JP2001211169A - Portable electronic authentication device and portable sound data generating device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To identify a user and to generate display data and sound data without being affected by use environment and the movement of an authenticator. SOLUTION: Portable electronic authentication devices (10, 20, 30) are equipped with portable bodies (11, 21, 31) equipped with interface parts (12, 22, 32) which enable electric connections with external interfaces and only persons who carry them are able to reproduce sound and identify themselves as the users without affecting use environment. The bodies (11, 21, 31) contain data input/output parts (12, 22, 23) which can send and receive at least display data and sound data, memories (15, 26, 36) stored with plural kinds of electronic certificates, etc., for automating the troublesome management of electronic certificates, and control parts (14, 24, 34) which automatically select the best electronic certificate for authentication from the memories (15, 26, 36) and convert the display data into sound data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a portable electronic device having an information processing function. More specifically, in a security system in various fields such as a computer network such as the Internet, the use environment and the authentication partner are different. The present invention relates to a portable electronic authentication device that enables personal authentication without being affected, and a portable audio data generation device that converts data to be displayed on an electronic information processing device such as a personal computer into audio data.

[0002]

2. Description of the Related Art In recent years, the purpose of information management has been to prevent the leakage or loss of highly confidential information by restricting the use of specific information processing equipment or entering / leaving a specific area. Security systems have been proposed in various fields. On the other hand, the development and spread of information processing devices and communication technologies have been remarkable, and data exchange using an e-mail function such as a LAN or the Internet has also become active. In particular, the explosive increase in the number of computer network users in recent years has been increasing in fields where high confidentiality is required, such as applications for sales contracts, business transactions such as the display of willingness to consent, applications to public institutions, and notifications. Is also a factor in increasing demand for network use.

[0003] Means for securely performing data communication such as electronic commerce and electronic application procedures using the above-described computer network include public key cryptosystems, common key cryptosystems, and the like. There is proposed a technique for encrypting information so that the information itself is not read even if the information is intercepted.

[0004] However, the computer
In the field of data communication using a network, the above encryption technology does not allow eavesdropping by decryption, but cannot prevent tampering of the information itself and cannot confirm the identity of the data sender. Therefore, an electronic authentication system such as an electronic signature (digital signature) for preventing falsification of information itself and an electronic notarization for a third party to assure the identity of a data sender have been put to practical use.

[0005] The electronic signature is a procedure for certifying that the transmitted data is created by the sender by using an electronic signature that arranges the process of encryption and decryption. In such an electronic signature system, first, on the transmission side, its own public key is transmitted to a partner station together with encrypted data encrypted with a secret key that only the data sender can know. Subsequently, the other station decrypts the encrypted data with the received public key. At this time, if the information can be decrypted as normal information, it is proved that the data has not been tampered with during the communication, and the electronic signature can be authenticated by the partner station.

[0006] The electronic notarization is a procedure in which a certificate authority, which is a third party, guarantees the identity of a data sender. Note that such a system is a procedure for confirming the identity of an individual or a corporation on a network for ensuring security, and is particularly attracting attention in electronic commerce and the like.

More specifically, as shown in FIG. 8, the electronic notarization is performed between a local station A, a certificate authority B, and a partner station C requesting identification, which are connected on a network.

[0008] As a preliminary procedure, the own station A has a certificate authority B
, An application issuance of a digital ID (authentication ID) and a public key (R1). Upon receiving the application, the certificate authority B examines the registration of the applicant, and when approving the registration, issues a digital ID and a public key to the applicant (own station A) (P1), and the issued certificate is issued. Manage digital IDs and public keys in a database.

On the other hand, upon receiving a request for identification from the partner station C (R2), the own station A sends the digital ID (I) and the public key (K1) registered in the certificate authority B in advance to the partner station C. (P2). The partner station C that has received the digital ID (I) and the public key (K1) receives the digital ID (I) and the public key (K1).
The public key registered with the certificate authority B is requested based on D (I) (R3). When the public key (K2) registered from the certificate authority B is sent in response to the request from the partner station C, the partner station C transmits the public key (K1) transmitted from the own station A and the certificate from the certificate authority B. The transmitted public key (K2) is collated.
If it is confirmed that the public key (K1) matches the public key (K2) by this comparison, the partner station C can confirm that the connection partner (own station A) is the authenticated person. .

[0010]

As described above, in an international computer network such as the Internet,
In order to ensure security, various electronic authentication systems such as electronic signatures and electronic identification have been developed.

However, there are already a plurality of certificate authorities on the network, and the number tends to increase in the future.
When using a plurality of types of electronic authentication systems, a plurality of types of electronic certificates such as digital IDs must be prepared for each connection partner. For example, as shown in FIG. 9, the display device 110 (display), the input device 130 (mouse or keyboard), and the like, which can be connected to a computer network via a modem or a router 110.
A user of a computer having the storage device 100 (hard disk) must manage a plurality of types of digital IDs recorded on the hard disk 100 and select a digital ID recorded for each connection partner. In addition to such complicated management, users of the computer
Unless the computer is installed, the electronic authentication cannot be performed unless the malicious third party operates the computer on behalf of the user. You can't.

[0012] Further, when attention is paid to the security system around the user, an ID card for entering and leaving the room, an employee ID, and the like.
At present, if various media are not properly used, they will be used for social life itself.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems. In a security system in various fields such as a computer network, personal authentication is performed without being affected by a use environment or a difference in an authentication partner. Another object of the present invention is to provide a portable electronic authentication device that enables the following.

Turning to the field of electronic information processing equipment such as personal computers (hereinafter referred to as PCs), which will continue to have higher performance as terminals, homepages transmitted via the Internet The user interface functions, such as software that reads text information such as, are also remarkable. Software with such a sound reproduction function has the potential to expand the user base to operators such as the visually impaired and beginners, but on the contrary, software with a sound reproduction function must be installed. Unused PCs and the like are still difficult for the operator to use.

[0015] It is another object of the present invention to provide a system in which an operator such as a visually impaired person or a beginner can freely use a device having a structure capable of reproducing sound, such as a PC. The present invention provides a portable audio data generation device that converts character information displayed on a portable telephone into audio data.

[0016]

In order to achieve one of the above objects, a portable electronic authentication device according to the present invention is a portable electronic authentication device for certifying the identity of a carrier, and comprises a computer. A portable main body that can be directly detachably connected to an external interface such as a system or a building management system and that has an interface unit for establishing an electrical connection state with the external interface is provided. The electronic authentication device is owned only by a specific person. Therefore, it can be assured that only the person who carries the electronic authentication device (the person who carries the electronic authentication device) is himself / herself.

In the portable electronic authentication device according to the present invention, a data input / output unit, a first memory, and a control unit are housed in the portable main body. These components can be realized by electronic components such as an LSI, and the portable main body may be a resin body having a predetermined shape in which the components are integrally resin-molded, in addition to a housing having a space for accommodating the components. . The data input / output unit transmits and receives data via the interface unit. The first memory stores a plurality of types of electronic certificates prepared in advance as data for certifying the identity of the carrier. Further, the control unit specifies the partner and the certificate type that have made the authentication request,
An electronic certificate optimal for authentication is selected from a plurality of types of electronic certificates stored in the first memory in advance. The electronic certificate stored in the first memory includes personal data such as an employee ID registered in advance in various security systems, biometrics data such as fingerprints and voice prints, various electronic signature data, and a certificate authority. Digital ID, public key, and the like.

As described above, the electronic authentication apparatus includes at least a portable main body provided with an interface unit for enabling electrical connection with an external interface. A first memory storing a plurality of types of electronic certificates, and a control unit for selecting an optimal electronic certificate for authentication from the first memory. With such a configuration, it can be assured that only the person carrying the electronic authentication device is himself / herself. In addition, since the carrier himself / herself can hold an electronic certificate for certifying the identity of the person, the place of use of the carrier is not restricted. Further, since the control unit automatically selects the most suitable electronic certificate for authentication, it is possible to automate the management of a plurality of types of electronic certificates without considering the difference between the security systems that have issued the authentication request.

The portable electronic authentication device according to the present invention may further include an encryption processing unit. The encryption processing unit is also housed in the portable main body and encrypts data captured from the data input / output unit and decrypts encrypted data captured from the data input / output unit. With this configuration, the confidentiality of data to be transmitted and received can be improved.

Further, in the portable electronic authentication device according to the present invention, the control unit checks an encryption method of data transmitted / received to / from a communication partner and, if necessary, communicates with the partner via the interface unit. During the data transmission / reception, an instruction to switch the encryption method can be given to the encryption processing unit. This makes it possible to further improve the confidentiality of data secured by encryption.

The portable electronic authentication device according to the present invention further includes data unique to a person who carries the electronic authentication device, for example, communication records and communication data (which may be encrypted), and the portable electronic authentication device. May be provided with a second memory storing data for realizing a computer use environment unique to the owner of the computer. With such a configuration, the electronic authentication device can provide personal information and GU that only the carrier can know.
It can also be used as a recording device for I (Graphic User Interface) environment information. By carrying the GUI environment information of the carrier, the carrier can operate the same OS (Operating System).
As long as the computer system on which the stem) operates is permitted, the work environment of the individual carrier is realized without being limited by the place, the model, and the like. Even if the first and second memories are two physically separated memories,
A plurality of memory spaces set in one memory may be used.

Note that the portable electronic authentication device according to the present invention enables authentication of a person who carries the electronic authentication device. Can not be confirmed until it is a person.
Therefore, the portable electronic authentication device according to the present invention may have a structure including a sensor so as to enable personal authentication using the voice or fingerprint of the wearer. With this configuration, it is possible to confirm whether or not the carrier of the electronic authentication device is the original owner, and it is possible to more reliably perform the identity verification.

In addition, the portable audio data generating device according to the present invention can be realized as an additional function of the above-mentioned portable electronic authentication device, and can also be realized by the same configuration as the portable electronic authentication device. That is, the portable audio data device can be detachably directly connected to an interface (for example, a USB port) of an electronic information processing device such as a PC having an audio output function, and maintains an electrical connection state with the interface. At least a portable main body provided with the interface unit, a data input / output unit, and an information processing unit corresponding to the control unit.

The data input / output unit is housed in the main body and transmits and receives data via the interface unit. The information processing unit generates audio data corresponding to the display data from the display data captured by the data input / output unit via the interface unit (creating an audio file that can be reproduced by a PC or the like). The audio data generated by the processing unit is output to the PC via the data input / output unit, and the audio data is reproduced by the PC or the like.

With the above configuration, the person carrying the portable audio data generating apparatus can use a general-purpose audio data generating apparatus even if the PC to which the apparatus is connected does not have software having an audio reproducing function. If a sound reproduction device such as a sound board and a speaker is provided, character information of a homepage distributed via the Internet or a title bar displayed on a display device of the PC, regardless of presence or absence of software, You can hear icon bars, navigation messages, or system messages as audio.

[0026]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of a portable electronic authentication device according to the present invention will be described in detail with reference to FIGS. In the description of the drawings, the same portions will be denoted by the same reference symbols, without redundant description.

(First Embodiment) FIG. 1 is a view showing a schematic structure of a first embodiment of a portable electronic authentication device according to the present invention. In FIG. 1, a portable electronic authentication device 10 according to the first embodiment includes a portable main body 11 provided with an interface unit 12. The interface unit 12 can be detachably connected to an external interface such as a USB port used in electronic equipment such as a personal computer, and functions to establish an electrical connection state with the external interface.

In the main body 11, at least an electrically rewritable nonvolatile memory (certificate storage memory) 1 such as a data input / output unit 13, a control unit 14, and a flash memory.
5. A non-volatile memory 16 (personal information storage memory) such as a flash memory for storing personal data, and a power supply 17 are integrally accommodated. Note that each of the units 13 to 17 can be configured by electronic components integrated on one substrate. Body 1
1 may be a resin body having a predetermined shape in which the respective parts 13 to 17 are integrally resin-molded, or a housing having a storage space in which the respective parts are stored. Memory 15
The electronic certificate stored in the personal information, such as personal data such as employee IDs registered in advance in various security systems, fingerprints,
It includes biometrics data such as voiceprints, various electronic signature data, digital IDs and public keys issued by a plurality of certificate authorities, and the like. The power supply 17 is preferably a rechargeable sheet battery or a solar cell, considering that the main body 11 has a weight and size that can be carried around. However, the power supply 17 is not an essential component in the present embodiment, and may be configured to receive electric energy from the outside via the interface unit 12 connected to the external interface.

The memory 16 is an electrically rewritable non-volatile memory such as a flash memory, and has personal information, a secret file, and a predetermined OS (Operating System) that can be known only by the carrier (original owner). ) Stores GUI (Graphic User Interface) environment information unique to the owner. The memories 15 and 16 may be two physically separated memories or a plurality of memory spaces set in one memory.

The data input / output unit 13 transmits and receives data via the interface unit. The memory 15
Stores at least a plurality of types of electronic certificates prepared in advance as data certifying the identity of the carrier. The control unit 14 controls the operation of each component configuring the electronic authentication device 10 and selects an electronic certificate that is optimal for authentication from a plurality of types of electronic certificates stored in the memory 15. .

The electronic authentication device 1 having the above configuration
0 can be used as an authentication means in an arbitrary computer system (see FIG. 2) or a building management system (see FIG. 3).

For example, the computer system shown in FIG. 2 has a personal computer 51 (PC) as a communication device 50 and a modem or router 5 for enabling data communication via a computer network.
2. Use permission confirmation in such a computer system is performed by connecting the electronic authentication device 10 to an external interface 53 such as a USB port of the computer system.

The electronic authentication device 10 can also function as a switch for starting a computer system. For example, in a state where the interface unit 12 of the electronic authentication device 10 is inserted into an external interface 53 such as a USB port, even if the PC main body 51 is turned on, the computer system is determined from the recorded contents of the inserted electronic authentication device 10. Only after determining whether use of the
A predetermined startup step such as loading of the system may not be executed. In addition, the electronic authentication device 1
0 itself may function as a start switch of the computer system. In each case, the computer
It is possible to maintain the confidentiality of the data held by the system. Further, since the electronic authentication device 10 includes the memory 16 for personal data, the created data and the GUI environment information of the individual are stored in the memory 16 instead of the hard disk of the PC 51 so that the user can carry the electronic authentication device. Is also possible. By carrying the GUI environment information in this manner, the user can easily set his / her own work environment without restriction on the location, model, etc., as long as the computer system is authorized to use the same OS. can get.

The operation of the building management system as shown in FIG. 3 is performed by a host computer having a database 54 (D / B) in which personal data of a person who carries the electronic authentication device is registered in advance. It is performed by This system includes a communication device 50 that transmits electronic certificate data for authentication to a host computer via an external interface 53, and a start system 55 that opens and closes a door 56 in accordance with an instruction from the host computer. When the user connects the electronic authentication device 10 to the external interface 53, the electronic authentication device 10 transmits the electronic certification data optimal for authentication to the host computer by the communication device 50. The host computer compares the received electronic certificate data with the registered data in the database 54, and when it is determined that the data match, instructs the drive system 55 to open the door 56.

Next, an authentication procedure in the building management system of FIG. 3 using the portable electronic authentication device 10 according to the first embodiment will be described with reference to a chart of FIG.

First, upon confirming that the electronic authentication device 10 is connected to the external interface 53, the host computer requests the connected electronic authentication device 10 for a certificate for personal identification. On the electronic authentication device 10 side, the control unit 14 stores a plurality of types of electronic certificates (certification data) stored in the memory 15 in advance in the memory 15 in accordance with the system (in this case, the building management system) that has requested the authentication. Select from digital certificates. The selected data is transmitted to the interface unit 12 by the data input / output unit 13.
Transmitted to the outside of the apparatus. On the building management system side, the data transmitted via the external interface 53 is captured, and the captured data is transmitted to the communication device 50.
Sends to the host computer. As a result, personal identification is performed by the host computer.

The above-described authentication procedure has been described as a procedure in the building management system shown in FIG. 3, but such an authentication procedure is used for user confirmation in the computer system shown in FIG. Is also applicable.

(Second Embodiment) Next, a second embodiment of the portable electronic authentication device according to the present invention will be described. Note that the portable electronic authentication device 20 according to the second embodiment
Is characterized in that, in addition to the structure similar to that of the above-described first embodiment (see FIG. 1), a structure that enables encryption and decryption of data to be transmitted and received is provided.

FIG. 5 is a diagram showing a schematic configuration of a portable electronic authentication device according to a second embodiment of the present invention. This figure 5
In the portable electronic authentication device 20 according to the second embodiment,
As in the first embodiment, a portable main body 21 provided with an interface unit 22 and a data input / output unit 23, a control unit 24, a certificate storage memory 26, A power supply 28 is provided.

Further, the electronic authentication device 20 includes a key storage memory 25 such as a flash memory in which a secret key and a public key of a communication partner are stored, and an encryption processing unit for encrypting and decrypting transmitted and received data. 27. With such a configuration, an advanced electronic authentication system on a computer network such as the Internet can be used. Also in the second embodiment, the electronic authentication device 20 includes the memory 16 as in the first embodiment.
An electrically rewritable nonvolatile memory corresponding to (personal information storage memory) may be further provided. For example, instead of transferring the encrypted data encrypted by the encryption processing unit 27 to the outside through the data input / output unit 23, the encrypted data is stored in the memory, personal information that can be known only by the carrier, data created by the carrier. By storing the GUI environment information and the like, the electronic authentication device can be used as a portable recording medium in which information unique to the person carrying the electronic authentication device 20 is stored.

Note that also in the second embodiment, each of the units 23 to 28 can be constituted by electronic components integrated on one substrate. Even if the main body 21 is a resin body having a predetermined shape in which the respective parts 23 to 28 are integrally resin-molded,
The housing may have a storage space in which these units are stored. The electronic certificate stored in the memory 26 includes personal data such as an employee ID registered in advance in various security systems, biometric data such as fingerprints and voiceprints, electronic signature data, and a digital ID issued by a certificate authority.
And public key. The power source 28 is preferably a rechargeable sheet battery or a solar cell. Also,
Instead of the power supply 28, a configuration in which electric energy is externally supplied via the interface unit 22 connected to an external interface may be employed.

Next, as an application example of the portable electronic authentication device according to the second embodiment, an authentication operation by an electronic signature using the computer system shown in FIG. 2 will be described with reference to a chart of FIG. .

First, the computer system of FIG.
When it is confirmed that the electronic authentication device 20 is connected to the external interface 53 such as a USB port, the electronic authentication device 20 requests the connected electronic authentication device 20 for a certificate for personal identification. On the electronic authentication device 20 side, the control unit 24
Selects an electronic certificate (certification data) suitable for the system that has issued the authentication request from a plurality of types of electronic certificates stored in the memory 26 in advance. The selected data is
The data is transmitted to the PC 51 via the interface unit 22 by the data input / output unit 23. PC 51 that requested the certificate
Then, the data transmitted via the external interface 53 is collated with data registered in advance (identification). Only when the use of the electronic authentication device 20 is permitted by the PC 51, electronic commerce using the PC 51 becomes possible.

In electronic commerce using a computer network such as the Internet, when the connection between the own station 50 and the other station is completed, authentication using an electronic signature is performed. In this electronic signature, first, when an authentication request is made from the own station 50 to the partner station, the partner station transmits certificate data for authentication to the own station 50. In the own station 50, the PC 51
Requests the electronic authentication device 20 via the external interface 53 for the public key of the partner station for decrypting the received certificate data. In the electronic authentication device 20, the requested public key is read from the key storage memory 25, and the data input / output unit 23 sends the requested public key to the interface unit 22.
To the PC 51 via. If the certificate data can be normally decrypted by the PC 51 using the public key of the partner station stored in advance, it can be understood that the creator and the sender of the certificate data match (data has not been tampered with). .

On the other hand, when the self-station 50 is notified that the authentication has been completed to the partner station, the partner station requests the self-station 50 for authentication. Upon receiving this request, the own station 50
51 notifies the electronic authentication device 20 via the external interface 53 that an authentication request has been made. In response to this request, the electronic authentication device 20 obtains information from a plurality of types of electronic certificates stored in the certificate storage memory 26 in advance based on information about the partner station that is the communication partner and the required certificate type. An electronic certificate optimal for authentication with the partner station is selected. The selected certificate data is transmitted from the data input / output unit 23 to the computer system via the interface unit 22. The computer system transmits the certificate data from the electronic authentication device 20 to the partner station, and the partner station authenticates the own station 50.

In the electronic authentication using the electronic authentication device 20, an electronic notarization is possible in addition to an electronic signature. Specifically, when the partner station issues an authentication request to the own station 50, the electronic authentication device 20 transmits the certificate data (digital I / O) issued by the certificate authority suitable for the partner station as the communication partner.
D) is selected from the digital certificates stored in the certificate storage memory 26 and the key storage memory 2
5. The public key issued by the certificate authority is selected from the public keys stored in No. 5. When the selected digital ID and public key are transmitted from the own station 50 to the partner station,
The partner station receives the public key of the certification authority in which the transmitted digital ID is registered from the certification authority. Then, the partner station collates the public key transmitted from the own station 50 with the public key transmitted from the certificate authority, and authenticates the own station 50 depending on whether they match.

After the above-described electronic authentication procedure, the own station 50
When the data communication between the local station and the partner station becomes possible,
0, the transmission data encryption method is confirmed between the electronic authentication device 20, the PC 51, and the partner station. When transmitting encrypted data from the own station 50 to the other station, first, the PC 51 transmits an encryption request to the electronic authentication device 20 together with data to be transmitted. The electronic authentication device 20 encrypts the data received by the encryption processing unit 27 according to the request. The obtained encrypted data is transmitted from the data input / output unit 23 to the PC 51 via the interface unit 22. And PC
The encrypted data is transmitted from the main body 51 to the partner station. On the other hand, the partner station that has received the encrypted data from the own station 50 decrypts the encrypted data using the public key of the own station 50.

Conversely, when the encrypted data is transmitted from the partner station to the own station 50, the PC 51 transmits a decryption request to the electronic authentication device 20 together with the received encrypted data. In the electronic authentication device 20, the received encrypted data is decrypted according to the decryption request by the encryption processing unit 27.

During the data communication with the partner station, the encryption method may be switched as necessary, such as changing the secret key. In this case, the electronic authentication device 20, PC5
1, and the encryption method applied to the data communication is confirmed with the partner station.

(Third Embodiment) FIG. 7 is a diagram showing a schematic configuration of a portable electronic authentication device according to a third embodiment of the present invention. 7, a portable electronic authentication device 30 according to the third embodiment includes a portable main body 31 provided with an interface unit 32 and a portable electronic authentication device 30 in the main body 31 similarly to the second embodiment (see FIG. 5). Data input / output unit 3 stored in
3, a control unit 34, a key storage memory 35, a certificate storage memory 36, an encryption processing unit 37, and a power supply 38.

Further, the electronic authentication device 30 has a structure for confirming the identity by voice (voiceprint) or fingerprint for confirming whether or not the carrier is the original owner. Specifically, a sensor 40 for detecting the voice and fingerprint of the carrier
And an A / D converter 39 for converting analog data obtained by the sensor 40 into digital data. Note that the portable electronic authentication device 10 according to the above-described first embodiment can also include a configuration that enables such biometrics. Also, the sensor 4
Confirmation of the carrier himself by the data detected by 0
Even when the control is performed by the control unit 34 of the electronic authentication device 30, the data is transmitted from the data input / output unit 33 to the external security system side, and in this security system, the possession (the electronic authentication device 30) and the confirmation of the carrier are confirmed. May be performed. When the person is confirmed by an external security system, the electronic authentication device 30 transmits predetermined certificate data together with the detected data. With such a configuration, in addition to confirming the identity of the carrier, it is possible to authenticate whether the carrier of the electronic authentication device 30 is the original owner. Also in the third embodiment, the electronic authentication device 30 may further include an electrically rewritable nonvolatile memory corresponding to the memory 16 as in the first embodiment. For example, instead of transferring the encrypted data encrypted by the encryption processing unit 37 to the outside through the data input / output unit 33, the encrypted data is stored in the memory, or personal information that can be known only by the carrier, data created by the carrier. , By storing GUI environment information, etc., as a portable recording medium in which information unique to the carrier of the electronic authentication device 30 is stored,
The electronic authentication device can be used.

In the third embodiment, similarly to the above-described embodiments, each of the sections 33 to 40 can be constituted by electronic components integrated on one substrate. The main body 31
The respective parts 33 to 40 may be a resin body of a predetermined shape integrally molded with resin, or may be a housing having a storage space in which the respective parts are stored. The digital certificate stored in the memory 36 includes personal data such as an employee ID registered in advance in various security systems, biometric data such as fingerprints and voiceprints, electronic signature data, a digital ID issued by a certificate authority, and the like. The public key is included.
The power source 38 is preferably a rechargeable sheet battery or a solar cell. Further, instead of the power supply 38, a configuration in which electric energy is externally supplied via the interface unit 32 connected to an external interface may be employed.

Various applications are possible in any of the portable electronic authentication devices 10 to 30 according to the first to third embodiments described above. For example, data from an external system or an instruction to a carrier can be transmitted by voice. A user interface function for outputting may be provided.

In addition, the portable audio data generating apparatus according to the present invention can be realized by any of the configurations (FIGS. 1, 5, and 7) of the above-described first to third embodiments. In the example of use as shown in (1), display data is once fetched from the PC 51 and sent to the PC 51 as audio data.
The PC 51 recognizes the received audio data as a normal audio file, and reproduces the audio data. For example,
In the configuration shown in FIG. 1, the control unit 14 functions as an information processing unit that converts display data into audio data (FIG. 5).
Is the control unit 24 in the configuration of FIG. 7, and the control unit 34 in the configuration of FIG.

[0055]

As described above, according to the present invention, there is provided a portable main body provided with an interface unit enabling electrical connection with an external interface, and this main body has at least a data input / output unit. , A memory in which a plurality of types of electronic certificates are stored, and a control unit for selecting an optimal electronic certificate for authentication from the memory.
Thereby, it can be assured that only the person carrying the electronic authentication device is himself. In addition, the carrier can hold an electronic certificate for certifying the identity of the person, and the control section automatically selects the most suitable electronic certificate for authentication, so the carrier can determine the place of use and authentication. It is not necessary to consider the difference in the required security system.

The electronic authentication device may have a configuration further including an encryption processing unit that enables data encryption and decryption of the encrypted data in addition to the above components. According to this configuration, the confidentiality of data transmitted and received can be improved. Further, during data communication, it is also possible to switch the encryption method as needed, and further improvement in data confidentiality can be expected with this configuration.

The electronic authentication device may have a structure provided with a sensor so as to enable personal authentication using the voice (voiceprint) or fingerprint of the carrier. With this configuration, it is possible to confirm whether or not the carrier of the electronic authentication device is the original owner, and it is possible to perform the personal authentication more reliably.

Further, by further providing the electronic authentication device with a memory for storing information peculiar to a carrier, the device can function as a portable recording medium. In particular, by carrying the GUI environment information unique to the wearer, the work environment of the wearer can be easily realized in the computer system permitted to be used, without being limited by the place, the hardware, or the like.

A portable audio data generating apparatus according to the present invention generates audio data that can be reproduced by an electronic information processing device from display data to be displayed by an electronic information processing device such as a connected PC. Since the generated audio data is output to the electronic information processing device, P
In the case of C or the like, the display data can be listened to by voice using an arbitrarily selected device (having a voice reproducing function) without being limited to the installation location.

[Brief description of the drawings]

FIG. 1 is a diagram showing a schematic structure of a first embodiment of a portable electronic authentication device according to the present invention.

FIG. 2 is a conceptual diagram for explaining a first use example of the portable electronic authentication device according to the present invention.

FIG. 3 is a conceptual diagram for explaining a second example of use of the portable electronic authentication device according to the present invention.

FIG. 4 is a chart for explaining an authentication operation using the portable electronic authentication device according to the first embodiment.

FIG. 5 is a diagram showing a schematic structure of a second embodiment of the portable electronic authentication device according to the present invention.

FIG. 6 is a chart for explaining an authentication operation using the portable electronic authentication device according to the second embodiment.

FIG. 7 is a diagram showing a schematic structure of a third embodiment of the portable electronic authentication device according to the present invention.

FIG. 8 is a conceptual diagram illustrating an electronic authentication system on the Internet.

FIG. 9 is a conceptual diagram for explaining a problem in managing an electronic certificate.

[Explanation of symbols]

10, 20, 30... Portable electronic authentication device (including portable voice data generating device), 11, 21, 31.
2, 22, 32 ... interface unit, 13, 23, 3
3 data input / output unit, 14, 24, 34 control unit (information processing unit), 15, 26, 36 ... certificate storage memory (first
Memory), 16 ... personal information storage memory (second memory),
25, 35 ... key storage memory, 27, 37 ... encryption processing unit, 17, 28, 38 ... power supply, 39 ... A / D converter, 4
0: Sensor.

Continued on the front page F term (reference) 5B019 EB07 GA10 HF10 JA10 5B085 AE02 AE23 AE29 CE08 5J104 AA07 KA01 KA05 KA16 9A001 BB03 BB04 DD13 EE03 HZ16 HZ18 LL03

Claims (6)

[Claims] 1. A portable electronic authentication device for certifying the identity of a carrier, comprising: an interface for detachably connecting directly to an external interface and establishing an electrical connection state with the external interface. A portable main body provided with a unit, a data input / output unit that is housed in the main body and transmits and receives data via the interface unit, A first memory in which a plurality of types of electronic certificates prepared in advance are stored as data for certifying the identity of the user, and a communication partner and a certificate type which are stored in the main body and are specified; Portable electronic authentication, comprising: a control unit that selects an electronic certificate that is optimal for authentication with the communication partner from among a plurality of types of electronic certificates stored in the electronic certificate Location. 2. An encryption processing unit that is housed in the main body and encrypts data captured from the data input / output unit and decrypts the data captured from the data input / output unit. The portable electronic authentication device according to claim 1, further comprising: 3. The control unit checks an encryption method of data transmitted / received to / from the communication partner and instructs switching of the encryption method during data transmission / reception to / from the partner via the interface unit. 3. The portable electronic authentication device according to claim 2, wherein: 4. The apparatus according to claim 1, further comprising a second memory storing at least a GUI (Graphic User Interface) environment information of a person who carries the portable electronic authentication device. A portable electronic authentication device according to the item. 5. The control unit generates audio data corresponding to the display data from the display data captured by the data input / output unit, and the data input / output unit generates the audio data. The electronic authentication device according to any one of claims 1 to 3, wherein audio data is output to the external interface via the interface unit. 6. A portable main body which is detachably and directly connectable to an interface of an electronic information processing device having an audio output function and is provided with an interface unit for maintaining an electrical connection state with the interface. A data input / output unit that is received in the main body and receives display data and transmits audio data corresponding to the display data via the interface unit; and An information processing unit that generates audio data corresponding to the display data from the display data captured by the data input / output unit via the unit, and outputs the generated audio data to the data input / output unit A portable audio data generation device comprising: