JP2021064411A - Information processing device and program thereof - Google Patents

Abstract

To provide an information processing device capable of acquiring an access key for using a self-encrypting drive(SED) without a need of user operation and without providing other devices with special functions.SOLUTION: A personal computer 100 which performs information processing using a decrypted file comprises a storage unit 4 including a storage part 41 and a control unit 1 including a lock setting part 1 and a key table 1c. The storage unit stores an encrypted file in the storage part, locks or unlocks the storage part according to an input of an access key, and decrypts and outputs the files stored in the storage part when the storage part is unlocked. The lock setting part 1b acquires an identifier of a communication device connected to a communication network from the communication device via the communication network, acquires an access key from the key table 1c on the basis of the acquired identifier, and inputs the acquired key to the storage unit.SELECTED DRAWING: Figure 1

Description

Embodiments of the present invention relate to an information processing device.

There is known a storage device that has a function of automatically encrypting and storing files such as data files and program files, and protects the files from being read and written by anyone other than a user with proper authority. Such a storage device is standardized by the Trusted Computing Group (TCG) as a trusted computing group opal security subsystem class (TCG Opal SSC) and is called a self-encrypting drive (SED).

Using this SED has the advantage that the file is encrypted and protected from unauthorized access. On the other hand, in order to read and write a file to SED in the information processing device, the user must input an access key for proving legitimate authority to the information processing device, which is convenient for the user. Is impaired.

By the way, as a method for obtaining secret information such as an encryption key and authentication information without requiring an explicit operation from a user, some techniques using a secret sharing method as shown in Patent Document 1 and Patent Document 2 are generally used. Has been proposed. If such a well-known technique is applied to an information processing device that uses SED, it is possible to eliminate the need for a user operation for inputting an access key.

However, in the conventional technology using the secret sharing method, a plurality of other devices capable of communicating with the information processing device must each have a function of transmitting a tally for obtaining an access key in the information processing device using the SED. I had to.

As an example, when a payment terminal using SED is to be provided in a POS system, for example, a plurality of POS terminals must be provided with a function of transmitting a tally to the payment terminal. That is, when trying to introduce the above payment terminal into an existing POS system composed of POS terminals that do not have the function of transmitting tally, the function of transmitting at least a part of the above POS terminals is provided. It is necessary to replace it with the one provided.

Under such circumstances, it has been desired that the information processing device can acquire an access key for using the SED without requiring a user operation and without providing a special function to other devices.

Japanese Unexamined Patent Publication No. 2010-219603 Japanese Unexamined Patent Publication No. 2014-6674

The problem to be solved by the present invention is to provide an information processing device capable of acquiring an access key for using SED without requiring user operation and without providing other devices with special functions. That is.

The information processing apparatus of the embodiment stores a file obtained by encrypting a file given from the outside by a storage means, and sets the storage means in an unlocked state or a locked state according to the input of a predetermined access key. In the unlocked state, a storage device that decodes and outputs the file stored in the storage means is used to perform information processing using the decrypted file, and the file can be connected to the communication network. It is provided with an identifier acquisition means, a key acquisition means, and an input means. The identifier acquisition means acquires the identifier of another device connected to the own device via the communication network from the device via the communication network. The key acquisition means acquires an access key based on the identifier acquired by the identifier acquisition means. The input means inputs the access key acquired by the key acquisition means into the storage device.

The block diagram which shows the main part circuit structure of the personal computer which concerns on 1st Embodiment. The figure which shows typically the structure of the key table shown in FIG. The flowchart which shows the procedure of the process in the lock setting part shown in FIG. The flowchart which shows the procedure of the process in the lock setting part shown in FIG. The block diagram which shows the main part circuit structure of the personal computer which concerns on 2nd Embodiment. The figure which shows typically the structure of the tally table shown in the figure. FIG. 5 is a flowchart showing a processing procedure in the lock setting unit shown in FIG. The block diagram which shows the main part circuit configuration of the payment terminal which concerns on 3rd Embodiment.

Hereinafter, embodiments will be described with reference to the drawings.
(First Embodiment)
In the present embodiment, a personal computer will be described as an example of the information processing device.
FIG. 1 is a block diagram showing a main circuit configuration of the personal computer 100 according to the first embodiment.

The personal computer 100 includes a control unit 1, a wireless communication unit 2, a user interface (UI) unit 3, and a storage unit 4. The wireless communication unit 2, the user interface unit 3, and the storage unit 4 are connected to the control unit 1, respectively.

The control unit 1 includes a processor, a memory, and the like. The control unit 1 executes various applications by reading the application program stored in the storage unit 4 and executing the application program by the above-mentioned processor. Further, the control unit 1 stores the key table 1c in the above memory. The control unit 1 includes an interface unit for exchanging data with each connected unit.
The information processing unit 1a executes information processing according to the application program.
The lock setting unit 1b outputs the access key to the storage unit 4 while referring to the key table 1c by the lock state setting process described later. The key table 1c will be described later.

The wireless communication unit 2 wirelessly communicates with an access point connected to the LAN 300. As a result, the wireless communication unit 2 enables the control unit 1 to communicate with another communication device 200 connected to the LAN 300 via the LAN 300. The communication device 200 is a device having a function of performing communication via the LAN 300, and may include various types of devices such as a personal computer, a printer, and a multifunction device. When the wireless communication unit 2 receives a packet from the LAN 300 while the lock setting unit 1b is executing the lock state setting process described later, it does not matter whether the packet is addressed to the personal computer 100 or not. It is given to the control unit 1 without being used. As the wireless communication unit 2, a well-known device adapted to the wireless LAN can be used. The LAN 300 may be configured as either a wired LAN or a wireless LAN, or as a combination of a wired LAN and a wireless LAN. The LAN 300 may be replaced or combined with another type of communication network such as an optical communication network or Bluetooth®. That is, the LAN 300 can be replaced with any communication network as long as the transmitted data includes the identifier of the source device.

The user interface unit 3 inputs an instruction by the user to the control unit 1. Thus, the user interface unit 3 is an example of an input device. The user interface unit 3 outputs information to be notified to the user regarding the operation of the control unit 1. As the user interface unit 3, a well-known input device such as a touch panel can be arbitrarily used.

The storage unit 4 includes a storage unit 41, an access control unit 42, an encryption key output unit 43, an encryption processing unit 44, and an interface unit 45.
The storage unit 41 is a device for storing files, and for example, an EEPROM (electric erasable programmable read-only memory), an HDD (hard disk drive), an SSD (solid state drive), or the like can be applied. The storage unit 41 can logically set one or a plurality of storage areas. In FIG. 1, a state in which n storage areas 41-1 to 41-n are set is shown as an example. The storage areas 41-1 to 41-n are all areas for storing encrypted files. Thus, the storage unit 41 is an example of a storage means for storing a file obtained by encrypting a file given from the outside. The storage unit 41 also includes an area other than the storage areas 41-1 to 41-n. One such area is a preboot authentication area that stores a program file for the preboot authentication process.

The access control unit 42 manages whether the storage areas 41-1 to 41-n are in the locked state or the unlocked state. When the access key defined for each of the storage areas 41-1 to 41-n is given by the interface unit 45 together with the lock or unlock instruction, the access control unit 42 responds to the instruction. To lock or unlock. When the access control unit 42 unlocks a certain storage area, the access control unit 42 acquires a encryption key predetermined for the storage area from the encryption key output unit 43, and transfers this encryption key to the encryption processing unit 44. set. When the access control unit 42 locks a certain storage area, the access control unit 42 destroys the encryption key set in the encryption processing unit 44 as described above.

The encryption key output unit 43 has an encryption key table showing the above-mentioned access key and a predetermined encryption key for the storage area in association with each of the storage areas 41-1 to 41-n. The encryption key output unit 43 takes out the encryption key associated with the access key given by the access control unit 42 from the encryption key table and gives it to the access control unit 42. Instead of using the encryption key table, the encryption key output unit 43 may calculate the encryption key by a specific calculation formula such as a hash function based on the information given by the access control unit 42.

When the encryption processing unit 44 is requested to write a file by designating a storage area in which the corresponding encryption key is set, the encryption processing unit 44 encrypts the file using the above-mentioned set encryption key. To do. Then, the encryption processing unit 44 writes the encrypted file to the designated storage area. When the encryption processing unit 44 is requested to read the file by designating the storage area in which the corresponding encryption key is set, the encryption processing unit 44 decrypts the file by using the above-mentioned set encryption key. .. Then, the encryption processing unit 44 outputs the decrypted file to the interface unit 45. The encryption processing unit 44 rejects the write / read request unless the encryption key corresponding to the designated storage area is set.

The interface unit 45 gives the access key sent from the control unit 1 to the access control unit 42. The interface unit 45 gives the encryption processing unit 44 a request for reading or writing a file from the control unit 1. The interface unit 45 gives the decrypted file given by the encryption processing unit 44 to the control unit 1. As the interface unit 45, a device conforming to a general-purpose interface standard such as SATA (serial advanced technology attachment) can be used.
Thus, the storage unit 4 has a function as an SED and is an example of a storage device.

FIG. 2 is a diagram schematically showing the configuration of the key table 1c.
The key table 1c stores the access key and the required identifier in association with each of the storage areas 41-1 to 41-n set in the storage unit 41. The required identifier includes at least one identifier of the communication device 200. In the present embodiment, as the identifier, MAC ID, which is a physical address uniquely assigned to the hardware of the network device, is used. However, as the identifier, various other data such as an IP address, a computer name, or a serial number, which can uniquely identify the device, or data obtained by combining them can also be used. The access key is a character string such as "xxx" in the example of FIG. That is, in the key table 1c, a character code string representing a character string used as the access key is actually described as the information of the access key. However, the access key may be arbitrary binary data other than the character string code string.
Thus, the key table 1c is an example of a table in which an access key is described in association with an identifier.

Next, the operation of the personal computer 100 configured as described above will be described. The content of the process described below is an example, and various processes capable of obtaining similar results can be appropriately used.

A plurality of the storage areas 41-1 to 41-n set in the storage unit 41 contain program files of a plurality of different applications for realizing the function as the information processing unit 1a in the control unit 1, respectively. Each is memorized. The application executed by the information processing unit 1a can be changed by the control unit 1 selectively executing one of the plurality of program files. For example, an application that handles confidential information can be executed in the normal office of the user of the personal computer 100, but an application different from the application that handles confidential information can be executed in a place other than the above-mentioned office. And.

On the other hand, the program file for the control unit 1 to realize the function as the lock setting unit 1b is stored in the area set in the storage unit 41, which is first read when the personal computer 100 is started. This area is generally the area where the operating system is stored. This area is set to be at least readable at startup.

Then, the control unit 1 starts the operation as the lock setting unit 1b based on the above program file at a predetermined timing. The timing is, for example, when the personal computer 100 is started. Alternatively, the above timing may be set at regular time intervals or the like.

FIG. 3 is a flowchart showing a processing procedure in the lock setting unit 1b.
As Act1, the lock setting unit 1b clears the value of the variable m to 0. The variable m is used to count the number of times the confirmation loop is executed, which will be described later.

As Act2, the lock setting unit 1b confirms whether or not the collection period has expired. Then, the lock setting unit 1b determines No if the collection period has not ended, and proceeds to Act3.
As Act3, the lock setting unit 1b confirms whether or not the packet has been received by the wireless communication unit 2. Then, if the packet is not received, it is determined as No, and the process returns to Act2.
Thus, as Act2 and Act3, the lock setting unit 1b waits for the packet to be received in a situation where the collection period has not ended. Then, when the packet transmitted by the communication device 200 to an arbitrary destination is transmitted to the personal computer 100 via the LAN 300, the wireless communication unit 2 receives the packet. In this case, the wireless communication unit 2 gives the received packet to the control unit 1. In response to this, the lock setting unit 1b determines Yes in Act3 and proceeds to Act4.

As Act4, the lock setting unit 1b extracts the identifier of the source device from the received packet and stores it in the internal memory of the control unit 1. The memory area for storing the identifier here is cleared at the start of the process shown in FIG. Thus, the lock setting unit 1b functions as an identifier acquisition means for acquiring the identifier of the communication device 200. The access point 400 is also one of the communication devices connected to the LAN 300. Therefore, the lock setting unit 1b also acquires the identifier of the access point 400.

After that, the lock setting unit 1b returns to the standby state of Act2 and Act3. Thus, the lock setting unit 1b accumulates the source identifier shown in the packet received during the collection period. The lock setting unit 1b may save the newly extracted identifier without confirming whether or not it is the same as the saved identifier, or confirms whether or not it is the same. , May be saved only if different.

The lock setting unit 1b determines Yes in Act2 when a predetermined time has elapsed from a reference time set as the time when the process shown in FIG. 3 is started or the time when Act2 is first executed. .. Then, in this case, the lock setting unit 1b proceeds to the confirmation loop starting from Act5. The above time may be arbitrarily set by, for example, the creator of the program file representing the process shown in FIG. 3, the administrator of the personal computer 100, or the like. However, the above time is preferably a time for which a collection period is set so that at least one packet transmitted from each device having an identifier set as a necessary identifier in the key table 1c can be received.

As Act5, the lock setting unit 1b increases the value of the variable m by one.
As Act6, the lock setting unit 1b confirms whether or not all the identifiers represented as the necessary identifiers in the key table 1c are aligned with respect to the mth storage area 41-m. Then, the lock setting unit 1b determines Yes if all of the required identifiers are included in the identifiers saved in Act 4, and proceeds to Act 7.

As Act7, the lock setting unit 1b confirms whether or not the storage area 41-m is in the locked state. Then, the lock setting unit 1b determines Yes if it is in the locked state, and proceeds to Act9.

On the other hand, if all the necessary identifiers are not included in the identifiers saved in Act4, the lock setting unit 1b determines No in Act6 and proceeds to Act8.
As Act8, the lock setting unit 1b confirms whether or not the storage area 41-m is in the unlocked state. Then, the lock setting unit 1b determines Yes if it is in the unlocked state, and proceeds to Act9.
That is, the lock setting unit 1b receives all of the required identifiers when the storage area 41-m is in the locked state and receives even a part of the required identifiers when the storage area 41-m is in the unlocked state. In the case where it is not done, the process proceeds to Act9.

As Act9, the lock setting unit 1b outputs the access key shown in the key table 1c with respect to the storage area 41-m to the interface unit 45 of the storage unit 4. That is, the lock setting unit 1b reads the access key stored in the key table 1c in association with the acquired identifier, and functions as a reading means. Then, the function as the reading means of the lock setting unit 1b and the function as the key acquisition means are realized by the cooperation with the key table 1c. Further, the lock setting unit 1b functions as an input means for inputting the acquired access key to the storage unit 4. The control unit 1 stores information indicating whether it is in the locked state or the unlocked state in the memory in association with each of the storage areas 41-1 to 41-n. Then, the lock setting unit 1b makes it possible to determine Act7 or Act8 by inverting the information when the access key is output here. However, the lock setting unit 1b may make an inquiry to the access control unit 42 to determine whether the storage area 41-m is in the locked state or the unlocked state.

The above access key is given to the access control unit 42 via the interface unit 45. If the storage area 41-m is in the locked state in response to the access key being given, the access control unit 42 outputs a predetermined encryption key to the storage area 41-m. This encryption key is set in the encryption processing unit 44. Further, the access control unit 42 discards the encryption key set in the encryption processing unit 44 if the storage area 41-m is in the locked state in response to the access key being given.

When the lock setting unit 1b finishes Act9, it proceeds to Act10. If the required identifiers are prepared but the storage area 41-m is already in the unlocked state and therefore No is determined in Act7, Act9 is passed and the process proceeds to Act10. Further, when the lock setting unit 1b determines No in Act 8 because the storage area 41-m is already in the locked state, although the necessary identifiers are not prepared, the lock setting unit 1b passes Act 9 and proceeds to Act 10.

As Act10, the lock setting unit 1b confirms whether or not the value of the variable m is n or more. Then, if the lock setting unit 1b determines No because the value of the variable m is less than n, the lock setting unit 1b repeats the processing after Act5. That is, the lock setting unit 1b changes the target storage area and processes Act6 to Act9. The loop of Act5 to Act10 repeated in this way is a confirmation loop. Then, when the processing of Act6 to Act9 is completed for all of the storage areas 41-1 to 41-n, the value of the variable m is n. Therefore, since the value of the variable m is n or more, the lock setting unit 1b determines Yes in Act10, and ends the process shown in FIG.

As described above, according to the personal computer 100, when the environment is such that at least one predetermined identifier of the communication device 200 and the access point 400 can be acquired, the storage areas 41-1 to 41-n are automatically set. It is unlocked. Therefore, in this case, the operator does not have to perform an operation for inputting the access key. Moreover, since the personal computer 100 uses an identifier sent from another device for normal communication, those other devices do not need to have a function of transmitting a tally in the secret sharing method.

By the way, as a fraudulent act against the personal computer 100, an act of illegally accessing data accessible by an application that handles confidential information after taking it out to a place different from the usual office place of a legitimate user is known. There is.
However, there is a high possibility that the personal computer 100 cannot acquire at least a part of the identifiers that can be acquired at the above-mentioned office place at a place other than the above-mentioned office place. Therefore, among the storage areas 41-1 to 41-n, those whose required identifier is an identifier that cannot be acquired in this way are locked. As a result, the fraudster cannot use the application based on the program file stored in the locked storage area, and the above fraud can be prevented. Further, the program file and the data itself stored in the locked storage area are not read by an unauthorized person, and fraud due to their analysis can be prevented.

It is also conceivable that a fraudulent person who invades the office place while the personal computer 100 is left in the office place and the person in the office place is absent may use the personal computer 100 illegally. However, since the communication device 200 has stopped operating, there is a high possibility that at least a part of the identifiers that can be acquired at the above-mentioned office location cannot be acquired, and similarly to the above, the storage area is locked and illegally used. Can be prevented.

By the way, when the lock / unlock is switched by the above processing, for example, when a part of the communication device 200 is in the non-transmission state due to maintenance or the like, the storage area including the identifier of the communication device 200 in the required identifier is locked. It will be fixed in the state. However, such a situation is not a fraudulent situation.
Therefore, in order to deal with such a situation, the lock setting unit 1b executes the process shown in FIG. 4 in addition to the process shown in FIG.

As Act21, the lock setting unit 1b confirms whether or not the access key has been input by the operation by the operator in the user interface unit 3. Then, if the lock setting unit 1b determines No because the access key has not been input, the lock setting unit 1b proceeds to Act22.
As Act22, the lock setting unit 1b confirms whether or not there is a discrepancy described later. Then, if the lock setting unit 1b determines No because there is no discrepancy, the lock setting unit 1b returns to Act21.
Thus, the lock setting unit 1b waits for the access key to be input or a mismatch to occur as Act21 and Act22.

When the operator wants to change the lock / unlock set by the process of FIG. 3 for one of the storage areas 41-1 to 41-n, the operator inputs the access key corresponding to the storage area. The user interface unit 3 is operated so as to do so. Then, the lock setting unit 1b determines Yes in Act21 and proceeds to Act23.

As Act23, the lock setting unit 1b outputs the access key input by the operation in the user interface unit 3 to the interface unit 45. As a result, the lock / unlock of the storage area corresponding to the access key is reversed by the access control unit 42. After that, the lock setting unit 1b returns to the standby state of Act21 and Act22.

Thereby, in the above case, the administrator of the personal computer 100 or the like can change the storage area fixed in the locked state to the unlocked state.
However, the state in which the lock / unlock is changed in response to the instruction by the operator should be temporary in the above case or the like. Therefore, when the state set by the storage unit 4 and the state managed by the process shown in FIG. 3 do not match, the lock setting unit 1b determines Yes in Act22 and proceeds to Act24. move on.

As Act 24, the lock setting unit 1b causes the user interface unit 3 to display a guidance screen. The specific content of the guidance screen may be arbitrary, but for example, it notifies the administrator of the personal computer 100 that the lock / unlock of the storage area where the above mismatch has occurred is being manually set. And. After that, the lock setting unit 1b returns to the standby state of Act21 and Act22.

When the process shown in FIG. 3 is executed at regular intervals, the lock / unlock change according to the operator's instruction as described above by the process shown in FIG. 4 is shown in FIG. 3 thereafter. It may be canceled by the process. Therefore, the lock setting unit 1b may exclude the storage area in which the above mismatch occurs from the processing shown in FIG.

By the way, when another personal computer having the same configuration as the personal computer 100 exists, it is assumed that the other personal computer and the personal computer 100 each use an identifier as a necessary identifier for each other. If the personal computer 100 does not transmit the identifier unless the operation of the information processing unit 1a is started, the personal computers 100 may fall into a deadlock state in which they wait for each other to receive the identifier. Therefore, it is preferable that the personal computer 100 is configured to transmit the identifier even if all the storage areas to be locked are in the unlocked state. For example, the OS is stored in an area that is not locked under any conditions, and when the OS is started from there, the identifier is transmitted to the LAN 300. However, it is possible to avoid falling into the deadlock state by setting a rule that the identifier of the personal computer 100 is not set as a necessary identifier of another personal computer.

(Second Embodiment)
FIG. 5 is a block diagram showing a main circuit configuration of the personal computer 101 according to the second embodiment. The same elements as shown in FIG. 1 in FIG. 5 are designated by the same reference numerals, and detailed description thereof will be omitted.

The personal computer 101 includes a wireless communication unit 2, a user interface unit 3, a storage unit 4, and a control unit 5. That is, the personal computer 101 is configured to include the control unit 5 in place of the control unit 1 in the personal computer 100.

The control unit 5 includes a processor, a memory, and the like. The control unit 5 operates as the information processing unit 1a and the lock setting unit 5a by reading the program stored in the storage unit 4 and executing the program by the processor. Further, the control unit 5 stores the tally table 5b in the above memory. Although not shown, the control unit 5 includes an interface unit for exchanging data with each connected unit.
The lock setting unit 5a outputs the access key to the storage unit 4 while referring to the tally table 5b by the lock state setting process described later.

FIG. 6 is a diagram schematically showing the configuration of the tally table 5b.
The tally table 5b stores at least a plurality of entries associated with the masked hash value and the encrypted electronic tally for each of the storage areas 41-1 to 41-n.

The masked hash value is obtained by substituting the identifier of the communication device 200 or the access point 400 into a predetermined hash function and masking the hash value obtained by substituting a part thereof. For example, "xxxx12abxxxx" shown in FIG. 6 is a part of the hash value in which "12ab" is left, and "x" indicates a masked part.

An encrypted electronic tally is a set of an identifier used to determine an associated masked hash value and an electronic tally, encrypted with an unmasked hash value. The electronic tally is an access key defined for the corresponding storage area divided by the secret sharing method. J of the encrypted electronic tally contained in the plurality of entries for one storage area is determined using each of the j electronic tally required to restore the access key associated with the area. To. That is, the tally table 5b contains at least j entries for one storage area.

Hereinafter, the masked hash value and the encrypted electronic tally will be described more specifically.
Suppose that one of the required identifiers is "0x11 0x11 0x11 0x11 0x11 0x11" in hexadecimal notation, and the hash value calculated from this identifier is "0x123412ab5678" in hexadecimal notation. Note that this hash value is a tentative value for explanation, and the size and value are not necessarily the same as the actual one. In the tally table, of these hash values, the front and back are masked with "*" and "**** 12ab ****" is the masked hash value. If one of the electronic tally obtained by dividing the access key "xxx" by the secret sharing method is "0xabcd1234 ..." in hexadecimal notation, the identifier "0x11 0x11 0x11 0x11" precedes it. The value "0x111111111111acbd1234 ..." which is the concatenated value of "0x11 0x11" is encrypted using the hash value "0x123412ab5678" as the encryption key. A predetermined encryption algorithm is used for this encryption. As the encryption algorithm, for example, AES (advanced encryption standard) can be used. It is assumed that the value obtained in this way is an encrypted electronic tally, and is assumed to be "0xf271d7df ...". In this case, the tally table 5b contains an entry consisting of a pair of "**** 12ab ****" as the masked hash value and "0xf271d7df ..." as the encrypted electronic tally. .. The process of creating such an entry is performed by, for example, the lock setting unit 5a.

Thus, the tally table 5b is an example of a table that includes a plurality of entries associated with the masked hash value and the encrypted electronic tally for devices such as the communication device 200 and the access point 400.

Next, the operation of the personal computer 101 configured as described above will be described. The content of the process described below is an example, and various processes capable of obtaining similar results can be appropriately used.

The operation of the personal computer 101 is different from the operation of the personal computer 100 in the process for switching between lock / unlock in the lock setting unit 5a. Therefore, the process will be described below.

FIG. 7 is a flowchart showing a processing procedure in the lock setting unit 5a. Some of the operations shown in FIG. 3 have the same contents as those shown in FIG. 3, and some of them are designated by the same reference numerals, and detailed description thereof will be omitted.

The lock setting unit 5a collects identifiers as Act1 to Act4 in the same manner as the lock setting unit 1b. Then, if the lock setting unit 5a determines Yes in Act2 because the collection period has expired, the lock setting unit 5a proceeds to Act31.
As Act31, the lock setting unit 5a calculates the hash values of all the identifiers collected during the collection period. Thus, the lock setting unit 5a functions as a calculation means for calculating the hash value.

As Act32, the lock setting unit 5a increases the value of the variable m by one.
As Act33, the lock setting unit 5a selects one of a plurality of unselected entries for the m-th storage area in the tally table 5b as the entry of interest.

As Act34, the lock setting unit 5a confirms whether or not the entry of interest is an entry to be processed thereafter. Specifically, in the lock setting unit 5a, a hash value (hereinafter referred to as a candidate hash value) that matches the masked hash value included in the entry of interest in the unmasked portion is a hash calculated by Act31. Check if it exists in the value. Even between multiple hash values that are different from each other, it is possible that they match each other in the unmasked part. Therefore, there may be a plurality of candidate hash values. Then, the lock setting unit 5a determines Yes if a candidate hash value exists, and proceeds to Act35. Thus, the lock setting unit 5a functions as a search means.

As Act35, the lock setting unit 5a decodes the encrypted electronic tally included in the entry of interest with the candidate hash value. When a plurality of candidate hash values exist, the lock setting unit 5a decrypts the encrypted electronic tally with each of the plurality of candidate hash values. Thus, the lock setting unit 5a functions as a decoding means.

As Act36, the lock setting unit 5a confirms whether or not the identifier included in the data obtained by decoding in Act35 matches the identifier used in Act31 for calculating the candidate hash value. Then, if the lock setting unit 5a determines Yes to match, the process proceeds to Act37.

As Act37, the lock setting unit 5a stores in the memory the electronic tally included in the data obtained by the decoding in Act35 together with the above-mentioned matching identifier. Thus, the lock setting unit 5a functions as a selection means. After that, the lock setting unit 5a proceeds to Act38. If the candidate hash value does not exist in the hash value calculated in Act 31, the lock setting unit 5a determines No in Act 34, passes Act 35 to Act 37, and proceeds to Act 38. If the identifier included in the data obtained by decoding with Act35 does not match the identifier used in Act31 for calculating the candidate hash value, the lock setting unit 5a determines No in Act36 and determines Act37 as No. Pass and proceed to Act38.

Hereinafter, Act34 to Act37 will be described in more detail. Here, the masked hash value and the encrypted electronic tally will be described together with specific explanations and conditions.
For example, suppose that "0x11 0x11 0x11 0x11 0x11 0x11" can be obtained as an identifier from one of the communication devices 200. In this case, the lock setting unit 5a calculates the hash value of the identifier and obtains "0x123412ab5678". The lock setting unit 5a searches the tally table 5b using "**** 12ab ****", which is the result of masking before and after the hash value, as a key. If the tally table 5b has the contents shown in FIG. 6, the lock setting unit 5a finds the top entry of the first and nth storage areas by the above search. The lock setting unit 5a acquires "0xf271d7df ..." as the value of the encrypted electronic tally from the found entry of the first storage area. Further, the lock setting unit 5a decrypts the encrypted electronic tally "0xf271d7df ..." using the hash value "0x123412ab5678" of the identifier of the communication device 200 as the encryption key to obtain "0x111111111111acbd1234 ...". To get. Since the first half of the decryption result matches the above-obtained identifier "0x11 0x11 0x11 0x11 0x11 0x11", the lock setting unit 5a sets the top entry of the first storage area as described above. It is determined that the entry corresponds to the communication device 200 identified by the acquired identification information. Then, the lock setting unit 5a saves "0xabcd1234", which is the latter half of the above decoding result, as one of the electronic tally. On the other hand, the lock setting unit 5a acquires "0xe287bbae ..." as the value of the encrypted electronic tally from the found entry of the nth storage area. Further, the lock setting unit 5a decrypts the encrypted electronic tally "0xe287bbae ..." using the hash value "0x123412ab5678" of the identifier of the communication device 200 as the encryption key, and the decryption result is "0x111111111111acbd1234. .. "is not. Since the first half of the decryption result does not match the above-obtained identifier "0x11 0x11 0x11 0x11 0x11 0x11", the lock setting unit 5a sets the top entry of the nth storage area as described above. It is determined that the entry is not the correct entry corresponding to the communication device 200 identified by the acquired identification information. Then, the lock setting unit 5a does not save "0xabcd1234", which is the latter half of the above decoding result, as one of the electronic tally.

As Act38, the lock setting unit 5a confirms whether or not there are any more unselected entries among the plurality of entries for the m-th storage area in the tally table 5b. Then, if the lock setting unit 5a determines No because there is an unselected entry, the lock setting unit 5a returns to Act33 and repeats the subsequent processing. As a result, the lock setting unit 5a executes Act33 to Act37 with each of the plurality of entries for the m-th storage area in the tally table 5b as the entry of interest. At this time, when Act37 is executed a plurality of times, the lock setting unit 5a adds and saves a new electronic tally without deleting the already saved electronic tally. Then, when the lock setting unit 5a finishes executing Act33 to Act37 with all of the plurality of entries for the m-th storage area in the tally table 5b as the entry of interest, the lock setting unit 5a determines Yes in Act38 and proceeds to Act39.

As Act39, the lock setting unit 5a attempts to restore the access key using the electronic tally stored in the memory. If all of the electronic tally divided by the secret sharing method from one access key is stored in the memory, the access key can be restored from those electronic tally by a well-known process. Thus, the lock setting unit 5a functions as a restoration means.

As Act40, the lock setting unit 5a confirms whether or not the restoration of the access key is successful. Then, if the lock setting unit 5a determines Yes because the restoration was successful, the process proceeds to Act7. If the lock setting unit 5a determines No because the restoration has failed, the process proceeds to Act8. After that, the lock setting unit 5a executes Act7 to Act10 in the same manner as the lock setting unit 1b. However, if the lock setting unit 5a determines No in Act10, the lock setting unit 5a returns to Act32.

Thus, similarly to the personal computer 100, when the personal computer 101 is taken out to a place other than the normal office place, the storage areas 41-1 to 41-n are locked. Thereby, the same effect as that of the first embodiment is achieved.

By the way, in the personal computer 100 of the first embodiment, if the contents of the key table 1c are analyzed by an unauthorized person, the access key may be known. Even if the access key can be protected from being known to unauthorized persons by some means such as encryption, if an environment in which the personal computer 100 operates normally is formed in a pseudo manner, the storage areas 41-1 to 1 to 1 I can access 41-n. However, since it is not easy for an outsider to check the identifiers of the communication device 200 and the access point 400, the personal computer 100 of the first embodiment can secure a certain degree of security.

On the other hand, according to the personal computer 101, the access key is not stored in the tally table 5b. Therefore, even if the tally table 5b is analyzed by an unauthorized person, the risk that the access key will be known to the unauthorized person is low, and higher security than that of the personal computer 100 can be ensured.
Moreover, the personal computer 101 holds the electronic tally, and does not require other devices to transmit the electronic tally.

In the personal computer 101, the tally table 5b can be dynamically updated. When the access key can be restored by Act39, the lock setting unit 5a can determine that the personal computer 101 is in a safe environment, that is, in an environment where it should operate. In such a case, the lock setting unit 5a may update the tally table 5b according to the following procedure.

The lock setting unit 5a masks a part of the hash value calculated by Act31 when it does not match any of the masked hash values included in the tally table 5b in the unmasked part. To generate a new masked hash value. Further, the lock setting unit 5a encrypts one of the reconfigured electronic tally and the identifier used for calculating the above hash value with the above hash value to encrypt a new encrypted electron. Generate a tally. Then, the lock setting unit 5a adds a new entry including the generated masked hash value and the encrypted electronic tally to the tally table 5b.
As a result, even when the communication device 200 or the access point 400 is replaced due to a failure or the like, the tally table is automatically updated, so that the administrator or the service person does not have to reset the tally table. Maintainability is improved.

Further, at this time, in addition to the masked hash value and the encrypted electronic tally, the data of the date and time when the identifier of the communication device 200 or the access point 400 was finally acquired may be included in the entry of the tally table 5b. .. By doing so, when the data size of the tally table 5b exceeds the threshold value, the entries are deleted in order from the oldest date and time so that the data size of the tally table 5b does not become too large. be able to.

(Third Embodiment)
In the third embodiment, a payment terminal that processes payment by a credit card as an information processing device will be described as an example.

FIG. 8 is a block diagram showing a main circuit configuration of the payment terminal 500 according to the third embodiment. The same elements as shown in FIG. 1 in FIG. 5 are designated by the same reference numerals, and detailed description thereof will be omitted.

The payment terminal 500 includes a storage unit 4 and a payment processing unit 6.
The payment processing unit 6 includes a reading unit 61, a control unit 62, a printing unit 63, a transmission / reception unit 64, and a user interface unit 65. The reading unit 61, the printing unit 63, the transmitting / receiving unit 64, and the user interface unit 65 are connected to the control unit 62, respectively.

The reading unit 61 reads the card data recorded on a payment card such as a credit card. The reading unit 61 encrypts the read card data and sends it to the control unit 62. As the reading unit 61, a well-known device configured to include, for example, a magnetic card reader can be used.

The POS terminal 600 is connected to the control unit 62 without going through the LAN 300. For the connection between the control unit 62 and the POS terminal 600, for example, a general-purpose serial interface can be used. The control unit 62 includes a processor, a memory, and the like. The control unit 62 operates as the settlement processing unit 62a and the lock setting unit 1b by reading the program stored in the storage unit 4 and executing the program by the processor. Further, the control unit 62 stores the key table 1c in the above memory. Although not shown, the control unit 62 includes an interface unit for exchanging data with each connected unit.

The settlement processing unit 62a acquires transaction data representing the settlement amount and the like related to the transaction to be settled from the POS terminal 600. The payment processing unit 62a receives and decrypts the encrypted card data sent by the reading unit 61. The payment processing unit 62a encrypts the payment data including the transaction data and the card data by the method specified by the payment service provided by the payment server 700. The payment processing unit 62a controls the transmission / reception unit 64 so as to transmit the encrypted payment data to the payment server 700. The settlement processing unit 62a represents the settlement result based on the settlement data, and controls the printing unit 63 so as to print a slip representing the settlement result based on the response data transmitted from the settlement server 700.

The printing unit 63 issues a payment slip by printing a slip image on the slip paper under the instruction from the payment processing unit 62a. As the printing unit 63, a well-known device configured including, for example, a thermal printer can be used.

The transmission / reception unit 64 performs data communication via the LAN 300. The communication partner of the transmission / reception unit 64 is mainly the payment server 700, but communication with a plurality of POS terminals 600 and POS server 800 connected to the LAN 300 is also possible. Under the control of the control unit 62, the transmission / reception unit 64 sends payment data to the payment server 700 to the LAN 300. The transmission / reception unit 64 receives the response data transmitted from the payment server 700 and arrives via the payment network 900 and the LAN 300, and gives the response data to the payment processing unit 62a. When the transmission / reception unit 64 receives a packet transmitted via the LAN 300 while the lock setting unit 1b is executing the lock state setting process described later, whether or not the packet is addressed to the payment terminal 500. Regardless, it is given to the control unit 62. As the transmission / reception unit 64, a well-known device adapted to LAN 300 can be used. The LAN 300 may be configured as either a wired LAN or a wireless LAN, or as a combination of a wired LAN and a wireless LAN. The LAN 300 may be replaced or combined with another type of communication network such as an optical communication network or Bluetooth®. That is, the LAN 300 can be replaced with any communication network as long as the transmitted data includes the identifier of the source device. That is, LAN is an example of a communication network.

The plurality of POS terminals 600 belong to one POS system and are connected to the LAN 300 mainly for communicating with the POS server 800 belonging to the same POS system.
When the POS terminal 600 to which the illustrated payment terminal 500 is not connected allows card payment, a payment terminal 500 other than the one shown is connected without going through the LAN 300. That is, although only one payment terminal 500 is shown in FIG. 8, a POS system may be configured by including a plurality of payment terminals 500 in a state where each is connected to another POS terminal 600.

The user interface unit 65 inputs an instruction by the user to the control unit 62. Thus, the user interface unit 65 is an example of an input device. The user interface unit 65 outputs information to be notified to the user regarding the operation of the control unit 62. As the user interface unit 65, for example, a touch panel can be used.

The storage unit 4 is the same as that of the first embodiment. However, the storage unit 4 is connected to the control unit 31 instead of the control unit 1 in the first embodiment.

Next, the operation of the payment terminal 500 configured as described above will be described. The content of the process described below is an example, and various processes capable of obtaining similar results can be appropriately used.

A plurality of storage areas 21-1 to 21-n set in the storage unit 21 store a plurality of different program files for realizing the function as the payment processing unit 62a in the control unit 62, respectively. Will be done. By selectively executing one of these plurality of program files by the control unit 62, it is possible to change the content of the payment process by the payment processing unit 62a. For example, when a security crisis such as analysis of the contents of payment processing based on a certain program file is suspected, the above crisis can be avoided by switching to payment processing based on another program file. ..

On the other hand, the program file for the control unit 62 to realize the function as the lock setting unit 1b is stored in the area set in the storage unit 21 that is first read when the payment terminal 500 is started. This area is generally the area where the operating system is stored. This area is set to be at least readable at startup.

Then, the control unit 62 starts the same operation as the first embodiment as the lock setting unit 1b based on the above program file at a predetermined timing. The timing is, for example, when the payment terminal 500 is activated. Alternatively, the above timing may be set at regular time intervals or the like.

Thus, according to the payment terminal 500, the storage areas 21-1 to 21-n are automatically unlocked when the environment is such that the identifier of at least one predetermined device can be received. Therefore, in this case, the operator does not have to perform an operation for inputting the access key. Moreover, since the payment terminal 500 uses an identifier that is sent from another device and can be acquired via the LAN 300, those other devices do not need to have a function that can transmit a tally in the secret sharing method.

By the way, as a fraudulent act against a device such as the payment terminal 500, the device is illegally taken out from the store where the device is originally installed by a fraudulent person outside the business hours, and the program file is analyzed or modified before the above. It is known that they are returned to their stores.

However, when the payment terminal 500 is taken out from the store where it is originally installed by an unauthorized person, it is disconnected from the LAN 300, so that the packet from the device connected to the LAN 300 cannot be received. Therefore, all of the storage areas 21-1 to 21-n are locked. As a result, the fraudster cannot retrieve the decrypted program file from the storage unit 21, and it is possible to prevent the fraudster from analyzing the content of the payment process by the payment processing unit 62a.

It is also conceivable that a fraudulent person who invades the store outside the store's business hours without taking the payment terminal 500 out of the store attempts to analyze or modify the program file while still connected to the LAN 300. However, since other devices such as the POS terminal 600 have stopped operating, they cannot receive packets from those devices. Thereby, fraud can be prevented in the same manner as described above.

The lock setting unit 1b also executes the process shown in FIG. 4 in the same manner as in the first embodiment. As a result, as in the first embodiment, the administrator of the payment terminal 500 or the like can change the storage area fixed in the locked state to the unlocked state.

This embodiment can be modified in various ways as follows.
It can also be realized as another type of information processing device that performs specific information processing other than payment processing.

The lock setting units 1b and 5a may be realized as hardware, or may be realized by combining software control with hardware such as a logic circuit.

The storage unit 4 may be externally attached to the personal computers 100, 101 or the payment terminal 500.

Acquisition of identifiers of other devices may be performed without going through a communication network. For example, an identifier transmitted from the luminaire as the brightness of the illumination light may be acquired via a photodetector such as a photodiode. Alternatively, an identifier that is wirelessly transmitted from a device carried by a user who has the authority to use the personal computer 100 using Bluetooth (registered trademark) or the like may be acquired via the receiving device. Alternatively, an identifier transmitted via the USB or the like may be acquired from a device that is wiredly connected to the personal computer 100 via the USB (universal serial bus) or the like.

The key table 1c may be associated with each of the required identifiers and store information indicating the timing when the required identifier can be acquired most recently. Then, the lock setting unit 1b may unlock all of the associated required identifiers for the storage area in which the elapsed time from the timing at which the required identifiers can be acquired is within the specified time. That is, the lock setting unit 1b puts the lock setting unit 1b in the unlocked state when all the associated required identifiers can be acquired within the specified time for a certain storage area, and one of the required identifiers cannot be acquired for more than the specified time. If it is, it will be locked.

In the tally table 5b, information indicating the timing of saving the electronic tally extracted from the entry as related to the acquired identification information may be stored in association with each of the entries. Then, the lock setting unit 5a unanswers the storage area associated with the access key when the elapsed time from the timing at which the access key can be acquired is within the specified time for all the electronic tally for restoring the access key. It may be locked. That is, the lock setting unit 5a sets the unlocked state when all the electronic tally for restoring the associated access key is obtained within the specified time for a certain storage area, and one of the electronic tally is set to the specified time. If it cannot be obtained over the above, it will be locked.

The device identified by the required identifier does not have to be installed in the vicinity of the place where the personal computers 100, 101 and the payment terminal 500 are originally used, and even if it is a server installed in a remote place, for example. Good.

Similar to the relationship between the first embodiment and the second embodiment, the lock setting unit 1b and the key table 1c are replaced with the lock setting unit 5a and the tally table 5b instead of the control unit 31 in the third embodiment. It can also be provided with a control unit. As a result, it is possible to obtain the same effect as that of the fourth embodiment even in the payment terminal as in the third embodiment.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the scope of the invention described in the claims and the equivalent scope thereof.

1 ... Control unit, 1a ... Information processing unit, 1b ... Lock setting unit, 1c ... Key table, 2 ... Wireless communication unit, 3 ... User interface unit, 4 ... Storage unit, 5 ... Control unit, 5a ... Lock setting unit, 5b ... Tally table, 6 ... Payment processing unit, 21 ... Storage unit, 21-1 to 21-n ... Storage area, 31 ... Control unit, 41 ... Storage unit, 41-1 to 41-n ... Storage area, 42 ... Access control unit, 43 ... encryption key output unit, 44 ... encryption processing unit, 45 ... interface unit, 61 ... reading unit, 62 ... control unit, 62a ... payment processing unit, 63 ... printing unit, 64 ... transmission / reception unit, 65 ... User interface unit, 100, 101 ... Personal computer, 200 ... Communication equipment, 300 ... LAN, 400 ... Access point, 500 ... Payment terminal, 600 ... POS terminal, 700 ... Payment server, 800 ... POS server, 900 ... Payment network ..

An embodiment of the present invention relates to an information processing device and a program thereof .

The problem to be solved by the present invention is an information processing device and a program thereof that can acquire an access key for using SED without requiring user operation and without providing other devices with special functions. Is to provide.

The information processing apparatus of the embodiment stores a file obtained by encrypting a file given from the outside by a storage means, and sets the storage means in an unlocked state or a locked state according to the input of a predetermined access key. In the unlocked state, a storage device that decodes and outputs a file stored in the storage means is used to perform information processing using the decoded file, and a processor that executes a program is provided. Acquires an identifier transmitted by another device according to the program, acquires an access key based on the acquired identifier, and inputs the acquired access key to the storage device.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are also included in the scope of the invention described in the claims and the equivalent scope thereof.
The inventions described in the original claims of the present application are described below.
[Appendix 1] A file obtained by encrypting a file given from the outside is stored by a storage means, and the storage means is set to an unlocked state or a locked state according to a predetermined access key being input, and the unlocked state is set. In the locked state, in an information processing device that uses a storage device that decodes and outputs a file stored in the storage means and performs information processing using the decrypted file.
An identifier acquisition means for acquiring an identifier transmitted by another device,
A key acquisition means for acquiring an access key based on the identifier acquired by the identifier acquisition means, and
An input means for inputting the access key acquired by the key acquisition means into the storage device, and
Information processing device equipped with.
[Appendix 2] The key acquisition means is
A table in which the access key is described in association with the identifier, and
A reading means for reading the access key associated with the identifier acquired by the identifier acquisition means from the table, and
The information processing apparatus according to Appendix 1, further comprising.
[Appendix 3] The key acquisition means is
For one of the devices, a masked hash value obtained by masking a part of the hash value obtained from the identifier of the device, and a set of the identifier of the device and the electronic tally assigned to the device are encrypted with the hash value. A table containing a plurality of entries associated with the encrypted encrypted electronic tally for each of the devices.
A calculation means for calculating the hash value of the identifier acquired by the identifier acquisition means, and
A search means for searching the table for an entry containing a masked hash value whose unmasked portion matches the hash value calculated by the calculation means.
A decryption means for decrypting the encrypted electronic tally included in the entry searched by the search means with the hash value calculated by the calculation means, and
When the identifier included in the set of the identifier obtained by decrypting the encrypted electronic tally by the decryption means and the electronic tally matches the identifier acquired by the identifier acquisition means, the electronic tally included in the set And the selection method to select as effective
A restoration means for restoring the access key from a plurality of electronic tally selected by the selection means, and
The information processing apparatus according to Appendix 1, further comprising.
[Appendix 4] When the access key can be restored by the restoration means, in a portion of the hash values calculated by the calculation means that is not masked by any of the masked hash values included in the table. An identifier and a configuration used by the calculation means to extract a hash value that does not match, mask a part of the extracted hash value to generate a new masked hash value, and calculate the extracted hash value. A set of one of the rewritten electronic tally is encrypted with the extracted hash value to generate a new encrypted electronic tally, and the encrypted electronic tally and the generated masked hash value described above are used. An additional means of adding a new entry to the table, including
The information processing apparatus according to Appendix 3, further comprising.
[Appendix 5] The key acquisition means is
An input device that inputs information according to the operation by the operator,
With more
When the access key is input by the input device, the access key is acquired.
The information processing device according to any one of Supplementary note 1 to Supplementary note 4.

Claims (5)

A file obtained by encrypting a file given from the outside is stored by a storage means, and the storage means is put into an unlocked state or a locked state according to the input of a predetermined access key. In an information processing device that performs information processing using the decrypted file by using a storage device that decodes and outputs a file stored in the storage means.
An identifier acquisition means for acquiring an identifier transmitted by another device,
A key acquisition means for acquiring an access key based on the identifier acquired by the identifier acquisition means, and
An input means for inputting the access key acquired by the key acquisition means into the storage device, and
Information processing device equipped with. The key acquisition means is
A table in which the access key is described in association with the identifier, and
A reading means for reading the access key associated with the identifier acquired by the identifier acquisition means from the table, and
The information processing apparatus according to claim 1, further comprising. The key acquisition means is
For one of the devices, a masked hash value obtained by masking a part of the hash value obtained from the identifier of the device, and a set of the identifier of the device and the electronic tally assigned to the device are encrypted with the hash value. A table containing a plurality of entries associated with the encrypted encrypted electronic tally for each of the devices.
A calculation means for calculating the hash value of the identifier acquired by the identifier acquisition means, and
A search means for searching the table for an entry containing a masked hash value whose unmasked portion matches the hash value calculated by the calculation means.
A decryption means for decrypting the encrypted electronic tally included in the entry searched by the search means with the hash value calculated by the calculation means, and
When the identifier included in the set of the identifier obtained by decrypting the encrypted electronic tally by the decryption means and the electronic tally matches the identifier acquired by the identifier acquisition means, the electronic tally included in the set And the selection method to select as effective
A restoration means for restoring the access key from a plurality of electronic tally selected by the selection means, and
The information processing apparatus according to claim 1, further comprising. When the access key can be restored by the restoration means, among the hash values calculated by the calculation means, hash values that do not match in the unmasked portion of any of the masked hash values included in the table. Is extracted, a part of the extracted hash value is masked to generate a new masked hash value, the identifier used by the calculation means for calculating the extracted hash value, and the reconfigured electron. A set of one of the tally is encrypted with the extracted hash value to generate a new encrypted electronic tally, and a new one including the encrypted electronic tally and the generated masked hash value described above is included. Additional means of adding new entries to the table,
The information processing apparatus according to claim 3, further comprising. The key acquisition means is
An input device that inputs information according to the operation by the operator,
With more
When the access key is input by the input device, the access key is acquired.
The information processing device according to any one of claims 1 to 4.

Images