JP2016184875A - Key data communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To ensure security at the same level as pairing without paring operation between a mobile terminal possessed by a user and a reader.SOLUTION: A secret key is stored per reader 20 connected with a control object, and a mobile terminal 10 stores a public key corresponding to the secret key of each reader 20 together with key data. In order to establish a communication state with the mobile terminal 10, the reader 20 transmits signature data created with the secret key together with a call signal to the mobile terminal 10. Then, the mobile terminal 10 verifies the received signature data using the public key in terms of signature, and confirms the authenticity of the reader 20 that has transmitted the signature data.SELECTED DRAWING: Figure 1

Description

  The present invention controls a control object between a portable terminal possessed by a user such as a mobile phone or a smartphone and a reader connected to a control object (a specific gate, a lock provided on the gate, an elevator, or the like). The present invention relates to a key data communication system that communicates key data necessary for the communication.

  For example, entrances and exits of common or private areas in housing (apartments such as detached houses and condominiums) and various facilities (public facilities such as hotels and medical institutions, commercial facilities such as office buildings and rental offices, research facilities conducting various research) Keys that use ID keys such as remote control keys and non-contact IC cards, for example, instead of the usual keyhole insertion type metal keys to make the various gates installed in the door openable / closable or open / closed Data communication systems have been proposed.

  In this key data communication system, an ID key is registered in advance with respect to a reader, and an authentication ID (for authentication required for locking / unlocking and gate opening / closing control) is established between the ID key and the reader corresponding to the gate. For example, a gate ID for specifying a gate or a user ID for specifying an individual user is transmitted and received, and the gate is controlled by determining whether the key data is correct (for example, see Non-Patent Document 1).

  In this type of system, in order to prevent reverse engineering of the CPU, tamper-resistant parts are used, and communication between the ID key and the reader is protected by a unique encryption method. Key data due to interception of communication is not leaked, and the system can be used with confidence.

“VERSA Access Controller”, Miwa Rock Co., Ltd., June 2013 edition, p. 8-9

  By the way, the applicant of the present application uses a mobile terminal (smart phone, feature phone, wearable device, etc.) owned by the user as a key instead of an ID key such as a remote control key or a non-contact type IC card, for example, Bluetooth (registered) The so-called “hands-free mode” that enables gate control by entering the detection range of a reader while being carried in a bag or the like using a short communication area of several meters to several tens of meters such as a trademark) ”Is being developed to control a controlled object (a specific gate, a lock provided on the gate, an elevator, etc.).

  However, since portable terminals do not have tamper resistance and are easy to reverse engineer, a pairing operation is required between the control object and the reader connected to it. When operating a hotel, it is not realistic for a hotel employee to perform a pairing operation with a guest room leader by operating a portable terminal held by a guest during check-in.

  In addition, although the guest himself / herself can perform the pairing operation, it is not preferable to force the guest to perform the complicated pairing operation of the portable terminal each time the guest stays. Furthermore, in the case of guests who have little knowledge about the operation of mobile terminals, there is a problem that the assistance of the pairing operation by the hotel employee is necessary when the exact pairing operation cannot be performed, and the burden on the hotel employee is also increased. is there.

  Also, in short-range wireless communication using Bluetooth (registered trademark), when a mobile terminal enters the communication range of the reader, the communication state is automatically established and key data communication starts. It is necessary to strengthen the security against fraudulent acts such as installing a reader for intercepting key data and becoming a legitimate reader and intercepting key data.

  Therefore, the present invention has been made in view of the above problems, and security equivalent to the pairing operation is performed without performing the pairing operation between the reader connected to the controlled object and the mobile terminal possessed by the user. It is an object of the present invention to provide a key data communication system capable of ensuring the security.

In order to achieve the above-described object, the key data communication system according to claim 1 enables short-range wireless communication with a detection range of several meters to several tens of meters, and a reader connected to a control object;
A portable terminal possessed by a user who can transmit key data necessary for control of the control object by short-range wireless communication with the reader when entering the detection range;
With
In the key data communication system that outputs a control signal for controlling the control object to a predetermined state when the reader successfully authenticates the key data received from the mobile terminal,
The reader transmits signature data created using a secret key from a call signal for establishing communication with the portable terminal and its reader identification information to the portable terminal,
The portable terminal acquires a public key corresponding to the secret key as a set with the key data, and the signature data obtained by decrypting the signature data transmitted from the reader using the public key is: The reader is judged to be a valid reader when it matches the signature data included in the key data.

The key data communication system according to claim 2 is the key data communication system according to claim 1, wherein when the portable terminal successfully authenticates the signature data transmitted from the reader, data transmitted from the reader Sending the key data encrypted with the public key as a response to the request signal to the reader;
The reader decrypts the key data transmitted from the portable terminal using the secret key corresponding to the public key, and outputs the control signal when it is determined that the key data is valid. It is characterized by.

The key data communication system according to claim 3 is the key data communication system according to claim 2, wherein the portable terminal includes reader specifying information for specifying the reader, reader installation position information indicating an installation position of the reader, Sending the reader installation position information as a distribution request for the key data to a key distribution server that stores the secret key stored in the reader and a corresponding public key in a database in association with each other,
The key distribution server creates key data based on the control authority of the control object given to the user, and is connected to the control object from the reader installation position information acquired at the time of the key data distribution request. The reader is identified and the public key corresponding to the secret key stored in the reader is delivered to the portable terminal as a set with the created key data.

  According to the invention of the present invention, the signature data created by using the secret key stored by the reader is transmitted to the portable terminal possessed by the user, and the portable terminal obtains the public key corresponding to the secret key acquired in combination with the key data. By verifying the signature data sent from the reader and confirming the validity of the reader, the pairing operation between the mobile device and the reader is performed without performing the pairing operation between the mobile device and the reader. It is possible to perform key data communication by short-range wireless communication in a state where the same security is ensured.

It is a schematic block diagram which shows the structure of the key data communication system which concerns on this invention.

  Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the present invention is not limited by this embodiment, and all other forms, examples, operation techniques, etc. that can be implemented by those skilled in the art based on this form are included in the scope of the present invention. .

[System configuration]
First, the configuration of the key data communication system according to the present invention will be described.
As shown in FIG. 1, the key data communication system 1 includes a mobile terminal 10 possessed by a user used as a key when controlling a control object in a predetermined state, and a mobile terminal 10 connected to the control object. It is comprised with the reader 20 which reads the key data required at the time of control of a control target object.

  The key data communication system 1 of this example acquires from the key distribution server 30 a set of key data necessary for the mobile terminal 10 to control the control target and a public key for performing predetermined encryption processing on the key data. The reader 20 is configured to store the secret key corresponding to the public key in order to decrypt the encrypted key data. The reader 20 receives the key data encrypted with the public key from the mobile terminal 10 and receives the key data. By decrypting the key data with the secret key corresponding to the public key used for encryption, the pairing operation is not performed between the mobile terminal 10 and the reader 20, and equivalent security is ensured. .

  Also, the mobile terminal 10 is distributed from the key distribution server 30 as a set of key data and a public key corresponding to the secret key stored in the reader 20 connected to the controlled object.

  In the following description, the “control target” in the key data communication system 1 of this example refers to, for example, a house (an apartment house such as a detached house or a condominium) or various facilities managed by a service provider that provides a predetermined service ( Equipment installed at predetermined locations in buildings, including public facilities such as hotels and medical institutions, commercial facilities such as office buildings and rental offices, and research facilities that conduct various research, such as various gates (folding doors, sliding doors, In addition to common doors such as folding doors, there are automatic doors, revolving doors, automatic ticket gates and open / close bodies such as entrance / exit control gates), locks provided in the gates, elevators, rental lockers, and the like.

The “key data” is control authority information transmitted from a service provider such as a hotel (information set for each user and indicating that the control object is allowed to be controlled to a predetermined state only for a predetermined period. ) Based on the key distribution server 30 and data including reader identification information (for example, device serial number) of the reader 20 to be used.
For example, when the key data communication system 1 is employed in a hotel, information necessary for controlling the opening / closing state of an automatic door disposed in a common space (usage period (date and time), etc.) as key data, Information required to lock and unlock the doors located at the entrance of each guest room (room number, accommodation period (date and time), etc.), information required for entrance / exit management of common facilities such as conference rooms (room number) Use period (date and time), etc.), information necessary for calling the elevator and designating a stop floor (use floor restriction information (limitation of stopable floors), room information, etc.).

  Note that the key data communication system 1 of the present example is a communication method performed between the mobile terminal 10 and the reader 20 as short-distance wireless communication such as several meters to several tens of meters such as Bluetooth (registered trademark). A so-called “hands-free mode”, which has a short-range communication range and controls a control object by entering the detection range of the reader 20 while carrying the mobile terminal 10 in a bag or the like carried by the user. This will be described in the form of use.

<About mobile devices>
The mobile terminal 10 is various mobile communication terminals (for example, a mobile phone, a smartphone, a wearable device, etc.) possessed by the user, and includes a terminal communication unit 11, a terminal control unit 12, a terminal storage unit 13, and a display unit 14. The input operation unit 15 and the data acquisition unit 16 are provided.

  The mobile terminal 10 has functions of a general mobile communication terminal (for example, a telephone function, a mail function, a communication function using various computer networks, a camera function), and a control object stored in the terminal storage unit 13. The mobile terminal 10 functions as a key (authentication key) for controlling the controlled object by starting an application program (control application) for controlling the control object.

  The terminal communication unit 11 includes various communication modules necessary for performing data communication (voice call, Internet connection, etc.) via various communication networks. Further, since the terminal communication unit 11 communicates various data with the reader 20 using short-range wireless communication, wireless communication is possible at a distance of several meters to several tens of meters such as Bluetooth (registered trademark). It also has various short-range wireless devices such as a module to perform.

  In addition, as a specification of short-distance wireless communication, a passive type (passive type), an active type (active type), a semi-active type (a startup type active type) that combines both a passive type and an active type may be used.

  The terminal control unit 12 includes, for example, a processor such as a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), or an MPU (Micro-Processing Unit) having these functions. Various drive control programs stored in the terminal storage unit 13 are executed so as to function as a portable communication terminal, and the mobile terminal 10 is caused to function as an authentication key in accordance with a control application processing sequence stored in the terminal storage unit 13 Thus, drive control of each part which comprises the portable terminal 10 is performed.

  As processing contents of the terminal control unit 12 by starting the control application, a response signal to the interrogation signal from the reader 20 is transmitted so that short-distance wireless communication can be performed with the reader 20, and the communication state with the reader 20 is established. A process for verifying data using a public key for storing the signature data included in the data request signal transmitted from the reader 20 after the communication state is established in the terminal storage unit 13, and the signature data is valid. There is a process of transmitting to the reader 20 the key data encrypted with the public key and the anti-fraud data included in the challenge signal as a response to the data request signal when it is confirmed.

  In the system of this example, the control application is configured to start with the reception of the interrogation signal transmitted from the reader 20 as a trigger. However, the control application may be configured to always start in the background or start every time the user uses it. Good.

  The signature data transmitted from the reader 20 is data created by using a secret key from reader identification information (for example, a device serial number) set for each reader 20. Therefore, the signature data verification process verifies whether the reader identification information obtained by decrypting the received signature data with the public key matches the reader identification information included in the key data acquired as a set with the public key. It is possible to determine whether or not a data request signal is transmitted from a valid reader 20.

  Further, the terminal control unit 12 transmits leader installation position information indicating the installation position of the reader 20 connected to the control target when requesting key data to the key distribution server 30. Note that the reader installation position information transmitted from the mobile terminal 10 is information specifying which control target is connected to the reader (for example, a reader connected to the door of the room △△△ of the hotel XX). And includes information for specifying a hotel code and a guest room number).

  The terminal storage unit 13 is composed of various semiconductor memories including a non-volatile memory such as an EEPROM and a flash memory, and a volatile memory such as a DRAM and SDRAM, for the purpose of causing the portable terminal 10 to function as a normal portable communication terminal. Various necessary drive control programs are stored.

  The terminal storage unit 13 includes a control application for causing the terminal control unit 12 (computer) included in the mobile terminal 10 to execute a gate control processing sequence necessary for using the key data communication system 1. Remembered (installed). Further, the terminal storage unit 13 stores key data necessary for controlling the controlled object and a public key necessary for encrypting the key data. The key data and the public key are distributed from the key distribution server 30 as a set.

  The display unit 14 is configured by a display device having a display area such as a liquid crystal display (LCD) or an EL display (electroluminescence display: ELD), and is controlled by the terminal control unit 12 to drive a control application. In addition to the display contents displayed in conjunction with the display, various display contents necessary for driving the mobile terminal 10 are displayed on the display area.

  The input operation unit 15 includes various input devices such as a UI (User Interface) such as a touch panel including operation keys such as numeric keys and selection buttons and software keys on the display screen of the display unit 14. When a predetermined operation is performed when used as a type communication terminal or when key data is acquired from the key distribution server 30, operation information corresponding to the operation content is output to the terminal control unit 12.

<About the leader>
As shown in FIG. 1, the reader 20 includes an information communication unit 21, a reader control unit 22, a reader storage unit 23, and a power supply unit 24. The reader 20 is a device that is provided in the vicinity of the control target used by the user and outputs a control signal for controlling the control target to a predetermined state when the key data from the portable terminal 10 is normally authenticated.

  The number of installed readers 20 may be one or a plurality, and as a device form, communication is possible with a stand-alone type or a management device (not shown) (connection method may be wired or wireless). Any network connection type that is managed.

  The information communication unit 21 is configured by a communication device that can transmit and receive various types of information using short-range wireless communication with the mobile terminal 10 and is installed in the vicinity of the controlled object. In order to establish a communication state with the mobile terminal 10, the information communication unit 21 performs a call (transmission of a call signal) that activates the control application when the mobile terminal 10 comes close to the communication range.

  In addition, when the communication state is established with the mobile terminal 10, the information communication unit 21 prevents fraud prevention data created by the reader control unit 22 (for example, a disposable random value such as nonce) in order to prevent fraud due to a replay attack. , Serial number, date and time information) and a data request signal are transmitted to the portable terminal 10 as a set.

Furthermore, when receiving the encrypted key data and fraud prevention data as a response to the transmitted data request signal, the information communication unit 21 outputs each received data to the reader control unit 22.

  The information communication unit 21 is a leader for confirming the intention of communication in order to save power in addition to the method of performing polling at a predetermined cycle as described above as a method of performing communication with the mobile terminal 10. It is also possible to adopt a configuration in which communication is performed only when an operation button (not shown) provided at 20 predetermined locations is operated.

  The reader control unit 22 includes, for example, a processor such as a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), or an MPU (Micro-Processing Unit) having these functions. The drive control and power supply control of each part which comprises are performed.

The content of the control processing performed by the reader control unit 22 includes a call signal and signature data (using a secret key from the reader specific information) to establish communication with the mobile terminal 10 that has entered the detection range of the information communication unit 21. The data request signal and the fraud created when the response signal from the mobile terminal 10 that transmitted the challenge signal is confirmed. The process of transmitting the prevention data to the mobile terminal 10 as a set, the process of decrypting the encrypted key data received from the mobile terminal 10 with the private key, and the anti-fraud data matching the fraud prevention data transmitted in the past A process for determining whether or not to perform the process, a process for determining that the key data is illegal when the anti-fraud data matches the past, and terminating the process, When the correct prevention data is different from the past data, the key data and the authentication data stored in the reader storage unit 23 are collated, and only when the key data is normally authenticated, the control object is brought into a predetermined state. A process of transmitting a control signal for control to the control object is appropriately performed.
A series of processing procedures related to the above processing will be described in the section of processing operation described later.

  There are various specific control processing contents according to the control signal transmitted to the control object, depending on the control object. For example, when the control object is a gate, a driving device such as a motor or a solenoid provided in the gate The lock is locked or unlocked by opening the dead bolt into the locking hole of the door frame (when locking) or pulling (when unlocking), and the gate can be opened or closed. Control, control to change the handle and knob that are operated when the gate is opened / closed from the locked state to the door openable state, control to drive the door frame electric strike to open / close the gate, existing mechanism In a retrofitting lock device that electrically rotates the thumbwheel, the gate is opened or closed by turning the thumbturn in the locking / unlocking operation direction and unlocking the lock. There is a control to door opening or closing state of the gate by performing the locking and unlocking of the lock by rotating the turn locking / unlocking operation direction.

  The reader storage unit 23 is configured by various storage devices such as a nonvolatile memory such as an EEPROM and a flash memory, various semiconductor memories including a volatile memory such as a DRAM and SDRAM, and an HDD.

  The reader storage unit 23 transmits the secret key corresponding to the public key for decrypting the encrypted key data, the reader identification information for identifying itself, and the past transmitted to the mobile terminal 10 to prevent unauthorized access due to a replay attack. In addition to the anti-fraud data and the authentication key data for determining the validity of the key data transmitted from the portable terminal 10, the drive control program of each unit constituting the reader 20 is stored.

  Note that the reader storage unit 23 may monitor the status signal as monitor information as necessary (for example, when the control target is a gate, the gate open / close state signal, the lock / unlock state signal of the lock, and the lock / unlock operation history). Various data may be stored.

  The power supply unit 24 is a general commercial power supply unit, a power supply unit in which various batteries such as a button battery and a dry battery (regardless of a primary battery or a secondary battery) can be attached and detached, or solar power or solar power using a photovoltaic effect. It is composed of any photovoltaic module that directly converts light energy, such as illumination light, into electric power, and appropriately supplies drive power to each part of the reader 20.

<About the key distribution server>
The key distribution server 30 is an information distribution server managed by a key distribution company that has signed a contract with a service company (for example, a hotel) that manages the controlled object.
The key distribution server 30 includes a server communication unit 31 that communicates various information with the mobile terminal 10 and various processors such as a CPU that creates key data according to the control authority of the control target given to each user. A database in a state in which the information creation unit 32, the reader specific information of each reader 20, the reader installation position information indicating the installation position of each reader 20, and the public key corresponding to the secret key stored in each reader 20 are associated with each other. And a server storage unit 33 for storing the data.

  When the key distribution server 30 receives a key distribution request from the user, the key distribution server 30 generates key data necessary for controlling the control target according to the reader installation position information included in the key distribution request and the control authority information transmitted from the service provider. Create Next, the reader 20 is identified from the reader installation position information transmitted from the portable terminal 10, and the created key data, the secret key stored in the identified reader 20 and the public key corresponding to the set are distributed to the portable terminal 10 To do. Further, the key data includes the reader specifying information of the reader 20 connected to the controlled object, and is used when the signature data is verified by the portable terminal 10.

[About processing operations]
Next, a series of processing operations in the key data communication system 1 described above will be described.
Here, this system is adopted in a hotel, and the key data of the guest room reserved by the user is received from the key distribution server 30, and the portable terminal 10 is used to control the guest room door so that it can be opened and closed. It is an example of processing operation at the time.

  First, the user makes a reservation for a hotel and sets the key data distribution permission state for the guest room. Then, the control authority information is transmitted from the hotel to the key distribution server 30 as key distribution permission for distributing the key data of the guest room reserved by the user.

  Next, the user accesses the key distribution server 30 and makes a distribution request for key data. When the key distribution server 30 receives a key distribution request from the user, the key distribution server 30 creates key data based on the control authority given to the user (control authority information transmitted from the hotel), and further installs the reader transmitted at the time of the key distribution request A secret key stored by the reader 20 identified from the position information and a public key corresponding to the secret key are set and distributed to the mobile terminal 10 as a set.

  When the user enters the communication range of the reader 20 while holding the portable terminal 10 that has received the distribution information from the key distribution server 30, a call signal is transmitted from the reader 20 to the portable terminal 10. When a response signal is transmitted to the reader 20 as a response to the call signal, the mobile terminal 10 establishes short-range wireless communication between the mobile terminal 10 and the reader 20.

  When the communication state is established, the reader 20 first transmits the data request signal for requesting the key data to the portable terminal 10, the signature data, and the fraud prevention data as a set. Next, when the mobile terminal 10 receives the data request signal from the reader 20, the mobile terminal 10 is given to the data request signal using the public key in order to determine whether or not the data request signal is received from the legitimate reader 20. Verify signature data.

  As a result of verification, if it is confirmed that the data request signal is valid from the reader 20, the key data is encrypted with the public key, and the key data and fraud prevention data are transmitted to the reader 20. Then, the reader 20 determines whether or not the fraud prevention data received from the mobile terminal 10 matches the past fraud prevention data stored in the reader storage unit 23.

At this time, if the anti-fraud data matches, it is determined that the key data is illegal, and the process ends.
On the other hand, if the anti-fraud data is different, it is determined that the key data has been transmitted normally, and the authentication key data stored in the reader storage unit 23 is decrypted with the secret key for storing the encrypted key data. Only when the key data received by collating is normally authenticated, a control signal corresponding to the state of the door is transmitted to the control unit (electric lock or electric lock control panel) of the door.

  As described above, the key data communication system 1 described above stores a secret key for each reader 20 connected to the controlled object, and the mobile terminal 10 stores the public key corresponding to the secret key of each reader 20 as key data. Remember with. Then, when controlling the control object, the key data encrypted with the public key is transmitted to the reader 20, and the reader 20 decrypts the key data with the secret key to judge the validity of the key data and is legitimate. When the control object is determined, a control signal for controlling the control object to a predetermined state is output to the control object.

  Thereby, since communication of key data can be performed between the portable terminal 10 and the reader 20 in an encrypted state, security equivalent to pairing can be ensured.

  Further, when a communication state is established between the portable terminal 10 and the reader 20, the fraud prevention data is transmitted from the reader 20 to the portable terminal 10 together with the data request signal, and the portable terminal 10 encrypts the fraud prevention data and the encrypted key. By replying to the reader 20 together with the data, a replay attack due to the intercepted key data can be prevented.

[Other embodiments]
In addition, this invention is not limited to said each embodiment, For example, as shown below, it can also change suitably according to a use environment etc. and can also implement it. Also, the following modifications can be implemented in any combination within the scope not departing from the gist of the present invention.

  In the above-described embodiment, the communication state between the mobile terminal 10 and the reader 20 has been described as a configuration in which the data request signal, signature data, and fraud prevention data are transmitted as a set from the reader 20. Since it is only necessary that a signal serving as a trigger for requesting key data is transmitted to the mobile terminal 10, for example, only the signature data or the signature data and the fraud prevention data are transmitted as a set as the data request signal, and the mobile terminal 10 establishes communication. A signal such as signature data received from the reader 20 later may be determined as a data request signal.

  In the above-described embodiment, the key data and public key for the user to control the controlled object have been described as being distributed from the key distribution server 30. However, the present invention is not limited to this. In addition, the configuration may be such that the key data and the public key are acquired as a set by using a medium (key data acquisition medium) having a read target for acquiring the key data and the public key as a set.

  As an example of the form of the key data acquisition medium, for example, a card-like medium or paper transferred from a service provider (for example, a hotel) operating the key data communication system 1 to a user, or a reservation for an HP operated by the service provider An object to be read (for example, a one-dimensional code (bar code), a two-dimensional code (QR code (registered trademark)), an information identifier such as a color dot, or an RFID chip) is displayed on a part of the screen displayed after the reservation is completed. Yes, depending on the form of the object to be read, it can be printed on the medium itself, adhered to the surface of the medium as a seal, applied as a chip in the medium, or formed in a predetermined shape on the display screen. Is displayed.

  In addition, as a method of acquiring from a read target of a key data acquisition medium, for example, if the read target is an information identifier such as a QR code (registered trademark), a camera mounted on the portable terminal 10 is used to read the read target. If is a non-contact type IC chip, the non-contact communication function (communication function by NFC) of the terminal communication unit 11 may be used.

  The key data communication system 1 described above is a short-range wireless communication having a short-range communication range of several meters to several tens of meters such as Bluetooth (registered trademark) for communication between the mobile terminal 10 and the reader 20. As described in the configuration using the network, the communication range such as NFC (Near Field Communication), which is another short-range wireless communication system, has a communication range of an extremely short distance of about several centimeters to several tens of centimeters. When controlling an object, a so-called “proximity mode” for controlling the object to be controlled by placing the portable terminal 10 on the information communication unit 21 of the reader 20 (approaching it) is added, and each user considers convenience. It is good also as a structure which enables selection.

  In the case of such a configuration, the terminal communication unit 11 of the mobile terminal 10 and the information communication unit 21 of the reader 20 receive electromagnetic fields and radio waves such as MiFare (ISO / IEC 14443) and FeliCa (ISO / IEC 15408), for example. In addition to RFID tags (Radio Frequency Identification Tags, which are composed of a circuit board on which a plurality of electronic elements are mounted) that can be used for wireless communication at a distance of several centimeters, a small one-chip IC ( IC tag including an integrated circuit) is also mounted.

  Further, in the above-described key data communication system 1, when the reader 20 is confirmed to be valid, the key data is encrypted using the public key stored in the mobile terminal 10 and transmitted to the reader 20, and the reader 20 makes it public. In the above description, the key data is decrypted with the secret key corresponding to the key. However, the present invention is not limited to this.

This is a method in which the Diffie-Hellman key exchange method is applied as a key data encryption method. As a precondition, the portable terminal 10 and the reader 20 each generate a common key generation secret for generating a common key for key data encryption. A key generation algorithm for generating a key and a public key for generating a common key using a random number is stored in advance. The reader 20 generates a secret key A for generating a common key, a public key A for generating a common key, and a mobile phone. The terminal 10 creates a common key creation private key B and a common key generation public key B, which are created each time a communication state is established between the mobile terminal 10 and the reader 20.
Further, the reader 20 stores a secret key (herein referred to as a “signature creation secret key”) used for signature creation used in the above-described form, and the mobile terminal 10 discloses a public key corresponding to the signature creation secret key. A key (herein referred to as “signature verification public key”) is stored.

  A series of flows related to the key data encryption processing will be described. First, when the reader 20 establishes a communication state with the mobile terminal 10, the reader specifying information and the common key generating public key A are used using the signature generating secret key. Is used to create a signature and transmit it to the portable terminal together with the public key A for generating the common key. The portable terminal 10 verifies with the signature verification public key that stores the signature data received from the reader 20, and is a valid reader and that the common key generation public key A is generated by the reader. Judgment is made.

  Then, as a result of the signature data verification, the portable terminal 10 confirms that the signature data transmission source is the valid reader 20 and that the common key creation public key A is created by the reader, and then the common key The generation public key B is transmitted to the reader 20. As a result, the common key generation public keys A and B are exchanged between the portable terminal 10 and the reader 20.

  Next, after transmitting the common key generation public key B to the reader 20, the mobile terminal 10 uses the common key generation private key B and the common key generation public key A received from the reader 20 to generate a predetermined key. The common key C is created by the generation process (one-way function). Then, the mobile terminal 10 encrypts the key data using the generated common key C and transmits it to the reader 20.

  In addition, the reader 20 generates a common key C by a predetermined key generation process (one-way function) using the common key generation secret key A and the common key generation public key B received from the mobile terminal 10. Note that the common key C generated by the mobile terminal 10 and the common key C generated by the reader 20 are the same. Then, the reader 20 decrypts the key data received from the portable terminal 10 with the common key C, and only when the key data is normally authenticated, the reader 20 sends a control signal corresponding to the door state to the door control unit (electric lock or To the electric lock control panel.

  As described above, public keys (common key generation public keys A and B) for generating a common key for encrypting key data are exchanged using the Diffie-Hellman key exchange method. Further, when the public key A for generating the common key is transmitted from the reader 20, the signature data created with the signature creation private key is added and transmitted to the portable terminal 10. Thereby, since the portable terminal 10 can transmit the common key generation public key B after confirming the validity of the signature data, the man-in-the-middle attack, which is a problem of the Diffie-Hellman key exchange method, can be avoided. it can.

DESCRIPTION OF SYMBOLS 1 ... Key data communication system 10 ... Portable terminal 11 ... Terminal communication part 12 ... Terminal control part 13 ... Terminal memory | storage part 20 ... Reader 21 ... Information communication part 22 ... Reader control part 23 ... Reader memory | storage part 24 ... Power supply part 30 ... Key Distribution server 31 ... Server communication unit 32 ... Information creation unit 33 ... Server storage unit

Claims (3)

A reader capable of short-range wireless communication with a detection range of several meters to several tens of meters and connected to a controlled object;
A portable terminal possessed by a user who can transmit key data necessary for control of the control object by short-range wireless communication with the reader when entering the detection range;
With
In the key data communication system that outputs a control signal for controlling the control object to a predetermined state when the reader successfully authenticates the key data received from the mobile terminal,
The reader transmits signature data created using a secret key from a call signal for establishing communication with the portable terminal and its reader identification information to the portable terminal,
The portable terminal acquires a public key corresponding to the secret key as a set with the key data, and the signature data obtained by decrypting the signature data transmitted from the reader using the public key is: A key data communication system, wherein the reader is determined to be a valid reader when it matches signature data included in the key data. The mobile terminal, when successfully authenticating the signature data transmitted from the reader, transmits the key data encrypted with the public key to the reader as a response to a data request signal transmitted from the reader,
The reader decrypts the key data transmitted from the portable terminal using the secret key corresponding to the public key, and outputs the control signal when it is determined that the key data is valid. The key data communication system according to claim 1. The mobile terminal creates a database in a state in which reader identification information for identifying the reader, reader installation position information indicating the installation position of the reader, and a public key corresponding to the secret key stored in the reader are associated with each other. Sending the reader installation position information as a key data distribution request to the key distribution server to be stored,
The key distribution server creates key data based on the control authority of the control object given to the user, and is connected to the control object from the reader installation position information acquired at the time of the key data distribution request. 3. The key data communication system according to claim 2, wherein the reader is identified and the public key corresponding to the secret key stored in the reader is delivered to the portable terminal as a set with the created key data. .

Images