JP2008191851A - Electronic equipment and information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable storage of log data containing information showing a user authentication result or a content of operation performed in an information processor in a memory within electronic equipment connected to the information processor. <P>SOLUTION: A UFD 1 has a function of storing log data showing a user authentication result by fingerprint or a content of operation performed using a host PC 2 after success of the user authentication in a flash memory 22 within the UFD1. The log data includes, in addition to such user authentication result and data showing the content of operation performed using a personal computer, identification information of the host PC 2 to which the UFD 1 is connected or time information managed by a timer with battery contained in the UFD 1. The present invention can be applied to UFD. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an electronic device and an information processing method, and in particular, log data including information representing a result of user authentication or an operation performed in the information processing device is stored in a memory in the electronic device connected to the information processing device. The present invention relates to an electronic device and an information processing method that can be stored in a computer.

  When the response to the SOX (Sarbanes-oxley) law is adopted, companies are required to document business processes to ensure transparency of financial reporting. Therefore, it is necessary to save log data indicating when and who did what in a state where the data has not been tampered with.

Patent Document 1 discloses a technique for controlling the number of client computers that log in to a server computer. Patent Document 2 discloses a technique in which a main password and a plurality of individual passwords are registered and the main password and the individual password are linked.
JP-A-10-198622 Japanese Patent Laid-Open No. 11-53314

  If such log data is stored in the personal computer used for the work, it can be said that the personal computer is a highly flexible device. It is difficult to realize that log data can be stored in a state where it has not been falsified.

  The present invention has been made in view of such a situation, and log data including information representing the result of user authentication or the operation performed in the information processing apparatus is stored in an electronic device connected to the information processing apparatus. It can be stored in a memory.

  An electronic device according to one aspect of the present invention includes a reading unit that reads biometric information and an authentication of a user based on the biometric information read by the reading unit in an electronic device that includes a memory and can be connected to an information processing apparatus. Information indicating the content of a predetermined operation performed in the information processing apparatus each time authentication is performed, or after successful authentication of the user. Control means for generating log data in association with identification information and time of the information processing apparatus each time the predetermined operation is performed, and storing the generated log data in the memory.

  The control means can generate the log data including signature data obtained by using a secret key stored in the memory.

  The storage area of the memory can be accessed from the information processing apparatus as an external storage medium in response to a first area that cannot be accessed from the information processing apparatus and successful user authentication. It can be made to consist of a second region. In this case, the control means can store the log data in the first area.

  A timer can be further provided. In this case, the control means can generate the log data in association with the time measured by the timer.

  The control means can generate the log data in association with the time acquired from the information processing apparatus.

  The control means further includes, from the information processing apparatus, that the first log data includes the first log data including information representing the predetermined operation performed in the information processing apparatus. Verifying whether the predetermined operation is a valid operation based on the acquired time and the time included in the second log data stored in the memory immediately before the first log data Can do.

  The control means further acquires the time from another information processing apparatus connected to the information processing apparatus via a network, the time acquired from the information processing apparatus, and the time acquired from the other information processing apparatus Based on the above, it is possible to verify whether or not the predetermined operation performed in the information processing apparatus is a valid operation.

  The reading unit can read a fingerprint as the biometric information.

  An information processing method according to one aspect of the present invention includes a memory and an information processing method for an electronic device that can be connected to an information processing apparatus. The information processing method reads biometric information, authenticates a user based on the read biometric information, Each time the information representing the authentication result of the user is authenticated, or each time the predetermined operation is performed, the information representing the content of the predetermined operation performed in the information processing apparatus after the user authentication is successful. Generating log data in association with identification information and time of the information processing apparatus, and storing the generated log data in the memory.

  In one aspect of the present invention, biometric information is read, and user authentication is performed based on the read biometric information. Further, every time information representing a user authentication result is authenticated, or every time information representing a content of a predetermined operation performed in the information processing apparatus after successful user authentication is performed. In addition, log data is generated in association with the identification information and time of the information processing apparatus, and the generated log data is stored in the memory.

  According to an aspect of the present invention, log data including information representing a result of user authentication or an operation performed in the information processing device is stored in a memory in an electronic device connected to the information processing device. Can do.

  Embodiments of the present invention will be described below. Correspondences between the constituent elements of the present invention and the embodiments described in the specification or the drawings are exemplified as follows. This description is intended to confirm that the embodiments supporting the present invention are described in the specification or the drawings. Therefore, even if there is an embodiment which is described in the specification or the drawings but is not described here as an embodiment corresponding to the constituent elements of the present invention, that is not the case. It does not mean that the form does not correspond to the constituent requirements. On the contrary, even if an embodiment is described herein as corresponding to the invention, this does not mean that the embodiment does not correspond to other than the configuration requirements. .

  The electronic device according to one aspect of the present invention (for example, the UFD 1 with fingerprint matching function in FIG. 1) has a built-in memory and can be connected to an information processing apparatus. Information representing the authentication result of the user by the fingerprint sensor 11), an authentication means for authenticating the user based on the biometric information read by the reading means (for example, the fingerprint verification engine 37 in FIG. 2), and the authentication means. Each time authentication is performed, or information indicating the content of a predetermined operation performed in the information processing apparatus after successful user authentication is performed, and each time the predetermined operation is performed, the identification information of the information processing apparatus And control means (for example, the CPU 33 in FIG. 2) that generates log data in association with the time and stores the generated log data in the memory.

  An information processing method according to one aspect of the present invention includes a memory and an information processing method for an electronic device that can be connected to an information processing apparatus. The information processing method reads biometric information, authenticates a user based on the read biometric information, Each time the information representing the authentication result of the user is authenticated, or each time the predetermined operation is performed, the information representing the content of the predetermined operation performed in the information processing apparatus after the user authentication is successful. The method includes the step of generating log data in association with the identification information and time of the information processing apparatus and storing the generated log data in the memory (for example, step S16 in FIG. 7).

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing an example of the appearance of a UFD (USB Flash Disk) 1 with a fingerprint verification function according to an embodiment of the present invention.

  A UFD 1 with a fingerprint verification function (hereinafter simply referred to as UFD 1) has a box-shaped casing, and is connected to a personal computer or the like provided with a USB terminal by inserting a USB terminal 1A provided on a side surface of the casing.

  The UFD1 has a built-in flash memory, and the user stores various data created using the personal computer by inserting the UFD1 into the personal computer and allowing the personal computer to recognize the UFD1 as an external storage medium. I can leave it to you.

  A fingerprint sensor 11 is exposed on the housing surface of the UFD 1. When the user uses the UFD 1 as a storage medium outside the personal computer, the user needs to collate the fingerprint by placing the finger pad on the fingerprint sensor 11 with the UFD 1 inserted into the personal computer. The fingerprint data of the user read by the fingerprint sensor 11 is registered by the user in advance and collated with the fingerprint data stored in the UFD 1 by the UFD 1, and when they match, the UFD 1 receives data from the personal computer. Or the data stored in the UFD 1 can be read from the personal computer.

  Such a user authentication function using a fingerprint is also used for authentication at the time of logon (login) of an OS (Operating System) installed in a personal computer. For example, when the user turns on the personal computer with the UFD 1 connected, a command instructing the user to be authenticated by a fingerprint is transmitted from the personal computer to the UFD 1, and the authentication is performed by the UFD 1. When the fingerprint authentication is successful, the UFD 1 notifies the personal computer and the OS is logged on by the personal computer.

  As a result, it is possible to prevent unauthorized logon as compared with the case where the same password as that registered in advance in the personal computer is input using the keyboard provided in the personal computer and logon is performed. User authentication with high security can be realized. When logging on with a password, there is a concern that the password may be leaked due to spyware installed on the personal computer, but such a concern can be eliminated by making the user authentication performed by UFD1. .

  Also, the UFD 1 stores log data representing the result of user authentication using fingerprints or the contents of operations performed using a personal computer to which the UFD 1 is connected after successful user authentication in the UFD 1. Function is provided. In the log data, in addition to such user authentication results and data representing the contents of operations performed using the personal computer, the identification information of the personal computer to which the UFD 1 is connected and the UFD 1 are incorporated. Time information managed by a timer with a battery is also included.

  Unlike various data created by a user using a personal computer, the log data is stored in an area that cannot be accessed from the personal computer even if authentication by fingerprint is successful.

  Therefore, it is possible to save log data indicating when and who did what, in a state where the data has not been tampered with. For example, if log data is stored in an HDD (Hard Disk Drive) of a personal computer, the tampering can be performed relatively easily, but from a personal computer formed in the flash memory of the UFD 1 By making the log data stored in an inaccessible area, it is possible to prevent such unauthorized operation.

  In addition, when log data is generated by a personal computer, when the time of the timer in the personal computer is changed, a log including a time different from the time when the user actually performed the work using the personal computer. Data will be saved, but the use of the timer time in the UFD 1 as the time included in the log data can prevent such unauthorized operation.

  FIG. 2 is a block diagram illustrating a hardware configuration example of the UFD 1. The same components as those shown in FIG.

  As shown in FIG. 2, the UFD 1 is basically configured by connecting a fingerprint sensor 11, a flash memory 22, a crystal oscillator 23, and a timer LSI 24 to a controller LSI (Large Scale Integrated Circuit) 21. Is done. A battery 25 is connected to the timer LSI 24.

  The controller LSI 21 includes a USB I / F (Interface) 31, a timer I / F 32, a CPU (Central Processing Unit) 33, a cryptographic engine 34, an EEPROM (Electrically Erasable and Programmable Read Only Memory) 35, a program RAM / ROM (Random Access). Memory / Read Only Memory) 36, fingerprint collation engine 37, PLL (Phase Lock Loop) 38, and flash memory I / F 39 are connected via a bus 40.

  The USB I / F 31 communicates with the host PC 2 that is an external information processing apparatus to which the UFD 1 is connected according to the USB standard. The USB I / F 31 receives data transmitted from the host PC 2 and outputs the received data to the bus 40. For example, the data output to the bus 40 is encrypted by the encryption engine 34, supplied to the flash memory I / F 39, and stored in the flash memory 22.

  When the data read from the flash memory 22 by the flash memory I / F 39 and decrypted by the cryptographic engine 34 is supplied via the bus 40, the USB I / F 31 transmits the data to the host PC 2.

  The timer I / F 32 receives the time information output from the timer LSI 24 and outputs the received time information to the bus 40. The time information output to the bus 40 is supplied to the CPU 33 and used to generate log data.

  The CPU 33 executes a program stored in the program RAM / ROM 36 and controls the overall operation of the UFD 1.

  For example, every time authentication by fingerprint is performed, the CPU 33 generates log data by associating the authentication result, the time, and the ID of the host PC 2, and stores the generated log data in the flash memory 22. Further, the CPU 33 associates the operation contents, time, and ID of the host PC 2 each time a predetermined operation is performed on the host PC 2 after successful user authentication, such as logon of the OS installed in the host PC 2. Thus, log data is generated, and the generated log data is stored in the flash memory 22. These log data also include signature data (signature data) generated by the cryptographic engine 34.

  The CPU 33 controls access to the flash memory 22 by the host PC 2, and permits access to the flash memory 22 when notified by the fingerprint verification engine 37 that fingerprint authentication is successful.

  FIG. 3 is a diagram illustrating an example of the format of log data.

  As shown in FIG. 3, one log data is composed of data of “time”, “operation”, “host PC ID”, and “UFD owner signature data”.

  “Time” represents the generation time of log data. Since log data is generated every time fingerprint authentication is performed or every time a predetermined operation is performed on the host PC 2, the “time” included in the log data is the time when fingerprint authentication is performed, or This also represents the time when the predetermined operation is performed on the host PC 2. For example, the log data includes the time of years, months, days, hours, minutes and seconds.

  “Operation” represents the result of the authentication performed by the fingerprint or the operation performed on the personal computer to which the UFD 1 is connected, such as the host PC 2. As shown in FIG. 3, for example, in addition to information (OK / NG) indicating whether the authentication by the fingerprint is successful or unsuccessful, the logon of the OS installed in the personal computer has been performed, That the locked state (screen saver is displayed) has been released, the name of the application program started on the personal computer, that the digital signature has been generated, and that the server on the Web has been authenticated, Information indicating that another operation designated by the personal computer has been performed is included in the log data.

  Users can use UFD1 as a device that generates a so-called digital signature to prove who the user generated the data, or as a device that authenticates users when logging on to a server on the Web can do. For example, when data is generated using a personal computer connected to UFD 1 and a user instructs to add a digital signature to the data, a hash value obtained by applying a hash function to original data generated by the user is obtained. Sign data, which is data obtained by encryption with a secret key, is generated by the UFD 1 and added to the original data.

  “Host PC ID” represents the personal computer to which the UFD 1 is connected when log data is generated. For example, when an operation for generating log data and recording the contents is performed on the host PC 2, an ID such as a serial number of the host PC 2 is received from the host PC 2 together with a command for generating log data. It is sent to UFD1 and the ID is included in the log data.

  “Signature data of UFD owner” is data obtained by encrypting a hash value obtained by applying a hash function to the entire data of “time”, “operation”, and “host PC ID” using a secret key. This sign data is generated by the cryptographic engine 34.

  Returning to the description of FIG. 2, when the write target data transmitted from the host PC 2 is supplied via the bus 40, the encryption engine 34 encrypts the data using the encryption key stored in the EEPROM 35. The data obtained by encryption is output to the flash memory I / F 39.

  Also, the encryption engine 34 reads the data stored in the flash memory 22 by the flash memory I / F 39, and when the read data is supplied, the encryption applied to the supplied data is stored in the EEPROM 35. Is decrypted using the encryption key stored in, and the data obtained by the decryption is output to the USB I / F 31 and transmitted to the host PC 2.

  Further, the cryptographic engine 34 generates sign data included in the log data, and outputs the generated sign data to the CPU 33 via the bus 40.

  For example, the cryptographic engine 34 is obtained by applying a hash function to the time generated by the CPU 33 to be included in the log data, information representing the authentication result, information representing the contents of the operation, and the entire ID of the host PC 2. Sign data is generated by encrypting the hash value using a secret key. The secret key is stored in the flash memory 22 in a state encrypted with the encryption key stored in the EEPROM 35, and the encryption engine 34 stores the secret key read from the flash memory 22 in the encryption key stored in the EEPROM 35. The signature data is generated using the secret key obtained by decrypting using the secret key.

  In the cryptographic engine 34, when transmitting log data to the server, the log data is also encrypted using the public key provided from the server. In this way, the UFD 1 stores a secret key or public key used for realizing a PKI (Public Key Infrastructure), or an encryption key used for data encryption / decryption. It also has a function as a token.

  The EEPROM 35 stores encryption keys such as RSA, AES (Advanced Encryption Standard), and DES (Data Encryption Standard). The encryption key stored in the EEPROM 35 is appropriately read out by the encryption engine 34 and is used for data encryption or decryption of the encrypted data. For example, when a fingerprint is registered by the user, the encryption key stored in the EEPROM 35 is generated using a part of the registered fingerprint data and data stored in advance in the EEPROM 35.

  The program RAM / ROM 36 stores various data necessary for the CPU 33 to execute various processes in addition to the program executed by the CPU 33.

  The fingerprint collation engine 37 reads a fingerprint based on the RF signal supplied from the fingerprint sensor 11 and collates the read fingerprint.

  For example, when the integrated value of the signal level of the RF signal output by reading a fingerprint in a plurality of relatively narrow ranges set in the fingerprint sensor 11 exceeds a threshold value, the fingerprint collation engine 37 causes the fingerprint sensor 11 to It is determined that the finger has been placed, and reading of the fingerprint is started.

  The fingerprint collation engine 37 uses the fingerprint read based on the output from the fingerprint sensor 11 as a collation target fingerprint, and collates features using a fingerprint template stored in the flash memory 22. When the characteristics of the fingerprint to be verified match the characteristics represented by the fingerprint template, the fingerprint verification engine 37 determines that the user who placed the finger on the fingerprint sensor 11 is a valid user, and authentication by the fingerprint is successful. This is notified to the CPU 33.

  The fingerprint template is stored in the flash memory 22 in the state encrypted with the encryption key stored in the EEPROM 35 as well as the secret key. When performing fingerprint verification, the fingerprint verification engine 37 is supplied with the fingerprint template decrypted by the cryptographic engine 34 using the cryptographic key.

  The PLL 38 generates a clock necessary for each part in the controller LSI 21 to operate based on the clock supplied from the crystal oscillator 23, and supplies the generated clock to each part.

  The flash memory I / F 39 controls writing of data to the flash memory 22 or reading of data stored in the flash memory 22.

  For example, the flash memory I / F 39 is encrypted by the cryptographic engine 34 and stored in the flash memory 22 with data supplied via the bus 40 or log data generated by the CPU 33 and supplied via the bus 40. Let Further, the flash memory I / F 39 reads the data stored in the flash memory 22 in an encrypted state, and outputs the read data to the encryption engine 34 via the bus 40.

  The flash memory 22 stores various data according to control by the flash memory I / F 39 of the LSI 21.

  FIG. 4 is a diagram illustrating an example of a region formed in the flash memory 22.

As shown in FIG. 4, the entire storage area of the flash memory 22 is divided into an area A ₁ and an area A ₂ .

In the area A ₁ , a fingerprint template and a private key encrypted using the encryption key stored in the EEPROM 35 are stored (saved). This area A ₁ is an area in which information about stored data is not notified from the UFD 1 to the host PC 2 and cannot be accessed from the host PC 2 even after successful fingerprint authentication. Log data generated by the CPU 33 is also stored in the area A ₁ .

On the other hand, in the area A ₂ , data encrypted using the encryption key stored in the EEPROM 35 is stored. After the authentication by fingerprint is successful, the area A ₂ becomes an area accessible from the host PC 2, and data can be stored from the host PC 2, and data stored therein can be read by the host PC 2.

Data encryption when data is stored in the area A ₂ and data decryption when data stored in the area A ₂ is read out in accordance with a command transmitted from the host PC 2 Since it is automatically performed in the UFD 1, it is not necessary for the host PC 2 to be aware of cryptographic processing when reading and writing data.

  Returning to the description of FIG. 2, the crystal oscillator 23 outputs a clock having a predetermined frequency to the PLL 38.

  The timer LSI 24 operates based on the power supplied from the battery 25 and manages the time. The time managed by the timer LSI 24 is appropriately read out by the CPU 33 via the bus 40 and the timer I / F 32. A large-capacity capacitor may be used as the battery 25, and the capacitor may be charged by power supplied from the host PC 2 when the UFD 1 is connected to the host PC 2.

  FIG. 5 is a block diagram illustrating a hardware configuration example of the host PC 2.

  The CPU 61 executes various processes according to a program stored in the ROM 62 or a program loaded from the storage unit 68 to the RAM 63. The RAM 63 also appropriately stores data necessary for the CPU 61 to execute various processes.

  The CPU 61, ROM 62, and RAM 63 are connected to each other via a bus 64. An input / output interface 65 is also connected to the bus 64.

  The input / output interface 65 includes an input unit 66 including a keyboard and a mouse, a display including a CRT (Cathode Ray Tube) and an LCD (Liquid Crystal Display), an output unit 67 including a speaker, and a hard disk. A communication unit 69 including a storage unit 68 and a network terminal is connected. The communication unit 69 communicates with various devices via a network.

  A USB I / F 70 is also connected to the input / output interface 65. The USB I / F 70 communicates with the UFD 1 that is inserted into a USB terminal provided in the housing of the host PC 2.

  A drive 71 is also connected to the input / output interface 65 as necessary, and a removable medium 72 composed of a magnetic disk, an optical disk, a magneto-optical disk, a memory card, or the like is appropriately mounted. The computer program read from the removable medium 72 is installed in the storage unit 68 as necessary.

  Here, processing of the UFD 1 and the host PC 2 having the above configuration will be described. Here, the processing when the UFD 1 is connected to the host PC 2 will be described, but when the UFD 1 is connected to another personal computer, the same processing is performed between the UFD 1 and the personal computer.

  First, the process of UFD 1 for registering a fingerprint will be described with reference to the flowchart of FIG.

  This process is started when the user instructs to register a fingerprint by operating the host PC 2 to which the UFD 1 is connected. When instructed by the user, a command instructing to start fingerprint registration is transmitted from the host PC 2 to the UFD 1.

  In step S1, the fingerprint collation engine 37 determines whether or not a finger is placed on the fingerprint sensor 11, and waits until it is determined that the finger is placed.

  If it is determined in step S1 that the finger is placed, in step S2, the fingerprint collation engine 37 takes in the RF signal supplied from the fingerprint sensor 11 as fingerprint reading data.

  In step S <b> 3, the fingerprint collation engine 37 takes out data representing the characteristics of the fingerprint read by the fingerprint sensor 11 as a fingerprint template. The fingerprint template extracted by the fingerprint verification engine 37 is output to the cryptographic engine 34 via the bus 40.

In step S4, the cryptographic engine 34 encrypts the fingerprint template using the encryption key stored in the EEPROM 35, outputs the encrypted fingerprint template to the flash memory I / F 39, and outputs the area A _{1 of the} flash memory 22 (FIG. 4). The fingerprint template may be stored in the EEPROM 35 instead of the flash memory 22 after being encrypted using the encryption key.

  Next, with reference to the flowchart of FIG. 7, the process of the UFD 1 that performs user authentication will be described.

  This process is started at a predetermined timing, for example, before the data created using the host PC 2 is stored in the flash memory 22 using the flash memory 22 of the UFD 1 as an external storage medium. As described above, when the flash memory 22 of the UFD 1 is used as an external storage medium, the user needs to perform fingerprint authentication.

  In step S11, the fingerprint collation engine 37 determines whether or not a finger is placed on the fingerprint sensor 11, and waits until it is determined that the finger is placed.

  If it is determined in step S11 that the finger has been placed, the fingerprint collation engine 37 takes in the fingerprint reading data based on the RF signal supplied from the fingerprint sensor 11 in step S12.

  In step S13, the fingerprint collation engine 37 uses the fingerprint represented by the fingerprint read data as the fingerprint to be collated, and decrypts it with the feature extracted from the fingerprint to be collated and the encryption key stored in the EEPROM 35. Is collated with the feature represented by the fingerprint template supplied from.

  In step S14, the fingerprint collation engine 37 determines whether or not the authentication is successful based on the collation result of the fingerprint feature. The CPU 33 is notified of the determination result as to whether or not the authentication is successful.

  When it is determined in step S14 that the authentication has failed because the feature extracted from the fingerprint to be verified does not match the feature represented by the fingerprint template, in step S15, the CPU 33 indicates information indicating that the authentication has failed. Is generated as log data in a format as shown in FIG. The generated log data is supplied to the flash memory I / F 39 and stored in the flash memory 22.

  On the other hand, if it is determined in step S14 that the authentication is successful, in step S16, the CPU 33 generates log data in a format as shown in FIG. 3 including information indicating that the authentication is successful as “operation”. To do. Information indicating which finger of the user is used for authentication may be included in the log data.

In step S17, the CPU 33 turns on an authentication flag indicating that the authentication is successful, and ends the process. Thereafter, the CPU 33 permits the host PC ₂ to access the area A ₂ of the flash memory 22 and controls writing of data supplied from the host PC 2 and reading of data designated from the host PC 2.

  Next, processing of the UFD 1 and the host PC 2 at the time of OS logon will be described with reference to the flowchart of FIG.

  This process is started when the user activates the OS by turning on the host PC 2 with the UFD 1 connected.

  In step S21, the CPU 61 of the host PC 2 enters a logon waiting state. At this time, in the host PC 2, an application program for transmitting a command to the UFD 1 is started.

  In step S <b> 22, the CPU 61 controls the USB I / F 70 and transmits a command to the UFD 1 to instruct to perform user authentication using a fingerprint. The OS logon ID is added to this command and sent at the same time as the command.

  In step S31, the CPU 33 of the UFD 1 receives a command transmitted from the host PC 2 by controlling the USB I / F 31, and waits for a finger placed by the user to enter an authentication waiting state.

  In step S32, the fingerprint collation engine 37 authenticates the fingerprint as described with reference to FIG. 7, and notifies the CPU 33 when the authentication is successful.

  In step S33, the CPU 33 generates log data in a format as shown in FIG. 3 in which information indicating that logon has been performed is included as “operation”.

In step S <b> 34, the CPU 33 outputs the generated log data to the flash memory I / F 39 and stores it in the area A ₁ of the flash memory 22.

  In step S35, the CPU 33 notifies the host PC 2 that the user has been successfully authenticated by the fingerprint, and ends the process.

  In step S23, the CPU 61 of the host PC 2 receives the notification from the UFD 1 by controlling the USB I / F 70, and ends the processing. Thereafter, the host PC 2 logs on the OS and performs various processes.

  FIG. 9 is a diagram illustrating an example of log data generated and stored by the UFD 1 by performing the processing of FIG.

  In the example of FIG. 9, “November 20, 2006, 13:01:30” is recorded as “Time”, and information indicating that logon has been performed is recorded as “Operation”. In this log data, the ID of the host PC 2 and signature data are also recorded.

  Similarly, when other processing is performed on the host PC 2, log data is generated and stored in the UFD 1.

  For example, when the lock state is released, the host PC 2 notifies the UFD 1 of that, and log data in which information indicating that the lock state is released is recorded as “operation”. In addition, when a predetermined application is activated on the host PC 2 in response to an operation by the user, the host PC 2 notifies the UFD 1 of this, and a log in which information indicating the name of the activated application is recorded as “operation” Data is generated.

  In this way, by adding a timer function to a hardware token that has a fingerprint verification function, a storage function, and an encryption function (a symmetric key and an asymmetric key encryption function), the personal computer with the UFD1 inserted It is possible to store a record of user operations performed using the information in association with the time and the ID of the personal computer. Regardless of which function is missing, the log data cannot be stored in the UFD 1 in this way.

  In addition, log data representing operations performed using the personal computer to which the UFD 1 is connected is stored in the UFD 1 and in an area that cannot be accessed from the personal computer, so that the log data is stored in the HDD of the personal computer. As compared with the case where the data is stored in the memory, it is possible to prevent an unauthorized operation such as tampering from being performed.

  The UFD 1 in which the log data is stored is appropriately collected by, for example, an administrator, and it is checked whether an unauthorized operation is performed based on the log data stored in the UFD 1.

  In the above description, it is assumed that log data is simply stored when a predetermined operation is performed on the host PC 2. However, the UFD 1 verifies whether the performed operation is a valid operation or not. May be.

  For example, when log data as shown in FIG. 9 is generated by logon of the OS, the UFD 1 verifies whether the logon is a valid operation and the time included in the log data. This is performed based on the time included in the latest log data generated and stored in the flash memory 22 first.

  Specifically, when the time included in newly generated log data is a time before the time included in the latest log data, or when the time included in the newly generated log data is the latest log data. If the included time difference is more than the predetermined time, it is determined that the logon performed this time is an unauthorized logon, data indicating that the unauthorized logon has been performed is added to the log data, and the UFD 1 Remembered. Thereby, the administrator can easily find an unauthorized operation from the log data.

  When it is determined that an unauthorized operation has been performed, not only data indicating that is added to the log data, but also the UFD 1 is disabled until the administrator performs a predetermined operation such as initialization. You may do it.

  When log data is stored as described above, the storage capacity of the flash memory 22 built in the UFD 1 is finite, so that there is no free space and log data cannot be stored. is there. In such a state, for example, the log data may be transmitted from the UFD 1 to a previously designated server that centrally manages the log data, and an empty area of the flash memory 22 may be secured.

  FIG. 10 is a diagram illustrating a configuration example of a log data management system.

  As shown in FIG. 10, this management system is configured by connecting a host PC 2 and a server 81 via a network 82. As indicated by the white arrow, UFD1 is connected to host PC2. In the example of FIG. 10, one UFD for storing log data and one personal computer to which the UFD is connected are shown, but a plurality of them may be provided.

  The server 81 is an apparatus for centrally managing log data, and has basically the same configuration as the configuration of the host PC 2 shown in FIG. Hereinafter, the configuration of the host PC 2 shown in FIG.

  The server 81 receives and manages log data read from the UFD 1 by the host PC 2 and transmitted from the host PC 2 via the network 82. Log data is sent and received in a state encrypted using a common encryption key that both UFD1 and server 81 have after key data is exchanged between UFD1 and server 81 by PKI. The

  Here, a key data exchange process performed by the UFD 1 and the server 81 will be described with reference to the flowchart of FIG.

  This process is started, for example, when a command instructing to start exchanging key data is transmitted from the server 81 and received by the CPU 33 of the UFD 1 via the host PC 2. Note that FIG. 11 shows only the processing of the UFD 1 and the server 81, but data transmission / reception between the UFD 1 and the server 81 is performed via the host PC 2.

  In step S41, the cryptographic engine 34 of UFD1 generates a PKI key UKd. For example, a random number with a predetermined number of digits is generated as the PKI key UKd. The secret key UKe corresponding to the PKI key UKd is stored in the EEPROM 35 or the like. Here, the PKI key UKd is generated in the UFD 1, but may be generated by a device external to the UFD 1, such as the host PC 2.

  On the other hand, in step S51, the CPU 61 (FIG. 5) of the server 81 generates a PKI key SKd. The secret key SKE corresponding to the PKI key SKd is stored in the storage unit 68 or the like.

  In step S <b> 42, the CPU 33 of the UFD 1 controls the USB I / F 31 to output the PKI key UKd to the host PC 2 and transmit the PKI key UKd to the server 81.

  In step S52, the CPU 61 of the server 81 receives the PKI key UKd transmitted from the UFD 1 via the host PC 2 by controlling the communication unit 69.

  In step S53, the CPU 61 controls the communication unit 69 to transmit the PKI key SKd to the UFD1. The PKI key SKd transmitted from the server 81 is received by the host PC 2 and output from the host PC 2 to the UFD 1.

  In step S43, the CPU 33 of the UFD 1 receives the PKI key SKd transmitted from the server 81 and ends the process. As a result, the key data is exchanged between the UFD 1 and the server 81.

  Next, log data transmission / reception processing performed by the UFD 1 and the server 81 will be described with reference to the flowchart of FIG.

  This process is started after the process of FIG. 11 is performed and the key data is exchanged between the UFD 1 and the server 81.

  In step S71, the CPU 61 of the server 81 generates a random number R.

  In step S72, the CPU 61 encrypts the generated random number R using the PKI key UKd provided from the UFD 1, and transmits the encrypted random number R (R (UKd)) to the UFD 1.

  In step S <b> 61, the CPU 33 of the UFD 1 receives the encrypted random number R transmitted from the server 81. The random number R received by the CPU 33 is supplied to the cryptographic engine 34.

  In step S62, the cryptographic engine 34 decrypts the data supplied from the CPU 33 using the secret key UKe, and reads the random number R.

  In step S 63, the cryptographic engine 34 encrypts the read random number R using the PKI key SKd provided from the server 81, and transmits the encrypted random number R (R (SKd)) to the server 81.

  In step S73, the CPU 61 of the server 81 receives the encrypted random number R transmitted from the UFD1. The CPU 61 reads the random number R by decrypting the received data (the encrypted random number R) using the secret key SKE, and whether or not the read random number R matches the random number R generated by itself. To check.

  When it is confirmed that the random number R read from the data transmitted from the UFD 1 matches the random number R generated by itself, in step S74, the CPU 61 generates a command for instructing reading of log data, Send the generated command to UFD1.

  In step S <b> 64, the CPU 33 of the UFD 1 receives the command transmitted from the server 81. The CPU 33 that has received the command reads the log data from the flash memory 22 and outputs the read log data to the cryptographic engine 34.

  In step S 65, the encryption engine 34 encrypts the log data read from the flash memory 22 using the random number R as an encryption key, and transmits the encrypted log data to the server 81.

  In step S75, the CPU 61 of the server 81 receives the log data in an encrypted state.

  In step S76, the CPU 61 decrypts the log data using the random number R as an encryption key, and stores the log data obtained by the decryption in the storage unit 68.

  In step S66, the CPU 33 of the UFD1 deletes the log data stored in the flash memory 22, and ends the process.

  With the above processing, log data stored in the UFD 1 can be transferred to the server 81 with security ensured, and a free area for storing log data is secured in the flash memory 22 of the UFD 1. Can do.

  As described above, the log data may be transferred to the server 81 every time it is generated in the UFD 1 instead of being transmitted when there is no free space in the flash memory 22. As described above, the storage location of the log data is not limited to the inside of the UFD 1.

  In the above, a timer with a battery (timer LSI 24) is built in the UFD 1, and the time of the built-in timer is used for generating log data. However, the host PC 2 and the server 81 to which the UFD 1 is connected The management time may be used.

  FIG. 13 is a block diagram illustrating another hardware configuration example of the UFD 1.

  The configuration shown in FIG. 13 is the same as the configuration of FIG. 2 except that the timer LSI 24, the battery 25, and the timer I / F 32 are not provided.

  When generating log data, the CPU 33 of the UFD 1 controls the USB I / F 31 to acquire time from the host PC 2 and uses the acquired time for generation of log data. The generated log data is stored in the flash memory 22 in the same manner as the log data generated using the time managed by the built-in timer.

  Next, processing performed by the UFD 1 having the configuration of FIG. 13 and the host PC 2 to which the UFD 1 is connected will be described with reference to the flowchart of FIG.

  Here, as in the case described with reference to FIG. 8, processing at the time of OS logon will be described. The process in FIG. 14 is basically the same as the process in FIG. 8 except that a process for obtaining time from the host PC 2 is further performed.

  When the user activates the OS by turning on the power of the host PC 2 with the UFD 1 connected, the CPU 61 of the host PC 2 enters a logon waiting state in step S91.

  In step S92, the CPU 61 transmits to the UFD 1 a command for instructing user authentication using a fingerprint. The OS logon ID is added to this command and sent at the same time as the command.

  In step S101, the CPU 33 of the UFD 1 receives a command transmitted from the host PC 2, and waits for the user to place a finger, and enters an authentication waiting state.

  In step S102, the fingerprint collation engine 37 authenticates the fingerprint, and if the authentication is successful, notifies the CPU 33 of that.

  In step S103, the CPU 33 notifies the host PC 2 that the authentication has been successful.

  In step S93, the CPU 61 of the host PC 2 receives the notification from the UFD 1.

  In step S94, the CPU 61 confirms the time managed in the host PC 2, and notifies the confirmed time to the UFD 1.

  In step S104, the CPU 33 of the UFD 1 receives the time notified from the host PC 2.

  In step S <b> 105, the CPU 33 generates log data in a format as shown in FIG. 3 including information indicating that logon has been performed as “operation”. The generated log data includes the time notified from the host PC 2.

In step S <b> 106, the CPU 33 outputs the generated log data to the flash memory I / F 39 and stores it in the area A ₁ of the flash memory 22. Thereafter, the process is terminated.

  By obtaining the time used for generating log data from the host PC 2, it is not necessary to prepare a timer in the UFD 1, and the manufacturing cost of the UFD 1 can be reduced. In addition, a log data generation function can be added to the existing UFD 1 that does not have a built-in timer by software.

  When the time acquired from the host PC 2 is used for generating log data as described above, when the time of the host PC 2 is intentionally changed, the log data includes a time different from the time when the operation was actually performed. May be generated. Therefore, in order to prevent such a situation, when log data is generated, the time is acquired not only from the host PC 2 but also from the server 81 of FIG. The time acquired from the log data may be included in the log data. In this case, the time of the server 81 cannot be changed illegally.

  Acquisition of the time from the server 81 is performed, for example, when logging on to the server 81 from the host PC 2. When logging on to the server 81 from the host PC 2, the user authentication function of the UFD 1 connected to the host PC 2 is used. When the authentication is successful in the UFD 1, this is notified from the UFD 1 to the host PC 2, and a logon request is transmitted from the host PC 2 to the server 81.

  Here, with reference to the flowchart of FIG. 15, processing of the UFD 1, the host PC 2, and the server 81 when logging on to the server 81 will be described.

  This process is started, for example, when the host PC 2 is turned on with the UFD 1 connected.

  In step S121, the CPU 61 of the host PC 2 enters a logon waiting state.

  In step S122, the CPU 61 of the host PC 2 transmits to the UFD 1 a command for instructing user authentication using a fingerprint.

  In step S131, the CPU 33 of the UFD 1 receives a command transmitted from the host PC 2, and waits for a finger placed by the user to enter an authentication waiting state.

  In step S132, the fingerprint collation engine 37 authenticates the fingerprint, and if the authentication is successful, notifies the CPU 33 of that.

  In step S133, the CPU 33 notifies the host PC 2 that the authentication has succeeded.

  In step S123, the CPU 61 of the host PC 2 receives the notification from the UFD 1.

  In step S <b> 124, the CPU 61 of the host PC 2 requests the server 81 to log on. At this time, data used to authenticate the host PC 2 is also transmitted from the host PC 2 to the server 81 as necessary.

  In step S111, the CPU 61 of the server 81 receives a request from the host PC 2.

  In step S112, the CPU 61 of the server 81 performs authentication of the host PC 2 using data transmitted from the host PC 2 together with a logon request.

  If the authentication of the host PC 2 is successful, in step S113, the CPU 61 of the server 81 permits the logon (permits access) and notifies the host PC 2 of the time managed in the server 81. This notification includes the ID of the server 81 and the like.

  In step S <b> 125, the CPU 61 of the host PC 2 receives the notification from the server 81.

  In step S 126, the CPU 61 of the host PC 2 notifies the UFD 1 of the time notified from the server 81 and the time managed inside the host PC 2 together with the ID of the host PC 2 and the ID of the server 81.

  In step S134, the CPU 33 of the UFD1 receives a notification from the host PC2.

  In step S135, the CPU 33 generates log data in a format as shown in FIG. 3 including information indicating that the logon to the server 81 has been performed as “operation”. The log data includes both the time managed by the host PC 2 and the time managed by the server 81. Further, both the ID of the host PC 2 and the ID of the server 81 are included.

  For example, if there is a difference between the time managed by the host PC 2 and the time managed by the server 81 by a predetermined time or more, it is determined that the time of the host PC 2 has been illegally changed, and such an illegal operation is performed. Log data to which data indicating that is added is generated.

In step S136, CPU 33 outputs the generated log data to the flash memory I / F 39, and stores in the area A ₁ of the flash memory 22. Thereafter, the process is terminated.

  In this way, even if an unauthorized operation such as changing the time is performed by making the log data include the time acquired from a plurality of external devices, the administrator It can be easily found.

  In the above description, the user is authenticated by the fingerprint read by the fingerprint sensor 11. However, the authentication is not necessarily performed by the fingerprint, and other biometrics can be used as long as the user can be authenticated in the UFD 1. Metrics may be used. For example, the user can be authenticated by an iris or palm print.

  When a touch panel is provided on the UFD 1, the user may be authenticated by a password input by tracing the surface with a finger.

  The series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software executes various functions by installing a computer incorporated in dedicated hardware or various programs. The program is installed from a program recording medium into a general-purpose personal computer having the configuration shown in FIG.

  The program executed by the computer is, for example, a magnetic disk (including a flexible disk), an optical disk (CD-ROM (Compact Disc-Read Only Memory), DVD (Digital Versatile Disc), etc.), a magneto-optical disk, or a semiconductor memory. It is recorded on a removable medium 72, which is a package medium, or provided via a wired or wireless transmission medium such as a local area network, the Internet, or digital satellite broadcasting.

  The program executed by the computer may be a program that is processed in time series in the order described in this specification, or in parallel or at a necessary timing such as when a call is made. It may be a program for processing.

  The embodiments of the present invention are not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the present invention.

It is a figure which shows the example of the external appearance of UFD with a fingerprint collation function which concerns on one Embodiment of this invention. It is a block diagram which shows the hardware structural example of UFD with a fingerprint collation function. It is a figure which shows the example of a format of log data. It is a figure which shows the example of the area | region formed in flash memory. It is a block diagram which shows the hardware structural example of host PC. It is a flowchart explaining the fingerprint registration process of UFD with a fingerprint collation function. It is a flowchart explaining the authentication process of UFD with a fingerprint collation function. It is a flowchart explaining the process of UFD and host PC at the time of OS logon. It is a figure which shows the example of log data. It is a figure which shows the structural example of the management system of log data. It is a flowchart explaining the exchange process of the key data performed by UFD and a server. It is a flowchart explaining the transmission / reception process of the log data performed by UFD and a server. It is a block diagram which shows the other hardware structural example of UFD. 14 is a flowchart for explaining processing performed by the UFD having the configuration of FIG. 13 and a host PC. It is a flowchart explaining the process of UFD, host PC, and a server.

Explanation of symbols

  1 UFD with fingerprint verification function 2 Host PC 11 Fingerprint sensor 21 Controller LSI 22 Flash memory 23 Crystal oscillator 31 USB I / F 32 Timer I / F 33 CPU 34 Encryption engine 35 EEPROM Program RAM / ROM, 37 Fingerprint verification engine, 38 PLL, 39 Flash memory I / F

Claims (9)

In an electronic device that has a built-in memory and can be connected to an information processing device,
Reading means for reading biological information;
Authentication means for authenticating a user based on the biometric information read by the reading means;
The information indicating the result of the user authentication by the authentication means is performed every time the authentication is performed, or the information indicating the content of the predetermined operation performed in the information processing apparatus after the user authentication is successfully performed. An electronic device comprising: control means for generating log data in association with identification information and time of the information processing apparatus each time the information processing apparatus is stored, and storing the generated log data in the memory. The electronic device according to claim 1, wherein the control unit generates the log data including signature data obtained using a secret key stored in the memory. The storage area of the memory can be accessed from the information processing apparatus as an external storage medium in response to a first area that cannot be accessed from the information processing apparatus and successful user authentication. From the second area
The electronic device according to claim 1, wherein the control unit stores the log data in the first area. A timer,
The electronic device according to claim 1, wherein the control unit generates the log data in which the time measured by the timer is associated. The electronic device according to claim 1, wherein the control unit generates the log data in which the time acquired from the information processing apparatus is associated. When the control means generates first log data including information representing the predetermined operation performed in the information processing apparatus, the control means obtains from the information processing apparatus for inclusion in the first log data And verifying whether or not the predetermined operation is a legitimate operation based on the measured time and a time included in the second log data stored in the memory in the immediate vicinity of the first log data. 5. The electronic device according to 5. The control means further acquires a time from another information processing apparatus connected to the information processing apparatus via a network, and obtains the time acquired from the information processing apparatus and the time acquired from the other information processing apparatus. The electronic apparatus according to claim 5, wherein the electronic apparatus verifies whether or not the predetermined operation performed in the information processing apparatus is a valid operation. The electronic device according to claim 1, wherein the reading unit reads a fingerprint as the biological information. In an information processing method of an electronic device having a built-in memory and connectable to an information processing device,
Read biological information,
User authentication is performed based on the read biometric information,
Each time the information representing the authentication result of the user is authenticated, or each time the predetermined operation is performed, the information representing the content of the predetermined operation performed in the information processing apparatus after the user authentication is successful. An information processing method comprising: generating log data in association with identification information and time of the information processing apparatus, and storing the generated log data in the memory.

Images