JP2011028767A - Security system, network access method, and method of permitting security processing execution - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a password from being leaked, and to enhance security. <P>SOLUTION: The security system includes a password input part 12 for inputting the password informed only to an information storage device 10, without being output to external equipment 21 connected via a prescribed interface 11, a password collating part 18 for collating the input password input by the password input part 12, and an access permission part 19 for permitting an access from the external equipment 21 connected via the prescribed interface 11 to a storage part 20b, in response to the collation of the password. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a removable information storage device connected to an external device via a predetermined interface and capable of writing and reading data by a predetermined file system. Specifically, the present invention accesses information storage means included in the information storage device. The present invention relates to an information storage device with increased security strength, a security system including the information storage device, an access permission method using the information storage device, a network access method, and a security processing execution permission method.

  2. Description of the Related Art A removable information storage device that is connected to an external device such as a PC (Personal Computer) via a predetermined interface and has an information storage means capable of writing and reading data by a predetermined file system has become widespread. Since this information storage device uses a semiconductor memory such as a large-capacity flash memory as the information storage means, it has a large capacity and high-speed data access compared to a magnetic disk storage medium that has been very popular until now. Is possible.

  In such an information storage device, access control of the information storage means is performed so that a legitimate user, for example, a person other than the user who purchased the information storage device is not used. In conventional information storage devices, in order to control access to the information storage means, it is necessary to install dedicated application software on all PCs using the information storage device and register a password.

  For example, when the user purchases the information storage device, the user installs application software for controlling access to information storage means included in the information storage device for all PCs connected to the information storage device. And register the password. When the information storage device is actually used, control is performed to permit access to the information storage means by inputting a password via an input interface such as a keyboard provided in the PC (for example, patents). Reference 1).

  Generally, when a security system is constructed using a password entered by a user, an expensive security device or expensive security application software is not required, so the cost for constructing the security system is reduced. There is an advantage that can be. In addition, there is an advantage that the user can easily use the password by using numbers or characters that the user can easily remember.

  However, since passwords that are convenient for the user are mostly character strings that can be easily stored for the user, there is a problem that it can be easily guessed by an unauthorized user. For example, since the user often sets information that is highly relevant to the user such as the date of birth as a password, it is easily guessed by an unauthorized user.

  In addition, the password is limited in terms of the length of the password, for example, a four-digit number, for the sake of user memorization. If there is such a restriction on the length of the password, if an unauthorized user uses application software that generates and inputs an unlimited number of passwords and parses the password, it will be completely completed in a short time. There is also a problem of being analyzed.

  In addition, as described above, in a security system that allows access to information storage means by inputting a password from a PC keyboard connected to an information storage device, an unauthorized acquisition of a password such as a trojan hose is performed on the PC. If a computer virus is injected, the password can be easily stolen.

  Thus, a security system that permits access to the information storage means of the information storage device by inputting a password from a PC connected to the information storage device is a weak security system and a very weak security system. There is a problem such as.

Special table 2003-524842 gazette

  Therefore, the present invention has been devised to solve such a problem, and information that has extremely strong security strength while maintaining the low cost of a security system using a password and user convenience. It is an object to provide a storage device, a security system, an access permission method, a network access method, and a security processing execution permission method.

  In order to achieve the above object, an information storage device according to the present invention is a removable information storage comprising a predetermined interface for connecting to an external device, and a storage means for which access from the external device is restricted. In the device, without outputting to the external device connected via the predetermined interface, password input means for inputting a password to be notified only to the information storage device, and the password input by the password input means. A password verification unit for verifying, and an access permission unit for permitting access to the storage unit from the external device connected via the predetermined interface in response to the verification of the password by the password verification unit It is characterized by providing.

  In order to achieve the above object, an access permission method according to the present invention comprises a predetermined interface for connecting to an external device, and a removable device comprising a storage means for restricting access from the external device. A method for permitting access to the storage means in an information storage device, wherein a password for notifying the information storage device only is input and input without outputting to the external device connected via the predetermined interface. The password is verified, and access to the storage means from the external device connected via the predetermined interface is permitted in response to the verification of the password.

  In order to achieve the above object, a security system according to the present invention is connected to a server device, a terminal device connected to the server device via a network, and the terminal device via a predetermined interface. A removable information storage device, wherein the information storage device stores an encryption key for encrypting predetermined data, storage means restricted from access from the terminal device, and Password input means for inputting a password to be notified only to the information storage device without being output to the terminal device connected to the information storage device, and password verification means for verifying the password input by the password input means; , In response to the password verification by the password verification means, An access permission means for permitting access to the storage means from the terminal device connected via a predetermined interface, and the encryption key stored in the storage means permitted for access by the access permission means; One-time password generating means for generating a different one-time password each time based on a predetermined algorithm using a challenge code transmitted from the server device in response to an access request from the terminal device to the server device Control means for controlling the one-time password generated by the one-time password generation means to be transmitted to the server device via the terminal device connected to the network, the server device comprising: Via the terminal device connected to the network Verification means for verifying the one-time password transmitted from the information storage device, and authentication for authenticating a user who has made an access request from the terminal device connected via the network according to a verification result by the verification means And a network access permission means for permitting access from the terminal device via the network in response to user authentication by the authentication means.

  In order to achieve the above object, a network access method according to the present invention includes a server device, a terminal device connected to the server device via a network, and a connection to the terminal device via a predetermined interface. A network access method for a security system comprising a removable information storage device, wherein the information storage device notifies only the information storage device without being output to the terminal device to which the information storage device is connected. A password input step for inputting a password to be entered, a password verification step for verifying the password input by the password input step, and the password verification by the password verification step through the predetermined interface. From the terminal device connected An access permission step for permitting access to storage means included in the information storage device, an encryption key stored in the storage means for which access is permitted by the access permission step, and the terminal device to the server device. It is generated by a one-time password generation step that generates a different one-time password each time based on a predetermined algorithm using a challenge code transmitted from the server device in response to an access request, and the one-time password generation step. A control step of controlling the one-time password to be transmitted to the server device via the terminal device connected to the network, the server device having the terminal device connected to the network The one-time transmitted from the information storage device via A verification process for verifying a password, an authentication process for authenticating a user who has made an access request from the terminal device connected via the network according to a verification result by the verification process, and user authentication by the authentication process According to this, it has the network access permission process which permits the access via the said network from the said terminal device, It is characterized by the above-mentioned.

  In order to achieve the above object, a security system according to the present invention is connected to a server device, a terminal device connected to the server device via a network, and the terminal device via a predetermined interface. A security system comprising a removable information storage device, wherein the terminal device stores a first encryption key required when executing a predetermined security process in the terminal device, and the information The storage device stores the second encryption key, which is the same encryption key as the first encryption key, and stores the storage unit restricted from access from the terminal device and the terminal connected to the information storage device Password input means for inputting a password to be notified only to the information storage device without being output to the device, and the password Password verification means for verifying the password input by the input means, and the storage means from the terminal device connected via the predetermined interface in response to the password verification by the password verification means And an access permission means for permitting access to the server device, and in response to the access request from the terminal device to the server device, the challenge code transmitted from the server device is encrypted with the second encryption key. Control means for controlling transmission to the server device via the terminal device connected to the network, and the server device stores the information storage via the terminal device connected to the network. A test for verifying the challenge code encrypted with the second encryption key transmitted from the apparatus. And an authentication unit that authenticates a user who has made an access request from the terminal device connected via the network according to a verification result by the verification unit, and a user authentication by the authentication unit, And an execution permission unit that permits execution of the predetermined security process using the first encryption key in the terminal device.

  In order to achieve the above object, a security processing execution permission method according to the present invention includes a server device, a terminal device connected to the server device via a network, and a predetermined interface to the terminal device. A security system execution permission method for a security system comprising a removable information storage device connected to the information storage device, wherein the information storage device outputs the information storage device without being output to the terminal device to which the information storage device is connected. A password input step for inputting a password to be notified only to the device; a password verification step for verifying the password input by the password input step; and the predetermined password in response to the verification of the password by the password verification step. From the above terminal device connected via the interface The access permission step for permitting access to the storage means of the information storage device, and the challenge code transmitted from the server device in response to the access request from the terminal device to the server device, The first encryption key stored in the security chip of the terminal device, which is required when executing a predetermined security process in the terminal device, which is stored in the storage means permitted to be accessed in the access permission step And a control step of controlling to transmit to the server device via the terminal device connected to the network by encrypting with a second encryption key that is the same encryption key as The second encryption key transmitted from the information storage device via the terminal device connected to the network is encrypted. A verification step for verifying the encoded challenge code, an authentication step for authenticating a user who has requested access from the terminal device connected via the network, according to a verification result by the verification step, and the authentication And an execution permission step of permitting execution of the predetermined security processing using the first encryption key in the terminal device in response to user authentication in the step.

  In the present invention, the password input by the password input means included in the information storage device is not output to an external device connected via a predetermined interface, and only the information storage device is notified and input. As a result of collating the password, access to the storage means is permitted for the external device.

  This makes it possible to completely prevent password leakage through an external device while using a conventional convenient password, so that the storage means can be protected with very high security. It becomes possible.

  In addition, the present invention is applied to a system for accessing a network using a one-time password by providing a one-time password generating means in an information storage device, and user authentication can be performed without inputting a password from a terminal device. The network can be accessed with extremely high security.

  The present invention also provides a terminal device equipped with the above-described security chip by storing in the storage means of the information storage device the second encryption key that is exactly the same as the first encryption key mounted on the security chip provided in the terminal device. Since the user authentication can be performed without inputting a password from the terminal device, the security processing of the terminal device can be executed with very high security.

It is a figure for demonstrating the usage form of the storage medium shown as a 1st Embodiment of this invention. It is a figure for demonstrating the structure of the storage medium. It is a figure for demonstrating the password table stored in the storage medium. It is a figure for demonstrating the description about the several password table stored in the storage medium, and a specific example of the usage method of the said password table. It is a flowchart for demonstrating the operation | movement at the time of the password input in the storage medium. It is the figure which showed an example of the display screen of the application software for password input started with PC (Personal Computer) to which the said storage medium was connected at the time of the password input in the storage medium. It is a figure for demonstrating the structure of the storage medium shown as the 2nd Embodiment of this invention. It is a figure for demonstrating the usage condition of the storage medium. It is a flowchart for demonstrating the operation | movement at the time of performing a user authentication process by producing | generating a one-time password using the storage medium. 10 is a timing chart for explaining an operation of a challenge response in the user authentication process shown in the flowchart of FIG. 9. It is a figure for demonstrating the security chip with which PC which connects the storage medium shown as the 3rd Embodiment of this invention is provided. It is a figure for demonstrating the usage condition of the storage medium. It is a flowchart for demonstrating the operation | movement at the time of performing a user authentication process using the storage medium. It is a timing chart for demonstrating operation | movement of the challenge response in the user authentication process shown with the flowchart of FIG.

  The best mode for carrying out the invention of an information storage device, a security system, an access permission method, a network access method and a security processing execution permission method according to the present invention will be described below in detail with reference to the drawings.

{First embodiment}
FIG. 1 is a diagram showing a usage form of a storage medium 10 which is a removable information storage device shown as the best mode for carrying out the present invention.

  As shown in FIG. 1, the storage medium 10 can be used by inserting a USB plug 11 provided in the storage medium 10 into a USB (Universal Serial Bus) jack 22 provided in a PC (Personal Computer) 21 which is an external device. . Thus, the storage medium 10 functions as data storage, that is, an external memory of the PC 21 by being directly connected to the PC 21 that is an external device.

  The PC 21 to which the storage medium 10 is connected operates under the control of a predetermined OS (Operating System). In addition, the PC 21 includes a monitor 23 for displaying the result of execution processing performed by the PC. The monitor 23 is also used to display candidates for selecting a password when a password for the storage medium 10 to be described later is input.

  The storage medium 10 is a USB device connected to the PC 21 that is an external device via the USB interface. However, the present invention is not limited to the connection interface as described above, and may be a connection interface provided in the PC 21. Any connection interface may be provided.

  As shown in FIG. 1, the storage medium 10 includes a jog dial 12, and the jog dial 12 is used to input a password for permitting access to a flash memory described later. The jog dial 12 is a mechanical input means capable of rotating in the direction indicated by the arrow A and pressing down in the direction indicated by the arrow B. For example, the user rotates the jog dial 12 in the direction of arrow A to select a desired character in the character string constituting the password, and presses the jog dial 12 in the direction of arrow B to select the selected character. It will be determined as one of the password strings.

  The present invention is not limited to the type of password input means of the storage medium 10, for example, the jog dial 12 described above, and is a shape that can be mounted on the storage medium 10 and a character string that constitutes the password. Any input means may be used as long as it has an input mechanism capable of selecting operation and determining operation.

  As shown in FIG. 1, the storage medium 10 includes an input confirmation lamp 13 for confirming that the password has been determined by the jog dial 12. The input confirmation lamp 13 is, for example, a light emitting diode that emits red light, and is lit in response to the above-described pressing operation in the B direction for determining the components of the password by the jog dial 12.

  Next, the configuration of the storage medium 10 will be described with reference to FIG. The storage medium 10 includes the above-described USB plug 11, jog dial 12, input confirmation lamp 13, USB controller 14, jog dial controller 15, ROM (Read Only Memory) 16, RAM (Random Access Memory) 17, A CPU (Central Processing Unit) 18, a memory controller 19, and a flash memory 20 are provided. The USB controller 14, jog dial controller 15, ROM 16, RAM 17, CPU 18, and memory controller 19 are connected to each other via a bus 25.

  As described above, the USB plug 11 is a USB interface of an external device, for example, a USB interface for connecting to the USB jack 22 of the PC 21 shown in FIG. The storage medium 10 connected to the PC 21 via the USB plug 11 operates by receiving power supply from the PC 21 and performs data communication with the PC 21.

  As described above, the jog dial 12 has a mechanism capable of rotating in the direction of arrow A and pressing down in the direction of arrow B. The jog dial 12 includes a rotation direction that changes according to the rotation operation in the arrow A direction, a rotation detection mechanism that detects the rotation speed, and a press detection mechanism that detects a press operation in the arrow B direction. The rotation detection mechanism and the press detection mechanism output detection values detected by each to the jog dial controller 15.

  The input confirmation lamp 13 is a light emitting diode that emits red light, for example, and lights up in response to a pressing operation signal supplied to the jog dial controller 15 from the pressing detection mechanism of the jog dial 12. The user can confirm that the password has been correctly input by observing the lighting of the input confirmation lamp 13.

  The USB controller 14 controls data transfer between the PC 21 and the storage medium 10 performed via the USB plug 11 based on the USB protocol.

  The jog dial controller 15 generates a rotation operation signal from the detected value of the rotation direction and the rotation speed detected from the rotation detection mechanism provided in the jog dial 12. The jog dial controller 15 also generates a pressing operation signal from the detected value of the pressing operation detected by the pressing detection mechanism provided in the jog dial 12. The jog dial controller 15 supplies the rotation operation signal and the pressing operation signal to the CPU 18.

  The ROM 16 is a memory that stores firmware executed by the CPU 18 and a file system. The ROM 16 stores a password table 31 as shown in FIG. The password table 31 includes a character code group 31 a made up of a plurality of character codes prepared for the user to select a password from the jog dial 12 and an end code 31 b prepared for determining a password from the jog dial 12. It is.

  In the password table 31 stored in the ROM 16, an appropriate character code or end code 31b is read from the character code group 31a by the CPU 18 in accordance with a rotation operation signal and a pressing operation signal supplied from the jog dial controller 15 to the CPU 18. It will be.

  The password table 31 is a table prepared assuming that the password registered by the user is a character, but the present invention is not limited to such a password type.

  For example, if the password registered by the user is data in which the names of the residents of the apartment where the user lives are arranged in order, the password table stored in the ROM 16 is a table in which a plurality of codes indicating names are stored. .

  For example, if the password registered by the user is data in which names of liquors preferred by the user are arranged in order, the password table stored in the ROM 16 is a table in which a plurality of codes indicating the names of alcohol are stored.

  Also, for example, if the password registered by the user is arranged as an icon that can be seen separately, or data using a single icon, the password table stored in the ROM 16 has a plurality of codes indicating the icon. It is a stored table.

  The RAM 17 is a working memory for the CPU 18.

  The CPU 18 executes firmware and a file system stored in the ROM 16 to centrally control the operation of the storage medium 10. The CPU 18 controls the memory controller 19 on the basis of the file system, writes the data transferred from the PC 21 via the USB plug 11 to the flash memory 20, stores it, and reads the stored data to read the USB plug 11. For example, the storage medium 10 is made to function as data storage.

  The CPU 18 reads a character code from, for example, the password table 31 stored in the ROM 16 in response to the rotation operation signal supplied from the jog dial controller 15. The PC 21 to which the storage medium 10 is connected periodically polls (inquires) the CPU 18 to request transmission of character codes. The CPU 18 transmits the read character code to the PC 21 via the USB jack 11 in response to polling from the PC 21.

  The character code transmitted to the PC 21 is displayed as a character on the monitor 23 of the PC 21 via predetermined application software activated on the PC 21. The user can confirm the character code selected by operating the jog dial 12 by visually observing the characters displayed on the monitor 23.

  Further, the CPU 18 determines a character code read from the password table 31 stored in the ROM 16 as a password character string in response to a pressing operation signal supplied from the jog dial controller 15. Information in which the character code read by the CPU 18 is determined to be a character string constituting a password according to the pressing operation signal is not transmitted from the storage medium 10 to the outside, that is, to the PC 21.

  The memory controller 19 is controlled by the file system read from the ROM 16 to the CPU 18 and manages the data stored in the flash memory 20 as a file, while writing data to the flash memory 20 and the data stored in the flash memory 20. Control reading of.

  The flash memory 20 is a storage unit of the storage medium 10 and stores data managed as a file by the memory controller 19 by the file system read from the ROM 16 to the CPU 18. Further, the memory area of the flash memory 20 corresponds to an open area 20a that can be accessed from the PC 21 without any restrictions immediately after the storage medium 10 is connected to the PC 21 and a password input from the jog dial 12. And a security area 20b that can be accessed from the PC 21.

  The security area 20b of the flash memory 20 can be accessed from the PC 21 only when the password is authenticated, but can be accessed from the CPU 18 of the storage medium 10 at any time. For example, in this security area 20b, a password registered by operating the jog dial 12 at the time of initial setting of the storage medium 10 is stored. The CPU 18 performs a password authentication process by comparing and checking the password stored in the security area 20b and the password input by operating the jog dial 12.

  The open area 20a of the flash memory 20 is a password input application software (hereinafter abbreviated as an input application) that is activated when a password is input using the jog dial 12 in the storage medium 10. Is stored).

  When the user connects the storage medium 10 to the PC 21 and uses the security area 20b, the user first accesses the open area 20a and activates the input application. As described above, the input application converts the character code read from the password table 30 of the ROM 16 by the CPU 18 into a character to be displayed on the monitor 23 of the PC 21 and outputs and displays it. Each time the user operates the jog dial 12 of the storage medium 10, the user can check the character currently selected while visually checking the character displayed on the monitor 23 by the input application activated on the PC 21.

  The ROM 16 described above includes not only the password table 30 having the character code group 31a as shown in FIG. 3 but also the password table 31 having a plurality of character codes and a plurality of names as shown in FIG. May be provided, a password table 33 composed of a plurality of sake names, and a category table 34 for selecting the password tables 31, 32, 33.

  For example, when the jog dial 12 is rotated for the first time after the USB plug 11 of the storage medium 10 is inserted into the USB jack 22 of the PC 21, the category table 34 is read by the CPU 18, and the password is determined according to the rotation operation signal. Is selected, that is, which of the password tables 31, 32, 33 is used to enter the password. Similarly, when the jog dial 12 is pressed for the first time after the storage medium 10 is inserted into the PC 21, any one of the password tables 31, 32, 33 is read out by the CPU 18 in response to the pressing operation signal. The type of password to be entered is determined.

  Next, a password input operation using the jog dial 12 in the storage medium 10 will be described using the flowchart shown in FIG. In the description of the flowchart shown in FIG. 5, it is assumed that the password table 30 is stored in the ROM 16, and the password to be used is a character.

  In step S <b> 1, first, the USB jack 11 of the storage medium 10 is inserted into the USB plug 22 of the PC 21 to connect the storage medium 10 to the PC 21. When the storage medium 10 is connected to the PC 21, the OS of the PC 21 recognizes the storage medium 10 as a peripheral device. For example, as illustrated in FIG. 6, the storage medium 10 is recognized on the task bar 23 a on the monitor 23. An icon A indicating that it can be used is displayed.

  In step S2, the user accesses the open area 20a of the flash memory 20 included in the storage medium 10 via the PC 21 and activates the input application. The OS of the PC 21 executes the input application and displays, for example, an application execution screen B as shown in FIG. When the input application is executed, the storage medium 10 waits for operation of the jog dial 12.

  In step S <b> 3, the CPU 18 of the storage medium 10 determines whether or not the jog dial 12 has been rotated according to the rotation operation signal supplied from the jog dial controller 15. If the CPU 18 determines that the jog dial 12 has been rotated, the process proceeds to step S4. If the CPU 18 determines that the jog dial 12 has not been rotated, the CPU 18 continues to wait for the operation of the jog dial 12.

  In step S <b> 4, the CPU 18 reads a character code or an end code from the password table 30 stored in the ROM 16 based on the rotation operation signal supplied from the jog dial controller 15.

  In step S <b> 5, the CPU 18 transmits the read character code or end code via the USB jack 11 when there is a polling (inquiry) requesting transmission of the character code or end code from the input application of the PC 21. .

  In step S6, the input application executed on the PC 21 converts the character code or the end code transmitted from the storage medium 10 into a character or an end message so that it can be displayed on the monitor 23. Display. For example, as shown in FIG. 6, in a predetermined area of the application execution screen B on the monitor 23, the character code transmitted from the storage medium 10 is converted and the character “X” is displayed.

  In step S <b> 7, the CPU 18 of the storage medium 10 determines whether or not the jog dial 12 has been pressed according to the pressing operation signal supplied from the jog dial controller 15. If the CPU 18 determines that the jog dial 12 has been pressed, the process proceeds to step S8. If the CPU 18 determines that the jog dial 12 has not been pressed, the process returns to step S3 and waits for the jog dial 12 to be operated. To do.

  In step S <b> 8, when the end message is displayed on the monitor 23, that is, when the end code is read from the password table 30 of the ROM 16 to the CPU 18, the CPU 18 depresses the jog dial 12 and starts the operation from the jog dial controller 15. It is determined whether a pressing operation signal is supplied. If the CPU 18 determines that the character displayed on the monitor 23 instead of the end message has been pressed, the process proceeds to step S9. If the CPU 18 determines that the end message has been pressed, the process is performed. Proceed to step S10.

  In step S <b> 9, the CPU 18 performs a pressing operation on the characters displayed on the monitor 23 with the jog dial 12, and in response to the pressing operation signal supplied from the jog dial controller 15, 1 character is determined. When the process of step S9 is completed, the process returns to step S3, and the jog dial 12 is again waited for operation.

  In step S <b> 10, the CPU 18 presses the end message displayed on the monitor 23 with the jog dial 12, and the password is still stored in the flash memory 20 in response to the press operation signal supplied from the jog dial controller 15. If it is not registered in the security area 20b, the process proceeds to step S11 to enter the password registration processing mode. If the password has already been registered in the security area 20b of the flash memory 20, the process proceeds to step S12 to set the password authentication processing mode.

  In step S11, the CPU 18 controls the memory controller 19 to store a password composed of a plurality of character strings input by the jog dial 12 in the security area 20b of the flash memory 20.

  In step S12, the CPU 18 controls the memory controller, accesses the security area 20b of the flash memory 20, and reads the stored registration password. Then, the CPU 18 performs an authentication process by comparing and comparing the read registration password with the password newly input by the jog dial 12.

  When the input password matches the registered password and the input password is authenticated, the CPU 18 releases the security area 20b of the flash memory 20 and accesses from the PC 21 via the USB plug 11 Allow.

  As described above, the storage medium 10 connected to the PC 21 transmits the character code to the PC 21 when the password is selected by rotating the jog dial 12 when inputting the password, but which character code is determined as the password. Since the push operation signal for notifying whether or not it is transmitted is transmitted only to the CPU 18, it is impossible to know the input password from the PC 21. In addition, since a password cannot be input from the PC 21, an unauthorized attack from the PC 21 can be eliminated.

  That is, since the storage medium 10 uses the monitor 23 of the PC 21 only for visually confirming the password to be entered when the user inputs the password, it is directly input to the PC 21 as before. It is possible to completely avoid the leakage of the password due to the password remaining in the PC 21.

  In addition, although not shown, a small liquid crystal display may be mounted on the storage medium 10 and a function of displaying a character or an end message at the time of password input, which has been performed on the monitor 23 of the PC 21, may be incorporated. In this case, the manufacturing cost of the storage medium 10 increases by the amount of the liquid crystal display, but a completely independent security system can be constructed with only the storage medium 10.

{Second Embodiment}
Next, a case where the storage medium 10 is used as a one-time password generator for generating a one-time password will be described as a second embodiment. The one-time password is a password used for authentication processing for authenticating whether or not a user accessed from a terminal device or the like is a valid user on the network. This one-time password has an advantage that it is very resistant to eavesdropping and eavesdropping since it becomes a different password every time the user accesses the network. Since the user inputs a different password each time, it is common to use a one-time password generator that automatically generates a one-time password for convenience.

  FIG. 7 shows a storage medium 40 having a one-time password generation function. The storage medium 40 has the same configuration except that the storage medium 10 described with reference to FIG. 2 is provided with a one-time password generation unit 41. .

  The one-time password generation unit 41 generates a one-time password each time a user accesses the network according to a predetermined algorithm defined only with an authentication server (RADIUS server) on the network. .

  The flash memory 20 of the storage medium 40 stores the encryption key Uk in the security area 20b. The encryption key Uk can be used when the security area 20b can be accessed by inputting a password using the jog dial 12 described above. The encryption key Uk stored in the security area 20b is stored by the manufacturer when the storage medium 40 is manufactured, and is used at the time of a challenge response in the authentication process using the one-time password.

  Specifically, the storage medium 40 including the one-time password generation unit 41 can be used in a so-called RADIUS (Remote Authentication Dial In User Service) authentication system as shown in FIG. The RADIUS authentication system is a client-server type authentication system, and is particularly applied to the case where the scale of remote access becomes large and user information is centrally managed in a network system having a plurality of access points. be able to.

  As shown in FIG. 8, in the RADIUS authentication system, first, the PC 21 as the client terminal dials in to the remote access server 51. The remote access server 51 makes an authentication request to the RADIUS server 52, and the RADIUS server 52 sends the authentication permission / rejection to the PC 21 which is the client terminal via the remote access server 51 again. The RADIUS server 52 includes an authentication database 52a that stores authentication information of registered users to be used for authentication processing, and an account database 52b for performing billing processing during actual network service according to the authentication processing result. Yes.

  Such a RADIUS authentication system is applied when performing a music distribution service, a software distribution service, an electronic commerce, etc., for example.

  The authentication process in such a RADIUS authentication system will be described with reference to the flowchart shown in FIG.

  First, in step S21, a password is input from the storage medium 40 in exactly the same manner as described with reference to the flowchart shown in FIG. When the password is authenticated, the security area 20a of the flash memory 20 can be accessed, and the encryption key Uk can be used.

  In step S22, in response to password authentication and access to the security area 20a of the flash memory 20, the challenge response is started as shown in the timing chart of FIG. 10 shows a timing chart of only the storage medium 40 and the RADIUS server 52 for explanation. As shown in FIG. 8, the storage medium 40 is connected to the PC 21, and the remote access server 51 is connected to the remote access server 51. It is premised that the network is connected to the RADIUS server 52 on the network.

  As shown in FIG. 10, in step S <b> 31, first, the user transmits an ID registered in advance from the storage medium 40 to the RADIUS server 52. The ID input method at this time is exactly the same as the password input method using the jog dial 12.

  In step S 32, the RADIUS server 52 that has received this transmits the challenge code C 1 to the storage medium 40. Each time the ID is sent from the storage medium 40, the RADIUS server 52 sends a different challenge code. This challenge code is, for example, a random number.

  In step S <b> 33, the CPU 18 of the storage medium 40 reads the encryption key Uk from the accessible security area 20 b of the flash memory 20, and supplies the read encryption key Uk to the one-time password generation unit 41.

  The one-time password generation unit 41 encrypts the challenge code C1 transmitted from the RADIUS server 52 based on a predetermined algorithm using the encryption key Uk. In the one-time password generation unit 41, the challenge code C1 encrypted with the encryption key Uk is set as a one-time password, EncUk (C1). The storage medium 40 transmits this EncUk (C1) to the RADIUS server 52.

  In step S34, the RADIUS server 52 decrypts the transmitted EncUk (C1). If the challenge code C1 is obtained as a result of the decryption, it is authenticated that the user who has entered the ID into the storage medium 40 and sent it is a valid user.

  Again, it returns to the flowchart shown in FIG.

  In step S23, if the result of the challenge response in step S22 described above is that the user is not authenticated, the process proceeds to step S24. If the user is authenticated, the process proceeds to step S25.

  In step S24, since user authentication has not been performed, login to the RADIUS authentication system is disabled, and various application services provided by the RADIUS server 52 cannot be received.

  In step S25, login to the RADIUS authentication system becomes possible in response to user authentication.

  In step S <b> 26, the user executes various application services provided by the RADIUS server 52.

  In this way, the storage medium 40 including the one-time password generation unit 41 can develop a very strong authentication process using a one-time password in, for example, a RADIUS authentication system. Risk can be greatly reduced. Further, similarly to the storage medium 10, it is possible to exclude the input password from remaining in the PC 21 also in the storage medium 40.

{Third embodiment}
Subsequently, as a third embodiment, when the PC 21 to which the storage medium 10 is connected is equipped with a security chip defined by TCG (Trusted Computing Group), the storage medium has been improved. The usage method using 10 will be described.

  The security chip is formally called a TPM (Trusted Platform Module) and provides only basic functions for realizing security and privacy, and is defined in the above-mentioned specification defined by TCG. The security chip mounted on the PC cannot be transferred to a PC other than the PC mounted in advance, and the PC cannot be activated when the security chip is removed.

  FIG. 11 shows the PC 21 on which the security chip 50 is mounted. The security chip 50 includes a memory 51 such as an EEPROM (Electrically Erasable Programmable Read Only Memory), for example, and stores an encryption key Ck serving as a core of security processing in the PC 21 on which the security chip 50 is mounted. Since the encryption key Ck stored in the memory 51 is in the security chip 50, it is not easily damaged by unauthorized access, and there is no command to directly read from the security chip 50, so that it is not read illegally.

  Since this encryption key Ck encrypts the encryption key when using the application in the PC 21, the encryption key Ck is always required to use these applications. The PC 21 provided with such a security chip 50 uses the encryption key Ck stored in the memory 51 in the security chip 50 to perform user authentication, file encryption, and electronic certificate protection. Then, a security function that cannot be used can be provided.

  Thus, even in the PC 21 on which the security chip 50 is mounted, it is necessary to perform user authentication in order to eliminate use by unauthorized users. As described above, when a password is input from the PC 21 using a keyboard or the like, a problem such as illegal acquisition of a password left on the PC 21 occurs. Therefore, the password is input using the storage medium 10.

  At this time, the same key as the encryption key Ck stored in the memory 51 in the security chip 50 of the PC 21 is stored in the security area 20 b of the flash memory 20 included in the storage medium 10. Using this encryption key Ck, the PC 10 performs a challenge response with the authentication server 60 connected to the PC 21 on the network as shown in FIG. 12, and performs user authentication.

  The authentication process in such a user authentication system is demonstrated using the flowchart shown in FIG.

  First, in step S41, a password is input from the storage medium 10 in exactly the same manner as described with reference to the flowchart shown in FIG. When the password is authenticated, the security area 20a of the flash memory 20 can be accessed, and the encryption key Ck can be used.

  In step S42, in response to password authentication and access to the security area 20a of the flash memory 20, the challenge response is started as shown in the timing chart of FIG. 14 shows a timing chart of only the storage medium 10 and the authentication server 60 for explanation. As shown in FIG. 12, the storage medium 10 is connected to the PC 21 and is connected to the authentication server on the network. 60 is assumed to be connected.

  As shown in FIG. 14, in step S <b> 51, first, the user transmits an ID registered in advance to the authentication server 60 from the storage medium 10. The ID input method at this time is exactly the same as the password input method using the jog dial 12.

  In step S <b> 52, the authentication server 60 that has received this transmits the challenge code C <b> 2 to the storage medium 10. The authentication server 60 transmits a different challenge code each time an ID is sent from the storage medium 10. This challenge code is, for example, a random number.

  In step S53, the CPU 18 of the storage medium 10 reads the encryption key Ck from the security area 20b of the flash memory 20 that has become accessible.

  The CPU 18 encrypts the challenge code C2 transmitted from the authentication server 60 based on a predetermined algorithm using the encryption key Ck. In the CPU 18, the challenge code C2 encrypted with the encryption key Ck is set as an encryption challenge code, EncCk (C2). The storage medium 10 transmits this EncCk (C2) to the authentication server 60.

  In step S54, the authentication server 60 decrypts the transmitted EncCk (C2). When the challenge code C2 is obtained as a result of the decryption, it is authenticated that the user who has transmitted the ID by entering the storage medium 10 is a valid user.

  Again, it returns to the flowchart shown in FIG.

  In step S43, if the user response is not authenticated as a result of the challenge response in step S42 described above, the process proceeds to step S44, and if the user is authenticated, the process proceeds to step S45.

  In step S44, since user authentication has not been performed, login for executing an application involving security processing via the security chip 50 in the PC 21 becomes impossible.

  In step S45, in response to the user authentication, login for executing an application involving security processing via the security chip 50 in the PC 21 becomes possible.

  In step S <b> 46, the user executes various application services involving security processing via the security chip 50 in the PC 21.

  In this way, user authentication is performed using the encryption key Ck stored in the security area 20b, which can be used in response to the verification of the password input by the jog dial 12 in the storage medium 10, so that the security is extremely high. Authentication processing can be expanded. In addition, it is possible to greatly reduce the risk of password sneaking and the like, and it is possible to eliminate the password remaining in the PC 21.

  The storage media 10 and 40 shown as the first to third embodiments described above are equipped with a biometric function such as fingerprint collation, for example, and the user authentication process is performed by this biometric function. May be.

  10, 40 Storage media, 11 USB (Universal Serial Bus) jack, 12 Jog dial, 13 Input confirmation lamp, 14 USB controller, 15 Jog dial controller, 16 ROM (Read Only Memory), 17 RAM (Random Access Memory), 18 CPU ( Central Processing Unit), 19 memory controller, 20 flash memory, 20a open area, 20b security area, 41 one-time password generator

Claims (18)

In a removable information storage device comprising a predetermined interface for connecting to an external device and storage means for which access from the external device is restricted,
Password input means for inputting a password notifying only the information storage device without outputting to the external device connected via the predetermined interface;
Password verification means for verifying the password input by the password input means;
An access permission means for permitting access to the storage means from the external device connected via the predetermined interface in response to the password being verified by the password verification means. Information storage device. The storage means includes a first storage area that is always permitted to be accessed from the external device connected via the predetermined interface;
A second storage area in which access from the external device connected via the predetermined interface is restricted,
The information storage device according to claim 1, wherein the access permission means permits access to the second storage area of the storage means in response to the password being verified by the password verification means. The password input means includes a selection means for selecting a desired one code from a plurality of codes,
Determining means for determining that the code selected by the selection means is a password configuration code constituting the password;
The information storage device according to claim 1. Control means for controlling to output the code selected by the selection means to the external device connected to the information storage device via the predetermined interface;
The first storage area of the storage means is an application software for visually displaying the code output to the external device by the control means on the display device of the external device by being activated by the external device. The information storage device according to claim 3, wherein: The information storage device according to claim 3, further comprising display means for visually displaying the code selected by the selection means. A method for permitting access to the storage means in a removable information storage device comprising a predetermined interface for connecting to an external device and a storage means for which access from the external device is restricted,
Enter the password to notify only the information storage device without outputting to the external device connected via the predetermined interface,
Verify the password entered above,
An access permission method, wherein access to the storage means from the external device connected via the predetermined interface is permitted in response to the verification of the password. A security system comprising a server device, a terminal device connected to the server device via a network, and a removable information storage device connected to the terminal device via a predetermined interface,
The information storage device stores a storage unit in which an encryption key for encrypting predetermined data is stored and access from the terminal device is restricted,
Password input means for inputting a password to notify only the information storage device without being output to the terminal device connected to the information storage device;
Password verification means for verifying the password input by the password input means;
An access permission means for permitting access to the storage means from the terminal device connected via the predetermined interface in response to the password being verified by the password verification means;
The encryption key stored in the storage means permitted to be accessed by the access permission means, and a challenge code transmitted from the server device in response to an access request from the terminal device to the server device; A one-time password generating means for generating a different one-time password each time based on a predetermined algorithm;
Control means for controlling to transmit the one-time password generated by the one-time password generation means to the server device via the terminal device connected to the network;
The server device, verification means for verifying the one-time password transmitted from the information storage device via the terminal device connected to the network;
An authentication unit for authenticating a user who has requested access from the terminal device connected via the network, according to a verification result by the verification unit;
A network access permission unit that permits access from the terminal device via the network in response to user authentication by the authentication unit. The storage means of the information storage device includes a first storage area that is always allowed access from the terminal device connected via the predetermined interface;
A second storage area in which access from the terminal device connected via the predetermined interface is restricted,
8. The access permission unit of the information storage device permits access to the second storage area of the storage unit in response to the password verification by the password verification unit. Security system. The password input means of the information storage device includes a selection means for selecting a desired one code from a plurality of codes,
Determining means for determining that the code selected by the selection means is a password configuration code constituting the password;
The security system according to claim 7. The control means of the information storage device controls to output the code selected by the selection means to the terminal device connected to the information storage device via the predetermined interface,
The first storage area of the storage means is an application software for visually displaying the code output to the terminal device by the control means on the display device of the terminal device by being activated by the terminal device. The security system according to claim 9, wherein: The security system according to claim 9, wherein the information storage device includes display means for visually displaying the code selected by the selection means. A security system network access permission method comprising: a server device; a terminal device connected to the server device via a network; and a removable information storage device connected to the terminal device via a predetermined interface. ,
The information storage device, without being output to the terminal device connected to the information storage device, a password input step of inputting a password to notify only the information storage device;
A password verification process for verifying the password input by the password input process;
An access permission step for permitting access to the storage means of the information storage device from the terminal device connected via the predetermined interface in response to the password being verified by the password verification step; ,
An encryption key stored in the storage means permitted to be accessed in the access permission step, and a challenge code transmitted from the server device in response to an access request from the terminal device to the server device. Using a one-time password generating step for generating a different one-time password each time based on a predetermined algorithm;
A control step of controlling the one-time password generated by the one-time password generation step to be transmitted to the server device via the terminal device connected to the network;
The server device verifies the one-time password transmitted from the information storage device via the terminal device connected to the network;
An authentication step for authenticating a user who has requested access from the terminal device connected via the network according to a verification result by the verification step;
And a network access permission step for permitting access from the terminal device via the network in response to user authentication by the authentication step. A security system comprising a server device, a terminal device connected to the server device via a network, and a removable information storage device connected to the terminal device via a predetermined interface,
The terminal device includes a security chip that stores a first encryption key required when executing predetermined security processing in the terminal device,
The information storage device stores a second encryption key, which is the same encryption key as the first encryption key, in which access from the terminal device is restricted, and
Password input means for inputting a password to notify only the information storage device without being output to the terminal device connected to the information storage device;
Password verification means for verifying the password input by the password input means;
An access permission means for permitting access to the storage means from the terminal device connected via the predetermined interface in response to the password being verified by the password verification means;
In response to the access request from the terminal device to the server device, the challenge code transmitted from the server device is encrypted with the second encryption key, and the terminal device connected to the network is Control means for controlling to transmit to the server device,
The server device, verification means for verifying the challenge code encrypted with the second encryption key transmitted from the information storage device via the terminal device connected to the network;
An authentication unit for authenticating a user who has requested access from the terminal device connected via the network, according to a verification result by the verification unit;
An execution permission unit that permits execution of the predetermined security process using the first encryption key in the terminal device in response to user authentication by the authentication unit. The storage means has a first storage area that is always allowed access from the terminal device connected via the predetermined interface;
A second storage area in which access from the terminal device connected via the predetermined interface is restricted,
The access permission means of the information storage device permits access to the second storage area of the storage means in response to the password being verified by the password verification means. Security system. The password input means includes a selection means for selecting a desired one code from a plurality of codes,
Determining means for determining that the code selected by the selection means is a password configuration code constituting the password;
The security system according to claim 13. The control means of the information storage device controls to output the code selected by the selection means to the terminal device connected to the information storage device via the predetermined interface,
The first storage area of the storage means is an application software for visually displaying the code output to the terminal device by the control means on the display device of the terminal device by being activated by the terminal device. 16. The security system according to claim 15, wherein the security system is stored. The security system according to claim 15, wherein the information storage device includes display means for visually displaying the code selected by the selection means. A security system execution permission method of a security system comprising: a server device; a terminal device connected to the server device via a network; and a removable information storage device connected to the terminal device via a predetermined interface. And
The information storage device, without being output to the terminal device connected to the information storage device, a password input step of inputting a password to notify only the information storage device;
A password verification process for verifying the password input by the password input process;
An access permission step for permitting access to the storage means of the information storage device from the terminal device connected via the predetermined interface in response to the password being verified by the password verification step; ,
In response to an access request from the terminal device to the server device, a challenge code transmitted from the server device is stored in the storage unit that is permitted to be accessed in the access permission step. Encrypted with a second encryption key that is the same encryption key as the first encryption key stored in the security chip of the terminal device required when executing a predetermined security process in the device, A control step of controlling to transmit to the server device via the connected terminal device,
The server device verifies the challenge code encrypted with the second encryption key transmitted from the information storage device via the terminal device connected to the network;
An authentication step for authenticating a user who has requested access from the terminal device connected via the network according to a verification result by the verification step;
An execution permission step for permitting execution of the predetermined security processing using the first encryption key in the terminal device in response to user authentication by the authentication step. Authorization method.

Images