Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

US 8,572,386 B2
Filed: 08/04/2004
Issued: 10/29/2013
Est. Priority Date: 08/06/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A secure device comprising:

a storage that stores predetermined data;

an application storage that stores an application to be processed by an information processing terminal to obtain the predetermined data from the secure device, an information processing terminal obtaining the predetermined data from the secure device by executing the application at the information processing terminal, the information processing terminal not having the application for obtaining the predetermined data from the secure device;

an application issuer that, upon receipt of a request from the information terminal, embeds in the application, as information for an authentication of said application, authentication information which is generated by the secure device on a random basis so as to have a varying value upon every issue of said application;

an application transmitter that transmits, to said information processing terminal, said application in which said information for said authentication of said application is embedded by the secure device and having the varying value upon every issue of said application;

an authenticator that, upon every issue of said application, performs with said information processing terminal an authentication process for said application executed on said information processing terminal, using said information for said authentication of said application embedded in said application, thereby obtaining a different authentication result upon every issue of said application; and

a communicator that transmits to said information processing terminal said predetermined data stored in said storage, when said application executed on said information processing terminal is authenticated.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is designed to enable a secure device to authenticate a terminal application that operates on an information processing terminal and that accesses the secure device. An application issue request transmitter (301) of the information processing terminal (30) sends a request for issue of a terminal application to an application issuer (101). The application issuer (101) of an secure device (10) reads a terminal application (31) from an application storage (105) and embeds authentication information in the terminal application (31), associates an ID and the authentication information of the terminal application (31) and save them in an issue information storage (106), and sends the terminal application (31) to an application receiver (302) of the information processing terminal through an application transmitter (102). The application receiver (302) starts the terminal application (31). An application authenticator (311) of the terminal application (31) performs an authentication with the secure device (10) by means of the application authentication information.

Citations

23 Claims

1. A secure device comprising:
- a storage that stores predetermined data;
  
  an application storage that stores an application to be processed by an information processing terminal to obtain the predetermined data from the secure device, an information processing terminal obtaining the predetermined data from the secure device by executing the application at the information processing terminal, the information processing terminal not having the application for obtaining the predetermined data from the secure device;
  
  an application issuer that, upon receipt of a request from the information terminal, embeds in the application, as information for an authentication of said application, authentication information which is generated by the secure device on a random basis so as to have a varying value upon every issue of said application;
  
  an application transmitter that transmits, to said information processing terminal, said application in which said information for said authentication of said application is embedded by the secure device and having the varying value upon every issue of said application;
  
  an authenticator that, upon every issue of said application, performs with said information processing terminal an authentication process for said application executed on said information processing terminal, using said information for said authentication of said application embedded in said application, thereby obtaining a different authentication result upon every issue of said application; and
  
  a communicator that transmits to said information processing terminal said predetermined data stored in said storage, when said application executed on said information processing terminal is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The secure device of claim 1,wherein the application issuer generates issue information from the authentication information embedded in the application;
    - andthe authenticator performs the authentication process for said application executed on the information processing terminal, using the issue information generated by the application issuer.
  - 3. The secure device of claim 2, wherein, for the issue information, the application issuer generates an authentication key from the authentication information as the issue information.
  - 4. The secure device of claim 3,wherein the communicator that, after the application operating on the information processing terminal is authenticated by the authenticator using the authentication key, generates a shared key, the shared key being distinct from the authentication key, shares the shared key with the information processing terminal, and performs communications with the information processing terminal using the shared key.
  - 5. The secure device of claim 3,wherein the application issuer sets a predetermined expiration term of the authentication key;
    - andwherein the authenticator measures a time after the application issuer issues an application until the application issuer authenticates the application, and, if the time is within the predetermined expiration term, the application issuer performs the authentication, or, if the time is greater than the predetermined expiration term, the application issuer revokes the authentication key and does not perform the authentication.
  - 6. The secure device of claim 1,wherein the application issuer generates an authentication key from the authentication information embedded in the application;
    - andwherein the authenticator performs the authentication process for said application executed on the information processing terminal, using the authentication key generated by the application issuer.
  - 7. The secure device of claim 1,wherein the application issuer embeds the authentication information in the application in accordance with an instruction that specifies a method of embedding the authentication information in the application.
  - 8. The secure device of claim 1,wherein the application issuer includes dummy data in the authentication information and embeds said authentication information in the application.
  - 9. The secure device of claim 1,wherein the application is programmed to erase the authentication information upon completion of processing on the information processing terminal.
  - 10. The secure device of claim 1,wherein the application comprises an MTA (Master Trusted Agent) that has a function to substitute part of processing of the secure device on the information processing terminal, and a non-MTA application;
    - andwherein the application issuer issues the MTA to the information processing terminal before issuing the non-MTA application.
  - 11. The secure device of claim 10, wherein, when the MTA is issued to and started on the information processing terminal, and authenticated using the authentication information embedded in the MTA, the MTA requests the application issuer through the function to substitute part of processing of the secure device to issue the non-MTA application for enabling the information processing terminal to perform a process executed by the non-MTA application.
  - 12. The secure device of claim 1,wherein the application comprises an MTA that has a function to substitute part of processing of the secure device on the information processing terminal;
    - andthe information processing terminal stores an encrypted non-MTA application to be processed by the information processing terminal,wherein, when the MTA is issued to and started on the information processing terminal, and authenticated using the authentication information embedded in the MTA, the MTA requests an application encryption key for decoding the encrypted non-MTA application stored in the information processing terminal from the secure device, through the function to substitute part of processing of the secure device.
  - 13. The secure device of claim 12, further comprising:
    - an encryption key storage that stores identification information of the non-MTA application comprising an application ID, and an application encryption key corresponding to the non-MTA application; and
      
      an encryption key transmitter that, upon receiving the application ID from the MTA, transmits the application encryption key corresponding to the application ID, to the MTA.
  - 14. The secure device of claim 13, wherein the MTA decodes the encrypted non-MTA application using the application encryption key.
  - 15. The secure device of claim 14, wherein, when the MTA decodes the encrypted non-MTA application using the application encryption key, the MTA transfers, to the information processing terminal and the secure device, the authentication information embedded in the decoded non-MTA application.
  - 16. The secure device of claim 15, wherein the MTA embeds the authentication information in the non-MTA application.
  - 17. The secure device of claim 15, wherein the MTA receives the authentication information from the secure device.
  - 18. The secure device of claim 1, wherein the application issuer comprises:
    - an authentication information algorithm generator that, on a random basis, generates an algorithm for calculating authentication information;
      
      an authentication information method generator that converts the algorithm generated on a random basis into a command sequence that is executable on the information processing terminal, and generates an authentication information method; and
      
      an authentication information method embedder that embeds in the application the authentication information method as authentication information for authentication of the application and issues the application to the information processing terminal.
  - 19. The secure device of claim 1, wherein the application issuer comprises:
    - an information calculator that calculates information for authentication of the application, an information embedder that embeds the information for authentication of the application in the application; and
      
      a scrambler that receives the application having the information for authentication of the application embedded therein, scrambles this application to a degree that does not change execution of the application, and issues the application to the information processing terminal.
  - 20. The secure device of claim 1, wherein, upon request for start of terminal application from the user, the application issuer receives a request for issue of said application, and responsive to receipt of the request for issue reads the application from application storage, performs issue processing including embedding application authentication information generated on a random basis upon every issue of terminal application, associates issue-related information including an application identifier of the application and the authentication information and saves these in an information store on the secure device.

21. A terminal application generation apparatus that generates an application to be processed by an information processing terminal and stores the generated application in a secure device that comprises:
- a storage that stores predetermined data;
  
  an application storage that stores an application to be processed by an information processing terminal to obtain the predetermined data from the secure device, an information processing terminal obtaining the predetermined data from the secure device by executing the application at the information processing terminal, the information processing terminal not having the application for obtaining the predetermined data from the secure device;
  
  an application issuer that, upon receipt of a request from the information terminal, embeds in the application, as information for an authentication of said application, authentication information which is generated by the secure device on a random basis so as to have a varying value upon every issue of said application;
  
  an application transmitter that transmits, to said information processing terminal, said application in which said information for said authentication of said application is embedded by the secure device and having the varying value upon every issue of said application;
  
  an authenticator that, upon every issue of said application, performs with said information processing terminal an authentication process for said application executed on said information processing terminal, using said information for said authentication of said application embedded in said application, thereby obtaining a different authentication result upon every issue of said application; and
  
  a communicator that transmits to said information processing terminal said predetermined data stored in said storage, when said application executed on said information processing terminal is authenticated,the terminal application generation apparatus comprising;
  
  an embedment preparator that receives a source code of the application, prepares for an embedment of authentication information, and outputs the source code, in which the authentication information can be embedded and received, the information having the varying value upon every issue of said application, and an instruction template that comprises a prototype of an instruction specifying a method of the embedment of the authentication information;
  
  a compiler that compiles the source code, in which the authentication information can be embedded upon every issue of said application, into a bytecode that is executable on the information processing terminal, thereby obtaining a different authentication result upon every issue of said application; and
  
  an instruction generator that receives the bytecode and the instruction template and generates the instruction,wherein the bytecode and instruction are transmitted to and stored in the secure device.

22. An application authentication method between an information processing terminal connectable to a secure device and the secure device, the method comprising:
- storing at the secure device predetermined data;
  
  storing at a secure device an application to be processed by the information processing terminal to obtain the predetermined data from the secure device, the information processing terminal obtaining the predetermined data from the secure device by executing the application at the information processing terminal, the information processing terminal not having the application for obtaining the predetermined data from the secure device;
  
  upon receipt of a request from the information processing terminal embedding in the application at the secure device, as information for authentication of said application, authentication information which is generated by the secure device on a random basis so as to have a varying value upon every issue of said application;
  
  transmitting, from the secure device to the information processing terminal, the application in which the authentication information of the application is embedded by the secure device and having the varying value upon every issue of said application;
  
  performing between the secure device and the information processing terminal an authentication process, upon every issue of said application, of the application by causing the application to execute on the information processing terminal, using the authentication information of the application embedded in the application, thereby obtaining a different authentication result upon every issue of said application; and
  
  transmitting from the secure device to the information processing terminal the predetermined data stored in the storage, when the application executed on the information processing terminal is authenticated.
- View Dependent Claims (23)
- - 23. The secure device of claim 22, wherein, upon request for start of terminal application from the user, the application issuer receives a request for issue of said application, and responsive to receipt of the request for issue reads the application from application storage, performs issue processing including embedding application authentication information generated on a random basis upon every issue of terminal application, associates issue-related information including an application identifier of the application and the authentication information and saves these in an information store on the secure device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Takekawa, Hiroshi, Takayama, Hisashi, Naka, Ken
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US10/910,808
Publication Number

US 20050033983A1
Time in Patent Office

3,373 Days
Field of Search

713/159, 713/176, 713/193, 713/188, 713/190, 713/182, 713/184, 713/185, 726/4, 726/23, 726/9, 726/20, 705/74
US Class Current

713/176
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06F 21/62   Protecting access to data v...

G06F 21/77   in smart cards

G06F 21/78   to assure secure storage of...

G06F 2221/2153   Using hardware token as a s...

Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links