Application authentication system, secure device, and terminal device
First Claim
1. An application authentication system comprising:
- a terminal device on which an application is operated; and
a secure device connected fixedly or detachably to the terminal device,wherein the terminal device includes;
a memory comprising an application recording unit configured to record the application which is operated on the terminal device and performs processing using data held by the secure device; and
application running unit configured to run the application,wherein the secure device includes;
another memory comprising a data holding unit configured to hold the data used by the application which is operated on the terminal device;
verifying unit configured to verify validity of the application running unit and validity of the application; and
accepting unit configured to accept access from the application to the data held in the data holding unit when the validities of the application running unit and the application are authenticated,wherein the application running unit calculates digest data of the application and sends the digest data to the verifying unit after the validity of the application running unit is authenticated by the verifying unit, andwherein the verifying unit verifies the validity of the application using the transmitted digest data.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides an application authentication system capable of authenticating an application on a terminal device, which does not have a secure information concealing area, by a secure device. In an application authentication system in which a secure device 10 fitted to a terminal device 30 that has no secure information concealing area authenticates an application 31 stored in the terminal device, the secure device 10 authenticates an application running means 33 stored in an unwritable area 302 of the terminal device, and also authenticates the application based on a process applied to the application 31 by the application running means to request an access to the secure device. Since the terminal authentication by the secure device and the application authentication executed within the terminal device are coupled in combination, the secure device can authenticate the application operated on the terminal device without the secure information concealing area.
-
Citations
12 Claims
-
1. An application authentication system comprising:
-
a terminal device on which an application is operated; and a secure device connected fixedly or detachably to the terminal device, wherein the terminal device includes; a memory comprising an application recording unit configured to record the application which is operated on the terminal device and performs processing using data held by the secure device; and application running unit configured to run the application, wherein the secure device includes; another memory comprising a data holding unit configured to hold the data used by the application which is operated on the terminal device; verifying unit configured to verify validity of the application running unit and validity of the application; and accepting unit configured to accept access from the application to the data held in the data holding unit when the validities of the application running unit and the application are authenticated, wherein the application running unit calculates digest data of the application and sends the digest data to the verifying unit after the validity of the application running unit is authenticated by the verifying unit, and wherein the verifying unit verifies the validity of the application using the transmitted digest data.
-
-
2. A secure device connected fixedly or detachably to a terminal which includes application running unit configured to run an application, the secure device comprising:
-
a memory comprising a data holding unit configured to hold data used by the application; verifying unit configured to verify validity of the application running unit and validity of the application; and accepting unit configured to accept access from the application to the data held in the data holding unit when the validities of the application running unit and the application are authenticated, wherein the application running unit of the terminal calculates digest data of the application and sends the digest data to the verifying unit after the validity of the application running unit is authenticated by the verifying unit, and wherein the verifying unit verifies the validity of the application using the transmitted digest data. - View Dependent Claims (3, 4)
-
-
5. A terminal connected fixedly or detachably to a secure device which holds data used by an application operated on the terminal, verifies validity of running unit configured to run the application, verifies validity of the application using digest data of the application calculated by the running unit, validity of which is authenticated, accepts access by the application to the data when the validities of the running unit and the application are authenticated, the terminal comprising:
-
the running unit configured to run the application; a memory comprising an application recording unit configured to record the application which is operated on the terminal and performs processing using the data held by the secure device; and recording unit configured to record the running unit which runs the application, wherein the running unit calculates the digest data of the application and sends the digest data to the secure device when the running unit is authenticated by the secure device. - View Dependent Claims (6, 7)
-
-
8. An authenticating method used in a secure device, comprising a memory, and that is fixedly or detachably connected to a terminal which includes running unit configured to running an application, the method comprising:
-
providing, in the secure device, data holding unit configured to hold data used by the application which is operated on the terminal, verifying unit configured to perform authentication, and accepting unit configured to accept access to the data; verifying validity of the running unit by the verifying unit; calculating digest data of the application and transmitting the digest data to the verifying unit if the validity of the running unit is authenticated by the verifying unit; verifying validity of the application on the terminal by the verifying unit using the transmitted digest data; and accepting, by the accepting unit, access from the application to the data held by the data holding unit when the validities of the running unit and the application are authenticated.
-
-
9. An application authentication system comprising:
-
a secure device for managing data used by an application, the secure device comprising a memory; and running unit configured to run a Basic Input Output System (BIOS), an Operating System (OS) operated on the BIOS, executing software operated on the OS and executing the application, and the application, wherein the secure device verifies validity of the BIOS, wherein the BIOS verifies validity of the OS after the verification by the secure device, wherein the OS verifies validity of the executing software after the verification by the BIOS, wherein the executing software performs at least a part of processing of verifying validity of the application after the verification by the OS, and wherein the secure device allows the application to use the data after the validity of the application is verified. - View Dependent Claims (10, 11)
-
-
12. A method used in a system having a secure device for managing data used by an application and comprising a memory, and running unit configured to run a Basic Input Output System (BIOS), an Operating System (OS) operated on the BIOS, executing software operated on the OS and executing the application, and the application, the method comprising:
-
verifying validity of the BIOS by the secure device; verifying validity of the OS by the BIOS after the verification by the secure device; verifying validity of the executing software by the OS after the verification by the BIOS; performing at least a part of processing of verifying validity of the application by the executing software after the verification by the OS; and allowing the application to use the data by the secure device after the validity of the application is verified.
-
Specification