throbber
(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2009/0217047 A1
`AKASHIKA et al.
`(43) Pub. Date:
`Aug. 27, 2009
`
`US 20090217047A1
`
`(54) SERVICE PROVIDING SYSTEM, SERVICE
`PROVIDING SERVER AND INFORMATION
`TERMINAL DEVICE
`
`(76) Inventors:
`
`Hideki AKASHIKA, Tokyo (JP);
`Takeshi Takeuchi, Tokyo (JP):
`Shuichi Sekiya, Saimata (JP)
`
`Correspondence Address:
`FINNEGAN, HENDERSON, FARABOW, GAR
`RETT & DUNNER
`LLP
`901 NEW YORKAVENUE, NW
`WASHINGTON, DC 20001-4413 (US)
`
`(21) Appl. No.:
`
`12/273,205
`
`(22) Filed:
`
`Nov. 18, 2008
`
`(30)
`
`Foreign Application Priority Data
`
`Nov. 27, 2007 (JP) ................................. 2007-305837
`Publication Classification
`
`T13/175
`
`(2006.01)
`
`(51) Int. Cl.
`H04L 9/32
`(52) U.S. Cl
`ABSTRACT
`(57)
`A service providing system is provided, which includes a
`client device capable of accessing a tamper-resistant secure
`memory, an area management server managing memory area
`of the secure memory and a service providing server provid
`ing service that uses the secure memory to the client device,
`and which improves the security at the time of sending an
`access control list provided by the area management server
`and an instruction set provided by the service providing
`server to the client device by using a digital signature and a
`certificate.
`
`000
`
`300
`
`200
`
`OO
`
`CERTIFICATE
`AUTHORITY SERVER
`
`AREA MANAGEMENT
`SERVER
`
`
`
`SERVICE PROVIDING
`SERVER
`
`
`
`
`
`400
`CLIENT DEVICE
`
`
`
`500
`
`SECURE CHIP
`
`APPL-1007
`APPLE INC. / Page 1 of 26
`
`

`

`eb
`
`
`
`US 2009/0217047 A1
`
`009
`
`
`
`dIHQ EHITOES
`
`
`
`HOIABO LNBITO
`
`st007·
`
`APPL-1007
`APPLE INC. / Page 2 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 2 of 14
`
`US 2009/0217047 A1
`
`
`
`90|| ,
`
`
`
`ELLY/OI-j? L}{BO
`
`NOLL\/?HE?NEIRO
`
`NOLLOEIS
`
`ERHT)_L\/N?IS
`
`|NOLLY/NEINH5)
`
`NOLLOBS
`
`NOLLOEIS
`
`
`
`NOLLYHENES) HSVH
`
`
`
`
`
`HBAHAS ALIHOHLnw BIVOLILIHHO
`
`00||
`
`LOBS | E|0\/?HO_LS NOI
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPL-1007
`APPLE INC. / Page 3 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 3 of 14
`
`US 2009/0217047 Al
`
`“O0€€‘Sis
`
`AOIAWZS
`
`ONIGIAOUd
`
`YAAYSS
`
`
`
`
`
`YSAYSSLNANADVNVAWVauV
`
`SYNLVNOIS
`
`NOLLVYSNAD
`
`NOLLOSS
`
`
`
`LSITOYLNOOD
`
`NOLLYYAN39
`
`NOLLOZS
`
`SSJ00V
`
`NOLLVYINSD
`
`FLVOLILLYSOCc
`
`
`
`NOLLOASJOVHOLS
`
`NOLLOAS
`
`(202OlZ
`
`NOLLVU3N3OAayNOLLVOINNWODWeonriiao
`NOLLOASNOLLOZSysAY3S
`
`
`
`
`APPL-1007
`APPLEINC./ Page 4 of 26
`
`APPL-1007
`APPLE INC. / Page 4 of 26
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 4 of 14
`
`US 2009/0217047 A1
`
`Z08 :
`
`NOLLOEIS
`
`NO? LWHENERO AEX
`
`
`
`NOLI VÄHENE5)
`
`NOLLOEIS
`
`NOLLOEIS
`
`
`NO? LVRÆNEROLd])(JOS
`-NOLL\/?HEINES)
`
`01€.
`
`NOI LVOINT||NWOO
`
`
`NOLLOEIS
`
`Z 18
`
`NOLLOEIS
`
`NO LLOEIS
`E150\/?JO 1S
`
`
`
`
`
`
`
`}?EAMHBS SONICJIAO He! EKOLARJES
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPL-1007
`APPLE INC. / Page 5 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 5 of 14
`
`US 2009/0217047 A1
`
`NOLLOBS
`
`
`
`
`
`TO}}_LNOKO SSE OO\/
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`NOL1\/O]-[[NBA
`
`NOLLOHS
`
`Holaaq | N=rio 0} V^
`
`NOLLY/OINT||W.WOO
`
`NOLLOEIS
`
`
`
`z?r ,)s
`
`Hae['10EIS
`
`dIHO
`
`APPL-1007
`APPLE INC. / Page 6 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 6 of 14
`
`US 2009/0217047 A1
`
`90 1S
`
`ELVAJENES)
`
`HS\/H
`
`BIVOLALIH=6
`
`001-00Z
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPL-1007
`APPLE INC. / Page 7 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 7 of 14
`
`US 2009/0217047 A1
`
`
`
`AÐ Orland‘EWWN (HEAMHES
`
`
`ISIT TOHINOO
`SSE OOW EI WÄHENERO
`
`:: | \/OL-BILAJEJO
`
`
`
`
`
`
`
`
`
`
`
`00Z009
`
`5) NICJIAO}Jeff
`. &#EAMHES
`
`EKOLAHES
`
`APPL-1007
`APPLE INC. / Page 8 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 8 of 14
`
`US 2009/0217047 A1
`
`- - - - - - - - - - - - - - - - - - - - - - - - as a
`
`a
`
`e - so as as as an as are see
`
`as a
`
`r * "
`
`-
`
`APPL-1007
`APPLE INC. / Page 9 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 9 of 14
`
`US 2009/0217047 A1
`
`CC
`
`APPL-1007
`APPLE INC. / Page 10 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 10 of 14
`
`US 2009/0217047 A1
`
`† 19.S
`
`
`
`BWVN (JBAMBIS Å HIMBA
`
`
`
`J SETTOEN BOIANES
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPL-1007
`APPLE INC. / Page 11 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 11 of 14
`
`US 2009/0217047 Al
`
`
`
`
`
`
`
`LiSid
`
`
`
`
`
`NOLLVOLIOadSFONVY—i>|<eaiy>!GALLIWYadSSIOOVNOsSSOOV40LYWIS||<—VaUV:W3HVGALLIWYAdCALLINUAdSSA00V40GNA!|O00!
`
`
`
`
`
`
`
`
`
`
`
`
`
`SISSAOOVSOIANaS|SAWLL§HOGALLIWYAd“AONSNOI"CSLLINUAdSIPe8YATNO‘01013000||!AONSNO3Y4NONOLLOINLSSYON‘AONSNOTYSSIOOV!|GALLUWYAdSSIOOV||GSLUWYSd‘GaLUWYadSIPPYATNO‘8001'3000SOIANSS|<-—-WHYY
`
`
`
` GALUWYadSSI00VHOSTOULNOOSSa00v—-i>|<10v>||<easy/>||0Z0l:VaNV
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPL-1007
`APPLEINC./ Page 12 of 26
`
`APPL-1007
`APPLE INC. / Page 12 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 12 of 14
`
`US 2009/0217047 A1
`
`
`
`
`
`Kº?!!M/> NELLI RHM. E8 O 1 EQOO BOIA?HES K3}{AMAX
`
`
`
`
`
`-?
`
`APPL-1007
`APPLE INC. / Page 13 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 13 of 14
`
`US 2009/0217047 A1
`
`
`
`(? ?AS) NOLLY/WHO-INI
`
`EKOI/\&|3S
`
`
`
`(IZIO),OJNI HESn ·
`
`BOIA HES
`
`(Z1^S)NOLLYWHO-INI
`
`(IZAS)NOLLYWHO-ANI · EKOLAHES
`
`
`
`
`
`
`
`
`
`(IV)
`
`
`
`NOLLYWHO-INI VENJV,
`
`
`
`(SAS) NOLLYWHO-INI
`
`WELSÅS+
`
`APPL-1007
`APPLE INC. / Page 14 of 26
`
`

`

`Patent Application Publication
`
`Aug. 27, 2009 Sheet 14 of 14
`
`US 2009/0217047 A1
`
`
`
`
`
`
`
`
`
`
`
`809
`
`009
`
`NOLLO3S
`TO}}_LNO O
`
`NO LIVOINT||NWOO
`
`
`
`NOI LOES
`
`/HECIWETH
`
`
`
`{{E}_1 IANA
`
`Å?JOWE W E?JÍTOES
`
`APPL-1007
`APPLE INC. / Page 15 of 26
`
`

`

`US 2009/0217047 A1
`
`Aug. 27, 2009
`
`SERVICE PROVIDING SYSTEM, SERVICE
`PROVIDING SERVER AND INFORMATION
`TERMINAL DEVICE
`
`outside can be prevented. Also, for the service provider, it has
`the advantage that an application can be developed compara
`tively freely.
`
`CROSS REFERENCES TO RELATED
`APPLICATIONS
`0001. The present application contains subjected matter
`related to Japanese Patent Application JP 2007-305837 filed
`in the Japan Patent Office on Nov. 27, 2007, the entire con
`tents of which being incorporated herein by reference.
`
`BACKGROUND OF THE INVENTION
`
`0002 1. Field of the Invention
`0003. The present invention relates to a service providing
`system, a service providing server and an information termi
`nal device.
`0004 2. Description of the Related Art
`0005. In recent years, a contact-type or a non-contact type
`IC (Integrated Circuit) card has become more frequently used
`in various situations. For example, Such cards include a credit
`card or a cash card used in a financial institution, an IC card
`used at ticket gates of public transportation, an IC card used
`for payment at a restaurant or other retail stores, and the like.
`A mobile phone, a communication terminal oran information
`processor and the like, Such as a personal computer and the
`like, provided with the functions of such IC cards are also
`becoming widespread.
`0006. A mobile phone and the like provided with an IC
`card or an IC card function has, embedded therein, an IC chip
`called secure chip capable of securely holding data. The
`secure chip stores, for example, data Such as settlement infor
`mation or ticket check history and an application for realizing
`various services. For example, by sending an instruction to
`the mobile phone and the like provided with the IC card or the
`IC card function, an information processor Such as a reader/
`writer makes the mobile phone and the like execute the appli
`cation stored in the secure chip and reads and writes the data
`in the secure chip.
`0007. In recent years, a technology for securely accessing
`data and applications held in a secure chip via an information
`processing function or a communication function of a mobile
`phone and the like provided with an IC card function has been
`attracting attention. In many cases, the mobile phone and the
`like has a higher computational capability and a higher com
`munication capability than an IC card itself. Thus, to realize a
`service of higher level, it is desired to use these capabilities.
`However, a secure chip stores data, Such as the remaining
`amount or the settlement information of electronic money or
`important personal information, and so high security for Such
`data is required. Thus, to prevent alteration and the like of data
`stored in a secure chip, an access control technology for
`increasing the security level of the secure chip is desired.
`0008. However, when reading data stored in a secure chip
`or writing data in the secure chip, a conventional mobile
`phone provided with an IC card function executed the process
`via an application installed beforehand in the mobile phone
`and the like. The application is, for example, downloaded
`from an information source according to a secure method set
`by the provider of a communication service for the mobile
`phone and the like. By using Such a method, an execution of
`an operation not intended by a user or an intentional locking
`of a secure chip according to an unauthorized access from the
`
`SUMMARY OF THE INVENTION
`0009. However, as recognized by the present inventors,
`when an access control method using an application is
`adopted, the burden relating to the development of the appli
`cation or the maintenance therefor increases. Then, a method
`can be conceived of developing an application by using a
`script language such as ECMAScript or JavaScript which is
`less burdensome to use in developing the application. To
`realize this method, a mechanism for making a secure chip
`securely execute the application written in a script language
`(hereinafter, “script) is desired. The reason is that an instruc
`tion set described in a script language is in many cases text
`data. Thus, the possibility increases that the instruction set is
`altered on the network and the secure chip is accessed in an
`unauthorized manner, for example.
`0010. Accordingly, the present invention has been made in
`view of the foregoing, and it is desirable to provide a new and
`improved service providing system, a service providing
`server and an information terminal device capable of realiz
`ing a secure access to a secure chip based on a script.
`0011. In order to solve the above issue, according to an
`embodiment of the present invention, there is provided a
`service providing system including an area management
`server holding a first encryption key and a first decryption key
`corresponding to the first encryption key, a service providing
`server connected to the area management server and holding
`a second encryption key and a second decryption key corre
`sponding to the second encryption key and a client device
`connected to the service providing server, capable of access
`ing a tamper-resistant secure chip and holding a third decryp
`tion key.
`0012. The area management server may be provided with
`an access control list generation section generating an access
`controllist (ACL) in which a memory area of the secure chip,
`access to which is permitted to the client device, is described,
`a signature generation section generating a first digital signa
`ture, by using the first encryption key, from the second
`decryption key obtained from the service providing server
`and the access control list and a certificate generation section
`generating a service providing server certificate that includes
`the second decryption key, the access control list and the first
`digital signature.
`0013 The service providing server may be provided with
`an instruction set generation section generating an instruction
`set to be executed by the client server and a signature genera
`tion section generating a second digital signature, by using
`the second encryption key, from the instruction set.
`0014. The client device may be provided with an obtaining
`section obtaining an area management server certificate
`including the first decryption key and a third digital signature
`generated from the first decryption key and which can be
`decrypted by the third decryption key, the service providing
`server certificate and the second digital signature, a verifica
`tion section verifying the area management server certificate
`by using the third decryption key, Verifying the service pro
`viding server certificate by using the second decryption key
`extracted from the area management server certificate and
`Verifying the second digital signature by using the first
`decryption key extracted from the service providing server
`certificate, and an access control section executing the
`
`APPL-1007
`APPLE INC. / Page 16 of 26
`
`

`

`US 2009/0217047 A1
`
`Aug. 27, 2009
`
`instruction set only when the area management server certifi
`cate, the service providing server certificate and the second
`digital signature are properly verified by the verification sec
`tion, and further, the instruction set is decrypted by the access
`control section from the second digital signature by using the
`second decryption key, and the memory area of the secure
`chip to be accessed according to the instruction set is included
`in the memory area of the secure chip indicated by the access
`control list extracted from the service providing server cer
`tificate.
`0015 The service providing system may be configured
`Such that, in addition to the memory area of the secure chip,
`access to which is permitted to the client device, one or both
`of access right information restricting read process or write
`process of the client device and access frequency information
`restricting the frequency of access to the same memory area is
`to be permitted are described in the access controllist, and the
`access control section provided in the client device executes
`the instruction set only when process of accessing the Secure
`chip according to the instruction set meets the condition
`described in the access control list.
`0016 Further, in order to solve the above issue, according
`to another embodiment of the present invention, there is pro
`vided a service providing system including an area manage
`ment server holding a first encryption key and a first decryp
`tion key corresponding to the first encryption key, a service
`providing server connected to the area management server
`and holding a second encryption key and a second decryption
`key corresponding to the second encryption key, an authen
`tication server connected to the area management server and
`holding a third encryption key and a client device connected
`to the service providing server, capable of accessing a tamper
`resistant secure chip and holding a third decryption key cor
`responding to the third encryption key.
`0017. The area management server may be provided with
`an access control list generation section generating an access
`controllistin which memory area of the secure chip, access to
`which is permitted to the client device, is described, a signa
`ture generation section generating a first digital signature, by
`using the first encryption key, from the second decryption key
`obtained from the service providing server and the access
`control list and a certificate generation section generating a
`service providing server certificate that includes the second
`decryption key, the access control list and the first digital
`signature.
`0018. The service providing server may be provided with
`an instruction set generation section generating an instruction
`set to be executed by the client device and a signature gen
`eration section generating a second digital signature, by using
`the second encryption key, from the instruction set.
`0019. The authentication server may be provided with a
`signature generation section generating a third digital signa
`ture, by using the third encryption key, from the first decryp
`tion key obtained from the area management server and a
`certificate generation secretion generating an area manage
`ment server certificate that includes the first decryption key
`and the third digital signature.
`0020. The client device may be provided with an obtaining
`section obtaining the area management server certificate, the
`service providing server certificate and the second digital
`signature, a verification section verifying the area manage
`ment server certificate by using the third decryption key,
`Verifying the service providing server certificate by using the
`second decryption key extracted from the area management
`
`server certificate and Verifying the second digital signature by
`using the first decryption key extracted from the service pro
`viding server certificate and an access control section execut
`ing the instruction set only when the area management server
`certificate, the service providing server certificate and the
`second digital signature are properly verified by the verifica
`tion section, and further, the instruction set is decrypted by the
`access control section from the second digital signature by
`using the second decryption key, and the memory area of the
`secure chip to be accessed according to the instruction set is
`included in the memory area of the secure chip indicated by
`the access control list extracted from the service providing
`server certificate.
`0021. The service providing system may be configured
`Such that, in addition to the memory area of the secure chip,
`access to which is permitted to the client device, one or both
`of access right information restricting read process or write
`process of the client device and access frequency information
`restricting the frequency of access to the same memory area is
`to be permitted are described in the access controllist and the
`access control section provided in the client device executes
`the instruction set only when process of accessing the Secure
`chip according to the instruction set meets the condition
`described in the access control list.
`0022. Further, in order to solve the above issue, according
`to another embodiment of the present invention, there is pro
`vided a service providing server connected to an information
`terminal device that holds a first decryption key and that is
`capable of accessing a tamper-resistant Secure chip and an
`area management server that manages access to the secure
`chip, and holding a second encryption key and a second
`decryption key corresponding to the second encryption key,
`wherein the service providing server has an obtaining section
`obtaining a first certificate that includes the second decryp
`tion key and which can be verified by the first decryption key
`and a second certificate that includes an access control list in
`which memory area of the secure chip, access to which is
`permitted to the information terminal device, is described and
`which can be verified by the second decryption key, an
`instruction set generation section generating an instruction
`set to be executed by the information terminal device and a
`signature generation section generating from the instruction
`set a digital signature which can be verified by using the
`second encryption key, and wherein the service providing
`server sends the first and the second certificates, the digital
`signature and the instruction set to the information terminal
`device.
`0023. In the access control list, in addition to the memory
`area of the secure chip, access to which is permitted to the
`information terminal device, one or both of access right infor
`mation restricting read process or write process of the infor
`mation terminal device and access frequency information
`restricting the frequency of access to the same area is to be
`permitted may be described.
`0024. Further, in order to solve the above issue, according
`to another embodiment of the present invention, there is pro
`vided an information terminal device connected to an area
`management server that manages access to a secure chip and
`a service providing server that holds a second encryption key
`and a second decryption key corresponding to the second
`encryption key, and holding a first encryption key and capable
`of accessing the tamper-resistant secure chip, wherein the
`information terminal device has an obtaining section obtain
`ing a first certificate that includes the second decryption key
`
`APPL-1007
`APPLE INC. / Page 17 of 26
`
`

`

`US 2009/0217047 A1
`
`Aug. 27, 2009
`
`and which can be verified by the first decryption key, a second
`certificate that includes an access control list in which
`memory area of the secure chip, access to which is permitted,
`is described and which can be verified by the second decryp
`tion key and a digital signature which can be verified by using
`the second encryption key from an instruction set to be
`executed by the information terminal device, a verification
`section verifying the first certificate by using the first decryp
`tion key and Verifying the second certificate and the digital
`signature by using the second decryption key extracted from
`the first certificate, and an access control section executing
`the instruction set only when the first and the second certifi
`cates and the digital signature are properly verified by the
`verification section, and further, the memory area of the
`secure chip to be accessed according to the instruction set
`decrypted from the digital signature is included in the
`memory area of the secure chip indicated by the access con
`trol list extracted from a service providing server certificate.
`0025. The information terminal device may be configured
`Such that, in addition to the memory area of the secure chip,
`access to which is permitted to the client device, one or both
`of access right information restricting read process or write
`process of the client device and access frequency information
`restricting the frequency of access to the same memory area is
`to be permitted are described in the access controllist, and the
`access control section executes the instruction set only when
`process of accessing the secure chip according to the instruc
`tion set meets the condition described in the access control
`list.
`0026. According to the embodiments of the present inven
`tion described above, a secure access to a secure chip based on
`a script can be realized.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0027 FIG. 1 is an explanatory diagram showing a service
`providing system according to an embodiment of the present
`invention.
`0028 FIG. 2 is an explanatory diagram showing a con
`figuration of a certificate authority server according to the
`embodiment.
`0029 FIG. 3 is an explanatory diagram showing a con
`figuration of an area management server according to the
`embodiment.
`0030 FIG. 4 is an explanatory diagram showing a con
`figuration of a service providing server according to the
`embodiment.
`0031
`FIG. 5 is an explanatory diagram showing a con
`figuration of a client device according to the embodiment.
`0032 FIG. 6 is an explanatory diagram showing a process
`of issuing an area management server certificate according to
`the embodiment.
`0033 FIG. 7 is an explanatory diagram showing a process
`of issuing a service providing server certificate according to
`the embodiment.
`0034 FIG. 8 is an explanatory diagram showing an
`example of a script page according to the embodiment.
`0035 FIG. 9 is an explanatory diagram showing an
`example of the script page according to the embodiment.
`0036 FIG. 10 is an explanatory diagram showing a pro
`cess of Verification before execution of a script according to
`the embodiment.
`0037 FIG. 11 is an explanatory diagram showing an
`example of an access control list according to the embodi
`ment.
`
`0038 FIG. 12 is an explanatory diagram showing tag
`information according to the embodiment.
`0039 FIG. 13 is an explanatory diagram showing a data
`configuration of a secure memory according to the embodi
`ment.
`0040 FIG. 14 is an explanatory diagram showing a con
`figuration of a secure chip according to the embodiment.
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`0041. Hereinafter, preferred embodiments of the present
`invention will be described in detail with reference to the
`appended drawings. Note that, in this specification and the
`appended drawings, structural elements that have substan
`tially the same function and structure are denoted with the
`same reference numerals, and repeated explanation of these
`structural elements is omitted.
`0042 First, before describing the embodiments of the
`present invention in detail, an outline of the technical concept
`according to an embodiment will be briefly described. The
`technology according to the embodiment described below
`relates to a technology of securely accessing a secure chip by
`using a script.
`0043. Until now, various mechanisms have been con
`ceived for securely executing on a predetermined information
`processor an application, Such as Java and ActiveX, operating
`on a Web browser or an application operating on a mobile
`terminal. For example, there is a mechanism for putting a
`digital signature (hereinafter, “signature') on a hash value of
`these applications and Verifying the signature based on a
`digital certificate (hereinafter, "certificate’) held by the
`execution environment (for example, an information proces
`sor and the like) of the applications. However, in the present
`situation, there is no mechanism for making a secure chip or
`an information processor and the like securely execute an
`instruction (hereinafter, “script and the like') described in
`various Script languages, XML tag or the like.
`0044 As another example, there is a technology of execut
`ing an application securely without using a digital signature.
`The example includes a technology of displaying a message
`such as “This application is not signed. Is it OK to execute the
`application?” to a user when an execution of an unsigned
`application is requested. However, in many cases, the user
`cannot judge whether the application is unauthorized or not.
`Thus, if this technology is used, it results in many of the
`unsigned applications not being executed.
`0045. Further, according to the existing access control
`technology, at the time of accessing a secure chip, a user has
`to go through the trouble of modifying a security setting file or
`installing an application. Further, it is difficult to deal with the
`memory area, access to which is permitted by an area manger
`managing the memory area of the secure chip, as a unit for
`access control.
`0046 Based on the current situation, the present inventors
`have come up with a technology of securely executing a script
`with an area manager managing the memory area of a secure
`chip and a service provider providing a service working in
`cooperation. Especially, the present inventors have come up
`with a technology of an access control technology of securely
`accessing the memory area in the secure chip, access to which
`is permitted by the area manager. As will be described in
`detail below, when applying Such technology, it becomes
`possible to securely control access to the secure chip by a
`Script. Accordingly, the burden relating to the development or
`
`APPL-1007
`APPLE INC. / Page 18 of 26
`
`

`

`US 2009/0217047 A1
`
`Aug. 27, 2009
`
`the management is reduced, and further, it becomes possible
`to deal with the memory area, access to which is permitted by
`an area manger managing the memory area, as a unit for
`access control. Heretofore, the outline has been described.
`0047. With reference to FIG. 1, a configuration of a service
`providing system 1000 according to an embodiment of the
`present invention will be described. FIG. 1 is an explanatory
`diagram showing a configuration example of the service pro
`viding system 1000 according to the present embodiment.
`0048 Referring to FIG. 1, the service providing system
`1000 according to the present embodiment is mainly config
`ured with a certificate authority server 100, an area manage
`ment server 200, a service providing server 300, a client
`device 400 and a secure chip 500. The service providing
`server 300 and the client device 400 are connected via a
`network 10.
`0049. The network 10 is a communications network con
`necting the service providing server 300 and the client device
`400 in such a manner as to enable two-way or one-way
`communication. The network 10 includes, for example, a
`public line network such as the Internet, a telephone network,
`a communication satellite or a multicast communication net
`work, and a dedicated line network Such as a wide area net
`work (WAN), a local area network (LAN), an Internet Proto
`col-Virtual Private Network (IP-VPN) or a wireless LAN, and
`it may be wired or wireless. Accordingly, the service provid
`ing server 300 is capable of sending information to the client
`server 400 via the network 10.
`0050. Further, the functions of the certificate authority
`server 100, the area management server 200 and the service
`providing server 300 are realized by using, for example, a
`Personal Computer (PC) provided with a server function. The
`client device 400 is a terminal device capable of performing a
`contact or a non-contact communication with the service
`providing server 300 via the network 10. The function of the
`client device 400 is realized by, for example, various portable
`terminals such as a mobile phone, a PHS, a portable game
`machine, a portable video/audio player or a Personal Digital
`Assistant (PDA), an information processor such as a PC or a
`home game machine, and an intelligent home appliance Such
`as a DVD/HDD recorder, a television receiver or a tuner/
`decoder for television broadcast.
`0051
`First, with reference to FIG. 2, a configuration of the
`certificate authority server 100 will be described. FIG. 2 is an
`explanatory diagram showing a configuration example of the
`certificate authority server 100 according to the present
`embodiment.
`0052. The certificate authority server 100 is mainly con
`figured with a hash generation section 102, a signature gen
`eration section 104, a certificate generation section 106, a
`communication section 108 and a storage section 110.
`0053. The hash generation section 102 generates an elec
`tronic document including a server name and a public key of
`the area management server 200 obtained from the area man
`agement server 200. The hash generation section 102 gener
`ates a hash value by compressing the electronic document by
`using a hash function. The hash function is a process or a
`function for extracting a typical numeric value having a pre
`determined length from input information. For example,
`MD4, MD5, SHA-1 and the like are used.
`0054 The signature generation section 104 encrypts the
`hash value generated by the hash generation section 102 by
`using a secret key in the certificate authority server 100. The
`signature generation section 104 generates a digital signature
`
`corresponding to the hash value. At this time, the secret key
`held by the certificate authority server 100 is a key that pairs
`with a public key (hereinafter, “root certificate’) held by the
`client device 400. The hash value encrypted by the secret key
`can be decrypted by the root certificate. The root certificate is
`used at the time of using an encryption technology Such as the
`SSL (Secure Sockets Layer), in a browser and the like. The
`certificate generation section 106 generates an area manage
`ment server certificate including the digital signature (en
`crypted hash value), the public key of the area management
`server 200 and the server name of the area management server
`2OO.
`0055. The communication section 108 sends/receives
`information to/from the area management server 200. The
`communication section 108 obtains the server name and the
`public key of the area management server 200 that are used at
`the time of the signature generation section 104 and the cer
`tificate generation section 106 generating the area manage
`ment server certificate. Further, the communication section
`108 sends the generated area management server certificate to
`the area management server 200. The storage section 110
`stores the secret key corresponding to the root certificate held
`by the client device 400. The stored secret key is read by the
`signature generation section 104 as needed to be used. The
`storage section 110 may store the generated area management
`server certificate for a predetermined time.
`0056. With the configuration described above, the area
`management server certificate which can be verified by the
`root certificate held by the client device 400 is issued to the
`area management server 200.
`0057 Next, with reference to FIG.3, a configuration of the
`area management server 200 will be described. FIG. 3 is an
`explanatory di

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket