JP2004159317A - Password restoration system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a password restoration system which restores a password only for an authenticated user. <P>SOLUTION: The password restoration system comprises a memory card with a CPU and a cellular phone. When the password is restored, a call is made to the cellular phone by a telephone connected to a line to which a telephone number registered in the memory card with the CPU is set. The cellular phone acquires the telephone number to which the telephone line is set using a caller's telephone number notification service, and judges whether the obtained telephone number matches the telephone number registered beforehand, and if the match is made, the password stored in the memory card with the CPU is restored. <P>COPYRIGHT: (C)2004,JPO

Description

  The present invention relates to a technique for recovering a password when the user forgets the password.

  In recent years, with the spread of network services, users have been able to receive various services. Many such services require the user to enter a password. The purpose of using a password in various services is to identify whether the person who is going to receive the service is the user himself or herself, but the user may forget the password. In a mail system provided by an administrator on the Internet, when a user forgets a password, the user transmits data identifying the user other than the password, and when the administrator recognizes that the user is the user from the data. Restores the password and prompts the user to present the password or change to a new password.

Apart from the above method, when the user forgets the password, the user can easily release the password, and even after the release, the password setting and the validity of the IC memory card are not lost. Is disclosed in JP-A-10-187903. When the user forgets the password and performs a predetermined key operation, when the user performs a predetermined key operation, the information at the time of setting the password, such as the date, the serial number of the system, the serial number of the IC memory card, and / or the remaining data of the memory, etc. A string is displayed. A release key character string is created from the displayed release data character string, and the release key character string is supplied to the IC memory card, so that data recorded on the IC memory card can be read.
JP-A-10-187903

  However, in any of the above conventional techniques, a third party who does not know the user's password obtains information for identifying the user himself / herself or key operation information, which is a means for restoring the password, There is a security problem in that the password is restored and the password is acquired, thereby impersonating the user or acquiring / falsifying data owned by the user.

  An object of the present invention is to provide a password restoration system, a communication terminal, a password recording medium, a password restoration method, a password restoration program, and a program recording medium for restoring a password only to a valid user of the password. .

  In order to achieve the above object, the present invention provides a password recovery method in which a portable password recording medium recording a password is attached to a communication terminal, and the same password is again supplied to a user who has forgotten the password. The communication terminal, comprising: a receiving unit that receives a first telephone number of a caller through a calling telephone number notification service; and an output unit that outputs the received first telephone number to the password recording medium. The password recording medium includes a telephone number storage unit that stores a second telephone number as a criterion for determining whether a password can be restored, a password storage unit that stores the password, and an output first telephone number. Receiving means for determining whether the received first telephone number matches the second telephone number stored in the telephone number storage means; Characterized in that it comprises a reading means for reading the password from the password storing unit if it matches.

  The present invention is a password recovery system in which a portable password recording medium recording a password is mounted on a communication terminal and supplies the same password again to a user who has forgotten the password. The terminal comprises: receiving means for receiving a first telephone number of a caller through a calling telephone number notification service; and output means for outputting the received first telephone number to the password recording medium, wherein the password recording medium comprises: A telephone number storing means for storing a second telephone number as a criterion for determining whether or not the password can be restored; a password storing means for storing the password; a receiving means for receiving the output first telephone number; It is determined whether the first telephone number matches the second telephone number stored in the telephone number storage means. Characterized in that it comprises a reading means for reading the password from over de storage means.

  According to this configuration, the password recovery system receives the first telephone number by the outgoing telephone number notification service, and reads out the password when the received first telephone number matches the second telephone number. The password can be restored only to the user. This is because usually only a limited number of people can use the first telephone number, and it is difficult for a third party to use the first telephone number when performing password recovery. This is because a person who can use the number does not notify a third party other than the user of the first telephone number by the calling telephone number notification service.

  Here, the communication terminal further includes number receiving means for receiving the second telephone number, and number output means for outputting the second telephone number received by the number receiving means to the password recording medium, The password recording medium may include a writing unit that receives the second telephone number from the communication terminal and writes the received second telephone number into the telephone number storage unit.

According to this configuration, the password recovery system can write the second telephone number into the telephone number storage.
Here, the number receiving means further receives a third telephone number different from the second telephone number stored in the telephone number storage means, and the number output means further receives the third telephone number in the number receiving means. The communication terminal further outputs the received third telephone number to the password recording medium, and the communication terminal further includes a password receiving unit that receives the password and outputs the received password to the password recording medium. A password verification unit that verifies whether a password received from the communication terminal matches a password stored in the password storage unit, wherein the writing unit further includes the communication terminal. Only when the received password matches the password stored in the password storage means, The second telephone number stored in the telephone number storage means may be rewritten to the third telephone number.

According to this configuration, the password recovery system can rewrite the second telephone number with the third telephone number.
The present invention is also a communication terminal for supplying the same password again to a user who has forgotten a password, and a receiving means for receiving a first telephone number of the caller through a caller telephone number notification service; A telephone number storage unit that stores a second telephone number as a criterion for determining whether a password can be restored, a password storage unit that stores the password, a received first telephone number, and a telephone number that is stored in the telephone number storage unit. Reading means for judging whether or not the second telephone number matches the password, and reading the password from the password storage means when the second telephone number matches.

  According to this configuration, the communication terminal receives the first telephone number by the outgoing telephone number notification service, and reads out the password when the received first telephone number matches the second telephone number. The password can be restored only to the user. This is because usually only a limited number of people can use the first telephone number, and it is difficult for a third party to use the first telephone number when performing password recovery. This is because a person who can use the number does not notify a third party other than the user of the first telephone number by the calling telephone number notification service.

Here, it is assumed that the communication terminal further includes a number receiving unit that receives the second telephone number, and a writing unit that writes the second telephone number received by the number receiving unit into the telephone number storage unit. Is also good.
According to this configuration, the communication terminal can write the second telephone number into the telephone number storage unit.

  Here, the number receiving means further receives a third telephone number different from the second telephone number stored in the telephone number storing means, and the communication terminal further receives a password for receiving a password. Receiving means, and password verification means for verifying whether or not the password received by the password receiving means matches the password stored in the password storage means, wherein the writing means further comprises: The second telephone number stored in the telephone number storage means may be rewritten to the third telephone number only when the password thus entered matches the password stored in the password storage means.

According to this configuration, the communication terminal can rewrite the second telephone number with the third telephone number.
Here, the communication terminal may further include display means for displaying the password read by the reading means.
According to this configuration, the communication terminal can display the read password.

Here, the communication terminal further executes the application software corresponding to the password using the application storage unit storing the application software corresponding to the password and the password read by the reading unit. And an application execution unit that performs the operation.
According to this configuration, the communication terminal can execute application software corresponding to the read password.

  Here, the password is the second telephone number, and the reading unit determines whether the received first telephone number matches the second telephone number stored in the telephone number storage unit. If the passwords match, the second telephone number may be read from the password storage unit, and the application execution unit may execute application software corresponding to the read second telephone number.

According to this configuration, the communication terminal can execute the application software corresponding to the second telephone number using the second telephone number as a password.
The present invention is also a portable password recording medium for supplying the same password again to a user who has forgotten the password, and the communication terminal equipped with the password recording medium transmits a call telephone number notification. Receiving means for receiving the first telephone number of the caller received by the service, telephone number storing means for storing a second telephone number as a criterion for judging whether or not password recovery is possible, and password storing means for storing the password Reading means for judging whether the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if the two numbers match. It is characterized by having.

  According to this configuration, the password recording medium receives the first telephone number from the communication terminal and reads out the password when the received first telephone number matches the second telephone number. Password recovery can be performed only for the password. This is because usually only a limited number of people can use the first telephone number, and it is difficult for a third party to use the first telephone number when performing password recovery. This is because a person who can use the number does not notify a third party other than the user of the first telephone number by the calling telephone number notification service.

Here, the password recording medium further includes a number receiving means for receiving the second telephone number from the communication terminal, and writing the second telephone number received by the number receiving means to the telephone number storage means. Means may be provided.
According to this configuration, the password recording medium can write the second telephone number into the telephone number storage unit.

  Here, the number receiving means further receives a third telephone number different from the second telephone number stored in the telephone number storage means, and the password recording medium further comprises: Password receiving means for receiving a password; and password verification means for verifying whether or not the password received by the password receiving means matches the password stored in the password storage means. Only when the password received by the password receiving means matches the password stored in the password storing means, the second telephone number stored in the telephone number storing means is rewritten to the third telephone number. It may be.

According to this configuration, the password recording medium can rewrite the second telephone number with the third telephone number.
Here, the password recording medium may further include a password output unit that outputs the password read by the reading unit to the communication terminal.
According to this configuration, the password recording medium can output the read password to the communication terminal.

Here, the communication terminal further executes the application software corresponding to the password using the application storage unit storing the application software corresponding to the password and the password read by the reading unit. And an application execution unit that performs the operation.
According to this configuration, the password recording medium can execute application software corresponding to the read password.

  Here, the password is the second telephone number, and the reading unit determines whether the received first telephone number matches the second telephone number stored in the telephone number storage unit. If the passwords match, the second telephone number may be read from the password storage unit, and the application execution unit may execute application software corresponding to the read second telephone number.

  According to this configuration, the password recording medium can execute the application software corresponding to the second telephone number using the second telephone number as a password.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
1. First Embodiment A password recovery system 1 according to a first embodiment of the present invention will be described.
As shown in FIG. 1, a password recovery system 1 receives a telephone number of a telephone line connected to a fixed telephone set at a user's home by using a calling telephone number notification service on a mobile telephone and recovers a password. I do.

1.1 Configuration of Password Restoring System 1 The password restoring system 1 includes the memory card with CPU 10 and the mobile phone 20 shown in FIG.
The user registers the telephone number of the telephone line connected to the fixed telephone set at the user's home in the memory card with CPU 10 in advance. Here, it is assumed that the telephone number can be notified by the calling telephone number notification service.

At the time of password recovery, the user inserts the memory card 10 with CPU into the mobile phone 20 and calls the mobile phone 20 from the fixed telephone.
The mobile phone 20 notifies the CPU-equipped memory card 10 of the telephone number obtained by using the calling telephone number notification service.
The CPU-equipped memory card 10 determines whether the received telephone number matches the telephone number stored in advance, and if they match, the telephone number is stored in the memory card 10 in advance. The password is read, and the read password is notified to the mobile phone 20.

Furthermore, the password restoration system 1 normally accepts a password and, when the accepted password is a valid password, permits access to an area associated with the password. In the present embodiment, the password is called a master password.
1.2 Configuration of Memory Card with CPU 10 Here, the configuration of the memory card with CPU 10 will be described.

  As shown in FIG. 2, the memory card with CPU 10 includes a password recovery management storage unit 101, a master password storage unit 102, a service password storage unit 103, a password recovery management information registration unit 104, a password registration unit 105, a password recovery verification. It comprises a unit 106, a master password verification unit 107, a service password acquisition unit 108, a decryption unit 109, and an input / output unit 110.

The memory card with CPU 10 is specifically a computer system including a microprocessor, a ROM, a RAM, and the like. The ROM stores a computer program. The microprocessor operates according to the computer program, so that the memory card with CPU 10 achieves its function.
(1) Password recovery management storage unit 101
The password recovery management storage unit 101 stores a telephone number (hereinafter, referred to as a registration number) of a telephone line specified in advance by a user in order to determine whether or not the master password can be recovered when the master password is recovered.

When the registration number is changed, the changed registration number is stored again.
(2) Master password storage unit 102
The master password storage unit 102 stores a master password encrypted using the registration number stored in the password recovery management storage unit 101 as an encryption key. Here, the master password is a password that collectively manages service passwords described later. By inputting the master password, the service password storage unit 103 can be accessed.

When the registration number is changed, the master password is encrypted again using the changed registration number as an encryption key, and the re-encrypted master password is stored.
(3) Service password storage unit 103
The service password storage unit 103 has a service password registration table 300 as shown as an example in FIG.

The service password registration table 300 stores one or more sets including a service name and a service password.
The service name is the name of a service registered by the user to receive the service.
The service password is a password for logging in to the service.
Here, the service password is encrypted and stored using the master password as an encryption key.

(4) Password recovery management information registration unit 104
The password recovery management information registration unit 104 receives the registration information including the processing content indicating the new registration or change and the registration number from the mobile phone 20 via the input / output unit 110, and the processing content of the received registration information is newly updated. In the case of registration, a new registration number is registered in the password recovery management storage unit 101. If the processing content is changed, the registration number is updated in the password restoration management storage unit 101, and master input instruction information indicating an instruction to input the master password and the registration number is output to the mobile phone 20 via the input / output unit 110. I do.

(5) Password registration unit 105
The password registration unit 105 registers and updates a master password or a service password.
(A) In the case of registering a master password The password registration unit 105 receives, from the mobile phone 20 via the input / output unit 110, master encryption information including processing content indicating new registration or change and an encrypted master password. . The encrypted master password is newly registered or updated in the master password storage unit 102 in accordance with the processing content of the received master encryption information.

(B) In the case of registering a service password: The password registration unit 105 transmits, via the input / output unit 110, the processing content indicating new registration or change, the encrypted service password, the network service name, and the like. Receiving service encryption information consisting of When the processing content of the received service encryption information is new registration, new registration is performed in the service password storage unit 103. If the processing content is changed, the service password is obtained from the service password storage unit 103 and updated.

(6) Password recovery verification unit 106
The password restoration verification unit 106 receives the telephone number (hereinafter, referred to as a reception number) received by the portable telephone 20 from the portable telephone 20 via the input / output unit 110 at the time of restoration of the master password by the calling telephone number notification service.
Next, the password restoration verification unit 106 reads the registration number from the password restoration management storage unit 101, and determines whether or not the read registration number matches the reception number.

Next, when the registration number and the reception number match, the password restoration verification unit 106 outputs restoration enable information including information for instructing the decryption unit 109 to decrypt the master password.
Next, password recovery verification section 106 receives the master password decrypted from decryption section 109, and outputs the received decrypted master password to mobile phone 20 via input / output section 110.

If the registration number and the reception number do not match, the password restoration verification unit 106 outputs restoration impossible information including information indicating that restoration is impossible to the mobile phone 20 via the input / output unit 110.
(7) Master password verification unit 107
Master password verification unit 107 receives the master password from mobile phone 20 via input / output unit 110.

Next, master password verification section 107 outputs master decryption information including information for instructing decryption section 109 to decrypt the master password.
Next, master password verification section 107 receives the master password decrypted from decryption section 109 and determines whether or not the received decrypted master password matches the master password received from mobile phone 20.

If they match, the master password verification unit 107 outputs acceptability information including information indicating acceptability to the mobile phone 20 via the input / output unit 110, and enables access to the service password storage unit 103. To If they do not match, rejection information including information indicating rejection is output to the mobile phone 20 via the input / output unit 110.
(8) Service password acquisition unit 108
The service password acquisition unit 108 performs the following operation when the service password storage unit 103 can be accessed.

The service password acquisition unit 108 receives service identification information including information for identifying a service that the user wants to use from the mobile phone 20 via the input / output unit 110, and decrypts the received service identification information and the service password. The service decoding information including information for instructing is output to decoding section 109.
Next, service password acquiring section 108 receives the service password decrypted from decrypting section 109 and outputs the decrypted service password to mobile phone 20 via input / output section 110.

(9) Decoding section 109
The decryption unit 109 decrypts the encrypted master password or the encrypted service password.
(A) Decryption of Master Password The decryption unit 109 receives recoverable information from the password recovery verification unit 106 or master decryption information from the master password verification unit 107.

The decryption unit 109 reads the registration number from the password recovery management storage unit 101 to decrypt the master password, decrypts the master password using the registration number read as a decryption key, and decrypts the decrypted master password. Output to the password recovery verification unit 106 or the master password verification unit 107.
Here, in the encryption and decryption of the master password, a registration number is used as a key, this key is called a common key, and an encryption method using the common key is called a common key encryption method. . The common key encryption method is, for example, DES. Description of DES is omitted because it is known.

(B) In the case of decrypting the service password The decryption of the service password is performed using the master password as a decryption key.
The decryption unit 109 receives the decryption information for service from the password acquisition unit for service 108.
The decryption unit 109 first decrypts the master password.

  Next, using the service identification information of the service decryption information received from the service password acquisition unit 108, an encrypted service password corresponding to the service desired by the user is read. In order to decrypt the read service password, the service password is decrypted using the decrypted master password as a decryption key, and the decrypted service password is output to the service password acquisition unit 108.

(10) Input / output unit 110
The input / output unit 110 outputs the information received from the mobile phone 20 to the password restoration management information registration unit 104, the password registration unit 105, the password restoration verification unit 106, the master password verification unit 107, or the service password acquisition unit 108.
Further, it outputs the information received from the password recovery management information registration unit 104, the password recovery verification unit 106, the master password verification unit 107, or the service password acquisition unit 108 to the mobile phone 20.

1.3 Configuration of Mobile Phone 20 Here, the configuration of the mobile phone 20 will be described.
As shown in FIG. 2, the mobile phone 20 includes a transmission / reception unit 201, a key input unit 202, a control unit 203, a display unit 204, a password restoration reception unit 205, an encryption unit 206, and an input / output unit 207.

The mobile phone 20 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a display unit, and the like. The ROM stores a computer program. When the microprocessor operates according to the computer program, the mobile phone 20 achieves its function.
In addition, the mobile phone 20 has a speaker unit, a microphone unit, a transmission unit, a memory unit, and the like, and operates as a normal mobile phone, similarly to a conventional mobile phone.

(1) Transmission / reception unit 201
The transmission / reception unit 201 receives a reception number or information from a network service and outputs the information to the control unit 203.
In addition, it transmits a call to an external telephone or transmits information to a network service in accordance with an instruction from the control unit 203.

(2) Key input unit 202
The key input unit 202 includes a dial key, a function key, or a control key. Upon registration / change of a registration number, the key input unit 202 receives an input of the registration number and outputs the received registration number to the control unit 203. In addition, when the registration number is changed, after the registration number is changed, the master password is re-encrypted, so that the processing contents indicating the change, the master plaintext information including the master password and the registration number are received, and the received master plaintext information is received. Output to the control unit 203.

When the master password is used, the input of the master password is accepted, and the accepted master password is output to the control unit 203.
At the time of master password restoration, a master password restoration instruction is received from the user, and the accepted master password restoration instruction is output to the control unit 203.
When registering / changing the master password, the master plaintext information including the processing content indicating the new registration or the change, the master password, and the registration number is received, and the received master plaintext information is output to the control unit 203. At the time of change, service plaintext information including processing contents indicating new registration or change, a service password, a master password, and a network service name is received, and the received service plaintext information is output to the control unit 203.

When the network service is used, the control unit 203 receives the service identification information and outputs the received service identification information to the control unit 203.
Also, the same key operation as that of a conventional mobile phone is performed.
(3) Control unit 203
The control unit 203 controls the operation of the entire mobile phone 20.

(A) In the case of registration / change of the registration number When registering / changing the registration number, the control unit 203 receives the registration number from the key input unit 202, and receives the received registration number via the input / output unit 207, the memory with CPU. Output to the card 10.
When the registration number is changed, after the registration number is updated, master input instruction information is received from the memory card with CPU 10 and the received master input instruction information is output to the display unit 204.

(B) At the time of restoring the master password At the time of restoring the master password, the password restoration accepting unit 205 starts the password restoring accepting process according to the master password restoring instruction received from the key input unit 202. Next, the reception number received from transmission / reception section 201 is output to password recovery reception section 205.
Next, if the master password can be restored from the memory card with CPU 10 via the input / output unit 207, the master password is received, the received master password is output to the display unit 204, and the password restoration accepting process ends. Let it. If the restoration of the master password is impossible, it receives the restoration impossible information, outputs the received restoration impossible information to the display unit 204, and ends the password restoration accepting process.

(C) When using the master password When using the master password, the master password is received from the key input unit 202, and the received master password is output to the memory card with CPU 10 via the input / output unit 207.
Next, when the master password can be received from the memory card with CPU 10 via the input / output unit 207, the reception unit receives the receivable information and outputs the received receivable information to the display unit 204. If the reception of the master password is not possible, it receives the non-reception information and outputs the received non-reception information to the display unit 204.

(D) When Using Network Service When using the network service, the service identification information received from the key input unit 202 is output to the memory card with CPU 10 via the input / output unit 207.
The control unit 203 performs automatic login by receiving the service password from the memory card with CPU 10 and transmitting the received service password to the service desired by the user via the transmission / reception unit 201.

(E) When Registering / Changing the Master Password When registering / changing the master password, the master plaintext information received from the key input unit 202 is output to the encryption unit 206.
(F) When Registering / Changing a Service Password When registering / changing a service password, the service plaintext information received from the key input unit 202 is output to the encryption unit 206.

(4) Display unit 204
The display unit 204 receives the master input instruction information from the control unit 203 when the registration number is changed, displays a screen for inputting the master password and the registration number using the received master input instruction information, and inputs the information to the user. Prompt.
When the master password is restored, the master password or the restoration impossible information is received from the control unit 203, and the received master password or the restoration impossible information is displayed.

When the master password is used, receivable information or non-reception information is received from the control unit 203, and the received receivable information or non-reception information is displayed.
Also, screen display similar to that of a conventional mobile phone is performed.
(5) Password recovery accepting unit 205
The password recovery accepting unit 205 is activated by the control unit 203 at the time of password recovery, receives a reception number from the control unit 203, and outputs the received reception number to the memory card with CPU 10 via the input / output unit 207.

(6) Encryption unit 206
When registering / changing the master password, the encryption unit 206 receives the master plaintext information from the control unit 203, encrypts the master password using the registration number as an encryption key, and generates master encryption information. When registering / changing the service password, the control unit 203 receives the service plaintext information from the control unit 203, encrypts the service password using the master password as an encryption key, and generates service encryption information.

Next, the encryption unit 206 outputs the master encryption information or the service encryption information to the CPU-equipped memory card 10 via the input / output unit 207.
(7) Input / output unit 207
The input / output unit 207 outputs information received from the memory card with CPU 10 to the control unit 203.

Further, it outputs the information received from the control unit 203, the password restoration accepting unit 205 or the encrypting unit 206 to the memory card with CPU 10.
1.4 Outline of Operation of Password Recovery System 1 Here, an outline of each operation of the password recovery system 1 will be described.
(1) Outline of Operation at Registration Number Registration Here, an outline of the operation of registration number registration will be described.

(A) In the case of new registration Here, an outline of the operation of new registration of a registration number will be described with reference to a flowchart shown in FIG.
The mobile phone 20 receives an instruction for a new registration of a registration number from the user (step S10). Next, a registration number is received, and registration information including the received new registration instruction and registration number is output to the memory card with CPU 10 (step S15).

The memory card with CPU 10 newly registers a registration number using the received registration information (step S20).
(B) In the case of change Here, the outline of the operation of changing the registration number will be described with reference to the flowchart shown in FIG.
The mobile phone 20 receives an instruction to change the registration number from the user (step S50). Next, the master password is accepted, and the accepted master password is output to the memory card 10 with CPU (step S55).

The memory card with CPU 10 performs a master password verification process using the received master password, and outputs acceptable information to the mobile phone 20 (step S60).
Next, the mobile phone 20 receives the registration number, and outputs registration information including the received change instruction and the registration number to the memory card with CPU 10 (step S65).
The memory card with CPU 10 updates the registration number using the received registration information, and outputs the master input instruction information to the mobile phone 20 via the input / output unit 110 (step S70).

The mobile phone 20 receives the master input instruction information from the CPU-equipped memory card 10, instructs the user to input a master password and a registration number, and receives the master password and the registration number from the user (step S75).
Next, the received master number is encrypted using the received registration number as an encryption key, and master encryption information including the processing content indicating the change of the master password and the encrypted master password is output to the memory card with CPU 10 (step S80).

The memory card with CPU 10 updates the master password using the master encryption information (step S85).
(2) Outline of Operation at the Time of Master Password Registration Here, an outline of the operation of master password registration will be described with reference to the flowchart shown in FIG.

  The mobile phone 20 receives an instruction for new registration or change as the processing content (step S100). Next, a master password and a registration number are received from the user (step S105), the received master password is encrypted using the received registration number as an encryption key, and the master encryption information including the processing contents and the encrypted master password is transmitted to the CPU. Output to the attached memory card 10 (step S110).

Using the received master encryption information, the CPU-equipped memory card 10 performs new registration of the master password in the case of new registration, and updates the master password in the case of change (step S115).
(3) Outline of Operation at the Time of Registering a Service Password Here, an outline of the operation of registering a service password will be described with reference to a flowchart shown in FIG.

  The mobile phone 20 receives an instruction for new registration or change as the processing content (step S150). Next, a service password, a network service name, and a master password are received from the user (step S155), and the received service password is encrypted using the received master password as an encryption key. The service encryption information including the service password is output to the memory card with CPU 10 (step S160).

Using the received service encryption information, the CPU-equipped memory card 10 adds to the service password registration table 300 in the case of new registration, and updates the record in the case of change (step S165). ).
(4) Outline of Operation at the Time of Password Recovery Here, an outline of the operation at the time of password recovery will be described with reference to the flowchart shown in FIG.

The mobile phone 20 receives a password recovery instruction from the user, and activates a password recovery receiving process of the password recovery receiving unit 205 (step S200).
Next, the mobile phone 20 receives a call from a telephone line whose telephone number is registered as a registration number, obtains a reception number from the received call, and outputs the obtained reception number to the memory card 10 with CPU. (Step S205).

  Using the received reception number and the registration number stored in the password recovery management storage unit 101, the CPU-equipped memory card 10 performs a verification process to determine whether or not the password can be restored. When possible, the decrypted master password is output to the mobile phone 20 via the input / output unit 110, and when the password cannot be restored, the restoration impossible information is transmitted to the mobile phone 20 via the input / output unit 110. Output (Step S210).

The mobile phone 20 displays the master password or the non-recoverable information received from the memory card with CPU 10 on the display unit 204, and ends the password recovery accepting process (step S215).
(5) Outline of Operation at Verification of Master Password Here, an outline of operation of verification of the master password will be described with reference to a flowchart shown in FIG.

The mobile phone 20 receives the input of the master password from the key input unit 202 from the user, and outputs the received master password to the memory card with CPU 10 (step S250).
Next, the memory card with CPU 10 decrypts the encrypted master password stored in the master password storage unit 102 using the registration number as a decryption key, and decrypts the decrypted master password and the master received from the mobile phone 20. Using the password, a master password verification process for determining whether or not the master password can be accepted is performed. After the verification process, if the master password can be accepted, the acceptable information is transmitted to the mobile phone 20 via the input / output unit 110. If the master password cannot be accepted, the reception failure information is output to the mobile phone 20 via the input / output unit 110 (step S255).

The mobile phone 20 displays the acceptable information or the unacceptable information received from the memory card with CPU 10 using the display unit 204 (step S260).
(6) Outline of Operation at the Time of Obtaining Service Password Here, an outline of the operation of obtaining the service password will be described with reference to the flowchart shown in FIG.

The mobile phone 20 receives service identification information from the key input unit 202 from the user, and outputs the received service identification information to the memory card with CPU 10 via the input / output unit 207 (step S300).
The memory card with CPU 10 performs a service password acquisition process using the received service identification information, and outputs a decrypted service password required for the user to log in to the network service via the input / output unit 110. To the mobile phone 20 (step S305).

The mobile phone 20 transmits the decrypted service password received from the CPU-equipped memory card 10 to the net service via the transmission / reception unit 201, and logs in (step S310).
Thereafter, the user receives the service from the net service.
1.5 Operation of Registration Number Verification Processing The operation of the registration number verification processing performed by the memory card with CPU 10 when the master password is restored will be described with reference to the flowchart shown in FIG.

The password restoration verification unit 106 receives the reception number from the mobile phone 20 (Step S350). Next, the registration number is read from the password recovery management storage unit 101 (step S355). It is determined whether the read registration number matches the reception number (step S360).
If they match, the decoding unit 109 outputs the decodable information to the decoding unit 109, and performs decoding processing in the decoding unit 109 (step S365). The password restoration verification unit 106 receives the master password decrypted by the decryption unit 109, and outputs the decrypted master password to the mobile phone 20 (step S370).

If they do not match, the restoration failure information is output to the mobile phone 20 (step S375).
1.6 Operation of Master Password Verification Processing The operation of the master password verification processing performed by the memory card with CPU 10 when the master password is used will be described with reference to the flowchart shown in FIG.
Master password verification unit 107 receives the master password from mobile phone 20 (step S400).

Next, master password verification section 107 outputs master decryption information to decryption section 109, and decryption processing is performed by decryption section 109 (step S405).
Next, the master password verification unit 107 receives the decrypted master password from the decryption unit 109, and determines whether the received master password matches the master password received from the mobile phone 20 (step S410).

If they match, the master password receivable information is output to the mobile phone 20 (step S415). If they do not match, master password rejection information is output to the mobile phone 20 (step S420).
1.7 Operation of Service Password Acquisition Process The operation of the service password acquisition process performed by the memory card with CPU 10 when using the network service will be described with reference to the flowchart shown in FIG.

The service password acquisition unit 108 receives the service identification information from the mobile phone 20 (Step S450).
The service decoding information is generated using the received service identification information, the generated service decoding information is output to the decoding unit 109, and the decoding unit 109 performs a decoding process (step S455).

Next, service password acquiring section 108 receives the decrypted service password from decryption section 109, and outputs the received service password to mobile phone 20 (step S460).
1.8 Operation of Decoding Process Here, the operation of the decoding process will be described with reference to the flowchart shown in FIG.

The decryption unit 109 receives the recoverable information, the master decryption information, or the service decryption information from the password recovery verification unit 106, the master password verification unit 107, or the service password acquisition unit 108 (step S500).
The decryption unit 109 reads the registration number from the password restoration management storage unit 101 (step S505), and then reads the encrypted master password from the master password storage unit 102 (step S510).

The encrypted master password is decrypted using the read registration number as a decryption key (step S515).
Next, it is determined whether the received information is service decryption information (step S520).
If it is the service decryption information, the record is acquired from the service password registration table 300 of the service password storage unit 103 (step S525). Using the decrypted master password as a decryption key, the encrypted service password stored in the obtained record is decrypted (step S530). The decrypted service password is output to the service password acquisition unit 108 (step S535).

If the received information is not service decryption information, the decrypted master password is output to the password recovery verification unit 106 or the master password verification unit 107 (step S540).
1.9 Modification Example A description will be given of a password restoration system 1A as a modification example of the first embodiment.

<Configuration of Password Recovery System 1A>
The password recovery system 1A includes a memory card with CPU 10A and a mobile phone 20A shown in FIG. 15, and uses a calling telephone number notification service in the same manner as the password recovery system 1 to perform password recovery.
If the user forgets the password when using the function managed by the password, the user inserts the memory card with CPU 10A into the mobile phone 20A and makes a call from the fixed phone to the mobile phone 20A. get.

The mobile phone 20A notifies the CPU-attached memory card 10A of the telephone number acquired by using the calling telephone number notification service and information for identifying the function used by the user.
The memory card with CPU 10A determines whether the received telephone number matches the telephone number stored in advance, and if they match, reads the password stored in advance and uses the read password. To activate the function used by the user.

When the password recovery system 1A receives information for identifying the function to be used and the password, the password recovery system 1A activates the function to be used by the user when the received password is a valid password. Here, the password is referred to as a master password.
<Configuration of Memory Card with CPU 10A>
Here, the configuration of the memory card with CPU 10A will be described.

  As shown in FIG. 15, the memory card with CPU 10A includes a password recovery management storage unit 101A, a master password storage unit 102A, a password recovery management information registration unit 104A, a password registration unit 105A, a password recovery verification unit 106A, and a master password verification. It comprises a unit 107A, a decoding unit 109A, an input / output unit 110A, and a usage information storage unit 120A.

The memory card with CPU 10A is, specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. The ROM stores a computer program. The microprocessor operates according to the computer program, whereby the memory card with CPU 10A achieves its functions.
(1) Usage information storage unit 120A
The usage information storage unit 120A has an electronic money function 121A and a schedule function 122A.

The electronic money function 121A is a function that gives a monetary value to digital data and can purchase a product on the Internet, and the schedule function 122A is a function that records and manages a user's schedule and the like.
(2) Password recovery management storage unit 101A
The password recovery management storage unit 101A is the same as the password recovery management storage unit 101, and a description thereof will be omitted.

(3) Master password storage unit 102A
The master password storage unit 102A stores a master password encrypted using the registration number stored in the password restoration management storage unit 101A as an encryption key. The master password manages the electronic money function 121A and the schedule function 122A stored in the usage information storage unit 120A. When the user wants to use the function stored in the use information storage unit 120A, the user inputs information for identifying the function to be used and a master password.

When the registration number is changed, the master password is again encrypted using the changed registration number as an encryption key, and the re-encrypted master password is stored.
(4) Password recovery management information registration unit 104A
The password recovery management information registration unit 104A is the same as the password recovery management information registration unit 104, and thus the description is omitted.

(5) Password registration unit 105A
The password registration unit 105A registers and updates a master password.
Note that the registration / update of the master password is the same as the registration / update of the master password in the password registration unit 105, and thus the description is omitted.
(6) Password recovery verification unit 106A
The password recovery verification unit 106A compares the reception number and the function identification information for identifying the function to be used among the functions stored in the usage information storage unit 120A from the mobile phone 20A via the input / output unit 110A when the master password is recovered. receive.

Next, the password recovery verification unit 106A reads the registration number from the password recovery management storage unit 101A, and determines whether the read registration number matches the reception number.
Next, when the registration number matches the reception number, password recovery verification section 106A outputs recoverable information including information for instructing decryption section 109A to decrypt the master password.

Next, password recovery verification section 106A receives the master password decrypted from decryption section 109A, and outputs the received decrypted master password and the function identification information received from mobile phone 20A to master password verification section 107A.
If the registration number and the received number do not match, the password restoration verification unit 106A outputs restoration impossible information including information indicating that restoration is impossible to the mobile phone 20A via the input / output unit 110A.

(7) Master password verification unit 107A
The master password verification unit 107A receives the master password and the function identification information from the mobile phone 20A via the password restoration verification unit 106A or the input / output unit 110A.
Next, master password verification section 107A outputs master decryption information including information for instructing decryption section 109A to decrypt the master password.

Next, master password verification section 107A receives the master password decrypted from decryption section 109A, and determines whether the received decrypted master password matches the master password received from password recovery verification section 106A or mobile phone 20A. Is determined.
If they match, the master password verification unit 107A activates the function corresponding to the received function identification information. For example, when the function identification information is information indicating the electronic money function 121A, the electronic money function 121A is activated. If they do not match, rejection information including information indicating rejection is output to the mobile phone 20A via the input / output unit 110A.

(8) Decoding section 109A
The decryption unit 109A performs a process of decrypting the encrypted master password.
Note that the decryption of the master password is the same as the decryption of the master password by the decryption unit 109, and a description thereof will be omitted.
(9) Input / output unit 110A
The input / output unit 110A outputs the information received from the mobile phone 20A to the password restoration management information registration unit 104A, the password registration unit 105A, the password restoration verification unit 106A, or the master password verification unit 107A.

Further, it outputs the information received from password recovery management information registration section 104A, password recovery verification section 106A or master password verification section 107A to mobile phone 20A.
<Configuration of mobile phone 20A>
Here, the configuration of the mobile phone 20A will be described.
As shown in FIG. 15, the mobile phone 20A includes a transmission / reception unit 201A, a key input unit 202A, a control unit 203A, a display unit 204A, a password restoration reception unit 205A, an encryption unit 206A, and an input / output unit 207A.

The mobile phone 20A is, specifically, a computer system including a microprocessor, a ROM, a RAM, a display unit, and the like. The ROM stores a computer program. The mobile phone 20A achieves its functions by the microprocessor operating according to the computer program.
In addition, the mobile phone 20A has a speaker unit, a microphone unit, a transmission unit, a memory unit, and the like, as in the case of a conventional mobile phone, and operates as a normal mobile phone.

(1) Transmission / reception unit 201A
The transmission / reception unit 201A is the same as the transmission / reception unit 201, and the description is omitted.
(2) Key input unit 202A
The key input unit 202A includes a dial key, a function key, or a control key. When registering or changing a registration number, the key input unit 202A receives an input of the registration number and outputs the received registration number to the control unit 203A. In addition, when the registration number is changed, after the registration number is changed, the master password is re-encrypted, so that the processing contents indicating the change, the master plaintext information including the master password and the registration number are received, and the received master plaintext information is received. Output to control section 203A.

When any one of the electronic money function 121A and the schedule function 122A stored in the use information storage unit 120A is used, the input of the master password and the function identification information is received, and the received master password and the function identification information are exchanged. Output to control section 203A.
At the time of master password restoration, a master password restoration instruction and function identification information are received from the user, and the received master password restoration instruction and function identification information are output to the control unit 203A.

When registering / changing the master password, the control unit 203A receives the master plaintext information including the processing contents indicating the new registration or the change, the master password, and the registration number, and outputs the received master plaintext information to the control unit 203A.
Also, the same key operation as that of a conventional mobile phone is performed.
(3) Control unit 203A
The control unit 203A controls the operation of the entire mobile phone 20A.

(A) In the case of registration / change of registration number The registration / change of the registration number is the same as the registration / change of the registration number in the control unit 203, and the description is omitted.
(B) In the case of restoring the master password At the time of restoring the password, the master password restoring instruction and the function identification information are received from the key input unit 202A, and the password restoring accepting unit 205A starts the password restoring accepting process according to the received master password restoring instruction. I do. Next, the reception number received from transmission / reception section 201A and the function identification information received from key input section 202A are output to password recovery reception section 205A, and the password recovery reception processing ends.

Next, when the restoration impossible information is received from the memory card with CPU 10A via the input / output unit 207A, the received restoration impossible information is output to the display unit 204A.
(C) When Using the Function of the Usage Information Storage Unit 120A When using any of the electronic money function 121A and the schedule function 122A, the master password and the function identification information are received and received from the key input unit 202A. The master password and the function identification information are output to the memory card with CPU 10A via the input / output unit 207A.

Next, when the non-reception information is received from the memory card with CPU 10A via the input / output unit 207A, the received non-reception information is output to the display unit 204A.
(D) When Registering / Changing the Master Password The registration / change of the master password is the same as the registration / change of the master password in the control unit 203, and thus the description is omitted.

(4) Display unit 204A
The display unit 204A receives the master input instruction information from the control unit 203A when the registration number is changed, displays a screen for inputting the master password and the registration number using the received master input instruction information, and inputs the information to the user. Prompt.
Upon receiving the restoration impossible information from the control unit 203A, the display unit 204A displays the received restoration impossible information.

Further, when receiving the non-reception information from the control unit 203A, the display unit 204A displays the received non-reception information.
Also, screen display similar to that of a conventional mobile phone is performed.
(5) Password recovery accepting unit 205A
The password recovery accepting unit 205A is activated by the control unit 203A at the time of password recovery, receives a reception number and function identification information from the control unit 203A, and transmits the received reception number and function identification information to the CPU via the input / output unit 207A. Output to the attached memory card 10A.

(6) Encryption unit 206A
When registering / changing the master password, the encryption unit 206A receives the master plaintext information from the control unit 203A, encrypts the master password using the registration number as an encryption key, and generates master encryption information.
Next, encryption section 206A outputs the master encryption information to memory card with CPU 10A via input / output section 207A.

(7) Input / output unit 207A
The input / output unit 207A outputs information received from the memory card with CPU 10A to the control unit 203A.
Also, it outputs the information received from the control unit 203A, the password restoration accepting unit 205A or the encrypting unit 206A to the memory card with CPU 10A.

<Operation Overview of Password Recovery System 1A>
Here, an outline of each operation of the password recovery system 1A will be described.
(1) Outline of Operation at Registration Number Registration Since the outline of the operation of registration number registration is the same as the flow chart shown in FIGS. 4 and 5, the description is omitted.

(2) Outline of Operation at the Time of Master Password Registration The outline of the operation of the master password registration is the same as the flow chart shown in FIG.
(3) Outline of Operation at the Time of Password Recovery Here, an outline of the operation at the time of password recovery will be described with reference to the flowchart shown in FIG.

The mobile phone 20A accepts the master password restoration instruction and the function identification information from the user, and activates the password restoration accepting process of the password restoration accepting unit 205A (step S550).
Next, the mobile phone 20A receives a call from a telephone line whose telephone number is registered as a registration number, obtains a reception number from the received call, and acquires the obtained reception number and the function received in step S550. The identification information is output to the CPU-equipped memory card 10A (step S551), and the password restoration accepting process ends (step S552).

  The memory card with CPU 10A performs a verification process to determine whether or not the password can be restored using the received reception number and the registration number stored in the password restoration management storage unit 101A. If possible, the decrypted master password is output to the master password verification unit 107A (step S553). Next, in the memory card with CPU 10A, the master password verification unit 107A performs a master password verification process and activates a function corresponding to the function identification information (step S554).

If the password cannot be restored in the verification processing of step S553, the restoration impossible information is output to the mobile phone 20A via the input / output unit 110A, and the restoration impossible information is output on the mobile phone 20A.
(4) Operation of Registration Number Verification Processing Here, the operation of the registration number verification processing performed by the memory card with CPU 10A when the master password is restored will be described with reference to the flowchart shown in FIG.

The password restoration verification unit 106A receives the reception number and the function identification information from the mobile phone 20A (step S560). Next, the registration number is read from the password recovery management storage unit 101A (step S561). It is determined whether the read registration number matches the reception number (step S562).
If they match, the decryption unit 109A outputs the decodable information, and the decryption unit 109A performs decryption processing (step S563). The password restoration verification unit 106A receives the master password decrypted by the decryption unit 109A, outputs the decrypted master password and the function identification information to the master password verification unit 107A, and outputs the master password to the master password verification unit 107A. A verification process is performed (step S564).

If they do not match, restoration impossible information is output to the mobile phone 20A (step S565).
(5) Operation of Master Password Verification Processing Here, the operation of the master password verification processing will be described with reference to the flowchart shown in FIG.

The master password verification unit 107A receives the master password and the function identification information from the password restoration verification unit 106A or the mobile phone 20A (step S570).
Next, the master password verification unit 107A outputs the master decryption information to the decryption unit 109A, and performs decryption processing in the decryption unit 109A (step S571).
Next, master password verification section 107A receives the decrypted master password from decryption section 109A, and determines whether or not the received master password matches the master password received from password recovery verification section 106A or mobile phone 20A. Performed (step S572).

If they match, the function corresponding to the function identification information received from the password restoration verification unit 106A or the mobile phone 20A is activated (step S573). If they do not match, the master password is output to the mobile phone 20A (step S574).
(6) Decoding Process Operation Here, the decoding process operation will be described with reference to the flowchart shown in FIG.

First, in step S500, a change is made to receive restorable information or master decryption information.
Steps S520 to S535 are deleted. In other words, after performing step S515, the process is changed to perform step S540.
The output destination of the master password performed in step S540 is the password recovery verification unit 106A or the master password verification unit 107A.

<Other modifications>
The above-described embodiment and the above-described modified examples are examples of the embodiment of the present invention, and the present invention is not limited to this embodiment at all, and may be variously modified without departing from the scope thereof. It can be implemented. The following cases are also included in the present invention.
(1) In the password recovery system 1, a registration number may be used as a master password. At this time, the master password is restored as follows.

First, upon receiving the reception number, the memory card with CPU 10 determines whether or not the received reception number matches the registration number.
If they match, the registration number is displayed on the mobile phone 20. If they do not match, the restoration impossible information is displayed on the mobile phone 20.
Similarly, in the password recovery system 1A, the registration number may be used as the master password. At this time, the master password is restored as follows.

First, upon receiving the reception number and the function identification information, the memory card with CPU 10A determines whether or not the received reception number and the registration number match.
If they match, the function corresponding to the received function identification information is activated. If they do not match, the restoration impossible information is displayed on the mobile phone 20A.
(2) In the password restoration system 1, the master password is displayed after restoring the master password, but the present invention is not limited to this. After restoring the master password, the CPU-equipped memory card 10 may enable access to the service password storage unit 103 so that the service password can be used.

In addition, after the master password is restored in the password restoration system 1A, the function corresponding to the function identification information is activated, but the invention is not limited to this. After restoring the master password, the CPU-equipped memory card 10A may enable access to the function corresponding to the function identification information, so that the function can be used.
(3) In the password recovery system 1A, the memory card with CPU 10A includes a memory as an area for storing a data file in the usage information storage unit 120A, and indicates that the reception number and the memory are used when the master password is recovered. After receiving the function identification information and restoring the master password, the memory may be used.

  (4) In the password recovery system 1, the master password is encrypted and stored using the registration number as the encryption key, but the present invention is not limited to this. The master password may be stored without encryption. In this case, it is assumed that the master password storage unit 102 is an area having tamper resistance. Similarly, the service password may be stored without being encrypted. In this case, the service password storage unit 103 is an area having tamper resistance.

Similarly, the password recovery system 1A may store the master password without encrypting it. In this case, it is assumed that the master password storage unit 102A is an area having tamper resistance.
(5) The above embodiments and the above modifications may be combined.
1.10 Summary of First Embodiment As described above, the password recovery system 1 sets the telephone number of the telephone line installed at the user's home as information for performing password recovery. . The user of the fixed telephone connected to the telephone line is limited to the user himself or his own, and in order for another person to use the fixed telephone, the user enters the user's home and uses it. That is, it is not normally usable. For this reason, the user of the fixed telephone can surely recognize that the requester of the password recovery is the user and can call the user himself, so that the security at the time of the password recovery is enhanced. Therefore, when performing password recovery at the time of forgetting the password, the mobile phone 20 calls the mobile phone 20 from the fixed phone, and the mobile phone 20 obtains the telephone number of the telephone line to which the fixed phone is connected, and obtains the obtained phone number. It is determined whether or not the number matches the telephone number preset in the memory card 10 with CPU, and the password can be restored for the user himself only when the numbers match.

Further, it is possible to accept a change in the telephone number stored in the memory card 10 with CPU. Thus, even when the telephone number of the telephone line is changed, the telephone number of the telephone line with which the user has contracted can always be registered as the registration number, so that the security at the time of password recovery is further improved.
Also, the security of the memory card 10 with CPU itself is improved by encrypting the master password and the service password, storing the encrypted password in the memory card 10 with CPU, and decrypting it when necessary.

In addition, the service password used when using various network services is centrally managed using the master password, the service password is automatically sent to the network service you want to use by entering the master password, and by logging in, the user can Saves memorizing all service passwords.
Also, by receiving the function identification information when restoring the master password, after the master password is restored, the function corresponding to the function identification information is activated by using the restored master password, thereby omitting the user's input of the master password. Operation can be simplified.

2. Second Embodiment A password recovery system 2 according to a second embodiment of the present invention will be described.
The password recovery system 2 introduces a guarantor system for performing password recovery by receiving information required for password recovery from a guarantor who is designated in advance by a user in order to perform password recovery.

  In the password recovery system 2, as shown in FIG. 19, the guarantor uses the guarantor terminal 40 to create a document in a form that guarantees that the requester of the password recovery is the user himself in a predetermined format. A signed document (hereinafter referred to as a signed document) including signature data generated by applying a digital signature to the created document using a private key and a document having a time stamp added to the document. Send it. The user receives the signed document, and recovers the password using the received signed document. Here, the digital signature is, for example, an ElGamal signature on a finite field. ElGamal signatures on finite fields are well known and will not be described.

2.1 Configuration of Guarantor Terminal 40 The configuration of the guarantor terminal 40 will be described.
As shown in FIG. 19, the guarantor terminal 40 includes an encryption key storage unit 401, an input unit 402, a creation unit 403, a signature unit 404, and a transmission unit 405.
The guarantor terminal 40 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, a modem, and the like. A computer program is stored in the ROM or the hard disk unit. The microprocessor operates according to the computer program so that the guarantor terminal 40 achieves its function.

(1) Encryption key storage unit 401
The encryption key storage unit 401 is specifically composed of a hard disk unit or the like, and stores a secret key that is required only when a digital signature is applied and is known only by a guarantor.
(2) Input unit 402
The input unit 402 receives characters when creating a signed document, receives digital signature instruction information for performing a digital signature, and receives a signature document transmission instruction. The received character, the digital signature instruction, and the signed document transmission instruction are output to the creating unit 403.

(3) Creation unit 403
The creating unit 403 creates a signed document. If the digital signature instruction information is received from the input unit 402, the generated document is output to the signature unit 404 as a document that guarantees that the requester of the password recovery is the user himself.
If a signed document transmission instruction is received, the generated signed document is transmitted to the user via the transmission unit 405.

(4) Signature unit 404
The signature unit 404 reads the secret key from the encryption key storage unit 401, applies a digital signature to the document received from the creation unit 403, generates signature data, and outputs the generated signature data to the creation unit 403.
(5) Transmission unit 405
The transmission unit 405 is specifically composed of a modem or the like, and transmits the information received from the creation unit 403 to the user's mobile phone.

2.2 Configuration of Password Recovery System 2 The password recovery system 2 includes a memory card with CPU 50 and a mobile phone 60 shown in FIG.
The user designates one or more guarantors in advance. At this time, the guarantor designated by the user has a certification authority that issues and manages an electronic identification card issue a public key certificate. It is assumed that the user receives the public key certificate from the guarantor and stores it in the memory card 50 with CPU.

In the memory card with CPU 50, the number of signed documents necessary for password recovery and the expiration date for receiving the signed documents are set.
At the time of password recovery, the user inserts the memory card with CPU 50 into the mobile phone 60, and then contacts the guarantor with a method that can confirm that the requester of the password recovery is the user himself. Have the guarantor create a signed document in the specified format, and send the created signed document by e-mail. The mobile phone 60 receives the signed document, and notifies the memory card with CPU 50 of the received signed document.

  The CPU-attached memory card 50 performs signature verification on the sent signed document using the received signed document and the public key certificate stored in advance, and determines whether the guarantor has created it. Is determined and whether or not it is within the expiration date is determined. If the signed document is created by the guarantor and is within the expiration date, the CPU-attached memory card 50 counts the sent signed document as the number of signed documents valid for password recovery. . When the counted number reaches the number of signed documents necessary for password recovery stored in advance, the memory card with CPU 50 reads out the encrypted password stored in advance and reads out the encrypted password. The encrypted password is decrypted, and the decrypted password is notified to the mobile phone 60. Here, the signature verification is an algorithm for verifying the signature data generated by the digital signature.

It is assumed that the guarantor sends the signed document only once in response to the password restoration request from the user.
Furthermore, the password restoration system 2 normally accepts a password, and permits access to an area associated with the password when the accepted password is a valid password. In the present embodiment, the password is called a master password.

2.3 Configuration of Memory Card with CPU 50 Here, the configuration of the memory card with CPU 50 will be described.
As shown in FIG. 20, the memory card with CPU 50 includes a password recovery management storage unit 501, a decryption key storage unit 502, a master password storage unit 503, a service password storage unit 504, a password recovery management information registration unit 505, and a password registration. It comprises a unit 506, a password recovery verification unit 507, a master password verification unit 508, a service password acquisition unit 509, a decryption unit 510, and an input / output unit 511.

The memory card with CPU 50 is specifically a computer system including a microprocessor, a ROM, a RAM, and the like. The ROM stores a computer program. The microprocessor operates according to the computer program, so that the memory card with CPU 50 achieves its function.
(1) Password recovery management storage unit 501
The password restoration management storage unit 501 has a restoration management information table 700 as shown as an example in FIG.

The restoration management information table 700 stores one or more sets composed of a guarantor name and a public key certificate.
The guarantor name is the name of the person who sends the signed document to the user when the password is restored.
The public key certificate is information of a public key certificate issued in advance by a certification organization to a guarantor.

(2) Decryption key storage unit 502
The decryption key storage unit 502 stores a decryption key used to decrypt the encrypted master password stored in the master password storage unit 503.
The decryption key stored in the decryption key storage unit 502 is a decryption key associated with an encryption key used when encrypting the master password.

Here, an encryption method using different keys for encryption and decryption is called a public key encryption method. The encryption key is called a public key, and the decryption key is called a secret key. The public key encryption method is, for example, RSA. Since the RSA is known, the description is omitted.
(3) Master password storage unit 503
The master password storage unit 503 stores a master password encrypted using an encryption key set by a user. Here, the master password is a password that collectively manages the service password. By inputting the master password, the service password storage unit 504 can be accessed.

To change the decryption key, the decryption key stored in the decryption key storage unit 502 is changed, and the master password is again encrypted with the encryption key associated with the changed decryption key. Need to remember the master password.
(4) Service password storage unit 504
The service password storage unit 504 has a service password registration table 300, similarly to the service password storage unit 103 shown in the configuration of the memory card with CPU 10 of the password recovery system 1. The service password registration table 300 has been described in the service password storage unit 103 and will not be described here.

(5) Password recovery management information registration unit 505
The password restoration management information registration unit 505 receives guarantor information including information on the guarantor name and the public key certificate from the mobile phone 60 via the input / output unit 511, and stores the received guarantor information in the password restoration management storage unit. 501 is stored in the restoration management information table 700.
(6) Password registration unit 506
The password registration unit 506 registers and updates a master password, a service password, or a decryption key for decrypting the master password.

(A) In the case of registering a master password The operation is the same as the case of registering the master password in the password registration unit 105 shown in the memory card 10 with the CPU of the password restoration system 1, and the description is omitted.
(B) In the case of registering a service password The description is omitted because it is the same as the case of registering the service password in the password registration unit 105 shown in the memory card with CPU 10 of the password restoration system 1.

(C) In the case of registration of a decryption key The password registration unit 506 uses the mobile phone 60 via the input / output unit 511 to decrypt the processing contents indicating new registration or change and the encrypted master password. And decryption key information consisting of If the processing content is new registration according to the processing content of the received decryption key information, new registration of the decryption key is performed in the decryption key storage unit 502. If the processing content is changed, the decryption key is updated in the decryption key storage unit 502, and encryption key change instruction information indicating an input instruction of the master password and an encryption key for encrypting the master password is input / output unit 511. To the mobile phone 60 via the.

(7) Password recovery verification unit 507
The password restoration verification unit 507 includes password restoration setting value information including the number of signed documents required for password restoration (for example, “3”) and the time limit for password restoration (for example, “60 minutes”). Is stored in advance.
The password restoration verification unit 507 receives password restoration instruction information indicating a password restoration instruction from the mobile phone 60 via the input / output unit 511 at the time of master password restoration, and time information indicating the time at which the password restoration acceptance process was started. Using the received time information and the time limit included in the password restoration setting value information, the expiration date during which the password can be restored is calculated, and the calculated expiration date is temporarily stored. Next, the signed document received by the mobile phone 60 via the input / output unit 511 is received from the mobile phone 60, and the received signed document is counted as the number of received signed documents.

  Next, the password restoration verification unit 507 reads the public key certificate corresponding to the guarantor that sent the signed document from the password restoration management storage unit 501, and uses the read public key certificate and the received signed document. The signature verification is performed to determine whether the received signed document is the guarantor's own, and using the time stamp attached to the received signed document, whether the received signed document is within the validity period If the received signed document is the guarantor's own and has not expired, the received signed document is counted as the number of signed documents valid for password recovery.

When the number of signed documents valid for password recovery reaches the number of signed documents necessary for password recovery, the password recovery verification unit 507 restores the decryption unit 510 with information for instructing the decryption unit 510 to decrypt the master password. Output possible information.
Next, password recovery verification section 507 receives the master password decrypted from decryption section 510 and outputs the received decrypted master password to mobile phone 60 via input / output section 511.

If the number of signed documents received does not reach the number of guarantors stored in the password recovery management storage unit 501, and the number of valid signed documents does not reach the number of signed documents required for password recovery. Waits for the receipt of the next signed document.
The password restoration verification unit 507 receives the signed documents from all the guarantors stored in the password restoration management storage unit 501, and if the number of valid signed documents does not reach the number of signed documents necessary for password restoration. Outputs restoration impossible information including information indicating that restoration is impossible to the mobile phone 60 via the input / output unit 511.

(8) Master password verification unit 508
The master password verification unit 508 is the same as the master password verification unit 107 shown in the configuration of the memory card with CPU 10 of the password recovery system 1, and thus the description is omitted.
(9) Service password acquisition unit 509
The service password acquisition unit 509 is the same as the service password acquisition unit 108 shown in the configuration of the memory card with CPU 10 of the password restoration system 1, and thus the description is omitted.

(10) Decoding section 510
The decryption unit 510 performs a process of decrypting the encrypted master password or the encrypted service password.
(A) Decryption of Master Password The decryption unit 510 receives recoverable information from the password recovery verification unit 507 or master decryption information from the master password verification unit 508.

The decryption unit 510 reads the decryption key stored in the decryption key storage unit 502 to decrypt the master password, decrypts the master password using the decrypted key read out, and decrypts the decrypted master password. Output to the password restoration verification unit 507 or the master password verification unit 508.
(B) In the case of decrypting the service password The decryption of the service password is the same as the decryption of the service password of the decryption unit 109 shown in the configuration of the memory card with CPU 10 of the password recovery system 1, and therefore the description is omitted. I do.

(11) Input / output unit 511
The input / output unit 511 outputs the information received from the mobile phone 60 to the password restoration management information registration unit 505, the password registration unit 506, the password restoration verification unit 507, the master password verification unit 508, or the service password acquisition unit 509.
Also, it outputs the information received from the password registration unit 506, the password restoration verification unit 507, the master password verification unit 508, or the service password acquisition unit 509 to the mobile phone 60.

2.4 Configuration of Mobile Phone 60 Here, the configuration of the mobile phone 60 will be described.
As shown in FIG. 20, the mobile phone 60 includes a transmission / reception unit 601, a key input unit 602, a control unit 603, a display unit 604, a password restoration reception unit 605, an encryption unit 606, and an input / output unit 607.

The mobile phone 60 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a display unit, and the like. The ROM stores a computer program. The mobile phone 60 achieves its functions by the microprocessor operating according to the computer program.
Further, the mobile phone 60 has a speaker unit, a microphone unit, a transmission unit, a memory unit, and the like, as in the case of the conventional mobile phone, and operates as a normal mobile phone.

(1) Transmission / reception unit 601
The transmission / reception unit 601 is the same as the transmission / reception unit 201 shown in the configuration of the mobile phone 20 of the password recovery system 1, and thus the description is omitted.
(2) Key input unit 602
The key input unit 602 includes a dial key, a function key, or a control key. When registering or changing guarantor information, the key input unit 602 receives an input of guarantor information and outputs the received guarantor information to the control unit 603.

When the master password is used, the input of the master password is accepted, and the accepted master password is output to the control unit 603.
At the time of master password restoration, password restoration instruction information is received from the user, and the received password restoration instruction information is output to the control unit 603.
At the time of registration / change of the master password, master plaintext information including processing contents indicating new registration or change, the master password, and an encryption key for encrypting the master password is received, and the received master plaintext information is output to the control unit 603. When registering / changing the service password, the control unit receives service plaintext information including processing contents indicating new registration or change, a service password, a master password, and a network service name, and transmits the received service plaintext information to the control unit. 603.

When the network service is used, the service identification information is received, and the received service identification information is output to the control unit 603.
At the time of registration / change of a decryption key for decrypting the encrypted master password, input of decryption key information is received and output to the control unit 603. When the decryption key is changed, the master password is re-encrypted after the change of the decryption key, so that the processing contents indicating the change, the master password, and the master password associated with the decryption key are encrypted. Master plaintext information including an encryption key is received, and the received master plaintext information is output to control unit 603.

Also, the same key operation as that of a conventional mobile phone is performed.
(3) Control unit 603
The control unit 603 controls the operation of the entire mobile phone 60. Further, the control unit 603 has a clock function for measuring the time.
(A) In the case of registration / change of the guarantor In the case of registration / change of the guarantor, the control unit 603 receives the guarantor information from the key input unit 602 and receives the received guarantor information via the input / output unit 607. Output to the memory card 50 with CPU.

(B) At the time of master password recovery At the time of password recovery, when password recovery instruction information is received from the key input unit 602, the password recovery reception unit 605 starts password recovery reception processing and acquires time information by using the clock function. I do. The control unit 603 outputs the received password restoration instruction information and time information to the memory card with CPU 50 via the input / output unit 607. Next, an e-mail in which the signed document is described is received from the transmission / reception unit 601, and the received e-mail is output to the password restoration reception unit 605.

  Next, if the master password can be restored from the memory card with CPU 50 via the input / output unit 607, the master password is received, the received master password is output to the display unit 604, and the password restoration accepting process ends. Let it. If the restoration of the master password is impossible, it receives the restoration impossible information, outputs the received restoration impossible information to the display unit 604, and ends the password restoration accepting process.

(C) In the case of using the master password In the case of using the master password, since it is the same as the case of using the master password of the control unit 203 shown in the configuration of the mobile phone 20 of the password recovery system 1, the description is omitted. .
(D) In the case of using the network service In the case of using the network service, it is the same as the case of using the network service of the control unit 203 shown in the configuration of the mobile phone 20 of the password recovery system 1, and the description is omitted. .

(E) When Registering / Changing the Master Password When registering / changing the master password, the master plaintext information received from the key input unit 602 is output to the encryption unit 606.
(F) When Registering / Changing a Service Password When registering / changing a service password, the service plaintext information received from the key input unit 602 is output to the encryption unit 606.

(G) In the case of registration / change of the decryption key In the case of registration / change of the decryption key, the decryption key information is received from the key input unit 602, and the received decryption key information is transmitted to the CPU via the input / output unit 607. Output to the attached memory card 50.
In the case of changing the decryption key, after updating the decryption key, it receives the encryption key change instruction information from the memory card with CPU 50 and outputs the received encryption key change instruction information to the display unit 604.

(4) Display unit 604
The display unit 604 receives encryption key change instruction information from the control unit 603 when the decryption key stored in the decryption key storage unit 502 of the memory card with CPU 50 is changed, and uses the received encryption key change instruction information to change the decryption key. A screen for inputting the master password and an encryption key for encrypting the master password is displayed, and the user is prompted for input.

When the master password is restored, the master password or the restoration impossible information is received from the control unit 603, and the received master password or the restoration impossible information is displayed.
When the master password is used, receivable information or non-reception information is received from the control unit 603, and the received receivable information or non-reception information is displayed.
Also, screen display similar to that of a conventional mobile phone is performed.

(5) Password recovery reception unit 605
The password recovery accepting unit 605 is activated by the control unit 603 at the time of password recovery, receives an e-mail from the control unit 603, acquires a signed document from the received e-mail, and transmits the acquired signed document via the input / output unit 607. Output to the memory card 50 with CPU.
(6) Encryption unit 606
When registering / changing the master password, the encryption unit 606 receives the master plaintext information from the control unit 603, encrypts the master password using the encryption key included in the received master plaintext information, and generates master encryption information. When the service password is registered / changed, the service plaintext information is received from the control unit 603, the service password is encrypted using the master password as an encryption key, and service encryption information is generated.

Next, the encryption unit 606 outputs the master encryption information or the service encryption information to the memory card with CPU 50 via the input / output unit 607.
(7) Input / output unit 607
The input / output unit 607 is the same as the input / output unit 207 shown in the configuration of the mobile phone 20 of the password recovery system 1, and the description is omitted.

2.5 Outline of Operation of Password Recovery System 2 Here, an outline of each operation of the password recovery system 2 will be described.
(1) Outline of Operation when Registering Guarantor Information Here, an outline of the operation of registering guarantor information will be described with reference to a flowchart shown in FIG.

The mobile phone 60 receives an instruction for new registration or change of guarantor information from the user (step S600). Next, the guarantor information is received, and the registration information including the received new registration or change instruction and the guarantor information is output to the memory card with CPU 50 (step S605).
The memory card with CPU 50 uses the received registration information to newly register guarantor information when the processing content is new registration, and to change the guarantor information to be changed when the processing content is changed. Is updated (step S610).

(2) Outline of Operation when Registering Master Password Here, an outline of the operation of registering the master password will be described with reference to a flowchart shown in FIG.
The mobile phone 60 receives an instruction for new registration or change as the processing content (step S650). Next, the master password and the encryption key are received from the user (step S655), the received master password is encrypted using the received encryption key, and the master encryption information including the processing content and the encrypted master password is stored in the CPU. Output to the memory card 50 (step S660).

Using the received master encryption information, the CPU-equipped memory card 50 performs new registration of the master password in the case of new registration, and updates the master password in the case of change (step S665).
(3) Outline of Operation at the Time of Registering a Service Password The outline of the operation at the time of registering a service password is the same as the outline of the operation of the password recovery system 1 at the time of registering a service password, and a description thereof will be omitted.

(4) Outline of Operation at Decryption Key Registration Here, an outline of the operation of decryption key registration will be described.
(A) In the case of new registration Here, the outline of the operation of new registration of a decryption key will be described using the flowchart shown in FIG.

The mobile phone 60 receives an instruction to newly register a decryption key from the user (step S700). Next, a decryption key is received, and decryption key information including the received new registration instruction and decryption key is output to the memory card with CPU 50 (step S705).
The memory card with CPU 50 newly registers the decryption key using the received decryption key information (step S710).

(B) Case of Change Here, an outline of the operation of changing the decryption key will be described with reference to the flowchart shown in FIG.
The mobile phone 60 receives an instruction to change the decryption key from the user (step S750). Next, the master password is accepted, and the accepted master password is output to the memory card with CPU 50 (step S755).

The CPU-equipped memory card 50 performs a master password verification process using the received master password, and outputs acceptable information to the mobile phone 60 (step S760).
Next, the mobile phone 60 receives the decryption key, and outputs decryption key information including the received change instruction and the decryption key to the memory card with CPU 50 (step S765).

The memory card with CPU 50 updates the decryption key using the received decryption key information, and outputs the encryption key change instruction information to the mobile phone 60 via the input / output unit 511 (step S770).
The mobile phone 60 receives the encryption key change instruction information from the memory card with CPU 50, instructs the user to input a master password and an encryption key for encrypting the master password, and inputs the master password and the master password from the user. An encryption key for encryption is received (step S775).

Next, the received master password is encrypted using the received encryption key, and master encryption information including the processing content indicating the change of the master password and the encrypted master password is output to the memory card with CPU 50 (step). S780).
The memory card with CPU 50 updates the master password using the master encryption information (step S785).

(5) Outline of Operation at the Time of Password Restoration Here, an outline of the operation of password restoration will be described with reference to a flowchart shown in FIG.
The mobile phone 60 receives password recovery instruction information from the user (step S800), starts password recovery reception processing, obtains time information, and stores the obtained time information and the received password recovery instruction information in a memory card with a CPU. The data is output to the device 50 (step S805).

The memory card with CPU 50 receives the password restoration instruction information and the time information (step S810), calculates an expiration date using the received time information and the stored time limit, and temporarily stores the calculated expiration date. (Step S815).
Next, the mobile phone 60 receives the e-mail including the signed document from the guarantor, obtains the signed document from the received e-mail using the password restoration reception processing, and stores the obtained signed document in the memory card with CPU. The data is output to the device 50 (step S820).

  The memory card with CPU 50 stores the received signed document, the public key certificate associated with the guarantor that sent the signed document stored in the password restoration management storage unit 501, and the password restoration setting value information. Using the number of signed documents necessary for password recovery and the calculated expiration date, verify the signature and determine whether the password can be recovered. If password recovery is possible, decrypt the master password. Is output to the mobile phone 60 via the input / output unit 511, and when the password cannot be restored, the restoration impossible information is output to the mobile phone 60 via the input / output unit 511 (step S825).

The mobile phone 60 displays the master password or the restoration impossible information received from the CPU-equipped memory card 50 on the display unit 604, and ends the password restoration accepting process (step S830).
(6) Outline of Operation at Verification of Master Password The outline of the operation at the time of verification of the master password is the same as the outline of the operation of the password recovery system 1 at the time of verification of the master password, and a description thereof will be omitted.

In the verification process of the master password performed by the CPU-equipped memory card 50, the master password is decrypted using the decryption key stored in the decryption key storage unit 502 in order to decrypt the encrypted master password.
(7) Outline of Operation at the Time of Obtaining Service Password The outline of the operation at the time of obtaining the service password is the same as the outline of the operation of the password recovery system 1 at the time of obtaining the service password, and therefore, the description is omitted.

2.6 Operation of Signature Document Verification Process The operation of the signed document verification process performed by the memory card with CPU 50 when the master password is restored will be described with reference to the flowcharts shown in FIGS.
The password restoration verification unit 507 receives the password restoration instruction information and the time information from the mobile phone 60, calculates an expiration date, and stores the calculated expiration date (step S850).

  Next, the password restoration verification unit 507 receives the signed document from the mobile phone 60 (step S855), and counts the received signed document as the number of received signed documents (step S860). Next, a public key certificate corresponding to the guarantor that sent the signed document is acquired from the password restoration management storage unit 501 (step S865). The signature is verified using the signed document and the public key certificate, and it is determined whether or not the user is a registered guarantor (step S870).

  If the guarantor that sent the signed document is a registered guarantor, the password restoration verification unit 507 checks the expiration date of the time stamp added to the signed document (step S875). If not, the received signed document is counted as the number of valid signed documents (step S880). It is determined whether the number of valid signed documents has reached the number of signed documents required for password recovery (step S885). If the number of signed documents required for password recovery has been reached, decryptable information is output to decryption section 510, and decryption processing is performed by decryption section 510 (step S890). Next, the master password decrypted by decryption section 510 is received, and the decrypted master password is output to mobile phone 60 (step S895).

  If the signed document received is not from the guarantor, has expired, or the number of valid signed documents has not reached the number required for password recovery, the number of signed documents received shall be: It is determined whether the number matches the number of guarantors stored in the password recovery management storage unit 501 (step S900). If they match, the restoration impossible information is output to the mobile phone 60 (step S905). If they do not match, the process returns to step S855 to accept the next signed document.

2.7 Operation of Master Password Verification Processing The operation of the master password verification processing is the same as the operation of the master password verification processing of the password recovery system 1, and thus the description is omitted.
2.8 Operation of Service Password Acquisition Process The operation of the service password acquisition process is the same as the operation of the service password acquisition process of the password recovery system 1, and therefore the description is omitted.

2.9 Decoding Process Operation Here, the decoding process operation will be described with reference to the flowchart shown in FIG.
The decryption unit 510 receives the recoverable information, the master decryption information, or the service decryption information from the password recovery verification unit 507, the master password verification unit 508, or the service password acquisition unit 509 (step S950).

The decryption unit 510 acquires the decryption key from the decryption key storage unit 502 (Step S955), and then acquires the encrypted master password from the master password storage unit 503 (Step S960).
The decryption unit 510 decrypts the encrypted master password using the obtained decryption key (step S965).

Next, it is determined whether the received information is service decryption information (step S970).
If it is the service decryption information, the record is acquired from the service password registration table 300 of the service password storage unit 504 (step S975). The encrypted service password included in the acquired record is decrypted using the decrypted master password as a decryption key (step S980). The decrypted service password is output to the service password acquisition unit 509 (step S985).

If the received password is not service decryption information, the decrypted master password is output to the password restoration verification unit 507 or the master password verification unit 508 (step S990).
2.10 Modification A description will be given of a password recovery system 2A as a modification of the second embodiment.

The password recovery system 2A, like the password recovery system 2, introduces a guarantor system to perform password recovery.
The password recovery system 2A receives the signed document from the guarantor terminal 40 shown in FIG. 19, and performs password recovery using the received signed document. Since the guarantor terminal 40 has already been described, the description is omitted here.

<Configuration of Password Recovery System 2A>
The password recovery system 2A includes a memory card with CPU 50A shown in FIG. 30 and a mobile phone 60A.
If the user forgets the password when using the function managed by the password, the user inserts the memory card with CPU 50A into the mobile phone 60A and attaches a signature from the guarantor designated by the user. Have the document sent by e-mail. The mobile phone 60A receives the signed document and notifies the received signed document to the memory card with CPU 50A.

  The memory card with CPU 50A determines whether the received signed document is a signed document valid for password recovery, and if the received signed document is determined to be a signed document valid for password recovery, the received signed document is received. The signed document is counted as the number of signed documents effective for password recovery. When the counted number reaches the number of pre-stored signed documents necessary for password recovery, the memory card with CPU 50A reads out the pre-stored encrypted password and reads out the read-out encrypted password. The encrypted password is decrypted, and the function used by the user is activated using the decrypted password.

When the password recovery system 2A receives information for identifying the function to be used and the password, the password recovery system 2A activates the function to be used by the user when the received password is a valid password. Here, the password is referred to as a master password.
<Configuration of Memory Card with CPU 50A>
Here, the configuration of the memory card with CPU 50A will be described.

  As shown in FIG. 30, the memory card with CPU 50A includes a password recovery management storage unit 501A, a decryption key storage unit 502A, a master password storage unit 503A, a password recovery management information registration unit 505A, a password registration unit 506A, and a password recovery verification unit. 507A, a master password verification unit 508A, a decryption unit 510A, an input / output unit 511A, and a usage information storage unit 520A.

The memory card with CPU 50A is, specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. The ROM stores a computer program. The microprocessor operates according to the computer program, so that the memory card with CPU 50A achieves its functions.
(1) Usage information storage unit 520A
The usage information storage unit 520A has an electronic money function 521A and a schedule function 522A.

The electronic money function 521A is a function that gives a monetary value to digital data and enables the purchase of a product on the Internet. The schedule function 522A is a function of recording and managing a user's schedule and the like.
(2) Password recovery management storage unit 501A
The password recovery management storage unit 501A is the same as the password recovery management storage unit 501, and a description thereof will not be repeated.

(3) Decryption key storage unit 502A
Since the decryption key storage unit 502A is similar to the decryption key storage unit 502, the description is omitted.
(4) Master password storage unit 503A
The master password storage unit 503A stores a master password encrypted using an encryption key set by the user.

The master password manages the electronic money function 521A and the schedule function 522A stored in the usage information storage unit 520A. When the user wants to use the function stored in the usage information storage unit 520A, the user inputs information for identifying the function to be used and a master password.
To change the decryption key, the decryption key stored in the decryption key storage unit 502A is changed, and the master password is re-encrypted with the encryption key associated with the changed decryption key. Need to remember the master password.

(5) Password recovery management information registration unit 505A
The password restoration management information registration unit 505A is the same as the password restoration management information registration unit 505, and thus the description is omitted.
(6) Password registration unit 506A
The password registration unit 506A registers and updates a master password or a decryption key for decrypting the master password.

Note that the registration / update of the master password is the same as the registration / update of the master password in the password registration unit 506, and thus the description is omitted. Also, the registration / update of the decryption key for decrypting the master password is the same as the registration / update of the decryption key for decrypting the master password of the password registration unit 506, and therefore the description is omitted.
(7) Password recovery verification unit 507A
The password restoration verification unit 507A stores in advance password restoration setting value information including the number of signed documents required for password restoration and the time limit for password restoration.

  The password recovery verification unit 507A includes password recovery instruction information indicating a password recovery instruction from the mobile phone 60A via the input / output unit 511A at the time of master password recovery, time information indicating the time when the password recovery reception process is started, and It receives function identification information for identifying a function desired to be used among functions stored in the information storage unit 520A, and calculates an expiration date during which password recovery can be performed based on the received time information and a time limit included in the password recovery information. Then, the calculated expiration date and the received function identification information are temporarily stored. Next, the signed document received by the mobile phone 60A from the mobile phone 60A via the input / output unit 511A is received, and the received signed document is counted as the number of received signed documents.

  Next, the password restoration verification unit 507A reads the public key certificate corresponding to the guarantor that sent the signed document from the password restoration management storage unit 501A, and uses the read public key certificate and the received signed document. The signature verification is performed to determine whether the received signed document is the guarantor's own, and using the time stamp attached to the received signed document, whether the received signed document is within the validity period If the received signed document is the guarantor's own and has not expired, the received signed document is counted as the number of signed documents valid for password recovery.

  When the number of signed documents valid for password recovery reaches the number of signed documents necessary for password recovery, the password recovery verification unit 507A recovers information including information for instructing the decryption unit 510A to decrypt the master password. Output possible information. Further, master password restoration completion information indicating that the restoration of the master password is completed is output to mobile phone 60A via input / output unit 511A.

Next, password recovery verification section 507A receives the master password decrypted from decryption section 510A, and outputs the received decrypted master password and function identification information to master password verification section 508A.
When the number of received signed documents has not reached the number of guarantors stored in the password recovery management storage unit 501A and the number of valid signed documents has not reached the number of signed documents required for password recovery. Waits for the receipt of the next signed document.

The password restoration verification unit 507A receives the signed documents from all the guarantors stored in the password restoration management storage unit 501A, and when the number of valid signed documents does not reach the number of signed documents necessary for password restoration. , The restoration impossible information including the information indicating that restoration is impossible is output to the mobile phone 60A via the input / output unit 511A.
(8) Master password verification unit 508A
Master password verification unit 508A receives a master password and function identification information from mobile phone 60A via password recovery verification unit 507A or input / output unit 511A.

Note that the method of verifying the master password is the same as that of the master password verification unit 107A shown in the modification of the first embodiment, and a description thereof will be omitted.
(9) Decoding section 510A
The decryption unit 510A performs a process of decrypting the encrypted master password.
Note that the decryption of the master password is the same as the decryption of the master password performed by decryption section 510, and a description thereof will not be repeated.

(10) Input / output unit 511A
The input / output unit 511A outputs the information received from the mobile phone 60A to the password restoration management information registration unit 505A, the password registration unit 506A, the password restoration verification unit 507A, or the master password verification unit 508A.
Also, it outputs the information received from password registration unit 506A, password recovery verification unit 507A or master password verification unit 508A to mobile phone 60A.

<Configuration of mobile phone 60A>
Here, the configuration of the mobile phone 60A will be described.
As shown in FIG. 30, the mobile phone 60A includes a transmission / reception unit 601A, a key input unit 602A, a control unit 603A, a display unit 604A, a password restoration reception unit 605A, an encryption unit 606A, and an input / output unit 607A.

Specifically, the mobile phone 60A is a computer system including a microprocessor, a ROM, a RAM, a display unit, and the like. The ROM stores a computer program. The mobile phone 60A achieves its functions by the microprocessor operating according to the computer program.
Further, the mobile phone 60A has a speaker unit, a microphone unit, a transmission unit, a memory unit, and the like, as in the case of the conventional mobile phone, and operates as a normal mobile phone.

(1) Transmission / reception unit 601A
The transmission / reception unit 601A is the same as the transmission / reception unit 201 shown in the configuration of the mobile phone 20 of the password recovery system 1, and the description is omitted.
(2) Key input unit 602A
The key input unit 602A includes a dial key, a function key, or a control key. When registering or changing guarantor information, the key input unit 602A receives an input of guarantor information and outputs the received guarantor information to the control unit 603A.

When the master password is used, the input of the master password is accepted, and the accepted master password is output to the control unit 603A.
At the time of master password restoration, password restoration instruction information and function identification information are received, and the received password restoration instruction information and function identification information are output to control unit 603A.
At the time of registration / change of the master password, master plaintext information including processing contents indicating new registration or change, the master password, and an encryption key for encrypting the master password is received, and the received master plaintext information is output to the control unit 603A. I do.

  At the time of registration / change of a decryption key for decrypting the encrypted master password, input of decryption key information is accepted and output to the control unit 603A. When the decryption key is changed, the master password is re-encrypted after the change of the decryption key, so that the processing contents indicating the change, the master password, and the master password associated with the decryption key are encrypted. The master plaintext information including the encryption key is received, and the received master plaintext information is output to the control unit 603A.

When any one of the electronic money function 521A and the schedule function 522A stored in the usage information storage unit 520A is used, the input of the master password and the function identification information is received, and the received master password and the function identification information are transmitted. Output to control unit 603A.
Also, the same key operation as that of a conventional mobile phone is performed.

(3) Control unit 603A
The control unit 603A controls the operation of the entire mobile phone 60A. Further, the control unit 603A has a clock function for measuring time.
(A) In the case of registration / change of the guarantor In the case of registration / change of the guarantor, the control unit 603A receives the guarantor information from the key input unit 602A, and receives the received guarantor information via the input / output unit 607A. Output to the CPU-equipped memory card 50A.

(B) At the time of master password recovery At the time of password recovery, when password recovery instruction information and function identification information are received from the key input unit 602A, password recovery reception processing of the password recovery reception unit 605A is started, and the timekeeping function is used. Get time information. The control unit 603A outputs the received password restoration instruction information and function identification information, and the acquired time information to the memory card with CPU 50A via the input / output unit 607A. Next, an e-mail in which the signed document is described is received from the transmission / reception unit 601A, and the received e-mail is output to the password restoration reception unit 605A.

Next, when master password restoration completion information is received from the memory card with CPU 50A via the input / output unit 607A, the password restoration acceptance processing ends. If the restoration of the master password is not possible, the restoration impossible information is received, the received restoration impossible information is output to the display unit 604A, and the password restoration accepting process ends.
(C) When Using the Function of the Usage Information Storage Unit 520A When using either the electronic money function 521A or the schedule function 522A, the master password and the function identification information are received from the key input unit 602A and received. The master password and the function identification information are output to the memory card with CPU 50A via the input / output unit 607A.

Next, when the non-reception information is received from the memory card with CPU 50A via the input / output unit 607A, the received non-reception information is output to the display unit 604A.
(D) When Registering / Changing the Master Password The registration / change of the master password is the same as the registration / change of the master password in the control unit 603, and thus the description is omitted.

(E) In the case of registration / change of the decryption key The registration / change of the decryption key is the same as the registration / change of the decryption key in the control unit 603, and the description is omitted.
(4) Display unit 604A
The display unit 604A receives the encryption key change instruction information from the control unit 603A when the decryption key stored in the decryption key storage unit 502A of the memory card with CPU 50A is changed, and uses the received encryption key change instruction information to change the decryption key. A screen for inputting the master password and an encryption key for encrypting the master password is displayed, and the user is prompted for input.

Upon receiving the restoration impossible information from the control unit 603A at the time of master password restoration, the received restoration impossible information is displayed.
When the non-reception information is received from the control unit 603A when the function of the usage information storage unit 520A is used, the received non-reception information is displayed.
Also, screen display similar to that of a conventional mobile phone is performed.

(5) Password recovery reception unit 605A
The password restoration accepting unit 605A is the same as the password restoration accepting unit 605, and a description thereof will be omitted.
(6) Encryption unit 606A
When registering / changing the master password, the encryption unit 606A receives the master plaintext information from the control unit 603A, encrypts the master password using the encryption key included in the received master plaintext information, and generates master encryption information.

Next, encryption section 606A outputs the master encryption information to memory card with CPU 50A via input / output section 607A.
(7) Input / output unit 607A
Since the input / output unit 607A is the same as the input / output unit 607, the description is omitted.
<Operation Overview of Password Recovery System 2A>
Here, an outline of each operation of the password recovery system 2A will be described.

(1) Outline of Operation when Registering Guarantor Information Since the outline of the operation of registering guarantor information is the same as the flowchart shown in FIG. 22, description thereof will be omitted.
(2) Outline of Operation when Registering Master Password The outline of the operation of registering the master password is the same as the flowchart shown in FIG.

(3) Outline of Operation at Decryption Key Registration The outline of the operation of new registration of a decryption key is the same as that in the flowchart shown in FIG. The outline of the operation of changing the decryption key is the same as that of the flowchart shown in FIG. 25, and thus the description is omitted.
(4) Outline of Operation at the Time of Restoring Password Here, an outline of the operation of restoring the password will be described with reference to a flowchart shown in FIG.

The mobile phone 60A receives the password restoration instruction information and the function identification information from the user (step S1000), starts the password restoration reception processing, acquires the time information, acquires the acquired time information, the received password restoration instruction information, and The function identification information is output to the memory card with CPU 50 (step S1005).
The memory card with CPU 50 receives the password restoration instruction information, the function identification information, and the time information (step S1010), calculates an expiration date using the received time information and the stored time limit, and calculates the calculated validity period. The term and the received function identification information are temporarily stored (step S1015).

Next, the mobile phone 60A receives an e-mail including the signed document from the guarantor, obtains the signed document from the received e-mail using the password restoration reception processing, and stores the obtained signed document in the memory card with CPU. Output to 50A (step S1020).
The memory card with CPU 50A stores the received signed document, the public key certificate associated with the guarantor that sent the signed document stored in the password restoration management storage unit 501A, and the password restoration setting value information. Using the number of signed documents necessary for password recovery included and the calculated expiration date, verify the signature and determine whether the password can be recovered, and if the password can be recovered, decrypt the master password, The password recovery completion information is output to the mobile phone 60A via the input / output unit 511A (step S1025). If the password cannot be restored in step S1020, restoration impossible information is output to mobile phone 60A via input / output unit 511A.

The memory card with CPU 50A performs a master password verification process using the decrypted master password (step S1035).
When the mobile phone 60A receives the password recovery completion information from the CPU-equipped memory card 50A, the mobile phone 60A ends the password recovery accepting process, and when the mobile phone 60A receives the recovery impossible information, displays the received recovery impossible information on the display unit 604A. Then, the password recovery accepting process is terminated (step S1030).

(5) Outline of Operation at Verification of Master Password The outline of the operation at the time of verification of the master password is the same as the outline of the operation of the password recovery system 1 at the time of verification of the master password.
In the master password verification process performed by the CPU-equipped memory card 50A, the master password is decrypted using the decryption key stored in the decryption key storage unit 502A in order to decrypt the encrypted master password.

(6) Operation of Signed Document Verification Process Here, the operation of the signed document verification process will be described with reference to flowcharts shown in FIGS.
In the signed document verification process, after performing the decryption process in step S890, step S895 is changed to the following operation.

The password recovery verification unit 106A receives the master password decrypted by the decryption unit 510A, outputs the decrypted master password and the function identification information to the master password verification unit 508A, and outputs the master password to the master password verification unit 508A. Perform verification processing.
(7) Operation of Master Password Verification Processing Here, the operation of the master password verification processing will be described with reference to the flowchart shown in FIG.

Master password verification unit 508A receives the master password and function identification information from password recovery verification unit 507A or mobile phone 60A (step S1050).
Next, master password verification section 508A outputs the master decryption information to decryption section 510A, and decryption processing is performed by decryption section 510A (step S1055).
Next, master password verification section 508A receives the decrypted master password from decryption section 510A, and determines whether or not the received master password matches the master password received from password recovery verification section 507A or mobile phone 60A. Perform (step S1060).

If they match, the function corresponding to the function identification information received from the password restoration verification unit 507A or the mobile phone 60A is activated (step S1065). If they do not match, the master password acceptance information is output to the mobile phone 60A (step S1070).
(8) Decoding Process Operation Here, the decoding process operation will be described with reference to the flowchart shown in FIG.

First, in step S950, a change is made to receive restorable information or master decryption information.
Steps S970 to S985 are deleted. That is, after performing step S965, the process is changed to perform step S990.
The output destination of the master password performed in step S990 is the password recovery verification unit 507A or the master password verification unit 508A.

<Other modifications>
The above-described embodiment and its modifications are merely examples of the present invention, and the present invention is not limited to this embodiment at all, and may be implemented in various modes without departing from the scope. Can be done. The following cases are also included in the present invention.
(1) In the password recovery system 2, a signed document may be used as a master password. At this time, the master password is restored as follows.

First, upon receiving the signed document, the CPU-attached memory card 50 determines whether or not the received signed document is the guarantor's own document and has not expired.
If it is the guarantor's own and it is determined that it is within the expiration date, it is determined whether the master password matches the received signed document. If they match, the signed document is displayed on the mobile phone 60. If they do not match, the restoration impossible information is displayed on the mobile phone 60.

Similarly, in the password recovery system 2A, a signed document may be used as a master password. At this time, the master password is restored as follows.
First, the memory card with CPU 50A receives the password restoration instruction information and the function identification information, calculates an expiration date, and temporarily stores the calculated expiration date and the received function identification information. Next, when the signed document is received, it is determined whether or not the received signed document is the guarantor's own and has not expired.

If it is the guarantor's own and it is determined that it is within the expiration date, it is determined whether the master password matches the received signed document. If they match, the function corresponding to the temporarily stored function identification information is activated. If they do not match, the restoration impossible information is displayed on the mobile phone 60A.
(2) In the password recovery system 2, the master password is displayed after the recovery of the master password, but the present invention is not limited to this. After restoring the master password, access to the service password storage unit 504 may be enabled so that the service password can be used.

In addition, after restoring the master password in the password restoration system 2A, the function corresponding to the function identification information is activated, but the present invention is not limited to this. After restoring the master password, access to the function corresponding to the function identification information may be enabled so that the function can be used.
(3) In the password recovery system 2A, the memory card with CPU 50A includes a memory, which is an area for storing a data file, in the usage information storage unit 520A. When the master password is recovered, the master password recovery instruction information, the time information, and the memory are stored. May be received, and the memory may be used after the master password is restored.

  (4) In the password recovery system 2, the master password is encrypted and stored, but the present invention is not limited to this. The master password may be stored without encryption. In this case, it is assumed that the master password storage unit 503 is an area having tamper resistance. Similarly, the service password may be stored without being encrypted. In this case, the service password storage unit 504 is an area having tamper resistance.

Similarly, the password recovery system 2A may store the master password without encryption. In this case, it is assumed that the master password storage unit 503A is an area having tamper resistance.
(5) In the password recovery system 2, the password recovery setting value information includes the number of signed documents necessary for password recovery and the time limit for performing password recovery, but is not limited to this. The password restoration setting value information may include the number of signed documents required for password restoration, or may include a time limit for performing password restoration.

Similarly, in the password recovery system 2A, the password recovery setting value information may include the number of signed documents required for password recovery, or may include a time limit for performing password recovery.
(6) In the password recovery system 2, the memory card with CPU 50 previously stores the password recovery setting value information, but is not limited to this. The password recovery setting value information may be received by the mobile phone 60 at the time of password recovery. At this time, the memory card with CPU 50 receives the password restoration set value information and the time information from the mobile phone 60, and calculates the expiration date using the time limit and the time information included in the password restoration set value information. And the calculated expiration date and the number of signed documents necessary for password recovery included in the password recovery setting value information.

  Alternatively, the password recovery setting value information may include an expiration date instead of the time limit, and the mobile phone 60 may receive the password recovery setting value information at the time of password recovery. At this time, the memory card with CPU 50 receives the password recovery setting value information from the mobile phone 60 and stores the expiration date included in the password recovery setting value information and the number of signed documents required for password recovery.

  Similarly, in the password recovery system 2A, the password recovery setting value information may be received by the mobile phone 60A when the password is recovered. At this time, the memory card with CPU 50A receives the password recovery setting value information and the time information from the mobile phone 60A, and calculates the expiration date using the time limit and the time information included in the password recovery setting value information. And the calculated expiration date and the number of signed documents necessary for password recovery included in the password recovery setting value information.

  Alternatively, the password restoration setting value information may include an expiration date instead of the time limit, and the password restoration setting value information may be received by the mobile phone 60A when the password is restored. At this time, the memory card with CPU 50A receives the password recovery setting value information from the mobile phone 60A, and stores the expiration date included in the password recovery setting value information and the number of signed documents required for password recovery.

(7) The above embodiment and the above modifications may be combined.
2.11 Summary of Second Embodiment As described above, the password restoration system 2 sets a signed document from a guarantor designated by the user as information for password restoration. The guarantor can reliably determine whether the password recovery requester is the user himself, and furthermore, the signature data included in the signed document sent to the user ensures that the sender is the guarantor himself. , Security at the time of password recovery is increasing. Therefore, when the password is to be restored when the password is forgotten, the password restoration system 2 receives the signed document created by the guarantor, and stores the received signed document and the publicly stored document stored in the CPU-equipped memory card 50 in advance. The key certificate is used to verify the signature of the received signed document to see if it belongs to the registered guarantor, and only when the received signed document is the guarantor's own, Password recovery for.

  Further, the password restoration system 2 stores in advance the expiration date for receiving the signed document at the time of password restoration, and receives the signed document to which a time stamp indicating the date and time when the signed document was created is added. Accordingly, the password recovery system 2 can determine whether the received signed document is within the expiration date, and that the received signed document is a signed document for the latest request from the user. Has increased its reliability. Thereby, security at the time of password recovery is further improved.

The security of the memory card with CPU 50 itself is improved by encrypting the master password and the service password, storing the encrypted password in the memory card with CPU 50, and decrypting the password when necessary.
In addition, the service password used when using various network services is centrally managed using the master password, the service password is automatically sent to the network service you want to use by entering the master password, and by logging in, the user can Saves memorizing all service passwords.

Further, the password recovery system 2A receives the function identification information at the time of master password recovery, and after the master password recovery, activates the function corresponding to the function identification information by using the recovered master password, thereby enabling the user to perform the function. The input of the master password can be omitted, and the operation is simplified.
<Summary>
The invention according to the second embodiment is a password recovery system in which a portable password recording medium recording a password is mounted on a communication terminal, and the same password is again supplied to a user who has forgotten the password. Wherein the communication terminal includes a signature data generated by digitally signing information for identifying a sender using a secret key, and a password recovery document indicating that the requester of password recovery is the user himself / herself. Receiving means for receiving a signed document from the external communication terminal, and output means for outputting the received signed document to the password recording medium, wherein the password recording medium is generated by the secret key. Public key storage means for storing the generated public key, password storage means for storing the password, and a receiver for receiving the output signed document. Means for reading the public key stored in the public key storage means, performing signature verification using the read public key and the signature data of the received signed document, and receiving the signed document by the sender. Reading means for determining whether or not the password belongs to the sender, and reading the password from the password storage means when the password belongs to the sender.

  According to this configuration, the password recovery system receives the signed document, performs signature verification using the received signed document and the public key stored in the public key storage unit, and transmits the signed document to the sender. Since the password is read in the case of the user himself / herself, the password can be restored only to a valid user of the password. The reason is that usually only the sender who sends the signed document can use the private key, and it is difficult for a third party to use the private key when recovering the password. This is because a person who can use the password will not send a signed document to a third party other than a valid user of the password.

  Here, the password recording medium further includes an expiration date storage unit that stores an expiration date for receiving the signed document, and the receiving unit adds date and time information indicating the date and time when the signed document was created. Receiving the signed document, the reading unit performs signature verification, determines whether the received signed document is the sender's own, and receives the date and time information of the signed document. It is determined whether or not the validity period stored in the validity period storage unit is within the validity period storage unit. If the received signed document belongs to the sender and is within the validity period, the password storage unit The password may be read from.

According to this configuration, the password restoration system can read the password when the received signed document is the sender's own one and the expiration date has not passed.
Here, the password recording medium further includes a signed document number storage unit that stores the number of signed documents necessary for password recovery, and the reading unit performs signature verification, and receives the signed document. Is determined to be the sender's own, and if the received signed document is the sender's own, it is added as the number of signed documents valid for password recovery, and the added signed document is added. The password may be read from the password storage unit when the number has reached the number of signed documents necessary for password recovery stored in the signed document number storage unit.

According to this configuration, the password recovery system can read the password when the number of signed documents valid for password recovery reaches the number required for password recovery.
Further, a communication terminal for supplying the same password again to a user who has forgotten the password, wherein the public key storage means for storing a public key generated by the secret key, and A password storage unit that stores therein, a signature data generated by applying a digital signature to information for identifying a sender using a secret key, and a password recovery document indicating that the requester of the password recovery is the user himself / herself. Receiving means for receiving a signed document comprising an external communication terminal from the external communication terminal, read the public key stored in the public key storage means, using the read public key and signature data of the received signed document, Performs signature verification, determines whether the received signed document is the sender's own, and reads the password from the password storage unit if the document is the sender's own. Characterized in that it comprises a reading means.

  According to this configuration, the communication terminal receives the signed document, performs signature verification using the received signed document and the public key stored in the public key storage unit, and transmits the signed document to the sender. Since the password is read in the case of the user himself / herself, the password can be restored only to a valid user of the password. The reason is that usually only the sender who sends the signed document can use the private key, and it is difficult for a third party to use the private key when recovering the password. This is because a person who can use the password will not send a signed document to a third party other than a valid user of the password.

  Here, the communication terminal further includes an expiration date storage unit that stores an expiration date for receiving the signed document, and the receiving unit adds date and time information indicating the date and time when the signed document was created. Receiving the read signed document, the reading unit reads the public key stored in the public key storage unit, and performs signature verification using the read public key and the signature data of the received signed document. It is determined whether or not the received signed document is the sender's own, and the date and time information of the signed document is within the validity period stored in the received validity period storage means. It may be determined whether or not the received document with the signature is the sender's own one and the expiration date has passed, and the password may be read from the password storage unit.

According to this configuration, the communication terminal can read the password when the received signed document is the sender's own one and the expiration date has not passed.
Here, the communication terminal further comprises a signed document number storage unit for storing the number of signed documents required for password recovery, and the reading unit performs signature verification, and receives the received signed document. Is determined to be the sender's own, and if the received signed document is the sender's own, it is added as the number of signed documents valid for password recovery, and the added signed document is added. When the number reaches the number of signed documents necessary for password recovery stored in the signed document number storage means, the password may be read from the password storage means.

According to this configuration, the communication terminal can read the password when the number of signed documents valid for password recovery reaches the number required for password recovery.
Here, the communication terminal may further include display means for displaying the password read by the reading means.
According to this configuration, the communication terminal can display the read password.

Here, the communication terminal further stores the application software corresponding to the password by using an application storage unit storing the application software corresponding to the password and the password read by the reading unit. And an application executing means for executing the application.
According to this configuration, the communication terminal can execute application software corresponding to the read password.

  Further, a portable password recording medium for supplying the same password again to a user who has forgotten the password, wherein the public key storage means stores a public key generated by a secret key, Password data storage means for storing a password; and signature data generated by digitally signing information for identifying a sender from a communication terminal equipped with the password recording medium using a secret key, and password recovery information. A receiving unit that receives a signed document including a password recovery document indicating that the requester is the user himself, a public key stored in the public key storage unit, and the read public key and the received signature data Is used to perform signature verification, and determine whether the received signed document is the sender's own or not. Characterized in that it comprises from over de storage means and reading means for reading the password.

  According to this configuration, the password recording medium receives the signed document from the communication terminal, performs signature verification using the received signed document and the public key stored in the public key storage unit, and outputs the signed document. If the password is the sender itself, the password is read out, so that the password can be restored only to the authorized user of the password. The reason is that usually only the sender who sends the signed document can use the private key, and it is difficult for a third party to use the private key when recovering the password. This is because a person who can use the password will not send a signed document to a third party other than a valid user of the password.

  Here, the password recording medium further includes an expiration date storage unit that stores an expiration date for receiving the signed document, and the password recording medium generates a signed document from the communication terminal. Receiving a signed document to which date and time information indicating date and time has been added, the reading means performs signature verification, determines whether or not the received signed document is the sender's own, and It is determined whether or not the date and time information of the document is within the range of the expiration date stored in the received expiration date storage unit, and the received signed document is the sender's own and is within the expiration date. In this case, a password may be read from the password storage unit.

According to this configuration, the password recording medium can read the password when the signed document received from the communication terminal is the sender's own one and the expiration date is not exceeded.
Here, the password recording medium further includes a signed document number storage unit that stores the number of signed documents necessary for password recovery, and the reading unit performs signature verification, and receives the signed document. Is determined to be the sender's own, and if the received signed document is the sender's own, it is added as the number of signed documents valid for password recovery, and the added signed document is added. When the number reaches the number of signed documents necessary for password recovery stored in the signed document number storage means, the password may be read from the password storage means.

According to this configuration, the password recording medium can read the password when the number of signed documents valid for password recovery reaches the number necessary for password recovery.
Here, the password recording medium may further include an output unit that outputs the password read by the reading unit to the communication terminal.
According to this configuration, the password recording medium can output the read password to the communication terminal.

Here, the password recording medium further stores the application software corresponding to the password by using an application storage unit that stores the application software corresponding to the password, and the password read by the reading unit. And an application executing means for executing the application.
According to this configuration, the password recording medium can execute application software corresponding to the read password.

  A password recovery method used for a portable password recording medium for supplying the same password again to a user who has forgotten a password, wherein the password recording medium stores a public key generated by a secret key. A public key storage means for storing the password, and a password storage means for storing the password, wherein the password restoring method uses a secret key to identify a sender from a communication terminal equipped with the password recording medium. A receiving step of receiving a signed document including signature data generated by applying a digital signature to the identification information and a password recovery document indicating that the password recovery requester is the user himself; The stored public key is read, signature verification is performed using the read public key and the received signature data, and the received public key is received. Named document determines whether or not the sender himself, characterized in that it comprises a reading step of reading the password from the password storing means when those senders themselves.

  A password recovery program used for a portable password recording medium that supplies the same password again to a user who has forgotten the password, wherein the password recording medium stores a public key generated by a secret key. A public key storage means for storing the password, and a password storage means for storing the password, wherein the password recovery program uses a secret key to identify a sender from a communication terminal equipped with the password recording medium. A receiving step of receiving a signed document including signature data generated by applying a digital signature to the identification information and a password recovery document indicating that the password recovery requester is the user himself; The stored public key is read, and signature verification is performed using the read public key and the received signature data. Signed document received is determined whether or not the sender himself, characterized in that it comprises a reading step of reading the password from the password storing means when those senders themselves.

  A computer-readable program recording medium recording a password recovery program used in a portable password recording medium for supplying the same password again to a user who has forgotten the password, wherein the password recording medium Comprises a public key storage means for storing a public key generated by a secret key, and a password storage means for storing the password, wherein the password recovery program is mounted with the password recording medium. A signed document comprising signature data generated by digitally signing information for identifying a sender using a secret key from a communication terminal, and a password recovery document indicating that the requester of password recovery is the user himself / herself. Receiving the public key and reading the public key stored in the public key storage means. Using the received public key and the received signature data, signature verification is performed, and it is determined whether or not the received signed document is the sender's own. Reading a password from the means.

3. Conclusion As described above, according to the present invention, the use of the outgoing telephone number notification service or the introduction of the guarantor system in order to judge whether or not the password can be restored requires the requester of the password restoration to be sure of the user himself / herself. Password recovery based on the recognition that the password is restored, the security at the time of password recovery is enhanced, and the possibility that a third party will know the password and reduce the possibility of spoofing or acquiring or falsifying user-owned data is reduced. In addition, users can use network services with greater security than ever before.

Further, the security of the memory card with CPU itself is also improved by encrypting the master password and the service password, storing the encrypted password in the memory card with CPU, and decrypting it when necessary.
In addition, the service password used when using various network services is centrally managed using the master password, the service password is automatically sent to the network service you want to use by entering the master password, and by logging in, the user can Saves memorizing all service passwords.

<Other modifications>
Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) In the first embodiment, the registration number is the telephone number of the telephone line to which the user has subscribed. However, the registration number may be the telephone number of a mobile phone.

(2) In the first embodiment, when a registration number is newly registered, the telephone number is input from the key input unit, but the telephone number is connected to the telephone line in which the newly registered telephone number is set. It is also possible to make a call from a telephone, obtain a telephone number, and register it in the password restoration management storage unit.
At this time, after acquiring the telephone number, the acquired telephone number is displayed on the display unit, and the user confirms the displayed telephone number, and then performs a registration instruction from the key input unit to newly register.

  (3) In the first embodiment, when the registration number is changed, the telephone number is input from the key input unit. However, the telephone number is changed from the telephone connected to the telephone line in which the telephone number to be changed is set. Make a phone call, obtain a phone number, and only if the master password entered to confirm the identity of the user matches the master password stored in the master password storage, save the password You can make changes to.

When the master password is re-encrypted after the change to the password recovery management storage unit, the master password and the registration number are input from the key input unit.
(4) In the first embodiment, each service password is managed using the master password. However, when each service password is managed without using the master password, each service password is managed. The registration number may be set as the information for restoring the service, and the service password may be restored.

In this case, each service password may be encrypted and stored using the corresponding registration number as an encryption key, and the registration number may be used as a decryption key during decryption. Alternatively, the area for storing each service password may be a tamper-resistant area, and each service password may be stored without encryption.
(5) In the above-described first embodiment, the mobile phone is used as the communication terminal that obtains the reception number when the master password is restored. However, the communication terminal is not limited to the mobile phone and can obtain the reception number. A machine may be used.

  (6) In the first embodiment, a mobile phone is used as a communication terminal for performing input / output with a memory card with a CPU when restoring a master password. Password recovery may be performed with a communication terminal that can input and output. At this time, it is assumed that the reception number has already been temporarily stored in the password restoration verification unit of the memory card with the CPU.

(7) In the first embodiment, the registration number is used as the information for restoring the master password. However, the registration number is used as the key information of the digital safe. It may be used for a mechanism to acquire the contents.
(8) In the first embodiment, a common key encryption method is used for encrypting a master password using a registration number as a common key, but a public key encryption method may be used.

The memory card with the CPU needs to store a decryption key for decrypting the encrypted master password.
(9) In the above-described second embodiment, each service password is managed using the master password. However, when each service password is managed without using the master password, each service password is managed. The service password may be restored by using the signed document as the information at the time of restoration.

In this case, each service password may be encrypted and stored with an encryption key corresponding to the decryption key stored in the memory card with CPU, and decryption may be performed using the decryption key at the time of decryption. Alternatively, the area for storing each service password may be a tamper-resistant area, and each service password may be stored without encryption.
(10) In the second embodiment, the signed document is received by e-mail, but the signed document is stored in a recording medium, and the recording medium and the memory card with CPU can be input and output. May be used to receive the signed document.

(11) In the second embodiment, a mobile phone is used as a communication terminal for receiving an e-mail at the time of master password recovery. However, the communication terminal capable of receiving an e-mail is not limited to a mobile phone. You can use it.
(12) In the above-described second embodiment, a mobile phone is used as a communication terminal for performing input / output with a memory card with a CPU at the time of restoring a master password. Password recovery may be performed using a communication terminal capable of outputting. At this time, it is assumed that the signed document is already temporarily stored in the password restoration verification unit of the memory card with the CPU.

(13) In the second embodiment, the signed document is used as the information for restoring the master password. However, the signed document is used as the key information of the digital safe, and the content of the digital safe is received when the signed document is received. It may be used for a mechanism to acquire.
(14) In the above-described second embodiment, the public key encryption method is used for encrypting the master password, but a common key encryption method may be used.

The decryption key storage unit needs to store an encryption key obtained by encrypting the master password.
(15) In the above embodiment, the password recovery system is configured by the mobile phone and the memory card with the CPU, but may be configured by only the communication terminal such as the mobile phone.

(16) In the above embodiment, the password recovery processing is performed in the memory card with CPU. However, the present invention is not limited to the memory card with CPU, but may be another memory card that can perform the password recovery processing. Further, a center for performing a password recovery process may be provided and the center may perform the process.
(17) In the above embodiment, when the password is forgotten, the password is restored. However, the password may be restored to confirm the registered password.

(18) In the above embodiment, the common password encryption method is used for encrypting the service password using the master password as the common key, but a public key encryption method may be used.
The memory card with the CPU needs to store a decryption key for decrypting the encrypted service password.
(19) The present invention has been applied to the restoration of the master password for the master password that manages certain information (for example, a service password), but is not limited to this. For example, the present invention may be applied to certain information itself.

  For example, the present invention may be applied to a management system that manages information that is not desired to be known to a third party (hereinafter, referred to as “secret information”). When the invention of the first embodiment is applied, the management system displays the secret information only when the reception number and the registration number match, and controls the display so that the displayed secret information can be used. I do. Further, when applying the invention in the second embodiment, the management system displays the confidential information only when the number of valid signed documents received reaches a predetermined number within the validity period. , So that the displayed secret information can be used.

  Here, as a specific example of the management system to which the invention in the first embodiment is applied, only the changed points will be described using a password recovery system 1A. The management system includes a memory card with CPU 10B and a mobile phone 20B. The memory card with CPU 10B is obtained from the memory card with CPU 10A, a master password storage unit 102A, a password registration unit 105A, a master password verification unit 107A, and a decryption unit. 109A is omitted. The mobile phone 20B is configured by omitting the encryption unit 206A from the mobile phone 20A. Further, the usage information storage section provided in the memory card with CPU 10B is an area which cannot be normally accessed.

  When receiving the function identification information and the reception number from the mobile phone 20B, the memory card with CPU 10B determines whether or not the stored registration number and the received reception number match, and determines that they match. Activate the function corresponding to the identification information. For example, if the identification information is information indicating a schedule function, schedule data (for example, the contents of a monthly schedule) is displayed on the mobile phone 20B, and the user can view the displayed schedule data or , Updates are possible. If the memory card with CPU 10B determines that they do not match, it does not activate the function corresponding to the identification information.

That is, the user can use the function stored in the usage information storage unit only when the reception number and the registration number match.
Also, as a specific example of the management system to which the invention in the second embodiment is applied, only the changes will be described using a password recovery system 2A. The management system includes a memory card with CPU 50B and a mobile phone 60B. The memory card with CPU 50B is composed of a memory card with CPU 50A, a decryption key storage unit 502A, a master password storage unit 503A, a password registration unit 506A, and a master password. The configuration is such that the verification unit 508A and the decryption unit 510A are omitted. The mobile phone 60B is configured by omitting the encryption unit 606A from the mobile phone 60A. Further, the usage information storage unit provided in the memory card with CPU 50B is an area that cannot be normally accessed.

  Upon receiving the function identification information and the time information from the mobile phone 60B, the memory card with CPU 50B calculates the expiration date. Next, the memory card with CPU 50B receives the signed document from the mobile phone 60B, and counts the received signed document as the number of received signed documents. Further, a public key certificate corresponding to the guarantor that sent the signed document is obtained from the stored one or more public key certificates, and the obtained public key certificate and the received signed document are used to obtain the public key certificate. The signature verification is performed to determine whether the received signed document is the guarantor's own, and using the time stamp attached to the received signed document, whether the received signed document is within the validity period If the received signed document is the guarantor's own and is within the validity period, the received signed document is counted as the number of valid signed documents. When the number of valid signed documents reaches a predetermined number, a function corresponding to the identification information is activated. For example, if the identification information is information indicating a schedule function, schedule data (for example, the contents of a monthly schedule) is displayed on the mobile phone 60B, and the user can browse the displayed schedule data, Updates are possible. The memory card with CPU 50B receives the signed documents from all the guarantors, and does not activate the function corresponding to the identification information if the number of valid signed documents does not reach the predetermined number.

That is, the user can use the function stored in the usage information storage unit only when the number of valid signed documents received reaches a predetermined number within the validity period.
This makes it possible to manage information that the third party does not want to know other than the password.
(20) The present invention may be the method described above. Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.

  Further, the present invention provides a computer-readable recording medium for reading the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc). ), A semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

Further, according to the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may also be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is executed by another independent computer system. It may be.
(21) The above embodiment and the above modifications may be combined.

  The password recovery system described above manufactures a mobile phone and a memory card with a CPU, which constitute the password recovery system, and a user can use the business management, that is, repeatedly and continuously, in an industry of selling.

FIG. 1 is a diagram showing an overall outline when password recovery is performed by a password recovery system 1. FIG. 1 is a block diagram showing a configuration of a password recovery system 1. 4 shows a data structure of a service password registration table 300 included in the service password storage unit 103 of the password recovery system 1 and the service password storage unit 504 of the password recovery system 2. 5 is a flowchart showing an operation of newly registering a registration number in the password restoration system 1. 5 is a flowchart showing an operation of changing a registration number in the password restoration system 1. 5 is a flowchart showing an operation of registering or changing a master password in the password restoration system 1. 5 is a flowchart showing an operation of registering or changing a service password in the password recovery system 1. 5 is a flowchart showing an operation of the password recovery system 1 at the time of master password recovery. 4 is a flowchart showing an operation when using a master password in the password recovery system 1. 5 is a flowchart showing an operation of the password recovery system 1 when using a network service. 5 is a flowchart showing an operation at the time of registration number verification processing in the password restoration system 1. 5 is a flowchart showing an operation at the time of a master password verification process in the password recovery system 1. 5 is a flowchart showing an operation at the time of a service password acquisition process in the password restoration system 1. 5 is a flowchart showing an operation at the time of decryption processing in the password recovery system 1. FIG. 2 is a block diagram illustrating a configuration of a password recovery system 1A. It is a flowchart which shows the operation | movement at the time of the master password recovery in 1 A of password recovery systems. It is a flowchart which shows the operation | movement at the time of the registration number verification process in 1 A of password recovery systems. It is a flowchart which shows the operation | movement at the time of the master password verification process in 1 A of password recovery systems. FIG. 2 is a diagram showing an overall outline when password recovery is performed by a password recovery system 2; FIG. 2 is a block diagram illustrating a configuration of a password recovery system 2. 4 shows a data structure of a restoration management information table 700 included in a password restoration management storage unit 501. 9 is a flowchart showing an operation of registering guarantor information in the password restoration system 2. 9 is a flowchart showing an operation of registering or changing a master password in the password recovery system 2. 9 is a flowchart showing an operation of newly registering a decryption key in the password recovery system 2. 5 is a flowchart showing an operation of changing a decryption key in the password recovery system 2. 5 is a flowchart showing the operation of the password recovery system 2 at the time of master password recovery. 9 is a flowchart showing an operation at the time of a signed document verification process in the password restoration system 2. It continues to FIG. 9 is a flowchart showing an operation at the time of a signed document verification process in the password restoration system 2. Continued from FIG. 9 is a flowchart showing an operation at the time of decryption processing in the password recovery system 2. FIG. 2 is a block diagram illustrating a configuration of a password recovery system 2A. It is a flowchart which shows operation | movement at the time of master password recovery in 2 A of password recovery systems. It is a flowchart which shows the operation | movement at the time of the master password verification process in 2 A of password recovery systems.

Explanation of reference numerals

DESCRIPTION OF SYMBOLS 1 Password recovery system 10 Memory card with CPU 20 Cellular phone 101 Password recovery management storage unit 102 Master password storage unit 103 Service password storage unit 104 Password recovery management information registration unit 105 Password registration unit 106 Password recovery verification unit 107 Master password verification unit 108 Password obtaining unit for service 109 Decryption unit 110 Input / output unit 201 Transmission / reception unit 202 Key input unit 203 Control unit 204 Display unit 205 Password recovery reception unit 206 Encryption unit 207 Input / output unit 2 Password recovery system 40 Guarantor terminal 50 CPU Attached memory card 60 mobile phone 501 password recovery management storage unit 502 decryption key storage unit 503 master password storage unit 504 service password storage unit 505 Word recovery management information registration unit 506 Password registration unit 507 Password recovery verification unit 508 Master password verification unit 509 Service password acquisition unit 510 Decryption unit 511 Input / output unit 601 Transmission / reception unit 602 Key input unit 603 Control unit 604 Display unit 605 Password recovery reception Unit 606 encryption unit 607 input / output unit

Claims (18)

A password recovery system in which a portable password recording medium recording a password is mounted on a communication terminal and supplies the same password again to a user who has forgotten the password,
The communication terminal,
Receiving means for receiving the caller's first telephone number through the calling telephone number notification service;
Output means for outputting the received first telephone number to the password recording medium,
The password recording medium,
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storage means for storing the password,
Receiving means for receiving the output first telephone number;
Reading means for judging whether or not the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if they match. A password recovery system characterized by the following. The communication terminal further comprises:
Number receiving means for receiving the second telephone number;
Number output means for outputting the second telephone number received by the number reception means to the password recording medium,
The password recording medium further comprises:
2. The password recovery system according to claim 1, further comprising: a writing unit that receives the second telephone number from the communication terminal and writes the received second telephone number into the telephone number storage unit. The number receiving unit further receives a third telephone number different from the second telephone number stored in the telephone number storage unit, and the number output unit further receives the third telephone number received by the number receiving unit. Outputting a third telephone number to the password recording medium,
The communication terminal further comprises:
Password receiving means for receiving a password from a user and outputting the received password to the password recording medium,
The password recording medium further comprises:
Password verification means for verifying whether a password received from the communication terminal matches a password stored in the password storage means;
The writing unit further stores the second telephone number stored in the telephone number storage unit only when the password received from the communication terminal matches the password stored in the password storage unit. The password recovery system according to claim 2, wherein the password is rewritten to a third telephone number. A communication terminal that supplies the same password again to a user who has forgotten the password,
Receiving means for receiving the caller's first telephone number through the calling telephone number notification service;
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storage means for storing the password,
Reading means for judging whether or not the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading out the password from the password storage means if they match. A communication terminal characterized by the above-mentioned. The communication terminal further comprises:
Number receiving means for receiving the second telephone number;
The communication terminal according to claim 4, further comprising: a writing unit that writes the second telephone number received by the number receiving unit into the telephone number storage unit. The number receiving means further receives a third telephone number different from the second telephone number stored in the telephone number storage means,
The communication terminal further comprises:
Password receiving means for receiving a password from a user,
Password verification means for verifying whether the password received by the password reception means matches the password stored in the password storage means,
The writing unit further sets the second telephone number stored in the telephone number storage unit to the third telephone number only when the received password matches the password stored in the password storage unit. The communication terminal according to claim 5, wherein the communication terminal is rewritten. The communication terminal further comprises:
The communication terminal according to claim 6, further comprising a display unit for displaying the password read by the reading unit. The communication terminal further comprises:
Application storage means for storing application software corresponding to the password;
The communication terminal according to claim 6, further comprising: application executing means for executing application software corresponding to the password using the password read by the reading means. In the communication terminal,
The password is the second telephone number, and the reading unit determines whether or not the received first telephone number matches the second telephone number stored in the telephone number storage unit, and matches. The communication terminal according to claim 8, wherein the second telephone number is read from the password storage unit in the case, and the application execution unit executes application software corresponding to the read second telephone number. Machine. A portable password recording medium for supplying the same password again to a user who has forgotten the password,
Receiving means for receiving a first telephone number of a caller received by a caller telephone number notification service from a communication terminal equipped with the password recording medium;
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storage means for storing the password,
Reading means for judging whether or not the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if they match. A password recording medium characterized by the above-mentioned. The password recording medium further comprises:
Number receiving means for receiving the second telephone number from the communication terminal;
The password recording medium according to claim 10, further comprising: a writing unit that writes the second telephone number received by the number receiving unit into the telephone number storage unit. The number receiving means further receives a third telephone number different from the second telephone number stored in the telephone number storage means,
The password recording medium further comprises:
Password receiving means for receiving a password from the communication terminal;
Password verification means for verifying whether or not the password received by the password reception means matches the password stored in the password storage means,
The writing unit further stores the second telephone number stored in the telephone number storage unit only when the password received by the password reception unit matches the password stored in the password storage unit. The password recording medium according to claim 11, wherein the password recording medium is rewritten with the third telephone number. The password recording medium further comprises:
The password recording medium according to claim 12, further comprising a password output unit that outputs the password read by the reading unit to the communication terminal. The communication terminal further comprises:
Application storage means for storing application software corresponding to the password;
The communication terminal according to claim 12, further comprising: an application executing unit that executes application software corresponding to the password using the password read by the reading unit. In the password recording medium,
The password is the second telephone number, and the reading unit determines whether or not the received first telephone number matches the second telephone number stored in the telephone number storage unit, and matches. 15. The password recording device according to claim 14, wherein in the case, the second telephone number is read from the password storage unit, and the application execution unit executes application software corresponding to the read second telephone number. Medium. A password recovery method used for a portable password recording medium for supplying the same password again to a user who has forgotten the password,
The password recording medium,
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storing means for storing the password,
The password recovery method includes:
A receiving step of receiving a first telephone number of a caller received by a calling telephone number notification service from a communication terminal equipped with the password recording medium;
Determining whether the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if the two numbers match, A password recovery method characterized by the following. A password recovery program used for a portable password recording medium for supplying the same password again to a user who has forgotten the password,
The password recording medium,
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storing means for storing the password,
The password recovery program,
A receiving step of receiving a first telephone number of a caller received by a calling telephone number notification service from a communication terminal equipped with the password recording medium;
Determining whether the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if the two numbers match, A password recovery program characterized by the following. A computer-readable program recording medium recording a password recovery program used for a portable password recording medium that supplies the same password again to a user who has forgotten the password,
The password recording medium,
Telephone number storage means for storing a second telephone number as a criterion for determining whether or not the password can be restored;
Password storing means for storing the password,
The password recovery program,
A receiving step of receiving a first telephone number of a caller received by a calling telephone number notification service from a communication terminal equipped with the password recording medium;
Determining whether the received first telephone number matches the second telephone number stored in the telephone number storage means, and reading the password from the password storage means if the two numbers match, A program recording medium characterized by the above-mentioned.

Images