JP2019047429A - Information processing apparatus, information processing method, server, and computer program - Google Patents

Abstract

To properly control equipment using a certificate which is based on whether another piece of equipment is present near the equipment.SOLUTION: An information processing apparatus according to the present invention for generating a certificate includes: determination means determining whether a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus; transmission means transmitting an identifier indicating that the second information processing apparatus is present nearby to a server generating the certificate; and receiving means receiving the certificate generated by the server.SELECTED DRAWING: Figure 2

Description

  The present invention relates to an information processing apparatus, an information processing method, a server, and a computer program for generating a certificate.

  By using an electronic certificate (hereinafter referred to as a certificate) issued by a credible third party organization called a certificate authority in the authentication of a communication partner connected via the Internet, the identification of the communication partner and the prevention of spoofing Can. A certificate consists of information that indicates the owner's identity, the owner's public key, and the signature of a certification authority. The public key is a key defined by a method called a public key cryptosystem, which uses a secret key (secret key) and a corresponding public key (public key). A signature is data resulting from applying a public key cryptosystem using a secret key to all or part of data. Signature verification is performed by the public key which is a pair of private keys.

  The procedure for the certificate authority to issue a certificate is as follows. First, the certificate owner generates a public key / private key. It then sends a certificate request containing the generated public key to the certificate authority. The certificate request consists of information indicating the owner's identity and the owner's public key and the owner's signature. The certificate authority examines the received certificate request. If there is no problem, generate a certificate and send it to the owner. Patent Document 1 discloses a method of controlling a device by the certificate. In Patent Document 1, when the second authentication device is in proximity to the first device, the certificate of the first device is validated. When the second authentication device is not in proximity, the certificate of the first device is invalidated. This makes it possible to control whether or not the first device can be operated depending on whether or not the second authentication device is in proximity.

JP, 2015-88804, A

  However, the prior art is a method of controlling whether or not the first device can be operated by a certificate depending on whether or not the second authentication device is in proximity. That is, when the second authentication device is in proximity to the first device, the operation of the first device can be performed also from the third device not in proximity to the first device. That is, there is no disclosure of a method of controlling whether or not the devices can be operated by a certificate depending on whether the devices are close to each other.

  The present invention has been made in view of the above problems, and has as its object to appropriately control devices with a certificate based on whether or not the devices are close to each other.

In order to solve the above problems, the present invention is an information processing apparatus for generating a certificate,
Determination means for determining whether or not a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus, and the second information processing apparatus exists nearby Transmitting means for transmitting an identifier indicating that the certificate is generated to the server that generates the certificate;
And receiving means for receiving the certificate generated by the server.

  According to the present invention, it is possible to properly control devices with a certificate based on whether or not the devices are close to each other.

It is a figure explaining system composition of a client and a server. It is a figure explaining the hardware constitutions of a client. It is a figure explaining the hardware constitutions of a server. It is a figure explaining the composition of a client. FIG. 2 is a diagram for explaining the configuration of a server according to the first embodiment. FIG. 7 is a diagram for explaining proximity confirmation and certificate setting processing of the first embodiment. FIG. 6 is a diagram for explaining an authentication process of the first embodiment. FIG. 7 is a diagram for explaining proximity confirmation and certificate setting processing of the first embodiment. It is a figure explaining the composition of the server of Embodiment 2. FIG. FIG. 14 is a diagram for explaining proximity confirmation and certificate setting processing of the second embodiment.

(Embodiment 1)
<System configuration of client and server>
First, a system configuration of a client and a server applicable to the present embodiment will be described with reference to FIG.

  FIG. 1 is a diagram showing a basic configuration of an information processing system that functions as a client and a server according to the present embodiment. In the figure, the client 11 and the server 12 are, for example, commonly used personal computers. However, the present invention is not limited to this, and may be an MFP (Multi Function Printer) or a network camera. As shown in FIG. 1, the client 11 and the server 12 are connected via the network 13. When the client 11 requests another client 11 to perform processing, the processing is performed via the server 12.

<Hardware configuration of client>
Next, the hardware configuration of the client 11 applicable to the present embodiment will be described using FIG.

  As shown in FIG. 2, the client 11 in the present embodiment includes a CPU 111, a memory 112, a sensor 113, an NIC 114, and an I / F 115. Also, each is connected by a bus 116.

  Reference numeral 111 denotes a CPU capable of controlling the operation of each unit in the client 11 or executing a program loaded into the memory 112.

  A step 112 stores a BIOS, a boot program, and a program, data to be processed, or a cache temporarily for processing by the CPU 111. Here, a computer program for the CPU 111 to perform various processes described later is loaded.

  Reference numeral 113 denotes a GPS receiver which receives positioning data from a GPS (Global Positioning System) satellite to obtain, for example, position information of the client 11. The electronic circuit is an electronic circuit such as an acceleration sensor, a distance sensor, a temperature sensor, and an illuminance sensor that acquires physical quantities around the client 11 and converts it into digital data by A / D conversion.

  Reference numeral 114 denotes a network interface card (NIC) for connecting the client 11 to a network such as the Internet. The client 11 transmits various data to the network via the NIC 114, and receives various data from the network. For the NIC 114, for example, 100BASE-TX for wired communication and IEEE 802.11b, 802.11g, 802.11n, and 802.11ac for wireless communication are used. Alternatively, a communication device for transmitting and receiving data in a short distance such as Bluetooth (registered trademark) or NFC may be provided. When the NIC 114 has wireless communication, the position information of the client 11 can be obtained based on the position information of the connected access point and the radio wave intensity.

  Reference numeral 115 denotes an I / F for connecting another device to the client 11. Various instructions input from an input device such as a keyboard via the I / F 115 are input to the CPU 111. Alternatively, the processing result by the CPU 111 is displayed on an output device such as a monitor via the I / F 115.

  Although not shown in FIG. 2, the client 11 may include a non-volatile storage such as an HDD, and a user interface such as a keyboard, a mouse, a numeric keypad, a touch panel, and the like.

  The hardware configuration of the client 11 applicable to the present embodiment has been described above.

<Hardware configuration of server>
Next, the hardware configuration of the server 12 applicable to the present embodiment will be described using FIG.

  As shown in FIG. 3, the server 12 in the present embodiment includes a CPU 111, a memory 112, a NIC 114, an I / F 115, a monitor 121, an HD 122, a CD 123, a DVD 124, an external memory 125, a mouse 126, and a keyboard 127. Also, each is connected by a bus 116. The configurations of the CPU 111, the memory 112, the NIC 114, the I / F 115, and the bus 116 are the same as those of the client 11, and thus the description thereof will be omitted.

  Reference numeral 121 denotes a monitor capable of displaying various information from the server 12.

  Reference numeral 122 denotes a hard disk (HD) used to store the OS, programs, cache, data transferred to the memory 112 or the like, and to store or read data while the apparatus is in operation.

  Reference numeral 123 denotes a CD-ROM drive capable of reading or writing a data program stored in a CD-ROM (CD-R) which is one of external storage media.

  A reference numeral 124 denotes a DVD-ROM (DVD-RAM) drive that can read from a DVD-ROM and write to a DVD-RAM as well as a CD-ROM drive. Similarly to the CD-ROM drive 125, an external memory slot 125 can read and write from the external memory.

  If a program for certificate setting processing is stored in a CD-ROM, a DVD-ROM, an external memory, etc., these programs are installed in the HD 122 and transferred to the memory 112 as needed. It has become.

  The hardware configuration of the server 12 applicable to the present embodiment has been described above.

<Configuration of Client 11>
Next, the configuration of the client 11 applicable to the present embodiment will be described using FIG.

  FIG. 4 is a diagram showing the configuration of the client 11 according to the present embodiment and the relationship with its peripheral devices.

  The acquisition unit 41 acquires the position information of the client A using the sensor 113 or the NIC 114. Alternatively, physical quantities such as acceleration, distance, temperature, and illuminance may be acquired, and digital data may be acquired by A / D conversion.

  The transmission unit 42 transmits a processing request to the client B via the server 12. Alternatively, the sensor information is transmitted to the server 12. The transmission timing is periodically transmitted. Alternatively, any method such as sequential transmission according to the amount of change in sensor information may be used.

  The receiving unit 43 receives a response from the server 12. The processing result according to the processing request of the transmission unit 42 is received. Alternatively, sensor information of the client B is received from the server 12.

  The determination unit 44 determines whether or not the client B exists in a predetermined range from the position of the client A (whether it is in proximity). The processing content of the determination unit 44 will be described in proximity check and certificate setting processing described later.

  The certificate identifier generation unit 45 generates a certificate identifier according to the processing result of the determination unit 44. A certificate identifier is a standard format of a certificate, X.2. Common Name (CN) and SubjectAltName (SAN) specified in 509. The CN and the SAN can uniquely identify the holder of the certificate. The certificate identifier generation unit 45 generates a certificate identifier including information indicating that the client A and the client B are in proximity. The processing content of the certificate identifier generation unit 45 will be described in proximity check and certificate setting processing described later.

  The certificate request generation unit 46 generates a certificate request for requesting the server 12 for the certificate of the client A. The certificate request uses the format defined in the PKCS # 10 standard. The certificate request includes the client A owner information including the certificate identifier, and the client A public key. In addition, it includes a digital signature that is signed with the entire certificate request using Client A's private key. The server 12 verifies that the certificate request is a request from the client A by verifying the electronic signature using the public key of the client A included in the certificate request.

  The certificate acquisition unit 47 acquires the certificate of the client A from the server 12. The acquired certificate is stored in the storage unit 411.

  The display unit 48 displays the determination result of the determination unit 44 and the fact that certificate setting has been performed on the client A by the certificate acquisition unit 47 through the monitor connected via the I / F 115. Alternatively, the client 11 may have a monitor.

  The processing unit 49 executes processing in accordance with the processing request received from the server 12.

  The communication unit 410 communicates with the server 12 through the NIC 114. Or communicate with the nearby client B.

  The storage unit 411 stores the secret key, the public key, and the certificate in the memory 112. The secret key and the public key may be stored in advance in the memory 112 of the client 11. Alternatively, it may be dynamically generated in the client 11 using the CPU 111 prior to proximity confirmation and certificate setting processing described later.

  The configuration of the client 11 applicable to the present embodiment has been described above.

<Configuration of Server 12>
Next, the configuration of the server 12 applicable to the present embodiment will be described using FIG. The configurations of the transmission unit 42, the determination unit 44, the communication unit 410, and the storage unit 411 are the same as those of the client 11, and thus the description thereof will be omitted.

  FIG. 5 is a diagram showing the configuration of the server 12 according to the present embodiment and the relationship with its peripheral devices.

  The certificate request unit 51 requests the client 11 for a certificate. For example, the client 11 and the server 12 are connected using SSL / TLS which is a standard of encryption communication protocol. The certificate request unit 51 requests the client 11 for a certificate by SSL / TLS client authentication.

  The verification unit 52 verifies the certificate of the client 11 acquired by the certificate request unit 51. The root certificate of the certificate authority trusted by the server 12 is extracted from the storage unit 411. The signature included in the certificate of the client 11 is verified using the public key of the certificate authority included in the root certificate. The certificate authority may be the server 12.

  The certificate identifier acquisition unit 53 acquires a certificate identifier included in the certificate of the client 11.

  The notification unit 54 notifies the client 11 of the verification result of the verification unit 52 and the determination result of the determination unit 44. For example, using SSL / TLS which is a standard of encryption communication protocol, the determination result is notified to the client 11 as an error of SSL / TLS. Alternatively, the transmitting unit 42 is used to notify the client 11 of the determination result.

  The configuration of the server 12 applicable to the present embodiment has been described above.

<Proximity check and certificate setting process>
Next, proximity confirmation and certificate setting processing applicable to the present embodiment will be described using FIG.

  FIG. 6 is a diagram for explaining the flow of proximity confirmation and certificate setting processing in the present embodiment. The following flow is executed in the client 11 and the server 12 described above, and each step is realized by the corresponding program and the CPU 111 that executes the program.

  In step 61, the client A acquires the position information of the client A using the acquisition unit 41.

  In step 62, the client A uses the transmitting unit 42 to request the client B for position information. The processing request is sent to the server 12.

  In step 63, the server 12 sends the processing request of step 62 to the client B.

  In step 64, the client B transmits the position information to the client A using the transmitting unit 42. The position information is sent to the server 12.

  In step 65, the server 12 sends the position information of step 64 to the client A.

  In step 66, the client A receives the position information of the client B in the receiver 43.

  In step 67, the client A uses the determination unit 44 to determine whether the client A and the client B are in proximity. For example, when the position information is composed of latitude and longitude, the distance between the two points is calculated from the latitude and longitude of the two points using the Heubeni formula. If the distance falls within the predetermined distance of the client A, it is determined that the client A and the client B are close to each other. If it is determined that they are close, the process proceeds to step 69. If it is determined that they are not close, the process proceeds to step 615.

  In step 68, the client A uses the certificate identifier generation unit 45 to generate a certificate identifier. For example, CN = “Client A and Client B are close to each other”. In this case, the certificate of the client A serves as a proximity certificate indicating that the client A and the client B are in proximity. CN = “client A”, SAN = “client A and client B are close to each other”. In this case, in addition to the proximity certificate, the certificate of the client A indicates that the certificate owner is "client A". In addition, the CN or SAN may include the values of the location information of the client A and the client B. As a result, it is possible to determine whether the client A and the client B are close to each other by using the position information acquired by the server 12 from the certificate identifier. If you want to include more than one piece of information in the SAN, X. Set using the comma separator specified in 509.

  In step 69, the client A uses the certificate request generation unit 46 to generate a certificate request. The certificate identifier generated in step 68 is included in the certificate request.

  In step 610, the client A sends the certificate request of step 69 to the server 12.

  In step 611, the server 12 generates a certificate of the client A corresponding to the certificate request of step 610.

  In step 612, the server 12 sends the certificate generated in step 611 to the client A.

  In step 613, the client A uses the certificate acquisition unit 47 to receive the certificate of the client A.

  In step 614, the client A sets a certificate in the storage unit 411.

  In step 615, the client A uses the display unit 48 to display an error. For example, the message "Please bring client A and client B close" is displayed to urge the user to come close. Alternatively, the value of the distance by which the client A determines to be in proximity may be displayed.

  In step 616, it is determined whether the client A restarts the proximity confirmation process. If the proximity confirmation process is to be performed again, the process returns to step 61. Otherwise, end the process. As a determination method, an arbitrary determination method may be used, such as repeating the process a predetermined number of times or repeating the process for a predetermined time.

  The flow of proximity confirmation and certificate setting processing in the present embodiment has been described above.

  According to the present embodiment, the client A and the client B are in proximity by confirming that the client A is in proximity to the client B and requesting a certificate including the result in the certificate identifier. Can be set to the client A.

<Authentication process>
Next, an authentication process applicable to the present embodiment will be described with reference to FIG.

  FIG. 7 is a diagram for explaining the flow of the authentication process in the present embodiment. The following flow is executed in the client 11 and the server 12 described above, and each step is realized by the corresponding program and the CPU 111 that executes the program.

In step 71, the client A requests the client B to perform processing using the processing unit 49.
In step 72, the server 12 uses the certificate request unit 51 to request a certificate from the client A.
In step 73, the client A transmits a certificate to the server 12 using the transmission unit 42.
In step 74, the server 12 verifies the certificate of the client A using the verification unit 52. If the certificate verification is successful, the process proceeds to step 75. Otherwise, proceed to step 78.
In step 75, the server 12 uses the certificate identifier acquisition unit 53 to acquire the certificate identifier included in the certificate of the client A. Similarly, the processing from step 72 to step 75 is also performed on the client B.

  In step 76, the server 12 uses the determination unit 44 to determine whether the CN included in the certificate identifiers of the client A and the client B and the client A and the client B are close to each other from the SAN. For example, when the certificate identifier of the client A is “Client A and client B are close to each other”, if the certificate identifier of the client B is “Client B”, it is determined that they are close. Alternatively, if location information is included in the certificate identifier, the server 12 may determine whether the client A and the client B are close in the same manner as in the step 67. If it is determined that they are in contact with each other, the process proceeds to step 77. If it is determined that they are not in proximity to each other, the process proceeds to step 79.

In step 77, the server 12 uses the transmission unit 42 to notify the client B of the processing request of the client A.
In step 78, the client B executes processing corresponding to the processing request from the server 12 using the processing unit 49.
In step 79, the server 12 uses the notification unit 54 to notify the client A and the client B of an authentication error. Alternatively, as in step 615, it may be notified that the client A and the client B are not in proximity.

  The flow of the authentication process in the present embodiment has been described above.

  According to the present embodiment, whether or not the client B can operate can be controlled by the certificate depending on whether the client A and the client B are close to each other.

  According to the embodiment described above, an example has been described in which the client A inquires the server 12 of the position information of the client B and determines whether the acquired position information and the position information of the client A are close to each other. However, the present invention is not limited to this, and the client A may send pairing information to the client B via the server 12. Then, the proximity check is performed by confirming whether the client A can connect to the client A using the pairing information received by the client B.

  FIG. 8 is a diagram for explaining proximity confirmation and certificate setting processing. The following flow is executed in the client 11 and the server 12 described above, and each step is realized by the corresponding program and the CPU 111 that executes the program. The processing from step 68 to step 616 is the same as that of FIG.

  In step 81, the client A acquires the pairing information of the client A using the acquisition unit 41. The pairing information is, for example, a connection name and a PIN code in Bluetooth. Alternatively, it is an ESSID (Extended Service Set Identifier) in the wireless LAN and an authentication password.

  In step 82, the client A transmits the pairing information to the client B using the transmission unit 42. The pairing information is sent to the server 12.

  In step 83, the server 12 sends the pairing information of step 82 to the client B.

  In step 84, the client B transmits a connection request to the client A using the transmitter. At this time, the pairing information received in step 83 is used for connection with the client A.

  In step 85, it is determined whether the client A has received a connection request from the client B using the determination unit 44. If the connection can be established, it is determined that the connection is close, and the process proceeds to step 69, otherwise proceeds to step 615.

  According to the example described above, it is confirmed that the client A is in proximity to the client B using near field communication, and a certificate including the result in the certificate identifier is requested. As a result, it is possible to set in the client A a certificate indicating that the client A and the client B are close to each other.

  According to the embodiment described above, in the proximity check of the client A and the client B, an example in which it is determined whether the proximity is based on the position information and the connection check by pairing has been described. However, the present invention is not limited to this, and the displacement of the physical quantity acquired by the sensor 113 may confirm that the client A is in proximity to the client B. That is, as a result of the client B executing the processing request of the step 62, if the sensor 113 of the client A can measure the change of the physical quantity, it may be determined that they are in proximity. For example, the processing for moving the client A is executed by the client B, and the determination is made based on the change in acceleration. Alternatively, the client B is caused to execute a process of darkening the indoor light, and the determination is made based on the change in illuminance. Thus, it is possible to confirm that the client A is in proximity to the client B by the displacement of the physical quantity acquired by the sensor 113.

Second Embodiment
According to the embodiment described above, it is confirmed that the client A is in proximity to the client B, and the certificate indicating the proximity is obtained by requesting a certificate including the result in the certificate identifier. Has been described as an example of setting client A. However, the present invention is not limited to this, and the server 12 may be configured to confirm that the clients A and B are close and to generate a certificate including the result in the certificate identifier.

<Configuration of Server 12>
Next, the configuration of the server 12 applicable to the present embodiment will be described using FIG. The transmission unit 42, the reception unit 43, the determination unit 44, the certificate identifier generation unit 45, the communication unit 410, the storage unit 411, the certificate request unit 51, the verification unit 52, the certificate identifier acquisition unit 53, and the notification unit 54. Since the configuration is the same as that of the server 12, the description will be omitted.

  FIG. 9 is a diagram showing the configuration of the server 12 according to the present embodiment and the relationship with its peripheral devices.

  The certificate generation unit 91 generates a certificate of the client 11. The certificate includes the certificate identifier of the client 11 generated by the certificate identifier generation unit 45 and the public key of the client 11. In addition, it includes an electronic signature in which the entire certificate is signed using the server 12 private key.

  The configuration of the server 12 applicable to the present embodiment has been described above.

<Proximity check and certificate setting process>
Next, proximity confirmation and certificate setting processing applicable to the present embodiment will be described using FIG.

FIG. 10 is a diagram for explaining the flow of proximity confirmation and certificate setting processing in the present embodiment. The following flow is executed in the client 11 and the server 12 described above, and each step is realized by the corresponding program and the CPU 111 that executes the program.
Steps 69 and 610 and steps 613 and 614 are the same as in FIG.

  In step 101, the server 12 requests the client A and the client B for location information using the transmitter. Processing requests are sent to client A and client B.

  In step 102, the client A and the client B transmit the position information to the server 12 using the transmitting unit 42.

  In step 103, the server 12 receives the position information of the client A and the client B in the receiving unit 43.

  In step 104, the server 12 uses the determination unit 44 to determine whether the client A and the client B are in proximity. The determination method is, for example, the same method as step 67 described above. If it is determined that they are close, the process proceeds to step 105. If it is determined that they are not close, the process proceeds to step.

  In step 105, the server 12 generates a certificate identifier using the certificate identifier generation unit 45. The certificate identifier to be generated is, for example, the same as in step 68 above.

  In step 106, the server 12 uses the certificate generation unit 91 to generate a certificate of the client A corresponding to the certificate request in step 69. The certificate identifier included in the certificate is the certificate identifier of the certificate request plus the certificate identifier generated in step 105. For example, in the same manner as in step 68, set the certificate identifier to CN and SAN.

  In step 107, the server 12 sends the certificate generated in step 106 to the client A.

  In step 108, the server 12 uses the notification unit 54 to notify the client A of an error. The contents of the error are the same as in step 615 above.

  According to the embodiment described above, it is possible for the server 12 to confirm that the devices are close to each other, and to generate a certificate in which the result is included in the certificate identifier.

  According to the embodiment described above, an example in which the server 12 determines that the client A and the client B are close to each other based on the position information has been described. However, the present invention is not limited to this, and the server 12 may send pairing information to the client A and the client B. Then, whether or not connection is possible using the pairing information received by the client A and the client B is confirmed, and the server 12 performs proximity confirmation by notifying the server 12 of the confirmation result. As an example, in step 101, the same pairing information as in step 82 is sent to client A and client B. Then, in step 102, the client A and client B confirm whether they can connect using the received pairing information and notify the server 12 of the confirmation result. In the step 104, if the confirmation result in the step 102 is a pairing success, it is determined that the client A and the client B are close to each other. As a result, it becomes possible for the server 12 to determine from the pairing result that the client A and the client B are close.

  According to the embodiment described above, it is not determined whether the client 11 and the server 12 perform proximity check. However, the present invention is not limited to this, and it may be determined whether the client 11 or the server 12 performs proximity check. For example, according to the content of the processing request sent in the step 71, it is determined whether the client 11 or the server 12 performs proximity confirmation. For example, it may be determined in advance whether or not proximity check is to be performed for each processing request, and may be used in the determination. As a result of the determination, if there is no corresponding certificate despite the necessity of proximity confirmation, the proximity confirmation and certificate setting process may be executed triggered by that.

(Other embodiments)
The present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or storage medium, and one or more processors in a computer of the system or apparatus read and execute the program. Can also be realized. It can also be implemented by a circuit (eg, an ASIC) that implements one or more functions.

Claims (9)

An information processing apparatus for generating a certificate,
A determination unit that determines whether a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus;
Transmitting means for transmitting an identifier indicating that the second information processing apparatus is present nearby to the server generating the certificate;
An information processing apparatus comprising: receiving means for receiving a certificate generated by the server. It further has a sensor for acquiring position information of the information processing apparatus,
The determination unit determines whether or not a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus based on the acquired position information. The information processing apparatus according to claim 1, characterized in that   When it is determined that the second information processing apparatus different from the information processing apparatus does not exist in a predetermined range from the position of the information processing apparatus, the information processing apparatus and the second information processing The information processing apparatus according to any one of claims 1 and 2, further comprising display means for making a display prompting access to the apparatus.   4. The information processing apparatus according to claim 1, wherein the transmitting unit transmits, to the server, information requesting the generation of the certificate, together with an identifier indicating that the second information processing apparatus is present nearby. The information processing apparatus according to any one of the above.   4. The apparatus according to any one of claims 1 to 3, wherein the transmitting unit transmits an identifier indicating that the second information processing apparatus is present nearby, to the server based on a request from the server. An information processing apparatus according to any one of the preceding items.   The determination unit is configured to set the second information processing device to a predetermined range from the position of the information processing device based on whether or not the information processing device and the second information processing device can communicate by near field communication. The information processing apparatus according to claim 1, wherein it is determined whether an information processing apparatus exists. An information processing method for generating a certificate;
A determination step of determining whether or not a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus performing the information processing method;
A transmitting step of transmitting, to a server that generates the certificate, an identifier indicating that the second information processing apparatus is present nearby;
An information processing apparatus comprising: receiving means for receiving a certificate generated by the server. Computer,
An information processing apparatus for generating a certificate,
A determination unit that determines whether a second information processing apparatus different from the information processing apparatus is present in a predetermined range from the position of the information processing apparatus;
Transmitting means for transmitting an identifier indicating that the second information processing apparatus is present nearby to the server generating the certificate;
A computer program for causing a server to function as an information processing apparatus, comprising: receiving means for receiving a certificate generated by the server. A server for generating certificates,
A receiving unit that receives, from the information processing apparatus, an identifier indicating that a second information processing apparatus different from the information processing apparatus is present near the information processing apparatus;
A server configured to transmit the certificate of the information processing apparatus generated using the identifier to the information processing apparatus.

Images