JP2003343133A - System and device for digital key - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a digital key system that does not require the exchange of a lock and the collection of coins when the key of the lock is lost, is high in convenience, and can be reduced in maintenance cost. <P>SOLUTION: This digital key system is constituted of a terminal device 10 holding an electronic value card 20, a digital key issuing server 70 which issues a digital certificate verifying the device's public key corresponding to the device's private key 29 of the electronic value card as a digital key 31 upon receiving the opened device key from the terminal device 10 through a communication means, and an electronic lock device 60 which unlocks or locks the lock when the digital key 31 is presented from the terminal device 10 to which the key 31 is issued through local radio interfaces 53 and 61. Since no physical key is used in the system, a new key can be produced at low cost. In addition, electronic payment can be utilized for settling the utilizing cost of the key and, in addition, the digital key 31 can be handled over to a third person in an on-line state. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a digital key system that can be widely used as a key for a coin locker or a guest room of a hotel, and an apparatus that realizes the system, and in particular, it is managed using a physical key. The location can be managed by using a digital key which is an electronic information key.

[0002]

2. Description of the Related Art Conventionally, coin lockers, hotel guest rooms,
In rental conference rooms, etc., the use of physical keys is restricted, and people without a key cannot open the coin locker, and cannot enter a locked room or conference room. Can not.

In other words, the key is held as a proof that the use of the key is permitted, and in order to obtain the permission of the use, the fee for using the hotel or the conference room for rent is paid, and the coin is inserted into the coin locker.

In recent years, a coin locker system using a mobile phone instead of a key has been devised. When a user who uses a coin locker makes a call from a mobile phone to a specific phone number assigned to each place where the coin locker is installed, the system is connected to this system and the numbers of the available lockers are displayed on the screen of the mobile phone.

When the luggage is put in the designated locker and the fee is charged as usual, the mobile phone number is stored in the memory incorporated in the coin locker and locked. If you call the system again from the same phone number, the locker will be unlocked.

[0006]

However, the system using a physical key has the following problems.

When the user loses the key, the lock itself must be replaced in order to ensure safety. Therefore, the cost is high, and the utilization of the coin locker or the like must be stopped until the lock replacement is completed, which affects the operation rate.

Further, a user who uses the conference room needs to go to a place where the key is managed to retrieve the key and to return it, which is troublesome.

The same applies when a user uses a guest room of a hotel, and a card key or the like must be delivered at the time of check-in / check-out at the reception. Therefore, it is necessary for the staff to always wait at the reception.

In addition, the coin locker system requires manpower to collect the inserted coins, resulting in a heavy work load and high cost.

In the case of a coin locker system using a conventional mobile phone instead of a key, the inconvenience of coin collection remains unchanged.

In the case of a coin locker that uses a physical key, it is possible to use a locker that locks a baggage by handing it to another person and handing over the baggage. In a system that uses a telephone as a key, it is necessary to hand over the mobile phone itself in order to use it in the same way, which is not suitable for handing over such things.

The present invention has been made in view of the above points, and there is no need to replace a lock or collect coins when a key is lost, which is highly convenient and reduces the cost required to maintain the system. It is also an object of the present invention to provide a device that realizes the system.

[0014]

A digital key system of the present invention is a digital key storing a digital certificate issued corresponding to a device private key of an electronic value card, and an owner who has received the digital key. And a lock device that unlocks or locks the digital key based on the digital certificate stored in the digital key.

The digital key system of the present invention receives a device public key corresponding to the device private key of the electronic value card from the terminal device holding the electronic value card and the terminal device via the communication means. Then, the digital key issuance server, which issues a digital certificate that certifies the device public key as a digital key, and the terminal device that has received the digital key is presented with the digital key via the communication means. At this time, a configuration including an electronic lock device for unlocking or locking the lock is adopted.

The terminal device used in the digital key system of the present invention has a holding means for holding an electronic value card, a first communication means for wireless communication via a network, and a first wireless communication for local wireless communication. Two communication means, wherein the first communication means transmits a device public key corresponding to the device private key of the electronic value card, and receives a digital key consisting of a digital certificate certifying the device public key. Then, the second communication means employs a configuration for transmitting the digital key to an electronic lock device that unlocks or locks a lock.

The electronic value card used in the digital key system of the present invention stores a device private key and a device public key corresponding to the device private key in a tamper-resistant memory area, and certifies the device public key. Storage means for storing a digital key consisting of a document in the non-tamper resistant area, and generating means for generating a digital signature presented to the electronic lock device together with the digital key using the device private key. Take.

The digital key issuing server of the present invention is
Communication means for receiving a device public key corresponding to the device private key of the electronic value card via the network, and issuing means for issuing a digital certificate certifying the device public key received by the communication means as a digital key. Adopt a configuration that is equipped with.

Further, the electronic lock device of the present invention comprises a communication means by local radio, a start switch for activating a transmission / reception operation of the communication means for a fixed time when turned on, and a lock mechanism means for executing lock / unlock of the lock. When a digital key with a digital signature is received from the communication means,
Lock control means for verifying the owner of the digital key that has transmitted the digital key and the issuer of the digital key based on the digital signature, and controlling the operation of the lock mechanism means if the verification result is correct; , Is adopted.

In this digital key system, since a physical key is not used, a new key can be generated at low cost. In addition, it is easy to deal with a lost key. The user does not have to go to a specific place to receive the key, which is highly convenient. In addition, it is possible to use electronic payment to settle the cost of using the key, and the cost of collecting the payment for the service provided can be kept low. It is also transferable and the digital key can be transferred online to a third party.

[0021]

(Embodiment 1) In Embodiment 1 of the digital key system of the present invention, an electronic value card (eV card) such as an IC card used for electronic commerce and the like.
To use.

This electronic value card stores a device private key which is a secret key of a key pair of the public key encryption system and a device certificate which is a certificate corresponding to the device private key.

The device certificate includes a device public key which is a public key corresponding to the device private key.

FIG. 1 shows a service model of the digital key system according to the first embodiment of the present invention.

This system includes an electronic lock device 60 installed in a coin locker or a guest room of a hotel, a digital key issuing server 70 that issues a digital key 31 of the electronic lock device 60, and a digital key issuing server 70 Key 31
Mobile phone equipped with an electronic value card (eV card) 20 that acquires and unlocks or locks the electronic lock device 60
It is equipped with 10 and a payment system 80 for making payment using a digital key.

As shown in FIG. 2, the electronic value card 20 includes a flash memory section 22 for storing various acquired digital keys 31, and a tamper resistant TRM (Tamper Resistant).
Module) section 23 and a host interface 21 for the mobile phone 10 (host), and the TRM section 23 controls the operation of this EEPROM and the EEPROM 28 storing the device private key 29 and device certificate 30. CP to do
U24, RAM25 used by CPU24 for work area, C
ROM storing a program that defines the operation of PU24
26, and a co-processor 27 that performs arithmetic processing such as cryptographic processing (eg, digital signature) assigned by the CPU 24.

The EEPROM 28 may store an application to be executed by the CPU 24.
Based on the command transmitted from the (host) via the host interface 21, the CPU 24 executes the program stored in the ROM 26 and the application stored in the EEPROM 28.

In the case of the electronic value card 20 shown in FIG. 2, a case where four digital keys 31 are stored in the flash memory unit 22 is shown.

As shown in FIG. 3, the mobile phone 10 has an electronic value card slot 52 in which the electronic value card 20 is installed, a local wireless interface (I / F) 53 for communicating with the electronic lock device 60, A wireless communication unit 42 that communicates with the digital key issuing server 70 via the antenna 41, a CPU 51 that controls the operation of the mobile phone 10, a ROM 50 that stores a basic program that defines the operation of the CPU 51, and a C
An EEPROM 49 in which an application for the digital key system (digital key holder application 11) executed by the PU 51 is written, and a liquid crystal display screen (LCD) 48
And the voice processing unit 45 of the microphone 43 and the speaker 44, and the switch
It is provided with 46 key control units 47.

As shown in FIG. 1, the electronic lock apparatus 60 includes a local wireless I / F 61 for communicating with the mobile phone 10, a lock mechanism section 64 for performing locking and unlocking operations, and a digital key issuing server. A digital key issuing server certificate 63 for certifying that it is a digital key issued from 70, and a lock application 62 for defining processing of the electronic lock device 60.
And a microcomputer (not shown), the electronic lock device 60 based on the lock application 62.
A control unit (not shown) that controls the lock lock application 62 and a start switch 65 that starts the lock control application 62 are provided.

Between the electronic lock device 60 and the mobile phone 10,
Local wireless communication such as infrared communication and Bluetooth is performed. Alternatively, communication using a non-contact IC card may be used.

FIG. 4 shows the data structure of the device certificate 30 stored in the electronic value card 20. Described here are the ID of the certificate, the device public key, the expiration date of the certificate, the issue date and time of the certificate, and the ID of the certificate issuer (usually the issuer of the electronic value card 20). , This information is digitally signed by the certificate issuer. Expiration dates are usually set in the distant future.

The electronic value card 20 is sold with the device private key 29 and the device certificate 30 stored therein, and the user acquires the electronic value card 20 and attaches it to the mobile phone 10.

Next, the operation of this system will be described with reference to FIG. In this system, the mobile phone 10 acquires a digital key issued by the digital key issuing server 70, and the digital lock is used to unlock or lock the electronic lock device 60.

The mobile phone 10 sends a key order including the order information and the device certificate 30 to the digital key issuing server 70 via the network ().

The order information includes information for specifying the lock, information for designating the usage time of the digital key, and information necessary for paying the cost by electronic settlement.

The digital key issuing server 70 uses the device public key read from the device certificate 30 to issue the digital key 31 in which the expiration date is set based on the usage time of the requested lock key, and the network key is issued. To the mobile phone 10 via ().

FIG. 5 shows the data structure of the digital key 31. Here, a lock ID for identifying the lock specified by the order information, a digital key ID for identifying this digital key, a device public key read from the device certificate 30, and the name and type of the digital key 31, Digital key additional information indicating additional information about the digital key 31 such as usage and destination, information defining a usage rule of the digital key 31, an expiration date of the digital key 31, and a digital key 31.
Issue date and time and issuer ID indicating the issuer of digital key 31
And the digital signature is given to these pieces of information using the private key of the digital key issuing server 70.

According to the usage rule, whether or not this digital key 31 is used up only once, whether or not this digital key 31 can be transferred to another person, and when this digital key 31 is transferred to another person, the digital key of the transferor is transferred. There is a regulation about whether or not the key is deleted.

The mobile phone 10 stores the acquired digital key 31 in the flash memory unit 22 of the electronic value card 20.

The digital key additional information contained in the digital key 31 can be displayed on the LCD 48 of the mobile phone 10, and the user can display the name and type of the digital key currently held on the LCD 48. How to use it, where to use it, etc.
Information about each digital key 31 can be confirmed.

When unlocking the electronic lock device 60, the user pushes the start switch 65 of the electronic lock device 60.

The electronic lock device 60 holds the public key of the digital key issuing server 70 in advance as the digital key issuing server certificate 63.

When the activation switch 65 is turned on, the electronic lock apparatus 60 activates the lock application 62 and sends a key challenge message including a lock ID and a random number via the local wireless I / F 61 for a certain period. Send continuously ().

The mobile phone 10 receiving the key challenge message via the local wireless I / F 53 activates the digital key ring application 11 (the digital key ring application 11 may be activated in advance by the user).

Digital Key Holder Application 11
Searches the digital key 31 specified by the lock ID from among the digital keys stored in the flash memory unit 22, and then obtains the digital signature for the random number received from the electronic lock device 60 and the device private key 29. A key response that is generated by using the digital signature and the digital key 31 is transmitted to the electronic lock device 60 via the local wireless I / F 53 ().

At this time, the digital key 31 having the same lock ID
If there is none, or if the lock IDs match but the expiration date has passed, the mobile phone 10 displays an error to the user.

In order to prevent the use of the digital key by a third party, when the digital key ring application 11 is set to perform user authentication, the digital key ring application 11 generates a digital signature for random numbers. Before the user has a PIN (Personal Identit
y number), and when the entered PIN is correct, a digital signature for the random number is generated using the device private key 29, and a key response including this digital signature and the digital key 31 is generated by the local wireless I. / F53 to the electronic lock device 60.

In this case, fingerprint authentication, iris authentication or the like may be used as the user authentication method.

The TRM unit 23 of the electronic value card 20
Device private key stored in EEPROM 28
29 cannot be read out of the TRM unit 23.

Therefore, when performing a digital signature, the CPU 24 of the electronic value card 20 sends the device private key 29 designated by the signature calculation command and the data of the signature calculation target to the signature calculation command from the CPU 51 of the mobile phone 10. Is set to the co-processor 27, and the co-processor 27 executes the operation of the digital signature using these,
The calculation result is returned to the CPU 51 of the mobile phone 10.

Upon receiving the key response, the lock application 62 of the electronic lock device 60 verifies the digital key 31 and the digital signature included in the key response.

In the verification of the digital key 31, first, the lock ID of the digital key 31 is collated, then it is verified whether the expiration date of the digital key 31 has expired, and further, the digital key 31.
The signature of the digital key issuing server 70 applied to the digital key issuing server 70 is verified by using the public key of the digital key issuing server 70 which is held as the digital key issuing server certificate 63, and the digital key is issued.
Verify the validity of 31.

In the verification of the digital signature, the device public key included in the digital key 31 is used, and the electronic value card 20 having the corresponding device private key 29 is used.
Verify that it is a digital signature generated by.

If no error occurs in these verifications, the lock control application 62 controls the lock control mechanism section 64 to unlock the locked lock.

Further, the lock control application 62 returns Ack to the mobile phone 10 via the local wireless I / F 61.

Upon receiving the Ack, the digital key ring application 11 of the mobile phone 10 ends the application.

At this time, if the usage rule of the digital key 31 is one-time usage, the digital key holder application 11 erases the digital key 31 and then terminates the application.

The same processing is performed when locking the unlocked lock, and the lock application 62 of the electronic lock device 60 verifies the digital key 31 and the digital signature included in the key response. Is OK, and the lock is in the unlocked state, the lock mechanism unit 64 locks it.

Further, the digital key issuing server 70 makes a settlement of the user's digital key utilization fee with the settlement system 80.

As described above, in this digital key system, the digital certificate issued corresponding to the device private key of the electronic value card 20 is used as the digital key 31.

In the electronic value card 20, the digital key 31 is stored in the CPU 24 of the TRM unit 23 and the co-processor.
It may be encrypted by 27 and stored in the flash memory unit 22.

At this time, the digital key 31 can always be accessed from the host interface 21 only through the TRM section 23.

When reading the digital key from the mobile phone 10 (host), the digital key 31 is the CPU of the TRM unit 23.
Mobile phone decrypted by 24 and co-processor 27
Read to 10 (host).

In response to the key challenge from the electronic lock device 60, the device private key 29 of the electronic value card 20
By using the to sign a digital signature, the owner of the digital key can be authenticated off-line.

Even if the digital key 31 stored in the flash memory unit 22 is read and stolen by a third party, an electronic value card having a device private key 29 corresponding to the digital key 31 Without 20, the digital key 31 cannot be used.

In this system, since a physical key is not used, a new key can be generated at low cost.

Further, since a digital key having an expiration date corresponding to the usage time designated at the time of applying for a digital key is issued, the expired digital key becomes invalid, so it is necessary to return the key. Absent.

Further, by using electronic payment, the cost of collecting the payment for the service provided can be kept low.

When it becomes necessary to extend the expiration date of the digital key 31, it is possible by the procedure shown in FIG.

First, the digital key holder application 11 of the mobile phone 10 requests the extension request content of the digital key 31,
An extension request including the currently held digital key 31 is transmitted to the digital key issuing server 70 ().

The digital key issuing server 70 issues a new digital key 131 according to the contents of the extension request, and the mobile phone 10
Send to ().

In the mobile phone 10 that has received the digital key 131, the digital key holder application 11 updates the digital key on the electronic value card 20 to the digital key 131.

Further, the digital key issuing server 70 settles the usage fee associated with the extension of the digital key with the settlement system 80.

Further, this system has a transfer function of the digital key 31, and the digital key 31 can be transferred to a third party via the digital key issuing server 70.

FIG. 7 shows a procedure for transferring a digital key from a mobile phone a equipped with an electronic value card (eV card) A to a mobile phone b equipped with an electronic value card B.

First, the digital key holder application 11 of the mobile phone a sends a transfer processing request digitally signed by the device private key 29 of the electronic value card A to the digital key issuing server 70 (). The transfer processing request includes the mail address of the transfer destination mobile phone b.

The digital key issuing server 70 verifies the digital signature of the transfer processing request, and if it is correct, sends a transfer notification to the transfer recipient's mail address ().

In the mobile phone b which has received the transfer notice, the digital key ring application 11 is activated, and when the digital key ring application 11 accepts the transfer of the digital key, the digital key ring application 11 transfers the electronic value card B including the device certificate 30. The processing acceptance message is transmitted to the digital key issuing server 70 ().

The digital key issuing server 70 that has received this transfer processing acceptance message issues the digital key 31 using the device public key read from the device certificate 30 of the electronic value card B, and issues the digital key 31 to the mobile phone b. Key 31
Send ().

The digital key holder application 11 of the mobile phone b stores the acquired digital key 31 in the flash memory section 22 of the electronic value card 20.

At this time, whether or not the digital key 31 stored in the electronic value card A of the mobile phone a is erased after the transfer processing is determined by the usage rule. In this way, the transfer function can be used to transfer the digital key 31 to a third party online.

When this digital key system is applied to a rental conference room system, the business operator who manages the rental conference room manages the digital key issuing server 70, and the electronic lock device 60 is installed on the electronic door of each conference room. Set up.

Further, the starting switch 65 is set so that it is turned on when a hand is put on the door knob. In this rental conference room system, the user obtains the digital key 31 from the digital key issuing server 70 with the mobile phone 10, and uses this digital key 31 to unlock or lock the electronic lock device 60. Is the same.

In this system, even if the key in the conference room is lost, it is not necessary to replace the lock, so that the cost of the operation management of the rental conference room system can be reduced.

Also, the user of the conference room does not have to go to a specific place to get the key. Also, it is not necessary to return the expired digital key because it is automatically invalidated.

Further, by utilizing the digital key transfer function,
It is possible for the secretary to reserve the digital key and transfer the reserved digital key to the actual user (conference participant).

Further, if the digital keys are handed to all the participants in the conference, the action of the person having the key to go to the conference room and unlock the key first becomes unnecessary.

When this digital key system is applied to a guest room management system, an electronic lock device 60 is installed on a guest room electronic door of a hotel or a short-term rental apartment. The start switch 65 is set so that it is turned on when the door knob is touched, as in the rental conference room system.

In this system, the user is a mobile phone
The flow of processing for acquiring the digital key 31 from the digital key issuing server 70 at 10 and unlocking or locking the electronic lock device 60 using this digital key 31 is the same as in FIG.

In this guest room management system, even if the guest room key is lost, there is no need to replace the lock, so that the cost of operating and managing the guest room management system can be reduced.

Further, in the guest room management system, it is necessary to deliver the key, and the reception staff is indispensable up to now. However, if the digital key system is applied, the reception staff becomes unnecessary. The user does not have to go to get the key,
It becomes possible to secure privacy.

Further, when the guest room use time is exceeded, the user can deal with it by downloading a new digital key 31 (at that time, settlement of the excess charge).

In this case, when the expiration date of the digital key 31 approaches, the digital key issuing server 70 can be systematized to send a warning to the user's mobile phone 10 by e-mail and prompt the extension operation.

When the expiration date of the digital key 31 approaches, the digital key holder application of the mobile phone 10
11 may issue a warning using the display screen or sound of the mobile phone 10 to prompt the extension operation.

Further, it becomes possible for the travel agent to reserve the digital key 31 and transfer the digital key 31 to the actual user by using the transfer function.

When this digital key system is applied to a coin locker system, a company operating and managing the coin locker manages the digital key issuing server 70 and installs the electronic lock device 60 as a key of each coin locker.
The start switch 65 is set so that it is turned on when a hand is placed on the locker door.

Further, the digital key issuing server 70 manages the use status of each locker online and is applicable when the key order including the order information specifying the locker number etc. is sent from the mobile phone 10. Issue a digital key when the locker is empty. The other processing flow is the same as in FIG.

In this system, an expiration date can be set according to the fee, and if it is within the expiration date, it is possible to freely take things in and out of the locker.

Further, the user who has exceeded the usage time of the coin locker can handle it by downloading a new digital key 31 (at that time, settlement of the excess charge).

In this case, when the expiration date of the digital key 31 approaches, the digital key issuing server 70 may send a warning mail to the user's mobile phone 10 to prompt an extension operation.

When the expiration date of the digital key 31 approaches, the digital key holder application of the mobile phone 10
11 may issue a warning using the display screen or sound of the mobile phone 10 to prompt the extension operation.

In this coin locker system, even if the key of the coin locker is lost, it is not necessary to replace the lock, so that it is possible to avoid a decrease in operating rate and to reduce the cost of operation and management of the coin locker system.

By adopting electronic settlement, it is not necessary to collect coins. Further, by using the transfer function of the digital key, it is possible to deliver an object through the locker.

The storage of the device certificate 30 in the electronic value card 20 is performed by storing the electronic value card 20 in the mobile phone 10.
It is also possible to use a method of downloading from the publisher via the mobile phone 10 after mounting the.

By writing a plurality of lock IDs corresponding to a plurality of electronic lock devices in the lock ID portion of the digital key 31, the digital key 31 can be used for a plurality of electronic lock devices 60. It is also possible.

The digital key 31 of the present invention is not limited to the keys of the rental conference room, the coin locker, the guest room, etc. illustrated above,
Secure parcel delivery, where you can store your parcels in a locked locker,
It can be widely applied to general digital locks.

Although the case where the digital key 31 is used as a substitute for a physical key has been described above, it is also possible to use the digital key as a ticket such as an entrance ticket to an entertainment facility, and the ID. It can also be used as a card or membership card.

(Embodiment 2) Embodiment 2 of the digital key system of the present invention has enhanced security against illegal copying of the digital key of Embodiment 1.

FIG. 8 shows a service model of the digital key system according to the second embodiment of the present invention.

Basically, the same as the case of the first embodiment except that a secure session is established between the mobile phone 10 and the digital key issuing server 70 when the digital key is obtained from the digital key issuing server 70. Is.

As an illegal copy of the digital key, the digital key 31 is the flash memory unit 22 of the electronic value card 20.
If stored in a form that can be directly accessed via the host interface 21, a malicious user
The one-time-use digital key 31 stored in the flash memory unit 22 is backed up in a personal computer or the like, and after using the digital key 31, it is stored in the flash memory unit 22 again by some method. It is supposed to be used twice.

In order to prevent such illegal copy, as shown in FIG. 9, the fingerprint list 32, which is a list of fingerprints of the digital key 31 (for example, hash of the digital key), is stored in the EEPROM of the TRM section 23.
Stored in 28.

The fingerprint list 32 is a list of fingerprints of various digital keys 31 stored in the flash memory unit 22. When the digital key holder application 11 acquires a digital key from the digital key issuing server 70, Alternatively, it is updated when the digital key 31 is deleted.

When using the digital key 31, the digital key holder application 11 generates a fingerprint of the digital key 31 and verifies that the fingerprint is registered in the fingerprint list 32.

If the fingerprint is not registered in the fingerprint list 32, the digital key holder application
11 displays an error to the user and erases the digital key 31 from the flash memory unit 22.

The one-time-only digital key 31 is erased from the flash memory section 22 when it is used,
That fingerprint is also the fingerprint list 32
Deleted from.

Even if the digital key 31 backed up by some method can be stored in the flash memory unit 22 again, the corresponding fingerprint is not registered in the fingerprint list 32. You cannot use the key 31.

Further, as shown in FIG.
When acquiring the digital key 31 from the digital key issuing server 70, first, a secure session by SSL (Secure Socket Layer) is established between the mobile phone 10 and the digital key issuing server 70, and the digital key issuing server 70 is set up. Certify.

After that, the mobile phone 10 transmits the key order to the digital key issuing server 70 with the secure session established ().

The digital key issuing server 70 issues the requested lock digital key 31, and issues the digital key including the digital key 31 and the digital key issuing server certificate 63 to the mobile phone 10 via the network. Send().

The digital key ring application 11 of the mobile phone 10 verifies the digital key issuing server certificate 63 in the received digital key issuing, and then is included in the verified digital key issuing server certificate 63. The public key of the digital key issuing server 70 is used to verify the signature of the digital key issuing server 70 applied to the digital key 31.

Further, the part showing the group name or domain name of the Subject of the server certificate acquired when establishing the secure session and the digital key issuing server certificate 63
The entity that manages the digital key issuing server 70 that has established a secure session by collating with the part indicating the group name or domain name of the Subject receives the received digital key 31
Verify that it is the same as the issuer of.

If no error occurs in these verifications, the digital key ring application 11 creates a fingerprint of the digital key 31, registers the fingerprint in the fingerprint list 32, and stores the digital key 31 in the flash memory unit 22. To store. If an error occurs, the error is displayed to the user and the received digital key 31 is deleted.

Also when extending the expiration date of the digital key 31, as shown in FIG. 10, first, a secure session is established between the mobile phone 10 and the digital key issuing server 70, and the mobile phone 10 Requested extension of digital key 31 and
An extension request including the currently held digital key 31 is transmitted to the digital key issuing server 70 ().

The digital key issuing server 70 issues a new digital key 131 according to the contents of the extension request, and issues a digital key including the digital key 131 and the digital key issuing server certificate 63 to the mobile phone 10 via the network. Send to ().

The digital key holder application 11 of the mobile phone 10 receives the digital key issuing application 70 which establishes the secure session, as in the case of newly acquiring the normal digital key 31. It is verified that it is the same as the issuer of the digital key 131, and if there is no error, the digital key on the electronic value card 20
31 is updated to the digital key 131.

Further, the digital key issuing server 70 settles the usage fee associated with the extension of the digital key 31 with the settlement system 80.

Also, when the digital key 31 is transferred to a third party, as shown in FIG. 11, the mobile phone b which has received the transfer notification first sets up between the mobile phone and the digital key issuing server 70. A secure session is established, and a transfer process acceptance message including the device certificate 30 of the electronic value card B is transmitted to the digital key issuing server 70 ().

The digital key issuing server 70 that has received the transfer processing acceptance message issues the digital key 31 to the mobile phone b and issues the digital key including the digital key 31 and the digital key issuing server certificate 63. , Send to mobile phone 10 via network ().

The digital key ring application 11 of the mobile phone 10 receives the digital key issuing server 70 which establishes a secure session, as in the case of newly acquiring the normal digital key 31. It is verified that the issuer is the same as the issuer of the digital key 31, and if there is no error, the digital key 31 is registered in the electronic value card 20.

Even if a malicious user starts up a server capable of establishing a secure session with the mobile phone 10 and issues the backed up digital key 31 to the mobile phone 10, it is secure. Since the server certificate obtained when the session was established is different from that of the issuer of the digital key 31, an error occurs and the digital key 31 cannot be stored.

The digital key issuing server 70 and the mobile phone
The secure session established with 10 is TL.
Other methods such as S (Transport Layer Security) for server authentication may be used.

(Third Embodiment) As a third embodiment of the digital key system of the present invention, a digital key system for home use will be described.

In the present embodiment, the electronic lock device issues a digital key, which is a key converted into electronic information, to the mobile phone, and the digital key is used to perform the authentication process between the mobile phone and the electronic lock device. Open or lock the lock according to.

FIG. 12 shows a service model of the digital key system according to the third embodiment of the present invention.

This system is composed of a mobile phone 1210 owned by the user and an electronic lock device 1260. However,
The electronic lock device 1260 is for home use, and is of a form that can be attached to the door of the house or can be purchased and attached by the user.

According to the digital key system of this embodiment, the digital key of the electronic lock device 1260 can be issued to a plurality of mobile phones 1210 under the control of the user, and the invalidation thereof can be performed. It can be carried out.

Therefore, it is possible for a plurality of users to have a single key for one electronic lock device 1260 and to invalidate the individual keys individually.

With the conventional key, when the key is lost or the duplicate key is not returned, it is necessary to replace the electronic lock device for safety. However, according to the present digital key system, the digital key is Even if the stored mobile phone 1210 is lost or the digital key issued to a friend's mobile phone is not returned, the digital key is invalidated on the electronic lock device 1260 side and the digital key is issued to the mobile phone 1210 again. It is possible to improve the convenience of the user.

The mobile phone 1210 and the electronic lock device 1260 are connected to each other by a local wireless I / F (infrared communication, Bluetooth, wireless LA).
N, wireless communication of a non-contact IC card, etc.) is used for ad hoc connection and communication.

The mobile phone 1210 is equipped with a digital key holder application 1211 for managing a digital key.

Digital Key Holder Application 1211
As a general-purpose digital keychain application 1211 that the user previously downloaded to the mobile phone 1210.
However, a user who purchased the electronic lock device 1260 downloads it from the manufacturer's Internet site of the electronic lock device 1260, and a dedicated digital key ring application 12
11 is okay.

The mobile phone 1210 is equipped with the same electronic value card 1220 as in the first embodiment.

The electronic lock device 1260 includes the electronic lock device 1260.
A lock ID, which is identification information of the key, and a lock number (LN), which is an authentication number when the electronic lock device 1260 issues a digital key, are managed.

Electronic lock device 1260 of the present digital key system
13 is a block diagram shown in FIG.

The electronic lock device 1260 includes a lock mechanism unit 1311 for physically opening and closing a lock, a start switch 1312 for detecting the user's operation and activating the electronic lock device 1260, a local wireless I / F 1313, and an electronic lock. LED indicating the status of device 1260
1314, control switch 1315, and control unit for controlling them
It is composed of 1310 and.

When the electronic lock device 1260 is of a type that can be attached to a door, in order to prevent mischief from the outside,
The control switch 1315 is preferably located inside the door.

The local wireless I / F 1313 is a communication I / F for infrared communication, Bluetooth, wireless LAN, wireless communication of a non-contact IC card, etc., and is for connecting to a mobile phone in an ad hoc manner for communication. is there.

The control unit 1310 includes a CPU 1301 and a ROM 1302.
And a RAM 1303 and an EEPROM 1304.

As shown in FIG. 14, the EEPROM 1304 stores a lock ID 1401, a lock number (LN) 1402, and a digital key information list 1403. Lock ID 1401 is
The identification information of the electronic lock device 1260, and the lock number (LN) 1402
Is the authentication number and digital key information list 1403 used for user authentication when the electronic lock device 1260 issues a digital key.
Is a list of digital key IDs (identification information) issued by the electronic lock device 1260 and currently valid, and fingerprints of device certificates of the electronic value cards that issued the digital keys. In the case of FIG. 14, three digital keys are issued as valid keys.

The lock number (LN) 1402 is a number set when the electronic lock device 1260 is manufactured.
It is a number that only the user who owns the 1260 needs to know.

Therefore, when the electronic lock device 1260 is on sale, the lock number (LN) is sold invisible. For example, a user purchases the electronic lock device 1260 and scrapes the attached scratch card for the first time.
(LN) is notified to the user.

The access to the information stored in the EEPROM 1304 is controlled by the CPU 1301 and cannot be freely rewritten from the outside.

However, by operating the control switch 1315, it is possible to selectively erase the information related to the digital key registered in the digital key information list 1403 and invalidate the digital key issued by the electronic lock device 1260. .

The mobile phone 1210 is a local wireless I / F 1253.
The digital key holder application 1211 of the mobile phone 1210 is connected to the electronic lock device 1260 via a local wireless I / F 1253 to the ad hoc, and the digital key stored in the electronic value card 1220 is used for the digital key application. Authentication process.

The data structure of the digital key in this embodiment is different from that in the first and second embodiments, and the digital key is composed of a lock ID and information indicating the digital key ID.

As shown in FIG. 15, the digital key list is stored in the flash memory section 1222 of the electronic value card 1220.
1501 is stored.

The digital key list 1501 shows the digital keys managed by the electronic value card 1220 in the present embodiment, and is a list of lock IDs and digital key IDs constituting the digital keys. In the case of FIG. 15, three digital keys are managed.

Next, the operation of this system is shown in FIG.
Will be explained. First, a procedure for acquiring a digital key from the electronic lock device 1260 will be described.

First, when the user activates the digital key holder application 1211 of the mobile phone 1210, a menu screen is displayed, and when the user performs an operation requesting the issuance of a digital key of the electronic lock device 1260 by selecting the menu, the lock number is displayed. The screen for entering is displayed.

The user selects the lock number (L
N ') is input, and further, the user operates the control switch 1315 of the electronic lock device 1260 to set the electronic lock device 1260 to a mode for issuing a digital key.
Generates a random number R0 and sends a key issue challenge to the mobile phone 1210 (). The key issuance challenge is a challenge message for the mobile phone 1210.

Mobile phone 1210 that received the key issue challenge
Is a lock number (LN ') using the electronic value card 1220.
Hash (LN '|| R0) which is the hash by concatenating the random number R0 with
And device private key 1229 for Hash (LN '|| R0)
Calculates a digital signature by the key signature request and sends a key issuance request including Hash (LN ′ || R0), the digital signature, and the device certificate 1230 to the electronic lock apparatus 1260 ().

Electronic lock device 1260 that received the key issuance request
Calculates the hash Hash (LN || R0) by concatenating the lock number (LN) stored in the EEPROM 1304 and the random number R0, and compares it with the received Hash (LN '|| R0). Authenticate that you are the correct owner of the electronic lock device 1260 that knows the lock number (LN).

When the user is authenticated (Hash (LN '|| R0)
Matches Hash (LN || R0)), and electronic lock device 1260 authenticates electronic value card 1220 by verifying the digital signature on Hash (LN '|| R0) using received device certificate 1230.

When the electronic value card 1220 is authenticated (when no error is detected in the verification of the digital signature), the electronic lock device 1260 generates a unique digital key ID, and the lock stored in the EEPROM 1304. A digital key is generated from the ID, the fingerprint (certificate fingerprint) of the received device certificate 1230 is calculated, and the digital key ID and the certificate fingerprint are registered in the digital key information list 1403.
A digital key issue including a digital key composed of the lock ID and the digital key ID is transmitted to the mobile phone 1210 ().

If the user is not authenticated (Hash (LN '
|| R0) does not match Hash (LN || R0)) or the electronic value card 1220 is not authenticated (when an error is detected in the verification of the digital signature), an error occurs from the electronic lock device 1260 to the mobile phone 1210. A message is sent and the digital key issuance process ends (not shown).

Mobile phone 1210 that received the digital key issuance
Registers the digital key in the digital key list 1501, displays the completion of the process to the user, and completes the digital key acquisition process.

Next, using the digital key, the electronic lock device
A procedure for performing authentication processing with 1260 and unlocking (or locking) electronic lock device 1260 will be described.

First, when the user performs an operation to activate the electronic lock device 1260, for example, by putting a hand on the handle of the door to which the electronic lock device 1260 is attached, the electronic lock device 1260 is activated.
The start switch 1312 of the 1260 is turned on and the electronic lock device
The electronic lock control device 1260 generates a random number R as challenge information by activating 1260.

When the user performs an operation for enabling the reception of a message from the electronic lock device 1260, the mobile phone 1210 receives the key challenge from the electronic lock device 1260 (). The key challenge includes the lock ID and the random number R.

On the mobile phone 1210 that has received the key challenge, the digital key holder application 1211 is activated and a dialog asking the user whether to use the digital key is displayed.

At this time, the mobile phone 1210 receives the lock I received.
D is compared with the digital key list 1501 and the digital key of the electronic lock device 1260 is presented to the user. If there is no corresponding digital key, the user is notified that there is no corresponding digital key (not shown).

When the user operates to urge the use of the digital key, the mobile phone 1210 uses the electronic value card 1220 to generate a digital signature for the random number R using the device private key 1229. A key response including the key ID and the device certificate 1230 is transmitted to the electronic lock device 1260 via the local wireless I / F 1253 ().

In order to prevent the use of the digital key by a third party, when the digital key ring application 1211 is set to perform user authentication, the digital key ring application 1211 generates a digital signature for the random number R. Before doing so, give the user a PIN (Personal I
The digital signature for the random number R is generated by using the device private key 1229 when the input PIN is requested and the entered PIN is correct. Further, in this case, as the user authentication method, a method such as fingerprint authentication or iris authentication may be used.

Electronic lock device 1260 that received the key response
The lock control application 1262 verifies the digital key ID included in the key response, the device certificate 1230, and the digital signature.

In the verification of the digital key ID and device certificate 1230, it is verified that the digital key ID and the fingerprint of the received device certificate 1230 are registered in the digital key information list 1403.

In the verification of the digital signature, the device public key included in the device certificate is used to verify that the digital signature is generated by the electronic value card 1220 having the corresponding device private key 1229.

If no error occurs in these verifications, the lock control application 1262 controls the lock control mechanism section 1311 to unlock the locked lock.

Further, the electronic lock device 1260 is a mobile phone 1210.
Mobile phone that returned Ack to and received Ack
10 ends the digital key ring application 1211.

Note that the same processing is performed when locking the unlocked lock, and the lock application 1262 of the electronic lock device 1260 uses the digital key ID and device certificate 1230 included in the key response. If the verification of the digital signature is OK and the lock is in the unlocked state, the lock mechanism unit 1311 locks it.

[0182]

As described above, since the digital key system of the present invention and the devices constituting the same do not use a physical key, a new key can be generated at low cost. In addition, it is easy to deal with a lost key. The user does not need to go to a specific place to receive the key, which is highly convenient.

Further, it is possible to use the electronic settlement to settle the cost related to the use of the key, and it is possible to keep the cost of collecting the payment for the provided service low.

Further, transfer is possible, and the digital key can be transferred online to a third party.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a service model of a digital key system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing an electronic value card according to the first embodiment of the present invention.

FIG. 3 is a diagram showing a configuration of a mobile phone according to the first and second embodiments of the present invention.

FIG. 4 is a data configuration diagram of a device certificate according to the first and second embodiments of the present invention.

FIG. 5 is a data configuration diagram of a digital key according to the first and second embodiments of the present invention.

FIG. 6 is a diagram showing an expiration date extension procedure in the digital key system according to the first embodiment of the present invention.

FIG. 7 is a diagram showing a transfer processing procedure in the digital key system according to the first embodiment of the present invention.

FIG. 8 is a schematic diagram showing a service model of the digital key system according to the second embodiment of the present invention.

FIG. 9 is a diagram showing an electronic value card according to the second embodiment of the present invention.

FIG. 10 is a diagram showing an expiration date extension procedure in the digital key system according to the second embodiment of the present invention.

FIG. 11 is a diagram showing a transfer processing procedure in the digital key system according to the second embodiment of the present invention.

FIG. 12 is a schematic diagram showing a service model of the digital key system according to the third embodiment of the present invention.

FIG. 13 is a configuration diagram of an electronic lock device according to a third embodiment of the present invention.

FIG. 14 is a schematic diagram showing data stored in the EEPROM of the electronic lock device according to the third embodiment of the present invention.

FIG. 15 is a schematic diagram showing a digital key list stored in the flash memory unit of the electronic value card according to the third embodiment of the present invention.

[Explanation of symbols]

10, 1210 mobile phone 11 Digital Key Holder Application 20, 1220 Electronic Value Card 21 Host interface 22 Flash memory section 23 TRM Department 24 CPU 25 RAM 26 ROM 27 co-processors 29 Device private key 28 EEPROM 30 device certificate 31 digital key 32 Fingerprint list 41 antenna 42 Wireless communication section 43 microphone 44 speaker 45 Voice processing unit 46 switch 47 Key control section 48 LCD 49 EEPROM 50 ROM 51 CPU 52 Electronic Value Card Slot 53, 1253 Local wireless I / F 60, 1260 Electronic lock device 61, 1313 Local wireless I / F 62, 1262 Locksmith application 63 Digital key issuing server certificate 64, 1311 Lock mechanism 65, 1312 Start switch 70 Digital key issuing server 80 payment system 131 digital key 1315 control switch 1403 Digital key information list 1501 Digital key list

   ─────────────────────────────────────────────────── ─── Continued front page    F term (reference) 2E250 AA04 AA06 AA19 BB08 BB29                       BB65 CC29 DD06 DD09 DD10                       EE09 EE15 FF25 FF27 FF28                       FF36 FF38 GG05 GG13                 5J104 AA07 AA09 AA16 EA01 EA04                       EA19 EA22 JA21 KA02 KA05                       LA03 LA06 MA05 NA02 NA35                       NA37 NA40 NA41 NA42 PA01                       PA10 PA15                 5K067 AA30 AA32 BB04 BB21 DD17                       EE02 EE12 EE35 EE37 HH24

Claims (33)

[Claims] 1. A digital key storing a digital certificate issued corresponding to a device private key of an electronic value card, and the digital key when presented by the owner who received the digital key issuance. A digital key system comprising: a lock device that unlocks or locks based on a digital certificate stored in a key. 2. The lock control device authenticates the owner and the issuer based on information of a digital certificate stored in the digital key presented by the owner, and unlocks or locks after the authentication. The digital key system according to claim 1, which is performed. 3. The digital key is given a digital signature by the issuer and a digital signature generated by the owner using the device private key, and the lock device is 3. The owner and issuer are authenticated by off-line verifying each digital signature of the owner and the issuer attached to the digital key presented by the owner. The described digital key system. 4. The digital key system according to claim 1, wherein an expiration date is set for the digital key. 5. The digital key system according to claim 1, wherein the digital key includes identification information of a lock device that can use the digital key. 6. A terminal device holding an electronic value card, and a device public key corresponding to the device private key of the electronic value card from the terminal device via a communication unit, and the device public key is received. When a digital key issuance server that issues a digital certificate to prove as a digital key, and the digital key is presented from a terminal device that has received the digital key issuance via communication means, the lock is unlocked or locked. An electronic lock device for performing the above, and a digital key system comprising: 7. The communication between the terminal device and the digital key issuing server is performed via a network, and the communication between the terminal device and the electronic lock device is performed via local wireless. 7. A digital key system according to claim 6, characterized in that 8. The digital key issuing server according to claim 7, wherein the digital key issuing server performs settlement with the issuing of the digital key to the terminal device with a payment system via a network. Key system. 9. The digital key issuing server according to claim 6, wherein the digital key issuing server issues the digital key for which an expiration date is set, based on a request from the terminal device. system. 10. The digital key issuing server according to claim 9, wherein the digital key issuing server issues a new digital key in which the expiration date of the digital key is extended based on a request from the terminal device. Key system. 11. The digital key issuing server issues a new digital key to another terminal device based on a transfer request of the terminal device that has issued the digital key. Digital key system described in. 12. The digital key system according to claim 6, wherein the electronic lock device is installed on a door of a conference room. 13. The digital key system according to claim 6, wherein the electronic lock device is installed at a door of a passenger compartment. 14. The electronic lock device is installed on a door of a coin locker.
The digital key system according to any one of 1. 15. A first communication means comprising: a holding means for holding an electronic value card, a first communication means for performing wireless communication via a network, and a second communication means for performing wireless communication by local wireless. Transmits a device public key corresponding to the device private key of the electronic value card and receives a digital key consisting of a digital certificate certifying the device public key, and the second communication means unlocks the lock. Alternatively, the terminal device is characterized in that the digital key is transmitted to an electronic lock device for locking. 16. The digital communication device according to claim 15, wherein the second communication means transmits the digital key with a digital signature generated by using the device private key, to the electronic lock device. Terminal equipment. 17. A display unit for displaying a warning to the user when the expiration date of the digital key is approaching and for displaying an operation for extending the expiration date of the digital key. The terminal device according to claim 16. 18. The first communication means, when receiving the digital key, authenticates a server transmitting the digital key, establishes a session with the server, and issues the received digital key. 16. The server owner and the server owner transmitting the digital key verify that they are the same business operator.
The terminal device according to item 6. 19. The digital key is provided to the digital key, wherein the owner of the server issuing the received digital key and the owner of the server transmitting the digital key are the same business operator. Characterized by verifying the information contained in each subject of the digital key issuing server certificate used when verifying the signature and the server certificate acquired when establishing the secure session. Item 18. The terminal device according to item 18. 20. A device private key and a device public key corresponding thereto are stored in a tamper resistant memory area, and a digital key consisting of a digital certificate certifying the device public key is stored in a non-tamper resistant area. An electronic value card, comprising: means for generating a digital signature presented to the electronic lock device together with the digital key, using the device private key. 21. The storage means stores a fingerprint of a digital key stored in the non-tamper resistant area,
The electronic value card according to claim 20, wherein the electronic value card is stored in the tamper resistant memory area. 22. Communication means for receiving a device public key corresponding to a device private key of an electronic value card via a network, and issuing a digital certificate for certifying the device public key received by the communication means as a digital key. A digital key issuing server comprising: an issuing unit. 23. The digital key includes lock identification information for uniquely identifying a lock that can be locked or unlocked using the digital key, digital key identification information for uniquely identifying the digital key, Device public key information, device key additional information representing information about the device key,
Including information on the usage rule of the device key, information on the expiration date of the digital key, information on the issue date and time of the digital key, and issuer identification information for uniquely identifying the issuer of the digital key, 23. The digital key issuing server according to claim 22, wherein the lock identification information includes at least one and includes a digital signature attached by the digital key issuing server. 24. The settlement associated with the issuance of the digital key,
23. The digital key issuing server according to claim 22, further comprising settlement means for performing the settlement server and the settlement server via a network. 25. The communication means, when receiving a transfer request for the digital key via a network, transmits a transfer notification to a transfer destination via the network, receives a device public key from the transfer destination, When the issuing unit receives the device public key from the transfer destination, the issuing unit generates a digital key in which the information of the device public key included in the digital key is updated, and the communication unit transfers the generated digital key to the transfer unit. 23. The digital key issuing server according to claim 22, which is transmitted first. 26. The communication means receives a request to extend the expiration date of the digital key via a network, and the issuing means changes the expiration date included in the digital key received together with the extension request. 23. The digital key issuing server according to claim 22, wherein a key is generated, and the communication unit returns the generated digital key. 27. When the expiration date of the digital key approaches, the communication unit sends a warning message to the user who issued the digital key, and prompts an operation to extend the expiration date of the digital key. The digital key issuing server according to claim 22. 28. A local wireless communication unit, an activation switch for activating a transmission / reception operation of the communication unit for a fixed time when turned on, a lock mechanism unit for locking or unlocking a lock, and a digital signature from the communication unit. When the digital key with is received, based on the digital signature, the owner of the digital key that transmitted the digital key and the issuer of the digital key are verified, and if the verification result is correct, the lock An electronic lock control device comprising: a lock control means for controlling the operation of the mechanical means. 29. The lock control means verifies the expiration date of the digital key, and controls the operation of the lock mechanism means on condition that the expiration date has not expired. Electronic lock device described. 30. The electronic lock device according to claim 28, wherein the activation switch is installed on a doorknob at an entrance of a room, and is turned on when a hand touches the doorknob. 31. The electronic lock device according to claim 28, wherein the activation switch is installed on a door of a coin locker, and is turned on when a hand touches the door. 32. When the digital key issuance request is received from the communication means, the digital key is issued and the digital key is issued only when the user is authenticated and the user is authenticated. The electronic lock device according to any one of claims 28 to 31. 33. The issuing means verifies the digital signature by the electronic value card when issuing the digital key, and verifies that the other party has the electronic value card. The electronic lock device according to.