1. Field
The present invention relates to a technique for suppressing leakage of information stored in a non-volatile storage medium utilized with the use of electronic equipment.
2. Description of the Related Art
Conventionally, it has been a problem that secret information stored in electronic equipment is leaked.
For example, there is a possibility that secret information, such as personal information stored in a non-volatile storage medium provided for a mobile phone or a personal computer, is leaked and wrongly used if the mobile phone or the personal computer is stolen.
Accordingly, there is proposed a system in which information stored in electronic equipment is encrypted. Only information required for use, among the information stored in the electronic equipment, is decrypted with the use of an encryption key acquired from a server apparatus connected via a network.
Japanese Patent Laid-Open No. 2004-208184 discloses a secret key management apparatus. The secret key management apparatus manages a secret key used for a public key cryptosystem for performing encryption using a public key and performing decryption with a secret key. The secret key management apparatus includes a secret key storage means for storing a secret key used by an external terminal capable of connecting to the secret key management apparatus via a network in association with information about a user of the external terminal (user information). The secret key management apparatus includes a user-specific information storage means for storing information specific to the user of the external terminal (user-specific information) in association with the user information. The secret key management apparatus includes a user-specific information checking means for checking user-specific information received from an external terminal which requests acquisition of a secret key against the user-specific information stored in the user-specific information storage means. The secret key management apparatus includes a secret key extraction means for, as a result of the checking by the user-specific information checking means, extracting, on the basis of user information corresponding to matched user-specific information, a secret key corresponding to the user information from the secret key storage means.
Thereby, as a result of the checking by the user-specific information checking means, the secret key extraction means extracts a secret key corresponding to the user information about the user only when the user-specific information agrees with the user-specific information stored in the user-specific information storage means.
Therefore, only a user whose identity is authenticated with the use of user-specific information can acquire his or her own secret key.
As a result, a secret key management apparatus can be provided which is capable of safely keeping a user's secret key, preventing a third person from stealing the secret key and which makes it possible to easily take out the secret key.