Conventionally, peripheral devices that can each be connected to an information processing device such as a smartphone via an contactless interface such as Bluetooth (registered trademark) are known. In the Bluetooth standard, profiles that define protocols for respective types of devices have been established. If devices that are to communicate with each other have the same profile, communication using the function of the profile is allowed. For example, when the peripheral device is a keyboard, if both the peripheral device and the information processing device have a profile called HID (Human Interface Device Profile), connection can be established between the devices, which enables text entry and the like to the information processing device by use of the keyboard. For example, when the peripheral device is a headphone, if both the peripheral device and the information processing device have a profile called A2DP (Advanced Audio Distribution Profile), connection can be established between them, whereby sound can be transmitted from the information processing device to the headphone.
Meanwhile, in conventional technologies, when a peripheral device using Bluetooth described above is to be used at an information processing device, authentication of the peripheral device is not performed. That is, as long as a peripheral device has a profile as described above, any peripheral device can be connected to and used at an information processing device.
Therefore, an object of the present disclosure is to provide a system and the like that can authenticate a peripheral device as described above when the peripheral device is to be used at an information processing device.
In order to attain the above object, the following configuration examples can be conceived, for example.
One example of a configuration example is a peripheral device capable of performing data communication with a predetermined communication device, and the peripheral device includes a first communication section, a second communication section, a third communication section, and a communication process execution section. The first communication section is configured to transmit, to an authentication server, an encryption key for encrypted communication, identification information which is information capable of uniquely identifying the peripheral device, and signature information which is a digital signature of the identification information. The second communication section is configured to receive, from the authentication server, first data which is data based on a result of an authentication process executed in the authentication server on the basis of the identification information and the signature information transmitted by the first communication section, then, to encrypt, with the encryption key, request information indicating a transmission request for second data, and to transmit the encrypted request information to the authentication server. The third communication section is configured to receive the second data encrypted and transmitted from the authentication server in response to the request information transmitted by the second communication section, then, to decrypt the encrypted second data by use of the encryption key, and to transmit the decrypted second data to the authentication server. The communication process execution section is configured to receive, from the authentication server, third data which is data based on a result indicating that authenticity of the second data transmitted by the third communication section has been confirmed in the authentication server, and then to execute a communication process using fourth data encrypted with the encryption key, between the peripheral device and the predetermined communication device.
According to the above configuration example, when the peripheral device is to be used from the predetermined communication device, authentication of the peripheral device is performed first, and then, the communication process through encrypted communication can be executed. Thus, safety in use of the peripheral device can be enhanced.
Further, as another configuration example, a random number may be used as the second data.
According to the above configuration example, safety in the authentication process can be further increased.
Further, as another configuration example, the peripheral device may further include: a storage section configured to set a valid period of bonding information and then store the bonding information in the storage section, the bonding information being information to be used when the peripheral device is to be re-connected to the predetermined communication device to which the peripheral device has been connected once; and a valid period determination section configured to determine whether the valid period has elapsed, before communication of the peripheral device with the predetermined communication device is started. Then, when the valid period determination section has determined that the valid period has elapsed, the processes by the first communication section, the second communication section, and the third communication section may be executed again, and then the communication process by the communication process execution section may be executed.
According to the above configuration example, while using a highly versatile wireless communication standard, periodic execution of the authentication processes for the peripheral device can be realized. In addition, while enhancing convenience, safety in use of the peripheral device can be ensured.
One example of another configuration example is a wireless communication chip capable of performing Bluetooth communication, the wireless communication chip including a valid period information storage section configured to store therein information of a valid period for which Bluetooth communication with a predetermined communication device is permitted. Further, the information of the valid period may be information indicating a date, or alternatively, the information of the valid period may be a counter for counting a predetermined number of times.
According to the above configuration example, with respect to communication with the predetermined communication device, the valid period for which the communication is permitted can be set. When the valid period has elapsed, for example, a predetermined process for permitting communication, such as the authentication process, can be executed.
One example of another configuration example is a peripheral device capable of performing data communication with a predetermined communication device, and the peripheral device includes a connection section, a bonding information storing section, a valid period storing section, a valid period determination section, and a re-authentication section. The connection section is configured to connect the peripheral device to the predetermined communication device through short-range wireless communication. The bonding information storing section is configured to store, in a storage section, bonding information which is information to be used when the peripheral device is to be re-connected to the predetermined communication device to which the peripheral device has been connected once by the connection section. The valid period storing section is configured to store, in the storage section, valid period information indicating a valid period of the bonding information on the basis of a result of an authentication process for authenticating the peripheral device, the authentication process having been executed between the peripheral device and a predetermined authentication server. The valid period determination section is configured to determine whether the valid period has elapsed, before communication of the peripheral device with the predetermined communication device is started. The re-authentication section is configured to execute again the authentication process that uses the predetermined authentication server when it has been determined that the valid period has elapsed.
According to the above configuration example, the valid period can be set to the bonding information, and when the valid period has elapsed, the authentication process can be executed again.
Further, as another configuration example, the communication between the peripheral device and the predetermined communication device may be performed in the form of Bluetooth (registered trademark) communication.
According to the above configuration example, while using a highly versatile wireless communication standard, periodic execution of the authentication processes for the peripheral device can be realized. In addition, while enhancing convenience, safety in use of the peripheral device can be ensured.
One example of another configuration example is a computer-readable non-transitory storage medium having stored therein an application program to be executed by a computer of a predetermined communication device that uses a predetermined peripheral device communicably connected thereto, the application causing the computer to perform operations including: receiving a transmission request for an application ID from the peripheral device; transmitting the application ID of the application program that has been activated, to the peripheral device in response to the transmission request; and executing a predetermined process involving a communication process with the peripheral device when verification of the application ID in the peripheral device has succeeded. It should be noted that the application ID may be an ID inherent to each application. The computer-readable storage medium here includes, for example, a flash memory, magnetic media such as ROM and RAM, and optical media such as CD-ROM, DVD-ROM, and DVD-RAM.
According to the above configuration example, when a peripheral device is to be used, authenticity of the peripheral device can be confirmed. In addition, on the peripheral device side, authenticity of the application that is to serve as the communication counterpart can be confirmed.
One example of another configuration example is an application program to be executed by a computer of a predetermined communication device communicably connected to a predetermined server, the application program causing the computer to perform operations including: receiving a transmission request for an application ID from the server; transmitting the application ID of the application program that has been activated, to the server in response to the transmission request; and executing a predetermined process involving a communication process with a predetermined peripheral device. Then, when verification of the application ID in the server has succeeded after the application ID had been transmitted, execution of the predetermined process involving the communication process with the predetermined peripheral device is permitted. It should be noted that the application ID may be an ID inherent to each application.
According to the above configuration example, at the time of the authentication process for the peripheral device, authenticity of the application that is to serve as the communication counterpart of the peripheral device can be confirmed.
One example of another configuration example is an application program to be executed by a computer of a predetermined communication device communicably connected to a predetermined server, the application program causing the computer to perform operations including: receiving a transmission request for a client certificate from the server; transmitting the client certificate stored in a storage section of the predetermined communication device, to the server in response to the transmission request; and executing a predetermined process involving a communication process with a predetermined peripheral device. Then, when verification of authenticity of the client certificate in the server has succeeded after the client certificate had been transmitted, execution of the predetermined process involving the communication process with the predetermined peripheral device is permitted.
According to the above configuration example, when the peripheral device is to be used, high reliability of the application program and the communication device serving as the communication counterpart of the peripheral device can be confirmed.
One example of another configuration example is an information processing system including a server, a predetermined communication device, and a peripheral device capable of performing data communication with the predetermined communication device. The peripheral device includes: a first communication section, a second communication section, a third communication section, and a communication process execution section. The first communication section is configured to transmit, to the server, an encryption key for encrypted communication, identification information which is information capable of uniquely identifying the peripheral device, and signature information which is a digital signature of the identification information. The second communication section is configured to receive, from the server, first data which is data based on a result of an authentication process executed in the server on the basis of the identification information and the signature information transmitted by the first communication section, then, to encrypt, with the encryption key, request information indicating a transmission request for second data, and to transmit the encrypted request information to the server. The third communication section is configured to receive the second data encrypted and transmitted from the server in response to the request information transmitted by the second communication section, then, to decrypt the encrypted second data by use of the encryption key, and to transmit the decrypted second data to the server. The communication process execution section is configured to receive, from the server, third data which is data based on a result indicating that authenticity of the second data transmitted by the third communication section has been confirmed in the server, and then to execute a communication process using fourth data encrypted with the encryption key, between the peripheral device and the predetermined communication device. The server includes: an authentication processing section, a first data transmission section, a second data transmission section, and a third data transmission section. The authentication processing section is configured to execute an authentication process regarding the peripheral device on the basis of the identification information and the signature information transmitted by the first communication section. The first data transmission section is configured to transmit, to the peripheral device, the first data based on a result of the authentication process. The second data transmission section is configured to, in response to the request information transmitted by the second communication section, encrypt the second data by using the encryption key and transmit the encrypted second data to the peripheral device. The third data transmission section is configured to confirm authenticity of the second data transmitted by the third communication section, and to transmit the third data based on a result of the confirmation, to the peripheral device. Transmission/reception of data between the peripheral device and the server is performed via the predetermined communication device.
According to the above configuration example, when the peripheral device is to be used from the predetermined communication device, authentication of the peripheral device is performed first, and then, the communication process through encrypted communication can be executed. In addition, safety in use of the peripheral device can be enhanced, and further, versatility of the peripheral device can be enhanced.
Further, as another configuration example, data transmitted/received between the peripheral device and the server may have been encrypted. In addition, the peripheral device may further include: an encrypted data transmission section configured to encrypt fifth data with a common key and transmit the encrypted fifth data to the server; a decrypted data reception section configured to receive, from the server, the fifth data decrypted in the server; and a determination section configured to determine authenticity of the server, by determining whether the fifth data before having been encrypted matches the fifth data received by the decrypted data reception section. The server may further include a data decryption section configured to decrypt the encrypted fifth data transmitted by the encrypted data transmission section, and to transmit the decrypted fifth data to the peripheral device being a transmission source thereof.
According to the above configuration example, with respect to the authentication process for the peripheral device, a safer authentication process can be performed.
According to the exemplary embodiments, when a peripheral device is to be used, an authentication process of the peripheral device is performed first, then and after the peripheral device has been authenticated, use of the peripheral device can be permitted. Accordingly, safety in use of the peripheral device can be increased.