1. Field of the Invention
The present invention relates to information processing apparatuses, information processing methods, and programs. More particularly, the present invention relates to an information processing apparatus, an information processing method, and a program which are capable of performing a variety of cryptographic processing even in response to a request from a server in a different environment while ensuring the security.
2. Description of the Related Art
In recent years, charging contactless IC chips, such as FeliCa®, embedded in credit cards or mobile phones with electronic money and paying the electronic money for articles have been in widespread use.
In the payment for the articles, it is sufficient for users to hold their credit cards or mobile phones over terminals (readers-writers) installed in shops, so that the users can promptly pay for the articles.
Such an electronic money system has, for example, a structure shown in FIG. 1.
In the electronic money system, a server apparatus 1 and a secure application module (SAM) 2 are provided at the server side and a client apparatus 3 and a reader-writer (R/W) 4 are provided at the client side. The server apparatus 1 is connected to the client apparatus 3 over a network 5.
In the example in FIG. 1, a mobile phone 6 including a contactless IC chip 13 is in proximity to the R/W 4 at the client side. The mobile phone 6 is coupled to the client apparatus 3 over a near-field communication using electromagnetic induction.
A server application 11 installed in the server apparatus 1 communicates with a client application 12 installed in the client apparatus 3 to supply a command (a command executed by the contactless IC chip 13) created in response to a request from the client application 12 to the SAM 2. When the encrypted command is supplied from the SAM 2 to the server application 11, the server application 11 transmits the encrypted command to the client application 12 in the client apparatus 3 over the network 5.
The SAM 2, which is a tamper resistant module, performs cryptographic processing and manages keys used in the cryptographic processing. The SAM 2 encrypts the command supplied from the server application 11 and supplies the encrypted command to the server application 11. The SAM 2 and the contactless IC chip 13 have a common key. Transmitting and receiving information encrypted with the common key realizes cryptographic communication between the SAM 2 and the contactless IC chip 13.
The client application 12 in the client apparatus 3 transmits a predetermined request to the server application 11 in the server apparatus 1. When the command is transmitted from the server application 11 to the client application 12, the client application 12 transmits the command to the contactless IC chip 13 through the R/W 4 to cause the contactless IC chip 13 to execute the command.
The contactless IC chip 13 decrypts the encrypted command transmitted from the SAM 2 through the R/W 4 and so on and executes the decrypted command. When the command instructs update of the electronic money, the command includes information concerning the amount of updated money.
For example, when a user of the mobile phone 6 pays the electronic money stored in the contactless IC chip 13 for an article which the user has bought in the electronic money system having the above structure, the client application 12 in the client apparatus 3 transmits a request to pay for the article to the server application 11 in the server apparatus 1 and the server application 11 receives the request to create a command (Read command) requesting the contactless IC chip 13 to read out the balance of the electronic money.
The Read command created by the server application 11 is encrypted in the SAM 2 and, then, is transmitted to the contactless IC chip 13 through the server application 11 in the server apparatus 1, the network 5, the client application 12 in the client apparatus 3, and the R/W 4. The transmitted Read command is decrypted and executed in the contactless IC chip 13. The balance read out by executing the Read command is encrypted in the contactless IC chip 13 and, then, is transmitted to the SAM 2 through the R/W 4, the client application 12 in the client apparatus 3, the network 5, and the server application 11 in the server apparatus 1 as a response to the server application 11. The encrypted balance transmitted from the contactless IC chip 13 is decrypted in the SAM 2 and the decrypted balance is supplied to the server application 11.
The server application 11 confirms the current balance of the electronic money stored in the contactless IC chip 13 in the manner described above.
After the confirmation, the server application 11 in the server apparatus 1 creates a command (Write command) requesting the contactless IC chip 13 to update the balance of the electronic money (to update to a balance subtracted by the price of the article).
The Write command created by the server application 11 is encrypted in the SAM 2 and, then, is transmitted to the contactless IC chip 13 through the server application 11 in the server apparatus 1, the network 5, the client application 12 in the client apparatus 3, and the R/W 4, as in the Read command previously transmitted. The transmitted Write command is decrypted and executed in the contactless IC chip 13. The Write command includes information indicating the subtracted balance. The balance of the electronic money stored in the contactless IC chip 13 is subtracted by the price of the article in the manner described above.
For example, after the contactless IC chip 13 transmits a message indicating that the subtraction of the balance terminates to the server application 11, a series of processing terminates. The payment for the article is realized in such a series of processing.
The server-client system having the structure described above realizes, for example, management of points issued by shops and payment for a ticket when the client apparatus 3 is mounted as an automatic ticket checker at a station, in addition to the payment for the article. Also in the management of the points and the payment for the ticket, the same processing as in the payment for the article described above is basically performed by the components in the system shown in FIG. 1.
A server-client system having the structure as shown in FIG. 1 is disclosed in Japanese Unexamined Patent Application Publication No. 2003-141063. A technology of using a digital signature to control access to an internal resource, such as a key, is disclosed in the Japanese Unexamined Patent Application Publication No. 2003-524252.