Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

US 20050033983A1
Filed: 08/04/2004
Published: 02/10/2005
Est. Priority Date: 08/06/2003
Status: Active Grant

First Claim

Patent Images

1. A secure device that stores an application to be processed by an information processing terminal, the secure device comprising an application issuer that embeds, in the application, information for an authentication of said application, and issues this application to the information processing terminal.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is designed to enable a secure device to authenticate a terminal application that operates on an information processing terminal and that accesses the secure device. An application issue request transmitter (301) of the information processing terminal (30) sends a request for issue of a terminal application to an application issuer (101). The application issuer (101) of an secure device (10) reads a terminal application (31) from an application storage (105) and embeds authentication information in the terminal application (31), associates an ID and the authentication information of the terminal application (31) and save them in an issue information storage (106), and sends the terminal application (31) to an application receiver (302) of the information processing terminal through an application transmitter (102). The application receiver (302) starts the terminal application (31). An application authenticator (311) of the terminal application (31) performs an authentication with the secure device (10) by means of the application authentication information.

51 Citations

View as Search Results

32 Claims

1. A secure device that stores an application to be processed by an information processing terminal, the secure device comprising an application issuer that embeds, in the application, information for an authentication of said application, and issues this application to the information processing terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 28, 29)
- - 2. The secure device of claim 1, wherein, for the information for the authentication of the application, the application issuer embeds, in the application, authentication information of a varying value upon every issue of an application.
  - 3. The secure device of claim 2, wherein the application issuer generates issue information from the authentication information embedded in the application;
    - and wherein the secure device further comprises an authenticator that uses the issue information generated by the application issuer and performs an authentication of the application operating on the information processing terminal.
  - 4. The secure device of claim 3, wherein, for the issue information, the application issuer generates an authentication key from the authentication information.
  - 5. The secure device of claim 3, wherein the application issuer includes the authentication information in the issue information;
    - and wherein the authenticator calculates an authentication key from the authentication information, and, using this authentication key, performs the authentication of the application operating on the information processing terminal.
  - 6. The secure device of claim 4, further comprising a communicator that, after the application operating on the information processing terminal is authenticated by the authenticator using the authentication key, generates a key apart from the authentication key, shares this key with the application operating on the information processing terminal, and performs communications.
  - 7. The secure device of claim 4, wherein the application issuer sets a predetermined expiration term of the authentication key;
    - and wherein the authenticator measures a time after the application issuer issues an application until the application issuer authenticates the application, and, if the time is within the predetermined expiration term, the application issuer performs the authentication, or, if the time is greater than the predetermined expiration term, the application issuer revokes the authentication key and does not perform the authentication.
  - 8. The secure device of claim 1, wherein the application issuer embeds the authentication information in the application in accordance with an instruction that specifies a method of embedding the authentication information in the application.
  - 9. The secure device of claim 1, wherein the application issuer includes dummy data in the authentication information and embeds said authentication information in the application.
  - 10. The secure device of claim 1, wherein the application is programmed to erase the authentication information upon completion of processing on the information processing terminal.
  - 11. The secure device of claim 1, wherein the application comprises an MTA (Master Trusted Agent) that has a function to substitute part of processing of the secure device on the information processing terminal, and a non-MTA application;
    - and wherein the application issuer issues the MTA to the information processing terminal before issuing the non-MTA application.
  - 12. The secure device of claim 11, wherein, when the MTA is issued to and started on the information processing terminal, and authenticated using the authentication information embedded in the MTA, the MTA requests the application issuer through the function to substitute part of processing of the secure device to issue the non-MTA application for enabling the information processing terminal to perform the processing.
  - 13. The secure device of claim 1, wherein the application comprises an MTA that has a function to substitute part of processing of the secure device on the information processing terminal;
    - and wherein, when the MTA is issued to and started on the information processing terminal, and authenticated using the authentication information embedded in the MTA, the MTA requests an application encryption key for decoding an encrypted application stored in the information processing terminal from the secure device, through the function to substitute part of processing of the secure device.
  - 14. The secure device of claim 13, further comprising:
    - an encryption key storage that associates and stores identification information of a non-MTA application comprising an application ID, and an application encryption key corresponding to the non-MTA application; and
      
      an encryption key transmitter that, upon receiving the application ID from the MTA, transmits the application encryption key corresponding to the application ID, to the MTA.
  - 15. The secure device of claim 14, wherein the MTA uses the application encryption key and decodes the encrypted application.
  - 16. The secure device of claim 15, wherein the MTA uses the application encryption key and decodes the encrypted application, and lets the decoded application and the secure device share the authentication information.
  - 17. The secure device of claim 15, wherein the MTA passes the authentication information to the non-MTA application and lets the non-MTA application and the secure device share the authentication information.
  - 18. The secure device of claim 15, wherein the MTA embeds the authentication information in the non-MTA application and lets the non-MTA application and the secure device share the authentication information.
  - 19. The secure device of claim 15, wherein the MTA receives the authentication information from the secure device, and lets the non-MTA application and the secure device share the authentication information.
  - 20. The secure device of claim 15, wherein the MTA passes the authentication information to the secure device and shares the authentication information with the secure device.
  - 28. The secure device of claim 1, wherein the application issuer comprises:
    - an authentication information algorithm generator that, on a random basis, generates an algorithm for calculating authentication information;
      
      an authentication information method generator that converts the algorithm generated on a random basis into μ
      
      l a command sequence that is executable on the information processing terminal, and generates an authentication information method; and
      
      an authentication information method embedder that embeds in the application the authentication information method as authentication information for authentication of the application and issues the application to the information processing terminal.
  - 29. The secure device of claim 1, wherein the application issuer comprises:
    - an information calculator that calculates information for authentication of the application, an information embedder that embeds the information for authentication of the application in the application; and
      
      a scrambler that receives the application having the information for authentication of the application embedded therein, scrambles this application to a degree that does not change execution of the application, and issues the application to the information processing terminal.

21. An information processing terminal comprising:
- an application issue request transmitter that, upon starting an application, requests a secure device to issue the application with authentication information embedded in said application;
  
  an application receiver that receives the application issued by the secure device with authentication information embedded in said application; and
  
  an application executor that executes the application, wherein, when the application executor starts and executes the application, the application and the secure device perform an authentication of the application using the authentication information.

22. An information processing terminal comprising:
- an application issue request transmitter that requests issue of an application;
  
  a receiver that receives an application issued by a secure device; and
  
  an application executor that executes the application, wherein the application issue request transmitter requests issue of an MTA that has a function to substitute part of processing of the secure device to the secure device and receives the MTA issued by the secure device, and the application executor starts and performs an authentication between the secure device and the MTA using the authentication information embedded in the MTA; and
  
  wherein, subsequently, the application issue request transmitter requests the MTA to issue a non-MTA application, the MTA requests the secure device to issue the non-MTA application, receives and starts the non-MTA application issued by the secure device, and performs an authentication between the secure device and the non-MTA application using authentication information embedded in the non-MTA application.
- View Dependent Claims (23)
- - 23. The information processing terminal of claim 22, wherein the MTA comprises an application executor that executes an application;
    - and wherein the application executor of the MTA starts the non-MTA application received from the secure device, and performs an authentication between the secure device and the non-MTA application using the authentication information embedded in the non-MTA application.

24. An information processing terminal comprising:
- an encrypted application storage that stores an encrypted application, said encrypted application being decodable by means of an application encryption key stored in a secure device;
  
  an application issue request transmitter that requests issue of the application; and
  
  an application executor that executes the application, wherein the application issue request transmitter requests issue of an MTA that has a function to substitute part of processing of the secure device to the secure device and receives the MTA issued by the secure device, and the application executor starts and performs an authentication between the secure device and the MTA using the authentication information embedded in the MTA; and
  
  wherein, subsequently, the application issue request transmitter requests the MTA to issue a non-MTA application, and the MTA requests an application encryption key from the secure device, receives the application encryption key from the secure device, and decodes and executes the encrypted application stored in the encrypted application storage.
- View Dependent Claims (25)
- - 25. The information processing terminal of claim 24, wherein the MTA comprises an application executor that executes an application;
    - and wherein the application executor of the MTA executes an application received from the secure device and decoded by means of an application encryption key.

26. A terminal application generation apparatus that generates an application to be processed by an information processing terminal and has a secure device store the application, the terminal application generation apparatus comprising:
- an embedment preparator that receives a source code of the application, prepares for an embedment of authentication information, and outputs the source code, in which the authentication information can be embedded, and an instruction template that comprises a prototype of an instruction specifying a method of the embedment of the authentication information;
  
  a compiler that compiles the source code, in which the authentication information can be embedded, into a bytecode that is executable on the information processing terminal; and
  
  an instruction generator that receives the bytecode and the instruction template and generates the instruction, wherein the bytecode and instruction are transmitted to and stored in the secure device.

27. An application authentication method, comprising:
- having a secure device store an application that operates on an information processing terminal;
  
  having the secure device generate authentication information in response to an application issue request from the information processing terminal, embed the authentication information in the application, and transmit the application to the information processing terminal;
  
  having the information processing terminal start the application and perform an authentication of the application with the secure device using the authentication information; and
  
  having the secure device authenticate the application.

30. An integrated circuit in an information processing terminal, comprising:
- an application executor that executes an application on the information processing terminal, an application issue request transmitter that, upon starting the application, requests a secure device to issue the application with authentication information embedded in said application; and
  
  an application receiver that receives the application issued by the secure device with authentication information embedded in said application, wherein, upon execution of the application, an authentication of the application is performed with the secure device using the authentication information.

31. An integrated circuit in an information processing terminal, comprising:
- an application executor that executes an application on the information processing terminal;
  
  an application issue request transmitter that requests issue of the application; and
  
  , an application receiver that receives the application issued by the secure device, wherein the application issue request transmitter requests issue of an MTA (Master Trusted Agent) that has a function to substitute part of processing of the secure device to the secure device, receives and starts the MTA issued by the secure device, and performs an authentication of the MTA with the secure device using the authentication information embedded in the MTA; and
  
  wherein, subsequently, the application issue request transmitter requests the MTA to issue a non-MTA application, the MTA requests the secure device to issue the non-MTA application, receives and starts the non-MTA application issued by the secure device, and performs an authentication with the secure device using authentication information embedded in the non-MTA application.

32. An integrated circuit in an information processing terminal, comprising:
- an application executor that executes an application on an information processing terminal;
  
  an application issue request transmitter that request issue of the application;
  
  wherein the application issue request transmitter requests issue of an MTA (Master Trusted Agent) that has a function to substitute part of processing of a secure device to the secure device, receives and starts the MTA issued by the secure device, and performs an authentication of the MTA with the secure device using the authentication information embedded in the MTA; and
  
  wherein, subsequently, the application issue request transmitter requests the MTA to issue a non-MTA application, and the MTA requests an application encryption key from the secure device, receives the application encryption key from the secure device, and decodes and executes an encrypted application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Takayama, Hisashi, Takekawa, Hiroshi, Naka, Ken

Granted Patent

US 8,572,386 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06F 21/62   Protecting access to data v...

G06F 21/77   in smart cards

G06F 21/78   to assure secure storage of...

G06F 2221/2153   Using hardware token as a s...

Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links