Configuration certification method, configuration certification system, configuration certificate verification device, and program

The authentication system addresses the challenge of verifying application service configurations in distributed computing environments by generating and verifying authentication certificates, ensuring secure and efficient validation of service configurations.

WO2026140026A1PCT designated stage Publication Date: 2026-07-02NT T INC

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
NT T INC
Filing Date
2024-12-23
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Existing technologies lack a comprehensive mechanism to verify the configuration of application services in a distributed computing environment using confidential computing, which is necessary for ensuring the integrity and security of these services.

Method used

An authentication system comprising a second terminal, an authentication certificate verification device, and an authentication certificate generation device, which generates and verifies authentication certificates for application services, incorporating configuration information of distributed applications, confidential computing environments, and trusted execution environments to prove the configuration of application services.

Benefits of technology

Enables secure and efficient verification of application service configurations in a distributed computing environment, allowing users to validate the integrity and security of these services without requiring extensive manual effort.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure JP2024045437_02072026_PF_FP_ABST
    Figure JP2024045437_02072026_PF_FP_ABST
Patent Text Reader

Abstract

The present invention provides a configuration certification method whereby, in a configuration certification system including a second terminal, a configuration certificate verification device, and a configuration certificate generation device, the configuration certificate verification device certifies the configuration of an application service in a distributed computing environment. The configuration certification method includes: a configuration certificate generating step in which the configuration certificate generation device generates a configuration certificate for the application service; and a configuration certificate verifying step in which the configuration certificate verification device uses configuration information about the application service registered in a recording unit to verify the configuration certificate for the application service.
Need to check novelty before this filing date? Find Prior Art

Description

Attribution method, attribution system, attribution verification device, program

[0001] This invention relates to a technology for verifying the configuration of computer systems, and more particularly to a technology for verifying the configuration of application services running in a distributed computing environment.

[0002] One technique for securely processing information by isolating data and programs in a safe area is to utilize a Trusted Execution Environment (TEE). In the technology described in Non-Patent Document 1, the data and programs in the memory used by the virtual machine (VM) are encrypted using hardware functions (e.g., CPU), thereby making the virtual machine a trusted execution environment. In other words, the virtual machine is protected by isolating it from the host environment, such as the OS and virtualization infrastructure, and from other virtual machines. Because the data and programs in the memory used by the virtual machine are encrypted, it becomes difficult to extract information even if the host environment is compromised, such as through unauthorized operation or operational errors by the host machine's administrator or operator.

[0003] Also, in a trustworthy execution environment, a function is provided to prove that the application using the execution environment is composed of intended hardware and software. The configuration certificate (Attestation Report) generated by this function includes information about the configuration of the application (data and application programs used in the application) and information about the configuration of the trustworthy execution environment (hardware and host environment used to build the trustworthy execution environment). The configuration information of the application and the configuration information of the trustworthy execution environment can be expressed as hash values. In this case, the generation of the configuration certificate is performed, for example, by calculating the hash values of the configuration information of the application and the configuration information of the trustworthy execution environment, recording them in tamper-resistant hardware (e.g., CPU), and generating a signature using the signature key stored in the hardware. Therefore, the configuration certificate includes the hash values and signatures of the configuration information of the application and the configuration information of the trustworthy execution environment.

[0004] In the field of cloud computing, by using a trustworthy execution environment, the practical application of confidential computing (CC: Confidential Computing), which provides an isolated execution environment as a cloud service, has been progressing. For example, in addition to the basic functions of confidential computing such as container management functions and the function of generating configuration certificates, a verification service (Attestation Service) for configuration certificates has been developed (see Non-Patent Document 2 and Non-Patent Document 3). The configuration certificate in this case includes the configuration information of the application built in the confidential computing environment, the configuration information of the confidential computing environment, and the configuration information of the trustworthy execution environment that protects the confidential computing environment.

[0005] AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More, [online], [Retrieved December 3, 2024], Internet <URL: https: / / www.amd.com / content / dam / amd / en / documents / epyc-business-docs / white-papers / SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf> Microsoft Learn Challenge: Sensitive Containers on Azure Kubernetes Service (AKS) (Preview), [online], [Searched December 3, 2024], Internet <URL: https: / / learn.microsoft.com / ja-jp / azure / confidential-computing / confidential-containers-on-aks-preview> Microsoft Learn Challenge: Microsoft Azure Attestation, [online], [searched December 3, 2024], Internet<URL: https: / / learn.microsoft.com / ja-jp / azure / attestation / overview>

[0006] Let's consider a case where application services are provided in a distributed computing environment using confidential computing. Figure 1 shows the configuration of application services in a distributed computing environment. As shown in Figure 1, the distributed computing environment consists of one or more host machines connected by a network so that they can communicate with each other. A host machine consists of hardware such as a CPU and memory, and a host environment such as an OS and virtualization infrastructure. Then, one or more trusted execution environments (TEEs in Figure 1) are built on top of the host environment using the functions provided by the hardware and host environment. Furthermore, one or more confidential computing environments (CC environments in Figure 1) are built within one trusted execution environment. An application service is configured as a combination of one or more distributed applications (distributed APs in Figure 1). A distributed application is an application built using the functions provided by the confidential computing environment and is an application that operates within the confidential computing environment. Therefore, a distributed application can be any application as long as it is built on the confidential computing environment, and a distributed application is not necessarily an application confined to the application layer, but may also be middleware necessary to configure the distributed computing environment. For example, middleware that incorporates a communication module for securely interconnecting trusted execution environments or confidential computing environments, along with a module that provides management functions for that module, is an example of middleware necessary to configure a distributed computing environment, and middleware incorporating these modules is what is referred to as a distributed application in this application.

[0007] The confidential computing environment and application services are developed and provided by the confidential computing provider and the application service provider, respectively. The confidential computing provider also provides the aforementioned configuration certificate verification service. The configuration certificate to be verified by the verification service (hereinafter referred to as the distributed application configuration certificate) includes the configuration information of the distributed application built on the confidential computing environment, the configuration information of the confidential computing environment, and the configuration information of the trusted execution environment that protects the confidential computing environment.

[0008] Application service providers are required to provide application service users with a mechanism to prove the configuration of their application services, that is, a service for generating and verifying configuration certificates for application services. To provide this service, one might consider using a service for generating and verifying configuration certificates for secure computing. However, this service targets only one secure computing environment. Therefore, simply using this service is not sufficient to provide the service for generating and verifying configuration certificates for application services.

[0009] Therefore, the present invention aims to provide a technology for verifying the configuration of application services in a distributed computing environment using confidential computing.

[0010] One aspect of the present invention relates to an authentication system including a second terminal, an authentication certificate verification device, and an authentication certificate generation device, wherein the authentication certificate verification device authenticates the configuration of an application service in a distributed computing environment, comprising: an authentication certificate generation step in which the authentication certificate generation device generates an authentication certificate for the application service; and an authentication certificate verification step in which the authentication certificate verification device authenticates the authentication certificate for the application service using the configuration information for the application service registered in a recording unit, wherein the authentication certificate for a distributed application includes a set of configuration information for the distributed application, configuration information for a confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment protecting the confidential computing environment, the authentication certificate for an application service includes all the authentication certificates for each distributed application constituting the application service, and the configuration information for an application service includes a set of configuration information for each distributed application constituting the application service, configuration information for a confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment protecting the confidential computing environment.

[0011] According to the present invention, it becomes possible to prove the configuration of application services in a distributed computing environment using confidential computing.

[0012] This is a diagram showing the configuration of application services in a distributed computing environment. This is a block diagram showing the configuration of the Attribution Certification System 10. This is a block diagram showing the configuration of the first terminal 100. This is a block diagram showing the configuration of the second terminal 200. This is a block diagram showing the configuration of the Attribution Certification Verification Device 300. This is a block diagram showing the configuration of the Attribution Certification Generator 400. This is a diagram showing the relationship between the configuration of application services in a distributed computing environment and the Attribution Certification Generator 400. This is a sequence diagram showing the operation of the Attribution Certification System 10. This is a sequence diagram showing the operation of the Attribution Certification System 10. This is a block diagram showing the configuration of the second terminal 200. This is a block diagram showing the configuration of the Attribution Certification Generator 400. This is a sequence diagram showing the operation of the Attribution Certification System 10. This is a diagram showing an example of the functional configuration of a computer that realizes each device in an embodiment of the present invention.

[0013] The embodiments of the present invention will be described in detail below. Components having the same function will be numbered identically, and redundant explanations will be omitted.

[0014] <First Embodiment> As described above, an application service in a distributed computing environment consists of one or more distributed applications. Distributed applications operate in a confidential computing environment, and one confidential computing environment on which a distributed application operates is associated with that distributed application. Confidential computing environments are protected by trusted execution environments, and one trusted execution environment is associated with that confidential computing environment.

[0015] Configuration information for a distributed application refers to information about the software and settings used to configure the distributed application; configuration information for a confidential computing environment refers to information about the software and settings used to configure the confidential computing environment; and configuration information for a trusted execution environment refers to information about the hardware, firmware, and software used to configure the trusted execution environment. Note that the configuration information for a distributed application, confidential computing environment, and trusted execution environment can all be expressed as hash values. Any hash function can be used to calculate the hash value.

[0016] [Configuration of the Authentication System 10] The configuration of the Authentication System 10 will be described below with reference to Figures 2 to 6. Figure 2 is a block diagram showing the configuration of the Authentication System 10. Figure 3 is a block diagram showing the configuration of the first terminal 100. Figure 4 is a block diagram showing the configuration of the second terminal 200. Figure 5 is a block diagram showing the configuration of the Authentication Certificate Verification Device 300. Figure 6 is a block diagram showing the configuration of the Authentication Certificate Generation Device 400.

[0017] The certification system 10 includes a first terminal 100, a second terminal 200, a certification verification device 300, and a certification generation device 400, as illustrated in Figure 2. The first terminal 100, the second terminal 200, the certification verification device 300, and the certification generation device 400 are each connected to a network 900. The network 900 can be any network configured to enable communication between the first terminal 100, the second terminal 200, the certification verification device 300, and the certification generation device 400; for example, the Internet can be used.

[0018] As illustrated in Figure 3, the first terminal 100 includes a configuration information generation unit 110, a transmission / reception unit 180, and a recording unit 190. The transmission / reception unit 180 is a component for transmitting and receiving information necessary for processing the first terminal 100 via the network 900. The recording unit 190 is a component for appropriately recording information necessary for processing the first terminal 100. The first terminal 100 is a terminal used by an application service provider.

[0019] As illustrated in Figure 4, the second terminal 200 includes a configuration certificate acquisition unit 210, a verification request unit 220, a transmission / reception unit 280, and a recording unit 290. The transmission / reception unit 280 is a component for transmitting and receiving information necessary for processing the second terminal 200 via the network 900. The recording unit 290 is a component for appropriately recording information necessary for processing the second terminal 200. The second terminal 200 is a terminal used by application service users.

[0020] The configuration certificate verification device 300 includes a configuration information registration unit 310, a configuration certificate verification unit 320, a transmission / reception unit 380, and a recording unit 390, as illustrated in Figure 5. The transmission / reception unit 380 is a component for transmitting and receiving information necessary for processing by the configuration certificate verification device 300 via the network 900. The recording unit 390 is a component for appropriately recording information necessary for processing by the configuration certificate verification device 300. The configuration certificate verification device 300 is a server that verifies the configuration certificates of application services.

[0021] The configuration certificate generation device 400 includes a configuration certificate generation unit 410, a transmission / reception unit 480, and a recording unit 490, as illustrated in Figure 6. The transmission / reception unit 480 is a component for transmitting and receiving information necessary for processing by the configuration certificate generation device 400 via the network 900. The recording unit 490 is a component for appropriately recording information necessary for processing by the configuration certificate generation device 400. The configuration certificate generation device 400 is a server that generates configuration certificates for application services.

[0022] Here, the configuration certificate for an application service includes all the configuration certificates for each of the distributed applications that constitute the application service. The relationship between the configuration of an application service in a distributed computing environment and the configuration certificate generator 400 can be represented, for example, as shown in Figure 7. In Figure 7, the host machines on which each distributed application runs correspond to the devices that generate the configuration certificates for the distributed applications (the generators in Figure 7), and one of these devices corresponds to the configuration certificate generator 400 that aggregates the configuration certificates for the distributed applications and generates the configuration certificate for the application service. The device that functions as the configuration certificate generator 400 that generates the configuration certificate for the application service may be fixed to one of the generators in Figure 7, or it may change dynamically among multiple generators. In the example in Figure 7, the configuration certificate generator 400 configured on the central host machine aggregates the configuration certificates for three distributed applications and generates a configuration certificate for one application service. In this example, the configuration certificate generator 400 directly receives and aggregates the configuration certificates for the distributed applications from each generator, but the method of aggregating the configuration certificates for the distributed applications is not limited to this, and aggregation can be done in any way that can aggregate all the configuration certificates for the distributed applications necessary for generating the configuration certificate for the application service. For example, the configuration certificates for all distributed applications may be aggregated using an aggregation path that takes into account the topology of the distributed applications that make up the application service.

[0023] [Operation of the Attribution Certification System 10] Here, the operation of the Attribution Certification System 10 will be explained with reference to Figures 8 and 9. Specifically, the operation of the Attribution Certification System 10 will be explained in two scenarios: (1) registration of configuration information and (2) verification of the Attribution Certificate.

[0024] (1) Registration of Configuration Information The operation of the configuration verification system 10 in the registration of configuration information will be described below with reference to Figure 8. Figure 8 is an example of a sequence diagram showing the operation of the configuration verification system 10.

[0025] A set of information that can identify the configuration information of a confidential computing environment and the configuration information of a trusted execution environment protecting the confidential computing environment, and the configuration information of the trusted execution environment, shall be registered in advance in the recording unit 390 of the configuration certificate verification device 300. The person who registers this information may be, for example, a confidential computing provider.

[0026] In S110, the configuration information generation unit 110 of the first terminal 100 generates a set of information that can identify the configuration information of each distributed application that constitutes the application service and the configuration information of the confidential computing environment in which the distributed application operates, and generates application service configuration information that includes all of these sets, and the transmitting / receiving unit 180 of the first terminal 100 transmits the application service configuration information to the configuration certificate verification device 300. The transmitting / receiving unit 380 of the configuration certificate verification device 300 receives the application service configuration information.

[0027] In S310, the configuration information registration unit 310 of the configuration certificate verification device 300 registers the configuration information of the application service received in S110 in the recording unit 390, generates a registration result for the configuration information, and the transmitting / receiving unit 380 of the configuration certificate verification device 300 transmits the registration result to the first terminal 100. The transmitting / receiving unit 180 of the first terminal 100 receives the registration result.

[0028] (2) Verification of the Certificate of Attribution The operation of the certificate of attribution system 10 in the verification of the certificate of attribution will be described below with reference to Figure 9. Figure 9 is an example of a sequence diagram showing the operation of the certificate of attribution system 10.

[0029] In S210, the configuration certificate acquisition unit 210 of the second terminal 200 generates a request to acquire a configuration certificate for the application service being used by the application service user, and the transmitting / receiving unit 280 of the second terminal 200 transmits the acquisition request to the configuration certificate generation device 400. The transmitting / receiving unit 480 of the configuration certificate generation device 400 receives the acquisition request.

[0030] In S410, the configuration certificate generation unit 410 of the configuration certificate generation device 400 generates a configuration certificate for each distributed application that constitutes the application service specified in the acquisition request received in S210, generates a configuration certificate for the application service that includes all the generated configuration certificates for the distributed applications, and the transmitting / receiving unit 480 of the configuration certificate generation device 400 transmits the application service configuration certificate to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the application service configuration certificate. The configuration certificate for a distributed application includes a set of configuration information for the distributed application, configuration information for the confidential computing environment in which the distributed application operates, and configuration information for a trusted execution environment that protects the confidential computing environment, and can be, for example, a configuration certificate provided by a confidential computing provider.

[0031] In S220, the verification request unit 220 of the second terminal 200 generates a verification request for the application service configuration certificate received in S410, and the transmitting / receiving unit 280 of the second terminal 200 transmits the verification request to the configuration certificate verification device 300. The transmitting / receiving unit 380 of the configuration certificate verification device 300 receives the verification request. The verification request includes the application service configuration certificate received in S410.

[0032] In S320, the configuration certificate verification unit 320 of the configuration certificate verification device 300 obtains the configuration certificate of the application service included in the verification request received in S220, and uses the configuration information of the application service registered in the recording unit 390 to determine whether each configuration information included in the configuration certificate of the application service matches the configuration information included in the configuration information of the application service corresponding to that configuration information, thereby generating a verification result to prove the configuration of the application service, and the transmitting / receiving unit 380 of the configuration certificate verification device 300 transmits the verification result to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the verification result. In other words, the configuration certificate verification unit 320 of the configuration certificate verification device 300 verifies the configuration certificate of the application service included in the verification request received in S220 using the configuration information of the application service registered in the recording unit 390. Note that, as can be seen from the explanation of (1) registration of configuration information, the configuration information of the application service includes a set of configuration information of the distributed application, configuration information of the confidential computing environment on which the distributed application operates, and configuration information of a trusted execution environment that protects the confidential computing environment, for each distributed application that constitutes the application service.

[0033] <Modification 1> In the verification of the configuration certificate described above, the second terminal 200 sends the application service configuration certificate to the configuration certificate verification device 300. However, the configuration certificate generation device 400 may send it directly to the configuration certificate verification device 300. In this case, the configuration of the second terminal 200 and the configuration certificate generation device 400 will be as shown in Figures 10 and 11, respectively. The operation of the configuration certificate verification system 10 in the verification of the configuration certificate will be as shown in Figure 12. The configuration of the first terminal 100, the configuration of the configuration certificate verification device 300, and the operation of the configuration certificate verification system 10 in the registration of configuration information may remain as shown in Figures 3, 5, and 8, respectively.

[0034] First, the configuration of the second terminal 200 and the configuration certificate generation device 400 will be described with reference to Figures 10 and 11.

[0035] The second terminal 200 includes a verification request unit 220, a transmission / reception unit 280, and a recording unit 290, as illustrated in Figure 10. The second terminal 200 differs from the second terminal 200 of the first embodiment in that it does not include a configuration certificate acquisition unit 210.

[0036] The configuration certificate generation device 400 includes a configuration certificate generation unit 410, a verification request unit 420, a transmission / reception unit 480, and a recording unit 490, as illustrated in Figure 11. The configuration certificate generation device 400 differs from the configuration certificate generation device 400 of the first embodiment in that it includes a verification request unit 420.

[0037] Next, the operation of the attribution system 10 in the verification of the attribution certificate will be described with reference to Figure 12. Figure 12 is an example of a sequence diagram showing the operation of the attribution system 10.

[0038] In S220, the verification request unit 220 of the second terminal 200 generates a verification request for the configuration of the application service being used by the application service user, and the transmitting / receiving unit 280 of the second terminal 200 transmits the verification request to the configuration certificate generation device 400. The transmitting / receiving unit 480 of the configuration certificate generation device 400 receives the verification request.

[0039] In S410, the configuration certificate generation unit 410 of the configuration certificate generation device 400 generates a configuration certificate for each distributed application that constitutes the application service specified in the verification request received in S220, and generates a configuration certificate for the application service that includes all of the generated configuration certificates for the distributed applications.

[0040] In S420, the verification request unit 420 of the configuration certificate generation device 400 generates a verification request for the application service configuration certificate generated in S410, and the transmitting / receiving unit 480 of the configuration certificate generation device 400 transmits the verification request to the configuration certificate verification device 300. The transmitting / receiving unit 380 of the configuration certificate verification device 300 receives the verification request. The verification request includes the application service configuration certificate generated in S410.

[0041] In S320, the configuration certificate verification unit 320 of the configuration certificate verification device 300 obtains the configuration certificate of the application service included in the verification request received in S420, and uses the application service configuration information registered in the recording unit 390 to determine whether each configuration information included in the application service configuration certificate matches the configuration information included in the application service configuration information corresponding to that configuration information, thereby generating a verification result to prove the configuration of the application service, and the transmitting / receiving unit 380 of the configuration certificate verification device 300 transmits the verification result to the configuration certificate generation device 400. The transmitting / receiving unit 480 of the configuration certificate generation device 400 receives the verification result. The transmitting / receiving unit 480 of the configuration certificate generation device 400 transmits the verification result to the second terminal 200. The transmitting / receiving unit 280 of the second terminal 200 receives the verification result. In other words, the configuration certificate verification unit 320 of the configuration certificate verification device 300 verifies the configuration certificate of the application service included in the verification request received in S420 using the application service configuration information registered in the recording unit 390.

[0042] <Modification 2> The configuration certificate for a distributed application included in the configuration certificate for the application service generated in S410 of the first embodiment and modification 1 may include a signature. The signature is generated using a signature key corresponding to a trusted execution environment that protects the confidential computing environment on which the distributed application operates, that is, a signature key stored in the hardware of the host machine on which the trusted execution environment is built. The verification key required to verify the signature is a verification key corresponding to the signature key stored in the hardware of the host machine on which the trusted execution environment is built, and it is preferable to register it in advance in the recording unit 390 of the configuration certificate verification device 300 in combination with the configuration information of the trusted execution environment. Therefore, the configuration information for the application service obtained in S320 includes, for each distributed application constituting the application service, the configuration information of the distributed application, the configuration information of the confidential computing environment on which the distributed application operates, the configuration information of the trusted execution environment that protects the confidential computing environment, and a set of verification keys corresponding to the signature key stored in the hardware of the host machine on which the trusted execution environment is built. Then, in S320, the configuration certificate verification unit 320 of the configuration certificate verification device 300 should verify the signature included in the configuration certificate of the distributed application when verifying the configuration certificate of the application service.

[0043] According to embodiments of the present invention, it becomes possible to prove the configuration of an application service in a distributed computing environment using confidential computing. This allows application service users to easily prove the configuration of an application service without requiring them to perform the same level of work as before.

[0044] <Supplementary Note> The functions realized by the components described in this specification may be implemented in circuitry or processing circuitry including a general-purpose processor, a specific-purpose processor, an integrated circuit, ASICs (Application Specific Integrated Circuits), a CPU (Central Processing Unit), a conventional circuit, and / or a combination thereof, programmed to realize the described functions. The processor includes transistors and other circuits and is regarded as circuitry or processing circuitry. The processor may be a programmed processor that executes a program stored in a memory. Also, the CPU may provide functions of a reliable execution environment.

[0045] In this specification, circuitry, unit, and means are hardware programmed to realize the described functions or hardware that executes them. The hardware may be any hardware disclosed in this specification or any hardware known as being programmed or executing to realize the described functions.

[0046] When the hardware is a processor regarded as being of the circuitry type, the circuitry, means, or unit is a combination of hardware and software used to configure the hardware and / or the processor.

[0047] The above various processes can be implemented by causing the recording unit 2020 of the computer 2000 shown in FIG. 13 to read a program for executing each step of the above method and operating it on the control unit 2010, the input unit 2030, the output unit 2040, the display unit 2050, etc.

[0048] The program describing this processing content can be recorded on a computer-readable recording medium. Examples of computer-readable recording media include any such as magnetic recording devices, optical disks, magneto-optical recording media, semiconductor memories, etc.

[0049] Also, the distribution of this program is carried out, for example, by selling, transferring, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded. Furthermore, it is also possible to configure the distribution of this program by storing the program in the storage device of a server computer and transferring the program from the server computer to other computers via a network.

[0050] A computer that executes such a program, for example, first stores the program recorded on a portable recording medium or the program transferred from a server computer in its own storage device once. And at the time of executing the processing, this computer reads the program stored in its own storage device and executes the processing according to the read program. Also, as another execution form of this program, it is also possible that the computer reads the program directly from the portable recording medium and executes the processing according to the program. Furthermore, each time a program is transferred from the server computer to this computer, it is also possible to sequentially execute the processing according to the received program. Also, it is possible to configure the processing to be executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition without transferring the program from the server computer to this computer. Furthermore, it is also possible to configure the execution of the processing of the terminal by using a so-called SaaS (Software as a Service) type service that allows a part of the server computer to be used by the user together with the program. Note that the program in this embodiment includes information for use in processing by an electronic computer that conforms to the program (data, etc. that are not direct instructions to the computer but have the property of defining the processing of the computer).

[0051] Furthermore, in this configuration, the device is configured by executing a predetermined program on a computer, but at least a part of these processes may be implemented in hardware.

[0052] The present invention is not limited to the embodiments described above, and can be modified as appropriate without departing from the spirit of the invention. Furthermore, the processes described in the above embodiments may not only be executed in chronological order according to the order described, but may also be executed in parallel or individually as needed, depending on the processing capacity of the device performing the process.

Claims

1. An authentication method for an authentication system including a second terminal, an authentication certificate verification device, and an authentication certificate generation device, wherein the authentication certificate verification device certifies the configuration of an application service in a distributed computing environment, comprising: an authentication certificate generation step in which the authentication certificate generation device generates an authentication certificate for the application service; and an authentication certificate verification step in which the authentication certificate verification device certifies the authentication certificate for the application service using the configuration information for the application service registered in the recording unit, wherein the authentication certificate for a distributed application includes a set of configuration information for the distributed application, configuration information for the confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment protecting the confidential computing environment; the authentication certificate for an application service includes all the authentication certificates for each of the distributed applications constituting the application service; and the configuration information for an application service includes a set of configuration information for each of the distributed applications constituting the application service, configuration information for the confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment protecting the confidential computing environment.

2. An configuration certification system comprising a second terminal, a configuration certificate verification device, and a configuration certificate generation device, wherein the configuration certificate verification device certifies the configuration of an application service in a distributed computing environment, the configuration certificate generation device includes a configuration certificate generation unit that generates a configuration certificate for the application service, the configuration certificate verification device includes a configuration certificate verification unit that certifies the configuration certificate for the application service using the configuration information for the application service registered in a recording unit, the configuration certificate for a distributed application includes a set of configuration information for the distributed application, configuration information for the confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment that protects the confidential computing environment, the configuration certificate for the application service includes all the configuration certificates for each distributed application that constitutes the application service, and the configuration information for the application service includes a set of configuration information for each distributed application that constitutes the application service, configuration information for the confidential computing environment on which the distributed application operates, and configuration information for a trusted execution environment that protects the confidential computing environment.

3. A configuration certificate verification device that certifies the configuration of an application service in a distributed computing environment, within a configuration certificate system including a second terminal, a configuration certificate verification device, and a configuration certificate generation device, the configuration certificate verification device includes a configuration certificate verification unit that certifies the configuration certificate of the application service using the configuration information of the application service registered in a recording unit, the configuration certificate of the application service is generated by the configuration certificate generation device, the configuration certificate of a distributed application includes a set of configuration information of the distributed application, configuration information of the confidential computing environment on which the distributed application operates, and configuration information of a trusted execution environment that protects the confidential computing environment, the configuration certificate of the application service includes all the configuration certificates of the distributed application for each of the distributed applications that constitute the application service, and the configuration information of the application service includes a set of configuration information of the distributed application, configuration information of the confidential computing environment on which the distributed application operates, and configuration information of a trusted execution environment that protects the confidential computing environment, for each of the distributed applications that constitute the application service.

4. A program for causing a computer to function as a certificate verification device according to claim 3.