Conventionally, mobile terminals (hereinafter, “terminal”) do not assume third party software development and consequently, terminal specifications and software configuration are not openly known, affording confidentiality and considerable security of the internal workings of the terminal. Further, as a strategy for authenticity, secure modules (tamper-proof modules, e.g., Subscriber Identity Module Card (SIM)), which assure security, have guaranteed the security of information that must be kept confidential (e.g., encryption keys, user identification information) (for example, refer to Japanese Laid-Open Patent Publication No. 2004-129227 and Japanese Patent No. 4408601).
In other words, information that must be kept confidential can only be used by authentic internal software of the terminal. Consequently, based on whether communication contents received from a terminal have been encrypted using an authentic encryption key guaranteeing security, whether the received contents include user identification information guaranteeing security, etc., an external apparatus can determine whether communication contents are authentic, thereby guaranteeing security.
However, as seen with smart phones, in recent years there has been a shift to disclose terminal specifications and software configuration, which is accompanied by the advancement of third-party software development. As a result, the potential of internal terminal software being read, analyzed, and tampered with by crackers, leading to the development of malicious software is increasing. Further, with secure modules, although third-parties cannot see or tamper with such information, the interfaces for using the device via software are being disclosed. As a result, this information, which must be kept confidential, can be easily read out from the secure module by malicious software.
Consequently, after encrypting fraudulent communication contents using an authentic encryption key or including user information in fraudulent communication contents, malicious software can transmit the fraudulent communication contents to an external apparatus. Thus, the external apparatus cannot determine whether the communication contents are fraudulent, arising in a problem that the authenticity of the communication cannot be guaranteed.