JP2008197963A - Security adaptor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable even an external memory having no function of generating protective object information to treat protective object information. <P>SOLUTION: The security adaptor 1 includes a first interface, a second interface, and a controller 10. A first interface transmits and receives information used with a computer device. A second interface for transmitting and receiving information used with the external memory transmits and receives information used with the external memory having a security area. The controller 10 performs security processing for determining whether a user of the computer device is a normal user having access authority to the security area or not based on at least authentication information transmitted through the computer device, and performs reading and writing processing of protective object information to the security area based on a request from the computer on condition that the user of the computer device is determined to be the normal user. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a security adapter.

With the widespread use of computer devices, various types of information such as data and programs are stored in an external memory such as an external hard disk or USB memory. Among the information stored in such an external memory, there is also information to be protected that requires confidentiality. This protection target information is required to be written and read by an authorized user. In order to protect the information to be protected, an external memory that performs encryption processing has been proposed (see, for example, Patent Document 1). This external memory has a mounting part for UIM (User Identity Module) in the external memory. Then, the UIM attached to the attachment unit generates protection target information.
JP 2005-276025 A

  Incidentally, external memories that do not have an information encryption function are widely used. There is a demand to store information to be protected in such an external memory. In this case, a method of performing encryption or decryption with a computer device is common. However, in this method, specific software for encryption and decryption must be installed in the computer device in advance using another information storage medium or separate communication, etc. There was inconvenience in situations such as physically moving the environment.

  The present invention has been made in view of such circumstances, and a main object thereof is to make it possible to handle protection target information for an external memory that does not have an information encryption function.

The main invention for achieving the object is as follows:
(A) a first interface for transmitting and receiving information used with a computer device;
(B) A second interface for transmitting / receiving information used to / from an external memory, which transmits / receives information used to / from an external memory provided with a security area for storing protection target information. When,
(C) a controller provided between the first interface and the second interface,
Performing security processing to determine whether or not the user is an authorized user having access authority to the security area based on at least authentication information transmitted through the computer device; and
In the security process, on the condition that the user of the computer device is determined to be the regular user, the protection target information is read from and written to the security area based on a request from the computer device. , The controller,
A security adapter having (D).

  Other features of the present invention will become apparent from the description of this specification and the accompanying drawings.

  At least the following will be made clear by the description of the present specification and the accompanying drawings.

That is, (A) a first interface that transmits and receives information used with a computer device, and (B) a second interface that transmits and receives information used with an external memory, and stores protection target information. And (C) a controller provided between the first interface and the second interface, wherein the security area includes: a second interface that transmits and receives information used with an external memory in which a security area is provided; Security processing is performed to determine whether or not the user is an authorized user who has access authority to the computer based on at least authentication information sent through the computer device, and the user of the computer device performs the security processing in the security processing. On the condition that it is determined that the user is Performs read processing and write processing of the protected information for the security area based on a request from a controller, it can be realized, security adapter having a (D), is revealed.
According to such a security adapter, the protection target information is stored in the external memory or the protection target information stored in the external memory is read by connecting the computer device and the external memory via the security adapter. be able to. For this reason, it is possible to handle the protection target information even in an external memory that does not have an information encryption function.

In this security adapter, it is preferable that the controller includes a first controller that performs the security process and a second controller that performs a read process and a write process of information with respect to the external memory.
According to such a security adapter, the first controller that performs security processing is provided separately from the second controller that performs processing for reading and writing information to the external memory. It can be used properly, improving usability.

In this security adapter, the first controller is a chip unit having an IC chip that performs the security processing and stores security information used for the security processing, and is removable from the chip unit mounting portion. The second controller communicates with the IC chip in a state where the chip unit is mounted on the chip unit mounting portion, and reads and writes the protection target information Is preferably performed on condition that the chip unit is mounted on the chip unit mounting portion and the user of the computer device is determined to be the authorized user in the security processing by the IC chip. .
According to such a security adapter, the reading process and the writing process of the information to be protected are performed on the condition that the chip unit is mounted on the chip unit mounting unit and is determined to be an authorized user. For this reason, security can be improved.

In this security adapter, the chip unit includes a first chip unit having an IC chip storing certain unique identification information, and a second chip unit having an IC chip storing other unique identification information. And the second controller has the first chip unit mounted on the chip unit mounting portion, and the user of the user terminal is determined to be the regular user by the security processing by the IC chip. The protection target information is read from and written to a part of the security area, the second chip unit is mounted on the chip unit mounting portion, and the security processing by the IC chip is performed. When the user of the user terminal is determined to be the regular user, It is preferable to perform the reading process and the writing process of the protected information for another part of the tee area.
According to such a security adapter, since different portions in the security area are used for each chip unit, the usability can be improved. For example, the use area can be divided for each user.

In this security adapter, it is preferable that the second controller performs a change process in which at least a part of an area of the external memory that can store information is changed to the security area.
According to such a security adapter, since the second controller performs the change process, the process can be made common regardless of the type of the computer device, and versatility can be improved.

The security adapter preferably includes a change processing program storage unit that stores a change processing program for causing the second controller to perform the change processing.
According to such a security adapter, there is no need to separately carry a storage medium storing the change processing program. For this reason, the convenience can be improved.

In this security adapter, the external memory has a non-security area for storing information other than the protection target information, and the second controller is configured to protect the non-security area based on a request from the computer device. It is preferable to perform reading processing and writing processing of information other than target information regardless of the mounting state of the chip unit on the chip unit mounting portion.
According to such a security adapter, it is possible to improve convenience when the chip unit is not attached.

It is preferable that the security adapter includes a permission information storage unit that stores permission information for causing the computer device to determine whether or not the user is permitted to use the computer device.
According to such a security adapter, this security adapter can be used as a security key for allowing a specific user to use the computer apparatus. For this reason, the convenience can be improved.

In this security adapter, when the controller receives from the computer device information indicating that other permission information indicating the specific user has been input to the computer device, the controller receives the permission information. It is preferable to read from the permission information storage unit and transmit to the computer device.
According to such a security adapter, the use of the computer device is permitted on condition that the security adapter is attached and other correct permission information is input. For this reason, harmony between security and convenience can be achieved.

In this security adapter, the controller is a first controller that performs the security process, and is a chip unit that includes an IC chip that performs the security process and stores security information used for the security process, A first controller configured by a chip unit mounted in a removable state with respect to the chip unit mounting unit; and a second controller for performing a read process and a write process of information with respect to the external memory, wherein the chip unit is Communicating with the IC chip in a state where the chip unit is mounted on the chip unit mounting unit, and performing read processing and writing processing of the protection target information, the chip unit is mounted on the chip unit mounting unit, and the IC chip The above Security processing, on condition that the user of the computer device is determined to be the authorized user, and reading the permission information from the permission information storage unit, the chip unit mounting unit of the chip unit It is preferable to have a second controller, which is performed regardless of the mounting state.
According to such a security adapter, the security adapter can be used as a key for using the computer apparatus regardless of the mounting state of the chip unit. For this reason, the improvement of the further convenience can be aimed at.

In this security adapter, the second controller performs a process of writing the permission information to the permission information storage unit, the chip unit is mounted on the chip unit mounting unit, and the security process is performed by the computer. It is preferable that the operation is performed on the condition that the user of the apparatus is determined as the regular user.
According to such a security adapter, only authorized users can store and update permission information. For this reason, security can be improved.

In this security adapter, the controller is a first controller that performs the security processing, performs security processing, stores security information used for the security processing, and includes the permission information storage unit. A chip unit having an IC chip, and a first controller composed of a chip unit that is detachably mounted on the chip unit mounting portion; and a process for reading and writing information to and from the external memory And a second controller that communicates with the IC chip in a state in which the chip unit is mounted on the chip unit mounting portion.
According to such a security adapter, the permission information storage unit is provided in the tamper-resistant IC chip, and the chip unit having the IC chip is configured to be detachable from the chip unit mounting unit. Security can be improved.

In such a security adapter, the first controller determines whether the authentication information is authentic based on pre-stored comparison authentication information, and when determining that the authentication information is authentic, Information indicating that the user is a user is preferably transmitted to the second controller.
According to such a security adapter, the determination by the first controller can be easily performed.

In such a security adapter, the computer device is preferably a user terminal that is directly operated by a user.
According to such a security adapter, information to be protected can be handled between the user terminal and the external memory.

In this security adapter, the controller includes a first controller that performs the security process, and a second controller that performs a read process and a write process of information with respect to the external memory, and the first controller includes the security controller. A chip unit having an IC chip that performs processing and stores security information used for the security processing, the chip unit being mounted in a removable state with respect to the chip unit mounting portion, and the second controller Reads a driver program for enabling communication between the chip unit mounting unit and the user terminal from the driver program storage unit based on a request from the user terminal, and sends the driver program to the user terminal through the first interface. It is preferable to.
According to such a security adapter, there is no need to separately carry a storage medium storing a driver program. For this reason, the convenience can be improved.

In this security adapter, the controller includes a first controller that performs the security process, and a second controller that performs a read process and a write process of information with respect to the external memory, and the first controller includes the security controller. An IC chip that performs processing and stores security information used for the security processing, and converts the plaintext information transmitted from the user terminal into encrypted information to be stored in the security area, and the second controller It is preferable to have an IC chip that transmits to the second controller after converting the encrypted information stored in the security area into plain text information to be transmitted to the user terminal.
According to such a security adapter, since the IC chip having high tamper resistance performs encryption and decryption of information, security can be improved.

In this security adapter, the IC chip preferably stores an encryption key used for encrypting the plaintext information and a decryption key used for decrypting the encrypted information.
According to such a security adapter, since an encryption key and a decryption key are stored in an IC chip having high tamper resistance, security can be improved.

In this security adapter, the controller includes a first controller that performs the security process, and a second controller that performs a read process and a write process of information with respect to the external memory, and the first controller includes the security controller. And an IC chip storing an encryption key used for encrypting plaintext information and a decryption key used for decrypting the encrypted information, and the second controller includes: The plaintext information transmitted from the user terminal is encrypted to be stored in the security area using the transferred encryption key, and the security key is used using the decryption key transferred from the IC chip. Preferably, the encrypted information stored in the area is decrypted to be transmitted to the user terminal
According to such a security adapter, the second controller that performs read processing and write processing of information with respect to the external memory also performs encryption and decryption of information, so that the processing speed can be increased.

In this security adapter, the encryption key and the decryption key are common encryption keys, and the first controller is a chip unit having the IC chip, and is removed from the chip unit mounting portion. Preferably, the second controller includes a chip unit that is mounted in a possible state, and the second controller erases the transferred common encryption key when the chip unit is removed from the chip unit mounting unit.
According to such a security adapter, since the second controller erases the common encryption key on condition that the chip unit is removed from the chip unit mounting portion, security can be improved.

In this security adapter, the controller includes a first controller that performs the security process, and a second controller that performs a read process and a write process of information with respect to the external memory, and the first controller includes the user When the authentication information sent through the terminal is authentic and when external authentication is established between the user terminal and the management server that is communicably connected to the second controller, Read and write processing for the entire security area is permitted, and the authentication information sent through the user terminal is authentic, and external authentication is established with the management server. If not, the second controller can read a part of the security area. It is preferable to allow the process and the writing process.
According to such a security adapter, since the usable range of the security area is determined according to the degree of authentication, the usability can be improved.

In this security adapter, the computer device is preferably a server that is communicably connected to a thin client terminal device that is directly operated by a user through a network.
According to such a security adapter, information to be protected can be handled between the server and the external memory via the thin client terminal device.

In this security adapter, the controller includes a first controller that performs the security process, and a second controller that performs a read process and a write process of information with respect to the external memory, and the first controller includes the security controller. A chip unit having an IC chip that performs processing and stores security information used for the security processing, the chip unit being mounted in a removable state with respect to the chip unit mounting portion, and the second controller Based on a request from the server, a driver program for enabling communication between the chip unit mounting unit and the thin client terminal device is read from a driver program storage unit, and the thin program is transmitted through the first interface. It is preferable to transmit to the client terminal device.
According to such a security adapter, there is no need to separately carry a storage medium storing a driver program. For this reason, the convenience can be improved.

In this security adapter, it is preferable that the server generates the protection target information by encrypting plaintext information to be stored, and transmits the generated protection target information to the thin client terminal device so as to be stored in the security area.
According to such a security adapter, since the protection target information encrypted by the server is transmitted and received, security can be improved.

In this security adapter, it is preferable that the second interface communicates with the external memory wirelessly.
According to such a security adapter, information is transmitted / received wirelessly to / from an external memory, so that convenience can be improved.

In this security adapter, the second interface is an external memory mounting unit that is mounted in a state in which the external memory can communicate with the controller, and the external memory in which the external memory is detachably mounted A mounting part is preferred.
According to such a security adapter, protection target information can be handled even with an external memory that does not have a function for generating protection target information.

In this security adapter, it is preferable that the first interface communicates with the computer device wirelessly.
According to such a security adapter, since information is transmitted and received wirelessly between the security adapter and the computer device, convenience can be improved.

A base station communication unit capable of wirelessly communicating with an information communication base station on the condition that such a security adapter can refer to contractor identification information for identifying a contractor related to information communication. And the controller performs the security process, and includes a first controller having an IC chip that stores the contractor identification information, and a second controller that performs a read process and a write process of information with respect to the external memory. It is preferable to have.
According to such a security adapter, the IC chip can be used for many purposes.

This security adapter is provided so as to be communicable with the controller, and has a base station communication unit that enables wireless communication with a base station for information communication, and the controller performs the security processing. It is preferable that at least a part of the transmitted information is transmitted through the base station communication unit.
According to such a security adapter, security can be improved.

=== First Embodiment ===
<Overview of security adapter>
First, an outline of the security adapter will be described. The security adapter is interposed between the computer device and the external memory in a communicable state. The security adapter encrypts information from the computer device and stores it in a predetermined area of the external memory, or decrypts the encrypted information stored in the predetermined area of the external memory and transmits it to the computer apparatus. In the first embodiment shown in FIG. 1, the security adapter 1 is interposed between a user terminal 110 as a computer device and a USB memory 120 and a USB hard disk 130 as external memories. An IC card 70 (corresponding to a chip unit) having an IC chip 72 is attached to the security adapter 1. Then, the IC chip 72 encrypts plain text information from the user terminal 110 to generate encrypted information. This encrypted information corresponds to the protection target information, and is transmitted to the USB memory 120 and the USB hard disk 130 (these are collectively referred to as a USB memory or the like). The encrypted information is stored in the security area 122b (see FIG. 6A) of the storage element 122 included in the USB memory 120 and the security area (not shown) of the magnetic disk included in the USB hard disk 130. Further, the IC chip 72 decrypts the encrypted information from the security area and transmits it to the user terminal 110. With this configuration, even a USB memory or the like that does not have an encryption function can handle encrypted information. Details will be described below.

<Configuration of security adapter 1>
As illustrated in FIGS. 1 and 2A, the security adapter 1 includes a controller 10, a host-side USB_I / F 20 (interface), a device-side USB_I / F 30, a storage element 40, and a housing 50. The controller 10 is provided between the host-side USB_I / F 20 and the device-side USB_I / F 30 and is responsible for overall control in the security adapter 1. The controller 10 includes a main controller 60, an IC card 70, and an IC card connector 80.

  The main controller 60 functions as a second controller. The main controller 60 performs read processing and write processing of information with respect to the external memory (USB memory 120, USB hard disk 130). For example, by controlling the device-side USB_I / F 30, information is transmitted to a USB memory or the like, or information from a USB memory or the like is received. Further, the main controller 60 controls communication performed with the user terminal 110. For example, by controlling the host-side USB_I / F 20, information transmitted from the user terminal 110 is received or information is transmitted to the user terminal 110. Further, the main controller 60 transmits and receives information to and from the IC card 70 (IC chip 72) through the IC card connector 80. This function by the IC card connector 80 is equivalent to a card reader / writer or its function module.

  The main controller 60 includes a CPU 61, an internal memory 62, and an internal bus 63. The CPU 61 is a central part that performs control, and operates according to a program stored in the internal memory 62. The internal memory 62 stores programs executed by the CPU 61, setting values necessary for operations, and the like. The internal bus 63 transmits data between the CPU 61 and the internal memory 62. Note that the host-side USB_I / F 20, the device-side USB_I / F 30, the IC card connector 80, and the storage element 40 are also communicably connected to the internal bus 63.

  The host-side USB_I / F 20 corresponds to a communication interface for communicating with the user terminal 110. The user terminal 110 corresponds to a computer device that is directly operated by a user (user). Therefore, the host-side USB_I / F 20 corresponds to a first interface that transmits and receives information used with the computer device. As illustrated in FIG. 2A, the host-side USB_I / F 20 includes a USB plug 21 and a first USB controller 22. As shown in FIG. 2B, the USB plug 21 is attached to a USB port of the terminal-side USB_I / F 114 of the user terminal 110 (also referred to as a terminal-side USB port for convenience). The first USB controller 22 is controlled by the main controller 60 and controls communication with the terminal-side USB_I / F 114.

  The device-side USB_I / F 30 corresponds to a communication interface for communicating with a USB memory or the like. As will be described later, the USB memory or the like is a kind of external memory provided with a security area (for example, a security area 122b shown in FIG. 6A) for storing protection target information. For this reason, the device-side USB_I / F 30 corresponds to a second interface that transmits and receives information used with the external memory. The device-side USB_I / F 30 includes a USB port (also referred to as an adapter-side USB port 31 for convenience) and a second USB controller 32. The adapter-side USB port 31 is attached with a memory-side USB plug (not shown) of the USB memory 120 or the USB hard disk 130. In this embodiment, a plurality of adapter-side USB ports 31 are provided. Specifically, as shown in FIG. 2A, two adapter-side USB ports 31, 31 are provided. Therefore, a plurality of external memories can be connected to the security adapter 1 like a USB hub. The second USB controller 32 is controlled by the main controller 60 and controls communication with the memory-side USB plug 21.

  The IC card 70 corresponds to a first controller that performs security processing. The security process is a process for determining whether a person who attempts to access a security area provided in a USB memory or the like through the user terminal 110 is a legitimate user having access authority to the security area. In this embodiment, the determination as to whether or not the user is an authorized user is made based on the authentication information sent through the user terminal 110. The security process will be described later. The IC card 70 is a card-type information medium having an IC chip 72 and corresponds to a chip unit. The IC card 70 is detachably attached to the IC card connector 80. For this reason, the part excluding the IC card 70 in the security adapter 1 is also referred to as a main body of the security adapter 1. The IC card 70 will be described in detail later.

  The IC card connector 80 is a member to which the IC card 70 is mounted and corresponds to a chip unit mounting portion. As shown in FIG. 2C, the IC card connector 80 includes a guide member 81 and a board side terminal 82. The guide member 81 corresponds to a holding unit of the chip unit, and guides and holds the IC card 70 as a chip unit to a predetermined position. The guide member 81 of the present embodiment is a member having a side wall portion and a ceiling portion, and is attached to the surface of the wiring board B. By attaching the guide member 81, an opening into which the IC card 70 is inserted and a holding space in which the IC card 70 inserted through the opening is held are partitioned on the surface of the wiring board B. The board-side terminal 82 is a terminal for communicating with the IC chip 72. When the IC card 70 is attached to the IC card connector 80, it contacts the contact terminal group 77 included in the IC chip 72. The board side terminal 82 is connected to the main controller 60 through wiring. Therefore, the main controller 60 can communicate with the IC chip 72 in a state where the IC card 70 is mounted on the IC card connector 80. As described above, the IC card connector 80 is functionally equivalent to a card reader / writer or a functional module thereof.

  The storage element 40 is a non-volatile semiconductor memory capable of storing information, and is configured by, for example, a flash memory. The storage element 40 stores various programs and information read by the main controller 60. The storage element 40 will also be described in detail later.

  The housing 50 is a member for housing the above-described parts. In this security adapter 1, the housing 50 has a rectangular parallelepiped appearance. The USB plug 21 included in the host-side USB_I / F 20 is provided outside the housing 50 by being connected via the cable 23. Thereby, the USB plug 21 can be inserted into the terminal-side USB port. Further, the side surface of the housing 50 is provided with a through-hole into which the IC card 70 is inserted and a through-hole through which the adapter-side USB port 31 faces.

<External memory>
Examples of the external memory that is communicably connected to the computer device include a hard disk device, a USB memory, and a memory card. The hard disk device has a hard disk and a connection I / F housed in a case. As the I / F for connection, for example, there is USB_I / F. The USB memory has a flash memory and a USB_I / F housed in a case. The memory card is a card in which a flash memory is accommodated in a card type case. FIG. 1 shows a USB memory 120 and a USB hard disk 130 as examples of the external memory.

  The USB memory 120 includes a memory-side controller 121, a storage element 122, and a USB_I / F 123. The memory controller 121 includes a CPU 124, an internal memory 125, and an internal bus 126. The CPU 124 is a central part that performs control, and operates according to a program stored in the internal memory 125. The internal memory 125 stores programs executed by the CPU 124, setting values necessary for operations, and the like. The internal bus 126 transmits data between the CPU 124 and the internal memory 125. A storage element 122 and a USB_I / F 123 are also communicably connected to the internal bus 126. The storage element 122 is a non-volatile semiconductor memory capable of storing information, and is configured by, for example, a flash memory. In this embodiment, the storage element 122 stores information transmitted to and received from the user terminal 110. Then, the memory-side controller 121 stores information in a corresponding area in accordance with a command from the controller 10 of the security adapter 1. For example, information is stored in the area of the address specified by the instruction. The USB_I / F 123 transmits / receives information to / from another USB_I / F. In the example of FIG. 1, the USB_I / F 123 of the USB memory 120 is connected to the device-side USB_I / F 30 of the security adapter 1. For this reason, the USB memory 120 transmits and receives information to and from the security adapter 1. If the USB_I / F 123 of the USB memory 120 is connected to the terminal-side USB port, the USB memory 120 directly transmits / receives information to / from the user terminal 110.

  The USB hard disk 130 includes a hard disk controller 131, a magnetic disk 132, a head 133, a motor 134, and a USB_I / F 135. Similar to the memory-side controller 121, the hard disk-side controller 131 includes a CPU 136, an internal memory 137, and an internal bus 138. The CPU 136 is a central part that performs control, and operates according to a program stored in the internal memory 137. The internal memory 137 stores programs executed by the CPU 136, setting values necessary for operations, and the like. The internal bus 138 transmits data between the CPU 136 and the internal memory 137. The head 133, the motor 134, and the USB_I / F 135 are also communicably connected to the internal bus 138. Therefore, the hard disk controller 131 also controls the head 133 and the motor 134. Similar to the storage element 122 of the USB memory 120, the magnetic disk 132 stores information transmitted to and received from the user terminal 110. The head 133 stores information on the magnetic disk 132 and reads information stored on the magnetic disk 132. The motor 134 rotates the magnetic disk 132. Similar to the USB_I / F 123 of the USB memory 120, the USB_I / F 135 transmits / receives information to / from other USB_I / Fs.

<User terminal 110>
The user terminal 110 corresponds to a computer device that is directly operated by a user. As illustrated in FIG. 1, the user terminal 110 includes a CPU 111, a memory 112, a communication I / F 113, a USB_I / F 114, and an internal bus 115. The CPU 111 is a central part that performs control, and operates according to a program stored in the memory 112. The memory 112 stores programs executed by the CPU 111, setting values necessary for operations, and the like. Examples of this program include an operating system (hereinafter also referred to as OS) and application programs. The OS is a program that performs basic control in the user terminal 110 and provides a user interface. And the standard function which the user terminal 110 has means the function mounted in OS. For example, it means a function that is installed as standard in Windows (registered trademark) manufactured by Microsoft Corporation. The application program is a program for causing the user terminal 110 to realize a specific function. The communication I / F 113 is a network interface for communicating with an external network such as the Internet. The USB_I / F 114 is for communicating with other USB_I / F. In this embodiment, the USB_I / F 114 is connected to the host-side USB_I / F 20 included in the security adapter 1. For this reason, the USB_I / F 114 corresponds to a communication interface for communicating with the security adapter 1. The USB_I / F 114 has a terminal-side USB port and a USB controller (none of which are shown). The terminal-side USB port is a portion into which the USB plug 21 included in the security adapter 1 is inserted. The USB controller controls communication with another USB_I / F. The internal bus 115 transmits data to and from the CPU 111, the memory 112, the communication I / F 113, and the USB_I / F 114.

<About Management Server 140>
The management server 140 is communicably connected to the user terminal 110 through a network, and manages the security adapter 1 and the like. The management server 140 includes a CPU 141, a memory 142, a communication I / F 143, and an internal bus 144. Since these units are the same as those described for the user terminal 110, description thereof will be omitted. The memory 142 of the management server 140 stores a unique ID (CUID: Chip Unique IDentifier) of the IC chip 72 and a corresponding cryptographic operation key for external authentication by the IC chip 72. In this embodiment, the public encryption key is used for decrypting and encrypting information used for external authentication. Of course, a common encryption key may be used as another form. Even if a common encryption key is used, the essence of external authentication itself is not affected. For example, the information for external authentication is stored in the management server 140 when the IC chip 72 is issued. For example, the management server 140 performs necessary processing when determining whether the USB memory 120 is being used properly. In this embodiment, this determination is made by external authentication of the management server 140 by the IC chip 72. In this case, the management server 140 transmits necessary information to the IC chip 72. In brief, after the authentication by the PIN is completed, the IC chip 72 transmits a challenge code to the management server 140 through the user terminal 110. The management server 140 transmits a response corresponding to the received challenge code. This response is received by the IC chip 72 through the user terminal 110. If the received response is a scheduled content, the IC chip 72 determines that it is used by a legitimate user and permits access to a security area provided in the USB memory or the like. A series of authentication operations will be described later.

=== Main Parts of Security Adapter 1 ===
<About IC card 70>
As shown in FIG. 3A, the IC card 70 includes a substrate 71 and an IC chip 72 mounted on the substrate 71. The IC card 70 in the present embodiment is about the size of a stamp or about half that size. Moreover, the thickness is around 1 mm. As the substrate 71, an electrically insulating material such as a printed wiring board is used. The IC chip 72 includes a CPU 73, an internal memory 74, a cryptographic processing circuit 75, a serial I / F 76, a contact terminal group 77, and an internal bus 78.

  The CPU 73 operates according to a program stored in the internal memory 74. The internal memory 74 stores programs executed by the CPU 73, setting values necessary for operations, and the like. For example, as shown in FIG. 3B, the program main body, the encryption / decryption key, and the authentication information for comparison are stored. Here, the program body defines the operation of the CPU 73. The encryption / decryption key is information used when converting a plaintext (corresponding to plaintext information) into a ciphertext (corresponding to encrypted information) and converting a ciphertext into plaintext. The encryption / decryption key is used in the encryption processing circuit 75. The comparison authentication information corresponds to security information used for security processing. This authentication information is used, for example, when determining whether or not the user of the user terminal 110 has authority to access information in the USB memory 120. The authentication information in the present embodiment is a PIN (Personal Identification Number). And PIN is not set at the time of shipment. For this reason, at the time of the first authentication, a PIN is requested and used as the initial PIN. This PIN is used as comparison authentication information and is compared (verified) with the authentication information input through the user terminal 110.

  The encryption processing circuit 75 performs information encryption on information stored in a security area such as a USB memory. That is, plaintext encryption and ciphertext decryption are performed. The encryption processing circuit 75 employs a common encryption key system for information encryption and the like. The encryption processing circuit 75 encrypts information using the encryption / decryption key (common encryption key) stored in the internal memory 74. The serial I / F 76 is for transmitting / receiving information to / from the main controller 60. The contact terminal group 77 includes a power supply terminal 77a, a ground terminal 77b, a clock terminal 77c, and an I / O terminal 77d. The power supply terminal 77a is supplied with a power supply (for example, DC 3.3V) for operating the IC chip 72. A ground potential is applied to the ground terminal 77b. The power supply wiring and the ground wiring in the IC chip 72 are not shown. A clock used for the operation of the CPU 73 and the like is supplied to the clock terminal 77c. The I / O terminal 77d is a terminal for inputting / outputting information transmitted / received to / from the main controller 60. The internal bus 78 transmits data among the CPU 73, the internal memory 74, the encryption processing circuit 75, and the serial I / F 76.

<About the memory element 40>
FIG. 4 is a conceptual diagram illustrating a storage area of the storage element 40 included in the security adapter 1. This storage area functions as an information read-only area until authentication by the IC card 70 is performed. That is, until the security processing is executed by the IC card 70 and the user of the user terminal 110 is determined to be an authorized user having access authority to the security area such as the USB memory, it functions as a read-only area for information. To do. When it is determined that the user is an authorized user, the storage area is an area where information can be read and written. With this configuration, it is possible to limit writing of information and updating of information to information stored in the storage area to authorized users. For this reason, usability can be improved. In this storage area, security middleware, a security memory device driver, a chip unit driver, an installer, and the like are stored as programs. Hereinafter, these programs will be described.

  The security middleware adds a function for using the security adapter 1 as a security key for the user terminal 110. Here, the security key is for switching between a state of accepting an operation on the user terminal 110 and a state of not accepting the operation. That is, the user terminal 110 (computer device) is used by a specific user. For example, when the security adapter 1 is attached to the terminal-side USB port, the user terminal 110 is unlocked and receives input from an input device such as a keyboard or a mouse. On the other hand, when the security adapter 1 is removed from the terminal-side USB port, the user terminal 110 shifts to the locked state, activates the screen saver, and does not accept input from the input device. For this reason, the user attaches the security adapter 1 when using the user terminal 110, and removes the security adapter 1 when leaving the user terminal 110, so that other use of the user terminal 110 at the time of leaving the seat is performed. Can be prevented by a person who is not authorized. For this reason, information leakage through the user terminal 110 can be prevented.

  The security middleware also provides a function for using the security adapter 1 as a permission information storage medium. Here, the permission information is information for causing the user terminal 110 to determine whether or not the user is a specific user who is permitted to use the user terminal 110. Therefore, the storage element 40 included in the security adapter 1 corresponds to a permission information storage unit that stores permission information. The permission information includes, for example, a user ID for logging on to the user terminal 110 (authentication information for the user terminal 110), a logon password, and a digital certificate. The user can use the user terminal 110 without inputting a user ID, a password, or the like by attaching the security adapter 1 (permission information storage medium) when logging on to the user terminal 110. That is, when the user terminal 110 is activated, the main controller 60 communicates with the user terminal 110 and transmits the user ID read from the storage element 40 to the user terminal 110. By adopting this configuration, it is possible to set a user ID and password that are difficult to guess, and to improve security.

  Note that a security policy may be set on the user side when using the permission information. For example, the user may manually input some permission information to the user terminal 110. In this case, on the condition that the manually entered permission information (also referred to as other permission information) has a legitimate content, the user terminal 110 sends another permission information to the security adapter 1. Send information to the effect. The main controller 60 of the security adapter 1 reads the permission information stored in the storage element 40 (permission information storage unit) based on the information indicating that the other permission information has a proper content, and sends it to the user terminal 110. Send. The user terminal 110 shifts to a usable state based on the received permission information. The other permission information is, for example, a user ID and a logon password, and the permission information stored in the permission information storage unit is, for example, a user ID and a password for using various applications. Further, the other permission information may be a user ID and a logon password, and the permission information stored in the permission information storage unit may be a digital certificate and a network password. With this configuration, the use of the user terminal 110 is permitted on the condition that the security adapter 1 is attached to the user terminal 110 and that other correct permission information is manually input. As a result, harmony between security and convenience can be achieved. Furthermore, the permission information stored in the storage element 40 can be read out on the condition that the IC card 70 (chip unit) is attached and it is determined that the user is an authorized user. Also good.

  As described above, the information stored in the storage element 40 can be read regardless of authentication by the IC card 70. In addition, in order to rewrite this information, it is necessary to be recognized as an authorized user through authentication by the IC card 70. For this reason, setting and updating of permission information can be limited to authorized users. Also in this respect, security can be improved. Note that the security middleware includes a data body of other authentication information used for authentication.

  The security memory device driver is a program for setting a security area (for example, a security area 122b provided in the storage element 122) in the storage element 122 of the USB memory 120 or the magnetic disk 132 of the USB hard disk 130. The security memory device driver is also used when information is written to or read from the set security area. By executing the security memory device driver, the main controller 60 sets an address for the security area in the storage areas of the storage element 122 of the USB memory 120 and the magnetic disk 132 of the USB hard disk 130. This address can be recognized from the user terminal 110. Note that in order to read information and write information to the security area, it is necessary to undergo authentication by the IC chip 72. Therefore, the main controller 60 executes at least a part of an area (for example, the normal accessible area 122a, see FIG. 5A) where information can be written and read without authentication by executing the security memory device driver. It can be said that a change process is performed to change to an area (for example, security area 122b, see FIG. 6) in which information cannot be written or read without authentication. Since the main controller 60 of the security adapter 1 performs this change process, the process can be made common regardless of the type of the user terminal 110, and versatility can be improved. Such a security memory device driver corresponds to a change processing program that causes the main controller 60 to perform the change processing. The storage element 40 included in the security adapter 1 corresponds to a change processing program storage unit that stores a change processing program.

  The chip unit driver is a program for enabling the IC card 70 and the IC card connector 80 to be used on the user terminal 110. The chip unit driver in the present embodiment includes a reader / writer driver and a chip driver. The reader / writer driver is a driver program for communicatively connecting the IC card connector 80 and the user terminal 110, and the chip driver is a driver program for enabling transmission / reception of information to / from the IC chip 72. is there. Accordingly, the storage element 40 corresponds to a driver program storage unit that stores these driver programs. By installing these programs on the user terminal 110, the user terminal 110 can recognize the mounting state of the IC card 70. That is, it can be recognized from the user terminal 110 that the IC card 70 is attached or not attached.

  The installer is a program used when the above-described programs (security middleware, security memory device driver, and chip unit driver) are installed in the user terminal 110.

  By the way, the storage area of the storage element 40 functions as a read-only area for information until authentication by the IC card 70 is performed. In other words, each program including the installer can be read through the main controller 60 without authentication by the IC card 70. Therefore, the security adapter 1 can use these programs regardless of the mounting state of the IC card 70. For example, by executing security middleware, the security adapter 1 can be used as a security key, or permission information can be transmitted when the user terminal 110 is activated. Further, the IC card 70 and the IC card connector 80 can be used by the user terminal 110 without carrying a storage medium such as a CD-ROM. For this reason, the convenience can be improved.

<About storage areas such as USB memory>
Next, a storage area such as a USB memory will be described. Regarding the storage area, the USB memory 120 and the USB hard disk 130 can be considered in the same way. For this reason, the following description will be given with respect to the USB memory 120, and the USB hard disk 130 will be omitted. As shown in FIG. 5A, before the security memory device driver is executed, the entire storage area of the storage element 122 of the USB memory 120 is recognized as the normal accessible area 122a in the user terminal 110. Here, the normal accessible area is information written by the main controller 60 on the basis of a command from the user terminal 110 regardless of whether or not the IC chip 72 is authenticated (that is, regardless of whether the IC card 70 is attached). Or an area that can be read, and corresponds to a non-security area. As illustrated in FIG. 5B, the folder A and the folder B created in the normal accessible area 122a and the files created in these folders (corresponding to information other than the protection target information) are any. Writing and reading can be performed based on a command from the user terminal 110 without restriction.

  When the security memory device driver is executed from the user terminal 110, the main controller 60 changes at least a part of the normal accessible area 122a to the security area 122b. Note that the security area 122b may be provided by changing the entire normal accessible area 122a. In the example of FIG. 6A, the main controller 60 changes a part of the normal accessible area 122a to the security area 122b. As a result, as shown in FIG. 6B, folder A and folder B are created in the normal accessible area 122a, and security folder C is created in the security area 122b.

  The security folder C can be recognized from the user terminal 110 even if the authentication by the IC chip 72 is not performed. However, when a file is stored in the security folder C or a file stored in the security folder C is read, the user of the user terminal 110 is authorized by the user using the IC chip 72. (It will be described later). Also, by changing the driver program, the security folder C can be made invisible so that it cannot be recognized as an area unless the authentication by the IC chip 72 is performed.

  In the security area 122b, information is stored in an encrypted state. That is, the information stored in the security area 122b corresponds to the protection target information. In the present embodiment, information is encrypted and decrypted by the IC chip 72 (encryption processing circuit 75). Therefore, in order to write / read information to / from the security area, it is necessary to attach the IC card 70 to the IC card connector 80 and to authenticate the user as a regular user based on the authentication information.

=== About operation ===
<Operation when security adapter 1 is connected>
Next, the operation of the security adapter 1 having the above-described configuration will be described. First, an operation when the security adapter 1 is connected to the user terminal 110 will be described. As shown in FIG. 7A, the user terminal 110 (CPU 111 or USB_I / F 114) monitors the connection of the USB plug 21 of the security adapter 1 to the terminal side port (S1). When the USB plug 21 is connected to the terminal side port, the user terminal 110 performs enumeration (S2). Enumeration is a series of processes for identifying a connected USB device, specifying an address, and the like. At this time, addresses and descriptors are transmitted and received between the user terminal 110 and the security adapter 1. By performing this enumeration, the security adapter 1 can be used in the user terminal 110. At this stage, the components other than the IC card 70 and the IC card connector 80, that is, the main controller 60, the host-side USB_I / F 20, the device-side USB_I / F 30, and the storage element 40 are enabled. For this reason, the storage element 40 is recognized from the user terminal 110. In this example, the storage element 40 is recognized as an E drive as shown in FIG. 7B. The E drive is a read-only area at this stage. In the E drive, a folder storing security middleware and a folder storing various drivers are created. Therefore, the program stored in each folder can be used from the user terminal 110. For example, an installer can be executed.

  At this stage, since the device-side USB_I / F 30 is enabled, the security adapter 1 also functions as a USB hub. For example, when USB devices such as a printer and a scanner are connected to the device-side USB_I / F 30, these USB devices are recognized from the user terminal 110. By storing a device driver for a USB device in the storage element 40 in advance, the USB device can be used by the user terminal 110 without carrying a storage medium such as a CD-ROM. Many external memories such as USB memories are recognized by the standard functions of the OS. For this reason, as shown in FIG. 5A, at this stage, the entire storage area in the external memory is recognized as a normal accessible area from the user terminal 110.

  When the installer is executed based on a request from the user terminal 110, a necessary driver is read from the storage element 40 (driver folder) and installed in the user terminal 110. For example, when the chip unit driver is installed, the IC card 70 and the IC card connector 80 can be used from the user terminal 110. As the IC card 70 becomes usable, the main controller 60 checks whether or not an initial PIN is set. Here, when the initial PIN is not set, the main controller 60 requests the user to input the PIN through the user terminal 110. The input PIN is stored in the internal memory 74 of the IC chip 72.

  When the security middleware is installed, the security adapter 1 can be used as a security key for the user terminal or can be used as a permission information storage medium for the user terminal. Here, when an initial PIN is input, information can be written to the storage element 40 of the security adapter 1. Therefore, when the security adapter 1 is used as a permission information storage medium, necessary information is input at this stage. Specifically, the main controller 60 requests input of information such as a user ID, a logon password, and a digital certificate. The input information can be rewritten when the IC card 70 is attached and the user is authenticated as a regular user. As described above, since the person who can rewrite the permission information is limited to a regular user, the security can be improved.

  Further, when the security memory device driver is installed in a state where the USB memory or the like is connected to the device-side USB_I / F 30, the main controller 60 performs a change process. Thereby, a security area is provided in a storage area such as a USB memory (see FIGS. 6A and 6B).

<Processing for security area>
Next, reading and writing of information with respect to the security area will be described. Here, FIG. 8 is a diagram for explaining reading and writing of information with respect to the security area. In the following description, it is assumed that necessary drivers and the like are installed in the user terminal 110. Further, it is assumed that the security adapter 1 is connected to the user terminal 110 and the IC card 70 is attached to the IC card connector 80 of the security adapter 1. Furthermore, it is assumed that the USB memory 120 is connected to the security adapter 1.

<First access process>
The first access process is an access process in a state where user authentication has not been completed. In other words, although the security area can be recognized from the user terminal 110, the access processing is performed in a state where the authority to access the security area is not given to the user terminal 110 (the user of the user terminal 110). In this process, when the user tries to read the information stored in the security area (for example, when the user double-clicks the security folder in FIG. 6B), the user terminal 110 sends this area to the main controller 60 of the security adapter 1. Is read out (S11). Based on this read request, the main controller 60 inquires of the IC chip 72 whether authentication has been completed (S12). Since authentication has not been completed at this timing, the IC chip 72 transmits an answer indicating that it has not been authenticated to the main controller 60 (S13). In response to this answer, the main controller 60 requests the user terminal 110 to enter a PIN (S14).

  When the user inputs a PIN, the user terminal 110 transmits the input PIN to the main controller 60 (S15). The main controller 60 inquires of the IC chip 72 whether or not the input PIN is valid (S16). At this time, the IC chip 72 compares the initial PIN input at the time of installation of the driver or the like (the PIN after rewriting when it is rewritten thereafter) with the input PIN, and if both match, It is determined that a normal PIN has been input. In this example, a case where the PIN is valid is described.

  Here, in the present embodiment, a PIN to be compared (corresponding to authentication information for comparison) is stored in the IC chip 72. The IC card 70 provided with the IC chip 72 is detachably attached to the main body of the security adapter 1. For this reason, by removing the IC card 70, even if the main body of the security adapter 1 is analyzed, the PIN is not acquired. Thereby, security can be improved. Further, the IC chip 72 determines whether or not the user is an authorized user by comparing the PIN to be compared with the input PIN. For this reason, the determination by the IC chip 72 can be easily performed.

  The IC chip 72 determines whether or not the PIN is legitimate, and if it is legitimate, tries the external authentication for the management server 140. For this reason, the IC chip 72 generates a challenge code. Then, the generated challenge code is transmitted to the management server 140 through the main controller 60 and the user terminal 110 (S17 to S19). The challenge code is a combination of encrypted information obtained by encrypting information including a random number and a unique ID (CUID) of the IC chip 72. The encryption information in this embodiment is a cryptographic key (also referred to as a secret key or a private key) held by the IC chip 72, which is composed of a random number generated by the IC chip 72, a CUID, and a unique ID of the security adapter 1. ). Moreover, CUID which comprises a part of challenge code is plaintext information.

  The management server 140 recognizes a CUID that is plaintext information from the challenge code, and selects a corresponding encryption key (public encryption key) based on the CUID. Then, the encrypted information is decrypted using the selected encryption key, and a random number included in the encrypted information is acquired. Further, response data is generated by encrypting information configured based on the acquired random number using an encryption key. The management server 140 transmits the generated response data to the IC chip 72 through the user terminal 110 and the main controller 60 (S20 to S22). The IC chip 72 decrypts the response data with the encryption key that it holds and acquires a random number. When the acquired random number matches the random number used when generating the challenge code, the IC chip 72 determines that external authentication has been established. With the establishment of the external authentication, the IC chip 72 stores information indicating that reading is permitted, that is, information indicating that the user of the user terminal 110 is an authorized user having access authority to the security area. The data is transmitted to the controller 60 (S23). Receiving this information, the main controller 60 permits read processing and write processing to the security area. In this case, the main controller 60 reads target data to be read from the security area of the USB memory 120. That is, the main controller 60 issues a read request to the USB memory 120 (S24). Then, the target data transmitted from the USB memory 120 is received (S25).

  As described above, the security adapter 1 of the present embodiment confirms that the PIN (input authentication information) sent through the user terminal 110 is authentic and that external authentication with the management server 140 has been established. The conditions permit read processing and write processing to the security area. The external authentication with the management server 140 is performed based on the response of the management server 140 to the challenge data transmitted by the IC chip 72. For this reason, the information stored in the security area cannot be read unless the regular IC chip 72 is attached. For this reason, it is possible to effectively prevent malicious attempts to read information stored in the security area.

  Here, the target data transmitted from the USB memory 120 is information stored in the security area and is encrypted. That is, it corresponds to encrypted protection target information. For this reason, it is necessary to decrypt this target data into plain text. Therefore, the main controller 60 transmits this target data to the IC chip 72 (S26). In the IC chip 72, the encrypted target data is decrypted with the encryption / decryption key (corresponding to the decryption key) stored in the internal memory 74, and converted into plain text. Then, plaintext target data (corresponding to plaintext information to be transmitted to the user terminal 110) is transmitted to the main controller 60 (S27). The main controller 60 transmits the plaintext target data to the user terminal 110 (S28). Thereby, in the user terminal 110, the plaintext target data is used. For example, the content of information (target data) stored in the security area is visually recognized by the user via the user interface.

<About the second and subsequent access processing>
Next, the second and subsequent access processing will be described. First, information writing processing from the user terminal 110 will be described. In this case, a write request is transmitted from the user terminal 110 to the main controller 60 (S31). Based on this write request, the main controller 60 inquires of the IC chip 72 whether authentication has been completed (S32). Since the authentication has been completed at this timing, the IC chip 72 transmits an answer indicating that the authentication has been completed to the main controller 60 (S33). This answer corresponds to information indicating that the user of the user terminal 110 is a regular user having access authority to the security area. In response to this answer, the main controller 60 receives the target data to be written from the user terminal 110 (S34). Since the target data transmitted from the user terminal 110 is plain text, it needs to be encrypted. For this reason, the main controller 60 transmits the plaintext target data to the IC chip 72 (S35). Then, the IC chip 72 encrypts the transmitted plaintext target data using the encryption / decryption key (corresponding to the encryption key) stored in the internal memory 74. The encrypted target data (corresponding to encryption information to be stored in the security area) is transmitted to the main controller 60 (S36). The main controller 60 transmits the encrypted target data to the USB memory 120. The USB memory 120 stores the encrypted target data in the security area (S37).

  Next, a process for reading information from the user terminal 110 will be described. In this case, a read request is transmitted from the user terminal 110 to the main controller 60 (S41). Based on this read request, the main controller 60 inquires of the IC chip 72 whether authentication has been completed (S42). Since authentication has been completed at this timing, the IC chip 72 transmits an answer indicating that the authentication has been completed to the main controller 60 (S43). In response to this answer, the main controller 60 transmits a read request for the target data to be read to the USB memory 120 (S44). As the read request is received, the USB memory 120 transmits the target data to the main controller 60 (S45). Since the target data is encrypted, in order to be recognized by the user terminal 110, it is necessary to decrypt it. Therefore, the main controller 60 transmits the encrypted target data to the IC chip 72 (S46). Then, the IC chip 72 uses the encryption / decryption key stored in the internal memory 74 to decrypt the transmitted target data into plain text. And it transmits to the main controller 60 (S47). Further, the main controller 60 transmits the plaintext target data to the user terminal 110 (S48). As a result, the user terminal 110 can use the information stored in the security area.

  Thereafter, in accordance with a similar procedure, information read processing and write processing in response to a request from the user terminal 110 are performed. When the security adapter 1 is removed from the user terminal 110, the IC card 70 is removed from the IC card connector 80, or the power is turned off, the first access process will be described again at the next use. Authentication is performed.

<Summary>
As described above, in the first embodiment, by interposing the security adapter 1 between the user terminal 110 and the USB memory or the like, the protection target information can be stored in the security area of the USB memory or the like, or the security area can be stored. The information to be protected stored in can be read out. For this reason, even if it is a USB memory etc. which does not have an information encryption function, protection object information can be handled.

  In this security adapter 1, an IC card 70 (first controller) that performs security processing is provided separately from a main controller 60 (second controller) that performs processing for reading and writing information to a USB memory or the like. For this reason, the controller 10 used according to a function can be used properly, and the usability can be improved. For example, by causing the main controller 60 to perform processes not related to the security process, the security adapter 1 can perform various processes even when the IC card 70 is not attached. In addition, in the security adapter 1, information (protection target information) reading processing and writing processing with respect to the security area are subject to mounting of the IC card 70 on the IC card connector 80 and user authentication by the IC chip 72. To be done. For this reason, by storing the IC card 70 in a location different from the security adapter 1, even if the security adapter 1 is analyzed, information leakage can be prevented. As a result, security can be improved.

  In the security adapter 1, the main controller 60 performs a change process, and changes at least a part of the storage area such as the USB memory to the security area. As described above, since the main controller 60 performs the changing process, the process for changing to the security area can be made common regardless of the type of the user terminal 110. As a result, versatility can be improved. A program (security memory device driver) used for the change process is stored in the storage element 40 of the security adapter 1. The storage element 40 functions as a read-only area for information when the user is not authenticated by the IC chip 72. For this reason, even if the user is not authenticated, the information stored in the storage element 40 can be used. Therefore, it is not necessary to carry a storage medium such as a CD-ROM separately, and convenience can be improved.

  In this security adapter 1, an IC chip 72 with high tamper resistance encrypts plaintext information and decrypts encrypted information. An encryption key used for encryption and decryption is also stored in the IC chip 72 having high tamper resistance. For this reason, security can be improved.

  In this security adapter 1, the IC card 70 is configured to be removable from the main body of the security adapter 1. For this reason, the IC card 70 can be created in a separate process from the main body of the security adapter 1. In this case, information stored in the IC card 70 (comparison authentication information such as a PIN) may be unique to the user. For example, it can be configured by a SIM (Subscriber Identity Module). Thereby, a main-body part can be shared and the improvement of production efficiency can be aimed at.

  By the way, in this security adapter 1, the permission information is stored in the storage element 40, but the present invention is not limited to this configuration. For example, the permission information may be stored in the internal memory 74 included in the IC chip 72. In other words, the permission information storage unit may be configured by the internal memory 74. With this configuration, the user terminal 110 can be used only by the user who owns the IC chip 72, and security can be improved.

  Further, regarding external authentication for the management server 140, as in the fourth embodiment described later, a network different from the network connecting the user terminal 110 and the management server 140 (communication network via a base station for information communication) Can be used, external authentication may be performed using another network. In this case, all of the information transmitted from the security adapter 1 may be transmitted using another network, or a part of the information may be transmitted using another network. As described above, when at least a part of information transmitted from the security adapter 1 is configured to be transmitted through another network, information used for external authentication through the network connecting the user terminal 110 and the management server 140 ( For example, it is possible to effectively prevent PIN) from leaking.

=== Second Embodiment ===
In the first embodiment described above, the user terminal 110 that is directly operated by a user is described as an example of a computer device. In this configuration, protection target information can be handled between the user terminal 110 and a USB memory or the like. By the way, the computer device is not limited to the user terminal 110. For example, a server used in a thin client system may be used. Hereinafter, a second embodiment of the security adapter 1 used in the thin client system will be described.

<About configuration>
FIG. 9 is a block diagram for explaining the second embodiment. In addition, about the same part as the part demonstrated in 1st Embodiment, the same code | symbol is attached | subjected and description is abbreviate | omitted. The difference from the first embodiment is that the security adapter 1 is connected to the thin client terminal device 150 and that the application server 160 reads and writes information to and from the storage area of the USB hard disk 130. . Hereinafter, the second embodiment will be described focusing on these differences. First, the thin client system will be described. The illustrated thin client system includes a thin client terminal device 150 and an application server 160.

  The thin client terminal device 150 is a terminal that is directly operated by a user, and is connected to the application server 160 through a network so as to communicate with each other. In this thin client system, information is transmitted and received in an encrypted state between the thin client terminal device 150 and the application server 160. The thin client terminal device 150 is characterized in that it has a minimum function such as provision of a user interface when compared with the user terminal 110 described above. Note that the thin client terminal device 150 can be configured by a dedicated terminal or a personal computer having versatility. When the thin client terminal device 150 is configured by a personal computer, for example, a dedicated display area is provided in the display area of the display device. Then, an image corresponding to the image data transmitted from the application server 160 is displayed in this display area. In this case, input / output such as printing and data storage in the thin client terminal device 150 is restricted by an application program installed in the thin client terminal device 150. Thereby, security is improved.

  The illustrated thin client terminal device 150 includes a CPU 151, a memory 152, a communication I / F 153, a USB_I / F 154, and an internal bus 155. Each of these units has the same function as each unit of the user terminal 110 according to the first embodiment. However, as can be seen from the above description, the computer program stored in the memory 152 is different from the user terminal 110. For example, the memory 152 of the thin client terminal device 150 stores only the minimum necessary software such as an OS and web browsing software. Note that the communication I / F 153 and the USB_I / F 154 included in the thin client terminal device 150 can be used by a standard function of the OS. For this reason, when the security adapter 1 is connected, the application server 160 can use the program stored in the storage element 40. When the installer is executed based on a command from the application server 160, the IC card connector 80 becomes communicable with the thin client terminal device 150. Further, the security adapter 1 functions as a security key for the application server 160 and functions as a permission information storage medium for the application server 160.

  The application server 160 is a kind of computer device. When the thin client terminal device 150 is configured as a dedicated terminal, the application server 160 performs most of the processing provided to the user. Further, when the thin client terminal device 150 is configured by a general-purpose personal computer, the application server 160 performs processing according to the function provided to the user. In any case, the application server 160 receives the information transmitted from the thin client terminal device 150 by the operation of the user. Then, the application program is executed based on the received information. Then, display information for displaying an image on a display device (not shown) included in the thin client terminal device 150 is transmitted to the thin client 150.

  The illustrated application server 160 includes a CPU 161, a memory 162, and a communication I / F 163. Each of these units has the same function as the management server 140 of the first embodiment. However, as can be seen from the above description, the computer program stored in the memory 162 is different from the management server 140. For example, the memory 162 of the application server 160 stores various application programs that are used by the user.

<First access process>
As shown in FIG. 10, when the user tries to access the security area through the thin client terminal device 150 in the first access process, for example, when the user instructs to write information in the security area, the thin client terminal device 150 Operation information indicating a write request operation is transmitted to 160 (S51). Receiving this operation information, the application server 160 transmits an information write request to the main controller 60 of the security adapter 1 (S52). Based on this write request, the main controller 60 inquires of the IC chip 72 whether authentication has been completed (S53). Since authentication has not been completed at this timing, the IC chip 72 transmits an answer indicating that it has not been authenticated to the main controller 60 (S54). In response to this answer, the main controller 60 requests the application server 160 to enter a PIN (S55). The application server 160 transmits display information for displaying a request display screen for prompting the input of the PIN to the thin client terminal device 150 (S56). The thin client terminal device 150 displays a request display screen on the display device by receiving the display information. When the user performs a PIN input operation through the thin client terminal device 150, the operation information is transmitted to the application server 160 (S57). Based on this operation information, the application server 160 recognizes the input PIN. Then, the application server 160 transmits the recognized PIN to the main controller 60 (S58). The main controller 60 inquires of the IC chip 72 whether or not the input PIN is valid (S59). At this time, the IC chip 72 compares the stored PIN with the received PIN, and determines that the correct PIN has been input when the two match.

  When the received PIN is authentic, the IC chip 72 attempts external authentication with respect to the application server 160. For this reason, the IC chip 72 generates a challenge code. Then, the generated challenge code is transmitted to the application server 160 through the main controller 60 (S60, S61). The challenge code is the same as that of the first embodiment. The application server 160 generates response data from the received challenge code. Note that the response data is generated in the same manner as in the first embodiment. Also, the encryption key used for encryption and decryption is registered in the application server 160 in a state of being paired with the unique ID (CUID) of the IC chip 72 when the IC card 70 is issued, for example.

  The application server 160 transmits the generated response data to the IC chip 72 through the main controller 60 (S62, S63). When the random number acquired from the response data matches the random number used when generating the challenge code, the IC chip 72 determines that the external authentication is established. With the establishment of the external authentication, the IC chip 72 transmits information indicating that writing is permitted to the main controller 60 (S64). This information corresponds to information indicating that the user using the application server 160 is a regular user having access authority to the security area. The main controller 60 transmits information indicating that writing is permitted to the application server 160 (S65). The application server 160 encrypts the plaintext information to be written along with the reception of this information, that is, the protection target information (S66). The encrypted information is transmitted to the main controller 60 (S63) and stored in the security area of the USB hard disk 130 (S64).

  Incidentally, the registration of the encryption key to the application server 160 is not limited to the registration at the time of issuing the IC card 70. For example, it may be transmitted from the security adapter 1 on condition that authentication by PIN has been established. Furthermore, when a network other than the network for the thin client system (communication network via the information communication base station) can be used as in the fourth embodiment to be described later, another network is used. An encryption key may be transmitted. If the information (encryption key) transmitted from the security adapter 1 is configured to be transmitted through another network, the encryption key can be shared without passing through the thin client terminal device 150. As a result, unauthorized acquisition of the encryption key can be prevented, and security can be further improved.

<About the second and subsequent access processing>
Next, the second and subsequent access processing will be described. Here, a process when reading the protection target information stored in the security area of the USB hard disk 130 into the application server 160 will be described. In this case, the user instructs reading of information stored in the security area through the thin client terminal device 150. Thereby, the thin client terminal device 150 transmits operation information indicating a read request operation to the application server 160 (S71). Receiving this operation information, the application server 160 transmits an information read request to the main controller 60 of the security adapter 1 (S72). Based on this read request, the main controller 60 inquires of the IC chip 72 whether authentication has been completed (S73). Since the authentication has been completed at this timing, the IC chip 72 transmits an answer indicating that the authentication has been completed to the main controller 60 (S74). This answer also corresponds to information indicating that the user using the application server 160 is an authorized user having access authority to the security area. In response to this answer, the main controller 60 transmits a target data read request to the USB hard disk 130 (S75).

  As the read request is received, the USB hard disk 130 transmits the target data to the main controller 60 (S76). The main controller 60 transmits the target data to the application server 160 (S77). Here, the target data transmitted from the USB hard disk 130 is encrypted by the application server 160. For this reason, the main controller 60 transmits the encrypted target data to the application server 160 as it is. The application server 160 decrypts and uses the received target data (S78).

<Summary>
As described above, in the second embodiment, protection target information can be handled between the application server 160 and a USB memory or the like via the thin client terminal device 150. That is, information can be stored in the external memory in the thin client system. The information stored in the external memory cannot be accessed unless it is determined as an authorized user by authentication in the thin client system. For this reason, it is possible to reconcile the convenience that information can be stored in an external memory and transported, and the security by authentication by the thin client system at a high level. In particular, the risk of information loss due to the crash of the application server 160 and the risk of information disclosure due to unauthorized access to the application server 160 can be reduced by distributing information storage carriers, improving the security and availability of the entire system. can do.

  Even in this case, it is not necessary to carry a storage medium storing a driver program for the thin client terminal device 150, so that the convenience can be improved. Further, the protection target information transmitted from the application server 160 to the external memory is encrypted by the application server 160 with an encryption key. Similarly, the protection target information transmitted from the external memory to the application server 160 is also encrypted by the IC chip 72. For this reason, security can be improved.

  In the second embodiment, the target data (protection target information) encrypted by the application server 160 is stored in the security storage area of the USB hard disk 130, but is not limited to this configuration. As in the first embodiment, encryption may be performed by the security adapter 1.

=== Third Embodiment ===
In the first and second embodiments described above, between the security adapter 1 and the user terminal 110, between the security adapter 1 and the thin client terminal device 150, and between the security adapter 1 and an external memory (USB memory 120, USB hard disk). 130) with a USB cable. Connection of each device is not limited to wired connection. That is, you may connect by radio | wireless. A third embodiment in which the devices are connected wirelessly will be described below. The configuration of the third embodiment is the same as that of the first embodiment except for the interface portion. For this reason, only a different part is demonstrated and description is abbreviate | omitted about a common part.

  As shown in FIG. 11, in this third embodiment, the security adapter 1 has an adapter-side wireless I / F 90, the user terminal 110 has a terminal-side wireless I / F 116, and the wireless hard disk 130 'is a hard disk-side wireless. I / F139. Information is transmitted and received wirelessly between the devices. Various standards can be used for each of the wireless I / Fs 90, 116, and 139. For example, radio waves or infrared rays having a specific frequency (2.4 to 2.45 GHz band) are used. Note that the standard between the user terminal 110 and the security adapter 1 may be different from the standard between the security adapter 1 and the wireless hard disk 130 ′. For example, the user terminal 110 and the security adapter 1 may be connected by radio waves of a specific frequency, and the security adapter 1 and the wireless hard disk 130 ′ may be connected by infrared rays.

  In the third embodiment, the security adapter 1, the user terminal 110 (computer device), and the wireless hard disk 130 '(external memory) are connected so as to be communicable wirelessly. For this reason, each apparatus is wirelessly connected only by arrange | positioning the security adapter 1 in the range which an electromagnetic wave and infrared rays reach. As a result, it is not necessary to perform processing such as cable connection, and convenience can be improved. In particular, when configured to communicate with radio waves, communication is possible even if there is an obstacle between the devices, which is preferable because the degree of freedom of arrangement of each device is increased. For example, since communication can be performed while wearing the security adapter 1, the user terminal 110 can be reliably shifted to the locked state when the user is away from the desk.

=== Fourth Embodiment ===
In each of the embodiments described above, the IC card 70 is dedicated to the security adapter 1. Further, the external memory (USB memory 120, USB hard disk 130, wireless hard disk 130 ') has a communication interface such as USB_I / F or wireless I / F. Here, the IC card 70 may not be dedicated to the security adapter 1. The external memory may have a contact terminal group for transmitting and receiving information. Hereinafter, the fourth embodiment configured as above will be described.

  As shown in FIG. 12, the fourth embodiment is characterized in that a mobile phone 170 is used as a security adapter. As in the third embodiment, the user terminal 110 is of a type in which the communication interface is wireless. Therefore, the description is omitted. The cellular phone 170 functions as a security adapter, and includes a main controller 171, a telephone-side wireless I / F 172, a base station communication unit 173, an audio processing unit 174, an input unit 175, and an IC card connector 176. IC card 177, storage element 178, memory card connector 179, and internal bus 180. Among these, the IC card connector 176, the storage element 178, and the internal bus 180 have the same configuration as the IC card connector 80, the storage element 40, and the internal bus 63 of the first embodiment. Therefore, the description is omitted.

  The main controller 171 includes a CPU 181 and a memory 182 and is responsible for overall control in the mobile phone 170. For example, processing related to a voice call is performed, and information reading processing and writing processing to an external memory are performed. In the fourth embodiment, a memory card 183 is used as the external memory. This memory card 183 is common to a USB memory or the like in that it has a storage element (not shown) constituted by a flash memory or the like. The memory card 183 does not have a communication interface (for example, USB_I / F 123 or wireless I / F 139), but instead has a memory side contact terminal group for connection. And so on. For this reason, communication with the main controller 171 is performed via the memory card connector 179.

  The memory card connector 179 corresponds to an external memory mounting unit, and the memory card 183 is mounted in a state where it can communicate with the main controller 171 and is removable. Although not shown, the memory card connector 179 includes a guide member and a board-side contact terminal group. The guide member is a member for guiding the memory card 183 to a predetermined mounting position. The board side contact terminal group comes into contact with the memory side contact terminal group when the memory card 183 is mounted at a predetermined mounting position. When the board side contact terminal group and the memory side contact terminal group come into contact with each other, the memory card 183 and the main controller 171 can communicate with each other.

  The telephone-side wireless I / F 172 has the same configuration as the adapter-side wireless I / F 90 of the third embodiment, and is used for transmitting and receiving information to and from the user terminal 110 wirelessly. As the telephone side wireless I / F 172, one using radio waves of a specific frequency or infrared rays is used. The base station communication unit 173 is for communicating with a base station for information communication. For example, the audio data from the main controller 171 is transmitted toward the base station. Also, audio data transmitted from the base station is received. In the case of data communication, communication data is transmitted and received instead of voice data. The sound processing unit 174 converts the sound collected by the microphone MF into digital data and transmits it to the main controller 171, or converts the sound data from the main controller 171 into analog data and outputs it to the speaker SP. The input unit 175 performs various operations such as input of the telephone number of the other party.

  The IC card 177 has the same configuration as the IC card 70 of each embodiment described above. The difference from the embodiments is that the contractor identification information for identifying the contractor regarding the voice call is stored. That is, the contractor identification information is stored in the internal memory of the IC chip 184. This contractor identification information is referred to when performing information communication such as voice call and data communication. For example, the main controller 171 enables the base station communication unit 173 on the condition that the contractor identification information can be referred to. Thus, in the IC card 177 of the fourth embodiment, since the contractor identification information is stored in the IC chip 184, the IC chip 184 can be used for various purposes.

  Note that digital communication is performed between the base station communication unit 173 and the base station. Therefore, by using the digital information communication function of the mobile phone 170, communication via the base station can be performed between the mobile phone 170 and the management server 140. Thereby, external authentication performed with the management server 140 and exchange of the encryption key with the management server 140 can be performed via the base station. With this configuration, external authentication and encryption key sharing can be performed without passing through the user terminal 110. As a result, it is possible to prevent leakage of authentication information and unauthorized acquisition of the encryption key through the user terminal 110, and security can be further improved.

=== Other Embodiments ===
In each of the above-described embodiments, the security adapter 1 has been described. This description includes information storage and reading methods, computer programs for controlling the security adapter 1, and codes. Moreover, each embodiment is for making an understanding of this invention easy, and is not for limiting and interpreting this invention. The present invention can be changed and improved without departing from the gist thereof, and it is needless to say that the present invention includes equivalents thereof. Further, the technical ideas disclosed in the embodiments can be combined. Further, the embodiments described below are also included in the present invention.

<Relationship between authentication and usable area>
In the first embodiment described above, when external authentication of the management server 140 by the IC chip 72 is established, information can be written to and read from the security area 122b provided in the USB memory 120. In this regard, the security area 122b may be divided into a plurality of sub-areas, and the usable sub-areas may be determined according to the authentication establishment status. For example, as shown in FIG. 13, a case where the first sub area 122c to the fourth sub area 122f are provided in the security area 122b will be described. In this case, if the PIN authentication is established, but the authentication is not established with the management server 140, a part of the sub areas can be used. For example, the first sub region 122c and the second sub region 122d can be used, and the third sub region 122e and the fourth sub region 122f cannot be used. Further, when the PIN authentication is established and the authentication with the management server 140 is also established, the first sub area 122c to the fourth sub area 122f can be used.

  At this time, the IC chip 72 is a case where the PIN (input authentication information) sent through the user terminal 110 is authentic and when external authentication is established with the management server 140. When the main controller 60 is permitted to read and write the entire security area 122b and the PIN sent through the user terminal 110 is authentic, and externally connected to the management server 140. When the authentication is not established, the main controller 60 is permitted to read and write a part of the security area 122b. As described above, if an area where writing and reading can be performed in the security area is determined according to the stage of authentication, the security level can be varied depending on the use situation. For example, in an environment with high security such as an in-house intranet, the entire security area 122b can be used, and only a part of the security area 122b can be used when used in the user terminal 110 at the destination. . Thereby, it is possible to give high confidentiality to an area that cannot be used from the user terminal 110 at the destination. As a result, one security area 122b can be used effectively, and usability can be improved.

  Of course, the entire security area 122b may be used on the condition that the input PIN is a regular one, with emphasis on ease of use. In this case, if the PIN sent through the user terminal 110 is authentic, the IC chip 72 transmits information indicating that fact (for example, a challenge code or dedicated information) to the main controller 60. Based on the reception of this information, the main controller 60 can read and write information with respect to the entire security area 122b. In such a configuration, the management server 140 is not necessary.

  In addition, when the management server 140 can be authenticated by the security adapter 1, a part of the security area can be used. In addition, when the security adapter 1 can be authenticated by the management server 140 (that is, mutual authentication is established). In other cases) other areas may be made available. Similarly, when the management server 140 can be authenticated by the security adapter 1, a part of the area is determined as an area from which information can be read, and when mutual authentication is established, information can be written to the area. May be.

<About encryption processing>
In each of the embodiments described above, encryption of information stored in the security area and decryption of information read from the security area are performed by the IC chip 72. These encryption and decryption processes may be performed by the main controller 60 (171). In this case, it is necessary to transfer the encryption / decryption key from the IC chip 72 to the main controller 60 in a secret state. In addition, regarding the control information that defines the encryption / decryption key encryption / decryption procedure, there may be a case where transfer from the IC chip 72 to the main controller 60 in a secret state is required depending on the configuration. Furthermore, it is necessary to prevent the encryption / decryption key from being read when the IC chip 72 is removed. Considering these, it is preferable to adopt the following configuration.

  First, a common encryption key is used as an encryption key used for encrypting plaintext information and a decryption key used for decrypting encrypted information. This common encryption key is stored in a storage area having tamper resistance in the IC chip 72. Each of the main controller 60 and the IC chip 72 has a common encryption / decryption algorithm used for exchanging a common encryption key and a control program (hereinafter also referred to as a common encryption key).

  The transfer of the common encryption key or the like is performed after PIN authentication by the IC chip 72 is established, for example. In this case, first, a command for requesting a random number is transmitted from the IC chip 72 to the main controller 60. Based on this command, the main controller 60 generates a random number. The generated random number is temporarily stored in the main controller 60. Further, the main controller 60 generates response data including the generated random number by performing encoding using a common algorithm, and transmits this response data to the IC chip 72. The IC chip 72 decodes the received response data using a common algorithm, and acquires a random number. The IC chip 72 uses the acquired random number as a so-called session key, and encodes the stored common encryption key or the like with a common algorithm. Thereby, response data is generated. This response data is transmitted to the main controller 60. When the response data from the IC chip 72 is received, the main controller 60 performs decoding by the common algorithm using the temporarily stored random number. Thereby, a common encryption key etc. are acquired from response data. In this example, the main controller 60 generates a random number based on an explicit request from the IC chip 72. For this reason, processing cannot be performed unless the system is implemented with a common protocol. That is, information cannot be encrypted or decrypted when the IC chip 72 is not attached. As a result, high security can be maintained.

  These common encryption key and control program are stored in a volatile memory included in the main controller 60. This volatile memory is provided in a part of the internal memory 62. Then, the CPU 61 encrypts information stored in the security area using a common encryption key or the like, and decrypts information read from the security area. In these cases, the main controller 60 confirms the mounting of the IC chip 72 every time encryption processing and decryption processing are performed. That is, the encryption process and the decryption process are performed on condition that the IC card 70 is normally (communicably) attached to the IC card connector 80. When the IC card 70 is removed from the IC card connector 80, the common encryption key and the like are immediately deleted from the volatile memory. Also, when the power is turned off or the plug is removed from the terminal side port, the common encryption key and the like are immediately deleted from the volatile memory. Therefore, it is possible to increase the security level when the IC card 70 is removed. If at least the common encryption key is deleted, high security can be ensured.

  In this example, high-speed processing by the main controller 60 and security can be ensured at a high level.

<About authentication>
In the first and second embodiments, PIN authentication and external authentication are performed during the first access process to the security area. This is because the security adapter 1 is configured to be used for many purposes. That is, the security adapter 1 is connected to the user terminal 110 (or the thin client terminal device 150) and is used as a USB hub in an unauthenticated state. Here, it is good also as a structure which enables use of the security adapter 1 on condition that it authenticates with the regular user. In this case, at the time of connection to the user terminal 110 or at the time of connection to the thin client terminal device 150, authentication by PIN or external authentication is performed.

  Even in this case, as in the fourth embodiment, when another network via the base station can be used, external authentication may be performed using another network, and encryption information may be transmitted and received. May be. At this time, all of the information transmitted from the security adapter 1 may be transmitted using another network, or a part of the information may be transmitted using another network. As described above, when at least a part of the information transmitted from the security adapter 1 is transmitted through another network, the authentication information leaks through the network connecting the computer device and the security adapter 1. Can be effectively prevented.

  Further, in the second embodiment, a management server for performing external authentication of the security adapter 1 may be provided in a state where it is made independent by a separate housing. In this case, in order to make the security adapter 1 recognize that the operation mode is used in the thin client system, it is desirable to use a different type of protocol from the external authentication in the first embodiment.

<About Management Server 140>
In each of the embodiments described above, the encryption / decryption key and comparison authentication information are stored in the internal memory 74 of the IC chip 72. With this configuration, when the IC chip 72 is damaged or lost, there is a problem that the encrypted information stored in the security area cannot be read. In order to solve such a problem, the management server 140 may store an encryption / decryption key and comparison authentication information. With this configuration, even if the IC chip 72 is damaged or lost, the IC chip 72 storing the same information can be manufactured. In short, a key recovery function / key escrow function can be provided. Thereby, usability can be improved. In this case, the encryption / decryption key or the like is preferably stored in a tamper-resistant device such as an HSM (Hardware Security Module).

<About IC card 70>
In each of the above-described embodiments, one type of IC card 70 (one unique ID) is used for the main body of one security adapter 1. However, a plurality of types of IC cards 70 may be used for the main body of one security adapter 1. In this case, in consideration of security, information can be written to and read from a certain area of the security area when an IC card 70 is attached, and when another IC card 70 is attached. It is required that information can be written to and read from other areas of the security area. Therefore, the area where the information encrypted by the IC card 70 having the IC chip 72 storing a certain unique ID (unique identification information) is stored in the IC card 70 having the IC chip 72 storing another unique ID. It is good also as a structure which cannot be accessed.

  In the example shown in FIG. 14, information encrypted by the first IC card 70A having the IC chip 72 storing a certain unique ID is stored in the first protection area 122g of the security area 122b. Thereafter, the first IC card 70A is extracted, and the second IC card 70B having the IC chip 72 storing another unique ID is mounted. Then, the information encrypted by the second IC card 70B is stored in an area other than the first protection area 122g (for example, the second protection area 122h).

  In this example, the main controller 60 recognizes the type of the mounted IC card 70 based on the unique ID. Then, the information storage area is recognized. When the first IC card 70A is mounted, no information is stored in the security area 122b. Therefore, the main controller 60 recognizes the entire area as an information storage area. When information is stored in the first protection area 122g, the address of the first protection area 122g is stored in the internal memory 62 as a dedicated area of the first IC card 70A. Next, when the second IC card 70B is inserted, the main controller 60 recognizes an area excluding the first protection area 122g as an information storage area. At this time, the main controller 60 does not display the first protection area 122g. For this reason, the area excluding the first protection area 122g is displayed as an empty area for the user of the second IC card 70B. Then, the information is stored in the second protection area 122h which is a part of this free area. After the information is stored in the second protection area 122h, when the first IC card 70A is mounted again, the area excluding the second protection area 122h is recognized as a target area where information can be stored and read. Thereafter, the same processing is performed. Therefore, when the third IC card 70C is inserted, the area excluding the first protection area 122g and the second protection area 122h is recognized as an empty area.

  In this example, a dedicated area is defined for each of the plurality of IC cards 70A to 70C, and encryption information is written to and read from the dedicated area. That is, for each chip unit, different portions in the security area are used. As a result, the storage area can be effectively used by a plurality of users while ensuring security, and usability can be improved.

<Security area>
In each of the above-described embodiments, the security area where information can be written on the condition that the IC card 70 is mounted is recognized as a folder. The mode of recognition is not limited to folders. For example, it can be recognized as a logical disk such as “volume” or “partition”. And restrictions can be removed by use as a mass storage medium. That is, each can be used as an independent “logical disk”.

<About the interface of the IC chip 72>
In each of the embodiments described above, the IC chip 72 and the main controller 60 are connected through the board-side terminal 82 of the IC card connector 80. In this regard, the IC chip 72 and the main controller 60 may be connected wirelessly (for example, electromagnetic induction method).

  In each of the embodiments described above, the IC chip 72 is mounted on the IC card 70 and can be detached from the main body of the security adapter 1. In this regard, the IC chip 72 may be built in the security adapter 1. For example, the IC chip 72 may be mounted on the wiring board of the security adapter 1.

<About authentication information>
In the above-described embodiment, the PIN or challenge code is used as the authentication information. However, the authentication information is not limited to these, and various information can be used. For example, biometric authentication information such as a fingerprint or a vein may be used, or a password may be used.

<About security middleware>
In the above-described embodiment, the security middleware is stored in the storage element 40, but is not limited to this configuration. For example, security middleware or the like may be stored in the internal memory 74 of the IC chip 72. With such a configuration, security middleware and the like are stored in the IC chip 72 (internal memory 74) having high tamper resistance, so that security can be improved. For example, by storing the IC chip 72 in a state where it is detached from the main body of the security adapter 1, even if the main body of the security adapter 1 is analyzed, it is possible to prevent a problem that permission information or the like leaks.

<External memory>
In each of the embodiments described above, the USB memory 120, the USB hard disk 130, the memory card 183, and the wireless hard disk 130 ′ are exemplified as the external memory, but the external memory is not limited to these. Any medium that can store information can be used. For example, it may be a flexible disk or a magneto-optical disk.

It is a figure explaining composition of a security adapter, a user terminal, USB memory, etc. FIG. 2A is a perspective view illustrating the configuration of the security adapter. FIG. 2B is a perspective view illustrating the configuration of the USB_I / F and the like. FIG. 2C is a perspective view illustrating the configuration of the IC card connector. FIG. 3A is a block diagram illustrating the configuration of the IC card. FIG. 3B is a conceptual diagram illustrating a storage area of an internal memory included in the IC chip. It is a conceptual diagram explaining the memory area of a memory element. FIG. 5A is a conceptual diagram illustrating the storage area of the USB memory before the security memory device driver is executed. FIG. 5B is a diagram illustrating a folder created in the storage area of the USB memory. FIG. 6A is a conceptual diagram illustrating the storage area of the USB memory after execution of the security memory device driver. FIG. 6B is a diagram illustrating a folder created in the storage area of the USB memory. FIG. 7A is a diagram for explaining the operation when the security adapter is connected. FIG. 7B is a diagram for explaining an example of a recognition state of the security adapter from the user terminal. It is a figure for demonstrating reading and writing of the information with respect to a security area. It is a figure for demonstrating 2nd Embodiment. It is a figure for demonstrating reading and writing of the information with respect to a security area | region in 2nd Embodiment. It is a figure for demonstrating 3rd Embodiment. It is a figure for demonstrating 4th Embodiment. It is a figure for demonstrating embodiment from which the usage method of a security area changes with the degree of recognition. It is a figure for demonstrating embodiment from which the area | region which can be utilized for every IC card differs.

Explanation of symbols

1 security adapter, 10 controller,
20 Host-side USB_I / F, 21 USB plug,
22 1st USB controller, 30 device side USB_I / F,
31 adapter-side USB port, 32 second USB controller,
40 storage elements, 50 chassis, 60 main controller,
61 CPU, 62 internal memory, 63 internal bus, 70 IC card,
70A first IC card, 70B second IC card,
70C third IC card, 71 substrate, 72 IC chip,
73 CPU, 74 internal memory, 75 cryptographic processing circuit,
76 Serial I / F, 77 Contact terminal group, 77a Power supply terminal,
77b ground terminal, 77c clock terminal, 77d I / O terminal,
78 Internal bus, 80 IC card connector, 81 Guide member,
82 Board side terminal, 110 User terminal, 111 CPU,
112 memory, 113 communication I / F, 114 USB_I / F,
115 Internal bus, 116 Terminal side wireless I / F, 120 USB memory,
121 memory side controller, 122 storage element,
122a Normal accessible area, 122b Security area,
122c first sub-region, 122d second sub-region,
122e third subregion, 122f fourth subregion,
123 USB_I / F, 124 CPU, 125 internal memory,
126 Internal bus, 130 USB hard disk,
130 'wireless hard disk, 131 hard disk side controller,
132 magnetic disk, 133 head, 134 motor,
135 USB_I / F, 136 CPU, 137 internal memory,
138 Internal bus, 139 Hard disk side wireless I / F,
140 management server, 141 CPU, 142 memory,
143 communication I / F, 144 internal bus, 150 thin client terminal device,
151 CPU, 152 memory, 153 communication I / F,
154 USB_I / F, 155 internal bus,
160 application server, 161 CPU, 162 memory,
163 communication I / F, 170 mobile phone, 171 main controller,
172 telephone side wireless I / F, 173 base station communication unit, 174 voice processing unit,
175 input unit, 176 IC card connector, 177 IC card,
178 storage element, 179 memory card connector, 180 internal bus,
181 CPU, 182 Memory B Wiring board, MF microphone, SP speaker

Claims (28)

(A) a first interface for transmitting and receiving information used with a computer device;
(B) A second interface for transmitting / receiving information used to / from an external memory, which transmits / receives information used to / from an external memory provided with a security area for storing protection target information. When,
(C) a controller provided between the first interface and the second interface,
Performing security processing to determine whether or not the user is an authorized user having access authority to the security area based on at least authentication information transmitted through the computer device; and
In the security process, on the condition that the user of the computer device is determined to be the regular user, the protection target information is read from and written to the security area based on a request from the computer device. , The controller,
A security adapter having (D). The security adapter according to claim 1,
The controller is
A first controller for performing the security process;
A second controller for performing read processing and write processing of information to the external memory;
Having a security adapter. The security adapter according to claim 2,
The first controller includes:
A chip unit having an IC chip that performs the security process and stores security information used for the security process, and is configured by a chip unit that is detachably attached to the chip unit mounting part.
The second controller is
In a state where the chip unit is mounted on the chip unit mounting portion, communicate with the IC chip,
In the reading process and the writing process of the protection target information, the user of the computer apparatus determines that the chip unit is attached to the chip unit mounting part and the security device is used by the IC chip as the authorized user. Security adapter that performs on the condition. The security adapter according to claim 3,
The chip unit is
A first chip unit having an IC chip storing certain unique identification information;
A second chip unit having an IC chip storing other unique identification information,
The second controller is
When the first chip unit is mounted on the chip unit mounting portion and the user of the user terminal is determined to be the regular user in the security processing by the IC chip, the security area Read and write the protection target information for a part,
When the second chip unit is mounted on the chip unit mounting portion and the user of the user terminal is determined to be the regular user in the security processing by the IC chip, the security area A security adapter that performs read processing and write processing of the protection target information on another part. A security adapter according to any one of claims 2 to 4,
The second controller is
A security adapter that performs a change process for changing at least a part of an area of the external memory that can store information to the security area. The security adapter according to claim 5,
A security adapter having a change processing program storage unit that stores a change processing program for causing the second controller to perform the change processing. The security adapter according to claim 3,
The external memory is
A non-security area for storing information other than the protection target information;
The second controller is
A security adapter that performs read processing and write processing of information other than the protection target information on the non-security area based on a request from the computer device regardless of a mounting state of the chip unit in the chip unit mounting portion. The security adapter according to any one of claims 1 to 7,
A security adapter having a permission information storage unit that stores permission information for causing the computer device to determine whether or not the user is permitted to use the computer device. The security adapter according to claim 8,
The controller is
When the information indicating that the other permission information indicating the specific user is input to the computer apparatus is received from the computer apparatus, the permission information is read from the permission information storage unit to the computer apparatus. Security adapter to send. The security adapter according to claim 8,
The controller is
A first controller for performing the security process;
A chip unit having an IC chip that performs the security process and stores security information used for the security process, the chip unit being detachably mounted on the chip unit mounting part. A controller,
A second controller for performing a reading process and a writing process of information with respect to the external memory,
In a state where the chip unit is mounted on the chip unit mounting portion, communicate with the IC chip,
In the reading process and the writing process of the protection target information, the user of the computer apparatus determines that the chip unit is attached to the chip unit mounting part and the security device is used by the IC chip as the authorized user. On the condition that
A second controller that performs the process of reading the permission information from the permission information storage unit regardless of the mounting state of the chip unit to the chip unit mounting unit;
Security adapter with. The security adapter according to claim 10,
The second controller is
In the processing for writing the permission information to the permission information storage unit, the chip unit is mounted on the chip unit mounting unit, and the security processing determines that the user of the computer device is the authorized user. A security adapter that performs on the condition. The security adapter according to claim 8,
The controller is
A first controller for performing the security process;
A chip unit that performs the security process and stores security information used for the security process, and has an IC chip provided with the permission information storage unit, and is removable from the chip unit mounting unit A first controller configured by a chip unit mounted in
A second controller for performing a reading process and a writing process of information with respect to the external memory,
A second controller that communicates with the IC chip in a state in which the chip unit is mounted on the chip unit mounting portion;
Having a security adapter. A security adapter according to any one of claims 2 to 12,
The first controller includes:
It is determined whether the authentication information is legitimate based on the comparison authentication information stored in advance, and when it is determined that the authentication information is legitimate, information indicating that the user is a legitimate user is displayed. Security adapter that is sent to the controller. The security adapter according to any one of claims 1 to 13,
The computer device includes:
A security adapter that is a user terminal that is directly operated by a user. The security adapter according to claim 14,
The controller is
A first controller for performing the security process;
A second controller that performs read processing and write processing of information to the external memory;
The first controller includes:
A chip unit having an IC chip that performs the security process and stores security information used for the security process, and is configured by a chip unit that is detachably attached to the chip unit mounting part.
The second controller is
A security adapter that reads a driver program for enabling communication between the chip unit mounting unit and the user terminal from a driver program storage unit based on a request from the user terminal, and transmits the driver program to the user terminal through the first interface. . The security adapter according to claim 14,
The controller is
A first controller for performing the security process;
A second controller that performs read processing and write processing of information to the external memory;
The first controller includes:
An IC chip that performs security processing and stores security information used for the security processing,
The plaintext information transmitted from the user terminal is converted into encrypted information to be stored in the security area and transmitted to the second controller, and the encrypted information stored in the security area is transmitted to the user terminal. A security adapter having an IC chip that converts to plain text information to be transmitted to the second controller. The security adapter according to claim 16, wherein
The IC chip is
A security adapter for storing an encryption key used for encrypting the plaintext information and a decryption key used for decrypting the encrypted information. The security adapter according to claim 14,
The controller is
A first controller for performing the security process;
A second controller that performs read processing and write processing of information to the external memory;
The first controller includes:
An IC chip that performs the security process and stores an encryption key used for encrypting plaintext information and a decryption key used for decrypting the encrypted information,
The second controller is
Using the encryption key transferred from the IC chip, the plaintext information transmitted from the user terminal is encrypted to be stored in the security area, and the decryption key transferred from the IC chip is used. A security adapter that decrypts the encrypted information stored in the security area to be transmitted to the user terminal. A security adapter according to claim 18,
The encryption key and the decryption key are:
A common encryption key,
The first controller includes:
It is a chip unit having the IC chip, and is constituted by a chip unit mounted in a removable state with respect to the chip unit mounting part.
The second controller is
A security adapter for erasing the transferred common encryption key when the chip unit is removed from the chip unit mounting portion. The security adapter according to claim 14,
The controller is
A first controller for performing the security process;
A second controller that performs read processing and write processing of information to the external memory;
The first controller includes:
When the authentication information sent through the user terminal is authentic, and when external authentication is established between the user terminal and a management server communicably connected, the second controller To allow read processing and write processing for the entire security area,
If the authentication information sent through the user terminal is authentic and if external authentication is not established with the management server, the security area of the second controller Security adapter that permits read processing and write processing for a part. The security adapter according to any one of claims 1 to 13,
The computer device includes:
A security adapter, which is a server that is communicably connected via a network to a thin client terminal device that is directly operated by a user. The security adapter according to claim 21,
The controller is
A first controller for performing the security process;
A second controller that performs read processing and write processing of information to the external memory;
The first controller includes:
A chip unit having an IC chip that performs the security process and stores security information used for the security process, and is configured by a chip unit that is detachably attached to the chip unit mounting part.
The second controller is
Based on a request from the server, a driver program for enabling communication between the chip unit mounting unit and the thin client terminal device is read from a driver program storage unit and transmitted to the thin client terminal device through the first interface. , Security adapter. The security adapter according to claim 21 or claim 22,
The server
A security adapter that generates the protection target information by encrypting plaintext information to be stored and transmits the information to the thin client terminal device to be stored in the security area. The security adapter according to any one of claims 1 to 23, wherein
The second interface is
A security adapter for wirelessly communicating with the external memory. The security adapter according to any one of claims 1 to 23, wherein
The second interface is
A security adapter, wherein the external memory is an external memory mounting unit that is mounted in a state where the external memory can communicate with the controller, and the external memory is a removable memory mounting unit that is detachably mounted. A security adapter according to any one of claims 1 to 25,
The first interface is
A security adapter for wirelessly communicating with the computer device. The security adapter according to any one of claims 1 to 26,
On the condition that the contractor identification information for identifying the contractor for information communication can be referred to, has a base station communication unit that enables wireless communication with the information communication base station,
The controller is
A first controller having an IC chip for performing the security processing and storing the contractor identification information;
A second controller that performs a read process and a write process of information with respect to the external memory,
Security adapter. The security adapter according to any one of claims 1 to 13,
The base station communication unit is provided so as to be communicable with the controller, and capable of wireless communication with a base station for information communication,
The controller is
A security adapter that transmits at least a part of information transmitted in the security process through the base station communication unit.

Images