. For example, the partner program execution / communication device is characterized by authenticating a program that is a source of a process in the communication device.

Further, the program ID communication range control method of the present invention provides an information system comprising a program and a plurality of program execution / communication devices for generating and executing each process based on each program. The communication device executes its own program; the public key and secret key attached to the communication device;
A public key attached to the communication device; and a process generated and executed based on the program. The program includes a program body, a public key indicating the origin of the program, and a public key for the program body. A process executed by a program execution / communication device based on a program, including a key and a signature performed by a pair of secret keys, to execute / communicate another program based on the program or another program Before communicating with another process generated by the device, both program execution and communication devices are generated by a secret key whose signature is paired with a public key representing the origin of the program and the signature of the program. A step of confirming whether or not the two programs are executed and before the communication, Performing a partner program execution and authentication of the communication device by a public key method using a public key and a secret key attached to the communication device, and the two program execution and communication devices determine that the signature is derived from the source of the program body and the source of the program Transmitting the public key to a partner program execution / communication device before performing the communication, if it can be confirmed that the public key is generated by a public key representing a public key and a secret key forming a pair with the public key. The execution / communication device determines whether the public key obtained from the partner program execution / communication device matches the public key indicating the origin of the program that is the source of the process in the own program execution / communication device. The process and the program that is the source of the process in the partner program execution / communication device are mutually authenticated and obtained from the partner program execution / communication device. When the public key is matched to represent the origin derived from the public key and the underlying said program processes the own program in execution and communication devices,
A step of opening the communication path between the two program execution / communication devices.

Further, in the program ID communication range control method according to the present invention, the two program execution / communication apparatuses generate the signature by using the program main body and a secret key paired with a public key indicating the origin of the program. In the step of confirming whether or not the signature has been obtained, the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a private key paired with a public key representing the origin of the program. The two program execution / communication devices obtain the digest by decrypting the signature value with the public key indicating the origin of the program, and obtain the digest by hashing the program body with the hash function. Is determined.

Further, according to the program ID communication range control method of the present invention, the two program execution / communication devices can execute / communicate each other by a public key method using a public key and a secret key attached to the other program execution / communication device. In the step of performing device authentication, both program execution / communication devices are provided with a public key indicating a communication partner, and a public key indicating the communication partner and a public key attached to the partner program execution / communication device. It is characterized by determining whether one or more public keys of the group match.

Further, according to the program ID communication range control method of the present invention, the two program execution / communication devices can execute / communicate each other by a public key system using a public key and a secret key attached to the other program execution / communication device. In the step of performing device authentication, a one-time password method using a public key is used, and the own program execution / communication device obtains a public key attached to the other program execution / communication device from the other program execution / communication device, A random character string is sent to the partner program execution / communication device, and the partner program execution / communication device encrypts the character string with a secret key attached to the partner program execution / communication device and sends it back to its own program execution / communication device, The own program execution / communication device executes the partner program by executing the encrypted character string.
It is characterized by decrypting with the public key obtained from the communication device and, if the decrypted character string matches the previously transmitted character string, authenticating the partner program execution / communication device.

Further, according to the program ID communication range control method of the present invention, both the program execution / communication devices succeed in the execution of the partner program / communication device, and the result of signature confirmation by both program execution / communication devices is disclosed. In the step of opening a communication path between processes when there is a public key that coincides with a set of keys, a communication apparatus in which both program execution / communication apparatuses virtually form a plurality of virtual communication paths per communication path And a virtual communication path resource group that exists for each public key representing the origin of the program, and a communication path resource group, and when the public key representing the origin of the program is obtained, the program When the process generated based on the communication is performed, the communication device of the two program execution / communication devices transmits the virtual communication path resource group corresponding to the obtained public key indicating the origin. One to allocate a communication channel resources, and providing a communication path using the virtual path resources.

Further, the program ID communication range control method according to the present invention is directed to an information system including a program and a plurality of program execution / communication devices for generating and executing each process based on each program. A communication device, including its own program execution, a public key and a secret key associated with the communication device, a partner program execution, a public key associated with the communication device, and a process generated and executed based on each program; A signature generated by the program using a program body, a public key group representing the origin of the program, and data generated by combining the program body and the public key group with each private key paired with each public key. Group, and both programs
The communication device checks whether each signature is generated by data created by combining the program body and the public key group and each private key paired with each public key corresponding to each signature. And the two program execution / communication devices perform the authentication of the other program execution / communication device by a public key method using a public key and a secret key attached to the other program execution / communication device. The communication device communicates the set of public keys of the result of signature confirmation by the own program execution / communication device to the partner program execution / communication device, and executes the own program execution / collection of the public key of the result of signature confirmation by the communication device and execution / communication of the other program Determining whether there is a public key that matches the public key group of the signature confirmation result by the device; When the authentication of the communication device is successful and there is at least one public key that matches the set of public keys as a result of the signature confirmation by both program execution / communication devices, both program execution / communication devices establish communication paths between processes. And a step of opening the file.

Further, in the program ID communication range control method according to the present invention, the two program execution / communication devices may be configured such that each signature has data created by combining the program body and the public key group and each public key corresponding to each signature. In the step of determining whether or not each of the signatures is generated by each of the secret keys forming a pair with the key, a digest obtained by hashing data created by combining the program main body and the public key group with a hash function is used. Consisting of each signature value encrypted with each private key paired with each public key representing the source of the program, the partner program execution / communication device converts each signature value with each public key representing the source of the program. Each of them is decrypted to obtain a digest group, and the data created by the program body and the public key group is hashed. To obtain a digest hashing the number, and judging whether said digest group and the digests match.

Furthermore, the program ID communication range control method of the present invention is characterized in that both program execution / communication devices execute and execute the other program by a public key system using a public key and a secret key attached to the other program execution / communication device. In the step of performing authentication of the communication device, both program execution / communication devices have a public key indicating a partner with which communication is possible, and a public key indicating the partner with which communication is possible and a public key associated with the partner program execution / communication device It is characterized in that it is determined whether or not one or more public keys of the key group match.

Further, according to the program ID communication range control method of the present invention, the two program execution / communication devices execute and communicate with each other by a public key system using a public key and a secret key attached to the other program execution / communication device. In the process of authenticating the device, a one-time public key
The password method is used, the own program execution / communication device obtains a public key attached to the other program execution / communication device from the other program execution / communication device, sends a random character string to the other program execution / communication device, The program execution / communication device encrypts the character string with a secret key attached to the partner program execution / communication device and sends it back to its own program execution / communication device, and its own program execution / communication device converts the encrypted character string. When the decrypted character string matches the previously transmitted character string with the public key obtained from the partner program execution / communication device, the partner program execution / communication device is authenticated.

Further, according to the program ID communication range control method of the present invention, both the program execution / communication devices succeed in the other program execution / communication device authentication and the public key of the signature confirmation result by both program execution / communication devices. In the step of opening a communication path between processes when there is a public key that coincides with the set of communication paths, the two program execution / communication apparatuses communicate with a communication apparatus that virtually forms a plurality of virtual communication paths per communication path. A virtual communication path resource group that exists for each public key representing the source of the program, and a communication path resource group, and when one or more public keys representing the source of the program are obtained, When a process generated based on the program performs communication, the communication device of both program execution / communication devices communicates with a virtual communication path resource corresponding to the obtained public key representing the origin. Assign a communication channel resources to one, and providing a communication path using the virtual path resources.

Further, according to the program ID communication range control method of the present invention, the virtual communication path resource group is a virtually defined socket, and each of the virtual communication path resource groups is virtually defined. The communication path resource group is a normal socket corresponding to each port of the socket, and each communication path resource group corresponds to each port of the normal socket.

On the other hand, a method for providing a communication path for each public key according to the present invention provides an information system comprising a program and a program execution / communication device which generates, executes and communicates a process based on the program. A communication device including a process generated and executed based on the program, wherein the program includes a program main body, a public key indicating a source of the program, and a plurality of virtual keys per communication path. A communication device forming a virtual communication channel, one or more virtual communication channel resources existing for each public key indicating the origin of the program, and one or more communication channel resources; When the device communicates by the process of the process generated based on the program, the public key indicating the origin and the requested virtual communication path resource are used. To in correspondence with the virtual communication path, characterized in that it comprises a step of providing a communication path using the virtual channel.

Furthermore, in the communication path providing method for each public key according to the present invention, the virtual communication path resource group is a virtually defined socket, and each of the virtual communication path resource groups is defined by the virtually defined socket. The communication path resource group is a normal socket, and each of the communication path resource groups corresponds to each port of the normal socket.

[0063]

Embodiments of the present invention will be described below in detail with reference to the drawings.

(1) First Embodiment Referring to FIG. 1, an information system to which a program authentication method without a secret key according to a first embodiment of the present invention is applied has an execution function and a communication function. Program execution
A portable device 11 to which a communication device is applied, a parent device 12 to which a communication / processing device having a communication function is applied, and a program 112 installed and executed in the portable device 11
Thus, the main part is constituted.

The execution function and the communication function are assumed to be Java (registered trademark of Sun Microsystems).

As the portable device 11, a portable telephone (PH)
S (including Personal Handy Phone)), a portable information terminal, and the like.

As the parent device 12, a POS (Point
Of Sales) terminals are assumed.

The communication function between the portable device 11 and the parent device 12 is based on Bluetooth, proposed by Ericsson and others.
Wireless LAN (Local Area Network)
k), PIAFS (PHS Internet Acc)
It is assumed to be realized by a short-range wireless communication technology such as ESS Forum Standard.

The portable device 11 includes a reliable embedded function unit 111 and a process 11 for executing the program 112.
20 and a secret key 1131 and a public key 1132 attached to the portable device 11.

The program 112 is composed of the program
21 and a public key 11 representing the origin of the program 112
221 and a hash value 11231 that is a signature (digital signature, electronic signature) obtained by encrypting a digest obtained by hashing the program body 1121 with a hash function with a private key (not shown) paired with the public key 11221. Have been. In the program 112, a program main body 1121, a public key 11221, and a hash value 11231 are integrally formed based on the source (manufacturer and the like) and the origin (version and the like).

The parent device 12 has a public key 1132 attached to the portable device 11 as a public key indicating a communication partner.

Referring to FIG. 2, the processing of the built-in function unit 111 and the parent device 12 of the portable device 11 includes a hash value confirmation step S101 and a communication request generation step S10.
2, a mobile device authentication step S103, a program source origin determination step S104, a program authentication step S105, and a program non-authentication step S106.

Next, the operation of the information system to which the secret keyless program authentication method according to the first embodiment configured as described above is applied will be described in detail with reference to FIG. 1 and FIG.

First, the portable device 11 includes the embedded function unit 1
11, the hash value 11231 becomes the program body 1
It is confirmed whether or not the key is generated by the secret key paired with the public key 12121 and the public key 11221 (step S101). Specifically, the built-in function unit 111 obtains a digest obtained by hashing the program main body 1121 by decrypting the hash value 11231 with the public key 11221, and obtains a digest by hashing the program main body 1121 with a known hash function. By verifying whether they match completely, the hash value 11231 is stored in the program body 1121 and the public key 11
It is determined whether or not the key is generated by the secret key paired with the secret key 221. That is, the program body 11
21 and public key 11221 are not tampered with,
Verify that the program 112 has a genuine source. Note that this confirmation process may be performed once when the program 112 is introduced into the portable device 11, for example, when the program 112 is downloaded.

Next, the program 112 in the portable device 11
Process 1120 for executing a communication request to communicate with the parent device 12 (step S10
2) or earlier, the parent device 12 is
The mobile device 11 is authenticated by a public key method using a public key 1132 and a secret key 1131 attached to the mobile device 11 (step S103).

For example, the parent device 12 has a public key 1132 attached to the portable device 11 held as a public key indicating a partner with which the parent device 12 can communicate, and a public key 1132 attached to the portable device 11 held by the portable device 11. Is determined, and if they match, authentication of the portable device 11 is performed.

Further, RSA (Rivest, Shami)
r, Adleman), the parent device 12 sends a random character string to the portable device 11 (“Challenge”), and the portable device 1 uses the one-time password (One Time Password) method using the public key of “A.
1 of the built-in function unit 111
Is encrypted with the secret key 1131 attached to the mobile device 11 and sent back to the parent device 12 (“Response”). If the decrypted character string matches the random character string sent earlier, the mobile device 11 is held as a partner who can communicate (that is, held as a public key indicating a partner who can communicate). Key 1 paired with public key 1232 attached to portable device 11
131).

If the authentication of the portable device 11 succeeds, the parent device 12 sends the public key 1122 of the hash value confirmation result by the portable device 11 from the built-in function unit 111 of the portable device 11.
1 and determines whether or not the program 112 has a genuine origin based on the hash value confirmation result by the portable device 11 (step S104). If so, the program 112 is obtained using the obtained public key 11221. Is authenticated (step S105).

On the other hand, if the authentication of the portable device 11 has failed (step S103), or if the public key 11221 is not the public key indicating the authentic origin of the program 112 (step S104), the parent device 12 112 is not authenticated.

According to the first embodiment, the program 1
Even if the parent device 12 does not have a secret key, the parent device 12
Since the program 112 that is the source of the process 1120 in the mobile device 11 that has attempted to communicate with the mobile device 2 can be authenticated, the mobile device 11 that operates based on the program 112 in an environment where it can be intercepted and tampered with When performing communication with the parent device 12, the parent device 12 can prevent spoofing of the program 112 and perform authentication.

(2) Second Embodiment Referring to FIG. 3, an information system to which a secret keyless program authentication method according to a second embodiment of the present invention is applied has an execution function and a communication function. Program execution
A portable device 21 to which a communication device is applied, a parent device 22 to which a communication / processing device having a communication function is applied, and a program 212 installed and executed in the portable device 21
Thus, the main part is constituted.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 21, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 22, a POS terminal or the like is assumed.

The communication function between the portable device 21 and the parent device 22 is based on Bluetooth, proposed by Ericsson and others.
It is assumed to be realized by short-range wireless communication technology such as wireless LAN and PIAFS.

The portable device 21 includes a reliable embedded function unit 211 and a process 21 for executing the program 212.
20 and a private key 2131 and a public key 2132 attached to the portable device 21.

The program 212 is composed of the program
21 and a public key group 2 representing the origin of the program 212
1221 to 2122n (n is a positive integer of 2 or more; the same applies hereinafter), the program body 2121 and the public key group 212
Digests obtained by hashing data created by combining the keys 21 to 2122n with a hash function are assigned to each public key 2
Each private key paired with 1221 to 2122n (not shown)
Hash value group 212 which is a signature group encrypted by
312123n. Note that the program 212 has a source (manufacturer and the like) and an origin (version and the like) in the program
The public key groups 2122-1212n and the hash value groups 21231-2123n are integrally formed.

The parent device 22 has a public key 2132 attached to the portable device 21 as a public key indicating a partner with which communication is possible.

Referring to FIG. 4, the processing of the built-in function unit 211 and the parent device 22 of the portable device 21 includes a hash value confirmation step S201 and a communication request generation step S20.
2, mobile device authentication step S203, program origin determination step S204, and program authentication step S204.
205 and a program non-authentication step S206.

Next, the operation of the information system to which the secret keyless program authentication method according to the second embodiment configured as described above is applied will be described in detail with reference to FIG. 3 and FIG.

First, the portable device 21 has the built-in function unit 2
11, each hash value 21231 to 2123n is stored in the program body 2121 and the public key group 21221 to 2112.
It is checked whether the key is generated by the secret key 2222 and each private key paired with each of the public keys 2122-12122n, and a group of public keys corresponding to the checked hash value is obtained (step S201). For details, see Embedded Function 2
Numeral 11 decrypts the hash values 2123-1212n with the public keys 2121-2212n, respectively, and decrypts the program body 2221 and the public key groups 2122-12122n.
To obtain a digest group obtained by hashing the data created by combining the program main body 2121 and the public key group 2122-1212n with a known hash function to obtain a digest. By verifying whether or not each of the groups completely matches, each hash value 21231 to 2123n is stored in the program body 2121 and the public key group 21221 to 2122n.
And each of the public keys 2122-12122n and each of the secret keys forming a pair with each other, to confirm whether or not each of them is generated, and to obtain a set of public keys corresponding to the confirmed hash values. That is, the program body 2121 and the public key groups 2122-1212n are not tampered,
Verify that the program 212 has a genuine source. Note that this confirmation process may be performed once when the program 212 is introduced into the portable device 21, for example, when the program 212 is downloaded.

Next, the program 212 in the portable device 21
Is performed by the process 2120 that executes the communication with the parent device 22 (step S202),
Alternatively, before that, the parent device 22 authenticates the portable device 21 by a public key method using the secret key 2131 and the public key 2132 attached to the portable device 21 (step S2).
03).

For example, the parent device 22 has a public key 2132 attached to the portable device 21 held as a public key indicating a partner with which the parent device 22 can communicate, and a public key 2132 attached to the portable device 21 held by the portable device 21. Is determined, and if they match, authentication of the portable device 21 is performed.

When the one-time password method using the public key of the RSA is used, the parent device 22 sends a random character string to the portable device 21 (“Challenging”).
e ”), the built-in function unit 211 of the mobile device 21 encrypts the character string with the secret key 2131 attached to the mobile device 21 and sends it back to the parent device 22 (“ Response ”).
The parent device 22 decrypts the encrypted character string with the public key 2132 attached to the portable device 21 which holds the public character in advance as a public key indicating a partner with whom communication is possible, and decrypts the decrypted character string and the random character string transmitted earlier. If they match, the public key 2132 attached to the portable device 21 that holds the portable device 21 as a partner with which the portable device 21 can communicate (that is, the public key indicating the partner with which the portable device 21 can communicate) is held.
(Which owns the secret key 2131 paired with the private key 2131).

When the authentication of the portable device 21 succeeds, the parent device 22 obtains a set of public keys of the hash value confirmation result by the portable device 21 from the built-in function unit 211 of the portable device 21, and checks the hash value by the portable device 21. If one or more public keys are included in the resulting set of public keys, it is determined that the program 212 has a genuine source (step S204), and the program 212 is partially or wholly programmed. 212 is authenticated (step S2
05).

On the other hand, when the authentication of the portable device 21 has failed (step S203), or when the public key indicating the authentic origin of the program 212 has not been obtained (step S204), the parent device 22 No authentication is performed (step S206).

In the second embodiment, if one or more public keys are included in the set of public keys as a result of the hash value confirmation by the portable device 21 in step S204, the program 212 is derived from the genuine source. However, the program 212 has a genuine source when only the public key groups 2122-1212n are included in the set of public keys of the hash value confirmation result by the portable device 21. May be determined.

According to the second embodiment, program 2
If the public key group 2121-2n is allowed to have the public key group 2121-2212n, a hash value group 21231-2123n, which is a signature group, is added to the public key group 2121-2212n held together with the program body 2121.
Program spoofing can be prevented.

(2) Third Embodiment Referring to FIG. 5, an information system to which a program ID communication processing control method according to a third embodiment of the present invention is applied has an execution function and a communication function. A portable device 31 to which a program execution / communication device is applied, a parent device 32 to which a communication / processing device having a communication function is applied, and a program 31 installed and executed in the portable device 31
2 constitutes the main part.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 31, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 32, a POS terminal or the like is assumed.

The communication function between the portable device 31 and the parent device 32 is based on Bluetooth, proposed by Ericsson and others.
It is assumed to be realized by short-range wireless communication technology such as wireless LAN and PIAFS.

The portable device 31 includes a reliable embedded function unit 311 and a process 31 for executing the program 312.
20.

The program 312 is composed of the program
21 and a public key 31 representing the origin of the program 312
221 and a secret key 31241. The source of the program 312 (manufacturer, etc.)
And the origin (version and the like), the program body 3121, the public key 32211, and the secret key 31241
Is created as one.

Referring to FIG. 6, the processes of the embedded function unit 311 of the portable device 31 and the parent device 32 include a communication request generation step S301 and a public key acquisition step S302.
, Program authentication step S303, communication / processing step S304, and no communication / processing step S305.

Next, the operation of the information system to which the program ID communication processing control method according to the third embodiment thus configured is applied will be described in detail with reference to FIG. 5 and FIG.

When the process 3120 for executing the program 312 in the portable device 31 generates a communication request for communicating with the parent device 32 (step S301), the parent device 32 executes the built-in function unit 311 of the portable device 31. Through the process 3120, a public key 31221 representing the origin of the program 312 that is the source of the process 3120 is obtained (step S30).
2).

Next, the parent device 32 sends a process 312 to the built-in function unit 311 of the portable device 31 by a public key method using a public key 31221 and a secret key 31241.
It authenticates whether or not the program 312 that is the base of 0 has a genuine origin (step S303).

For example, when the one-time password method using the public key of the RSA is used, the parent device 32 sends a random character string to the built-in section 311 of the portable device 31 (“Challenge”) and installs the portable device 31. The function unit 311 converts the character string into a public key 31221 indicating the origin of the program 312 that is the source of the process 3120.
The parent device 32 encrypts the character string with the secret key 31241 and sends it back to the parent device 32 (“Response”). The parent device 32 decrypts the encrypted character string with the public key 31221 received earlier, and If the sent random character string matches, the program 3 as a source of the process 3120
12 authenticates that it has a genuine origin (that is, the program 312 has a private key 31241 that is paired with a public key 31221 indicating the origin of the program 312).

If the authentication of the program 312 is successful (step S303), the parent device 32 executes the processing that occurs in the subsequent communication by performing access control with the user authority corresponding to the public key 31021 (step S30).
4).

On the other hand, if the authentication of the program 312 has failed (step S303), or if the user authority corresponding to the public key 31221 does not exist, the parent device 32
The process that is generated by the communication is not performed, or the process is executed with a specific restricted user authority (step S305).

According to the third embodiment, the program 3
Since communication is performed by access control based on the public key 31221 indicating the origin of the twelve sources, that is, information similar to the manufacturer and version of the program 312, security against malicious programs can be maintained.

Further, since communication is performed by access control based on the public key 31221 representing the origin of the program 312, that is, information similar to the manufacturer and version of the program 312, a distributed environment in which centralized management such as user management is difficult is difficult. Regarding processing by communication below, security against malicious programs can be maintained.

(4) Fourth Embodiment Referring to FIG. 7, an information system to which a program ID communication processing control method according to a fourth embodiment of the present invention is applied has an execution function and a communication function. A portable device 41 to which a program execution / communication device is applied, a parent device 42 to which a communication / processing device having a communication function is applied, and a program 412 installed and executed in the portable device 41
Thus, the main part is constituted.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 41, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 42, a POS terminal or the like is assumed.

[0119] The communication function between the portable device 41 and the parent device 42 is based on Bluetooth, proposed by Ericsson and others.
It is assumed to be realized by short-range wireless communication technology such as wireless LAN and PIAFS.

The portable device 41 includes a reliable embedded function unit 411 and a process 41 for executing the program 412.
20 and a private key 4131 and a public key 4132 attached to the portable device 41.

The program 412 is the program body 41
21 and a public key 41 indicating the origin of the program 412
221 and a hash value 41231 that is a signature obtained by encrypting a digest obtained by hashing the program body 4121 with a hash function using a secret key (not shown) paired with the public key 41221. In the program 412, the program main body 4121, the public key 41221, and the hash value 41231 are integrally created based on the source (manufacturer and the like) and the origin (version and the like).

The parent device 42 has a public key 4132 attached to the portable device 41 as a public key indicating a communication partner.

Referring to FIG. 8, the processing of the built-in function unit 411 of the portable device 41 and the processing of the parent device 42 include a hash value confirmation step S401 and a communication request generation step S40.
2, a mobile device authentication step S403, a program source origin determination step S404, and a communication / processing step S404.
405 and step S406 without communication and processing.

Next, the operation of the information system to which the program ID communication processing control method according to the fourth embodiment configured as described above is applied will be described in detail with reference to FIG. 7 and FIG.

First, the portable device 41 includes the built-in function unit 4
11, the hash value 41231 becomes the program body 4
It is confirmed whether or not the key is generated by using the secret key paired with the public key 121 and the public key 41221 (step S401). More specifically, the built-in function unit 411 decrypts the hash value 41231 with the public key 41221 to obtain a digest obtained by hashing the program body 4121, while hashing the program body 4121 with a known hash function to obtain a digest. By verifying whether or not they match completely, the hash value 41231 is stored in the program body 4121 and the public key 41
It is determined whether or not the key is generated by the secret key paired with the secret key 221. That is, the program body 41
21 and the public key 41221 are not tampered with,
Verify that the program 412 has a genuine source. Note that this confirmation process may be performed once when the program 412 is introduced into the portable device 41, for example, when the program 412 is downloaded.

Next, the program 412 in the portable device 41
4120 that executes a communication request to communicate with the parent device 42 (step S40).
2) or earlier, the parent device 42 is
Authentication of the portable device 41 is performed by a public key method using a public key 4132 and a secret key 4131 attached to (step S403).

For example, the parent device 42 has a public key 4132 attached to the portable device 41 held as a public key indicating a partner with which the parent device 42 can communicate, and a public key 4132 attached to the portable device 41 held by the portable device 41. Is determined, and if they match, the portable device 41 is authenticated.

When the one-time password method using the RSA public key is used, the parent device 42 sends a random character string to the portable device 41 (“Challenging”).
e ”), the built-in function unit 411 of the portable device 41 encrypts the character string with the secret key 4131 attached to the portable device 41 and sends it back to the parent device 42 (“ Response ”).
The parent device 42 decrypts the encrypted character string with the public key 4132 attached to the portable device 41 that holds the public character as a public key indicating a partner with whom the communication can be performed in advance. If they match, the public key 4132 attached to the portable device 41 that holds the portable device 41 as a partner with which the portable device 41 can communicate (that is, the public key indicating the partner with which the portable device 41 can communicate)
(Which owns the secret key 4131 paired with the private key 4131).

If the authentication of the portable device 41 succeeds, the parent device 42 obtains the public key 41221 from the built-in function unit 411 of the portable device 41, and the program 412 determines the authentic source based on the hash value confirmation result by the portable device 41. It is determined whether or not it has the origin (step S40).
4) If this is the case, access control is performed with the user authority corresponding to the public key 41221 to execute processing that occurs in the subsequent communication (step S405).

On the other hand, if the authentication of the portable device 41 has failed (step S403), and if the program 412 does not have an authentic origin (step S404),
Alternatively, when the user authority corresponding to the public key 41221 does not exist, the parent device 42 does not execute the process generated by the communication, or executes the access control with the specific determined user authority (step S406).

According to the fourth embodiment, program 4
Even if 12 does not have a secret key, the parent device 42
Since the program 412 that is the source of the process 4120 in the mobile device 41 that has attempted to communicate with the mobile device 41 can be authenticated, the mobile device 41 that operates based on the program 412 in an environment where it can be intercepted and tampered with is used. When performing communication with the parent device 42, the parent device 42 can prevent spoofing of the program 412 and perform authentication.

(5) Fifth Embodiment Referring to FIG. 9, an information system to which a program ID communication processing control method according to a fifth embodiment of the present invention is applied has an execution function and a communication function. A portable device 51 to which a program execution / communication device is applied, a parent device 52 to which a communication / processing device having a communication function is applied, and a program 512 installed and executed in the portable device 51
Thus, the main part is constituted.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 51, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 52, a POS terminal or the like is assumed.

The communication function between the portable device 51 and the parent device 52 is based on Bluetooth, proposed by Ericsson and others.
It is assumed to be realized by short-range wireless communication technology such as wireless LAN and PIAFS.

The portable device 51 includes a reliable embedded function unit 511 and a process 51 for executing the program 512.
20 and a private key 5131 and a public key 5132 attached to the portable device 51.

The program 512 is the program body 51
21 and a public key group 5 representing the origin of the program 512
Digests obtained by hashing data created by combining the program keys 1221 to 5122n, the program body 5121, and the public key groups 51221 to 5122n with a hash function are used as secret keys (not shown) paired with the public keys 51221 to 5122n, respectively. It is configured to include hash value groups 51231 to 5123n, which are encrypted signature groups. In the program 512, a program body 5121, a public key group 51221 to 5122n, and a hash value group 51231 to 5123n are integrally created based on the source (manufacturer and the like) and the origin (version and the like).

[0139] The parent device 52 has a public key 5132 attached to the portable device 51 as a public key indicating a partner with which communication is possible.

Referring to FIG. 10, the processes of the built-in function unit 511 of the portable device 51 and the parent device 52 include a hash value confirmation step S501 and a communication request generation step S5.
02, a mobile device authentication step S503, a program source origin determination step S504, a communication / processing step S505, and a no communication / processing step S506.

Next, the operation of the information system to which the program ID communication processing control method according to the fifth embodiment configured as described above is applied will be described in detail with reference to FIG. 9 and FIG.

First, the portable device 51 includes the embedded function unit 5
11, the hash values 51231 to 5123n are stored in the program body 5121 and the public key groups 51221 to 5112.
It is checked whether the key is generated by the private key paired with the public key 22n and each of the public keys 51221 to 5122n, and a group of public keys corresponding to the checked hash values is obtained (step S501). For details, see embedded function section 5
11 decrypts the hash values 51231 to 5123n with the public keys 51221 to 5122n, respectively, and decodes the program body 5121 and the public key groups 51221 to 5122n.
To obtain a digest group obtained by hashing the data created by combining the data, and hashing the data created by combining the program body 5121 and the public key groups 51221 to 5122n with a known hash function to obtain a digest. By verifying whether or not each of the groups completely matches, each hash value 51231 to 5123n becomes the program body 5121 and the public key group 51221 to 5122n.
And each of the public keys 5122-15122n and each of the secret keys that make a pair with each other, to confirm whether or not each of them has been generated, thereby obtaining a group of public keys corresponding to the confirmed hash values. That is, it is confirmed that the program body 5121 and the public key groups 51221 to 5122n are not falsified and the program 512 has a genuine origin. This confirmation process may be performed once when the program 512 is introduced into the portable device 51, for example, when the program 512 is downloaded.

Next, the program 512 in the portable device 51 will be described.
Is performed by the process 5120 for executing the communication with the parent device 52 (step S502),
Alternatively, before that, the parent device 52 authenticates the portable device 51 by a public key method using the public key 5132 and the private key 5131 attached to the portable device 51 (step S5).
03).

For example, the parent device 52 has a public key 5132 attached to the portable device 51 held as a public key indicating a partner with which the parent device 52 can communicate, and a public key 5132 attached to the portable device 51 held by the portable device 51. Is determined, and if they match, authentication of the portable device 51 is performed.

When the one-time password method using the public key of the RSA is used, the parent device 52 sends a random character string to the portable device 51 (“Challenging”).
e ”), the built-in function unit 511 of the mobile device 51 encrypts the character string with the secret key 5131 attached to the mobile device 51 and sends it back to the parent device 52 (“ Response ”).
The parent device 52 decrypts the encrypted character string with a public key 5132 attached to the portable device 51 that holds the public character in advance as a public key indicating a partner with whom the communication can be performed. If they match, the public key 5132 attached to the portable device 51 that holds the portable device 51 as a partner with which the portable device 51 can communicate (that is, the public key indicating the partner with which the portable device 51 can communicate)
(Which possesses the secret key 5131 paired with the private key 5131).

If the authentication of the portable device 51 succeeds, the parent device 52 obtains a set of public keys of the hash value confirmation result from the built-in function unit 511 of the portable device 51, and
If one or more public keys are included in the set of public keys as a result of the hash value confirmation, it is determined that the program 512 has a genuine origin (step S50).
4) Access control is performed on a process generated by the subsequent communication with a combination of user authorities corresponding to the respective public keys in the public key group of the hash value confirmation result (step S505).

On the other hand, if the authentication of the portable device 51 has failed (step S503), if the program 512 does not have a genuine origin (step S504), or a collection of public keys of the hash value confirmation result by the portable device 51 If there is no user right corresponding to the public key in the parent device 52, the parent device 52 does not execute the process generated by the communication, or executes access control with a specific restricted user right (step S506).

In the fifth embodiment, if at least one public key is included in the set of public keys as a result of the hash value confirmation by the portable device 51 in step S504, the program 512 is derived from the authentic source. But the program 512 has a genuine origin if and only if all of the public key groups 51221 to 5122n are included in the set of public keys as a result of the hash value confirmation by the portable device 51. May be determined.

According to the fifth embodiment, the program 5
12 is a public key group 5 representing the origin of the program 512
If it is permitted to have 1221 to 5122n, the public key group 51221 held together with the program body 5121
A hash value group 5123 which is a signature group for 5122n
By assigning 1 to 5123n, it is possible to prevent the spoofing of the program 512, and to perform access control on the processing generated by the communication using a combination of user authorities corresponding to each public key of the public key group of the hash value confirmation result. Can be performed.

(6) Sixth Embodiment Referring to FIG. 11, an information system to which a program ID communication range control method according to a sixth embodiment of the present invention is applied has a program execution function and a communication function. , A parent device 62 also having a program execution function and a communication function, a program 612 installed and executed on the mobile device 61, and a program 622 installed and executed on the parent device 62.
Its main part is configured.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 61, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 62, a POS terminal or the like is assumed.

The communication system used for the communication function between the portable device 61 and the parent device 62 is realized by a short-range wireless communication technology such as Bluetooth, wireless LAN, PIAFS, etc., proposed by Ericsson and others. .

The portable device 61 includes a reliable embedded function unit 611 and a process 61 for executing the program 612.
20.

The program 612 is composed of the program 61
21 and a public key 61 representing the origin of the program 612
22 and a secret key 6124.
It should be noted that the program 612 is based on its source (manufacturer, etc.) and origin (version, etc.).
21, a public key 6122 and a secret key 6124 are integrally formed.

The parent device 62 includes a reliable embedded function unit 621 and a process 622 for executing the program 622.
0 is included.

The program 622 is the program main unit 62
21 and a public key 62 representing the origin of the program 622
22 and a secret key 6224.
Note that the program 622 is based on the source (manufacturer, etc.) and origin (version, etc.)
21, a public key 6222 and a secret key 6224 are integrally formed.

Referring to FIG. 12, built-in function unit 611 of portable device 61 and built-in function unit 6 of parent device 62 are described.
The processing of No. 21 includes a communication request generation step S601, a public key acquisition step S602, and a mutual authentication step S603.
Public key comparison step S604, mutual authentication / public key match determination step S605, and communication permission step S60.
6 and a communication non-permission step S607.

Next, the operation of the information system to which the program ID communication range control method according to the sixth embodiment configured as described above is applied will be described in detail with reference to FIG. 11 and FIG.

The process 6120 for executing the program 612 in the portable device 61 and the program 62 in the parent device 62
In the case where a communication request is generated between the process 6220 and the process 6220 (step S601), the built-in function unit 611 of the portable device 61 first sends the program 612 as a source of the process 6120 to the built-in function unit 621 of the parent device 62.
, The embedded function unit 621 of the parent device 62 sends the public key 6122 representing the origin of the process 6220 to the embedded function unit 611 of the portable device 61.
2 sends the public key 6222 representing the origin of the source (step S
602), and then both public key 6122 and public key 62
22 is checked (step S60).
3).

Next, the built-in function unit 61 of the portable device 61
1 and the embedded function unit 621 of the parent device 62, the mutual authentication of the program 612 and the program 622 is performed (step S604).

For example, when the one-time password method using the public key of the RSA is used, the built-in function unit 611 of the portable device 61 is replaced with the built-in function unit 62 of the parent device 62.
Send a random string to 1 ("Challeng
e "), the built-in function unit 621 of the parent device 62 encrypts the character string with the secret key 6224 of the program 622 and sends it back to the built-in function unit 611 of the portable device 61 (" Re ").
response ”), the built-in function unit 61 of the portable device 61
1 decrypts the encrypted character string with the public key 6222, and if the decrypted character string matches the previously transmitted random character string, the program 622 that is the source of the process 6220 has the public key 6222 ( That is, the program 622 that is the source of the process 6220 authenticates that the program 622 has the private key 6224 paired with the public key 6222.

On the other hand, the built-in function unit 621 of the parent device 62
Sends a random character string to the built-in function unit 611 of the portable device 61 (“Challenge”).
Embedded function unit 611 encrypts the character string with the secret key 6124 attached to the portable device 61 and sends it back to the embedded function unit 621 of the parent device 62 (“Respons”).
e ″), the built-in function unit 621 of the parent device 62 decrypts the encrypted character string with the public key 6122, and if the decrypted character string matches the random character string sent earlier, the process 6120 starts. Is the public key 612
2 (ie, the program 612 that is the source of the process 6120 has the private key 6124 paired with the public key 6122).
).

Program 611 and program 612
Are mutually authenticated, and the public key 6122 and the public key 62
22 (step S605), the built-in function unit 611 of the portable device 61 and the built-in function unit 621 of the parent device 62 execute the process 61210 and the process 62.
The communication with the communication terminal 210 is permitted (step S606).

Conversely, if mutual authentication between the program 611 and the program 612 fails, or the public key 6122 indicating the origin of the program 612 and the program 6
If the public key 6222 indicating the origin of the P.22 does not match, the embedded function unit 611 of the portable device 61 and the embedded function unit 621 of the parent device 62 execute the process 6120
The communication between the process and the process 6220 is not permitted (step S607).

According to the sixth embodiment, the portable device 61
Program 612 in the parent device 62 and the program 622 in the parent device 62 can only communicate the matching public keys 6122 and 6222 with the accompanying programs 612 and 622, and cannot communicate with any other program. The distribution range of the information of the program 622 in the parent device 612 and the parent device 62 can be limited to the range of the program having the same origin.

The program 612 in the portable device 61
And the program 622 in the parent device 62 is associated with the corresponding public key 6122 and 6222.
2 and 622, and cannot communicate with any other program.
12 and the information of the program 622 in the parent device 62 do not leak out of the range of the program having the same origin even if the programs 612 and 622 run away.

[0169] Furthermore, the design of the control of the communication range in the distributed environment is facilitated in terms of security, and the degree of freedom does not change. The reason is that information leakage during communication, one of the most important problems in a distributed environment, is to distribute information only between manufacturers or similar programs,
Even if the distribution range of information is not designed at the time of design, there is no leakage to malicious parties, leakage of program bugs or runaway, and conversely, for one service, the whole thing related to the project This is because information can be distributed and the distribution range is sufficient if it is regarded as one manufacturer or similar.

(7) Seventh Embodiment Referring to FIG. 13, an information system to which a program ID communication range control method according to a seventh embodiment of the present invention is applied has a program execution function and a communication function. A portable device 71 having a function of executing a program and a communication function, a program 712 installed and executed on the portable device 71, and a program 722 installed and executed on the parent device 72.
Its main part is configured.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 71, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 72, a POS terminal or the like is assumed.

The communication method used for the communication function between the portable device 71 and the parent device 72 is realized by a short-range wireless communication technology such as Bluetooth, wireless LAN, PIAFS, etc. proposed by Ericsson and the like. .

The portable device 71 includes a reliable embedded function unit 711 and a process 71 for executing the program 712.
20, a private key 7131 and a public key 7132 associated with the portable device 71, and a public key 723 associated with the parent device 72.
2 is included.

The program 712 is composed of the program 71
21 and a public key 71 representing the origin of the program 712
22 and a hash value 7 which is a signature obtained by encrypting a digest obtained by hashing the program body 7121 using a hash function with a private key (not shown) paired with the public key 7122.
123. Program 7
Reference numeral 12 denotes a program body 7121 and a public key 712 based on the source (manufacturer and the like) and the origin (version and the like).
2, and the hash value 7123 are integrally created.

The parent device 72 includes a reliable embedded function unit 721 and a process 722 for executing a program 722.
0, a private key 7231 and a public key 7232 associated with the parent device 72, and a public key 7132 associated with the portable device 71.
It is comprised including.

The program 722 is composed of the program
21 and a public key 72 representing the origin of the program 722
And a hash value 7 which is a signature obtained by encrypting a digest obtained by hashing the program body 7221 with a hash function using a secret key (not shown) paired with the public key 7222.
223. Program 7
Reference numeral 22 denotes a program main body 7221 and a public key 722 based on its source (manufacturer and the like) and origin (version and the like).
2, and the hash value 7223 are integrally created.

Referring to FIG. 14, built-in function unit 711 of portable device 71 and built-in function unit 7 of parent device 72
The processing of No. 21 includes hash value confirmation steps S701 and S702, communication request generation step S703, mutual authentication step S704, and public key match determination step S70.
5, a communication permission step S706, and a communication non-permission step S707.

Next, the operation of the information system to which the program ID communication range control method according to the seventh embodiment configured as described above is applied will be described in detail with reference to FIG. 13 and FIG.

First, the portable device 71 includes the built-in function unit 7
11, the hash value 7123 is stored in the program
It is checked whether the key is generated by the public key group 7122 and the private key paired with the public key 7122 (step S701). More specifically, the built-in function unit 711 decrypts the hash value 7123 with the public key 7122 to obtain a digest obtained by hashing the program main body 7221, and hashes the program main body 7121 with a known hash function to obtain the digest. By testing for an exact match,
It is confirmed whether the hash value 7123 is generated by the program main body 7121, the public key group 7122, and the private key paired with the public key 7122. That is, it is confirmed that the program body 7121 and the public key 7122 are not falsified and the program 712 has a genuine origin. Note that this confirmation process may be performed once, for example, when the program 712 is introduced into the portable device 71 and downloaded, for example.

The parent device 72 also includes the built-in function unit 72.
1, the hash value 7223 is stored in the program body 722.
1 and a public key group 7222, and confirms whether the key is generated by a public key 7222 and a secret key paired with the public key 7222 (step S702). More specifically, the embedded function unit 721 decrypts the hash value 7223 with the public key 7222 to obtain a digest obtained by hashing the program main body 7221, and hashes the program main body 7221 with a known hash function to obtain a digest. By verifying whether or not they match completely, it is confirmed that the hash value 7223 is generated by the program body 7221, the public key group 7222, and the private key paired with the public key 7222. That is,
It is confirmed that the program body 7221 and the public key 7222 are not falsified and the program 722 has a genuine origin. Note that this confirmation processing is performed by the parent device 7.
2 may be performed once, for example, when the program 722 is introduced, for example, installed.

Next, the program 712 in the portable device 71
7120 and a process 7220 that executes the program 722 in the parent device 72 when a communication request is generated to perform communication (step S703).
Or before that, first, between the built-in function unit 711 of the portable device 71 and the built-in function unit 721 of the parent device 72, the private key 7131 and the public key 7132 with which the portable device 71 is attached, and the parent device 72 are attached. Mutual authentication of the portable device 71 and the parent device 72 is performed by the public key method using the secret key 7231 and the public key 7232 (Step S).
704).

For example, the parent device 72 has a public key 7132 attached to the portable device 71 held as a public key indicating a partner with which the parent device 72 can communicate, and a public key 71132 attached to the portable device 71 held by the portable device 71. Is determined, and if they match, authentication of the portable device 71 is performed. On the other hand, the mobile device 71 matches the public key 7232 attached to the parent device 72 held as a public key indicating a partner with which the mobile device 71 can communicate with the public key 72132 attached to the parent device 72 held by the parent device 72. It is determined whether or not the authentication is to be performed, and if they match, authentication of the parent device 72 is performed.

When the one-time password method using the public key of the RSA is used, the built-in function unit 711 of the portable device 71 sends a random character string to the parent device 72 (“Challenge”), and The built-in function unit 721 encrypts the character string with the secret key 7231 attached to the parent device 72 and sends it back to the portable device 71 (“Re
response ”), the embedded function unit 71 of the portable device 71
1 decrypts the encrypted character string with the public key 7232 attached to the parent device 72, and if the decrypted character string matches the random character string sent earlier, the other party can communicate with the parent device 72. (That is, one that possesses a private key 7231 paired with the public key 7232 attached to the parent device 72). On the other hand, the built-in function unit 721 of the parent device 72 sends a random character string to the portable device 71 (“Challen”).
ge ”), the built-in function unit 711 of the portable device 71 encrypts the character string with the secret key 7131 attached to the portable device 71 and sends it back to the parent device 72 (“ Respons ”).
e ″), the built-in function unit 721 of the parent device 72 decrypts the encrypted character string with the public key 7132 attached to the portable device 71, and if the decrypted character string matches the random character string sent earlier. The mobile device 71 is authenticated as a partner with which the mobile device 71 can communicate (that is, a device having a private key 7131 paired with the public key 7132 attached to the mobile device 71).

If the mutual authentication is successful, the built-in function unit 711 of the portable device 71 and the built-in function unit 721 of the parent device 72 provide a public key 7122 indicating the origin of the program 712 and a public key 7122 indicating the origin of the program 722.
222 are communicated to each other, and it is determined whether the two public keys match (step S705). Only when they match, the communication between the process 71210 and the process 72210 is permitted (step S706).

If the mutual authentication between the portable device 71 and the master unit 72 has failed (step S704), or the program 7
A public key 7122 and a program 72 representing the origins of the 12 sources
If the public key 7222 indicating the origin of the second device does not match (step S705), the built-in function unit 711 of the portable device 71 and the built-in function unit 721 of the parent device 72
Disables communication between the process 7120 and the process 7220 (step S707).

According to the seventh embodiment, the portable device 71
And the program 722 in the parent device 72 can communicate with the corresponding public keys 7122 and 7222 only with the accompanying programs 712 and 722 and cannot communicate with any other program. The distribution range of the information held by the program 722 in the 712 and the parent device 72 can be limited to the range of the program having the same origin.

The program 712 in the portable device 71
And the program 722 in the parent device 72 has the corresponding public key 7122 and 7222 associated program 71
2 and 722, and cannot communicate with any other program.
12 and the information of the program 722 in the parent device 72 does not leak out of the range of the program having the same origin even if the programs 712 and 722 run away.

Furthermore, the design of the control of the communication range in a distributed environment is facilitated in terms of security, and the degree of freedom does not change. The reason is that information leakage during communication, one of the most important problems in a distributed environment, is to distribute information only between manufacturers or similar programs,
Even if the distribution range of information is not designed at the time of design, there is no leakage to malicious parties, leakage of program bugs or runaway, and conversely, for one service, the whole thing related to the project This is because information can be distributed and the distribution range is sufficient if it is regarded as one manufacturer or similar.

Further, even if the programs 712 and 722 do not have a secret key, the portable device 71 and the master unit 72 can authenticate the programs 722 and 712 that are the sources of the processes 7220 and 7120 in the other party. Therefore, the programs 712 and 72 in an environment in which prying eyes and tampering are possible
In the case where communication is performed with the other party operating based on No. 2, the portable device 71 and the parent device 72 can prevent spoofing of the programs 722 and 712 and perform authentication.

(8) Eighth Embodiment Referring to FIG. 15, an information system to which a program ID communication range control method and a public key-based communication path providing method according to an eighth embodiment of the present invention is applied is described. In an information system to which the program ID communication range control method according to the seventh embodiment is applied, a portable device 81 and a parent device 82 are provided.
And virtual sockets 81511 to 8151i and 82611 to 8251j, which can allocate all port numbers for each public key with the communication devices 815 and 825, that is, can exist for each public key value with the same port number.
And sockets 81521 to 8152k and 82521
To 8252l. Note that parts corresponding to parts in the information system to which the program ID communication range control method according to the seventh embodiment is applied are denoted by reference numerals in which the first character of the code is changed from “7” to “8”. , And detailed description thereof will be omitted.

Each of the virtual sockets 81511 to 8151i and 82611 to 8251j may be a virtual communication channel or another communication path such as a pipe.
Other communication paths such as 21 to 8152k and 82521 to 8252l, channels, pipes and the like may be used.

Referring to FIG. 16, built-in function unit 811 of portable device 81 and built-in function unit 8 of parent device 82
The processing of No. 21 includes hash value confirmation steps S801 and S802, communication request generation step S803, mutual authentication step S804, and public key match determination step S80.
5, a communication permission step S806, and a communication non-permission step S807.

Next, the operation of the information system to which the program ID communication range control method according to the eighth embodiment configured as described above is applied will be described in detail with reference to FIGS.

Steps S801 to S805 and S807 are the same as steps S701 to S701 in the program ID communication range control method according to the seventh embodiment.
This is the same as steps S705 and S707.

In the operation of the information system to which the program ID communication range control method according to the seventh embodiment is applied, in the step S806 for permitting communication between the process 8120 and the process 8220, only when they match, The communication devices 815 and 825 are used between the embedded function unit 811 and the embedded function unit 821 for the pair of the public key 8122 and 8222 and the port number of the virtual socket requested by the process 81210 and the process 82210, respectively. One of the virtual communication paths formed in the communication path by the socket is allocated, and communication between the process 81210 and the process 82210 is permitted by the virtual communication path.

(9) Ninth Embodiment Referring to FIG. 17, an information system to which a program ID communication range control method according to a ninth embodiment of the present invention is applied has a program execution function and a communication function. , A parent device 92 also having a program execution function and a communication function, a program 912 installed and executed on the mobile device 91, and a program 922 installed and executed on the parent device 92.
Its main part is configured.

The execution function and the communication function are assumed to be Java or the like.

As the portable device 91, a portable telephone (PH)
S), portable information terminals and the like.

As the parent device 92, a POS terminal or the like is assumed.

The communication system used for the communication function between the portable device 91 and the parent device 92 is realized by a short-range wireless communication technology such as Bluetooth, wireless LAN, and PIAFS proposed by Ericsson and the like. .

The portable device 91 includes a reliable built-in function unit 911 and a process 91 for executing the program 912.
20, a private key 9131 and a public key 9132 associated with the portable device 91, and a public key 923 associated with the parent device 92.
2 is included.

The program 912 is composed of the program
21 and a public key group 9 representing the origin of the program 912
A digest obtained by hashing data created by combining 1221 to 9122n, the program body 9121, and the public key group 91221 to 9122n with a hash function is encrypted with each private key (not shown) paired with each of the public keys 91221 to 9122n. And a hash value group 91231 to 9123n, which is a group of signatures.
The program 912 is based on the source (manufacturer, etc.) and origin (version, etc.)
21, public key groups 91221 to 9122n and hash value groups 91231 to 9123n are integrally formed.

The parent device 92 includes a reliable embedded function unit 921 and a process 922 for executing the program 922.
0, a private key 9231 and a public key 9232 associated with the parent device 92, and a public key 9132 associated with the portable device 91.
It is comprised including.

The program 922 is composed of the program
21 and a public key group 9 representing the origin of the program 922
2221 to 9222 m (m is a positive integer on 2; the same applies hereinafter)
And a program body 9221 and a public key group 92221
To the public keys 92221 to 9222m.
It is configured to include hash value groups 92231 to 9223m, which are signature groups encrypted with each secret key (not shown) paired with 222m. Note that the program 922 includes a program body 9221 and public key groups 9221 to 9221 based on its source (manufacturer and the like) and origin (version and the like).
222m, and hash value groups 92231 to 9223m
Is created as one.

Referring to FIG. 18, built-in function unit 911 of portable device 91 and built-in function unit 9 of parent device 92
The processing of No. 21 includes hash value confirmation steps S901 and S902, communication request generation step S903, mutual authentication step S904, and public key match determination step S90.
5, a communication permission step S906, and a communication non-permission step S907.

Next, the operation of the information system to which the program ID communication range control method according to the ninth embodiment configured as described above is applied will be described in detail with reference to FIG. 17 and FIG.

First, the portable device 91 includes the built-in function unit 9.
11, the hash values 91231 to 9123n are stored in the program body 9121 and the public key groups 91221 to 9112, respectively.
It is checked whether the key is generated by the public key 22n and each private key paired with each of the public keys 91221 to 9122n, and a group of public keys corresponding to the checked hash values is obtained (step S901). For details, see embedded function section 9
Numeral 11 deciphers the hash values 91231 to 9123n with the public keys 91221 to 9122n, respectively, and executes the program body 9121 and the public key groups 91221 to 9122n.
To obtain a digest group obtained by hashing data created by combining the program main body 9121 and the public key group 91221 to 9122n with a known hash function to obtain a digest. By verifying whether or not each of the groups completely matches, each hash value 91231 to 9123n becomes a private key paired with the program body 9121, the public key group 91221 to 9122n, and each public key 91221 to 9122n. And that each was generated by
A set of public keys corresponding to the confirmed hash value is obtained.
That is, the program body 9121 and the public key group 91
It is confirmed that at least one or more public keys in 221 to 9122n are not falsified and have a genuine origin. This confirmation process may be performed once when the program 912 is introduced into the portable device 91, for example, when the program 912 is downloaded.

Also in the portable device 92, the built-in function unit 921 determines that the hash values 92231 to 9223n correspond to the program body 9221 and the public key groups 9221 to 922.
2n and each private key 92221 to 9222n to confirm whether each key is generated by each private key (not shown), and obtain a set of public keys corresponding to the confirmed hash values (step S902). ). Specifically, the built-in function unit 921 calculates the hash values 92231 to 9223
m are decrypted by public keys 92221 to 9222m, respectively, and the program body 9221 and public key groups 92221 to 9221-9 are decrypted.
Each of the digests obtained by hashing the data created by combining 222 m is obtained, while the program body 922 is obtained.
1 and public key groups 92221 to 9222m are combined to obtain a digest obtained by hashing with a known hash function, and verify whether or not both digests are completely the same, thereby obtaining each hash value 92231 to 9223n. Is the program body 9221, public key groups 9221 to 9222n, and each public key 9222
It is confirmed that each key is generated by a secret key (not shown) forming a pair with 1 to 9222n, and a group of public keys corresponding to the confirmed hash values is obtained. That is, the program body 9221 and the public key group 9222
It is confirmed that at least one or more public keys in 1 to 9222 m are not falsified and have a genuine origin. Note that this confirmation processing is performed by the parent
22 is installed, for example 1 when installed
It may be performed twice.

Next, the program 912 in the portable device 91 will be described.
9120 and a process 9220 that executes the program 922 in the parent device 92 when a communication request is generated to perform communication (step S903).
Or before that, first, between the built-in function unit 911 of the portable device 91 and the built-in function unit 921 of the parent device 92, the secret key 9131 and the public key 9132 attached to the portable device 91 and the parent device 92 are attached. Mutual authentication is performed by a public key method using the secret key 9231 and the public key 9232 (step S904).

For example, the parent device 92 has a public key 9132 attached to the portable device 91 held as a public key indicating a partner with which the parent device 92 can communicate, and a public key 91132 attached to the portable device 91 held by the portable device 91. Is determined, and if they match, authentication of the portable device 91 is performed. On the other hand, the portable device 91 has a public key 9232 attached to the parent device 92 held as a public key indicating a partner with which the mobile device 91 can communicate, and a public key 92132 attached to the parent device 92 held by the parent device 92 matches. It is determined whether or not the authentication is to be performed, and if they match, authentication of the parent device 92 is performed.

When the one-time password method using the public key of the RSA is used, the built-in function unit 911 of the portable device 91 sends a random character string to the parent device 92 (“Challenge”). The built-in function unit 921 encrypts the character string with the secret key 9231 attached to the parent device 92 and sends it back to the portable device 91 (“Re
response ”), embedded function unit 91 of portable device 91
1 indicates that the encrypted character string is decrypted using the public key 9232 attached to the parent device 92, and if the decrypted character string matches the previously transmitted random character string, the parent device 92 may communicate with the other party. (That is, the private key 9231 paired with the public key 9232 attached to the parent device 92). On the other hand, the built-in function unit 921 of the parent device 92 sends a random character string to the portable device 91 (“Challen”).
ge ”), the built-in function unit 911 of the portable device 91 encrypts the character string with the secret key 9131 attached to the portable device 91 and sends it back to the parent device 92 (“ Respons ”).
e ”), the built-in function unit 921 of the parent device 92 decrypts the encrypted character string with the public key 9132 attached to the portable device 91, and if the decrypted character string matches the random character string sent earlier. The mobile device 91 is authenticated as a partner that can communicate with the mobile device 91 (that is, a device that has a private key 9131 paired with a public key 9132 attached to the mobile device 91).

If the mutual authentication is successful, the built-in function unit 911 of the portable device 91 and the built-in function unit 921 of the parent device 92 inform each other of the set of hash value confirmation result public keys, and if the matching public key is It is determined whether there is any one (step S905). Only when there is at least one matching public key, the process 91210 and the process 922 are performed.
The communication is permitted with the server 10 (step S906).

[0215] If the mutual authentication of the portable device 91 or the master unit 92 has failed in step S904, or in step S9
If there is no matching public key in 05, the built-in function unit 911 of the portable device 91 and the built-in function unit 921 of the parent device 92 execute the process 9120 and the process 922.
The communication with 0 is not permitted (step S907).

In the ninth embodiment, in step S 905, the public key that matches the set of public keys of the hash value check result by the portable device 91 and the set of public keys of the hash value check result by the parent device 92 are matched. If one or more are included, it is determined that the programs 912 and 922 have authentic origins. However, the collection of the public keys of the hash value confirmation result by the portable device 91 and the hash value confirmation result by the parent device 92 The communication between the process 91210 and the process 92210 may be permitted only when all public keys of the public key group of the public key match the public key of the public key.

According to the ninth embodiment, the program 9
12 and 922 are allowed to have public key groups 91221 to 9122n and 92221 to 9222n representing the origins of the programs 912 and 922, respectively, and public key groups 91221 to 9122n and 92221 to 922 held together with the program bodies 9121 and 9221.
Hash value group 91231-9 which is a signature group for 2n
Since 123n and 92231 to 9223n are added, it is possible to prevent spoofing of the programs 512 and 522.

[0218]

The first effect is that when an external device communicates with a device that operates based on a program in an environment where it can be seen and tampered with, it prevents spoofing and authenticates the program of the communication partner. That you can do.
The reason is that the program can be authenticated without a secret key.

The second effect is that it is possible to prevent a program from impersonating and allow a program to have a public key indicating a plurality of sources. The reason is that if it is allowed to have a plurality of public keys representing the origins, the public key group held together with the program body is signed.

The third effect is to maintain security against malicious programs. The reason is that communication is performed by access control based on an ID indicating the origin of the program, that is, information similar to the manufacturer and version of the program.

A fourth effect is that security for processing by communication in a distributed environment that does not require a centralized management system such as user management can be maintained. The reason is that communication is performed by access control based on an ID indicating the origin of the program, that is, information similar to the manufacturer and version of the program, so that security against malicious programs can be maintained.

A fifth effect is that the distribution range of the information of the program in the program execution / communication device is limited to the range of the program having the same origin. The reason is that the program in the program execution / communication device can communicate only with the program having the ID indicating the matching origin, and cannot communicate with any other program.

The sixth effect is that even if the program runs away, the information of the program in the program execution / communication device does not leak out of the range of the program having the same origin. The reason is that the program in the program execution / communication device has an ID indicating the origin
This is because it can communicate only with the program having the above, and cannot communicate with any other program.

A seventh effect is that the distribution range of the information of the program in the program execution / communication device is limited to the range of the program having the same origin. The reason is that the program in the program execution / communication device can communicate only between the programs provided by those holding the same secret key by using the public ID as the ID indicating the origin of the coincidence. It is.

The eighth effect is that the design of the control of the communication range in the distributed environment is easy in security and the degree of freedom does not change. The reason is,
Regarding information leakage at the time of communication, which is one of the most important problems in a distributed environment, since information is distributed only between programs having the same origin, even if the distribution range of information is not designed at design time, malicious By leaking to others with bugs, program bugs, and runaways, and conversely, in one service, assuming that it is a single manufacturer or similar that is related to the project in its entirety, This is because information can be distributed and the distribution range is sufficient.

A ninth effect is to maintain security against malicious programs. The reason is that the communication is performed based on the ID indicating the origin of the program, that is, information similar to the manufacturer and version of the program.

The tenth effect is that security for processing by communication in a distributed environment that does not require a centralized management system such as user management can be maintained. The reason is that communication is performed based on an ID indicating the origin of the program, that is, information similar to the manufacturer and version of the program, so that security against malicious programs can be maintained.

The eleventh effect is that when communication is performed for each public key, system design relating to a communication path is easy. The reason is that which communication channel is occupied by which public key is previously defined.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an information system to which a program authentication method without a secret key according to a first embodiment of the present invention is applied.

FIG. 2 is a flowchart showing processing of the information system to which the program authentication method without a secret key according to the first embodiment is applied.

FIG. 3 is a block diagram showing a configuration of an information system to which a program authentication method without a secret key according to a second embodiment of the present invention is applied.

FIG. 4 is a flowchart showing processing of an information system to which a program authentication method without a secret key according to a second embodiment is applied.

FIG. 5 is a program I according to a third embodiment of the present invention.
1 is a block diagram illustrating a configuration of an information system to which a D communication processing control method is applied.

FIG. 6 is a flowchart showing processing of an information system to which a program ID communication processing control method according to a third embodiment is applied.

FIG. 7 shows a program I according to a fourth embodiment of the present invention.
1 is a block diagram illustrating a configuration of an information system to which a D communication processing control method is applied.

FIG. 8 is a flowchart showing processing of an information system to which a program ID communication processing control method according to a fourth embodiment is applied.

FIG. 9 shows a program I according to a fifth embodiment of the present invention.
1 is a block diagram illustrating a configuration of an information system to which a D communication processing control method is applied.

FIG. 10 is a flowchart showing processing of an information system to which a program ID communication processing control method according to a fifth embodiment is applied.

FIG. 11 is a block diagram showing a configuration of an information system to which a program ID communication range control method according to a sixth embodiment of the present invention is applied.

FIG. 12 is a flowchart showing processing of an information system to which a program ID communication range control method according to a sixth embodiment is applied.

FIG. 13 is a block diagram showing a configuration of an information system to which a program ID communication range control method according to a seventh embodiment of the present invention is applied.

FIG. 14 is a flowchart showing processing of an information system to which a program ID communication range control method according to a seventh embodiment is applied.

FIG. 15 is a block diagram showing a configuration of an information system to which a program ID communication range control method according to an eighth embodiment of the present invention is applied.

FIG. 16 is a flowchart showing processing of an information system to which a program ID communication range control method according to an eighth embodiment is applied.

FIG. 17 is a block diagram showing a configuration of an information system to which a program ID communication range control method according to a ninth embodiment of the present invention is applied.

FIG. 18 is a flowchart showing processing of an information system to which a program ID communication range control method according to a ninth embodiment is applied.

FIG. 19 is a block diagram illustrating an example of a configuration of a conventional information system.

FIG. 20 is a block diagram illustrating another example of the configuration of a conventional information system.

FIG. 21 is a block diagram illustrating another example of the configuration of a conventional information system.

[Explanation of symbols]

, 91 Portable device 12, ..., 92 Parent device 111, ..., 911 Built-in function unit 112, ..., 912 Program 1120, ..., 9120 Process 1121, ..., 9121 Program body 11221 to 1122n, ..., 91221 to 9122n
Public keys 11231 to 1123n, ..., 91231 to 9123n
Hash values 11241 to 1124n, ..., 91241 to 9124n
, 9131 Private keys 1131 to 8151i, 82511 to 8251j Virtual sockets 81521 to 8152k, 82521 to 8252l Sockets S101, S201, S401, S501, S701,
S702, S801, S802, S901, S902
Hash value confirmation step S102, S202, S301, S402, S502,
S601, S703, S803, S903 Communication request generation step S103, S203, S403, S503 Mobile device authentication step S104, S204, S404, S504 Program origin origin determination step S105, S205, S303 Program authentication step S106, S206 Program non-authentication step S302 , S602 Public key acquisition step S304, S405, S505 Communication / processing step S305, S406, S506 No communication / processing step S603, S704 Mutual authentication step S604 Public key comparison step S605 Mutual authentication / public key match determination step S606, S706, S806 , S906 Communication permission step S607, S707, S807, S907 Communication non-permission step S705, S805, S905 The key match judgment step S804, S904 mutual authentication step

Claims (35)

[Claims] 1. An information system comprising: a program; a program execution / communication device for generating and executing a process based on the program; and a communication / processing device for communicating with the program execution / communication device. A program execution / communication device includes a public key and a secret key attached to the program execution / communication device, and a process generated and executed based on the program, wherein the program includes a program main body and a source of the program. Including a public key representing the origin and a signature performed on the program body with a private key paired with the public key, wherein the program execution / communication device determines that the signature is derived from the source of the program body and the program. Verifying that the key is generated by a public key to be represented and a secret key forming a pair with the private key. Before the communication / processing device communicates with the communication / processing device by the processing of the process generated based on the program, the communication / processing device determines whether the public key and the secret key associated with the program execution / communication device A step of performing authentication of the program execution / communication device by a public key method using a key, and the signature generated by the program body and a secret key paired with a public key indicating the origin of the program. If it is confirmed that there is, the program execution / communication device performs the communication / communication by processing a process generated based on the program.
Before communicating with a processing device, the communication / processing device obtains a public key indicating the origin of the program; and a public key indicating that the program execution / communication device has been successfully authenticated and the origin of the program has been identified. If you get the key,
Certifying that the communication / processing device indicates the origin of the program as the origin of the program. 2. The method according to claim 1, wherein the program execution / communication device checks whether the signature is generated by the program body and a public key representing a source of the program and a secret key forming a pair with the signature. Wherein the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a secret key paired with a public key representing the origin of the program, and wherein the program execution / communication device includes the signature value. Decrypting with a public key representing the origin of the program to obtain a digest, hashing the program body with a hash function to obtain a digest, and determining whether both digests match. Program authentication method without private key described. 3. The communication / processing device according to claim 1, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. The apparatus includes a public key indicating a partner with which communication is possible, and determines whether or not the public key indicating the partner with which communication is possible matches the public key attached to the program execution / communication apparatus. 3. The method according to claim 1, wherein the program execution / communication device is authenticated. 4. The method according to claim 1, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a private key attached to the program execution / communication device. A time password method is used, the communication / processing device sends a random character string to the program execution / communication device, and the program execution / communication device attaches the character string to the program execution / communication device; The communication / processing device encrypts the encrypted character string and sends it back to the communication / processing device. 3. The method according to claim 1, further comprising the step of: authenticating the program execution / communication device if the character string matches with the previously transmitted character string. Law. 5. An information system comprising: a program; a program execution / communication device for generating and executing a process based on the program; and a communication / processing device for communicating with the program execution / communication device. A program execution / communication device includes a public key and a secret key attached to the program execution / communication device, and a process generated and executed based on the program, wherein the program includes a program main body and a source of the program. The program execution / communication device, comprising: a public key group indicating the origin; and a signature group performed on data created by combining the program body and the public key group with each private key paired with each public key. However, each signature has data created by combining the program body and the public key group and each public key corresponding to each signature. A step of confirming whether the key is generated by an open key and each secret key forming a pair, and obtaining a set of public keys corresponding to the signatures confirmed to be generated; and executing the program. Before the communication device communicates with the communication / processing device by performing a process of the process generated based on the program, the communication / processing device exchanges a public key and a secret key associated with the program execution / communication device. Authenticating the program execution / communication device using the public key method used, and executing the program execution when at least one public key corresponding to the signature confirmed to be generated is obtained. Before the communication device communicates with the communication / processing device by processing a process generated based on the program, the communication / processing device determines the origin of the program. Obtaining a public key, and, if the authentication of the program execution / communication device is successful and the public key indicating the origin of the program is obtained, the communication / processing device sets the program execution / communication device Authenticating each public key resulting from the signature verification by indicating the origin of the program. 6. The program execution / communication device, wherein each signature is generated from data created by combining the program body and the public key group, and each private key paired with each public key corresponding to each signature. In the step of confirming whether or not the signature has been obtained, and obtaining a set of public keys corresponding to the confirmed signature, each signature hashes data created by a combination of the program body and the public key group with a hash function. The program execution / communication device converts each signature value from each public key representing the origin of the program to each digest value with each signature value encrypted with each secret key paired with each public key representing the source of the program. Each key is decrypted to obtain a digest group, and the data created by the combination of the program body and the public key group is processed. A hash function is used to obtain a digest, and it is determined whether or not the digest matches the digest group.
Program authentication method without private key described. 7. The communication / processing device according to claim 1, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. The apparatus includes a public key indicating a partner with which communication is possible, and determines whether or not the public key indicating the partner with which communication is possible matches the public key attached to the program execution / communication apparatus. 7. The method according to claim 5, wherein the program execution / communication device is authenticated. 8. The method according to claim 8, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a private key attached to the program execution / communication device. A time password method is used, the communication / processing device sends a random character string to the program execution / communication device, and the program execution / communication device attaches the character string to the program execution / communication device; The communication / processing device encrypts the encrypted character string and sends it back to the communication / processing device. 7. The authentication method according to claim 5, wherein the authentication unit authenticates the program execution / communication device if the character string matches the sent character string. Law. 9. An information system comprising: a program; a program execution / communication device for generating and executing a process based on the program; and a communication / processing device for communicating with the program execution / communication device. The program includes a program body and an ID group indicating the origin of the program, the program execution / communication device includes a process generated and executed based on the program, and the program execution / communication device includes The communication and communication by the process of the process generated based on the program
Before communicating with the processing device, the communication / processing device
I representing the source of the program that is the source of the process
A step of obtaining a part or all of the group D; and, when one or more IDs indicating the origin are obtained, the communication / processing device executes the program execution / processing by processing a process generated based on the program. Performing communication with the communication device;
A process performed by the communication, wherein the communication / processing device performs an access control based on an ID group indicating the origin derived from the program execution / management device. Communication processing control method. 10. A program, a program execution / communication device for generating and executing a process based on the program,
In an information system comprising a communication / processing device for performing communication with the program execution / communication device, the program includes a program body, a public key indicating the origin of the program, and a secret key paired with the public key. Including
The program execution / communication device includes a process generated and executed based on the program, and the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program. Previously, said communication / processing device obtains a public key indicating a source of said program which is a source of a process for causing said program execution / communication device to communicate with said program execution / communication device; A step in which the device authenticates the program by a public key method using a public key and a secret key representing the origin of the program, and when the program is authenticated, the communication / processing device Performing communication with the program execution / communication device by access control based on the program. ID communication processing control method. 11. A step in which the communication / processing apparatus authenticates the obtained public key by a public key method using a public key and a secret key representing the origin of the program, and one time·
A password method is used, the program execution / communication device sends the public key to the communication / processing device, and the communication / processing device sends a random character string to the program execution / communication device, and executes the program execution. The communication device sends back a character string obtained by encrypting the character string with the secret key to the communication / processing device, and the communication / processing device decrypts the encrypted character string with the sent public key. 11. The program ID communication processing control method according to claim 10, wherein the program is authenticated if the decrypted character string matches the previously transmitted character string. 12. A program, a program execution / communication device for generating and executing a process based on the program,
In an information system including a communication / processing device that performs communication with the program execution / communication device, the program execution / communication device includes a public key and a secret key attached to the program execution / communication device, The program includes a process that is originally generated and executed.The program includes a program main body, a public key representing the origin of the program, and a signature performed on the program main body with a private key paired with the public key. The program execution and communication device, the step of confirming whether the signature is generated by the program body and a secret key that is paired with a public key representing the origin of the program, the A program execution / communication device communicates with the communication / processing device by processing a process generated based on the program. A step in which the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a private key attached to the program execution / communication device; And a public key indicating the origin of the program and a secret key forming a pair with the public key, the program execution / communication device performs processing of a process generated based on the program. Before performing communication with the communication and processing device, the communication and processing device obtains a public key representing the origin of the program,
If the authentication of the program execution / communication device is successful and a public key indicating the origin of the program is obtained, the communication / processing device indicates the origin of the program from the program execution / communication device. Get the public key,
Performing a communication with the program execution / communication device by an access control based on the public key. 13. The step of the program execution / communication device confirming whether or not the signature is generated by the program body and a secret key paired with a public key indicating the origin of the program. Wherein the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a secret key paired with a public key representing the origin of the program, and wherein the program execution / communication device includes the signature value. Decrypting with a public key representing the origin of the program to obtain a digest, hashing the program body with a hash function to obtain a digest, and determining whether both digests match. The program ID communication processing control method described above. 14. The communication / processing device according to claim 1, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. The device has a public key indicating a partner with whom the device can communicate, and
14. The program ID communication processing control method according to claim 12, wherein it is determined whether a public key attached to the communication device matches a public key indicating a partner with which communication is possible. 15. The method according to claim 15, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. A time password method is used, the communication / processing device sends a random character string to the program execution / communication device,
The program execution / communication device encrypts the character string with a secret key attached to the program execution / communication device, and sends the encrypted character string back to the communication / processing device. 13. The program execution / communication device is authenticated if the decrypted character string matches a previously transmitted character string with a public key indicating a party with whom communication can be held and stored. Or the program ID communication processing control method according to 13. 16. A program, a program execution / communication device for generating and executing a process based on the program,
In an information system including a communication / processing device that performs communication with the program execution / communication device, the program execution / communication device includes a public key and a secret key attached to the program execution / communication device, The program includes a process that is originally generated and executed, and the program generates a program body, a public key group indicating the origin of the program, and data generated by combining the program body and the public key group. The program execution / communication device includes a signature group performed by each private key paired with a public key, wherein each signature corresponds to data created by combining the program body and the public key group and each signature. Check if it was generated by each public key and each private key paired with it, and confirm that it was generated. Obtaining a set of public keys corresponding to the recognized signatures, and before the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program, A processing device for performing authentication of the program execution / communication device by a public key method using a public key and a private key attached to the program execution / communication device, and confirming that the generated device is the generated device. Public key corresponding to signature is 1
If more than one is obtained, before the program execution / communication device communicates with the communication / processing device by processing a process generated based on the program,
A processing device for obtaining a public key indicating the origin of the program; and, when the authentication of the program execution / communication device is successful and the public key indicating the origin of the program is obtained, the communication / processing is performed. Performing a communication with the program execution / communication device by an access control based on a part or all of a set of public keys of a signature confirmation result by the program execution / communication device. ID communication processing control method. 17. The program execution / communication device, wherein each signature is generated from data created by combining the program body and the public key group and each private key paired with each public key corresponding to each signature. In the step of checking whether or not the signature has been obtained, each signature is a digest obtained by hashing data created by combining the program body and the public key group with a hash function with each public key representing the origin of the program. The program execution / communication device is configured by combining each digest obtained by decrypting each signature value with each public key, the program main body, and the public key group. Determining whether the digest obtained by hashing the created data with a hash function matches 17. The program ID communication processing control method according to claim 16, wherein: 18. The communication / processing device according to claim 1, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. The device has a public key indicating a partner with whom the device can communicate, and
18. The program ID communication processing control method according to claim 16, wherein it is determined whether a public key attached to a communication device matches a public key indicating a partner with which communication is possible. 19. The method according to claim 19, wherein the communication / processing device authenticates the program execution / communication device by a public key method using a public key and a secret key attached to the program execution / communication device. A time password method is used, the communication / processing device sends a random character string to the program execution / communication device,
The program execution / communication device encrypts the character string with a secret key attached to the program execution / communication device, and sends the encrypted character string back to the communication / processing device. 17. The program execution / communication device is authenticated if the decrypted character string matches the previously transmitted character string, using a public key indicating a party with whom communication can be held. Or the program ID communication processing control method according to item 17. 20. An information system comprising a program and a plurality of program execution / communication devices each of which generates and executes a process based on the program, wherein the program includes a program main body and an origin of the program. A process that includes a group of IDs and that is generated by a certain program execution / communication device based on a certain program is different from another process generated by another certain program execution / communication device based on the program or another certain program. Before performing communication, both program execution / communication devices obtain a part or all of an ID group representing the origin of the program that is a source of a process in the partner program execution / communication device; and When a group of IDs is obtained, both program execution / communication devices indicate the origins obtained. The ID group is compared with the ID group indicating the origin of the program which is the source of the process in the own program execution / communication device. If there is at least one matching ID indicating the origin of the program, the communication path is determined. A program ID communication range control method. 21. An information system comprising a program and a plurality of program execution / communication devices for generating and executing each process based on each program, wherein the program represents a program body and a source of the program. A process that includes a public key and a secret key that is paired with the public key and that is generated by a program execution / communication device based on a certain program can be used to execute another program based on the program or another certain program. Before communicating with another process generated by the communication device, both program execution / communication devices determine the origin of the program that is the source of the process in the communication device from the execution of the other program / communication device. Obtaining the public keys to be represented, and the two program execution / communication devices Determining whether the public key obtained from the device matches the public key representing the source of the program that is the source of the process in the own program execution / communication device; and both program execution / communication devices, Mutual authentication of the program that is the source of the process in the other program execution and communication device using a public key and a secret key that represents the origin of the program in the other program execution and communication device, and The public key obtained from the partner program execution / communication device matches the public key indicating the origin of the program which is the source of the process in the own program execution / communication device, and the process in the partner program execution / communication device And when both programs are mutually authenticated, the two program execution / communication devices open a communication path. Program ID
Communication range control method. 22. A process in a partner program execution / communication device using both a public key and a secret key indicating the origin of the program as a source of a process in the partner program execution / communication device. In the step of performing mutual authentication of the program that is the source of the program, a one-time password method using a public key is used, and both program execution / communication devices execute their own program execution / Sends a random character string to the partner device execution / communication device, respectively, and sends the character string to the partner program execution / communication device from the source of the program that is the source of the process in the communication device. A character string encrypted with a private key paired with a public key representing The own program execution / communication device decrypts the encrypted character string with the corresponding public key, and if the decrypted character string matches the previously transmitted character string, the other program execution / communication device communication device The program ID communication range control method according to claim 21, wherein a program serving as a source of the process is authenticated. 23. An information system comprising a program and a plurality of program execution / communication devices for generating and executing each process based on each program, wherein the program execution / communication device includes a self-program execution / communication device. , A public key and a private key attached to the other party's program execution / communication device, and a process generated and executed based on the program. A public key indicating the origin and a signature performed on the program body by a secret key paired with the public key, and a process generated by a program execution / communication device based on a program causes the program or Communicates with another process created by another program execution / communication device based on another program Before performing, the two program execution and communication device, to confirm whether the signature is generated by the program body and a secret key that is paired with a public key representing the origin of the program and Prior to performing the communication, both program execution and communication device, a step of performing authentication of the other program execution and communication device by a public key method using a public key and a secret key attached to the other program execution and communication device, The two program execution / communication devices perform the communication when it is confirmed that the signature is generated by the program main body and a secret key that forms a pair with a public key indicating the origin of the program. Transmitting the public key to the other party's program execution / communication device; and transmitting the public key to the other party's program execution / communication device. Determining whether or not the public key obtained and the public key indicating the origin of the program that is the source of the process in the own program execution / communication device match; and Are mutually authenticated, and when the public key obtained from the partner program execution / communication device matches the public key indicating the origin of the program as the source of the process in the own program execution / communication device,
A step of both program execution / communication devices opening a communication path. 24. A step in which both program execution / communication devices confirm whether or not the signature is generated by the program body and a public key indicating a source of the program and a secret key forming a pair. Wherein the signature comprises a signature value obtained by encrypting a digest obtained by hashing the program body with a hash function with a private key paired with a public key representing the origin of the program. 24. A digest is obtained by decrypting the program with a public key indicating the origin of the program, and a digest is obtained by hashing the program body with a hash function, and it is determined whether both digests match. Or 24
The program ID communication range control method described above. 25. A step in which both program execution / communication apparatuses authenticate the other program execution / communication apparatus by a public key method using a public key and a secret key attached to the other program execution / communication apparatus. The communication device has a public key indicating a partner with which communication is possible, and the public key indicating the partner with which communication is possible is executed with one or more public keys of a public key group attached to the communication device. 25. The program ID communication range control method according to claim 23, wherein it is determined whether or not the program ID communication range is set. 26. A step in which both program execution / communication devices authenticate a partner program execution / communication device by a public key method using a public key and a secret key attached to the partner program execution / communication device. One-time password method is used, executing own program
The communication device obtains a public key attached to the partner program execution / communication device from the partner program execution / communication device, sends a random character string to the partner program execution / communication device, and executes the partner program execution / communication device with the character string. Is encrypted with a secret key attached to the partner program execution / communication device and sent back to the own program execution / communication device, and the own program execution / communication device obtains the encrypted character string from the partner program execution / communication device. 3. The communication device according to claim 2, wherein the decrypted character string matches with the previously transmitted character string by using a public key, and the other party's program execution / communication device is authenticated.
25. The program ID communication range control method according to 3 or 24. 27. When both program execution / communication devices succeed in authenticating the partner program execution / communication device and there is a public key that matches the set of public keys in the signature confirmation result by both program execution / communication devices. In the step of opening a communication path between processes, the two program execution / communication apparatuses are each provided with a communication apparatus that virtually forms a plurality of virtual communication paths per communication path, and a public key representing the origin of the program. When a public key indicating the origin of the program is obtained, the process includes a virtual communication path resource group and a communication path resource group existing in The communication device of the two program execution / communication devices allocates a communication channel resource to one of the virtual communication channel resources corresponding to the obtained public key indicating the origin, and performs communication using the virtual communication channel resource. 28. The program ID communication range control method according to claim 26, wherein a path is provided. 28. An information system comprising a program, and a plurality of program execution / communication devices for generating and executing each process based on each program, wherein the program execution / communication device is its own program execution / communication device. , A public key associated with the partner program execution / communication device, and a process generated and executed based on each program. Each program includes a program itself and a source of the program. A program execution / communication device including a public key group indicating the origin and a signature group performed on data created by combining the program body and the public key group with each private key paired with each public key. Each signature is data created by combining the program body and the public key group, and each public key corresponding to each signature. And a step of confirming whether the program is generated by each of the secret keys forming a pair with each other. A step of executing the partner program execution and authentication of the communication device by a method,
Both program execution / communication devices inform the partner program execution / communication device of the set of public keys of the signature confirmation result by the own program execution / communication device, and the collection of public keys of the signature confirmation result by the own program execution / communication device and the partner A step of determining whether there is a public key that matches the public key set of the signature confirmation result by the program execution / communication device; and When there is at least one public key that matches the set of public keys in the signature confirmation result,
A step of opening the communication path between the processes by both of the program execution / communication devices. 29. Both of the program execution / communication devices generate each signature from data created by combining the program body and the public key group, and each private key paired with each public key corresponding to each signature. In the step of determining whether the signature has been obtained, each signature is a digest obtained by hashing data created by combining the program body and the public key group with a hash function with each public key representing the origin of the program. It consists of each signature value encrypted with each pair of secret keys.
The communication device obtains a digest group by decrypting each signature value with each public key representing the origin of the program, and hashes the data created by the program body and the public key group with a hash function to generate a digest. 29. The program ID communication range control method according to claim 28, further comprising determining whether or not the digest matches the digest group. 30. A step in which both program execution / communication devices authenticate the other program execution / communication device by a public key method using a public key and a secret key attached to the other program execution / communication device. The communication device has a public key indicating a partner with which communication is possible, and the public key indicating the partner with which communication is possible is executed with one or more public keys of a public key group attached to the communication device. 30. The program ID communication range control method according to claim 28, wherein it is determined whether or not to perform the communication. 31. A step in which both of the program execution / communication devices authenticate the partner program execution / communication device by a public key method using a public key and a secret key attached to the partner program execution / communication device. One-time password method is used, executing own program
The communication device obtains a public key attached to the partner program execution / communication device from the partner program execution / communication device, sends a random character string to the partner program execution / communication device, and executes the partner program execution / communication device with the character string. Is encrypted with a secret key attached to the partner program execution / communication device and sent back to the own program execution / communication device, and the own program execution / communication device obtains the encrypted character string from the partner program execution / communication device. 3. The communication device according to claim 2, wherein the decrypted character string matches with the previously transmitted character string by using a public key, and the other party's program execution / communication device is authenticated.
30. The program ID communication range control method according to 8 or 29. 32. When both program execution / communication devices succeed in the authentication of the partner program execution / communication device and there is a public key that matches the set of public keys of the signature confirmation results by both program execution / communication devices. In the step of opening a communication path between processes, the two program execution / communication apparatuses are each provided with a communication apparatus that virtually forms a plurality of virtual communication paths per communication path, and a public key representing the origin of the program. When one or more public keys indicating the origin of the program are obtained, the process generated based on the program includes a virtual communication path resource group and a communication path resource group existing in The communication device of both program execution and communication devices allocates communication channel resources to one of the virtual communication channel resources corresponding to the obtained public key indicating the origin, and allocates the virtual communication channel resources. 32. The program ID communication range control method according to claim 31, wherein a communication channel is provided. 33. The virtual communication path resource group is a virtually defined socket, and each of the virtual communication path resource group corresponds to each port of the virtually defined socket. 33. The program ID communication range control method according to claim 27, wherein the group is a normal socket, and each of the communication path resource groups corresponds to each port of the normal socket. 34. An information system comprising a program and a program execution / communication device for generating, executing and communicating a process based on the program, wherein the program execution / communication device generates and executes a process based on the program. A communication device that includes a process to be executed, the program itself, a public key indicating the origin of the program, a communication device that virtually forms a plurality of virtual communication paths per communication path, and the program A virtual communication path resource that is present at least once for each public key representing the origin of the
A public key indicating a source and a requested virtual communication path when the program execution / communication device performs communication by processing of a process generated based on the program, the communication path including one or more communication path resources; A method for providing a communication path for each public key, comprising the step of providing a communication path using a virtual communication path by pairing a communication resource with a virtual communication path. 35. The virtual communication path resource group is a virtually defined socket, and each of the virtual communication path resource groups corresponds to each port of the virtually defined socket. 35. The method according to claim 34, wherein the groups are ordinary sockets, and each of the communication path resource groups corresponds to each port of the ordinary socket.