JP2007004243A - Access control system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To disable browsing to improve safety of information even if a file is lost, stolen, or copied while considering the browsing of an unspecified large number of users. <P>SOLUTION: The file 2 is encrypted with installation position information of a PC 1 as a key. The PC 1 holds the position information acquired by a GPS unit 3. When reading of the file 2 is required from the user (S23), the file 2 requires the position information held by the PC 1 (S24), and matching of the position information (S25) returned to the requirement and the position information used as the encryption key of the file 2 is decided to decrypt the file 2 (S26). The decrypted file 2 is exhibited to the user by the PC 1 (S27). The file 2 may be present near the PC 1 or in a remote place. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an access control system, and more particularly to an access control system capable of improving the safety of information by properly restricting access to a file storing various information.

  Various types of information are digitized and stored as files, and access to information has become easier due to the development of the Internet and the like. Concerning the convenience of various and a large amount of information and various access methods, the security privacy problem that a lot of information is provided to anyone and anywhere, and the information required in a large amount of information The problem of inaccessibility such as difficulty in accessing the network has occurred, and access control is important.

  In the real world, location and time information are essential in the case of logistics. Also, in human activities, for example, in the education field, it is allowed to be distributed only in tests or classrooms in a strictly restricted environment. There are cases in which location (location) and time information is important, such as content that has been recorded.

Access to important information in the real world is restricted by time, place, attributes, and so on. For example, the following situations (1) to (5) are common.
(1) Some meeting materials are collected after the meeting.
(2) The test will be held at a certain venue at a fixed time.
(3) Some documents, such as diplomatic documents, will not be released until a certain time has passed.
(4) Patient charts, X-ray films, etc. cannot be taken out of the hospital.
(5) Even within the same organization, specific documents cannot be accessed if the departments are different.

  Conventional general access control for information digitized and stored as a file gives access rights to a specific person such as an administrator or privileged user, or to an authorized person among general users. . Once a person has been given access to certain information, he or she can access the information from anywhere at any time, physically or network-wise. As means for ensuring access restrictions, authentication using a passphrase, authentication using a card, authentication using biometrics, and the like are common.

In addition, several techniques for restricting access to files stored in a server or the like based on position information and the like have been proposed. For example, Patent Document 1 describes an access control method for restricting access to a file based on position and time information acquired by a GPS receiver or the like. In Patent Document 2, the distance from the predetermined position of the mobile communication terminal is measured to identify the current position of the mobile radio terminal, and the access content to the server is determined according to the identified current position. A communication system that can access a server only when a mobile radio terminal is located within a predetermined area is described.
JP 2000-163379 A Japanese Patent Laid-Open No. 2003-224884

  However, conventional authentication using a general passphrase is based on the user's memory, authentication using a card is based on the user's ability to manage, and biometrics authentication is based on the person's physicality, and file loss. Vulnerability against theft, theft, or duplication has not been sufficiently eliminated.

  In addition, in the access control to the file by the authentication of the person, the same person is not distinguished by time, place, etc., so the person who has been given the right to access certain information can be physically or networked if possible. , You will have access to that information anytime, anywhere.

  In the future, as computerization of education, medical care, health, justice, administration, etc. progresses, it is assumed that content containing a lot of important information such as personal information that is more closely related to daily life will be digitized and distributed over the network. The As described above, it is not sufficient to restrict access to important information in the real world that is assumed in this way, and it is not sufficient to restrict access on a person-by-person basis, and files are lost, stolen, or copied. Access restrictions that work well are also required.

  In the system proposed in Patent Document 1, access control is performed based on position information. First, it is verified whether the input password is valid. If it is determined that the password is valid, the position information is acquired. Access to the file is permitted when the location information is a location within the permitted geographic area.

  Some files may be widely viewed by an unspecified number of users if they are viewed at a predetermined location. In such cases, security measures should be taken against file loss, theft, and copying. It is enough if applied. Even in such a case, requesting the password input deteriorates the convenience. Patent Document 1 also describes file encryption. However, since encryption and decryption are performed using a correspondence table between each file and an encryption key or an allowed geographical area, a special case is described. You need an encryption key.

  The system proposed in Patent Document 2 restricts access based on the current location of the mobile radio terminal, and does not restrict access according to the location of the file. It is not possible to prevent unauthorized browsing by duplication.

  The object of the present invention has been considered in view of the above points, and while considering the browsing of an unspecified number of users, even if a file is lost, stolen, copied, etc., it is impossible to browse and information It is an object of the present invention to provide an access control system that can increase the safety of a computer.

  In order to solve the above problems, the present invention provides an access control system for controlling access from a terminal to a file storing content, when a file encrypted using specific information as a key and a file read request from the terminal are requested. Requesting the terminal location information from the terminal, and when information matching the specific information is obtained based on the location information included in the response to the request, the file is decrypted using the information as a key, A basic feature is that an access control unit that can provide a decrypted file by using the terminal as a browseable terminal is provided.

  Here, the information in which the specific information is encrypted with the viewable position information is stored together with the file, and the information in which the specific information is encrypted with the position information is decrypted using the position information included in the response to the request. When the decrypted information matches the specific information, the file can be decrypted using the information as a key, and the decrypted file can be provided using the terminal as a browseable terminal.

  Further, if the specific information is common position information for a plurality of viewable positions, and the position information of any of the plurality of viewable positions is included in the response from the terminal, the position information is converted into the specific information. Thus, by providing the access control unit with means for generating a key, it is possible to view a file at a plurality of positions.

  The file may be arranged at the same position as the viewable terminal or in the vicinity thereof, or may be arranged at a remote place. In addition, a file, a file browsing function unit, and a self-location information acquisition function unit can be arranged in the browsable terminal, and the file and the self-location information acquisition function unit are arranged in the same device different from the browsable terminal. You can also.

  In addition, the browseable terminal may hold position information acquired by a GPS unit attached to itself, and may hold position information acquired by a mobile phone with a GPS function. Furthermore, it is preferable to provide a certificate authority that authenticates the validity of the position information acquired by the GPS unit using the position information acquired by the mobile phone with the GPS function.

  In the present invention, since the file is encrypted by using the specific information as a key and the information matching the specific information is not obtained based on the location information of the terminal included in the response of the terminal, the file browsing is impossible. Even if a file is lost, stolen, or copied, it is impossible to view the file on a terminal that does not return a response that provides information that matches the specific information. Thus, the safety of information can be improved by limiting the terminals that can be browsed.

  In addition, anyone using a terminal that returns a response that can obtain specific location information can view the file, and there is no need for passphrase authentication, card authentication, biometrics authentication, etc. It is sufficient to limit the viewing location to the position where it should exist, and it can be effectively applied to a system that permits access to an unspecified number of users.

  In addition, since file browsing is restricted by location, it is possible to electronically distribute materials that have been fixed, distributed, collected and disposed on paper media, contributing to the realization of a ubiquitous society. Can do.

  Further, by authenticating the position information used as a key at the time of decryption and ensuring its validity, unauthorized access due to position information forgery can be prevented. It is also possible to use the authenticated location information as an electronic presence certificate of a person or thing.

  Hereinafter, the present invention will be described in detail with reference to the drawings. FIG. 1 is a block diagram showing a first embodiment of a PC system to which the present invention is applied. The PC system of the first embodiment includes a terminal (PC) 1, a file 2 attached to the terminal 1, and a GPS unit 3. The file 2 is arranged at the same position (location) as the terminal 1 and stores various information (contents). Further, the file 2 is encrypted using the specific information, in this case, the installation position information of the terminal 1 (terminal installation position information) as an encryption key, and stores the terminal installation position information. The terminal 1 has a file browsing function, and the file 2 can be browsed under the control of the file 2 or the access control unit of the terminal 1. That is, the terminal 1 is a browseable terminal. Details of the access control will be described later.

  Here, if the original file is F, and y is encrypted with x, A (y, x) is represented as A (y, x), the file after being encrypted using the installation location information L of the viewable terminal 1 as an encryption key E is E = A (F, L). The encryption key can be generated by the function f (X, Y) where X is the east longitude of the installation position of the browseable terminal 1 and Y is the north latitude.

  As a simple specific example, f (X, Y) = X + Y can be considered. In this case, the installation position of the viewable terminal 1 is, for example, X: 140 degrees 30 minutes 15 seconds east, Y: latitude 40 degrees 10 If it is 30 minutes, the number K = 1403015401030 is generated as the encryption key. In practice, f (X, Y) is made a more complicated function to generate an encryption key, making it difficult to guess the encryption.

  The GPS unit 3 acquires its own position information. Since the GPS unit 3 is attached to the browseable terminal 1, the position information acquired thereby matches the installation position information of the browseable terminal 1. The acquired position information is sent to the browseable terminal 1. The browsable terminal 1 holds the position information sent from the GPS unit 3.

  FIG. 2 is a flowchart showing an access control operation in the first embodiment. The browsable terminal 1 periodically sends a position confirmation request to the GPS unit 3 (S21), and the GPS unit 3 sends the position information acquired by itself to the browsable terminal 1 in response thereto (S21). S22). The browseable terminal 1 updates / holds the position information sent from the GPS unit 3, that is, the installation position information of the browseable terminal 1 itself.

  Here, when the user requests reading of the file 2 from the keyboard or mouse of the browseable terminal 1 (S23), the file 2 requests location information from the browseable terminal 1 (S24). In response to this request, the browsable terminal 1 sends the position information held by itself to the file 2 (S25). In FIG. 2, for convenience, the user and the browseable terminal 1 are shown separately.

  The file 2 receives the position information sent from the browseable terminal 1 and executes position determination / decoding (S26). In the position determination, if it is determined that the terminal installation position information stored in the file 2 and the position information sent from the viewable terminal 1 match, the file 2 can be decoded, and if it is determined that they do not match, the file 2 can be decoded. Can not. This is because the file 2 is encrypted using the installation position information of the viewable terminal 1 as an encryption key.

  Note that the above operation of the file 2 in response to the file read request (S23) is a case where the file 2 is configured as a file unit including an access control unit, but this access control unit can also be provided in the viewable terminal 1. In this case, the browseable terminal 1 receives the terminal installation position information from the file 2 and executes position determination / decoding.

  Since the location information sent from the viewable terminal 1 in response to the location information request (S24) matches the location information used as the encryption key of the file 2, the file 2 can be decrypted. That is, the file 2 can be decrypted using the position information sent from the browseable terminal 1 as a key. The decrypted file 2 can be browsed and is presented to the user by a display attached to the browseable terminal 1 (S27).

  Here, when decrypting v with u is represented as Q (v, u), the file F that is decrypted and read out of the encrypted file E is F = Q (E, L) = Q (A ( F, L), L). The file 2 can be presented to the user not only in the display attached to the viewable terminal 1 but also in the form of downloading to a mobile phone or the like via the viewable terminal 1.

  Even if the file 2 is accessed using a terminal arranged at a different position instead of the browsing-enabled terminal 1 and browsing is attempted, the location information used as the encryption key is sent from the terminal to the file 2. Not. Therefore, the file 2 is not decrypted and is not browsed. In this case, it is better to notify the terminal of the fact by displaying that the browsing is impossible.

  In the case of the first embodiment, the file 2 can be decrypted on the condition that the file 2 is arranged at the same position as the installation position of the viewable terminal 1. That is, the file 2 is encrypted using the installation position information of the browseable terminal 1 that should be placed as an encryption key, and the position information where the file 2 is originally placed is located at a position other than the installation position of the viewable terminal 1. Since it is not given, even if it is lost, stolen, or duplicated and distributed alone, it is impossible to browse to another location.

  In addition, if the file 2 is brought to the same position as the location where the viewable terminal 1 is installed, the user can decrypt the file 2 without being particularly conscious, and it is time-consuming to distribute and input a password for personal authentication. Is unnecessary. Therefore, it is sufficient for this access control to limit the viewing location, and it is effective for a system that permits access to an unspecified number of users.

  FIG. 3 is a block diagram showing a second embodiment of the PC system to which the present invention is applied. In FIG. 3, the same or equivalent parts as in FIG. The PC system of the second embodiment includes a browseable terminal 1, a GPS unit 3 attached to the browseable terminal 1, and a server 4, and a file 2 is arranged in the server 4. The browseable terminal 1 and the server 4 are connected via a network (NW) 5. That is, in the second embodiment, the file 2 is arranged at a position different from the installation position of the viewable terminal 1. However, the point that the file 2 is encrypted using the installation position information of the viewable terminal 1 as an encryption key is the same as in the first embodiment of FIG.

  The file 2 stores various contents. The GPS unit 3 acquires its own position information. Also in this case, since the GPS unit 3 is attached to the browseable terminal 1, the position information acquired thereby matches the installation position information of the browseable terminal 1. The acquired location information is sent to the browseable terminal 1, and the browseable terminal 1 holds this location information.

  FIG. 4 is a flowchart showing an access control operation in the second embodiment. The browsable terminal 1 periodically sends a position confirmation request to the GPS unit 3 (S41), and the GPS unit 3 sends the position information acquired by itself to the browsable terminal 1 in response thereto (S41). S42). The browsable terminal 1 updates and holds the position information sent from the GPS unit 3, that is, the installation position information of the browsable terminal 1.

  Here, when the user requests reading of the file 2 from the keyboard or mouse of the browseable terminal 1 (S43), the file 2 requests the browseable terminal 1 to send position information (S44). In response to this request, the browsable terminal 1 sends the position information held by itself to the file 2 (S45).

  The file 2 receives the position information sent from the browseable terminal 1 and executes position determination / decoding (S46). In the position determination, if it is determined that the terminal installation position information stored in the file 2 and the position information sent from the viewable terminal 1 match, the file 2 can be decoded, and if it is determined that they do not match, the file 2 can be decoded. Can not.

  In the second embodiment, the installation position of the viewable terminal 1 is different from the arrangement position of the file 2, but the position information sent from the viewable terminal 1 is the position information used as the encryption key of the file 2. Since they match, file 2 can be decrypted. That is, the file 2 is decrypted using the position information sent from the browseable terminal 1 as a key. The decrypted file 2 can be browsed and presented to the user (S47).

  Even if the file 2 is accessed using a terminal arranged at a different position instead of the terminal 1 that can be browsed and the file 2 is browsed, the position information used as the encryption key is not sent to the file 2. Therefore, the point that the file 2 is not decrypted is the same as in the first embodiment.

  According to the second embodiment, even if the file 2 is not actually arranged at the same position as the installation position of the viewable terminal 1, it is virtual if the file 2 is arranged at the same position as the installation position of the viewable terminal 1. In this case, the file 2 is decrypted and can be presented to the user, so that the arrangement position of the file 2 can be freely set.

  In the above, an embodiment in which file browsing is possible at one place has been described. In the case of the above embodiment, if the original file is F, the encrypted file is E, the browsing position information of the viewable terminal 1 is L, the function to be encrypted is A, and the function to be decrypted is B, the encryption is E = A (F, L) and decoding is represented by F = B (E, L). In order to enable file browsing at multiple locations, it is only necessary to create an encrypted file for each location, but using the following method can enable file browsing at multiple locations. it can.

  In order to enable file browsing at a plurality of positions, position information common to the plurality of positions is generated from the position information Li (i = 1 to n) using the function G, and the position information generated thereby The file is encrypted and decrypted using as an encryption key.

  For example, when the location information of three locations is L1, L2, and L3, the encryption key K = G (L1) = G (L2) = G (L3) is generated from L1, L2, and L3, and the file E is set to E = Encrypt with A (F, K). At the time of decryption, a key K is generated from the position information L1, L2, and L3 input from the terminal using the function G, and decryption is performed using F = B (E, K).

  As is clear from the above description, in the present invention, access to the file 2 is restricted by using position information obtained from the GPS unit 3 attached to the viewable terminal 1 as installation position information of the viewable terminal 1. The validity of the position information obtained from the GPS unit 3 is an important factor for restricting access to the file. Therefore, it is preferable to authenticate the position information obtained from the GPS unit 3 by providing a certificate authority.

  FIG. 5 is a block diagram showing a configuration in the case where the validity of the position information obtained from the GPS unit 3 is authenticated by a certificate authority, and FIG. 6 is a flowchart showing the operation thereof. In a PC system that includes a browseable terminal 1, a file 2 attached to the browseable terminal 1, and a GPS unit 3, the GPS unit 3 is connected to a network (NW) 5. A certificate authority 6 and a mobile phone 7 with a GPS function are further connected to the network (NW) 5.

  The certification authority 6 collects location information from the GPS unit 3 and the mobile phone 7 with GPS function (S61, S62) and confirms a match between them (S63). The GPS unit 3 is transmitted (S64). This position information with proof is sent from the GPS unit 3 to the viewable terminal 1 as the position information (S22, S42) of FIGS. If the mobile phone 7 with GPS function is brought in the vicinity of the terminal 1 that can be viewed, the certification authority 6 sends the location information with certification to the GPS unit 3 and further to the terminal 1 that can be viewed. A user having 7 can browse the file 2 using the browseable terminal 1. Since the certificate authority 6 also authenticates that the mobile phone 7 with GPS function exists in the vicinity of the viewable terminal 1, the location information with proof distributed from now on is used as an electronic existence proof of people and things. It can also be used.

  Although the embodiment has been described above, the present invention is not limited to the above embodiment and can be variously modified. In the present invention, at the time of decryption, a key may be generated based on position information that enables file browsing, and a key may not be generated from other information. Information other than information can also be used.

  For example, file E (E = A (F, k)) after encrypting file F with encryption key k and information J (J = A1) after encrypting encryption key k with terminal installation location information L Save (k, L)) as a set. Decryption of file E (F = B (E, (B (J, L)))) is possible by decrypting key k from J using terminal L when terminal location information L is input And That is, since the key k cannot be obtained unless the terminal installation position information L is input, the file E is not decrypted.

  Even in such a form, file browsing can be made possible at a plurality of positions. In other words, after encrypting file E with encryption key k, file E (E = A (F, k)) and encryption key k are encrypted with location information L1, L2, L3,. Information J1 (J1 = A1 (k, L1)), J2 (J2 = A2 (k, L2)), J3 (J3 = A2 (k, L3)),... Are stored as a set. Decoding file E (F = B (E, (B1 (J1, L1) orB2 (J2, L2) orB3 (J3, L3)))) is input when position information L1, L2, L3 ... is input , Using this L1, L2, L3, ..., decrypt the key k from J1, J2, J3, ... (k = (B1 (J1, L1) orB2 (J2, L2) orB3 (J3, L3 ))). The encryption key k may be any one of the position information L1, L2, L3,.

  Further, for example, a terminal without a GPS unit can be made a browsing-enabled terminal by using a mobile phone with a GPS function alone. In this case, the location information acquired by the mobile phone with the GPS function in the vicinity of the terminal may be input to the terminal and held. You may make it download the decoded file to the mobile phone with a GPS function.

  In the above embodiment, it is assumed that the GPS unit is attached to the terminal and the mutual arrangement between the two is not a problem. However, even when position information within a certain distance from the terminal is given, It can also be viewed. For example, the distance between the terminal and the GPS unit is measured from the signal transmission delay, and the signal transmission delay is within a certain value, so it is confirmed that the GPS unit exists in the vicinity of the terminal and used for file encryption. This can be realized by providing a function of providing position information that matches the position information that has been set. If the distance between the terminal and the GPS unit exceeds a certain value and the file cannot be decoded, a notification to that effect is given.

  It is also preferable to allow a certain error in the position information. This is because, for example, information such as how many digits of the acquired position information are valid and how much error is allowed is included in the header information of the file, and the acquired position information is based on the header information. It can be realized by judging.

  In addition, the file, the file browsing function unit, and the GPS unit can be arranged together in the terminal. Furthermore, both the file and the GPS unit can be arranged in the same device different from the terminal. For example, a file and a GPS unit can be placed in a USB memory, and the file can be viewed by inserting the USB memory into the terminal.

The present invention can be applied to the following services, for example.
(1) In educational institutions such as schools and e-learning, educational content can be viewed only in the classroom. Difficulties in handling copyrights in educational content are considered to be one of the obstacles to the spread of educational content, but it is strictly guaranteed to be viewed only in the classroom using location information. Can be avoided.
・ Create exam questions online by fusing them with networks used for other tasks. Conventionally, test questions are created in an environment shielded from the network. However, by restricting access based on location information, it is possible to work online with a network used in other business.
・ Use the location information when the file is accessed to prove that students are attending classes.
-Make a student's learning history and grades viewable only at the school and the student's home.
(2) Make medical institution / medical information available only within the medical institution. Even if the medical information is taken out of the medical institution, the information content cannot be accessed, which leads to the protection of personal information.
(3) Make personal names such as judicial institutions and court documents undisplayable outside the court.
(4) Information on general commerce and customer activities can be viewed only within the store. For a store, it is important information that a customer visits even if no purchase is made, and the customer visit activity can be grasped by such information.

1 is a block diagram showing a first embodiment of a PC system to which the present invention is applied. It is a flowchart which shows the operation | movement of the access control in 1st Embodiment. It is a block diagram which shows 2nd Embodiment of the PC system to which this invention was applied. It is a flowchart which shows the access control operation in 2nd Embodiment. It is a block diagram which shows the structure in the case of authenticating the correctness of position information with a certification authority. It is a flowchart which shows the authentication operation | movement of a positional information correctness.

Explanation of symbols

1 ... Viewable terminal (PC), 2 ... File, 3 ... GPS unit, 4 ... Server, 5 ... Network, 6 ... Certificate authority, 7 ... With GPS function mobile phone

Claims (10)

In an access control system for controlling access to a file storing content from a terminal,
A file encrypted with specific information as a key,
When a file read is requested from a terminal, the terminal requests the terminal location information, and if information matching the specific information is obtained based on the location information included in the response to the request, the terminal An access control system comprising: an access control unit that decrypts a file using information as a key and that can provide the decrypted file with the terminal as a browseable terminal. Along with the file, information in which the specific information is encrypted with viewable position information is stored, and the access control unit includes information in which the specific information is encrypted with viewable position information in a response to the request If the decrypted information is information that matches the specific information, the file can be decrypted using the information as a key, and the decrypted file can be provided using the terminal as a viewable terminal. The access control system according to claim 1, further comprising an access control unit. The specific information is position information common to a plurality of viewable positions, and when the access control unit includes any position information of the plurality of viewable positions in a response from the terminal, The access control system according to claim 1, further comprising means for converting the position information into the specific information to generate a key. The access control system according to claim 1, wherein the file is arranged at the same position as or near the browsing-enabled terminal. The access control system according to claim 1, wherein the file is arranged in a remote place away from the viewable terminal. The access control system according to claim 1, wherein the file, the file browsing function unit, and the self-location information acquisition function unit are arranged in the browseable terminal. The access control system according to claim 1, wherein the file and the self-location information acquisition function unit are arranged in a device different from the browseable terminal. The access control system according to claim 1, wherein the browseable terminal holds position information acquired by a GPS unit attached to the browseable terminal. The access control system according to claim 1, wherein the browseable terminal holds position information acquired by a mobile phone with a GPS function. The access control system according to claim 8, further comprising an authentication station that authenticates the validity of the position information acquired by the GPS unit by using position information acquired by a mobile phone with a GPS function.

Images