In recent years, so-called smartphones, which are multi-functional mobile telephones having functions of personal computers as a basis, have spread rapidly. It has therefore become possible to offer services using cooperation between such a smartphone and home appliances.
For example, communication between a smartphone and home appliances allows the smartphone to read pieces of information regarding the various home appliances (hereinafter, referred to simply as pieces of “home appliance information”) which are accumulated and held in the respective home appliances.
It is also able to consider services of transmitting the pieces of home appliance information read from the home appliances to a server in a Cloud system via a communication function of the smartphone and then accumulated in the server, not in the smartphone. As a result, based on the pieces of home appliance information accumulated in the server, various kinds of services suitable for a user can be provided.
Application programs installed in smartphones (hereinafter, referred to simply as “applications”) are allowed to be freely distributed. Therefore, smartphones have various security problems such as occurrence of malwares created by falsifying authorized applications.
If a piece of home appliance information as described above is, in particular, privacy information such as an operation history or power consumption information of a home appliance, it is therefore necessary to encrypt the home appliance information before transmitting it to prevent the privacy information from being leaked.
For example, if a piece of home appliance information is transmitted to a server via a smartphone, there is a risk that malware installed in the smartphone makes a main-in-the-middle attack. In order to avoid this, end-to-end cryptographic communication between the home appliance and the serer is necessary.
Here, a key necessary in the end-to-end cryptographic communication is previously stored in both the server and the home appliance to be shared between them. In general, it is necessary to update the key to ensure security.
The above key updating is performed by a manager (management server) that manages a service platform. The details of the key updating are as follows.
First, a master key which only a manager knows is previously stored in both a management server and a home appliance. Here, the management server transmits, to the home appliance, a key encrypted by the master key.
Then, the home appliance receives the encrypted key and decrypts it by using the master key previously stored in the home appliance. The decrypted key is written in a predetermined storage region in the home appliance.
That is the key updating.
Here, there is a case where a service company (hereinafter, referred to as a “third party”) that is not the manager offers services using the service platform managed by the manager. In this case, in order to update a key (third party key) to be used between a server of the third party and the home appliance, it is necessary to encrypt the key by the master key and transmit it to the home appliance. In other words, when updating the third party key, the server of the third party needs to provide the third party key to the management server and ask the management server to encrypt the third party key by the master key.