JP2007328674A - Information processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To surely prevent leakage/alteration of information inside a portable storage device and illicit use of the portable storage device for surely preventing illicit network connection due to impersonation of a third person. <P>SOLUTION: When the portable storage device 120 is connected to an information processing terminal 110 for executing processing using information inside the portable storage device 120 on the information processing terminal 110, an authentication server 130 carries out quadruple authentication including personal authentication, device authentication, software authentication, and secondary personal authentication on the portable storage device 120. When validity of the portable storage device 120 and its user is authenticated, a processing state by a processing part of the information processing terminal 110 is switched from an internal processing state to an external processing state, in which processing is carried out while using various software and data on the portable storage device 120. In this process, a portable terminal device for authentication has a chargeable secondary battery, and using the secondary battery as a power supply, acquires a biometric data value of the user just before connected to the information processing terminal. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  When a portable storage device (for example, a USB (Universal Serial Bus) memory, a removable hard disk, etc.) for storing various software and data is connected to a connection port in an information processing terminal such as a personal computer, the portable storage device is provided. The present invention relates to an information processing system configured to activate and execute software in an apparatus by a processing unit of an information processing terminal.

  Various tools (application programs, software) used on a personal computer (hereinafter referred to as PC) such as e-mail, schedule management tool, and various games are indispensable in business and private.

  In addition, with the widespread use of mobile phones (mobile phone wireless devices), it has become common to easily exchange e-mail anywhere, anytime, and to use schedule management tools and various games. The same convenience is required for tools.

  However, since various tools used on a PC include data unique to each PC user or specific settings are made for each PC user, the PC of another person can be used on the go. If you want to use various tools in the same situation (environment) as you are using your own PC, if the tool you want to use is installed on another person's PC, start the tool and use the user-specific data It takes a lot of time because it is necessary to input a user name or make a user-specific setting, and after use, it is necessary to delete the input data or cancel the setting.

  In addition, if a tool to be used on another person's PC is not installed, it may take the same trouble as described above after installing the tool, and in some cases, it may take time to uninstall the tool.

  For example, if you need to check email using another person's computer while away from home, set up an account on the remote computer, execute email transmission / reception, check the sent / received email, and then leave it on the computer outside It is very time-consuming to delete such that it does not exist.

  In order to save the trouble and trouble described above, it is conceivable that a user carries his / her notebook PC that he / she normally uses, but it is a burden for the user to always carry a heavy notebook PC. In addition, there are inconveniences such as restrictions on the number of characters and difficulty in typing characters in the e-mail of a mobile phone, so that it is not sufficiently compatible with business. Furthermore, when using a schedule management tool or playing various games on a mobile phone, not only is the screen small and difficult to see, but the operability for data input is poor and difficult to use.

  Thus, for example, Patent Document 1 below discloses a USB device that operates when a built-in program is activated when inserted into a USB port. Specifically, when this USB device is connected to the USB port of the PC main body, it activates an automatic startup program to operate the email program according to the settings in the setting file stored in the device, The attached file is stored in the device.

By using such a USB device, a mailer dedicated to the user can be easily used on another person's PC on the go, and the contents of the transmitted / received mail are stored in the device, so that security can be improved.
JP 2003-178017 A (first page, FIG. 1)

  By the way, in recent years, devices (portable storage devices) such as portable hard disk recorders and USB memories having a large-capacity storage function have become widespread, and each user can use the device for personal use. It is conceivable to carry various customized tools (application programs, software) and original data.

  The user can carry the original data and the program and usage environment that he / she normally uses without carrying a heavy notebook PC by carrying the device as described above. It is possible to realize an environment that is normally used by a user, and to realize various processes using original data.

  However, various tools customized for personal use and devices storing original data are small and easy to carry, so they can be lost by carelessness of the user, or they can be stolen by malicious third parties. The possibility is also high.

  In the unlikely event that the device is lost or stolen, the information (software and data) in the device may be leaked or tampered with. It is desired to ensure the security performance of information in the device.

  In addition, there has been a serious problem that there is no method for confirming whether or not the portable storage device is being used by an authentic person when the portable storage device is used or started.

  Furthermore, if an authentication device for obtaining personal identification information is added to a notebook PC or portable storage device, it will be necessary to modify the notebook PC or portable storage device itself to make a dedicated device. There is also a new problem that it becomes impossible to use a PC or a portable storage device.

  The present invention has been devised in view of such problems, and ensures the security performance of the portable storage device even if the portable storage device is lost or the portable storage device is stolen. In addition, it is possible to reliably prevent leakage / falsification of information in the portable storage device and unauthorized use of the portable storage device, and an unauthorized network by impersonation of a third party without making the portable storage device a dedicated configuration. The purpose is to further improve the security performance by reliably preventing connection.

The present invention as means for solving the above-described problems is as described below.
(1) The invention according to claim 1 includes at least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and the processing unit An information processing terminal having a connection port into which a connector on the external device side is inserted in order to connect an external device, a storage function for storing various software and data, and connected to the connection port as the external device A portable storage device, and a personal identification function for sending personal identification information when the user's identity is confirmed by detecting a biometric data value or usage position of the user, and the connection A portable terminal device for authentication that can be connected to a port as the external device, and the portable device that is connected to the information processing terminal and connected to the connection port of the information processing terminal An authentication server that performs authentication of the storage device, and the information processing terminal recognizes that the portable storage device is connected to the connection port; and When recognizing that a portable storage device is connected, authentication request means for requesting the authentication server to authenticate the portable storage device, and executed by the authentication server in response to a request by the authentication request means As a result of authentication, when the validity of the portable storage device and the user of the portable storage device is authenticated, the processing state by the processing unit is displayed as software and data stored on the information processing terminal side. The various types of software and data stored in the portable storage device are stored in the portable storage device from an internal processing state in which the portable storage device is used. Switching means for switching to an external processing state for performing processing while being used above, and when the authentication server receives an authentication request for the portable storage device from the information processing terminal, An individual who determines whether or not the user is a valid user based on personal authentication information input from the input unit of the information processing terminal by the user, and performs the first personal authentication of the user Upon receiving an authentication request for the portable storage device from the authentication unit and the information processing terminal, the portable storage device is managed by the authentication server based on device identification information automatically read from the portable storage device A device authentication unit that determines whether the device is a device and performs device authentication of the portable storage device; and software stored in the portable storage device (hereinafter, referred to as “device authentication”). The software matches when compared to the software stored when the portable storage device was last connected to the information processing terminal (hereinafter referred to as software at logoff). Software authentication by determining whether or not to perform authentication, and secondary authentication means for performing secondary personal authentication of the user based on the identity verification information, and the user using the personal authentication means The personal authentication is performed, the apparatus authenticating unit authenticates that the portable storage device is a management target apparatus of the authentication server, and the secondary authenticating unit authenticates the portable storage device. When secondary personal authentication is performed as a user, it is determined that the legitimacy of the user of the portable storage device and the portable storage device has been authenticated, Is notified to the information processing terminal as a result of authentication, and the authentication portable terminal device is charged via at least one of an external power supply device, a built-in power generation device, or the connection port. A secondary battery that can be used to obtain a biometric data value of the user before or when connected to the connection port, using the secondary battery as a power source. Information processing system.

  (2) In the invention according to claim 2, the authentication portable terminal device includes a biometric sensor that detects a biometric data value of the user, a meteorological sensor that detects meteorological data in an atmosphere of the user, A threshold value table for preliminarily setting and holding a biometric data threshold value for managing the physical condition of the user for each weather condition, and a biometric data threshold value set for the meteorological condition corresponding to the meteorological data detected by the meteorological sensor Threshold value reading means for searching and reading out the threshold value table, comparison means for comparing the biometric data threshold value read by the threshold value reading means and the biometric data value detected by the biometric sensor, and comparison by the comparison means As a result, when it is confirmed that the user is the user himself / herself, control means for sending the person confirmation information is provided, and the control means uses the secondary battery as a power source. Controls to the portable storage device acquires biometric data value of the user when it is previously or connected is connected to the connection port, an information processing system according to claim 1, wherein a.

  (3) The invention according to claim 3 is characterized in that the authentication portable terminal device includes position information acquisition means for acquiring position information, and the control means uses the secondary battery as a power source and the portable storage device The information processing system according to claim 2, wherein control is performed so that position information before or when connected to the connection port is acquired via the position information acquisition unit.

  (4) In the invention according to claim 4, in the authentication server, when the user is not authenticated as a valid user, the software stored in the portable storage device and the software 4. The information processing system according to claim 1, wherein a command for deleting data is given to the information processing terminal to which the portable storage device is connected.

  According to the information processing system of the present invention described above, when the recognition unit recognizes that the portable storage device is connected to the connection port of the information processing terminal, the authentication of the portable storage device is authenticated to the authentication server. Required by request means.

  In the authentication server, the personal authentication unit authenticates that the user is a valid registrant, and the device authentication unit authenticates that the portable storage device is a management target device of the authentication server, and When software authentication (login software and logoff software match) and secondary personal authentication (such as biometric authentication) are performed by the secondary authentication means, the validity of the portable storage device and its user It is determined that it has been authenticated, and that effect is notified from the authentication server to the information processing terminal as a result of authentication by the notifying means.

  When the validity of the portable storage device and the user is authenticated as a result of the authentication executed by the authentication server in response to the request by the authentication request unit, the processing state by the processing unit of the information processing terminal is changed to the switching unit. Thus, the internal processing state can be switched to an external processing state in which processing is performed while using various software and data on the portable storage device.

  As a result, the user stores various kinds of software and original data customized for each user in the portable storage device, and the connector of the portable storage device is connected to the information processing terminal on the go. It is possible to use the original data and the normally used program and usage environment at the information processing terminal on the go without having to carry a heavy notebook PC or the like.

  At that time, as described above, the authentication server performs quadruple authentication such as personal authentication, device authentication, and secondary authentication (software authentication and secondary personal authentication). Even if the device is lost or the portable storage device is stolen, the security performance of the portable storage device is ensured, and the leakage of information in the portable storage device and unauthorized use of the portable storage device are surely prevented. can do.

  In addition, software installed in the portable storage device (login software) and software installed when the portable storage device was last connected to the information processing terminal (authentication server) (logoff software) If the software is completely matched, the processing unit of the information processing terminal performs the portable storage device when the software is completely matched. Can be switched to an external processing state using software and data.

  The authentication portable terminal device for verifying the identity includes a secondary battery that can be charged via at least one of an external power supply device, a built-in power generation device, or a connection port. Since the user's biometric data value is acquired before or when connected to, secure biometric authentication becomes possible.

Therefore, in the unlikely event that information necessary for personal authentication or device authentication (user ID, password, device identification information of a portable storage device, etc.) is stolen, a portable memory that is different from the original portable storage device by a third party About the software held in the impersonation device and the portable storage device corresponding to stolen information, even if trying to make an unauthorized network connection by impersonation by software in the portable storage device using the device It is almost impossible to completely match the software at the time of logoff, and it becomes possible to reliably refuse the connection of the impersonation device to the network, and the security performance can be greatly improved.

  In addition, since the identity verification of the second authentication involving biometric authentication by the authentication portable terminal device cannot be cleared by the impersonation, the second authentication described above reliably rejects the connection of the impersonation device to the network. Security performance can be greatly improved.

  In addition, if the user wants to be authenticated as a legitimate user, the portable storage device is connected from the authentication server with a command to erase software and data stored in the portable storage device. Even if the portable storage device is lost or the portable storage device is stolen, it is more reliably refused to leak data to other than authorized users. Security performance can be greatly improved.

  Note that the authentication portable terminal device for verifying the identity not only operates by supplying power via the connection port when connected to the connection port of the information processing terminal, but also an external power supply device or a built-in power generation device Since the secondary battery that can be charged via at least one of the connection ports is provided, the secondary battery is charged when not in use. Then, using this secondary battery as a power source, before (or immediately before) or when connected to the connection port of the information processing terminal, the user (the owner of the portable storage device or the portable storage device is informed). The biometric data value and the position information of the person who connects to the processing terminal are acquired.

  For this reason, it is possible to confirm whether or not the authentication portable terminal device is being used by a genuine person when the portable storage device is used or started. That is, even before the information processing terminal is turned on, that is, before the power is supplied to the authentication portable terminal device via the connection port of the information processing terminal, the authentication portable terminal device has a built-in secondary Since the biometric data value and the position information are acquired by operating by the battery, the biometric data value and the position information of the user cannot be acquired when the authentication portable terminal device is connected to the information processing terminal. It becomes possible to confirm whether or not the authentication portable terminal device is possessed by a genuine person.

  In this case, the user's hand is touching the authentication portable terminal device until immediately before the authentication portable terminal device is connected to the information processing terminal, but when the connection is completed (from the information processing terminal to the bus power The user's hand is already separated from the portable storage device at the time when power is supplied to the authentication portable terminal device), but according to the present invention, it is possible to obtain a reliable biometric data value. .

  In addition, since it is not necessary to provide detection means for acquiring biometric data values in the information processing terminal or portable storage device, there is no need to use a dedicated information processing terminal or portable storage device. Various information processing terminals and portable storage devices can be used.

Embodiments of the present invention will be described below with reference to the drawings.
[1] Configuration of this embodiment:
[1-1] Overall basic configuration of information processing system:
FIG. 1A is a block diagram showing the configuration of an information processing system as an embodiment of the present invention. As shown in FIG. 1, the information processing system 100 of this embodiment includes an information processing terminal 110, a mobile phone, and the like. Type storage device 120, server 130, authentication portable terminal device 15 possessed by the user
0, and a network 170.

  Here, the information processing terminal 110 is, for example, a personal computer (PC) connected to the network 170, and has a functional configuration as described later with reference to FIG.

  The portable storage device 120 can be connected as an external device to the connection port of the information processing terminal 110. For example, the portable storage device 120 is a storage device such as a portable hard disk recorder, a PCMCIA flash memory, or a USB memory. 1 has a storage unit 120a for storing and holding various tools (application programs, software) and original data customized (see FIG. 1B).

  In addition, the authentication portable terminal device 150 detects the user's biometric data value, and when it is confirmed that the user is an authentic user, the person confirmation function unit that sends the person confirmation information 150b.

  Further, the authentication portable terminal device 150 can be charged via at least one of an external power supply device (such as an AC adapter) or a built-in power generation device (such as a solar power generation unit 150d) or a connection port of the information processing terminal 110 (not shown). A secondary battery 150c is provided, and the personal identification function unit 150b is configured to acquire the biometric data value of the user before the secondary battery 150c is connected to the connection port of the information processing terminal 110 using the secondary battery 150c as a power source. In this charging, various known charging control circuits (not shown) can be used.

  As will be described later with reference to FIG. 2, this portable storage device 120 has a connector 120D (see FIG. 2) on the portable storage device 120 side inserted into a connection port 110D (see FIG. 2) of the information processing terminal 110. Thus, the information processing terminal 110 is connected as an external device.

  Similarly, as will be described later with reference to FIG. 2, the authentication portable terminal device 150 is connected to the connector 150D (see FIG. 2) on the authentication portable terminal device 150 side with the connection port 110D (see FIG. 2) of the information processing terminal 110. ) Is connected to the information processing terminal 110 as an external device. The detailed internal configuration and external configuration of the authentication portable terminal device 150 will be described later.

The server 130 is connected to the information processing terminal 110 through the network 170 so as to be communicable with each other. In this embodiment, as will be described later with reference to FIG. The portable storage device 12 connected to the connection port 110D of the terminal 1
0 and an authentication server for authenticating the mobile terminal device 150 for authentication, (2) information processing terminal 1
An access management server that manages access to encrypted information in the portable storage device 120 connected to the connection port 110D, and (3) a personal information management server that manages personal information files in the portable storage device 120. It has the function of.

  As described above, the network 170 connects the plurality of information processing terminals 110 and the server 130 so that they can communicate with each other, and includes, for example, the Internet, an intranet, and a LAN (Local Area Network). The network 170 may be wired or wireless (such as radio waves or infrared rays).

[1-2] Functional configuration of information processing terminal and portable storage device:
FIG. 2 is a block diagram showing functional configurations of the information processing terminal 110, the portable storage device 120, and the authentication portable terminal device 150 in the information processing system 100 of the present embodiment.
As shown in FIG. 2, an information processing terminal (PC) 110 according to this embodiment includes a processing unit (CPU) 110A, an input unit 110B, an output unit 110C, and a connection port 110D that are usually provided in a general computer. , Storage unit 110E and transmission / reception unit 110F.

The processing unit (CPU: Central Processing Unit) 110A executes various processes by executing a program (software) in the storage unit 110E or the portable storage device 120 described later. When the processing unit 110A executes a program in the portable storage device 120, an OS (Operating System) installed on the information processing terminal 110 (storage unit 110E) side may be used, or a portable type may be used. You may use what was installed in the memory | storage device 120 side. When an OS installed on the portable storage device 120 is used, the OS is not included in encryption information described later, but is included in the portable storage device 120 as predetermined software that is not encrypted.

  The processing unit 110A functions as a recognition unit 111, an authentication request unit 112, and a switching unit 113 by executing a program stored in the storage unit 110E in advance so as to correspond to the authentication server function of the server 130. Functions as the decryption key request unit 114 and the decryption unit 115 by executing a program (predetermined unencrypted software) stored in the portable storage device 120 so as to correspond to the 130 access management server function And a program stored in the portable storage device 120 so as to correspond to the personal information management server function of the server 130 (a program obtained by decrypting encrypted information or a program installed from the server 130 as described later). By executing the personal information search means 116/11 It is adapted to serve as a and notification means 117.

  The input unit 110B inputs information to the processing unit 110A, and includes a keyboard, a mouse, and the like operated by a user of the information processing terminal 110 or the portable storage device 120.

  The output unit 110C outputs a processing result obtained by the processing unit 110A, and is configured by a display such as a CRT (Cathode Ray Tube) or an LCD (Liquid Crystal Display) that displays various types of information.

  The connection port 110D is for inserting a connector on the external device side to connect the external device to the processing unit 110A, and is, for example, a USB (Universal Serial Bus) port or a PCMCIA (Personal Computer Memory Card International Association) port.

  In the present embodiment, as described above, when the portable storage device 120 is connected to the information processing terminal 110 (processing unit 110A), the connector 120D of the portable storage device 120 is inserted into the connection port 110D. It is like that. In the present embodiment, as described above, when the authentication portable terminal device 150 is connected to the information processing terminal 110 (processing unit 110A), the connector 150D of the authentication portable terminal device 150 is inserted into the connection port 110D. It has come to be.

  The storage unit 110E is, for example, a hard disk (HD), and holds and stores various software and data used in processing by the processing unit 110A when the processing state of the processing unit 110A is an internal processing state described later. .

  The transmission / reception unit 110F functions as an interface between the processing unit 110A and the network 170 so that the information processing terminal 110 transmits / receives data to / from the server 130 and other information processing terminals 110 via the network 170. Is.

  As described above, the portable storage device 120 stores and holds various tools (application programs and software) customized for each user and original data for each user, and is a connector on the portable storage device 120 side. By inserting 120D into the connection port 110D of the information processing terminal 110, the processing unit 110A of the information processing terminal 110 is connected. In the portable storage device 120, software and data other than predetermined software (programs or OSs that cause the processing unit 110A to function as the decryption key request unit 114 and the decryption unit 115) out of various software and data are included. , And stored as encrypted information encrypted using an encryption key managed by the server 130 (access management server function).

  The encrypted information stored in the portable storage device 120 includes a program customized for each user and original data, and a program that causes the processing unit 110A to function as the personal information search unit 116 / 116a and the notification unit 117. It is included. The portable storage device 120 has a logical RAID (Redundant Arrays of Inexpensive Disk) configuration, and ensures data redundancy and reliability. Furthermore, the application program in the portable storage device 120 operates only in the portable storage device 120 and cannot access a disk or the like (storage unit 110E or the like) on the information processing terminal 110 side.

  The recognizing unit 111 recognizes that the portable storage device 120 is connected to the connection port 110D. When the recognizing unit 111 recognizes that the portable storage device 120 is connected to the connection port 110D, The processing unit 110A of the present embodiment first executes predetermined software (see FIG. 2) that is not encrypted in the portable storage device 120, and functions as the decryption key request unit 114 and the decryption unit 115. .

  The decryption key requesting unit 114 prompts the user of the encrypted information (that is, the portable storage device 120) to input authentication information (user ID and password) about the encrypted information through the output unit (display) 110C. Accordingly, the authentication information about the encrypted information input from the input unit 110B by the user is transmitted, and the server 130 (access management server function) transmits the decryption key according to the encrypted information to the transmission / reception unit 110F and The request is made through the network 170.

  The decryption unit 115 decrypts the encrypted information into the original software and data using the decryption key received by the transmission / reception unit 110F from the server 130 (access management server function) in response to the request from the decryption key request unit 114. To do.

  When the authentication request unit 112 recognizes that the portable storage device 120 is connected to the connection port 110D by the recognition unit 111, and the decryption unit 115 decrypts the encryption information of the portable storage device 120, Authentication of the portable storage device 120 is requested to the server 130 (authentication server function).

At that time, the authentication request unit 112 prompts the user of the portable storage device 120 to input authentication information (user ID and password) about the portable storage device 120 through the output unit (display) 110C, and provides the authentication information. Information is input from the input unit 110B, and device identification information (disk ID) is read from the portable storage device 120, and information about software (software at login) held in the portable storage device 120 (specifically, For example, information (product name, product number, etc.) and version information of each software) for identifying each software is read from the portable storage device 120, and further based on the biometric data value from the authentication portable terminal device 150. Receive identity verification information. And authentication request means 11
2 includes identification information input from the input unit 110B, device identification information / software information read from the portable storage device 120, identity verification information from the authentication portable terminal device 150, and the like together with an authentication request. The data is transmitted to the server 130 through the transmission / reception unit 110F and the network 170.

  In this embodiment, as personal authentication information, for example, an ID number and a password are input from the keyboard of the information processing terminal 110 as primary personal authentication. As the primary personal authentication, a separately issued one-time password or the like may be input instead of the ID and password. In this embodiment, a specific example is a case where an ID and a password are used as the primary personal authentication.

  Also, in this embodiment, as the second personal authentication, the information processing terminal 110 transmits the personal identification information based on the biometric data value detected by the biometric sensor of the authentication portable terminal device 150 having the personal identification function through the network 170. A case of transmitting to the server 130 is a specific example.

  When the authentication of the portable storage device 120 and its user is authenticated as a result of the authentication executed by the server 130 (authentication server function) in response to the request from the authentication requesting unit 112, the switching unit 113 is a processing unit 110A. The processing state by the above-described processing is performed using software and data stored on the information processing terminal 110 side (storage unit 110E), and various software and data stored in the portable storage device 120 are processed. The processing is switched to an external processing state in which processing is performed while being used on the portable storage device 120.

  When switching to the external processing state in this way, the processing unit 110A displays a menu screen of an application program that can be used by software stored in the portable storage device 120 on the output unit (display) 110C. .

  In the information processing terminal 110, when the external processing state using the portable storage device 120 is terminated, the switching unit 113 switches the processing state by the processing unit 110A from the external processing state to the internal processing state.

  Further, as a result of authentication performed by the server 130 (authentication server function) in response to a request from the authentication request unit 112, the validity of the portable storage device 120 and its user is not authenticated, that is, the server 130 ( When an authentication failure notification is received from the authentication server function), switching from the internal processing state to the external processing state by the switching unit 113 is prohibited, and authentication is performed for the user of the portable storage device 120 through the output unit 110C. Notification of failure is made.

  The personal information search means 116 / 116a searches for and specifies a personal information file from data (files) in the portable storage device 120 by executing a personal information search program installed in the portable storage device 120. The notification unit 117 notifies the user or the server 130 (personal information management server function) of the search result by the personal information search unit 116 / 116a by executing the personal information search program. Notification to the user is performed through the output unit 110C, for example, and notification to the server 130 (personal information management server function) is performed through the transmission / reception unit 110F and the network 170. The detailed configuration of the personal information searching means 116 and 116a will be described later with reference to FIGS. 4 and 5, respectively.

In the present embodiment, the personal information file (personal information aggregate) holds a predetermined number or more of records including personal information, and the personal information identifies a specific individual by itself or in combination as described above. Information that can be performed (various personal information elements), such as name, date of birth, contact information (address, address, telephone number, mail address), etc. In addition to these, personal information includes titles, basic resident register numbers, account numbers, credit card numbers, license numbers, passport numbers, and the like.

[1-3] Functional configuration of server:
FIG. 3 is a block diagram showing a functional configuration of a server (authentication server / access management server / personal information management server) 130 in the information processing system 100 of this embodiment. As shown in FIG. 3, the server 130 of this embodiment is shown in FIG. Has at least a processing unit 130A, a storage unit 130B, and a transmission / reception unit 130C, which are normally provided in a general server.

  The server 130 of the present embodiment is configured such that the processing unit (CPU) 130A executes the program (software) in the storage unit 130B, thereby fulfilling the following three types of server functions.

(1) Authentication server for authenticating the portable storage device 120 connected to the connection port 110D of the information processing terminal 1 (personal authentication means 131, device authentication means 132, secondary authentication means 133, notification means 134 and recording Means 135).

(2) An access management server (determination unit 136 and decryption key transmission unit 137) that manages access to encrypted information in the portable storage device 120 connected to the connection port 110D of the information processing terminal 1.

(3) Personal information management server for managing personal information files in the portable storage device 120 (
Survey means 138 and installation means 139).
The transmission / reception unit 130C functions as an interface between the processing unit 130A and the network 170 so that the server 130 transmits / receives data to / from the information processing terminal 110 via the network 170.

  When the personal authentication unit 131 receives an authentication request for the portable storage device 120 from the information processing terminal 110, the personal authentication information (user) input from the input unit 110B of the information processing terminal 110 by the user of the portable storage device 120 (user) ID and password) to determine whether the user is a legitimate user (a person who has a legitimate access right to the portable storage device 120) and perform the user's primary personal authentication. To do.

  More specifically, the personal authentication unit 131 reads the registration password corresponding to the user ID from the registrant information about the portable storage device 120 that is registered and stored in advance in the server 130 (storage unit 130B). When the registered password read out is compared with the password sent to the server 130 this time, and when these passwords match, the validity of the user is authenticated, while these passwords do not match It is determined that authentication has failed. Note that it is determined that the authentication has failed even when the server 130 (storage unit 130B) does not have a registered password corresponding to the user ID.

  When the device authentication unit 132 receives an authentication request for the portable storage device 120 from the information processing terminal, the device authentication unit 132 determines that the portable storage device 120 is a server based on the device identification information automatically read from the portable storage device 120. It is determined whether or not the device is a management target device 130 (authentication server function), and device authentication of the portable storage device 120 is performed.

More specifically, the device authentication unit 132 reads the device identification information of the management target device registered and stored in advance in the server 130 (storage unit 130B), and this time read from the portable storage device 120 and the server 130. The device identification information transmitted to the device is compared and verified, and when there is matching device identification information, the validity of the portable storage device 120 is authenticated. On the other hand, when there is no matching device identification information, the authentication failure is determined. It is supposed to be.

  The secondary authentication means 133 uses software authentication based on software status confirmation and personal identification information based on biometric data values as secondary authentication following the above-described personal authentication (primary personal authentication) and device authentication. Secondary personal authentication is performed.

  Here, when the secondary authentication unit 133 receives an authentication request for the portable storage device 120 from the information processing terminal 110, the software stored in the portable storage device 120 to be authenticated (login software). And the software stored in the storage unit 130B of the server 130 and stored when the portable storage device 120 was last connected to the information processing terminal 110 (software at logoff). Then, it is determined whether or not these software match, and software authentication is performed as secondary authentication.

  Further, when the secondary authentication unit 133 receives an authentication request for the portable storage device 120 from the information processing terminal 110, the secondary authentication unit 133 has an authentication function possessed by the user who uses the portable storage device 120 to be authenticated. The personal identification information based on the biometric data value detected by the biometric sensor of the mobile terminal device 150 is referenced to perform secondary personal authentication as secondary authentication.

  Further, when the secondary authentication unit 133 receives an authentication request for the portable storage device 120 from the information processing terminal 110, the secondary authentication unit 133 uses the position information obtained by the GPS position detection unit built in the authentication portable terminal device 150. Second personal authentication may be performed by comparing with a predetermined position, a previously delivered position (movement destination), an expected position (movement destination), and the like.

  When the secondary authentication unit 133 determines whether the software matches, the determination whether the information (product name, product number, etc.) for identifying each software matches the version information of each software matches. If not only all software products match but also the versions of each software product match, it is determined that the login software and the logoff software match. It is supposed to be.

  Further, when the processing using the portable storage device 120 is terminated in the information processing terminal 110, the information regarding the software held in the portable storage device 120 at the time of termination is automatically used as the information regarding the log-off software. Thus, it is sucked by the server 130 and is registered and stored in the storage unit 130B in association with information (device identification information or the like) specifying the portable storage device 120.

  The notification unit 134 authenticates that the user is an authorized user by the personal authentication unit 131, and the portable storage device 120 is a management target device of the server 130 (authentication server function) by the device authentication unit 132. If the second personal authentication is performed by the secondary authentication means 133, it is determined that the validity of the portable storage device 120 and the user has been authenticated, and that is authenticated. As a result, the information processing terminal 110 is notified through the transmission / reception unit 130C and the network 170.

In the server 130 (authentication server function), when the personal authentication unit 131 does not authenticate the user as a valid user, or the device authentication unit 132 causes the portable storage device 120 to be connected to the server 130 (authentication). When it is not authenticated that the device is a management target device of the server function), or when the secondary authentication unit 133 determines that the login software and the logoff software do not match, the notification unit 134 Determines that the authentication of the validity of the portable storage device 120 or its user has failed,
This is notified to the information processing terminal 110 as a result of authentication through the transmitting / receiving unit 130C and the network 170.

  When the validity of the portable storage device 120 and its user is authenticated, the recording unit 135 switches the processing state by the processing unit 110A of the information processing terminal 110 to the external processing state and opens the portable storage device 120. For example, it is recorded in the storage unit 130B as a history.

  When receiving the authentication information (user ID and password) about the encrypted information from the information processing terminal 110, the determining unit 136 determines whether the user of the encrypted information is a valid user based on the authentication information. Is determined.

  More specifically, the determination unit 136 reads and reads out a registration password corresponding to the user ID from the registrant information about the encrypted information that is registered and stored in advance in the server 130 (storage unit 130B). The registered password is compared with the password sent to the server 130 this time, and when these passwords match, it is determined that the user is a valid user, while these passwords match. If the registration password corresponding to the user ID does not exist in the server 130 (storage unit 130B), it is determined that the user is not a valid user and the information processing terminal 110 is notified accordingly. It has become.

  When the determination unit 136 determines that the user of the encrypted information is a valid user, the decryption key transmission unit 137 reads the decryption key for decrypting the encrypted information from the storage unit 130B, The information is transmitted to the information processing terminal 110 through the transmission / reception unit 130C and the network 170.

  The investigating means 138, for example, uses the personal information search program in the software in the portable storage device 120 based on the information related to the software at login transmitted from the information processing terminal 110 for software authentication in the secondary authentication. It is investigated whether or not is included.

  When the personal information program is not included as a result of the investigation by the investigation unit 138, the installation unit 139 installs the personal information search program in the portable storage device 120 through the transmission / reception unit 130C, the network 170, and the information processing terminal 110. Is.

[1-4] First example of functional configuration of personal information search means:
FIG. 4 is a block diagram showing a first example (see reference numeral 116) of the functional configuration of the personal information search means in the present embodiment. As shown in FIG. 4, the personal information search means 116 has a quarantine table 116D. , Extraction means 116A, counting means 116B, and determination means 116C, and these functions include personal information installed by the processing means 110A by the installation means 139 of the server 130 (personal information management server function). This is realized by executing a search program or a personal information search program held in advance in the portable storage device 120. Note that the quarantine table 116D is provided in advance from the server 130 (personal information management server function) or is included in the personal information search program, and holds various information serving as a reference for determining a personal information file. ing.

  Here, the extraction unit 116A functions as a text extraction engine that extracts a data file (determination target file) from data stored in the portable storage device 120 to form a text file.

  For each file included in the data in the portable storage device 120, the counting unit 116B includes a quarantine table as a character or character string included in the file (determination target file) and a character or character string that appears characteristically in personal information. A feature character or feature character string preset in 116D is collated, and the number of times the feature character or feature character string appears in the file is counted. A specific example of the quarantine table 116D is shown in FIG. 12 (a), and the operation of the counting means 116B will be described later with reference to FIG. 12 (a).

  The determination unit 116C determines whether the file is a personal information file based on the count result (count value, determination value) by the count unit 116B. In the present embodiment, the determination unit 116C As a search result, a P mark (privacy level mark; a level indicating the high possibility of being a personal information file, a level determined by a determination value described later) of the file held in the portable storage device 120 is determined. Output. The detailed description of the P mark will be made in conjunction with the functional description of the second determination means 1166 shown in FIG.

[1-5] Second example of functional configuration of personal information search means:
FIG. 5 is a block diagram showing a second example (see reference numeral 116a) of the functional configuration of the personal information searching means in this embodiment. As shown in FIG. 5, the personal information searching means 116a has a quarantine table 1167. , Extraction means 1161, extraction means 1162, first determination means 1163, character determination means 1164, collation means 1165 and second determination means 1166, and these functions are also provided by the processing unit 110A. This is realized by executing a personal information search program installed by the installation means 139 of 130 (personal information management server function) or a personal information search program held in advance in the portable storage device 120. Note that the quarantine table 1167 is also provided in advance from the server 130 (personal information management server function) or included in the personal information search program, and holds various types of information serving as a reference for determining a personal information file. ing.

  Here, the first determination unit 1163, the character determination unit 1164, the collation unit 1165, and the second determination unit 1166 function as a personal information file determination unit. As will be described later, the personal information file determination unit of the present embodiment determines whether or not the character string in the character section extracted by the extraction unit 1162 as described later is a personal information element. Based on the determined number of character strings (counting result), it is determined whether the determination target file is a personal information file.

The extraction unit 1161 extracts text data (for example, CSV (Comma Separated Value) format data) of a file in the portable storage device 120 and stores it in a file buffer (not shown), and functions as the text extraction engine. Is. In the file buffer, 2-byte code characters (double-byte characters) are captured so as not to be lost at the end of the file buffer. Further, when data is cut out and taken in from a file buffer to a data shaping buffer (not shown), which will be described later, by the cut-out means 1162, the data is taken into the file buffer accordingly.

  The cutout means 1162 cuts out character sections delimited at a predetermined delimiter position from the text data extracted by the extraction means 1161 and sequentially writes them in a buffer (not shown) to be described later as a determination target / collation target. .

Here, as the predetermined delimiter position, an appearance position of a delimiter character set in advance or a boundary position between a 1-byte code character and a 2-byte code character (a portion where a single-byte character / ASCII character is followed by a double-byte character) Or, a half-width character / ASCII character is followed by a half-width character / ASCII character), or a boundary position between a full-width arithmetic number “0” to “9” and a character excluding the full-width arithmetic number and the hyphen. The delimiter is a delimiter that is a delimiter of the data. Specifically, a half-width space, half-width comma (half-width comma + half-width space is also regarded as a half-width comma), tab character (half-width), CR (Carrige Return) , LF (Line Feed
), “: (Colon)”, “; (semi-colon)”, “>”, “}”, “]”.

  The cutout unit 1162 cuts out and imports text data from the file buffer into the data shaping buffer one character at a time, and when the above-described delimiter position appears, the extraction ends. Also at this time, data is fetched so that a 2-byte code character (double-byte character) is not lost at the end of the data shaping buffer. As a result, in the present embodiment, for example, addresses and names written in full-width characters such as “Taro Sato 0912341234 Minato-ku, Tokyo” or “Taro Sato sato@xxxx.com Tokyo Minato-ku” are written in half-width characters. If the text data such as a telephone number or an e-mail address is mixed without being separated by a delimiter in the text data, for example, an address or name written in full-width characters such as “Taro Sato 0912341234 Tokyo Minato-ku” Even if there is a mixture of numbers and numbers such as phone numbers written in double-byte characters without being separated by delimiters in the text data, for each personal information element such as address, name, phone number, e-mail address, etc. Cutting out the character sections “Taro Sato”, “09012341234”, “Minato-ku, Tokyo”, “sato@xxxx.com”, “09012341234” Possible to become.

  The data (determination target character section) thus taken into the data shaping buffer is taken into the data analysis buffer (not shown) from the data shaping buffer. Characters, katakana, hiragana, symbols other than kanji, etc. are removed. Examples of characters (unnecessary characters) to be removed at this time include half-width spaces, full-width spaces, half-width hyphens, full-width hyphens, underbars, parentheses, question marks, and so on. Symbol characters such as, #, $,%, =, +, *, ¥, /, | are defined. In the present embodiment, it is assumed that the cutting means 112 has a function of removing unnecessary characters as described above.

  The first determination unit 1163 uses the name of the character string taken into the data analysis buffer, that is, the character string (hereinafter simply referred to as the character string) in the character section cut out by the cutting unit 1162 to remove unnecessary characters. Other than the personal information element (specifically, any one of a telephone number, an e-mail address, and an address in this embodiment), the telephone number determination means 1163a, e-mail address determination Functions as means 1163b and address determination means 1163c are provided. Note that the first determination unit 1163 according to the present embodiment performs the character string determination process in order of lighter determination processing load, that is, in the order of a telephone number, an e-mail address, and an address. The first determination unit 1163 checks the size of the data fetched into the data analysis buffer. If the size is 3 bytes or less, the first determination unit 1163 does not determine the data as personal information and does not perform the determination process. It may be.

  The telephone number determination means 1163a determines whether or not the character string corresponds to a telephone number. When the character string satisfies the telephone number determination condition set in the quarantine table 1167, the character string is a telephone number. It judges that it corresponds to a number, notifies the fact to the 2nd judgment means 1166, and terminates the judgment process by the 1st judgment means 1163 with respect to the said character string. In the present embodiment, the phone number determination condition is that the character string is a sequence of 9 to 11 half-width numerals or full-width numerals, the first character (first character) is “0”, and the second character is “0”. ""

The e-mail address determining unit 1163b determines whether or not the character string corresponds to a telephone mail address when the telephone number determining unit 1163a determines that the character string does not correspond to a telephone number. If the character string satisfies the e-mail address determination condition set in the quarantine table 1167, it is determined that the character string corresponds to the e-mail address, and the second determination unit 1166 is notified of this and the character string is determined. The determination process by the first determination unit 1163 is terminated.

In the present embodiment, the e-mail address determination condition is “one or more ASCII characters” + “@ (at sign)” + “one or more ASCII characters” + “. (Dot)” in the character string.
”+“ ASCII character of one or more characters ”is included, and the last character of the character string is a half-width alphabetic character. In this case, the shortest e-mail address is, for example, “a @ aa”, and a character string that ends with a non-English character (for example, a number) such as “123@45.67” is determined not to be an e-mail address. It will be. According to the e-mail address determination condition, data less than 5 bytes is not subject to e-mail address determination, and no determination process is performed.

  The address determination unit 1163c determines whether or not the character string corresponds to an address (residence) when the e-mail address determination unit 1163b determines that the character string does not correspond to an e-mail address. When the character string satisfies the address determination condition set in the quarantine table 1167, it is determined that the character string corresponds to an address, and the second determination unit 1166 is notified of this.

  In the present embodiment, the address determination condition includes “1 to 13 full-width characters” + “city” or “ku” or “county” + “one or more full-width characters or half-width characters” in the character string. And the first character of the character string matches the initials of 47 prefecture names or city names in Japan. As a result, for example, a character string that includes a “ward” such as “acceptance classification name” in the middle but has no relation to the address is not erroneously determined as an address. At this time, when the processing capacity of the processing unit 110A is sufficiently high, it may be added to the address determination condition that a 7-digit number corresponding to the postal code is included in addition to the character string. According to the address determination condition, data less than 5 bytes is not subject to determination of an e-mail address, and determination processing is not performed.

  When the first determination unit 1163 determines that the character string does not correspond to any of a telephone number, an e-mail address, and an address, the character determination unit 1164 sets the character string in the quarantine table 1167. Whether the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji characters, It is determined whether or not the first character matches the first character of the last name belonging to the predetermined number of surnames that are more common among Japanese.

  In the present embodiment, the character determination condition is that, as described above, the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji characters. Is set in a general (appropriate) number range, for example, 2 or more and 6 or less as the number of characters of the name. More specifically, the determination condition by the character determination means 1164 is that the character string is a 2-byte code character of 4 bytes to 12 bytes and data within the range of 0x889F to 0xEEEC (Shift-JIS kanji area) ) And the second byte is 0x40 ~ 0x7E or 0x80 ~ 0xFC (Shift-JIS specification), and the first letter matches the first letter of the last name belonging to the top 3000 is there. By targeting the top 3000 surnames, more than 80% of Japanese people can be covered.

The collating unit 1165 is a character section determined by the first determining unit 1163 as not corresponding to any of a telephone number, an e-mail address, and an address, and is within the predetermined range by the character determining unit 1164 and For a character section in which all characters are determined to be kanji, a character / character string included in the character section and an inappropriate character / inappropriate character string preset as a character / character string that cannot appear in the name Is checked to determine whether or not the character section includes an inappropriate character / unsuitable character string, and the result of the verification determination is notified to the second determination means 1166.

  Here, the inappropriate character / unsuitable character string is set in advance in the quarantine table 10c. For example, Tokyo, Osaka, Nagoya, Yokohama, Kyushu, Hokkaido, Kyoto, capital, individual, school, store, stock, prefecture , University, academy, TSE, research, management, general affairs, accounting, sales, general management, pharmaceutical, sales, school, education, specialization, architecture, machinery, corporation, factory, manufacturing, technology, commerce, books, unknown, deputy director, public , Publishing, Advertising, Broadcasting, Target, Wholesale, Retail, Planning, Human Resources, Information, Department, President, Regulatory, General Manager, Section Manager, Section Manager, Director, Head Office, Branch Office, Business, Business, Education, Precision, Petroleum, Transportation, Management , Strategy, material, engineer, electricity, production, tax, public relations, transportation, chief, computer, finance, office work, development, policy, production, economy, industry, finance, banking, research, English, quality, warranty, equipment, charge , Chief, Secretary, Audit, Support, Design, Insurance, Safe, Business, Representative, Transportation, 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th, 9th, Special Sales, Facility, Name, Mail, Name, Name, City Hall, Affiliation, Features, Childhood, Christianity, Association , Church, union, sect, commerce, nationwide, branch, contact, assembly, life, consumption, promotion, city hall, ward office, general, amendment, function, overview, composition, company, organization, association, deletion, document, deadline, valid Characters / character strings that cannot appear in general names such as, maintenance, that is, characters / character strings that are inappropriate as names.

  The second determination unit 1166 determines whether the target file is an individual based on the determination result by the telephone number determination unit 1163a, the e-mail address determination unit 1163b and the address determination unit 1163c in the first determination unit 1163 and the verification determination result by the verification unit 1165. It is determined whether or not the file is an information file.

  More specifically, the second determination unit 1166 receives notification of determination results from the telephone number determination unit 1163a, the e-mail address determination unit 1163b, and the address determination unit 1163c. The number of character sections deemed to be applicable is counted, and the character section determined not to contain inappropriate characters / unsuitable character strings by the matching means 1165 after receiving the matching judgment result from the matching means 1165 corresponds to the name. Count the number.

  Then, the second determination means 1166 is based on the counting results (four count values; the number of telephone numbers, the number of e-mail addresses, the number of addresses, the number of names) for each of the telephone number, e-mail address, address, and name. A determination value that increases as these count values increase is calculated. For example, the second determination unit 1166 may calculate the sum of four count values as the determination value, or set a weighting factor in advance for each of a telephone number, an e-mail address, an address, and a name. The sum of the multiplication results of the weighting coefficient and the count value for the personal information element may be calculated as the determination value, and various methods for calculating the determination value are conceivable.

  When the determination value as described above is calculated, the second determination unit 1166 determines whether or not the determination target file is a personal information file based on the determination value. Specifically, when the determination value exceeds a predetermined threshold, it is determined that the determination target file is a personal information file. In making such a determination, the second determination means 1166 further assigns a P mark (private level mark) according to the size of the determination value to the determination target file and outputs it together with the determination value for ranking. To do. As described above, the P mark is a level indicating the high possibility that the determination target file is a personal information file. The larger the determination value, the higher the P mark is set.

For example, when the determination value is 10 or more, it is determined that the determination target file is a personal information file. When the determination value is 10 or more and less than 100, “P1” is assigned as the P mark, and when the determination value is 100 or more and less than 1000, “P2” is assigned as the P mark. When it is 1000 or more and less than 10,000, “P3” is assigned as the P mark, and when the determination value is 10000 or more, “P4” is assigned as the P mark. It should be noted that the predetermined threshold value for determining the personal information file and the reference value for determining the P mark are appropriately set in the server 130 (personal information management server function). In addition, although the P mark is ranked into four “P1” to “P4” here, the number of ranks is not limited to this.

  The P mark given to the determination target file as described above is transmitted to the server 130 (personal information management server function) via the transmission / reception unit 110F and the network 170 as a search result of the personal information file together with the determination value. The storage unit 130B of 130 stores the management information in association with the identification information for specifying the determination target file. Then, the file with the P mark is managed as a personal information file by the server 130 (personal information management server function) according to the rank of the P mark as described later with reference to FIG.

[1-6] Functional configuration of authentication portable terminal device having identity verification function:
FIG. 9 is a block diagram illustrating a functional configuration of the personal identification function unit 150b of the authentication portable terminal device 150 having the personal identification function in the information processing system 100 according to the present embodiment. FIG. 10 is an external view showing the external configuration of the information processing terminal 110, the portable storage device 120, and the authentication portable terminal device 150 having the identity verification function in the information processing system 100 of the present embodiment.

As illustrated in FIG. 10A, the information processing terminal 110 includes a PCMCIA port 110D, a USB port 110D ′ (110D ″), and the like as the connection port 110D.
As shown in FIG. 10B, the portable storage device 120 can be connected to the connection port of the information processing terminal 110 as an external device, and is, for example, a portable hard disk recorder or a PCMCIA flash memory. Further, although not shown, a USB memory, an SD memory, a CF memory, or the like may be used.

  As shown in FIG. 10C, the authentication portable terminal device 150 can be connected to the connection port of the information processing terminal 110 as an external device. For example, the authentication portable terminal device 150 is connected to the USB port of the information processing terminal 110. Although not shown, it may be a PCMCIA type, an SD memory type, a CF memory type, or the like. In FIG. 10C, a stop operation unit 156 and an answer input unit 157 described later in the authentication portable terminal device 150 are omitted.

  9, the identity verification function unit 150b of the present embodiment includes a CPU 151, a weather sensor 152, a GPS position detection unit 153, a threshold table 154, a biometric sensor 155, a stop operation unit 156, and an answer input unit 157. It is configured with.

  The biometric sensor 155 is arranged on the surface of the authentication portable terminal device 150 and comes into contact with a part of the user's body (for example, a finger), so that the user's biometric data values include body temperature, blood pressure, and heart rate. , Respiratory rate, pulse wave, electrocardiogram, blood oxygen saturation concentration, blood oxygen concentration, and muscle tissue oxygen concentration are detected in a predetermined cycle. In this embodiment, body temperature, blood pressure, Heart rate and respiratory rate shall be detected.

The weather sensor 152 uses temperature, water temperature as weather data of the location where the authentication portable terminal device 150 is located, that is, a place where the user owns the authentication portable terminal device 150 (using the portable storage device 120). , Humidity, atmospheric pressure, water pressure, sunshine status, and ultraviolet light quantity are detected in a predetermined cycle. In this embodiment, the temperature (or water temperature), humidity, atmospheric pressure (or water pressure) is detected. ) Shall be detected.

  The GPS position detection unit (position detection means) 153 is the current location of the authentication portable terminal device 150, that is, the location where the user has the authentication portable terminal device 150 (using the portable storage device 120). The location (longitude / latitude information) is detected at a predetermined cycle by a global positioning system (GPS). At that time, altitude and depth may be detected as the current location of the user. In that case, the position detection means is an altimeter that measures altitude based on atmospheric pressure (it can be substituted with the atmospheric pressure measurement function of the weather sensor) and a depth meter that measures depth based on water pressure (which can be substituted with the water pressure measurement function of the weather sensor) Prepare as.

  The threshold value table 154 stores biometric data threshold values for managing the physical condition of the user in advance for each weather condition, and is created and set by a function as a threshold value setting unit 151b of the CPU 151 described later. Thus, it is stored and stored in a storage unit such as a RAM (Random Access Memory), a ROM (Read Only Memory), and a hard disk, which constitutes the storage unit of the authentication portable terminal device 150.

  At this time, the biometric data threshold value differs depending on the user and also varies depending on the use environment, and is set for each user according to the weather conditions corresponding to the environment. For example, when the user has the authentication portable terminal device 150 (uses the portable storage device 120) in a high temperature and high humidity environment based on the normal body temperature T0, blood pressure P0, and heart rate N0 of the user, the weather Body temperature T1, blood pressure P1, and heart rate N1 are set as biological data thresholds when the temperature is 25 to 30 ° C. and the humidity is 80% or more (weather condition 1), and the weather condition is the temperature 30 to 35 ° C. and the humidity 60%. Body temperature T2, blood pressure P2, and heart rate N2 are set as biometric data thresholds when the above is the case (weather condition 2), and body temperature T3 is set as the biometric data threshold when the weather conditions are air temperature of 35 ° C. or higher and humidity of 50% or higher. Blood pressure P3 and heart rate N3 are set in advance.

  And when it is the weather condition 1 (weather condition 3), when any one or all of a user's actual body temperature T, blood pressure P, and heart rate N exceeds threshold value T1, P1, N1, When the weather condition is 2, any one or all of the user's actual body temperature T, blood pressure P, and heart rate N exceed the thresholds T2, P2, and N2, and when the weather condition is 3, the user's When any one or all of the actual body temperature T, blood pressure P, and heart rate N exceed the threshold values T3, P3, and N3, it is determined that the user's physical condition is abnormal.

  When the portable terminal device for authentication 150 is carried in a low-temperature environment (using the portable storage device 120), the body temperature is used as a biometric data threshold when the weather condition is 0 to 10 ° C. (weather condition 4). When T4 is set, body temperature T5 is set as a biometric data threshold when the weather condition is air temperature -10 to 0 ° C (weather condition 5), and when the weather condition is air temperature -10 ° C or less (weather condition 6) The body temperature T6 is set as the biological data threshold value. If the actual body temperature T of the user falls below the threshold value T4 when the weather condition is 4, and if the actual body temperature T of the user falls below the threshold value T5 when the weather condition is 5, the weather condition When it is 6, when the user's actual body temperature T falls below the threshold value T6, it is determined that the user's physical condition is abnormal.

Further, in the case of possessing the authentication portable terminal device 150 (using the portable storage device 120) in a high altitude (low atmospheric pressure) environment, the living body when the weather condition is atmospheric pressure A2 to A1 (weather condition 7). Heart rate N7 and respiration rate K7 are set as data thresholds, heart rate N8 and respiration rate K8 are set as biometric data thresholds when the weather conditions are atmospheric pressure A3 to A2 (weather condition 8), and the weather conditions are temperature 35 A heart rate N9 and a respiration rate N9 are set as biometric data threshold values when the temperature is not lower than ° C. and the humidity is 50% or higher (weather condition 9). When the weather condition 7 is met, when one or both of the user's actual heart rate N and respiration rate K exceed the thresholds N7 and K7, and when the weather condition 8 is met, the user's actual heart rate When one or both of the number N and the respiratory rate K exceed the thresholds N8 and K8, and when the weather condition is 9, either or both of the user's actual heart rate N and respiratory rate K are the thresholds When N9 and K9 are exceeded, it is determined that the user's physical condition is abnormal.

A CPU (Central Processing Unit) 151 is a predetermined application program (
The authentication portable terminal program) functions as threshold setting means 151b, threshold reading means 151c, comparison means 151d, warning means 151e, notification means 151f, control means 151a, and inquiry means 151g, which will be described later.

  The stop operation unit 156 is for stopping a warning operation (sounding operation, blinking operation, etc.) executed by a warning unit 151e described later by a user's conscious operation. It is comprised by the operation switch etc. in the apparatus 150. FIG.

  The answer input unit 157 is for the user to answer whether or not to execute a notification by the notification means 151f described later in response to an inquiry by the inquiry means 151g described later. It is comprised by the operation switch in the apparatus 150, the touchscreen on a display screen (display), etc.

  The threshold value setting means 151b creates and sets the above-described threshold value table 154 for each user and for each weather condition corresponding to the usage environment. The normal body temperature T0, blood pressure P0, and heart rate N0 of the user. As a reference, a pair of weather conditions as described above and a predetermined biometric data threshold value is input and set. The user may be manually input, or the user's normal It may be configured to automatically input the body temperature T0, the blood pressure P0, the heart rate N0, and the usage environment at the specified time.

  The threshold value reading unit 151c searches the threshold value table 154 for the biometric data threshold value set for the weather condition corresponding to the weather data (temperature / water temperature, humidity, pressure / water pressure) detected by the weather sensor 152 and reads it out. .

  The comparison unit 151d compares the biometric data threshold value read by the threshold value reading unit 151c with the biometric data value (body temperature, blood pressure, heart rate, respiration rate) detected by the biometric sensor 155, and uses it according to the above-described criteria. It is judged / detected whether the person is a genuine person or has a physical condition.

  The warning unit 151e is controlled by a control unit 151a described later, and issues a warning to the user when a physical condition abnormality of the user is detected as a result of comparison by the comparison unit 151d. For example, a buzzer or the like in the authentication portable terminal device 150 is sounded or an LED lamp or the like is blinked. Such a warning operation (sounding operation or blinking operation) is stopped via the control unit 151a described later when the user operates the stop operation unit 156 as described above.

The operation of the notifying unit 151f is controlled by the control unit 151a described later, and if the comparison unit 151d detects the identity of the user or the physical condition as a result of the comparison, the notifying unit 151f (identity confirmation information, physical condition abnormality) Information) to a predetermined contact, and when the user's identity confirmation information and physical condition abnormality information are notified, the biometric data value detected by the biometric sensor 155 and the meteorological sensor 152 are detected. The weather data and the location of the user detected by the GPS position detector 153 are also notified. At that time, when the person is not an authentic person or when a physical condition is detected, the notification means 151f may notify the abnormality by automatically calling a telephone number registered in advance. The user may be notified of abnormalities by automatically transmitting an e-mail to the registered mail address.

  The predetermined contact address is switched by the control means 151a, and details will be described later. In addition, the notification unit 151f uses the above-described server to detect the biometric data value detected by the biometric sensor 155, the meteorological data detected by the meteorological sensor 152, and the location of the user detected by the GPS position detecting unit 153. For 130, the function of transmitting at a predetermined cycle is assumed.

  Here, the inquiry means 151g is controlled by the control means 151a, and when the operation for stopping the warning operation of the warning means 151e is executed within a predetermined time, whether or not the notification by the notification means 151f is executed. Inquiries to the user are made on the display of the authentication portable terminal device 150, and the control means 151a receives an answer that the user inputs by operating a touch panel or an operation switch.

The control unit 151a controls the notification operation of the notification unit 151f and the warning operation of the warning unit 151e. Specifically, the control unit 151a mainly performs the following controls (a) to (f).
(a) As a result of the comparison by the comparison unit 151d, when it is detected that the user is a genuine person, identification information is sent to the server 130 via the notification unit 151f, the information processing terminal 110, and the network 170. To do.

(b) As a result of comparison by the comparison unit 151d, when the user is detected as a genuine person, the location of the user detected by the GPS position detection unit 153 is notified to the notification unit 151f and the information together with the identification information. The data is transmitted to the server 130 via the processing terminal 110 and the network 170.

(c) As a result of the comparison by the comparison unit 151d, when it is detected that the user is not a genuine person, the non-identity confirmation information is sent to the server 130 via the notification unit 151f, the information processing terminal 110, and the network 170. Send it out.

(d) When the comparison unit 151d detects that the user is not an authentic person, the location of the user detected by the GPS position detection unit 153 is notified to the notification unit 151f and the information together with the non-person identification information. The data is transmitted to the server 130 via the processing terminal 110 and the network 170.

(e) When abnormal condition of the user is detected as a result of the comparison by the comparison unit 151d, the abnormal condition information is transmitted to the server 130 via the notification unit 151f, the information processing terminal 110, and the network 170.

(f) As a result of comparison by the comparison unit 151d,
The location of the user detected by the position detection unit 153 is transmitted to the server 130 via the notification means 151f, the information processing terminal 110, and the network 170 together with the abnormal physical condition information.

(g) As a result of the comparison by the comparison unit 153, when the user is not an authentic person or when the user's physical condition is detected, a warning operation for the user is executed via the warning unit 151e.

(h) When the operation for stopping the warning operation of the warning unit 151e (operation of the stop operation unit 156) is not executed even after a predetermined time has elapsed since the start of the warning operation, the notification by the notification unit 151f is executed. In this case, for example, the server 130 is notified.

(i) The notification means 15 is continuously received a predetermined number of times by the user in response to the inquiry by the inquiry means 151g
When the execution of the notification by 1f is rejected, the notification by the notification unit 151f is forcibly executed. In this case, for example, the server 130 is notified.

  Further, the portable storage device 120 is configured as shown in FIG. 10B so that it can be connected to the PCMCIA port 110D of the information processing terminal 110 shown in FIG. 10A, and further, as shown in FIG. The authentication portable terminal device 150 is configured so as to be connectable to the USB port 110D ′ or the like of the processing terminal 110.

  That is, the authentication portable terminal device 150 of FIG. 10 (c) is configured such that the solar power generation unit 150d is disposed on the surface of the main body portion, and can generate power with room light when not connected. ing. In addition, an external power source is connected to a power input terminal (not shown). A GPS position detector 153 is disposed at the end of the main body, and a biosensor 155 is disposed on the housing surface of the GPS position detector 153.

[2] Operation of the information processing system of this embodiment:
[2-1] Operation on the information processing terminal 110 side:
Next, the operation of the information processing terminal 110 in the information processing system 100 of the present embodiment configured as described above will be described with reference to the flowcharts shown in FIG.

  In this case, in the apparatus configuration shown in FIG. 10, the portable storage device 120 (FIG. 10B) is connected to the connection port 110D of the information processing terminal 110 (FIG. 10A), and the information processing terminal 110 The operation will be described below assuming that the authentication portable terminal device 150 (FIG. 10C) is connected to the connection port 110D ′ or 110D ″.

  As shown in FIG. 6, when the recognition unit 111 recognizes that the portable storage device 120 is connected to the connection port 110D (the connector 120D of the portable storage device 120 is inserted into the connection port 110D). (YES route of step S11 in FIG. 6), the processing unit 110A executes predetermined unencrypted software in the portable storage device 120. The processing unit 110A includes the decryption key request unit 114 and the decryption key. It functions as the converting means 115.

  First, by the function as the decryption key request unit 114, the authentication information (user ID and password) about the encrypted information is input to the user of the encrypted information (that is, the portable storage device 120) through the output unit (display) 110C. In response to this, authentication information about the encrypted information input by the user from the input unit 110B is transmitted, and a decryption key corresponding to the encrypted information is transmitted to the server 130 (access management server function). Is requested through the transmission / reception unit 110F and the network 170 (step S12 in FIG. 6).

When an error notification (see step S35 in FIG. 7) is made from the server 130 (access management server function) in response to the decryption key transmission request, the decryption key cannot be received (NO route of step S13 in FIG. 6). ), An error notification is made to the user through the output unit 110C (step S14 in FIG. 6). On the other hand, when a decryption key is transmitted from the server 130 (access management server function) in response to the decryption key transmission request (see step S34 in FIG. 7; YES route in step S13), the function as the decryption means 115 is performed. Using the decryption key, the encrypted information in the portable storage device 120 is decrypted into the original software and data (step S15 in FIG. 6).

  When the encryption information of the portable storage device 120 is decrypted by the decryption means 115, the authentication requesting means 112 of the processing unit 110A sends the portable information to the user of the portable storage device 120 through the output unit (display) 110C. The user is prompted to input authentication information (user ID and password) for the storage device 120, and the user inputs the authentication information from the input unit 110B.

  At the same time, device identification information (disk ID) is read from the portable storage device 120 in response to an authentication request from the authentication request means 112 (step S9 in FIG. 11) and held in the portable storage device 120. Information on software (login software) [information for identifying each software (product name, product number, etc.) and version information of each software] and the personal identification information obtained by the personal identification function unit 150b It is read from the portable storage device 120 (steps S10 and S11 in FIG. 11).

  The identification information input from the input unit 110B, the device identification information and software information read from the portable storage device 120, and the identity verification information obtained from the portable storage device 120 are authentication requests. Along with the authentication request, the means 112 transmits the request to the server 130 (authentication server function) through the transmission / reception unit 110F and the network 170 (step S16 in FIG. 6).

  When an error notification (see step S43 in FIG. 7) is made from the server 130 (authentication server function) in response to a request from the authentication request unit 112 (NG route in step S17 in FIG. 6), the user is output through the output unit 110C. Is notified of the error (step S18 in FIG. 6).

  On the other hand, in response to the request from the authentication request unit 112, the server 130 (authentication server function) receives a notification that the validity of the portable storage device 120 and its user has been authenticated (see step S40 or S41 in FIG. 7; If the personal information search program is installed in the portable storage device 120 (YES route in step S19 in FIG. 6), the process immediately proceeds to step S21. If the personal information search program is not installed in the portable storage device 120 (NO route in step S19 in FIG. 6), the personal information search program is executed by the server 130 (personal information management server function) as described later. Since it is automatically installed in the portable storage device 120 (see step S41 in FIG. 7), it waits for the installation, and after the personal information search program is installed (YES route in step S20 in FIG. 6), the process proceeds to step S21. To do.

  In step S21, the switching unit 113 changes the processing state of the processing unit 110A from the internal processing state in which processing is performed using software and data stored on the information processing terminal 110 side (storage unit 110E). Various software and data stored in 120 are switched to an external processing state in which processing is performed while using the portable storage device 120. When switching to the external processing state in this way, the processing unit 110A displays a menu screen of an application program that can be used by software stored in the portable storage device 120 on the output unit (display) 110C. .

At this time, the personal information search program installed in the portable storage device 120 is executed by the processing unit 110A, and the processing unit 110A functions as the personal information search means 116 / 116a, whereby the portable storage device 120 A personal information file is searched and specified from the data (file) (step S22 in FIG. 6), and the result is notified from the notification means 117 to the user through the output unit 110C, and the notification means 11
7 is notified to the server 130 (personal information management server function) through the transmission / reception unit 110F and the network 170 (step S23 in FIG. 6). Specific processing (personal information search method) in step S22 will be described later with reference to FIGS. Note that the processes of steps S22 and S23 may be executed in parallel with the process of step S24.

  Thereafter, the user uses the environment of the information processing terminal 110 and operates the input unit 110B while referring to the output unit 110C of the information processing terminal 110, so that the user is customized for himself / herself in the portable storage device 120. In addition, processing using various software and original data is performed (step S24 in FIG. 6 and step S13 in FIG. 11).

Then, in the information processing terminal 110, when the external processing state using the portable storage device 120 is ended, that is, when the processing of step S24 is ended (YES route of step S25 in FIG. 6), the mobile phone at the end of the processing. Information regarding the software in the type storage device 120 is taken up from the portable type storage device 120 and transmitted from the information processing terminal 110 to the server 130 (authentication server function) (step S26 in FIG. 6). The information is registered and stored in the storage unit 130 </ b> B in association with the portable storage device 120 so as to be used as information related to the log-off software at the next software authentication of the portable storage device 120.

  When information about the software is transmitted in this way, the switching unit 113 switches the processing state by the processing unit 110A from the external processing state to the internal processing state (step S27 in FIG. 6), and returns to the processing of step S11. .

[2-2] Operation on the server 130 side:
Next, the operation of the server (authentication server / access management server / personal information management server) 130 in the information processing system 100 of the present embodiment configured as described above will be described with reference to the flowchart shown in FIG. 7 (steps S31 to S31 in FIG. 7). S43) and the flowchart shown in FIG. 15 (steps S81 to 89 in FIG. 15) will be described.

  As shown in FIG. 7, when the server 130 receives an authentication request for the encryption information of the portable storage device 120 from the information processing terminal 110 through the network 170 and the transmission / reception unit 130C (YES route in step S31 in FIG. 7). ), The registration password corresponding to the user ID is read out from the registrant information on the encrypted information, which is registered and stored in advance in the server 130 (storage unit 130B) by the determination unit 136, and the read out registration The password is compared with the password transmitted to the server 130 this time (step S32 in FIG. 7), and when these passwords match, it is determined that the user is a valid user (FIG. 7). 7, YES route of step S 33), the decryption key transmitting means 137 decrypts the encrypted information. No. key is read from the storage unit 130B, and transmitted to the information processing terminal 110 through the transceiver unit 130C and the network 170 (step S34 in FIG. 7).

  On the other hand, when the passwords do not match or when the registered password corresponding to the user ID does not exist in the server 130 (storage unit 130B), it is determined that the user is not a valid user, and this is indicated as an error notification. The information processing terminal 110 is notified through the transmission / reception unit 130C and the network 170 (step S35 in FIG. 7).

When receiving an authentication request for portable storage device 120 and its user from information processing terminal 110 through network 170 and transmitting / receiving unit 130C (step S3 in FIG. 7).
1 and the YES route in step S36), in step S37 in FIG. 7, first, registration of the portable storage device 120 registered and stored in advance in the server 130 (storage unit 130B) by the personal authentication means 131. The registered password corresponding to the user ID is read from the user information, the read registered password is compared with the password transmitted to the server 130 this time, and the use is made when these passwords match. The authenticity of the person is authenticated (step S801 in FIG. 8).

  On the other hand, if these passwords do not match or there is no registered password corresponding to the user ID in the server 130 (storage unit 130B), it is determined that the personal authentication has failed (N in step S802 in FIG. 8, step S810). .

  Further, in step S37 of FIG. 7, the device authentication unit 132 reads out the device identification information of the management target device registered and stored in advance in the server 130 (storage unit 130B) and the portable storage device 120 this time. The device identification information transmitted to the server 130 is compared and collated, and if there is matching device identification information, the validity of the portable storage device 120 is authenticated (step S803 in FIG. 8). On the other hand, if there is no matching device identification information, it is determined that the device authentication has failed (N in step S804 in FIG. 8, step S810).

  In step S37 of FIG. 7, the secondary authentication unit 133 registers and saves the software (login software) stored in the portable storage device 120 to be authenticated and the storage unit 130B of the server 130. If the portable storage device 120 is compared with the software stored at the time when the portable storage device 120 was last connected to the information processing terminal 110 (software at the time of logoff), and the software matches, The validity of the software in the portable storage device 120 is authenticated (step S805 in FIG. 8). If these pieces of software do not match, it is determined that the software has failed (N in step S806 in FIG. 8, step S810).

  Here, when the authentication portable terminal device 150 is connected to the connection port 110D ′ or 110D ″ (Y in step S807 in FIG. 8), the authentication portable terminal device 150 receives the personal identification information or the non-personal identification information as information. Send to processing terminal 110.

  That is, when the identity verification information is obtained from the authentication portable terminal device 150 having the identity verification function by the secondary authentication means 133 in step S37 of FIG. 7, the secondary personal authentication in the portable storage device 120 is performed. The authenticity of the user is authenticated at (steps S808 and S811 in FIG. 8).

  When such personal identification information is not obtained from the authentication portable terminal device 150 or when non-personal identification information is obtained, the authentication portable terminal device 150 is not connected to the information processing terminal 110. In this case, it is determined that the secondary personal authentication has failed (N in step S807 in FIG. 8, N in step S809, and step S810).

  Here, if the identity verification by the identity verification function unit 150b of the authentication portable terminal device 150 is used, it becomes possible to perform accurate secondary personal authentication by using the identity verification information by biometric authentication. It should be noted that since the abnormal value appears in the biometric authentication not only when the user is other than the genuine user but also when the user is threatened by a third party, an abnormality is detected on the server 130 side. It becomes possible.

Further, when the authentication portable terminal device 150 is connected to the connection port of the information processing terminal, it operates not only by power supply (bus power) via the connection port but also as an external power supply device or a built-in power generation device (not shown). The secondary battery 150c can be charged via at least one of the solar power generation unit 150d or the connection port of the information processing terminal 110, so that the secondary battery 150c can be used after use or when it is not used (before use). The battery can be charged (steps S2, S3, S4 in FIG. 11). In this charging, various known charging controls may be used.

  Then, the secondary battery 150c is used as a power source before (immediately before) or when connected to the connection port of the information processing terminal 110, when the secondary battery 150c is charged so that each part can operate, If the amount is sufficient (Yes in step S5 in FIG. 11), the biometric data of the user (the owner of the authentication portable terminal device 150 or the person who connects the authentication portable terminal device 150 to the information processing terminal) A value is obtained (steps S6, S7, and S8 in FIG. 11).

  The secondary battery 150c is not limited to various rechargeable batteries such as lithium, nickel cadmium, and nickel hydride, but may be a large-capacity capacitor. In addition to the photovoltaic power generation unit 150d, various power generation devices that generate power using vibration, rotational force, magnetic field, temperature difference, and the like can be used as the built-in power generation device.

  Then, whenever the remaining amount of the battery 150c is present (Yes in step S5 in FIG. 11) and biometric data is detected (Yes in step S7 in FIG. 11), the personal identification information (or non-personal identification information) is updated. (Step S8 in FIG. 11). Note that the information on the time when the personal identification information is acquired may be stored together with the personal identification information.

  For this reason, when the portable storage device 120 is used or when the portable storage device 120 is used, the authentication portable terminal device 150 is connected to the information processing terminal 110 together with the portable storage device 120, whereby the identity verification is performed using the authentication portable terminal device 150. Information can be obtained, and it is possible to confirm whether or not the portable storage device 120 is used by an authentic person. That is, even before the information processing terminal 110 is turned on, that is, before the power is supplied to the authentication mobile terminal device 150 via the connection port of the information processing terminal 110, the authentication mobile terminal device 150 Since the biometric data value of the user is obtained by operating by the built-in secondary battery 150c (step S6 in FIG. 11), when the authentication portable terminal device 150 is connected to the information processing terminal 110 or Even if the biometric data value of the user cannot be acquired immediately afterward, it is confirmed whether or not the portable storage device 120 is used by an authentic person by obtaining the identification information using the portable terminal device for authentication 150. It becomes possible to do.

  In addition, the personal identification information and the personal identification information acquisition time information may be obtained from the authentication portable terminal device 150, and the acquisition time may be used as a determination criterion. In other words, if the identity verification information acquisition time is new within a predetermined range, the reliability is high. Conversely, if the identity verification information acquisition time is older than a certain range, the reliability can be handled low. It is.

  Similarly, the user (portable storage device and authentication portable terminal device 150 is connected to the secondary battery 150c as a power source before (immediately before) or when connected to the connection port of the information processing terminal 110. The GPS position detection unit 153 is configured to acquire position information of a possessed user or a person who connects the portable storage device 120 and the authentication portable terminal device 150 to the information processing terminal 110.

For this reason, when using or starting to use the portable storage device 120, it is possible to confirm from the position information whether the portable storage device 120 and the authentication portable terminal device 150 are used by an authentic person. It becomes possible. That is, even before the information processing terminal 110 is turned on, that is, before the power is supplied to the authentication mobile terminal device 150 via the connection port of the information processing terminal 110, the authentication mobile terminal device 150 Since the location information of the user is acquired by operating by the built-in secondary battery 150c, the location information of the user is acquired when the authentication portable terminal device 150 is connected to the information processing terminal 110 or immediately after it is connected. Even if it is not possible, it is possible to check whether the portable storage device 120 and the authentication portable terminal device 150 are used by an authentic person with reference to the position information.

  In this case, the authentication is performed by comparing the position information obtained from the portable storage device 120 with a predetermined position, a previously delivered position (movement destination), an expected position (movement destination), and the like. Just go and check if you are the person.

  Actually, when the authentication portable terminal device 150 is connected to the information processing terminal 110, the user's hand is away from the authentication portable terminal device 150. Therefore, the bus power is supplied from the information processing terminal 110. However, since the biometric data value is acquired immediately before connection (steps S6 to S8 in FIG. 11), the person who has already acquired it without any problem. Confirmation information can be sent to the information processing terminal 110 (step S11 in FIG. 11).

  Then, in the server 130 (authentication server function), when the personal authentication unit 131 does not authenticate that the interest is a legitimate user (personal authentication failure), or the device authentication unit 132 performs the portable storage device 120. Is not authenticated as a management target device of the server 130 (authentication server function) (device authentication failure), or the secondary authentication means 133 matches the login software and the logoff software. If it is determined that the user is not authorized by the second personal authentication based on the identification information (secondary personal authentication failure) It is determined that the authenticity of the portable storage device 120 or its user has failed (NO route in step S38 in FIG. 7), and notification By the step 134, to the information processing terminal 110 that effect as a result of the authentication is notified via the transceiver unit 130C and the network 170 (step S43 in FIG. 7).

  On the other hand, in the server 130 (authentication server function), the personal authentication unit 131 authenticates that the user is a valid user, and the device authentication unit 132 causes the portable storage device 120 to be in the server 130 (authentication server function). And the secondary authentication means 133 determines that the login software and the logoff software match, and the second personal authentication based on the personal identification information. Is determined to be valid, it is determined that the validity of the portable storage device 120 and its user has been authenticated (YES route in step S38 in FIG. 7), and the investigation means 138 uses the software. Based on the information related to the login software transmitted from the information processing terminal 110 for authentication, Whether contain personal information search program software is examined in the apparatus 120 (step S39 in FIG. 7).

  If the personal information search program has already been installed (YES route in step S39 in FIG. 7), the notification means 134 immediately confirms that the validity of the portable storage device 120 and its user has been authenticated. As a result of the authentication, the information processing terminal 110 is notified through the transmission / reception unit 130C and the network 170 (step S40 in FIG. 7).

When the personal information search program is not installed (NO route in step S39 in FIG. 7), the personal information is stored in the portable storage device 120 by the installation unit 139 through the transmission / reception unit 130C, the network 170, and the information processing terminal 110. When the search program is installed and the validity of the portable storage device 120 and its user is authenticated by the notification means 134, the information processing terminal 110 is authenticated.
Is notified through the transmission / reception unit 130C and the network 170 (step S41 in FIG. 7).

  Thereafter, the recording unit 135 determines that the processing state by the processing unit 110A of the information processing terminal 110 is switched to the external processing state and the portable storage device 120 is opened, and that fact is stored in the storage unit 130B as a history. To be recorded.

  A specific personal information management operation executed by the function of the server 130 as the personal information management server will be described later with reference to FIG. 15 after describing the operation of the personal information search means 116 / 116a. .

[2-3] Operation of the personal information search means shown in FIG. 4 (first search method):
Next, in FIG.6 S22, about the process performed by the personal information search means 116 shown in FIG. 4, that is, the operation (first search method) of the personal information search means 116 shown in FIG. The description will be given with reference. Here, FIG. 12A shows a specific example of the quarantine table 116D used in the personal information search means 116 shown in FIG. 4, FIG. 12B shows a specific example of the title header, and FIG. 5 is a flowchart for explaining the operation (first search method) of the personal information search means 116 shown in FIG.

In the personal information searching means 116 of this embodiment, the appearance frequency of an address, a telephone number, an e-mail address, and a name is quantified and the personal information file is specified as follows.
More specifically, the counting unit 116B of the personal information searching unit 116 firstly sets a character or character string included in the determination target file and a characteristic character / character string preset as a character / character string characteristically appearing in the personal information. The number of occurrences of the characteristic character / characteristic character string in the determination target file is counted by collating with the characteristic character string. However, in the present embodiment, if collation / recognition using a character string is performed, the load on the processing unit 110A becomes extremely large. Therefore, collation / recognition for each character is performed. Accordingly, one character character is set in the quarantine table 116D as will be described later with reference to FIG. In addition, when the arithmetic processing capability of the processing unit 110A is sufficiently high, collation / recognition by a character string may be performed.

  Then, the characters extracted from the determination target file (text file) are collated one by one with the characteristic characters in the quarantine table 116D, and if they match, it is determined that the characteristic characters have appeared, The count value of the characteristic character is incremented by “1”. After counting the number of appearances of characteristic characters in all characters included in the target file in this way, the personal information file is identified based on the count result (determination of whether the target file is a personal information file) ).

Here, the characteristic characters preset in the quarantine table 116D will be specifically described.
In general personal information, an address is usually required. Thus, as shown in FIG. 12A, characters that appear characteristically in addresses in Japan are set and registered in the quarantine table 116D as characteristic characters. For example, the address information may include “city”, “road”, “fu”, “prefecture”, “city”, “ward”, “town”, “village”, “county”, etc. In the case of “Tokyo”, the characters “East” and “Kyo” appear in ordinary documents, but in the case of address information, they will appear in combination with “City”. It becomes possible to regard the number of appearances as the number of addresses. Similarly, “prefecture”, “prefecture”, and “road” are considered as address information, and “@” can be used as e-mail address information.

In the quarantine table 116D shown in FIG. 12A, the following characteristic characters and points are set.
(1) Address information (characters) as “East”, “Kyo”, “Miyako”, “Large”, “Osaka”,
“Fu”, “North”, “Sea”, “Road” are set, and the total of the count values of these characteristic characters is counted and calculated as address point 1.

(2) As presumed address information (characteristics), prefecture names other than address point 1, that is, “mountain”, “form”, “god”, “na”, “river”, “saki”, “tama”, ..., "Fuku", "Oka", "Prefecture", etc. are set, and the total of the count values of these characteristic characters is counted and calculated as address point 2.

(3) “City”, “District”, “Town”, “Village” and “County” are set as address disregard information (characteristic characters), and the total of the count values of these characteristic characters is calculated as address point 3 Is done.
(4) “@” is set as the mail address deemed information (characteristic character), and the count value of “@” is used as the mail address point.

(5) “N” (numeric string with a predetermined number of digits consisting of numerals and hyphens) is set as the telephone number deemed information (characteristic character string), and the counted value is used as the telephone number point. More specifically, the phone number is a specific digit string corresponding to the mobile phone area code or area code, such as “090-XXXX-XXXX”, “03-XXXX-XXXX”, “048-XXX-XXXX”. It consists of “090”, “03”, “048” followed by an 8-digit or 7-digit numeric string. When such a numeric string appears, the telephone number point is incremented by “1”. . At this time, the count-up is performed regardless of the presence or absence of a hyphen in the numeric string.

(6) As name disregard information (characters), for example, the 50 best surnames in Japan
The characters “sa”, “wisteria”, “field”, “middle”, “high”, “bridge”,..., “Mountain”, “field” are set, and the sum of the count values of these characteristic characters Is calculated as a name point.

(7) As the quarantine total points, the total value of each point of the items (1) to (6) described above is counted and calculated.
Here, in FIG. 12A, a count value indicating the number of appearances of each characteristic character or each point (total value of the number of appearances) is written in “”, up to, for example, about 10 million. Counting is possible.

  Moreover, when calculating the appearance rate of each prefecture name based on the counting result (number of appearances) obtained using the quarantine table 116D as described above, handling when there are duplicate characters will be described. For example, if “Tokyo” and “Kyoto Prefecture” are mixed in a text file, “Metropolitan” is duplicated. Therefore, the “Metropolitan” count is the same as the “Tokyo” count. It will be mixed. Since “Fu” in “Kyoto” overlaps with “Fu” in “Osaka”, first calculate the appearance rate of “Osaka” and subtract that appearance rate from the appearance rate of “Fu”. It is possible to predict the appearance rate of “fu”. The appearance rate of “Tokyo” can be obtained by subtracting the appearance rate of “Kyoto Prefecture” predicted in this manner from the appearance rate of “Miyako”. If the prefecture name and city name overlap (for example, Osaka City, Osaka Prefecture), the appearance rate of “Osaka” will double, but based on the Japanese address book published by the Ministry of Posts and Telecommunications. It is possible to estimate the actual appearance rate by calculating the duplication rate for each prefecture name and adjusting the appearance rate based on the calculated duplication rate.

Furthermore, the handling when there is no state display will be described. In the data file, when the title header as shown in FIG. 12 (b) is used for the prefecture name, or in the address display using the decree-designated city or the postal code, the “city”, “road”, “prefecture” "Appearance rate of" prefecture "will decrease extremely. Instead, since the name appearance rate such as the prefecture name becomes high, it is possible to specify that the data file is a personal information file including address information from the name appearance rate.

  In the quarantine table 116D described above, characters / character strings that appear characteristically in addresses, e-mail addresses, telephone numbers, and names are set as characteristic characters / character strings, but the present invention is not limited to these. Characters / character strings that appear characteristically in the date of birth, title, personal identification information (for example, Basic Resident Register Number, Account Number, Credit Card Number, License Number, Passport Number, etc.) It may be set as a character / characteristic character string.

Then, the determination unit 116C of the personal information search unit 116 calculates a determination value indicating the degree to which the determination target file is a personal information file based on the counting result obtained using the quarantine table 116D. As the determination value, (a) the value of the quarantine total point (see item (7) above) in the quarantine table 116D may be used as it is, or (b) as the appearance rate of feature characters / feature character strings increases. Or (c) obtaining an appearance pattern of a feature character / feature character string in a judgment target file based on a count result obtained for each feature character / feature character string, The degree of coincidence indicating the degree of coincidence between the found appearance pattern and the feature appearance pattern preset as the appearance pattern of the feature character / feature character string may be calculated as the determination value, or (d) these three types Two or more of the determination values may be combined, and a value calculated by substituting two or more determination values into a predetermined function may be used as the determination value.

  At this time, if there are characteristic characters / character strings related to multiple types of information (for example, four types of address, mail address, telephone number, and name) in the determination target file, one type of information is included in the determination target file. The count result is weighted so that the determination value becomes larger than when there is a feature character / feature character string related to. In other words, if a determination target file includes a plurality of types of information that can identify an individual, the possibility that the determination target file is a personal information file is that only one type of information that can identify an individual is included. Since it is considered that it is higher than the case where it is included, weighting is performed so that the determination value (importance) for the determination target file becomes large. Further, weighting may be performed so that the determination value increases as the number of types of information increases. This makes it possible to specify the personal information file more reliably.

  When the determination value as described above is calculated, the determination unit 116C of the personal information search unit 116 determines whether or not the determination target file is a personal information file based on the determination value. For example, when the determination value exceeds a predetermined threshold, it is determined that the determination target file is a personal information file. When making such a determination, in this embodiment, as described above, a P mark (private level mark) corresponding to the size of the determination value is assigned to the determination target file for ranking. As described above, the P mark is a level indicating the high possibility that the determination target file is a personal information file. The larger the determination value, the higher the P mark is set.

  A series of procedures for personal information search (personal information file specification) executed by the personal information search means 116 will be described with reference to the flowchart shown in FIG. 13 (steps S51 to S57 in FIG. 13).

As shown in FIG. 13, when the personal information search program is executed in step S22 of FIG. 6 in the processing unit 110A of the information processing terminal 110, the portable storage device 120 is referred to. The presence / absence of an unmarked file is determined (step S51 in FIG. 13). If there is no P mark unset file (NO route of step S51 in FIG. 13), the personal information search process is terminated. On the other hand, if there is a P mark unset file (step S51 in FIG. 13). YES route), portable storage device 120
A file with no P mark set is selected as a determination target file (step S52 in FIG. 13), and the determination target file is converted into a text file by the extraction means 116A (text extraction engine) (in FIG. 13). Step S53).

  Then, the characters extracted from the text file are collated one by one with the characteristic characters in the quarantine table 116D, and if they match, it is determined that the characteristic characters have appeared, and the counting means 116B The count value of the characteristic character is incremented by “1” (step S54 in FIG. 13). After counting the number of appearances of characteristic characters in all characters included in the determination target file in this way, the determination unit 116C indicates the degree to which the determination target file is a personal information file based on the count result. A determination value (for example, see the items (a) to (d) above) is calculated (step S55 in FIG. 13).

  Based on the determination value calculated in step S55, as described above, the determination unit 116C determines whether the determination target file is a personal information file and ranks the P mark (in FIG. 13). Step S56). The personal information file determination result and the P mark ranking result are also transmitted to the server 130 (personal information management server function) via the transmission / reception unit 110F and the network 170 (step S57 in FIG. 13). In (personal information management server function), it is stored in the storage unit 130B. Thereafter, the process returns to step S51, and steps S52 to S57 are repeatedly executed until there is no file in which the P mark is not set in the portable storage device 120 (until NO is determined in step S51 in FIG. 13).

[2-4] Operation of personal information search means shown in FIG. 5 (second search method):
Next, in the step S22 of FIG. 6, the process performed by the personal information search means 116a shown in FIG. 5, that is, the operation (second search method) of the personal information search means 116a shown in FIG. Description will be made according to steps S61 to S76) in FIG.

  As shown in FIG. 14, when the personal information search program is executed in step S22 of FIG. 6 in the processing unit 110A of the information processing terminal 110, the portable storage device 120 is referred to, and the P in the portable storage device 120 is displayed. The presence / absence of an unmarked file is determined (step S61 in FIG. 14). If there is no P mark unset file (NO route in step S61 in FIG. 14), the personal information search process is terminated, while if there is a P mark unset file (in step S61 in FIG. 14). YES route), one file with no P mark set is selected from the portable storage device 120 as a determination target file, and text data is extracted from the determination target file by the extraction means 1161 and is taken into the file buffer (FIG. 14). Middle step S62).

  In this way, from the text captured in the file buffer, the character section is cut out by the cutout unit 1162 at the above-described predetermined break position, and is passed through the data shaping buffer as a determination target / collation target. Are sequentially written in the data analysis buffer (step S63 in FIG. 14). When cutting out character sections, as described above, the cutting means 1162 removes unnecessary characters other than alphanumeric characters, katakana, hiragana, and kanji characters, for example, half-width spaces, full-width spaces, half-width hyphens, full-width hyphens. , Underbar, parenthesis, question mark,! Symbol characters such as, #, $,%, =, +, *, ¥, /, | are removed.

Whether or not the character string (hereinafter simply referred to as a character string) in the character section from which the symbol character has been removed by the cutting means 1162 corresponds to any one of a telephone number, an e-mail address, and an address. Are sequentially determined by the telephone number determination unit 1163a, the e-mail address determination unit 1163b, and the address determination unit 1163c (steps S64, S66, and S68 in FIG. 14).

  First, the telephone number determination unit 1163a determines whether or not the character string corresponds to a telephone number (step S64 in FIG. 14). At that time, if the character string satisfies the telephone number determination condition set in the quarantine table 1167, that is, the character string is a sequence of 9 to 11 half-width numbers or full-width numbers, and the first character If the (first character) is “0” and the second character is other than “0”, it is determined that the character string corresponds to the telephone number (YES route in step S64 in FIG. 14). 2 is notified to the determination unit 1166. In the second determination unit 1166, the count value corresponding to the number of appearances of the telephone number is incremented by 1 (step S65 in FIG. 14), and the process proceeds to step S73.

If it is determined that the character string does not correspond to a telephone number (NO route in step S64 in FIG. 14), the e-mail address determination unit 1163b determines whether the character string corresponds to a telephone mail address. (Step S66 in FIG. 14). At this time, if the character string satisfies the e-mail address determination condition set in the quarantine table 1167, that is, “one or more ASCII characters” + “@ (at mark)” + “one character or more characters in the character string”. ASCII ”+“. (Dot) ”+“ one or more ASCII characters ”and if the last character of the character string is a half-width English character, the character string is an e-mail. It is determined that it corresponds to the address (YES route of step S106 in FIG. 14), and the fact is notified to the second determination means 1166. In this second determination means 1166, a total corresponding to the number of appearances of the e-mail address. The numerical value is incremented by 1 (step S67 in FIG. 14), and the process proceeds to step S73.

  When it is determined that the character string does not correspond to an e-mail address (NO route in step S66 in FIG. 14), the address determination unit 1163c determines whether the character string corresponds to an address (residence). (Step S68 in FIG. 14). At that time, if the character string satisfies the address determination condition set in the quarantine table 1167, that is, “1 to 13 double-byte characters” + “city” or “ku” or “ A character string “county” + “one or more full-width characters or half-width characters” is included, and the first character of the character string is the same as the initial name of 47 prefectures or city names in Japan. If so, it is determined that the character string corresponds to an address (YES route of step S68 in FIG. 14), and that is notified to the second determination means 1166. In the second determination means 1166, the address The count value corresponding to the number of occurrences of (location) is incremented by 1 (step S69 in FIG. 14), and the process proceeds to step S73.

  When it is determined that the character string does not correspond to an address (NO route in step S68 in FIG. 14), that is, the first determination means 1163 converts the character string into any of a telephone number, an e-mail address, and an address. If it is determined that the character string does not correspond, the character determination unit 1164 determines that the character string is a character determination condition (the number of characters is 2 or more and 6 or less and all characters are kanji characters) set in the quarantine table 1167 It is determined whether or not the first character of the column matches the initial characters of the last characters belonging to the uppermost predetermined number of surnames common to Japanese (step S70 in FIG. 14). When this character determination condition is not satisfied (NO route of step S70 in FIG. 14), the process proceeds to step S73.

On the other hand, when this character determination condition is satisfied (YES route in step S70 in FIG. 14), the collating unit 1165 sets the character / character string included in the character section (the character string) and the quarantine table 1167. The inappropriate character / unsuitable character string for the name is collated, and it is determined whether or not the character section includes the inappropriate character / unsuitable character string (step S71 in FIG. 14). If at least one character / character string that matches the inappropriate character / inappropriate character string exists in the character section (YES route in step S71 in FIG. 14), the inappropriate character / inappropriate at that time The collation process with the character string is immediately terminated, and the process proceeds to step S73.

  If the character section does not include an inappropriate character / unsuitable character string (NO route in step S71 in FIG. 14), the result of the collation determination is notified to the second determination means 1166, and this second determination is made. The means 1166 considers that the character section corresponds to the name, increments the count value corresponding to the number of appearances of the name by 1 (step S72 in FIG. 14), and proceeds to the processing of step S73.

  In step S73, it is determined whether or not there is a character section that has not yet been extracted from the text data extracted from the target file. If there is a character section (YES route), the process returns to step S63, and the same processing as described above (in FIG. 14). Steps S63 to S72) are repeatedly executed. In this way, when all the character sections are cut out from the text data and the determination process, the collation process, the counting process, etc. for all the character sections are finished (NO route of step S73 in FIG. 14), the second determination means 1166 Based on the count values for each of the telephone number, e-mail address, address, and name, the above-described determination value is calculated (step S74 in FIG. 14).

  Then, in the second determination means 1166, based on the determination value calculated in step S74, as described above, it is determined whether or not the circulation target electronic file is a personal information file, and the rank of the P mark is determined. Appending (four in this embodiment, “P1” to “P4”) is performed (step S75 in FIG. 14). The determination result of the personal information file and the result of ranking of the P mark are notified to the server 130 (personal information management server function) via the notification unit 117, the transmission / reception unit 110F, and the network 170 (step S76 in FIG. 14). ).

[2-5] Personal information management operation:
Next, the operation of the server 130 as a personal information management server will be described according to the flowchart shown in FIG. 15 (steps S81 to S89 in FIG. 15).

  As shown in FIG. 15, the server 130 (personal information management server function) stores a determination result (determination value or P mark) about the personal information file in the portable storage device 120 notified from the information processing terminal 110. It is stored in 130B, and with reference to the determination result, the presence / absence of a personal information file (a file with a P mark) is determined (step S81 in FIG. 15).

  If a personal information file exists (YES route in step S81 in FIG. 15), the server 130 (personal information management server function) responds to the determination result of the personal information file [here, the P mark level (rank)]. The management / operation for each personal information file is performed as follows (steps S82 to S89 in FIG. 15).

  First, the presence / absence of a personal information file having a P mark level “P1” is determined (step S82 in FIG. 15). If there is a personal information file having a P mark level “P1” (YES route in step S82 in FIG. 15). The personal information file is set and registered as an access monitoring target (access log recording target) (step S83 in FIG. 15).

If there is no personal information file of P mark level “P1” (NO route of step S82 in FIG. 15), or after registration in step S83, the presence or absence of a personal information file of P mark level “P2” is determined (FIG. 15). 15), if there is a personal information file of P mark level “P2” (YES route of step S84 in FIG. 15), the personal information file is set and registered as an access monitoring target, and the personal information file is also registered. Attention information in a pop-up display is notified to call attention to the file user (step S85 in FIG. 15).

  If there is no personal information file of P mark level “P2” (NO route of step S84 in FIG. 15), or after the notice information is notified in step S85, it is determined whether there is a personal information file of P mark level “P3” If there is a personal information file of P mark level “P3” (YES route of step S86 in FIG. 15), the personal information file is set and registered as an access monitoring target. The fact that there is a user storing the personal information file is notified to the system administrator by e-mail or the like as warning information, and the user is instructed to return the personal information file (in FIG. 15) Step S87).

  If there is no personal information file of P mark level “P3” (NO route of step S86 in FIG. 15), or after issuing alarm information notification and return instruction in step S87, personal information of P mark level “P4” The presence / absence of the file is determined (step S88 in FIG. 15), and if there is a personal information file of P mark level “P4” (YES route in step S88 in FIG. 15), the personal information file is stored in the portable storage device 120. Are forcibly captured and collected via the information processing terminal 110 and the network 170 (step S89 in FIG. 15). If there is no personal information file with the P mark level “P4” (NO route in step S88 in FIG. 15), or after the process in step S89 ends, the process ends.

  As described above, regarding the personal information file of P mark level “P4”, the personal information file is forcibly prohibited from being output from the portable storage device 120 to the outside, or the personal information file is managed by the administrator. Or it may be stored in a folder accessible only to the user. Further, when a personal information file having a P mark level “P3” is left for a predetermined number of days, the same processing as that for a personal information file having a P mark level “P4” may be executed.

[3] Effects of the information processing system of this embodiment:
As described above, according to the information processing system 100 as an embodiment of the present invention, when the recognition unit 111 recognizes that the connector 120D of the portable storage device 120 is connected to the connection port 110D of the information processing terminal 110. Authentication for the portable storage device 120 is requested by the authentication request unit 112 to the server 130 (authentication server function). In the server 130 (authentication server function), the personal authentication unit 131 authenticates that the user is a valid registrant, and the device authentication unit 132 causes the portable storage device 120 to be included in the server 130 (authentication server function). It is authenticated that the device is a managed device, and it is determined by the secondary authentication means 133 that the log-in software and the log-off software match. When the authentication is performed, it is determined that the validity of the portable storage device 120 and the user thereof has been authenticated, and the fact is notified from the server 130 (authentication server function) to the information processing terminal 110 as a result of the authentication. 134.

  Then, as a result of authentication performed by the server 130 (authentication server function) in response to a request from the authentication request unit 112, if the validity of the portable storage device 120 and its user is authenticated, the processing of the information processing terminal 110 The processing state by the unit 110A is switched by the switching unit 113 from the internal processing state to an external processing state in which processing is performed while using various software and data on the portable storage device 120.

Thereby, the user stores various kinds of software and original data customized for each user in the portable storage device 120, and connects the connector 120D of the portable storage device 120 to the information processing terminal on the go By simply connecting to the connection port 110D in 110, it is possible to use the original data and the program and usage environment that are normally used by the information processing terminal 110 on the go without carrying a heavy notebook PC or the like. .

  At that time, as described above, in the server 130 (authentication server function), the authentication means 311, 312 and 133 perform quadruple authentication such as personal authentication, device authentication, and secondary authentication (software authentication, secondary personal authentication). Therefore, even if the portable storage device 120 or the authentication portable terminal device 150 is lost or the portable storage device 120 or the authentication portable terminal device 150 is stolen, the portable storage device The security performance of the portable terminal device 150 and the authentication portable terminal device 150 is ensured, and leakage of information in the portable storage device 120 and unauthorized use of the portable storage device 120 can be reliably prevented.

  In addition, software (login software) installed in the portable storage device 120 and software installed when the portable storage device 120 was last connected to the information processing terminal 110 (server 130) ( By performing software authentication to determine whether or not these software matches with each other by comparing with the software at the time of logoff), when these software are completely matched, the processing unit 110A of the information processing terminal 110 Can be switched to an external processing state using software and data in the portable storage device 120.

  Therefore, in the unlikely event that information necessary for personal authentication or device authentication (user ID, password, biometric data value, device identification information of the portable storage device 120, etc.) is stolen, a third party may be the original portable storage device. Uses a different portable storage device, and even if an unauthorized network connection is made by impersonation by software in the portable storage device 120, it supports the software held in the impersonation device and stolen information Since it is unlikely that the log-off software for the portable storage device to be completely matched will match the impersonation device to the network 170 by the above-described software authentication (to a terminal or server other than the server 130 in FIG. 1). Connection) can be reliably rejected, and security performance can be greatly improved. Kill.

  The authentication portable terminal device 150 not only operates by supplying power via the connection port when connected to the connection port of the information processing terminal 110, but also includes at least an external power supply device, a built-in power generation device, or the connection port. Since the secondary battery which can be charged via one is provided, the secondary battery is charged when not in use. Then, using this secondary battery as a power source, the user (the person who connects the authentication portable terminal device 150 to the information processing terminal 110) is connected before (immediately before) or connected to the connection port of the information processing terminal 110. ) Biometric data values and position information.

  For this reason, when using or starting to use the portable storage device 120, whether or not the portable storage device 120 is used by an authentic person is confirmed by the identification information of the owner of the authentication portable terminal device 150. It becomes possible to do. That is, even before the information processing terminal 110 is turned on, that is, before the power is supplied to the authentication mobile terminal device 150 via the connection port of the information processing terminal 110, the authentication mobile terminal device 150 Since the biometric data value and the position information are acquired by operating by the built-in secondary battery, the biometric data value and the position information of the user when the authentication portable terminal device 150 is connected to the information processing terminal 110. It is possible to confirm whether or not the authentication portable terminal device 150 is possessed by a genuine person even if the authentication cannot be acquired.

In this case, the user's hand is touching the authentication portable terminal device 150 until immediately before the authentication portable terminal device 150 is connected to the information processing terminal 110, but when the connection is completed (information processing terminal The user's hand is already separated from the authentication portable terminal device 150 at the time when power is supplied from 110 to the authentication portable terminal device 150 by bus power). Can be acquired.

  Further, since it is not necessary to provide a detection means for acquiring a biometric data value in the information processing terminal 110 or the portable storage device 120, there is no need to use a dedicated information processing terminal or a portable storage device. Various information processing terminals 110 and portable storage devices 120 can be used in various places.

  In addition, if the user wants to be authenticated as a legitimate user, the portable storage device connects the authentication server 130 with a command to delete the software and data stored in the portable storage device 120. Even if the portable storage device 120 is lost or the portable storage device 120 is stolen by giving it to the information processing terminal 110 (step S14 in FIG. 6), a legitimate user It becomes possible to more reliably reject data leakage to other than the above, and the security performance can be greatly improved.

  In the server 130 (authentication server function) of the information processing system 100 described above, when the validity of the portable storage device 120 and its user is authenticated, the processing state by the processing unit 110A of the information processing terminal 110 depends on the authentication result. The fact that the portable storage device 120 is switched to the external processing state and opened is recorded as a history by the recording means 135. Therefore, the portable storage device 120 is opened and information in the portable storage device 120 is processed as information. It becomes possible to record and manage in the storage unit 130B that it has been processed by the processing unit 110A of the terminal 110, and record it in the storage unit 130B when unauthorized use of the portable storage device 120 is detected. Based on the recorded history, the portable storage device 120 illegally used, its usage time, and its usage And the information processing terminal 110 makes it possible to identify.

  In the portable storage device 120, software and data other than predetermined software among various software and data are stored as encrypted information under the control of the server 130 (access management server function). deep. If the encrypted information user is authenticated by the server 130 (access management server function) as a legitimate user, the processing unit 110A of the information processing terminal 110 performs the server 130 (access management server). Encryption information is decrypted with the decryption key received from the server, and processing using the contents (software and data) of the encryption information is executed. Cannot be decrypted, and it is impossible to perform processing using the contents.

  That is, in the portable storage device 120, software and data other than predetermined software (a program that causes the processing unit 110A to function as the decryption key request unit 114 and the decryption unit 115) among various software and data are: All are encrypted, and the encrypted information is configured to be decrypted only by legitimate users. In the unlikely event that the portable storage device 120 is lost or the portable storage device 120 is stolen. Even if it happens, the security performance of the portable storage device 120 is ensured, information leakage / falsification in the portable storage device 120 and unauthorized use of the portable storage device 120 can be reliably prevented, and Since the legitimate user can access, the convenience for the legitimate user is not impaired.

When the portable storage device 120 is connected to the information processing terminal 110, the personal information search program (the processing unit 110A) is stored in the portable storage device 120 by the investigation unit 138 of the server 130 (personal information management server function). It is investigated whether or not the program that functions as the personal information search means 116 / 116a is installed. If the program is not installed, the personal information search program is automatically (forced) installed. Then, the personal information search program installed in the portable storage device 120 is executed by the processing unit 110A of the information processing terminal 110, whereby the personal information file is searched and specified from the data in the portable storage device 120. The search result is notified to the user or the server 130 (personal information management server function).

  As a result, when the personal information file is stored in the portable storage device 120, the user or the server 130 (personal information management server function) is notified to that effect, and the user is alerted or the personal information is stored. The file can be placed under the management of the server 130 (personal information management server function), and the personal information is surely protected by preventing the inadvertent leakage and leakage of personal information and unauthorized use of personal information. Can do.

  At this time, by using the function as the personal information search means 116, it is determined for each file in the portable storage device 120 whether or not the file is a personal information file based on the number of appearances of characteristic characters and characteristic character strings. Since the personal information file can be automatically searched and specified, it is possible to surely search and identify the personal information file (file that is likely to be a personal information file) in the portable storage device 120. it can.

  When a file having a predetermined number or more of personal information elements that can identify a specific individual is determined as a personal information file, the second determination is made by using the function as the personal information search means 116a of this embodiment. In the means 1166, the character section that does not correspond to any of the telephone number, the e-mail address, and the address and includes the inappropriate character / inappropriate character string is considered not to be related to the personal information. A character section that does not correspond to either an address or an address and does not include an inappropriate character / unsuitable character string is considered to be related to a name.

  Therefore, for the character section determined by the first determination means 1163 to correspond to any one of the telephone number, the e-mail address, and the address, the determination process is terminated when the determination is made, and the telephone number, the e-mail Only a character section determined not to correspond to either an address or an address is subjected to a matching process with an inappropriate character / unsuitable character string, and the matching unit 1165 has one inappropriate character / unsuitable character string. However, when it is determined that it is included in the character section, the matching process can be terminated, so the name matching process is faster than the method of matching with all name strings included in the name list. It is possible to perform the determination, that is, the personal information file determination process at high speed.

  At this time, in the first determination unit 1163, the determination process is performed at a higher speed by performing the determination process of the character string in the character section in the order of the light load of the determination process, that is, the phone number, the e-mail address, and the address. Can be executed efficiently.

  Further, since the second determining means 1166 regards all character sections that do not include inappropriate characters / unsuitable character strings as corresponding to names, electronic files that do not include inappropriate characters / unsuitable character strings for names, It is possible to reliably determine an electronic file that is highly likely to contain name information and is likely to be a personal information file. That is, it is possible to reliably identify a file that is highly likely to be a personal information file (a suspicious file).

Furthermore, in this embodiment, the character determination means 1164 determines whether the number of characters in the character section is 1 or more and 6 or less and all the characters in the character section are kanji characters, and the characters satisfying this character determination condition. Since only the section is a collation target by the collation unit 1165, the character section to be collated by the collation unit 1165 is narrowed down to a character section having a higher possibility of name, and the name collation accuracy can be improved. At the same time, name verification processing can be performed at high speed. In addition, since a long character section having more than 6 characters is excluded from the collation target by the collating unit 1165, it contributes to further speeding up the name collating process, that is, further speeding up the personal information file determining process. Become.

  In particular, according to the personal information search means 116a of the present embodiment, when the cutout means 1162 cuts out from the text data as the character section to be determined, the elements in the text data are not separated by clear delimiters. However, the boundary position between a 1-byte code character and a 2-byte code character, that is, the boundary position between a half-width character and a full-width character (a portion where a half-width character is followed by a full-width character or a portion where a half-width character is followed by a half-width character) or The text data is divided and cut out as a character section at the boundary position between the full-width arithmetic number and the character excluding the full-width arithmetic number and the hyphen.

  This makes it possible to mix addresses and names written in double-byte characters with text numbers such as phone numbers and e-mail addresses written in single-byte characters without being separated by delimiters in double-byte characters. Address, name, phone number, and e-mail address even if the address, name, etc. written in the text data and a numeric string such as a phone number written in double-byte characters are mixed in the text data without being separated by a delimiter A character section can be cut out for each personal information element. Therefore, it becomes possible to reliably determine personal information elements such as an address, name, telephone number, and e-mail address, and it is possible to efficiently and reliably determine a personal information file in a short time.

In addition, as an e-mail address determination condition by the e-mail address determination unit 1163b, “one or more ASCII characters” + “@ (at mark)” + “one or more ASCII characters” + “ . (Dot) ”+“ A with one or more characters
“@ (At sign)” is used to display the unit price and unit by setting that the character string “SCII character” is included and the last character of the character string is a half-width alphabetic character. A string of numbers that is “@ (at sign)” followed by “one or more half-width numbers” + “. (Dot)” + “one or more half-width numbers” (for example, “123@45.67 ") Can be reliably prevented from being erroneously determined as an e-mail address. Accordingly, it is possible to reliably determine the personal information element such as an e-mail address, and it is possible to efficiently and reliably determine the personal information file in a short time.

In the electronic mail address, the character string after the last “. (Dot)” after “@” is always an alphabetic character string such as “com”, “net”, and “jp” at present. In general, “@” is often used to display a unit price or a unit. For example, one of an article
When displaying the price and weight per piece, “@” may be used, such as “@ 100.00” or “@ 10.55”. For this reason, the e-mail address determination condition is simply that “one or more ASCII characters” + “@ (at mark)” + “one or more ASCII characters” + “. (Dot)” in the character string in the character section to be determined. + If a character string that is "one or more ASCII characters" is included, the above character strings containing "@ 100.00" or "@ 10.55" will be mistakenly recognized as e-mail addresses. However, by adding that the last character of the character string is a single-byte alphabetic character to the e-mail address judgment condition, the character string including the numeric character strings “@ 100.00” and “@ 10.55” as described above It is possible to reliably prevent erroneous recognition as an e-mail address.

Further, as an address determination condition by the address determination unit 1163c, “one or more full-width characters” + “city” or “ku” or “gun” + “one or more full-width characters or half-width characters is added to the character string in the character section to be determined. ”And the first character of the character section to be judged and the initials of the 47 prefectures or city names. , When a character string that includes "county" in the middle but is not related to the address at all is mistakenly determined as an address, and when 47 prefecture names or city names are determined to match completely Compared with an extremely short time, it is possible to efficiently and reliably determine a character section with high accuracy as an address.

  Furthermore, the first character of the character string to be determined matches the initial character of the last name belonging to the top predetermined number (for example, top 3000 types) common to Japanese in the character determination condition (name determination condition) by the character determination unit 1164 By adding this, it is possible to efficiently and surely determine a character section with high accuracy as a name in a very short time compared with the case of determining perfect match of the last name.

  Then, the server 130 (personal information management server function) manages files determined to be personal information files in accordance with the counting result (determination value level) obtained by the second determination unit 1166. For each personal information file, it is possible to select and execute a management method according to the judgment value level (high possibility of being a personal information file / the number of personal information elements). That is, as described above, the file that is determined to be a personal information file by the personal information search means 116 / 116a corresponds to the server 130 (personal information management server function) according to the P mark (rank / level) given to the file. ) To notify the creator, circulation destination user, and system administrator of the caution information / warning information, forcibly capture and collect the file from the portable storage device 120 to prohibit circulation, The file can be stored in a folder accessible only to the administrator, and personal information can be prevented from being accidentally leaked or leaked or unauthorized use of personal information.

[4] Other embodiment (modification):
The present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the spirit of the present invention.

  For example, in the above-described embodiment, the function as three types of servers (authentication server, access management server, personal information management server) is realized by one server 130, but these servers are divided into two servers. It may be realized or may be realized by dividing it into three servers.

  In addition, when there is insurance that pays insurance money against unauthorized access, information leakage, data damage, etc., it is expected that the risk will be greatly reduced by using the above embodiment. In the case where authentication is performed by the information processing system 100 in the form, the insurance premium can be discounted by transferring the authentication completion information from the server 130 to the server of the insurance company and confirming it on the insurance company side. Is possible. In this case, the information processing system 100 only transfers the data for which the authentication has been completed to the insurance company, and does not require a significant improvement of the system. In addition, the insurance company can receive the data that has been authenticated, and can reduce the fee (insurance premium) while ensuring a certain state.

  In addition, when personal information files of P mark levels “P1” to “P3” existing in the portable storage device 120 are attached to the mail, the mail is transmitted via a mail server of a predetermined company. The mailer controls so that In this case, only the file permitted by the administrator can be transmitted via the mail server, which is desirable for ensuring security.

In addition, the information processing terminal 110 is connected to the server 130 via the network 170, and based on the management of the server 130, the P mark levels “P1” to “P1” stored in the portable storage device 120 are stored. P3 ″ personal information file can be opened. However,
In this case, as described above, access to the personal information file with the P mark is an access monitoring target (access log recording target) by the server 130, and the personal information with the P mark is attached. The information processing terminal 110 automatically notifies the server 130 that the file has been opened by the information processing terminal 110.

  Here, if the personal information file with the P mark attached is opened on the information processing terminal 110 and then stored in the portable storage device 120 that is the original storage location, the determination of the P mark level already described is executed again. If there is no change in the P mark level, the storage is performed. If there is a change in the P mark level, the server 130 is notified of the P mark level change and then the storage is performed.

  Here, if the personal information file with the P mark attached is opened on the information processing terminal 110 and then stored in another storage medium, the P mark level determination already described is executed again, and the P mark level is set. If there is no change, it is stored in another storage medium if possible according to a predetermined handling standard of the personal information file with P mark, and if the P mark level is changed, the P mark level change to the server 130 is changed. After the notification, the data is stored in another storage medium if possible in accordance with the handling standard of the personal information file with a predetermined P mark.

  The predetermined P mark personal information file handling standard is a standard determined as to whether or not the personal information file can be stored in another recording medium according to the P mark level. Stored in the storage unit 130B on the server 130 side. In this case, since the information processing terminal 110 is the monitoring target of the server 130 at the time of opening (accessing) the personal information file with the P mark, saving to other recording media is permitted / not permitted by the server 130. With permission control.

  Further, in the above-described embodiment, the case where it is determined whether or not the file stored in the portable storage device 120 is a personal information file has been described. It is applied in the same manner as described above when determining whether or not a file includes certain information), and the same operational effects as in the above embodiment can be obtained. Inadvertent leakage or leakage of confidential information or confidential information Can be reliably prevented from being illegally used. In that case, as an inappropriate character or inappropriate character string, a character or a character string that cannot appear in the confidential information is set.

  Further, in the above-described embodiment, the determination condition for the name is set such that an inappropriate character / unsuitable character string preset as a Chinese character / character string that cannot appear in the name is not included in the character section to be determined. However, it may be further added to the address determination condition that an inappropriate character / unsuitable character string preset as a kanji / kanji character string that cannot appear in the address is not included in the character section to be determined. .

  Furthermore, in the above-described embodiment, the case where the personal information elements other than the name are three elements of the telephone number, the e-mail address, and the address has been described. However, the present invention is not limited to this, and the name is As other personal information elements, for example, date of birth, basic resident register number, account number, credit card number, license number, passport number, etc. may be used.

  By the way, as described above, the processing unit 110A functions as the above-described recognition unit 111, authentication request unit 112, and switching unit 113 in the information processing terminal 110, as described above. This is realized by executing a predetermined application program installed in advance in 110 storage unit 110E.

  In addition, as described above, the processing unit 110A functions as the above-described decryption key request unit 114 and decryption unit 115 in the information processing terminal 110 by the portable storage device 120. This is realized by executing predetermined unencrypted software installed in advance.

  Further, as described above, the function (all or a part of the functions) of the information processing terminal 110 as the personal information search unit 116 and the notification unit 117 is performed by the processing unit 110A in the portable storage device 120. This is executed by executing a personal information search program installed in advance.

  In the server 130, the personal authentication unit 131, the device authentication unit 132, the secondary authentication unit 133, the notification unit 134, the recording unit 135, the determination unit 136, the decryption key transmission unit 137, the investigation unit 138, and the installation unit 139 described above. As described above, the processing unit 130 </ b> A is realized by the processing unit 130 </ b> A executing a predetermined application program installed in advance in the storage unit 130 </ b> B of the server 130.

  Then, a predetermined application program installed in advance in the storage unit 110E of the information processing terminal 110, predetermined unencrypted software installed in advance in the portable storage device 120, or in advance in the portable storage device 120 The personal information search program to be installed and the predetermined application program installed in advance in the storage unit 130B of the server 130 are, for example, a flexible disk, CD (CD-ROM, CD-R, CD-RW, etc.), DVD (DVD -ROM, DVD-RAM, DVD-R, DVD-RW, DVD + R, DVD + RW, etc.) and the like. In this case, the computer reads a predetermined application program from the recording medium, transfers it to an internal storage device or an external storage device, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  Here, the computer is a concept including hardware and an OS (operating system), and means hardware operating under the control of the OS. Further, when the OS is unnecessary and the hardware is operated by the application program alone, the hardware itself corresponds to the computer. The hardware includes at least a microprocessor such as a CPU and means for reading a computer program recorded on a recording medium. The personal information search program and the application program as the personal information management server program include program codes that cause the computer (the processing units 110A and 31) to realize the functions of the units 111 to 117 and 311 to 139. . Also, some of the functions may be realized by the OS instead of the application program.

  Furthermore, as a recording medium in the present embodiment, in addition to the flexible disk, CD, DVD, magnetic disk, optical disk, and magneto-optical disk described above, an IC card, ROM cartridge, magnetic tape, punch card, computer internal storage device (RAM) In addition, various computer-readable media such as an external storage device or a printed matter on which a code such as a barcode is printed can be used.

In the description of the above embodiment, the biometric data value is acquired and the identification information is generated when the authentication portable terminal device 150 is not connected to the information processing terminal 110 using the secondary battery 150c as a power source. However, only the acquisition and storage of the biometric data value may be performed when not connected, and determination and generation of personal identification information may be performed after the authentication portable terminal device 150 is connected to the information processing terminal 110. . In addition, when the remaining battery level is low, it is also desirable to separately perform acquisition and storage of biometric data values, determination, and generation of identification information.

  Moreover, although the operation example which performs acquisition of a biometric data value and generation | occurrence | production of identification information when the authentication portable terminal device 150 is not connected has been described, in the state where the authentication portable terminal device 150 is connected to the information processing terminal 110 Alternatively, the biometric data value may be acquired if possible.

[5] Note:
Note that Supplementary Notes 1 to 21 described below are also included in one aspect or modification of the embodiment of the present invention.

(1) At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and the external device to connect an external device to the processing unit An information processing terminal having a connection port into which a device-side connector is inserted, a storage function for storing various software and data, and a portable storage device that can be connected to the connection port as the external device; It has a personal identification function for sending personal identification information when it is confirmed by detecting the user's biometric data value or usage position, and is connected to the connection port as the external device. An authentication portable terminal device, and an authentication for the portable storage device connected to the information processing terminal and connected to the connection port of the information processing terminal. An authentication server that performs recognition, wherein the information processing terminal recognizes that the portable storage device is connected to the connection port, and the portable storage device is connected to the connection port by the recognition unit. When recognizing that it is connected, an authentication request means for requesting the authentication server to authenticate the portable storage device, and a result of authentication executed by the authentication server in response to a request by the authentication request means, When the legitimacy of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit is processed using software and data stored on the information processing terminal side From the internal processing state, processing is performed while using the various software and data stored in the portable storage device on the portable storage device. Switching means for switching to an external processing state, and when the authentication server receives an authentication request for the portable storage device from the information processing terminal, the information is received by a user of the portable storage device. Personal authentication means for determining whether or not the user is a valid user based on personal authentication information input from the input unit of the processing terminal, and performing primary personal authentication of the user; When receiving an authentication request for the portable storage device from an information processing terminal, whether the portable storage device is a management target device of the authentication server based on device identification information automatically read from the portable storage device And device authentication means for performing device authentication of the portable storage device, and software stored in the portable storage device (hereinafter referred to as software at login) And the software stored when the portable storage device was last connected to the information processing terminal (hereinafter referred to as log-off software). Software authentication is performed by determination, and secondary authentication means for performing secondary personal authentication of the user based on the personal identification information, and the user is an authorized user by the personal authentication means Is authenticated by the device authentication means and the portable storage device is authenticated by the authentication server, and is a legitimate user by the secondary authentication means. If the second personal authentication is performed, it is determined that the legitimacy of the portable storage device and the user of the portable storage device has been authenticated. A notification unit configured to notify the information processing terminal, wherein the authentication portable terminal device includes a secondary battery that can be charged via at least one of an external power supply device, a built-in power generation device, or the connection port. The information processing system is configured to acquire the biometric data value of the user before or when connected to the connection port using the secondary battery as a power source. An authentication server that is connected to an information processing terminal and authenticates the portable storage device connected to the connection port of the information processing terminal.

  (2) The authentication portable terminal device manages a biometric sensor that detects a biometric data value of the user, a meteorological sensor that detects meteorological data in the atmosphere where the user is located, and the physical condition of the user. And a threshold value table for presetting and holding a biometric data threshold value for each weather condition, and a biometric data threshold value set for the weather condition corresponding to the meteorological data detected by the meteorological sensor. A threshold value reading means for reading, a comparison means for comparing the biometric data threshold value read by the threshold value reading means with the biometric data value detected by the biometric sensor, and as a result of the comparison by the comparing means, Control means for sending identification confirmation information when it is confirmed that the portable storage device is powered by the secondary battery as a power source. In the information processing system, the biometric data value of the user is controlled to be acquired before or when connected to the connection port. The authentication server according to appendix 1, which authenticates the portable storage device connected to the connection port.

  (3) The authentication portable terminal device includes position information acquisition means for acquiring position information, and the control means uses the secondary battery as a power source before the portable storage device is connected to the connection port. Alternatively, in the information processing system, which is controlled to acquire position information at the time of connection via the position information acquisition unit, connected to the information processing terminal and connected to the connection port of the information processing terminal The authentication server according to appendix 2, which authenticates the portable storage device.

  (4) In the authentication server, when the user is not authenticated as a valid user, the software stored in the portable storage device and a command for deleting the data are The authentication server according to any one of appendices 1 to 3, which is provided to the information processing terminal to which a portable storage device is connected.

(5) At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and the external device to connect an external device to the processing unit An information processing terminal having a connection port into which a device-side connector is inserted, a storage function for storing various software and data, and a portable storage device that can be connected to the connection port as the external device; It has a personal identification function for sending personal identification information when it is confirmed by detecting the user's biometric data value or usage position, and is connected to the connection port as the external device. An authentication portable terminal device, and an authentication for the portable storage device connected to the information processing terminal and connected to the connection port of the information processing terminal. An authentication server that performs recognition, wherein the information processing terminal recognizes that the portable storage device is connected to the connection port, and the portable storage device is connected to the connection port by the recognition unit. When recognizing that it is connected, an authentication request means for requesting the authentication server to authenticate the portable storage device, and a result of authentication executed by the authentication server in response to a request by the authentication request means, When the legitimacy of the portable storage device and the user of the portable storage device is authenticated, the processing state of the processing unit is processed using software and data stored on the information processing terminal side From an internal processing state, processing is performed while using the various software and data stored in the portable storage device on the portable storage device. Switching means for switching to an external processing state, and when the authentication server receives an authentication request for the portable storage device from the information processing terminal, the information is received by a user of the portable storage device. Personal authentication means for determining whether or not the user is a valid user based on personal authentication information input from the input unit of the processing terminal, and performing primary personal authentication of the user; When receiving an authentication request for the portable storage device from an information processing terminal, whether the portable storage device is a management target device of the authentication server based on device identification information automatically read from the portable storage device And device authentication means for performing device authentication of the portable storage device and software stored in the portable storage device (hereinafter referred to as software at login) And the software stored when the portable storage device was last connected to the information processing terminal (hereinafter referred to as log-off software). Software authentication is performed by determination, and secondary authentication means for performing secondary personal authentication of the user based on the personal identification information, and the user is an authorized user by the personal authentication means Is authenticated by the device authentication means and the portable storage device is authenticated by the authentication server, and is a legitimate user by the secondary authentication means. If the second personal authentication is performed, it is determined that the legitimacy of the portable storage device and the user of the portable storage device has been authenticated. A notification unit configured to notify the information processing terminal, wherein the authentication portable terminal device includes a secondary battery that can be charged via at least one of an external power supply device, a built-in power generation device, or the connection port. The information processing system is configured to acquire the biometric data value of the user before or when connected to the connection port using the secondary battery as a power source. A program for an authentication server, which is connected to an information processing terminal and causes a computer to function as an authentication server for authenticating the portable storage device connected to the connection port of the information processing terminal.

  (6) The authentication portable terminal device manages a biometric sensor that detects the biometric data value of the user, a meteorological sensor that detects meteorological data in the atmosphere where the user is located, and the physical condition of the user. And a threshold value table for presetting and holding a biometric data threshold value for each weather condition, and a biometric data threshold value set for the weather condition corresponding to the meteorological data detected by the meteorological sensor. A threshold value reading means for reading, a comparison means for comparing the biometric data threshold value read by the threshold value reading means with the biometric data value detected by the biometric sensor, and as a result of the comparison by the comparing means, Control means for sending identification confirmation information when it is confirmed that the portable storage device is powered by the secondary battery as a power source. In the information processing system, the biometric data value of the user is controlled to be acquired before or when connected to the connection port. The authentication server program according to appendix 5, which causes a computer to function as an authentication server that performs authentication of the portable storage device connected to the connection port.

  (7) The authentication portable terminal device includes position information acquisition means for acquiring position information, and the control means uses the secondary battery as a power source before the portable storage device is connected to the connection port. Alternatively, in the information processing system, which is controlled to acquire position information at the time of connection via the position information acquisition unit, connected to the information processing terminal and connected to the connection port of the information processing terminal 7. The authentication server program according to appendix 6, which causes a computer to function as an authentication server for performing authentication of the portable storage device.

  (8) In the authentication server, if the user is desired to be authenticated as a valid user, the software and the command for deleting the data stored in the portable storage device are The authentication server program according to any one of appendices 5 to 7, which causes a computer to function as an authentication server that is provided to the information processing terminal to which a portable storage device is connected.

(9) At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and the external unit to connect an external device to the processing unit An information processing terminal having a connection port into which a connector on the apparatus side is inserted;
A portable storage device that has a storage function for storing various software and data and can be connected to the connection port as the external device, and the user by detecting a biometric data value or a use position of the user A personal identification function that sends out personal identification information when it is confirmed that the user is authentic, and is connected to the portable terminal device for authentication that can be connected to the connection port as the external device; connected to the information processing terminal; An authentication server that authenticates the portable storage device connected to the connection port of the information processing terminal, and the information processing terminal recognizes that the portable storage device is connected to the connection port And recognizing the portable storage device when the recognition unit recognizes that the portable storage device is connected to the connection port. Authentication request means for requesting the authentication server, and as a result of authentication executed by the authentication server in response to a request by the authentication request means, the portable storage device and the validity of the user of the portable storage device If the authentication is authenticated, the processing state by the processing unit is changed from the internal processing state in which processing is performed using software and data stored on the information processing terminal side to the various types stored in the portable storage device. Switching means for switching to an external processing state in which processing is performed while using the software and data on the portable storage device, and the authentication server authenticates the portable storage device from the information processing terminal. When receiving the request, the user of the portable storage device is based on personal authentication information input from the input unit of the information processing terminal. It is determined whether or not the user is a legitimate user, and personal authentication means for performing primary personal authentication of the user and an authentication request for the portable storage device from the information processing terminal are received. And determining whether or not the portable storage device is a management target device of the authentication server based on device identification information automatically read from the portable storage device, and authenticating the portable storage device. Device authentication means to perform, software stored in the portable storage device (hereinafter referred to as software at login), and software stored when the portable storage device was last connected to the information processing terminal Software (hereinafter referred to as “log-off software”) to determine whether or not these software matches, perform software authentication, and Second authentication means for performing second personal authentication of the user based on the first authentication that the user is a legitimate user by the personal authentication means, and the apparatus authentication means When it is authenticated that the portable storage device is a device to be managed by the authentication server, and secondary personal authentication is performed by the secondary authentication means that the user is a legitimate user, the portable storage device And authentication means for determining that the legitimacy of the device and the user of the portable storage device has been authenticated, and notifying the information processing terminal as a result of the authentication. The portable terminal device includes a secondary battery that can be charged via at least one of an external power supply device, a built-in power generation device, or the connection port, and is connected to the connection port using the secondary battery as a power source. Is configured to acquire the user's biometric data values when they are before or connection, an information processing system control method, characterized in that.

  (10) The authentication portable terminal device manages a biometric sensor that detects a biometric data value of the user, a meteorological sensor that detects meteorological data in an atmosphere where the user is located, and a physical condition of the user. And a threshold value table for presetting and holding a biometric data threshold value for each weather condition, and a biometric data threshold value set for the weather condition corresponding to the meteorological data detected by the meteorological sensor. A threshold value reading means for reading, a comparison means for comparing the biometric data threshold value read by the threshold value reading means with the biometric data value detected by the biometric sensor, and as a result of the comparison by the comparing means, Control means for sending identity verification information when it is confirmed that the portable storage device is powered by the secondary battery as a power source. The controls to get the user's biometric data value, the information processing system control method according to Supplementary Note 9, wherein a in the previous or connected is connected to a serial connection port.

(11) The authentication portable terminal device includes position information acquisition means for acquiring position information, and the control means uses the secondary battery as a power source before the portable storage device is connected to the connection port. Alternatively, the information processing system control method according to appendix 10, wherein control is performed so as to acquire position information at the time of connection via the position information acquisition means.

  (12) In the authentication server, if the user is not authenticated as a valid user, the software and the command for deleting the data stored in the portable storage device are The information processing system control method according to any one of appendices 9 to 11, wherein the information processing terminal is provided to the information processing terminal to which a portable storage device is connected.

It is a block diagram which shows the structure of the information processing system as one Embodiment of this invention. It is a block diagram which shows the function structure of the information processing terminal and portable storage device in the information processing system of this embodiment. It is a block diagram which shows the function structure of the server (Authentication server / Access management server / Personal information management server) in the information processing system of this embodiment. It is a block diagram which shows the 1st example of a function structure of the personal information search means in this embodiment. It is a block diagram which shows the 2nd example of a function structure of the personal information search means in this embodiment. It is a flowchart for demonstrating operation | movement of the information processing terminal in the information processing system of this embodiment. It is a flowchart for demonstrating operation | movement of the server (Authentication server / Access management server / Personal information management server) in the information processing system of this embodiment. It is a flowchart for demonstrating operation | movement of the server (Authentication server / Access management server / Personal information management server) in the information processing system of this embodiment. It is a block diagram which shows the structure of the portable terminal device for authentication which has the identity verification function in the information processing system of this embodiment. It is an external view which shows the external appearance structure of the information processing terminal in the information processing system of this embodiment, and the authentication portable terminal device which has an identity verification function. It is a flowchart for contemplating operation | movement of the portable terminal device for authentication which has the identification function in the information processing system of this embodiment. It is a figure which shows the specific example of the quarantine table used in a personal information search means, and the specific example of a title header. 5 is a flowchart for explaining the operation (first search method) of the personal information search means shown in FIG. It is a flowchart for demonstrating operation | movement (2nd search method) of the personal information search means shown in FIG. It is a flowchart for demonstrating operation | movement (operation | movement as a personal information management server) of the server of this embodiment.

Explanation of symbols

100 Information processing system 110A Information processing terminal (PC)
110B processing unit (CPU)
110C input unit (keyboard, mouse)
110D output unit (display)
110E Connection port 110F Storage unit (HD)
110G transmission / reception unit 111 recognition means 112 authentication request means 113 switching means 114 decryption key request means 115 decryption means 116, 116a personal information search means 116A extraction means 116B counting means 116C determination means 116D quarantine table 1161 extraction means 1162 extraction means 1163 second 1 judging means 1163a telephone number judging means 1163b e-mail address judging means 1163c address judging means 1164 character judging means 1165 collating means 1166 second judging means 1167 quarantine table 117 notifying means 120 portable storage device 120D connector 120a storage unit 130 server (authentication) Server / access management server / personal information management server)
131 Personal Authentication Unit 132 Device Authentication Unit 133 Secondary Authentication Unit 134 Notification Unit 135 Recording Unit 136 Determination Unit 137 Decryption Key Transmission Unit 138 Investigation Unit 139 Installation Unit 150 Authentication Mobile Terminal Device 150b Personal Identification Function Unit 150c Secondary Battery 150d Photovoltaic Power Generation Department 170 Network (Internet, in-house LAN)

Claims (4)

At least a processing unit that executes various processes, an input unit that inputs information to the processing unit, an output unit that outputs a processing result by the processing unit, and an external device side to connect an external device to the processing unit An information processing terminal having a connection port into which the connector is inserted; and
A portable storage device having a storage function for storing various software and data, and connected to the connection port as the external device;
It has a personal identification function for sending personal identification information when it is confirmed by detecting the user's biometric data value or usage position, and is connected to the connection port as the external device A portable terminal device for authentication,
An authentication server connected to the information processing terminal and configured to authenticate the portable storage device connected to the connection port of the information processing terminal;
With
The information processing terminal is
Recognition means for recognizing that the portable storage device is connected to the connection port;
When recognizing that the portable storage device is connected to the connection port by the recognition unit, an authentication request unit that requests the authentication server to authenticate the portable storage device;
When the validity of the portable storage device and the user of the portable storage device is authenticated as a result of the authentication executed by the authentication server in response to the request by the authentication requesting unit, the processing state by the processing unit is changed. The various software and data stored in the portable storage device are used on the portable storage device from an internal processing state in which processing is performed using the software and data stored on the information processing terminal side. Switching means for switching to an external processing state in which processing is performed,
The authentication server is
When receiving an authentication request for the portable storage device from the information processing terminal, the user is legitimate based on personal authentication information input from the input unit of the information processing terminal by the user of the portable storage device. A personal authentication means for determining whether or not the user is to perform primary personal authentication of the user;
Whether the portable storage device is a management target device of the authentication server based on device identification information automatically read from the portable storage device when an authentication request for the portable storage device is received from the information processing terminal Device authentication means for determining whether or not to perform device authentication of the portable storage device;
Software stored in the portable storage device (hereinafter referred to as login software) and software stored when the portable storage device was last connected to the information processing terminal (hereinafter referred to as logoff) Software authentication to determine whether or not these software match, and secondary authentication to perform secondary personal authentication of the user based on the identity verification information. Means,
The personal authentication means first authenticates that the user is a legitimate user, and the apparatus authentication means authenticates that the portable storage device is a management target device of the authentication server. And, when the secondary personal authentication is performed by the secondary authentication means to be a legitimate user, the validity of the portable storage device and the user of the portable storage device is authenticated. A notification means for determining and notifying the information processing terminal to that effect as a result of authentication,
The authentication portable terminal device includes a secondary battery that can be charged via at least one of an external power supply device, a built-in power generation device, or the connection port, and is connected to the connection port using the secondary battery as a power source. Or configured to obtain the user's biometric data value when connected,
An information processing system characterized by this. The authentication portable terminal device includes:
A biosensor for detecting the biometric data value of the user;
A weather sensor for detecting weather data in the user's location atmosphere;
A threshold value table for storing biometric data threshold values for managing the physical condition of the user, which are preset for each weather condition; and
Threshold value reading means for searching and reading out the biometric data threshold value set for the weather condition corresponding to the weather data detected by the weather sensor from the threshold value table;
Comparing means for comparing the biometric data threshold read by the threshold reading means with the biometric data value detected by the biometric sensor;
Control means for sending identity verification information when the identity is confirmed as a result of comparison by the comparison means, and
The control means uses the secondary battery as a power source, and controls the portable storage device to acquire the user's biometric data value before or when the portable storage device is connected to the connection port.
The information processing system according to claim 1. The authentication portable terminal device includes:
Comprising location information acquisition means for acquiring location information;
The control means uses the secondary battery as a power source to control the portable storage device to acquire position information before or when connected to the connection port via the position information acquisition means.
The information processing system according to claim 2. In the authentication server, if the user is not authorized to be a valid user, the portable storage device stores the software and the command for deleting the data stored in the portable storage device. Giving to the information processing terminal to which the device is connected,
The information processing system according to claim 1, wherein the information processing system is an information processing system.

Images