JP2005086239A - Information processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing apparatus for carrying out authentication using a symmetrical key technique and setting a private object key with a securer method. <P>SOLUTION: The information processing apparatus is configured such that a supply source of key information receives and stores the same key information as key information used by another information processing apparatus for encryption, encrypts transmission object information by using the stored key information, and decrypts the received encryption information. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus that communicates encrypted information.

  In recent years, many information processing apparatuses including printers and multifunction peripherals are connected to each other via a network or the like. In some of these information processing apparatuses, mutual authentication is required between the information processing apparatuses in order to cause the information processing apparatuses to perform a cooperative operation.

  For example, if there is a request from the first multifunction device side to transmit the configuration information of the multifunction device to the second multifunction device between two multifunction devices, the second multifunction device is the first multifunction device. In some cases, the first multifunction device is requested to perform authentication in order to determine whether the device is reliable.

  At that time, maintaining a list of reliable multifunction device IDs in all multifunction devices is not convenient because the list of all multifunction devices must be changed each time the multifunction device is supplied to the market.

  Therefore, for example, a method of executing according to a mutual authentication (for example, ISO / IEC9798-2) method using a common key method is conceivable.

  In the authentication method using the above-described conventional symmetric key technology, the secret key used for the encryption / decryption must be set secretly in each multifunction device. That is, for example, the administrator of the device needs to carry the secret key to a place where each device is located. However, it is generally difficult to safely deliver and distribute such a secret key to each MFP, and it is also assumed that the secret key itself is stolen during the distribution.

  The present invention has been made in view of the above circumstances, and in an information processing apparatus that performs authentication using symmetric key technology, to provide an information processing apparatus in which the secret target key is set in a safer manner, One of the purposes.

  The present invention for solving the problems of the above-described conventional example is an information processing apparatus that transmits and receives encrypted information to and from another information processing apparatus, and the other information processing apparatus uses for encryption The key information that is the same as the key information is received at the key information supplier, the storage means that stores and holds the key information, and the transmission target information is encrypted using the key information held in the storage means. Between the other means for storing the same key information, and the encryption means for decrypting and the decrypting means for decrypting the received encrypted information using the key information held in the storage means The information encrypted using the key information is transmitted and received.

  As described above, since the key information is stored in advance at the key information supply source, the secret symmetric key used for authentication can be set in each device in a secure manner.

  Here, it is also preferable that the storage unit is a storage unit that holds the key information in a state that can be read only by a predetermined method. As such storage means, there is a so-called tamper-resistant memory element or the like, and the storage means according to an aspect of the present invention can read key information held by only the encryption means and the decryption means. For example, it can be realized by using circuit elements in which circuit patterns corresponding to each of the storage unit, encryption unit, and decryption unit are mixed and the wiring itself is scrambled.

  Further, the transmission target information includes at least one of information including an identifier unique to the information processing apparatus, information for specifying an information processing function included in the information processing apparatus, and random information generated separately. One may be included.

  Further, the information processing apparatus may further include a key information setting unit that reads the key information information from a recording medium on which the key information is recorded, and stores the read key information information in the storage unit. In this case, the recording medium may further include means for authenticating the key information setting means side.

  A method for manufacturing an information processing apparatus according to an aspect of the present invention is a method for manufacturing a plurality of information processing apparatuses that transmit and receive encrypted information to each other. The supplier includes a step of fixing the key information on the circuit and a step of incorporating the circuit in which the key information is fixed into each information processing apparatus.

  Embodiments of the present invention will be described with reference to the drawings. An information processing apparatus according to an embodiment of the present invention is, for example, a multifunction machine, and as illustrated in FIG. 1, a control unit 11, a program storage unit 12, a key information storage unit 13, a communication unit 14, The scanner unit 15 includes a printer unit 16 and an external interface (I / F) 17.

  The control unit 11 operates in accordance with a program stored in the program storage unit 12 and basically performs processing for controlling the scanner unit 15 and the printer unit 16, and image data obtained by the scanner unit 15. Is output to the printer unit 16 to be printed. Further, the control unit 11 encrypts information (for example, information related to image data obtained by the scanner unit 15) to be transmitted by using the key information stored in the key information storage unit 13 to communicate with the communication unit. 14, and the information received by the communication unit 14 is decrypted using the key information stored in the key information storage unit 13. An example of processing performed by the control unit 11 will be described later.

  The program storage unit 12 includes a computer-readable recording medium that records a program executed by the control unit 11 and a drive device that reads the program from the recording medium and outputs the program to the control unit 11.

  The key information storage unit 13 is a storage unit having tamper resistance, and holds the key information in a readable state only by a predetermined method. Specifically, tamper resistance refers to reading the key information held inside for purposes other than legitimate usage purposes (in this case, for purposes other than the purpose of encryption or decryption by the control unit 11). This means that internal information is not read out in response to an “attack”.

  Such “attack” includes a method of directly investigating the circuit itself to acquire the key information recorded inside, and a variation in physical quantity caused by an electrical signal during encryption processing of the control unit 11 (for example, There are an indirect method of measuring a leakage current change and analyzing it and extracting the key information, and a method of acquiring key information by inducing a malfunction of the circuit itself.

  In order to cope with these attacks, the control unit 11, the program storage unit 12, and the key information storage unit 13 are mounted as an IC chip including a processor 21, a memory 22, and a register 23 as shown in FIG. It is good as well. In this IC chip, the circuit itself on the chip is directly visually recognized, such as using a multilayer wiring technique, including dummy wiring, or using circuit elements that mix each circuit pattern and scramble the wiring itself. However, the read mechanism and stored information itself cannot be read. The processor 21 corresponds to the control unit 11 and writes the key information to the register 23 in response to a request for writing key information from the outside. On the other hand, the processor 21 does not accept a request to read information recorded in the register 23 from the outside.

  When information to be encrypted is input from the outside, the processor 21 reads key information from the register 23, encrypts the information using the key information, and encrypts the information (encrypted information). Is output to the outside. Further, when the encryption information to be decrypted is input from the outside, the processor 21 reads the key information from the register 23, decrypts the information using the key information, and sends the decrypted information to the outside. Output.

Here, as encryption / decryption method, key information is set as Key,
(Equation 1)
f (Key, X) → Y (1)
f (Key, Y) → X (2)
A function f (a function that realizes symmetric key cryptography) such that the relationship of (1) and (2) above is not satisfied except for Key (that is, it is not symmetric except for Key). And more specifically, triple DES (Data
Encryption Standard) or an encryption method such as AES may be used.

  The memory 22 implements the program storage unit 12 and is a memory element that stores a program executed by the processor 21. The memory 22 also operates as a work memory that temporarily stores data necessary for the processor 21 to execute the program. The register 23 implements the key information storage unit 13.

  The communication unit 14 is connected to another information processing apparatus, for example, another multifunction device via a network or the like, and transmits information to the other multifunction device via the network in accordance with an instruction input from the control unit 11. In addition, information received from other multifunction devices via the network is output to the control unit 11.

  The scanner unit 15 optically reads a document set in accordance with an instruction from the user, generates image data, and outputs the image data to the control unit 11. The printer 16 forms an image on a medium such as paper based on the image data input from the control unit 11.

  The external I / F 17 is a serial or parallel interface, and outputs information input from another information processing apparatus connected via the interface to the control unit 11. The external I / F 17 may be a one-way interface (only taking in information input from the outside).

[Key information settings]
The multi-function peripheral, which is an example of the information processing apparatus according to the present embodiment, has the above-described configuration, and the key information is stored in the register 23 corresponding to the key information storage unit 13 at the key information supply source. Is done. Here, the supplier of the key information is a manufacturer or distributor of the multifunction machine as the information processing apparatus, and the key information is set as one process on the production line or one of the processes before shipment.

  Specifically, the supply source of the key information is an information processing apparatus (hereinafter referred to as a key information setting apparatus) that stores the key information, and an external I / F 17 of the multifunction peripheral that is the information processing apparatus of the present embodiment. And key information is input from the key information setting device to the MFP. This key information is transmitted to the control unit 11, and the control unit 11 stores this key information in the key information storage unit 13. Thus, in this embodiment, the key information is set at a stage before being shipped to the user side.

  In addition, in order to cope with the case where the key information is stolen at the supplier of the key information due to theft or the like, the key information storage unit 13 in the information processing apparatus of the present embodiment and a circuit portion including the key information storage unit Etc.) is preferably removable and can be exchanged when the key information is stolen. That is, also in this case, the key information is written into the key information storage unit 13 only at the key information supply source, and the key information is delivered and incorporated into each information processing apparatus in a state of being sealed in the circuit. Even the administrator and service personnel who carry the circuit do not know the key information itself, and the chance of leakage is reduced.

  Further, the multifunction machine as the information processing apparatus according to the present embodiment has a control unit 11, a program storage unit 12, a key information storage unit 13, and a configuration shown in FIG. 3 instead of the configuration shown in FIG. The communication unit 14, the scanner unit 15, the printer unit 16, and the card reader unit 18 may be provided. In addition, about the part similar to the structure shown in FIG. 1, the same code | symbol is attached | subjected and detailed description is abbreviate | omitted.

  In the configuration shown in FIG. 3, the key information is stored in an IC card as a recording medium at the supply source. Then, the card reader unit 18 reads out the key information from the IC card and outputs it to the control unit 11, and the control unit 11 stores the key information input from the card reader unit 18 in the key information storage unit 13.

  When this configuration is employed, the IC card authenticates the card reader unit 18 and the stored key information may be sent to the card reader unit 18 only when the authentication is successful. Also, the IC card itself preferably has tamper resistance. Note that the method for authenticating the card reader unit 18 side on the IC card side is already widely known for credit cards and the like, and thus detailed description thereof is omitted here.

[Manufacturing process]
Next, a method for manufacturing the information processing apparatus according to the present embodiment will be described. The key information supply source issues key information in advance, and keeps it secretly (not disclosed to the outside). Then, the issued key information is written in the IC chip on which the control unit 11, the program storage unit 12, and the key information storage unit 13 are mounted.

  On the manufacturer side of the information processing apparatus according to the present embodiment, a circuit portion including the communication unit 14, the scanner unit 15, the printer unit 16, and the external interface (I / F) 17 (or the card reader unit 18) is manufactured. Then, an information processing device is manufactured by connecting an IC chip manufactured by a key information supplier to this circuit portion.

  In another manufacturing method, the manufacturer of the information processing apparatus according to the present embodiment manufactures an IC chip on which the control unit 11, the program storage unit 12, and the key information storage unit 13 are mounted. The circuit part including the part 15, the printer part 16, and the external interface (I / F) 17 (or the card reader part 18) is manufactured, and the IC chip manufactured by the key information supplier is connected to the circuit part. Thus, the information processing apparatus is manufactured.

  Then, the manufactured information processing apparatus is delivered to the key information supply source, and is issued in advance to the key information storage unit 13 in the IC chip via the external I / F 17 or the card reader unit 18 at the key information supply source. Stores secret key information.

  Note that the manufacturer of the information processing apparatus and the key information supply source may be the same, or the key information supply source may be another organization (for example, a store side).

  In the above description, the key information storage unit 13 including the same key information is set in all the information processing apparatuses manufactured on the manufacturer side. It is also possible to issue unique key information in association with the specified information, and set unique key information issued in relation to the customer side in response to a request from the customer side.

[Exchange authentication information]
Next, the operation of the information processing apparatus according to the present embodiment will be described using the multifunction device described so far as an example. Here, on the user side, a pair of multifunction peripherals (hereinafter referred to as a first multifunction peripheral and a second multifunction peripheral for distinction) that are information processing apparatuses according to the present embodiment are connected via a network. The common authentication information (for example, passcode) is set for each, and the authentication is performed using the symmetric key encryption using the key information (symmetric key information) set for each MFP. An example will be described.

  The user sets each multifunction device so that the image data read using the scanner unit 15 of the first multifunction device is transmitted to the second multifunction device for printing, and the scanner unit of the first multifunction device. 15, the control unit 11 of the first multifunction device reads the key information from the key information storage unit 13, and encrypts the passcode set by the user with the read key information. Information is generated and output to the communication unit 14. The communication unit 14 of the first multifunction device sends the input encrypted information to the second multifunction device.

  The communication unit 14 of the second multifunction device receives the encryption information from the first multifunction device and outputs it to the control unit 11. The control unit 11 of the second multifunction device reads the key information from the key information storage unit 13, and decrypts the encrypted information received from the first multifunction device side with the read key information. Then, it is checked whether or not the decryption result and the passcode set by the user match. If they match, information indicating that the authentication is completed is sent to the first MFP.

  Then, the first multifunction device sends image data obtained by reading by the scanner unit 15 to the second multifunction device, and the second multifunction device receives the image data and prints it by the printer unit 16.

  Further, here, the operation in the case where the information processing apparatuses according to the present embodiment authenticate each other using authentication information such as a passcode has been described, but instead of or in addition to such information set by the user. At the same time, an identifier (manufacturing number or the like) uniquely set for each information processing apparatus may be sent in place of the passcode for authentication.

  Specifically, in this case, as shown in FIG. 4, the control unit 11 of the first MFP reads the key information from the key information storage unit 13 (S1), and encrypts the identifier using the read key information. To generate encryption information (S2). Also, based on the identifier information, it generates predetermined information obtained by a predetermined calculation other than the above encryption (for example, information obtained by a one-way function calculation such as an identifier checksum or a hash value such as MD5). (S3) The communication unit 14 is caused to send the encrypted information and the predetermined information to the second multifunction device (S4).

  The communication unit 14 of the second multifunction device receives the encrypted information and the predetermined information from the first multifunction device and outputs them to the control unit 11. The control unit 11 of the second multifunction device reads the key information from the key information storage unit 13 (S5), and decrypts the encrypted information received from the first multifunction device with the read key information (S6). . Then, the predetermined calculation is performed based on the decoding result to generate predetermined information for comparison (S7), and the predetermined information for comparison is compared with the predetermined information received from the first MFP. (S8) If they match, an instruction is output to the communication unit 14, and information indicating that the authentication is successful is sent to the first multifunction device (S9). If they do not match, processing such as generating an error and notifying the user may be performed (S10).

  In addition, although an identifier is used here, function specifying information that specifies an information processing function of the information processing apparatus may be used instead of or in combination with this identifier. This function specifying information may specify, for example, an input / output function that the information processing apparatus has, such as having a scanner unit and a printer unit, and the performance of the printer unit 17. It may represent the performance of each function, such as information related to A4 / B4, color output possible, speed 25 sheets / minute, and the like. In addition, the function specifying information may further include information on the properties of data that the user intends to transmit (in this example, for example, the size of the image data to be transmitted and the color used). .

  When the function specifying information is used in this way, the encrypted information received from the first multifunction device is decrypted to obtain the function specifying information, etc., and the predetermined information for comparison and the predetermined information generated based on them are matched. In this case, the second multifunction device may further determine whether to accept information from the first multifunction device based on the function specifying information. For example, in the case where the printer unit 17 possessed by the printer is compatible with black and white, if the counterpart scanner unit 16 specified by the function specifying information can read a color document, the image read by the scanner unit 16 is used. Processing such as rejection of data reception may be performed.

  Further, authentication may be performed using random information instead of the identifier or function specifying information or together with at least one of them. That is, each information processing device generates random information such as a random number, generates encrypted information obtained by encrypting the random information, and predetermined information based on the random information, and transmits the information to the other party. The encrypted information and the predetermined information are received on the side, the encrypted information is decrypted, the comparison predetermined information generated based on the decrypted information is compared with the received predetermined information, and the result is Authentication is performed.

[Two-way information exchange]
Note that the information indicating that the authentication was successful, which is transmitted from the second multifunction device to the first multifunction device, may also be information for authentication. That is, when authentication of the first multifunction device is successful on the second multifunction device side, at least the identifier set in the second multifunction device, the function specifying information, and the random information generated by the second multifunction device The control unit 11 of the second multifunction device reads the key information from the key information storage unit 13 and encrypts the authentication related information with the read key information. On the other hand, based on the authentication related information, predetermined information obtained by a predetermined calculation other than the encryption is generated, and the encrypted information and the predetermined information are sent to the first multifunction device.

  The first multifunction device receives the encrypted information and the predetermined information from the second multifunction device, reads the key information from the key information storage unit 13, and receives the read key information from the second multifunction device side. The encrypted information is decrypted, the predetermined calculation is performed based on the decrypted result, and the predetermined information for comparison is generated. The predetermined information for comparison and the predetermined information received from the second multifunction device If they match, it may be determined that the authentication has succeeded and data (for example, the image data) designated by the user is transmitted to the second multifunction device.

  In addition, when transmitting image data from the first multifunction device to the second multifunction device, the first multifunction device preliminarily stores the second multifunction device (data transmission destination, that is, a destination for authentication). A signal requesting authentication-related information to the other device), issuing authentication-related information (for example, random information) in the second multifunction device, and transmitting it to the first multifunction device as it is, The first multifunction device reads the key information from the key information storage unit 13, encrypts the acquired authentication related information with the read key information, generates encrypted information, and stores the encrypted information in the second You may make it send to the multifunction machine.

  In this case, the second multifunction device stores the authentication-related information issued in advance, and decrypts the encrypted information received from the first multifunction device side with the key information read from the key information storage unit 13. If the decryption result is compared with the stored authentication-related information and they match, it is assumed that the authentication is successful.

  As described above, according to the information processing apparatus according to the present embodiment, in the information processing apparatus that performs authentication using the symmetric key technology, the key information is stored in advance at the key information supply source, and thus is used for authentication. The secret symmetric key can be set in each device by a secure method, and the information processing device in which the secret target key is set by a more secure method can be obtained.

  Here, for the sake of explanation, the information processing apparatus according to the present embodiment has been described as being a multifunction peripheral, but the information processing apparatus according to the present embodiment is not limited to this. For example, any device connected to a personal computer, a printer, or other network and communicating with each other may be used. Further, for example, the network interface itself may be used. That is, when communication is performed between personal computers connected to a network interface as the information processing apparatus according to the present embodiment, prior to the communication, the symmetric key stored in the key information storage unit 13 included in the network interface. If the mutual authentication is performed using the encryption information generated by using and the communication is started only when the authentication is successful, a network with improved security can be easily constructed.

  Furthermore, the information processing apparatus according to the present embodiment may be a partial product such as a part of a personal computer instead of a completed product.

It is a block diagram showing an example of an information processing apparatus according to an embodiment of the present invention. It is a block diagram showing an example of a circuit portion having tamper resistance. It is a structure block diagram showing another example of the information processing apparatus which concerns on embodiment of this invention. It is a flowchart showing the example of the authentication process between the information processing apparatuses which concern on embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 Control part, 12 Program storage part, 13 Key information storage part, 14 Communication part, 15 Scanner part, 16 Printer part, 17 External interface, 18 Card reader part, 21 Processor, 22 Memory, 23 Register

Claims (7)

An information processing device that sends and receives encrypted information to and from other information processing devices,
Storage means for receiving the same key information as the key information used for encryption by the other information processing apparatus at the source of the key information, and storing and holding the key information;
Encryption means for encrypting transmission target information using the key information held in the storage means;
Decryption means for decrypting the encrypted information received using the key information held in the storage means;
Comprising
An information processing apparatus that transmits / receives information encrypted using the key information to / from another apparatus that holds the same key information. The information processing apparatus according to claim 1,
The information processing apparatus according to claim 1, wherein the storage unit is a storage unit that holds the key information in a readable state only by a predetermined method. The information processing apparatus according to claim 1 or 2,
The information processing apparatus characterized in that the transmission target information includes information including an identifier unique to the information processing apparatus. The information processing apparatus according to any one of claims 1 to 3,
The information to be transmitted includes information for specifying an information processing function included in the information processing apparatus. In the information processing apparatus according to any one of claims 1 to 4,
Further comprising means for generating random information;
The information processing apparatus, wherein the transmission target information includes the generated random information. In the information processing apparatus according to any one of claims 1 to 5,
An information processing apparatus, further comprising: a key information setting unit that reads the key information information from a recording medium on which the key information is recorded, and stores the read key information information in the storage unit. A method of manufacturing a plurality of information processing apparatuses that mutually transmit and receive encrypted information,
A step of fixing the key information on a circuit at a source of the key information used for the encryption;
Incorporating a circuit in which the key information is fixed into each information processing apparatus;
A method for manufacturing an information processing apparatus, comprising:

Images