JP2005350926A - Security system and security setting canceling method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a security system which makes it difficult to cancel the security by a third party even if equipment for canceling the security is stolen or lost and the third party who has illegally acquires the same tries to cancel the security, thereby achieving higher security performance, and to provide a security setting canceling method. <P>SOLUTION: According to the security system, two types of coded information items are separately transmitted from the same transmitter via different transmitting means. Then a main device which receives the coded information items carries out arithmetic operations based on the two coded information items, and determines whether or not cancellation of the security is permitted based on operational values obtained from a result of the arithmetic operations. Particularly by directly relating information arbitrarily input by the user to the cancellation of the security, the higher security performance is achieved. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a security system and a security setting release method, and in particular, two types of encryption information are separately transmitted from the same communication device using different communication means, and the main device that has received these encryption information receives the two types of encryption information. The present invention relates to a security system and a security setting releasing method in which security processing is improved by performing arithmetic processing using various types of encryption information and performing security control based on an arithmetic value obtained as a result of the arithmetic operation.

  In recent years, security awareness has been increasing in general places of life. Under such circumstances, for example, various security systems have been proposed as countermeasures against theft of automobiles. Among them, what is called an immobilizer has become popular. The immobilizer has a mechanism that does not electrically start the engine when the ID code emitted from the transmitter built in the engine key does not match the ID code registered in advance in the electronic control unit of the automobile body. Yes. Such an immobilizer is effective for theft of an automobile such as duplicating an engine key or starting an engine by directly connecting a circuit electrically.

  However, the security system using the immobilizer has a disadvantage in that it only refers to the ID code on the key side and does not perform identity verification. For this reason, when the engine key is stolen, the security fraud can be easily canceled by using the stolen key, which makes it meaningless as a countermeasure against theft of a car.

  On the other hand, it has also been proposed to use a mobile phone, which has been spreading explosively in recent years, for security. For example, Patent Document 1 discloses a keyless entry system using a mobile phone. However, the keyless entry system disclosed in Patent Document 1 is based on the premise that the driver authentication center is accessed through a public line to authenticate the user (paragraph number [0013], etc.). For this reason, it is considered that a considerable time lag occurs after the user performs an operation for unlocking the door until the door is actually unlocked. In addition, since a public line is used, personal authentication can be performed from a mobile phone borrowed from a third party, a public telephone device, or the like (paragraph number [0005] etc.). It is convenient in a sense that the door can be unlocked without using the user's own mobile phone, but if the unlocking signal is illegally acquired, measures will be taken against this. There is also a problem that it is impossible.

  Patent Document 2 and Patent Document 3 also disclose techniques for using a mobile phone for security. However, what is disclosed in Patent Document 2 is to perform access control by transmitting and receiving information such as a user ID number as it is, and no contrivance is made regarding access control by the information (paragraph number [0017]). etc). For this reason, security remains uneasy. Patent Document 3 is configured such that an adapter in which an ID code is recorded can be attached to and detached from a mobile phone, and the ID code is output via the mobile phone (paragraph number [0015], etc.). As a countermeasure against unauthorized use by a third party, there is a description that a personal identification number that permits driving of an ID adapter is set in a mobile phone (paragraph number [0048]). There is also a statement that the ID code is encrypted (paragraph number [0037], etc.). However, the encryption of the ID code in Patent Document 3 is only a countermeasure against information leakage during communication. Patent Document 3 does not discuss at all what kind of encryption processing is applied to improve security.

  In addition, security management using a so-called IC card is generally performed. For example, Patent Document 4 discloses an electric lock opening and closing system using an IC card. However, the security system using an IC card as disclosed in Patent Document 4 has a problem that it is difficult to take effective measures against unauthorized use by a third party due to theft or loss of the IC card.

JP 2001-241229 A JP-A-9-88391 JP 2002-240683 A JP-A-8-93289

  The present invention has been proposed in order to solve the above-described problems of the conventional technology, and even if the device used for releasing the security is stolen or lost, the third is obtained illegally. It is an object of the present invention to provide a security system and a security setting cancellation method that make it difficult for a person to cancel security and obtain higher security.

  The security system according to the present invention, which has been made to solve the above-mentioned problems, incorporates a non-contact type information recording medium in which the first encryption information is recorded and stores the second encryption information arbitrarily input by the user. A communication device having at least a transmission function for transmitting; a reading unit for reading the first encryption information from the non-contact information recording medium; and a reception unit for receiving the second encryption information transmitted from the communication device. A main body including at least a communication unit, an arithmetic unit that performs arithmetic processing using the first cipher information and the second cipher information, and an overall control unit that determines whether security can be released based on the arithmetic value calculated by the arithmetic unit And a device.

  The security system according to the present invention performs encryption / decryption processing of an ID code using the first cipher information and the second cipher information in the computing unit, and decrypted by the computing unit in the overall control unit. Whether or not security can be released may be determined based on the ID code.

  A cellular phone or a PDA may be used as the communication device, and an IC tag including an IC chip may be used as the non-contact information recording medium. As the second encryption information, an arbitrary character string or biometric personal authentication information can be used.

  In the security system according to the present invention, the first encryption information may be a public key for encrypting an ID code, and the second encryption information may be a secret key for decrypting the ID code.

  In the security system according to the present invention, the first encryption information may be an encrypted ID code, and the second encryption information may be a decryption key for decrypting the encrypted ID code.

  When an IC tag having an IC chip is used as the non-contact type information recording medium, the first encryption information can be an IC code unique to the IC chip.

  Further, the security system according to the present invention arbitrarily divides the overall control unit into a plurality of parts, and at least one part determines whether or not security can be released only by inputting the first encryption information. You can also make it.

  Further, the security system according to the present invention records the third encryption information on the non-contact type information recording medium, and stores information based on the third encryption information on the main device side. It is possible to include a determination unit that determines whether a regular communication device is used based on the information of the above.

  On the other hand, the security setting cancellation method according to the present invention includes a non-contact information recording medium in which the first encryption information is recorded and a transmission function for transmitting the second encryption information arbitrarily input by the user. Using the communication device provided at least, the first encryption information is read from the non-contact type information recording medium by the reading device on the main device side and is input to the arithmetic unit provided on the main device, while the receiving device on the main device side is used. The second encryption information transmitted from the communication device is received and input to the calculation unit, and the calculation processing is performed by the calculation unit using the first encryption information and the second encryption information. This is a method for determining whether security can be released by inputting the operation value calculated by the operation unit to the overall control unit.

  In addition, another security setting cancellation method according to the present invention includes a non-contact information recording medium in which a public key is recorded and at least a transmission function for transmitting a secret key arbitrarily input by a user. The communication device is used to read the public key from the non-contact type information recording medium by the reading means on the main device side and input it to the arithmetic unit provided in the main device, and the arithmetic unit uses the public key to input the ID code. Encrypted and stored on the main device side, and upon release of security, the secret key transmitted from the communication device is received by the receiving means on the main device side and input to the calculation unit, and the calculation unit And decrypting the encrypted ID code, and inputting the decrypted ID code to the general control unit provided in the main device to determine whether the security can be released.

  According to the present invention, the first encryption information recorded in advance and the second encryption information arbitrarily input by the user are transmitted from the same communication device and received by the main device, respectively. Security can be set / released for the first time when is genuine. In particular, since one of the two types of encryption information is arbitrary information input by the user, even if the communication device is stolen or lost, the security is released by a third party who has illegally acquired it. This makes it difficult to achieve higher security. Further, although the two types of encrypted information are transmitted from the same communication device, the communication means are different, so the risk of information leakage is reduced, which also enhances the security.

  Hereinafter, a preferred embodiment of a security system according to the present invention will be described with reference to the drawings.

[First embodiment]
The illustrated security system 1 shows an example when applied to an automobile. The security system 1 includes a mobile phone 2 that is preferably used as a communication device, a reading unit 3A that reads the first encryption information from the mobile phone 2, and a reception unit 3B that directly receives the second encryption information transmitted from the mobile phone 2. Are the communication unit 3, the calculation unit 4 that performs encryption / decryption processing of the ID code by the calculation process using the first encryption information and the second encryption information, and the calculation value obtained as a result of the calculation in the calculation unit 4 However, an overall control unit 5 that determines whether or not security can be released by using the decrypted ID code is provided. At least the communication unit 3, the calculation unit 4, and the overall control unit 5 constitute a main device 6.

  The mobile phone 2 includes a non-contact type information recording medium 2A that can read and write information without contact. As the information recording medium 2A, for example, an IC chip that functions as a memory and an antenna portion that transmits and receives radio signals such as a spirally wound antenna coil are generally referred to as an “IC tag”. Can be suitably used.

  Various types of IC tags have been proposed, and are classified into, for example, an active system using a battery and a passive system that does not require a battery by obtaining power from an antenna coil by electromagnetic induction. These can be selected as appropriate according to the application, but the former has the advantage of a long communication distance, but has the disadvantage of requiring battery replacement and charging. However, in this embodiment, such a disadvantage is eliminated by sharing the battery with the mobile phone 2. The IC tag is also classified according to the communication distance with the reading device. This classification includes a contact type, a proximity type, a proximity type, a remote type, and the like, and these can be appropriately used depending on the application. In the present embodiment, an IC tag having a long communication distance is preferably used. The former classification is classified as an active system, and the latter classification is classified as a neighborhood type or a remote type. If an IC tag with a long communication distance is used, for example, in the example where the door is locked and unlocked only by communication between the IC tag and the reading device 3 described later, even from a position relatively distant from the automobile, The user can unlock the door without being aware of it.

  On the information recording medium 2A, a public key for encrypting the ID code is recorded as the first encryption information. The public key can be arbitrarily set and recorded on the information recording medium 2A. However, when an IC tag is used as the information recording medium 2A, the IC chip included in the IC tag is assumed to be unique to the IC chip. The recorded IC code can be used as a public key.

  The public key as the first encryption information is read by the reading unit 3A provided on the main device 6 side and is input to the calculation unit 4. The reading means 3A is not particularly limited as long as it can read information recorded on the information recording medium 2A in a non-contact manner. When an IC tag is used as the information recording medium 2A, a reading device generally called “reader / writer” that communicates with the IC tag via electromagnetic waves can be used. The reader / writer can not only read information recorded on the IC tag but also write predetermined information on the IC tag. Therefore, if an IC tag is used as the information recording medium 2A, for example, information related to vehicle control such as driving date / time, speed, accelerator / brake control, payment information such as ETC, etc. can be written or read sequentially. These pieces of information can also be used for automobile operation management.

  On the other hand, the mobile phone 2 as a communication device has a transmission function for transmitting the second encrypted information to the main device 6 side. A specific aspect of the transmission function is not particularly limited as long as wireless communication with the reception unit 3B on the main device 6 side is directly possible. For example, the original communication function of the mobile phone 2 may be used to enable direct communication with the receiving means 3B on the main device 6 side at a frequency different from that of the public line. Further, the mobile phone 2 may be separately provided with other wireless communication functions such as an infrared communication function. In the present embodiment, the mobile phone 2 is shown as a preferred example of the communication device. However, if a transmission function capable of directly wirelessly communicating with the receiving means 3B on the main device 6 side is provided, the specific mode of the communication device is particularly It is not limited. Other portable information terminals such as PDAs can also be used.

  In the present embodiment, a secret key as second encryption information for decrypting the ID code paired with the public key is transmitted from the mobile phone 2 to the main device 6 side. The transmitted secret key is received by the receiving means 3B and input to the calculation unit 4. The secret key may be a character string made up of a combination of characters, numbers, pictograms and the like arbitrarily input by a user's numeric keypad operation. It may also be user's voice information. In the case of voice information, for example, if a secret key is a combination of a predetermined word and user's voiceprint data, the security is further improved. Also, security can be improved by adding a predetermined reading device to the mobile phone 2 and using biometric personal authentication information such as a user's fingerprint, iris, and retina pattern as a secret key.

  As will be described later, in this embodiment, the encrypted ID code is not normally decrypted and the security is not released unless a proper secret key is input. Therefore, unless the secret key is known or decrypted by the third party, the security release by the third party is impossible. In this way, by making the secret key directly involved in the security release information arbitrarily entered by the user, even if the mobile phone 2 is stolen or lost, it becomes difficult for the third party to release the security, Higher security can be obtained.

  The computing unit 4 performs computation processing based on the first encryption information input as the public key and the second encryption information input as the secret key, that is, encryption / decryption processing of the ID code. Specifically, when the public key is input to the calculation unit 4 when registering the public key, a calculation process for encrypting the ID code with the input public key is performed according to a predetermined encryption algorithm. In the case of “ID code encryption / decryption processing”, this is a generic term for the case where “ID code encryption processing”, “ID code decryption processing”, or “both of these processes” is performed. And

  Information related to the ID code to be encrypted can be stored in any device on the main device 6 side, but usually the unique ID code itself of the overall control unit 5 may be encrypted. That is, the unique ID code given to the overall control unit 5 is directly input to the calculation unit 4 and is encrypted with the public key. The encrypted ID code is stored in an arbitrary device provided in the arithmetic unit 4 or other main device 6.

  On the other hand, when the security is released, when a secret key is input to the calculation unit 4, an arithmetic process for decrypting the encrypted ID code with the input secret key is performed according to a predetermined encryption algorithm. When the regular secret key is input to the calculation unit 4, that is, if the input secret key is the same as the preset secret key, the ID code is normally decrypted. Note that typical encryption algorithms for public key cryptography include RSA cryptosystem and elliptic cryptosystem.

  The ID code decoded by the calculation unit 4 is input to the overall control unit 5 as a calculation value obtained as a result of the calculation by the calculation unit 4. The overall control unit 5 refers to its own unique ID code and determines whether or not this and the decrypted ID code match. That is, whether or not the security can be released is determined based on whether or not the encrypted ID code is decrypted into the original unique ID code of the overall control unit 5 using the secret key input to the calculation unit 4. If the ID code is not decrypted normally, the input secret key is illegal and the security is not released.

  Here, in this embodiment, since the encrypted ID code is stored on the main device 6 side, when the secret key is known or decrypted by the third party, the third party Even if it is not acquired, the encrypted ID code on the main device 6 side can be decrypted using an appropriate communication device, and there remains a risk that the security is illegally released. As described above, if the secret key is difficult to copy, such as the biometric personal authentication information of the user, such a risk is remarkably reduced, but it can be dealt with by the following means. For example, the third encryption information is used and recorded on the information recording medium 2A. Then, the third encryption information is also stored on the main device 6 side so that the ID code can be decrypted only after the two match, or if the two do not match, the ID code is normal. Even if decrypted, it is sufficient not to permit the security release.

  In this way, the communication device (mobile phone 2) used for releasing the security is equipped with an appropriate determination means that can determine whether the device is legitimate, thereby preventing unauthorized use of the communication device (mobile phone 2). Can be prevented. As the third encryption information, when an IC tag is used as the information recording medium 2A, an IC code unique to the IC chip is given as an example. In this case, the third encryption information and the public key may be the same (IC code). Also, instead of setting the second cryptographic information as a secret key as it is, arbitrary arithmetic processing is performed with the second cryptographic information and the third cryptographic information, and the calculated value obtained as a result is used as the secret key. But security can be improved.

  An engine control mechanism 7, an ignition activation locking mechanism 8, a door lock mechanism 9, and the like are electrically connected to the overall control unit 5. When the overall control unit 5 determines that the security release is “permitted”, an electrical signal is sent to each of the mechanisms to permit driving. Each of the mechanisms is configured to be driven only when it receives an electrical signal that permits driving. At this time, each of the mechanisms may be configured to be automatically driven by the electric signal without any special operation. Moreover, you may comprise so that it may drive by fixed operation. Furthermore, each of the mechanisms can be stopped by appropriate means, and security can be automatically set by the stop. Thus, in order to start the engine again after it has been turned off, a secret key known only to the user must be input to the mobile phone 2 and transmitted to the main device 6 side. Otherwise, security is not released and the engine cannot be started again. Therefore, even if the mobile phone 2 is stolen or lost, it is difficult for the third party to cancel the security.

  FIG. 2 is a block diagram showing a modification of the above-described embodiment. In this modification, the overall control unit 5 is separated into a part 5A related to the engine control mechanism 7 and the ignition activation locking mechanism 8, and a part 5B related to the door lock mechanism 9. The part 5A related to the engine control mechanism 7 and the ignition activation locking mechanism 8 does not permit driving of these mechanisms unless the ID code is normally decoded as described above. On the other hand, the public key (first encryption information) read by the reading unit 3A from the information recording medium 2A is input to the portion 5B related to the door lock mechanism 9 as it is. If the input public key matches the public key stored in advance, that is, if the public key read from the mobile phone 2 is authentic, the door lock mechanism 9 can be driven only by that. Configured to allow.

  As a more specific example, a case where an IC tag is used for the information recording medium 2A and an IC code unique to the IC chip provided in the IC tag is used as a public key will be described below. In this case, the integrated control unit 5 stores the IC code in advance. When the IC code (public key) read by the reading unit 3A is input, the overall control unit 5 determines whether or not the input IC code matches the stored IC code. If they match, the overall control unit 5 permits the door lock mechanism 9 to be driven, thereby enabling the door to be unlocked.

  This modification eliminates the trouble of inputting a secret key (second encryption information) to the mobile phone 2 and transmitting it to the main device 6 side, and only requires communication between the information recording medium 2A and the reading means 3A. It is intended to lock and unlock. In other words, practical usability is considered so that keyless entry that does not require any special operation is possible. Such a modification can be similarly considered in other embodiments of the security system according to the present invention described later.

  Next, a preferred embodiment of the security setting cancellation method according to the present invention that can be executed in the above-described first embodiment of the security system according to the present invention will be described.

  Based on the first embodiment described above, when executing the security setting cancellation method according to the present invention, a pair key of a public key and a private key is created in advance. Specifically, the following work is performed. First, first encryption information desired to be used as a public key is determined, and this is recorded in an information recording medium 2A built in the mobile phone 2. When an IC tag is used as the information recording medium 2A, an IC code unique to the IC chip provided in the IC tag can be used as a public key. In this case, this operation can be omitted. Next, the first encryption information (or IC code) recorded on the information recording medium 2A is read by the reading means 3A on the main device 6 side. On the other hand, the second encryption information such as an arbitrary character string to be used as a secret key is input to the mobile phone 2 and transmitted to the main device 6 side. When these are input to the arithmetic unit 4, arithmetic processing is performed according to a predetermined encryption algorithm. Then, a pair key is set with the first encryption information (or IC code) as the public key and the second encryption information (arbitrary character string or the like) as the secret key.

  The above work is performed whenever the pair key needs to be reset, such as when the mobile phone 2 is replaced or when the pair key is changed regularly or irregularly. For this reason, for example, the set pair key is reset under a certain condition such as some operation while the regular public key and secret key are input, and a new pair key can be registered. It is preferable to provide such appropriate means. It is also possible to register a plurality of pair keys so that the security can be released even with a family-owned mobile phone. Such an aspect is also conceivable in other embodiments of the security setting cancellation method according to the present invention described later.

  Next, ID code encryption / decryption processing is performed using the public key set by the above-described operation and already input to the calculation unit 4. The ID code to be encrypted is the ID code stored in an arbitrary device on the main device 6 side as described above, or the unique ID code of the overall control unit 5 itself. At the time of encryption, the ID code is input to the calculation unit 4 and is encrypted by calculation processing in the calculation unit 4. The ID code encrypted in this way is stored in an arbitrary device provided in the calculation unit 4 or other main device 6. Thus, the security setting is completed, and the security is not released unless the following procedure is followed.

  That is, to release security, an arbitrary character string set as a secret key is input to the mobile phone 2 by a numeric keypad operation or the like and transmitted to the main device 6 side. On the main device 6 side, the receiving unit 3B of the communication unit 3 receives the secret key. The received secret key is input to the calculation unit 4. When a secret key is input to the calculation unit 4, a calculation process for decrypting the encrypted ID code is performed. If the secret key input at this time is a regular secret key set as one of the pair keys, the ID code is normally decrypted. The ID code decoded by the calculation unit 4 is input to the overall control unit 5. The overall control unit 5 refers to its own unique ID code and determines whether or not this and the decrypted ID code match. As a result, when the ID code is successfully decrypted and coincides with its own unique ID code, the overall control unit 5 permits the security release. On the other hand, when the ID code is not decrypted normally and does not coincide with its own unique ID code, the overall control unit 5 does not permit the security release.

  As described above, according to the present embodiment, the public key as the first encryption information and the secret key as the second encryption information arbitrarily input by the user are transmitted from the same communication device, and the main body Security can be set and released only when the public key and private key received by the device are both valid. In particular, since the private key that is directly involved in the security release is entered arbitrarily by the user, even if the communication device is stolen or lost, the security can be released by a third party who has illegally obtained it. It becomes difficult and higher security can be obtained. Further, although the two types of encrypted information are transmitted from the same communication device, the communication means are different, so the risk of information leakage is reduced, which also enhances the security.

[Second Embodiment]
Next, a second embodiment of the security system according to the present invention will be described with reference to FIG. FIG. 3 is a block diagram showing a second embodiment of the security system according to the present invention. The illustrated security system 1 shows an example when applied to an automobile, as in the first embodiment described above. Since the present embodiment has substantially the same configuration as that of the first embodiment described above, the following description will focus on differences from the first embodiment.

  In this embodiment, an encrypted ID code is recorded on the information recording medium 2A as the first encryption information instead of the public key that is the first encryption information in the first embodiment described above. The encryption of the ID code may be performed on the mobile phone 2 side by transmitting information on the ID code from the main device 6 to the mobile phone 2. However, in consideration of information leakage, it is not preferable to transmit / receive information on the ID code by communication. For this reason, it is preferable from the viewpoint of security to encrypt the ID code by the calculation unit 4 on the main device 6 side and transmit it to the mobile phone 2. For example, when an IC tag is used as the information recording medium 2A, transmission of the encrypted ID code to the mobile phone 2 may be performed by writing to the IC tag by a reader / writer as the reading unit 3A.

  In this embodiment, a decryption key for decrypting the encrypted ID code is used instead of the secret key that is the second encryption information in the first embodiment. The decryption key is arbitrarily input by the user and transmitted from the mobile phone 2 to the main device 6 side. Similar to the secret key described above, the decryption key can be an arbitrary character string or biometric personal authentication information of the user, and is arbitrarily determined by the user in advance.

  When the security is released, first, the encrypted ID code is read from the information recording medium 2A by the reading means 3A in a non-contact manner and input to the calculation unit 4. Next, the user inputs the decryption key into the mobile phone 2 and transmits it to the main device 6 side. When the decryption key is input to the computing unit 4, a computation process for decrypting the encrypted ID code is performed. At this time, if a normal decryption key is input, the ID code is normally decrypted.

  Here, in the present embodiment, the encrypted ID code is recorded in the information recording medium 2A of the mobile phone 2, and the encrypted ID code on the main device 6 side is not decrypted. . When the encrypted ID code on the main device 6 side is decrypted, if the decryption key is known or decrypted by a third party, the third party can obtain an appropriate code without acquiring the mobile phone 2. This is because the encrypted ID code on the main device 6 side can be decrypted using the communication device, and there is a risk that the security may be illegally released. In the present embodiment, a person who normally has the mobile phone 2 can cancel the security only by inputting the decryption key into the mobile phone 2.

  The present embodiment differs greatly from the first embodiment described above in the above points, and the rest of the configuration is substantially the same, and detailed description thereof is omitted.

  Next, a preferred embodiment of the security setting cancellation method according to the present invention that can be executed in the above-described second embodiment of the security system according to the present invention will be described.

  Based on the second embodiment described above, when executing the security setting cancellation method according to the present invention, the ID code is encrypted in advance and a decryption key for decrypting the ID code is created. Specifically, the following work is performed. First, the second encryption information such as an arbitrary character string to be used as a decryption key is input to the mobile phone 2 and transmitted to the main device 6 side. When this is input to the arithmetic unit 4, ID code encryption / decryption processing is performed. At this time, according to a predetermined encryption algorithm, the ID code is encrypted, and an operation process is performed in which the second encryption information is used as a decryption key. The encrypted ID code is transmitted as the first encrypted information to the mobile phone 2 and recorded on the information recording medium 2A. For example, when an IC tag is used as the information recording medium 2A, an encrypted ID code is written into the IC tag by a reader / writer as the reading unit 3A. Thus, the security setting is completed, and the security is not released unless the following procedure is followed.

  That is, to release security, the encrypted ID code is read from the information recording medium 2A by the reading unit 3A on the main device 6 side. The encrypted ID code is input to the calculation unit 4. Next, an arbitrary character string or the like set as a decryption key is input to the mobile phone 2 by a numeric keypad operation or the like and transmitted to the main device 6 side. On the main device 6 side, the receiving unit 3B of the communication unit 3 receives the decryption key. The received decryption key is input to the calculation unit 4. When a decryption key is input to the computation unit 4, a computation process for decrypting the encrypted ID code is performed. If the decryption key input at this time is a regular decryption key, the ID code is decrypted normally. The ID code decoded by the calculation unit 4 is input to the overall control unit 5. The overall control unit 5 refers to its own unique ID code and determines whether or not this and the decrypted ID code match. As a result, when the ID code is successfully decrypted and coincides with its own unique ID code, the overall control unit 5 permits the security release. On the other hand, when the ID code is not decrypted normally and does not coincide with its own unique ID code, the overall control unit 5 does not permit the security release.

  As described above, according to the present embodiment, the encrypted ID code as the first encryption information and the decryption key as the second encryption information arbitrarily input by the user are transmitted from the same communication device. Security can be set and released only when the encrypted ID code and the decryption key that are transmitted and received by the main device 6 are both legitimate. In particular, since the decryption key that is directly involved in the security release is entered arbitrarily by the user, even if the communication device is stolen or lost, the security can be released by a third party who has illegally obtained it. It becomes difficult and higher security can be obtained. Further, although the two types of encrypted information are transmitted from the same communication device, the communication means are different, so the risk of information leakage is reduced, which also enhances the security.

[Other Embodiments]
The security system and the security release method according to the present invention have been described with reference to the preferred embodiments. However, the present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the present invention. It goes without saying that is possible.

  For example, in any of the above-described embodiments, encryption / decryption processing is performed on the ID code, and whether or not security can be released is determined based on the decrypted ID code. However, the ID code may not be involved in the determination. In other words, an arbitrary calculation process is performed using the arbitrarily determined first encryption information and the second encryption information arbitrarily input by the user, and whether or not the security can be released is determined based on the calculated value obtained as a result. You may do it. Specifically, an IC code as described above is used as the first encryption information, and an arbitrary character string or the like is used as the second encryption information, and an arbitrary calculation process based on these is performed in the calculation unit 4. Then, the obtained calculation value is stored in the overall control unit 5. Each time the security is released, both the first encryption information and the second encryption information are sent to the main device 6 side so that the calculation unit 4 performs the arbitrary calculation process. In this case, whether or not the security can be released is determined based on whether or not the calculation value obtained as a result of the calculation using the first encryption information and the second encryption information newly input matches the calculation value stored in advance. .

  In short, the present invention separately transmits two types of cryptographic information from the same communication device by different communication means, performs arithmetic processing using the two types of cryptographic information in the main device that has received these cryptographic information, and results of the calculation Security is improved by determining whether security can be released based on the calculated value. In particular, it is possible to obtain a higher level of security by directly relating information (second encryption information) arbitrarily input by the user to security cancellation. Unless it is contrary to the gist of the present invention, the first encryption information and the second encryption information may be any information or any combination of information.

  In the above-described embodiment, the present invention has been described with reference to an example applied to an automobile. However, the present invention can be applied to various security management such as entrances to apartments and apartments, door locking / unlocking, and the like. Can be widely applied to.

  As described above, the security system and the security setting cancellation method according to the present invention can be widely used for various security management including automobile security.

1 is a block diagram showing a first embodiment of a security system according to the present invention. It is a block diagram which shows the modification of 1st embodiment of the security system which concerns on this invention. It is a block diagram which shows 2nd embodiment of the security system which concerns on this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Security system 2 Mobile phone 2A Information recording medium 3 Communication part 3A Reading means 3B Receiving means 4 Arithmetic part 5 Overall control part 6 Main body apparatus

Claims (12)

A communication device including a non-contact type information recording medium in which the first encryption information is recorded, and at least a transmission function for transmitting the second encryption information arbitrarily input by the user;
A communication unit including reading means for reading the first encrypted information from the non-contact type information recording medium; and receiving means for receiving the second encrypted information transmitted from the communication device; the first encrypted information; 2. A security system comprising: an arithmetic unit that performs arithmetic processing based on cryptographic information; and a main body device that includes at least a general control unit that determines whether security can be released based on an arithmetic value calculated by the arithmetic unit.   The calculation unit performs ID code encryption / decryption processing using the first cipher information and the second cipher information, and the overall control unit determines whether the security can be released using the ID code decrypted by the calculation unit. The security system according to claim 1 for determination.   The security system according to claim 1 or 2, wherein the communication device is a mobile phone or a PDA.   4. The security system according to claim 1, wherein the non-contact type information recording medium is an IC tag provided with an IC chip.   The security system according to claim 1, wherein the second encryption information is an arbitrary character string or biometric personal authentication information.   6. The security according to claim 2, wherein the first cryptographic information is a public key for encrypting an ID code, and the second cryptographic information is a secret key for decrypting the ID code. system.   The security system according to claim 2, wherein the first encryption information is an encrypted ID code, and the second encryption information is a decryption key for decrypting the encrypted ID code. .   The security system according to claim 4, 5 or 6, wherein the first encryption information is an IC code unique to the IC chip.   The overall control unit is arbitrarily separated into a plurality of parts, and at least one part is determined by the input of the first encryption information to determine whether security can be released. A security system according to any one of the above.   The third encryption information is recorded on the non-contact information recording medium, and information based on the third encryption information is stored on the main device side, and a legitimate communication device is used based on these information. The security system according to claim 1, further comprising a determination unit that determines whether the A communication device that includes a non-contact type information recording medium in which the first encryption information is recorded and that has at least a transmission function for transmitting the second encryption information arbitrarily input by the user,
The first encryption information is read from the non-contact type information recording medium by the reading device on the main device side and input to the arithmetic unit provided in the main device, while the receiving device on the main device side transmits the first encryption information from the communication device. The second cryptographic information is received and input to the arithmetic unit, the arithmetic processing based on the first cryptographic information and the second cryptographic information is performed by the arithmetic unit, and the arithmetic control unit provided in the main device includes the arithmetic unit. A method for canceling security setting, comprising: inputting a calculated value calculated in step (b) to determine whether security can be canceled. Using a communication device that has a non-contact information recording medium in which a public key is recorded and at least a transmission function that transmits a secret key that is arbitrarily input by a user,
The public key is read from the non-contact type information recording medium by the reading means on the main device side and input to the calculation unit provided in the main device, and the ID code is encrypted with the public key at the calculation unit side. When the security is released, the secret key transmitted from the communication device is received by the receiving unit on the main device side, and is input to the calculation unit, and is encrypted by the calculation unit. A security setting canceling method characterized by decrypting the ID code and inputting the decrypted ID code to a general control unit provided in the main device to determine whether the security can be cancelled.

Images