JP2021036687A - Utilization management system, management device, utilization controller, user terminal, utilization management method, and program - Google Patents

Abstract

To provide a technology on utilization management of a utilization target, the technology reducing a risk on security while improving convenience.SOLUTION: A utilization controller 1 receives hall data together with a first signature from a provider terminal 3; verifies the first signature using a first public key; and sets the hall data to the controller 1 when signature verification is established. The utilization controller also receives a utilization permit together with a second signature from a user terminal 4; verifies the second signature using a second public key included in the hall data and transmits a nonce to the user terminal 4 to receive a third signature in response to the nonce from the user terminal 4; and verifies the third signature using a third public key included in the utilization permit. When both of the second signature verification and the third signature verification are established, the utilization controller 1 refers to transaction information included in the utilization permit and, when a condition identified by the transaction information is satisfied, cancels utilization limitation of a utilization target (house 50).SELECTED DRAWING: Figure 1

Description

The present invention includes locking / unlocking including entrances / exits of hotels, inns, private lodging facilities, houses, warehouses, rooms, etc., moving objects such as automobiles and bicycles, storages, and reading terminals for electronic media such as electronic medical records and electronic books. Related to usage management technology for usage targets whose usage can be restricted by locking, access control, or encryption / decryption.

Patent Document 1 discloses a system that allows various services including unlocking and locking of a room to be used in facilities such as companies, hospitals, amusement parks, and public facilities simply by carrying a room key. There is. This system is for reading and writing information to a room key having a readable and writable RFID (Radio Frequency Identification) wireless tag that stores information such as a room number, a password, and customer information, and an RFID wireless tag of the room key. RFID readers installed in various places in the facility, a database that stores information about each room and each facility in the facility, and an RFID reader and database connected to the RFID reader and database via a network, and each room and each facility in the facility It has a server for management. Then, for example, an RFID reader installed in the door of each room in the facility, in the room, etc. reads the information stored in the RFID radio tag of the room key and transmits it to the server, and the server that receives this reads the information. The room number included in the information received from the RFID reader is collated with the room number of the room in which the RFID reader is installed to unlock and lock this room.

Japanese Unexamined Patent Publication No. 2003-132435

However, the system of Patent Document 1 is based on the premise that the room key is lent and returned at the reception of facilities such as companies, hospitals, amusement parks, and public facilities. Therefore, for example, even if a user makes a reservation for a facility on the Internet, he / she must stop by the reception desk of the management department that manages this facility, borrow a room key, and then move to the reserved facility. In addition, after using the facility, you must stop by the reception desk of this management department and return the room key. Therefore, for example, if the reserved facility and the reception desk of the management department that manages this facility are geographically separated, it is inconvenient.

Further, in the system of Patent Document 1, RFID readers installed in various places in the facility read the information stored in the RFID radio tag of the room key and transmit it to the server via the network. Therefore, for example, when the server is installed outside the facility and the RFID readers installed in various places in the facility and the server installed outside the facility are connected via the Internet, the RFID reader is the RFID of the room key. Every time the information is read from the wireless tag, the read information is transmitted on the Internet. Therefore, the security risk is high.

The present invention has been made in view of the above circumstances, and an object of the present invention is to provide entrances and exits of hotels, inns, private lodging facilities, houses, warehouses, rooms, etc., moving objects such as automobiles and bicycles, electronic medical records, electronic books, etc. To reduce security risks while improving convenience in usage management technology for users whose usage can be restricted by locking / unlocking, access control, or encryption / decryption, including electronic viewing terminals. With the goal.

In order to solve the above problems, the present invention provides a usage control device that controls the use of a usage target by locking / unlocking, access control, or encryption / decryption based on a usage permit, and usage control of the usage target. It is equipped with a management device that manages the usage permit in association with the device, a provider terminal that sets the hall data required for verification of the usage permit in the usage control device, and a user terminal that notifies the usage permit to the usage control device. ing.

Here, the utilization control device can communicate only by short-range wireless communication, and is disconnected from the network. Further, the utilization control device stores the first public key paired with the first private key associated with the own device and stored in the management device. Then, when the usage control device receives the hall data from the provider terminal together with the first signature via short-range wireless communication, the first signature is verified with the first public key, and the signature verification is established. If so, set this hall data in the own device. This hall data includes a second public key paired with a second private key associated with the own device and stored in the management device.

Further, the user terminal stores a third private key paired with the third public key associated with the own terminal and stored in the management device. Then, when the usage control device receives the usage permit from the user terminal together with the second signature via short-range wireless communication, the usage control device verifies the second signature with the second public key and after the signature verification. Alternatively, prior to this signature verification, a nonce (Number Used None) is transmitted to the user terminal. In response to this, the user terminal generates a signature for the nonce using the third private key, and transmits this as the third signature to the usage control device. Then, the usage control device verifies the third signature using the third public key included in the usage permit. Then, if the second and third signature verifications are both successful, the use control device acquires the transaction information included in the use permit, refers to the acquired transaction information, and identifies it by this transaction information. If the conditions are satisfied, the usage restrictions for the usage target will be lifted.

For example, the present invention
It is a usage management system that manages the usage of the usage target.
A usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption based on the usage permit.
A management device that manages the usage target in association with the usage control device, and
A provider terminal that sets the hall data required for verification of the use permit in the use control device, and
The use control device is provided with a user terminal for notifying the use permit.
The management device is
A transaction management means that manages transaction information including conditions related to the use of the usage target, and
An object management means that manages the first private key / public key in association with the usage control device,
A hall management means that manages the second private key / public key in association with the usage control device,
A user management means that manages a third public key in association with the user terminal,
Using the first private key managed by the object management means, a first signature is generated for the hall data including the second public key managed by the hall management means, and the hall is generated. A hall data processing means for transmitting data and the first signature to the provider terminal, and
Using the second private key managed by the hall management means, the transaction information managed by the transaction management means and the third public key managed by the user management means are included. It has a usage permit processing means for generating a second signature for the usage permit and transmitting the usage permit and the second signature to the user terminal.
The provider terminal is
The hall data received from the management device and the first signature are transmitted to the utilization control device by short-range wireless communication.
The user terminal is
A secret key storage means for storing a third private key paired with the third public key associated with itself and stored in the user management means of the management device.
A usage permit transmitting means for transmitting the usage permit and the second signature received from the management device to the usage control device by short-range wireless communication.
The third secret key stored in the secret key storage means is used to generate a third signature for the nonce received from the utilization control device, and the third signature is used by short-range wireless communication. It has a nonce processing means for transmitting to a control device, and has
The utilization control device is
Communication is possible only by short-range wireless communication,
The first signature received from the provider terminal together with the hall data is verified with the first public key registered in advance, and if the verification is successful, the hall setting for setting the hall data in the own device is performed. Means and
When the usage permit and the second signature are received from the user terminal, the signature acquisition means for transmitting the nonce to the user terminal and acquiring the third signature from the user terminal. ,
The second signature received from the user terminal together with the usage permit is verified by the second public key included in the hall data set in the own device, and is verified by the signature acquisition means. The acquired third signature is verified with the third public key included in the license, and if the verification for the second and third signatures is established, the license is used. A transaction information acquisition means for acquiring the included transaction information, and
With reference to the transaction information acquired by the transaction information acquisition means, if the conditions specified by the transaction information are satisfied, there is a canceling means for releasing the usage restriction of the usage target.

In the present invention, the utilization control device can communicate only by short-range wireless communication and is separated from the network. Therefore, the usage control device is not attacked from the outside via a network such as the Internet. In addition, the usage permit used to lift the usage restrictions of the usage target verifies the second signature attached to this usage permit using the second public key included in the hall data. The validity of the hall data is proved by this, and further, the hall data is proved by verifying the first signature attached to the hall data by using the first public key. Further, the user terminal uses the third private key to generate a third signature for the nonce acquired from the usage control device, and the usage control device uses the third public key included in the usage permit. By verifying the third signature obtained from the user terminal using the above, the legitimacy of the user terminal as a source of the usage permit is proved. Therefore, according to the present invention, the security risk is reduced.

Further, in the present invention, the usage restriction of the usage target is released only when the conditions specified by the transaction information included in the usage permit are satisfied, and the usage restriction of the usage target is not released when the conditions are not satisfied. Therefore, by including conditions such as the usable period and the number of times of use in the transaction information, a usage permit that does not meet these conditions will be invalid even if its validity is proved, so it is a target for use. There is no need to have the user (user of the user terminal) return the usage permit. Therefore, according to the present invention, convenience is improved.

As described above, according to the present invention, in the usage management technology of the usage target whose use can be restricted by locking / unlocking, access control, or encryption / decryption, the security risk is reduced while improving the convenience. can do.

FIG. 1 is a schematic configuration diagram of a utilization management system according to an embodiment of the present invention. FIG. 2 is a sequence diagram showing an example of an object registration operation for registering the usage control device 1 in the management device 2 in the usage management system according to the embodiment of the present invention. FIG. 3 is a sequence diagram showing an example of a hall setting operation for setting hall data in the usage control device 1 in the usage management system according to the embodiment of the present invention. FIG. 4 is a sequence diagram showing an example of a transaction information registration operation for registering transaction information including conditions related to use of a usage target in the management device 2 in the usage management system according to the embodiment of the present invention. FIG. 5 is a sequence diagram showing an example of a usage permit issuing operation in which the management device 2 issues a usage permit to the user terminal 4 in the usage management system according to the embodiment of the present invention. FIG. 6 is a sequence diagram showing an example of a usage restriction releasing operation in which the usage control device 1 releases the usage restriction of the usage target in the usage management system according to the embodiment of the present invention. FIG. 7 is a schematic functional configuration diagram of the utilization control device 1. FIG. 8 is a flow chart for explaining the operation of the utilization control device 1. FIG. 9 is a schematic functional configuration diagram of the user terminal 4. FIG. 10 is a flow chart for explaining the operation of the user terminal 4. FIG. 11 is a schematic functional configuration diagram of the management device 2. FIG. 12 is a diagram schematically showing an example of registered contents of the user information storage unit 221. FIG. 13 is a diagram schematically showing an example of registered contents of the provider information storage unit 222. FIG. 14 is a diagram schematically showing an example of registered contents of the object data storage unit 223. FIG. 15 is a diagram schematically showing an example of registered contents of the hall data storage unit 224. FIG. 16 is a diagram schematically showing an example of registered contents of the transaction information storage unit 225. FIG. 17 is a flow chart for explaining the operation of the management device 2. FIG. 18 is a flow chart for explaining the object registration request process S405 shown in FIG. FIG. 19 is a flow chart for explaining the hole generation request process S406 shown in FIG. FIG. 20 is a flow chart for explaining the transaction request processing S409 shown in FIG. FIG. 21 is a flow chart for explaining the use permit request processing S410 shown in FIG.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

FIG. 1 is a schematic configuration diagram of a usage management system according to the present embodiment.

As shown in the figure, the usage management system according to the present embodiment includes a usage control device 1, a management device 2, a provider terminal 3, and a user terminal 4.

The use control device 1 is provided for each use target and can communicate only by short-range wireless communication 63 such as IrDA (Infrared Data Association) and Bluetooth (registered trademark), and is locked / unlocked based on a use permit. , Access control, or control the use of the usage target by encryption / decryption. Here, the target of use is the house 50, and the use of the house 50 is controlled by locking / unlocking the entrance / exit 51 of the house 50. The management device 2 manages the utilization control device 1. Further, the management device 2 transmits the hall data used for the verification of the usage permit to the provider terminal 3 and also transmits the usage permit to the user terminal 4 via the WAN (Wide Area Network) 60. The provider terminal 3 is provided for each provider and is connected to the WAN 60 via a wireless network 62 and a relay device 61 such as a wireless base station or an access point to receive hall data from the management device 2. Further, the provider terminal 3 transmits the hall data received from the management device 2 to the usage control device 1 by the short-range wireless communication 63. The user terminal 4 is provided for each user, is connected to the WAN 60 via the wireless network 62 and the relay device 61, and receives a usage permit from the management device 2. Further, the user terminal 4 transmits the usage permit received from the management device 2 to the usage control device 1 by the short-range wireless communication 63.

FIG. 2 is a sequence diagram showing an example of an object registration operation for registering the usage control device 1 in the management device 2 in the usage management system according to the present embodiment.

First, when the provider terminal 3 receives a login operation from the provider who provides the service to be used (house 50) (S100), the provider terminal 3 manages a login request accompanied by login information including the user ID and password of the provider. It is transmitted to 2 (S101). In response to this, the management device 2 executes the authentication process using the password included in the login request and the password managed in association with the user ID included in the login request (). S102). Then, if the authentication is successful, the login of the provider terminal 3 which is the transmission source of the login request is permitted, and the login permission notification is transmitted to the provider terminal 3 (S103).

Next, when the provider terminal 3 receives an object registration request operation including facility information including the property name, address, etc. of the house 50 to be used from the provider (S104), the object registration including the facility information of the house 50 is received. The request is transmitted to the management device 2 (S105). In response to this, the management device 2 issues an object ID assigned to the usage control device 1 used for usage control of the house 50 (locking / unlocking control of the entrance / exit 51), and also issues a first secret according to the public key cryptosystem. Generate a key / public key. Then, the object data including the object ID, the first private key / public key, and the facility information included in the object registration request is generated (S106). Then, the management device 2 registers and manages the generated object data in association with the user ID of the provider (S107). After that, the management device 2 transmits an object registration notification including the object ID and the first public key to the provider terminal 3 (S108).

When the provider terminal 3 receives an object setting operation from the provider in a state of approaching the usage control device 1 to a distance capable of short-range wireless communication 63 with the usage control device 1 (S109), the provider terminal 3 receives the object setting operation from the management device 2. The object registration notification is transmitted to the usage control device 1 by the short-range wireless communication 63 (S110). In response to this, the usage control device 1 sets the object ID and the first public key included in the object registration notification in the own device 1 (S111).

FIG. 3 is a sequence diagram showing an example of a hall setting operation for setting hall data in the usage control device 1 in the usage management system according to the present embodiment.

First, when the provider terminal 3 receives a login operation from the provider who provides the service to be used (house 50) (S120), the provider terminal 3 manages a login request accompanied by login information including the user ID and password of the provider. It is transmitted to 2 (S121). In response to this, the management device 2 executes the authentication process using the password included in the login request and the password managed in association with the user ID included in the login request (). S122). Then, if the authentication is successful, the login of the provider terminal 3 which is the transmission source of the login request is permitted, and the login permission notification is transmitted to the provider terminal 3 (S123).

When the provider terminal 3 receives the hole generation request operation including the designation of the object ID of the usage control device 1 from the provider (S124), the provider terminal 3 transmits the hole generation request including the object ID to the management device 2 (S125). In response to this, the management device 2 generates a common key according to the common key cryptosystem, and also generates a second private key / public key according to the public key cryptosystem. Then, the hall data including the object ID, the common key, and the second public key is generated (S126). Then, the management device 2 registers and manages the hall data together with the second private key (S127). Further, the management device 2 identifies the object data including the object ID specified in the hole generation request operation from the object data managed by itself, and obtains the first private key included in the object data. It is used to generate a first signature on the hall data (S128). After that, the management device 2 transmits the generated hall data and the first signature to the provider terminal 3 (S129).

Next, when the provider terminal 3 receives the hall setting operation from the provider in a state where the provider terminal 3 is close to the usage control device 1 to a distance capable of short-range wireless communication with the usage control device 1 (S130), the management device 2 starts. The received hall data and the first signature are transmitted to the utilization control device 1 by the short-range wireless communication 63 (S131). In response to this, the usage control device 1 uses the hall data received from the provider terminal 3 and the first public key set in itself to give the first signature received from the provider terminal 3. Verify (S132). Then, if the signature verification is successful, the hall data is set in the own device 1 (S133).

FIG. 4 is a sequence diagram showing an example of a transaction information registration operation for registering transaction information including conditions related to the use of the usage target (house 50) in the management device 2 in the usage management system according to the present embodiment.

First, when the user terminal 4 receives a login operation from a user who enjoys the service of the user target (house 50) (S140), the user terminal 4 manages a login request accompanied by login information including the user ID and password of the user. It is transmitted to 2 (S141). In response to this, the management device 2 executes the authentication process using the password included in the login request and the password managed in association with the user ID included in the login request (). S142). Then, if the authentication is successful, the login of the user terminal 4 which is the transmission source of the login request is permitted, and the login permission notification is transmitted to the user terminal 4 (S143).

Next, the user terminal 4 uses the user ID of the provider who provides the usage service of the usage target (house 50) desired by the user, the object ID of the usage control device 1 installed in the usage target, and the user ID. When a transaction request operation accompanied by designation of desired information (use desired start / end time, number of times of use, etc.) regarding the use of the target of use is received from the user (S144), these specified information (provider user ID) is received. , The object ID, and the desired information regarding the use of the usage target) are transmitted to the management device 2 (S145).

In response to this, the management device 2 confirms the transaction content based on the information included in the transaction request (S146). Specifically, it is confirmed that the object data having the object ID included in the transaction request is included in the object data managed in association with the user ID of the provider included in the transaction request. By doing so, it is confirmed that the user can provide the desired service. Then, the management device 2 generates a transaction approval / disapproval inquiry including the object ID included in the transaction request and desired information regarding the use of the usage target, and uses this transaction approval / disapproval inquiry as the user of the provider included in the transaction request. It is transmitted to the provider terminal 3 specified by the address information managed in association with the ID (S147).

When the provider terminal 3 receives the transaction approval / disapproval inquiry from the management device 2, the provider terminal 3 displays the object ID included in the transaction approval / disapproval inquiry and the desired information regarding the use of the usage target, and confirms the transaction approval / disapproval with the provider. Then, when the transaction permission operation for permitting the transaction from the provider (providing the user with the usage service of the usage target whose use is restricted by the usage control device 1 specified by the object ID) is accepted (S148), As a reply to the transaction approval / disapproval inquiry, a transaction permission response is transmitted to the management device 2 (S149).

In response to this, the management device 2 determines that the transaction has been completed and issues a transaction ID, and the transaction ID, the user ID of the user, and the information included in the transaction request (user ID of the provider, object). The time when the license can be obtained (for example, 24 hours before the desired start time), which is determined based on the ID and the desired information regarding the use of the target, and the desired start time of the use included in the desired information. ), And generate transaction information including (S150). Next, the management device 2 registers and manages the generated transaction information (S151). Then, the management device 2 transmits a transaction establishment notification including the transaction information to the user terminal 4 (S152), and displays the transaction information on the user terminal 4.

FIG. 5 is a sequence diagram showing an example of a usage permit issuing operation in which the management device 2 issues a usage permit to the user terminal 4 in the usage management system according to the present embodiment.

It is assumed that the time when the user terminal 4 can obtain the usage permit of the transaction information included in the transaction establishment notification received from the management device 2 has passed for the usage target desired by the user (S160).

When the user terminal 4 receives a login operation from a user who has recognized the elapse of the usage permit acquisition time (S161), the user terminal 4 transmits a login request including login information including the user ID and password of the user to the management device 2. (S162). In response to this, the management device 2 executes the authentication process using the password included in the login request and the password managed in association with the user ID included in the login request (). S163). Then, if the authentication is successful, the login of the user terminal 4 which is the transmission source of the login request is permitted, and the login permission notification is transmitted to the user terminal 4 (S164).

Next, when the user terminal 4 receives the use permit request operation including the designation of the transaction ID included in the transaction information from the user (S165), the user terminal 4 receives the use permit request including the transaction ID from the management device 2. (S166).

In response to this, the management device 2 identifies the transaction information having the transaction ID included in the usage permit request from the managed transaction information, and based on this transaction information, the usage permit Confirm that the issuance conditions are satisfied (S167). Specifically, the user ID of the user of the user terminal 4 matches the user ID of the user included in the transaction information, and the time when the usage permit can be obtained included in the transaction information has elapsed. Make sure that you are.

Then, the management device 2 identifies the user information associated with the user ID of the user from the managed user information, and converts the managed hall data into transaction information. Identify the hall data that has the included object ID. Then, the transaction information is encrypted using the common key of the specified hall data, and the encrypted transaction information and the third public key included in the specified user information (user terminal 4 is secret). A usage permit including the third private key and the public key paired with the third private key held in (S168) is issued.

Next, the management device 2 generates a second signature for the usage permit using the second private key that is managed in association with the specified hall data (S169). After that, the management device 2 transmits the usage permit and the second signature to the user terminal 4 (S170).

FIG. 6 is a sequence diagram showing an example of a usage restriction releasing operation in which the usage control device 1 releases the usage restriction of the usage target in the usage management system according to the present embodiment.

Regarding the target of use desired by the user In the transaction information included in the transaction completion notification received from the management device 2 by the user terminal 4, the desired start time of use included in the desired information regarding the use of the target of use has passed. (S180).

The user terminal 4 is in a state of approaching the usage control device 1 to a distance capable of short-range wireless communication 63 with the usage control device 1 installed in the usage target (house 50) for which the user wishes to provide the usage service. When the usage operation is accepted from the user who recognizes that the current date and time is within the period specified by the desired start / end time of the usage included in the desired information regarding the use of the transaction information (S181), the management device 2 The usage permit and the second signature received from the above are transmitted to the usage control device 1 by the short-range wireless communication 63 (S182).

In response to this, the utilization control device 1 generates a nonce (Number Used None) (S183), and transmits the generated nonce to the user terminal 4 by the short-range wireless communication 63 (S184). When the user terminal 4 receives the nonce from the usage control device 1, it generates a third signature for this nonce using the third secret key held secretly (S185), and the generated third signature is generated. Is transmitted to the utilization control device 1 by the short-range wireless communication 63 (S186).

Next, the usage control device 1 uses the usage permit received from the user terminal 4 and the second public key included in the hall data set in the own device 1 to be used in the user terminal 4. The third signature received from the user terminal 4 is verified, and the nonce sent to the user terminal 4 and the third public key included in the usage permit are used to verify the second signature received from the user terminal 4. Verify the signature (S187). Then, if both the verification of the second and third signatures are successful, the encrypted transaction information included in the usage permit is decrypted using the common key included in the hall data (S188). ).

Next, the usage control device 1 confirms that the condition specified by the desired information regarding the usage of the usage target included in the decrypted transaction information is satisfied (S189). Specifically, it is confirmed that the current date and time is within the period specified by the desired start / end time of use included in the desired information regarding the use of the target of use. In addition, it is confirmed that the number of times of use managed in association with the transaction ID of the transaction information is less than the number of times of use included in the desired information regarding the use of the use target. When it can be confirmed that the usage control device 1 satisfies the conditions specified by the desired information regarding the usage of the usage target, the usage control device 1 releases the usage restriction of the usage target (S190). Here, the auto-lock device at the entrance / exit 51 of the house 50 to be used is unlocked.

After that, the usage control device 1 transmits a usage restriction release notification to the user terminal 4 by short-range wireless communication 63 (S191). Then, the number of uses managed in association with the transaction ID of the transaction information is incremented by one (S192). Here, if the number of uses is not managed in association with the transaction ID of the transaction information, the number of uses "1" is associated with the transaction ID of the transaction information and managed.

Next, the details of the usage control device 1, the user terminal 4, and the management device 2 that constitute the usage management system according to the present embodiment will be described. As the provider terminal 3, an existing network terminal having a short-range wireless communication function such as a smart phone or a tablet PC (Personal Computer) can be used, and thus detailed description thereof will be omitted.

First, the details of the utilization control device 1 will be described.

FIG. 7 is a schematic functional configuration diagram of the utilization control device 1.

As shown in the figure, the usage control device 1 includes a short-range wireless communication unit 10, a setting information storage unit 11, an object setting unit 12, a hall setting unit 13, a signature acquisition unit 14, and a usage restriction release unit 15. A signature verification unit 16 and a decryption unit 17 are provided.

The short-range wireless communication unit 10 communicates with the provider terminal 3 and the user terminal 4 by short-range wireless communication 63 such as IrDA and Bluetooth (registered trademark).

The setting information storage unit 11 stores setting information such as an object ID, a first public key, and hall data. In addition, judgment information used for judging whether or not the conditions related to the use of the usage target such as the number of times of use are satisfied is stored.

The object setting unit 12 stores the object ID and the first public key acquired from the provider terminal 3 in the setting information storage unit 11 as setting information.

When the verification of the first signature acquired together with the hall data from the provider terminal 3 is established, the hall setting unit 13 stores the hall data as setting information in the setting information storage unit 11.

The signature acquisition unit 14 transmits a nonce to the user terminal 4 according to the instruction of the usage restriction release unit 15, and acquires a third signature for this nonce from the user terminal 4.

The usage restriction release unit 15 verifies the second signature acquired from the user terminal 4 together with the usage permit, and the signature acquisition unit 14 verifies the third signature acquired from the user terminal 4. And, if the conditions specified by the desired information regarding the use of the usage target included in the transaction information of the usage permit are satisfied, the usage restriction of the usage target is lifted. In the present embodiment, an unlocking command is output to the auto-lock device at the entrance / exit 51 of the house 50. Further, the usage restriction release unit 15 registers / updates determination information such as the number of times of use in the setting information storage unit 11.

The signature verification unit 16 verifies the first signature on the hall data by using the first public key stored in the setting information storage unit 11 according to the instruction of the hall setting unit 13. Further, the signature verification unit 16 uses the second public key included in the hall data stored in the setting information storage unit 11 in accordance with the instruction of the usage restriction release unit 15, and uses the second public key for the usage permit. In addition to verifying the signature of, the third public key included in the license is used to verify the third signature on the nonce.

The decryption unit 17 was encrypted using the common key included in the hall data stored in the setting information storage unit 11 in accordance with the instruction of the usage restriction release unit 15. Decrypt transaction information.

The schematic functional configuration of the utilization control device 1 shown in FIG. 7 may be realized by hardware such as an integrated logic IC such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array), or a DSP. It may be realized by software by a computer such as (Digital Signal Processor). Alternatively, in a general-purpose computer including a CPU, a memory, an auxiliary storage device such as a flash memory and a hard disk drive, and a short-range wireless communication device such as an IrDA communication device and a Bluetooth (registered trademark) communication device, a CPU is specified. The program may be realized by loading the program from the auxiliary storage device into the memory and executing the program.

FIG. 8 is a flow chart for explaining the operation of the utilization control device 1.

When the object setting unit 12 receives the object registration notification from the provider terminal 3 via the short-range wireless communication unit 10 (YES in S200), the object setting unit 12 sets the object ID and the first public key included in the object registration notification. It is stored in the setting information storage unit 11 as the setting information (S201).

Further, when the hall setting unit 13 receives the hall data and the first signature from the provider terminal 3 via the short-range wireless communication unit 10 (YES in S202), the signature verification unit 16 is notified of the hall data and the first signature. Pass the signature of and request the verification of the first signature. In response to this, the signature verification unit 16 verifies the first signature on the hall data using the first public key stored in the setting information storage unit 11 (S203). Specifically, the first signature is decrypted using the first public key, and it is determined whether or not the decrypted information matches the hall data or its message digest (hash value). Verify the validity of your signature. Then, the signature verification unit 16 notifies the hall setting unit 13 of the verification result of the first signature.

In response to this, if the hall setting unit 13 succeeds in verifying the first signature and can prove the validity of the first signature (YES in S204), the hall setting unit 13 uses this hall data as setting information, such as setting information. It is stored in the storage unit 11 (S205). On the other hand, if the verification of the first signature fails and the validity of the first signature cannot be proved (NO in S204), the hall setting unit 13 is the provider terminal via the short-range wireless communication unit 10. Performs predetermined error processing such as sending an error message to No. 3 (S206).

Further, when the use restriction release unit 15 receives the use permit and the second signature from the user terminal 4 via the short-range wireless communication unit 10 (YES in S207), the signature acquisition unit 14 acquires the third signature. To instruct. In response to this, the signature acquisition unit 14 generates a nonce and transmits this nonce to the user terminal 4 via the short-range wireless communication unit 10. Then, a third signature for this nonce is obtained from the short-range wireless communication unit 10, and the third signature is passed to the usage restriction release unit 15 together with the nonce (S208).

Next, the usage restriction release unit 15 passes the usage permit and the second signature, and the nonce and the third signature to the signature verification unit 16 to instruct the verification of the second and third signatures. In response to this, the signature verification unit 16 verifies the second signature on the usage permit by using the second public key included in the hall data stored in the setting information storage unit 11. , The third public key included in the license is used to verify the third signature on the nonce (S209). Specifically, the second signature is decrypted using the second public key, and it is determined whether or not the decrypted information matches the usage permit or the message digest of the second signature. Verify legitimacy. In addition, the validity of the third signature is verified by decrypting the third signature using the third public key and determining whether or not the decrypted information matches the nonce or its message digest. ..

Next, the signature verification unit 16 notifies the usage restriction release unit 15 of the verification results of the second and third signatures.

If the verification of at least one of the second and third signatures fails and the validity of both cannot be proved (NO in S210), the usage restriction release unit 15 receives the short-range wireless communication unit. Performs predetermined error processing such as transmitting an error message to the user terminal 4 via 10 (S215).

On the other hand, if both the second and third signatures are successfully verified and the validity of both can be proved (YES in S210), the usage restriction release unit 15 is included in the decryption unit 17 in the usage permit. Pass the encrypted transaction information that has been encrypted and instruct the decryption.

Next, when the decryption unit 17 receives the encrypted transaction information together with the decryption instruction from the usage restriction release unit 15, the encrypted transaction information is stored in the setting information storage unit 11. Decryption is performed using the common key included in the hall data (S211). Then, the decrypted transaction information is passed to the usage restriction release unit 15.

In response to this, the usage restriction release unit 15 determines whether or not the conditions specified by the desired information regarding the use of the usage target included in the decrypted transaction information are satisfied (S212). Specifically, it is determined whether or not the current date and time is within the period specified by the desired start / end time of use included in the desired information regarding the use of the target of use. Further, whether or not the number of times of use included in the determination information stored in the setting information storage unit 11 linked to the transaction ID of the transaction information is less than the number of times of use included in the desired information regarding the use of the target of use. To judge. If the number of times of use stored in the setting information storage unit 11 in association with the transaction ID of the transaction information does not exist, the number of times of use is determined to be "0".

Next, if the usage restriction release unit 15 determines that the conditions specified by the desired information regarding the use of the usage target included in the transaction information are satisfied (YES in S212), the usage restriction of the usage target is restricted. Is released (S213). In the present embodiment, an unlocking command is output to the auto-lock device at the entrance / exit 51 of the house 50. Further, the usage restriction release unit 15 updates (increments) the number of times of use stored in the setting information storage unit 11 in association with the transaction ID of the transaction information (S214). Here, if the number of times of use is not registered in the setting information storage unit 11 linked to the transaction ID of the transaction information, the number of times of use "1" is linked to the transaction ID of the transaction information and the setting information storage unit Register in 11.

On the other hand, if the usage restriction release unit 15 determines that the conditions specified by the desired information regarding the use of the usage target included in the transaction information are not satisfied (NO in S212), the short-range wireless communication unit 10 Performs predetermined error processing such as transmitting an error notification to the user terminal 4 via (S215).

Next, the details of the user terminal 4 will be described.

FIG. 9 is a schematic functional configuration diagram of the user terminal 4.

As shown in the figure, the user terminal 4 includes a wireless network interface unit 40, a short-range wireless communication unit 41, a man-machine interface unit 42, a storage unit 43, a login request unit 44, and a transaction request unit 45. It includes a usage permit requesting unit 46, a usage permit transmitting unit 47, and a nonce processing unit 48.

The wireless network interface unit 40 is an interface for connecting to the WAN 60 via the wireless network 62 and the relay device 61.

The short-range wireless communication unit 41 communicates with the utilization control device 1 by short-range wireless communication 63 such as IrDA and Bluetooth (registered trademark).

The man-machine interface unit 42 is an interface for presenting information to the user and receiving various operations from the user, and has, for example, a touch panel display.

The storage unit 43 includes a login information storage unit 430, a key information storage unit 431, and a usage permit storage unit 432.

The login information storage unit 430 stores login information for the user terminal 4 to log in to the management device 2, including the user ID and password of the user.

The key information storage unit 431 stores a third private key used to generate a third signature for the nonce received from the usage control device 1.

The use permit storage unit 432 stores the use permit and the second signature obtained from the management device 2.

The login request unit 44 transmits a login request including the login information stored in the login information storage unit 430 to the management device 2 according to the login operation received from the user via the man-machine interface unit 42, and the management device. Log in to 2.

The transaction request unit 45 follows the transaction request operation received from the user via the man-machine interface unit 42 while logged in to the management device 2, and the user ID of the provider received from the user in this transaction request operation. , The object ID, and the transaction request including the desired information regarding the use of the object to be used are transmitted to the management device 2, and the transaction information including the transaction ID is acquired from the management device 2. Then, this transaction information is displayed on the man-machine interface unit 42.

The usage permit requesting unit 46 receives from the user in this usage permit requesting operation according to the usage permit requesting operation received from the user via the man-machine interface unit 42 while logged in to the management device 2. The usage permit request including the transaction ID is transmitted to the management device 2, and the usage permit is obtained from the management device 2 together with the second signature. Then, the usage permit and the second signature are stored in the usage permit storage unit 432.

The usage permit transmitting unit 47 sends the usage permit and the second signature stored in the usage permit storage unit 432 to the usage control device 1 according to the usage operation received from the user via the man-machine interface unit 42. Send.

The nonce processing unit 48 uses the third public key stored in the key information storage unit 431 to generate a third signature for the nonce received from the usage control device 1, and uses the generated third signature. It is transmitted to the control device 1.

The schematic functional configuration of the user terminal 4 shown in FIG. 7 may be realized by hardware such as an integrated logic IC such as ASIC or FPGA, or by software by a computer such as DSP. It may be. Alternatively, in a network terminal such as a smartphone or tablet PC equipped with a CPU, a memory, an auxiliary storage device such as a flash memory, and a short-range wireless communication device such as an IrDA communication device and a Bluetooth (registered trademark) communication device. , The CPU may be realized by loading a predetermined program from the auxiliary storage device into the memory and executing the program.

FIG. 10 is a flow chart for explaining the operation of the user terminal 4.

When the login request unit 44 receives a login operation from the user via the man-machine interface unit 42 (YES in S300), the login request unit 44 sends a login request including the login information stored in the login information storage unit 430 to the wireless network interface unit. It is transmitted to the management device 2 via 40 (S301). Then, when the login permission notification is received from the management device 2 (YES in S302), the own terminal 4 is logged in to the management device 2 (S303). On the other hand, when the login refusal notification is received from the management device 2 (NO in S302), the login request unit 44 performs predetermined error processing such as outputting a message to the effect that the login is refused to the man-machine interface unit 42. (S304).

Further, when the own terminal 4 is logged in to the management device 2, the transaction request unit 45 provides the user ID of the provider who provides the desired usage service from the user via the man-machine interface unit 42. When the transaction request operation accompanied by the designation of the object ID of the usage control device 1 installed in the usage target and the desired information (use desired start / end time, usage count, etc.) regarding the usage of the usage target is accepted (in S305). YES), a transaction request including the information specified in the transaction request operation (user ID of the provider, object ID, and desired information regarding the use of the usage target) is transmitted to the management device 2 via the wireless network interface unit 40. (S306). Then, when the transaction completion notification is received from the management device 2 (YES in S307), the transaction information included in the transaction completion notification is displayed on the man-machine interface unit 42 (S308). On the other hand, when the transaction failure notification is received from the management device 2 (NO in S307), the transaction request unit 45 performs predetermined error processing such as outputting a message to the effect that the transaction has not been completed to the man-machine interface unit 42. Carry out (S309).

Further, when the own terminal 4 is logged in to the management device 2, the usage permit requesting unit 46 receives a usage permit request operation accompanied by a transaction ID designation from the user via the man-machine interface unit 42. (YES in S310), the license request including the transaction ID specified in the license request operation is transmitted to the management device 2 via the wireless network interface unit 40 (S311). Then, when the usage permit is received from the management device 2 together with the second signature (YES in S312), the usage permit and the second signature are stored in the usage permit storage unit 432 (S313). On the other hand, when the issuance refusal notification is received from the management device 2 (NO in S312), the use permit requesting unit 46 outputs a message to the effect that the issuance of the use permit is refused to the man-machine interface unit 42. Performs predetermined error processing (S314).

Further, when the usage permit transmitting unit 47 receives a usage operation from the user via the man-machine interface unit 42 in a state where the short-range wireless communication unit 41 can communicate with the usage control device 1 (YES in S315), The usage permit and the second signature are read from the usage permit storage unit 432, and the usage permit and the second signature are transmitted to the usage control device 1 by the short-range wireless communication unit 41 (S316). Then, when the nonce processing unit 48 receives the nonce from the utilization control device 1 via the short-range wireless communication unit 41 (S317), the nonce processing unit 48 uses the third private key stored in the key information storage unit 431 to perform this nonce processing unit 48. A third signature for the nonce is generated, and the third signature is transmitted to the utilization control device 1 via the short-range wireless communication unit 41 (S318). After that, the nonce processing unit 48 receives a notification (usage restriction release notification or error notification) from the usage control device 1 via the short-range wireless communication unit 41, and outputs this notification to the man-machine interface unit 42 (S319). ).

Next, the details of the management device 2 will be described.

FIG. 11 is a schematic functional configuration diagram of the management device 2.

As shown in the figure, the management device 2 includes a WAN interface unit 200, a storage unit 201, a user management unit 202, an object management unit 203, a hall management unit 204, a transaction management unit 205, and a login processing unit 206. The object registration request processing unit 207, the hole generation request processing unit 208, the transaction approval / rejection inquiry unit 209, the transaction request processing unit 210, and the usage permit request processing unit 211 are provided.

The WAN interface unit 200 is an interface for connecting to the WAN 60.

The storage unit 201 includes a user information storage unit 221, a provider information storage unit 222, an object data storage unit 223, a hall data storage unit 224, and a transaction information storage unit 225.

User information is stored in the user information storage unit 221 for each user.

FIG. 12 is a diagram schematically showing an example of registered contents of the user information storage unit 221.

As shown in the figure, the user information storage unit 221 stores a user information record 2210 for each user. The user information record 2210 includes a field 2211 for registering the user ID of the user, a field 2212 for registering the password of the user, a field 2213 for registering the address information on WAN60 of the user terminal 4, and the user. It has a field 2214 for registering personal information such as name, address, and contact information, and a field 2215 for registering a third public key paired with a third private key secretly held by the user terminal 4. ..

The provider information storage unit 222 stores the provider information for each provider.

FIG. 13 is a diagram schematically showing an example of registered contents of the provider information storage unit 222.

As shown in the figure, the provider information storage unit 222 stores a record 2220 of provider information for each provider. The provider information record 2220 includes a field 2221 for registering the user ID of the provider, a field 2222 for registering the password of the provider, a field 2223 for registering the address information on WAN60 of the provider terminal 3, and the provider. It has a field 2224 for registering personal information such as name, address, and contact information.

Object data is stored in the object data storage unit 223 for each usage control device 1.

FIG. 14 is a diagram schematically showing an example of registered contents of the object data storage unit 223.

As shown in the figure, the object data storage unit 223 stores the object data record 2230 for each usage control device 1. The object data record 2230 includes a field 2231 for registering an object ID which is an identifier, a field 2232 for registering a first public key, a field 2233 for registering a first private key, and a house 50 to be used. It has a field 2234 for registering facility information including a property name, an address, etc., and a field 2235 for registering a user ID of a provider who provides the usage service to be used.

Information including hall data is stored in the hall data storage unit 224 for each utilization control device 1.

FIG. 15 is a diagram schematically showing an example of registered contents of the hall data storage unit 224.

As shown in the figure, the hall data storage unit 224 stores a hall data record 2240 for each utilization control device 1. The hall data record 2240 has a field 2241 for registering a hall ID which is an identifier, a field 2242 for registering a second public key, a field 2243 for registering a second private key, and a field 2244 for registering a common key. And a field 2245 for registering the object ID assigned to the utilization control device 1 in which the hall data is set. Here, the second public key, the common key, and the object ID registered in the fields 2242, 2244, and 2245 constitute the hall data set in the usage control device 1.

The transaction information storage unit 225 stores transaction information for each transaction of the service to be used, which is established between the provider and the user.

FIG. 16 is a diagram schematically showing an example of registered contents of the transaction information storage unit 225.

As shown in the figure, the transaction information storage unit 225 stores a record 2250 of transaction information for each transaction of the service used. The transaction information record 2250 has a field 2256 for registering a transaction ID which is an identifier, a field 2251 for registering an object ID assigned to the usage control device 1 installed in the usage target to be the transaction target of the usage service, and the usage. A field 2252 for registering the user ID of the user, a field 2253 for registering the user ID of the provider, and a field 2254 for registering desired information regarding the use of the target user, including the desired start / end time and the number of times of use. It has a field 2255 for registering a usage permit acquisition time at which the permit can be acquired.

The user management unit 202 manages the user information by using the user information storage unit 221 and manages the provider information by using the provider information storage unit 222.

The object management unit 203 manages the object data by using the object data storage unit 223.

The hall management unit 204 manages the hall data by using the hall data storage unit 224.

The transaction management unit 205 manages transaction information using the transaction information storage unit 225.

The login processing unit 206 processes the login request received from the provider terminal 3 and the user terminal 4 in cooperation with the user management unit 202.

The object registration request processing unit 207 processes the object registration request received from the provider terminal 3 in cooperation with the object management unit 203.

The hall generation request processing unit 208 cooperates with the object management unit 203 and the hall management unit 204 to process the hall generation request received from the provider terminal 3.

The transaction approval / disapproval inquiry unit 209 inquires the provider terminal 3 of the transaction approval / disapproval of the service to be used in accordance with the instruction of the transaction request processing unit 210.

The transaction request processing unit 210 processes the transaction request received from the user terminal 4 in cooperation with the transaction management unit 205 and the transaction approval / disapproval inquiry unit 209.

Then, the use permit request processing unit 211 processes the use permit request received from the user terminal 4 in cooperation with the hall management unit 204 and the transaction management unit 205.

The schematic functional configuration of the management device 2 shown in FIG. 11 may be realized by hardware such as an integrated logic IC such as ASIC or FPGA, or may be realized by software by a computer such as DSP. Good. Alternatively, in a general-purpose computer including a CPU, a memory, an auxiliary storage device such as a flash memory and a hard disk drive, and a communication device such as an NIC (Network Interface Card), the CPU stores a predetermined program from the auxiliary storage device. It may be realized by loading it on the top and executing it. Further, it may be realized on a distributed system consisting of cooperation of a plurality of general-purpose computers.

FIG. 17 is a flow chart for explaining the operation of the management device 2.

This flow is started when the WAN interface unit 200 receives a login request from the provider terminal 3 or the user terminal 4 via the WAN 60.

First, the WAN interface unit 200 notifies the login processing unit 206 of the received login request. In response to this, the login processing unit 206 executes the authentication process (S400).

Specifically, when a login request is received from the provider terminal 3, the user management unit 202 is notified of the password search including the designation of the provider's user ID included in the login request. In response to this, the user management unit 202 searches the record 2220 from the provider information storage unit 222 using the user ID of the provider designated by the login processing unit 206 as a key. Then, if the corresponding record 2220 can be detected, the password registered in the record 2220 is notified to the login processing unit 206, and if the corresponding record 2220 cannot be detected, it means that the corresponding record does not exist. Notify the login processing unit 206. On the other hand, when a login request is received from the user terminal 4, the user management unit 202 is notified of the password search including the designation of the user ID of the user included in the login request. In response to this, the user management unit 202 searches the record 2210 from the user information storage unit 221 using the user ID of the user designated by the login processing unit 206 as a key. Then, if the corresponding record 2210 can be detected, the password registered in the record 2210 is notified to the login processing unit 206, and if the corresponding record 2210 cannot be detected, it means that the corresponding record does not exist. Notify the login processing unit 206. The login processing unit 206 permits login if the password received from the user management unit 202 and the password included in the received login request match (authentication is established), and if they do not match, or the user management unit. If 202 notifies that the corresponding record does not exist, login is refused (authentication fails).

If the authentication is not established (NO in S401), the login processing unit 206 performs predetermined error processing such as sending an error message to the source of the login request via the WAN interface unit 200 (S411). On the other hand, when the authentication is established (YES in S401), the login processing unit 206 sends a login permission notification to the login request sender via the WAN interface unit 200, and manages the login status of the login request sender. If the source of the login request is the provider terminal 3 (“provider” in S402), the process proceeds to S403, and if the source of the login request is the user terminal 4 (“user” in S402), the process proceeds to S407. ..

In S403, the WAN interface unit 200 waits for a request to be sent from the provider terminal 3 of the destination of the login permission notification. If the request received from the provider terminal 3 is an object registration request (“object registration request” in S404), the provider including this object registration request in the login request received from the provider terminal 3 is included. If the object registration request processing unit 207 is notified together with the user ID of the above, the object registration request processing described later is executed (S405), and if it is a hole generation request (“hole generation request” in S404), this hole generation request is sent to this hole generation request. The hall generation request processing unit 208 is notified together with the user ID of the provider included in the login request received from the provider terminal 3, and the hall generation request processing described later is executed (S406).

Further, in S407, the WAN interface unit 200 waits for a request to be sent from the user terminal 4 of the destination of the login permission notification. If the request received from the user terminal 4 is a transaction request (“transaction request” in S408), the user ID of the user included in the login request received from the user terminal 4 is included in the transaction request. At the same time, the transaction request processing unit 210 is notified to perform the transaction request processing described later (S409), and if it is a usage permit request (“use permit request” in S408), this user permit request is sent to this user. The user ID of the user included in the login request received from the terminal 4 is notified to the usage permit request processing unit 211, and the usage permit request processing described later is performed (S410).

FIG. 18 is a flow chart for explaining the object registration request process S405 shown in FIG.

First, the object registration request processing unit 207 issues an object ID (S4050) and generates a first private key / public key according to a public key cryptosystem (S4051). Then, object data including the object ID, the first private key / public key, and the facility information included in the object registration request is generated, and this object data is sent to the object management unit 203 together with the user ID of the provider. Notify and instruct to manage object data.

In response to this, the object management unit 203 adds the object data record 2230 to the object data storage unit 223, and adds the object data (object ID, first public key, first private key, etc.) to the record 2230. (Facility information) is linked to the user ID of the provider and registered (S4052). Then, the object management unit 203 notifies the object registration request processing unit 207 of the object ID and the first public key.

Next, the object registration request processing unit 207 generates an object registration notification including the object ID and the first public key notified by the object management unit 203, and this object registration notification is the source of the object registration request. It is transmitted to the provider terminal 3 (S4053).

FIG. 19 is a flow chart for explaining the hole generation request process S406 shown in FIG.

First, the hole generation request processing unit 208 issues a hole ID (S4060). Further, a second private key / public key is generated according to the public key cryptosystem (S4061), and a common key is generated according to the common key cryptosystem (S4062).

Next, the hole generation request processing unit 208 generates hole data including the object ID, the second public key, and the common key included in the hole generation request, and uses the hole data as the hole ID and the second public key. Notify the hall management unit 204 together with the private key and instruct the management of the hall data. In response to this, the hall management unit 204 adds the hall data record 2240 to the hall data storage unit 224, and adds the hall data (object ID, second public key, common key) to the hall data 2240. Register with the second private key (S4063).

Next, the hole generation request processing unit 208 notifies the object management unit 203 of the object ID included in the hole generation request, and instructs the object management unit 203 to search for the first private key. In response to this, the object management unit 203 searches the object data record 2230 from the object data storage unit 223 using the object ID as a key, and requests to generate a hole for the first private key included in the record 2230. Notify the processing unit 208. Then, the hall generation request processing unit 208 uses the first private key notified from the object management unit 203 to generate a first signature for the hall data (S4064).

Then, the hall generation request processing unit 208 transmits the hall data together with the first signature to the provider terminal 3 which is the transmission source of the hall generation request (S4065).

FIG. 20 is a flow chart for explaining the transaction request processing S409 shown in FIG.

First, the transaction request processing unit 210 notifies the user management unit 202 of the user ID of the provider included in the transaction request, and instructs the user management unit 202 to specify the provider terminal 3 of the provider to be the transaction partner. In response to this, the user management unit 202 searches the provider information storage unit 222 for the provider record 2220 using the user ID of the provider as a key. Then, the address information of the provider terminal 3 included in the detected record 2220 is notified to the transaction request processing unit 210 (S4090).

Next, the transaction request processing unit 210 sends the object ID of the usage control device 1 included in the transaction request and the desired information regarding the use of the usage target together with the address information notified from the user management unit 202 to the transaction approval / rejection inquiry unit 209. To instruct the inquiry of transaction approval or disapproval. In response to this, the transaction approval / disapproval inquiry unit 209 generates a transaction approval / disapproval inquiry including the object ID of the usage control device 1 and desired information regarding the use of the usage target, and notifies the user management unit 202 via the WAN interface unit 200. This transaction approval / disapproval inquiry is transmitted to the provider terminal 3 specified by the provided address information (S4091). Then, when the response to the transaction approval / disapproval inquiry is received from the provider terminal 3 (YES in S4092), the received response is notified to the transaction request processing unit 210.

When the response to the transaction approval / disapproval inquiry is a transaction refusal response (NO in S4093), the transaction request processing unit 210 transmits an error message to the user terminal 4 which is the source of the transaction request via the WAN interface unit 200, etc. (S4097).

On the other hand, when the response to the transaction approval / disapproval inquiry is the transaction permission response (YES in S4093), the transaction request processing unit 210 determines that the transaction has been completed, issues the transaction ID, and is the object of use included in the transaction request. The time when the license can be obtained is determined based on the desired start time of the desired information regarding the use (S4094). For example, the time when the license can be obtained is determined 24 hours before the desired start time.

Then, the transaction request processing unit 210 acquires the transaction ID, the user ID of the user, the user ID of the provider included in the transaction request, the object ID, the desired information regarding the use of the usage target, and the usage permit. Generate transaction information including possible times. Then, the transaction management unit 205 is instructed to manage the generated transaction information. In response to this, the transaction management unit 205 adds the transaction information record 2250 to the transaction information storage unit 225, and the transaction information (transaction ID, object ID, user user ID, provider user) is added to the record 2250. Register the ID, desired information regarding the use of the usage target, and the time when the usage permit can be obtained) (S4095).

Next, the transaction request processing unit 210 transmits a transaction completion notification including the transaction information to the user terminal 4 which is the transmission source of the transaction request (S4096).

FIG. 21 is a flow chart for explaining the use permit request processing S410 shown in FIG.

First, the use permit request processing unit 211 notifies the transaction management unit 205 of the transaction ID included in the use permit request, and instructs the transaction management unit 205 to search the transaction information. In response to this, the transaction management unit 205 searches the transaction information record 2250 from the transaction information storage unit 225 using the transaction ID as a key. Then, the transaction information registered in the record 2250 is notified to the usage permit request processing unit 211 (S4100).

Next, in the usage permit request processing unit 211, the user ID of the user included in the transaction information notified from the transaction management unit 205 is the user of the user terminal 4 from which the usage permit request is sent. Confirm that it is the user ID (user ID of the user notified from the login processing unit 206), and the current time has passed the time when the usage permit can be obtained included in this transaction information. Is confirmed (S4101).

If the user ID of the user included in the transaction information is not the user ID of the user of the user terminal 4 that is the sender of the usage permit request, or the current time is included in the transaction information. If it is before the time when the permit can be obtained (NO in S4101), the usage permit request processing unit 211 sends an error message to the user terminal 4 which is the transmission source of the usage permit request via the WAN interface unit 200. Performs predetermined error processing such as transmission (S4108).

On the other hand, the user ID of the user included in the transaction information is the user ID of the user of the user terminal 4 that is the sender of the usage permit request, and the current time is included in the transaction information. When the available usage permit acquisition time has passed (YES in S4101), the usage permit request processing unit 211 notifies the hall management unit 204 of the object ID included in the specified transaction information, and then notifies the hall management unit 204 of the object ID. Instructs the search for the common key and the second private key. In response to this, the hall management unit 204 searches the hall data storage unit 224 for the hall data record 2240 using the object ID as a key. Then, the common key and the second private key included in the detected record 2240 are notified to the usage permit request processing unit 211 (S4102).

Further, the usage permit request processing unit 211 notifies the user management unit 202 of the user ID of the user included in the specified transaction information, and instructs the user management unit 202 to search for the third public key. In response to this, the user management unit 202 searches the user information storage unit 221 for the user information record 2210 using the user ID as a key. Then, the third public key included in the detected record 2210 is notified to the usage permit request processing unit 211 (S4103).

Next, the usage permit request processing unit 211 encrypts the transaction information using the common key notified from the hall management unit 204 (S4104), and is notified from the encrypted transaction information and the user management unit 202. A third public key and a usage permit including the third public key are generated (S4105). Then, the use permit request processing unit 211 generates a second signature for the use permit using the second private key notified from the hall management unit 204 (S4106).

Next, the usage permit request processing unit 211 transmits the usage permit and the second signature to the user terminal 4 which is the transmission source of the usage permit request (S4107).

The embodiment of the present invention has been described above.

In the present embodiment, the utilization control device 1 can communicate only by the short-range wireless communication 63, and is separated from the WAN 60. Therefore, the utilization control device 1 is not attacked from the outside via the WAN 60. In addition, the usage permit used to lift the usage restriction of the house 50 to be used is the second public key attached to the usage permit using the second public key included in the hall data. The legitimacy is proved by verifying the signature, and the hall data is proved by verifying the first signature attached to the hall data using the first public key. Will be done. Further, the user terminal 4 uses the third private key to generate a third signature for the nonce acquired from the usage control device 1, and the usage control device 1 is included in the usage permit. By verifying the third signature obtained from the user terminal 4 using the public key of, the legitimacy of the user terminal 4 as a source of the usage permit is proved. Therefore, according to this embodiment, the security risk is reduced.

Further, in the present embodiment, the usage restriction of the usage target is lifted only when the desired information regarding the usage of the usage target of the transaction information included in the usage permit is satisfied, and when the usage restriction is not satisfied, the usage of the usage target is used. The restrictions will not be lifted. Therefore, by including conditions such as the usable period (desired start / end time of use) and the number of times of use in the desired information regarding the use of the transaction information, even if the usage permit does not meet these conditions, Even if the validity is proved, it is invalid, so there is no need to have the user (user of the user terminal 4) return the usage permit. Therefore, according to the present embodiment, convenience is improved.

As described above, according to the present embodiment, it is possible to reduce the security risk while improving the convenience in the usage management of the usage target.

Further, in the present embodiment, the management device 2 manages the transaction information including the time when the usage permit can be obtained, and when the usage permit request is received from the user terminal 4, the usage permit request is made. A usage permit is generated when the usage permit acquisition time included in the transaction information specified by the transaction ID specified in is passed. By limiting the time when the usage permit can be obtained in this way, it is possible to reduce the chances that the usage permit can be tampered with and further improve security.

Further, in the present embodiment, when the management device 2 receives the transaction request from the user terminal 4, the management device 2 makes a transaction approval / disapproval inquiry including desired information regarding the use of the usage target included in the transaction request. Send to 3. Then, when a transaction permission response is received from the provider terminal 3 as a response to the transaction approval / disapproval inquiry, the transaction information is generated and a transaction establishment notification including the usage permit acquisition time included in the transaction information is sent. It is transmitted to the user terminal 4. For this reason, the provider can indicate the intention of accepting or disapproving the transaction for each transaction (providing) of the service to be used, while the user can obtain the usage permit only when the transaction is completed. You can know the acquisition time. Therefore, the convenience of both the provider and the user of the service to be used is further improved.

The present invention is not limited to the above-described embodiment, and many modifications can be made within the scope of the gist thereof.

For example, in the above embodiment, when the usage control device 1 receives the usage permit and the second signature from the user terminal 4, it transmits a nonce to the user terminal 4 and the user terminal 4 to the third. And verify both the second and third signatures. However, the present invention is not limited to this. First, one of the second and third signatures may be verified first, and the other may be verified only when this verification is established. For example, the second signature is verified prior to the nonce transmission to the user terminal 4, and only when this verification is established, the nonce is transmitted to the user terminal 4 and the user terminal 4 to the third signature. And verify the third signature.

Further, in the above embodiment, the management device 2 uses the common key shared between the management device 2 and the usage control device 1, and the management device 2 includes the transaction information included in the usage permit transmitted to the user terminal 4. Encrypted, the usage control device 1 decrypts the encrypted transaction information included in the usage permit received from the user terminal 4. However, the present invention is not limited to this. The transaction information may be transmitted from the management device 2 to the usage control device 1 via the user terminal 4 in plain text without being encrypted.

Further, in the above-described embodiment, the case where the desired start / end time and the number of times of use are used as the desired information regarding the use of the target to be included in the transaction information has been described as an example. However, the present invention is not limited to this. The desired information regarding the use of the target of use may include only one of the start / end time of the desired use and the number of times of use as long as it defines the conditions for releasing the usage restriction of the target of use. Alternatively, another condition may be included in place of the desired start / end time and the number of times of use, or in place of one of them.

Further, in the above embodiment, the storage unit 201 is arranged in the management device 2. However, the present invention is not limited to this. The storage unit 201 may be stored in a file server connected to the WAN 60. In this case, the user information storage unit 221, the provider information storage unit 222, the object data storage unit 223, the hall data storage unit 224, and the transaction information storage unit 225 may be stored in different file servers. Alternatively, each of them may be divided into a plurality of files and stored in a plurality of file servers in a distributed manner. Further, it is preferable that the validity of the information stored in these storage units 221 to 225 is guaranteed by using blockchain technology or the like.

Further, in the above embodiment, the case where the utilization control device 1 is used for unlocking the auto-lock device installed at the entrance / exit 51 of the house 50 to be used has been described as an example, but the present invention is not limited thereto. .. A hotel, an inn, a private lodging facility, a warehouse, a room, or the like may be used, and the use control device 1 may be used to unlock the auto-lock device installed at these entrances and exits. Alternatively, a mobile body such as an automobile or a bicycle may be used, and a use control device may be used to release the door of the mobile body or start the ignition. Alternatively, the use control device 1 may be used for viewing terminals of electronic media such as electronic charts and electronic books, and for removing access restrictions on the electronic media or decrypting the encrypted electronic media, for example, a secret. The usage control device 1 may be used to release the access restriction to the recording medium by targeting the storage in which the electronic and non-electronic recording media in which the information and the like are stored are stored. In these cases, the usage control device 1 may record the access log to the medium.

1: Usage control device 2: Management device 3: Provider terminal 4: User terminal 10: Short-range wireless communication unit 11: Setting information storage unit 12: Object setting unit 13: Hall setting unit 14: Signature acquisition unit 15: Usage restriction release unit 16: Sign verification unit 17: Decryption unit 40: Wireless network interface unit 41: Short-range wireless communication unit 42: Man-machine interface unit 43: Storage unit 44: Login request unit 45: Transaction request unit 46: Usage permission Certificate request unit 47: Usage permit transmission unit 48: Nonce processing unit 50: House 51: Doorway 60: WAN 61: Relay device 62: Wireless network 63: Short-range wireless communication 200: WAN interface unit 201: Storage unit 202: User Management Department 203: Object Management Department 204: Hall Management Department 205: Transaction Management Department 206: Login Processing Department 207: Object Registration Request Processing Department 208: Hall Generation Request Processing Department 209: Transaction Acceptance / Rejection Inquiry Department 210: Transaction Request Processing Department 211: Usage permit request processing unit 221: User information storage unit 222: Provider information storage unit 223: Object data storage unit 224: Hall data storage unit 225: Transaction information storage unit 430: Login information storage unit 431: Key information storage unit 432: Usage permit storage unit

Claims (13)

It is a usage management system that manages the usage of the usage target.
A usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption based on the usage permit.
A management device that manages the usage target in association with the usage control device, and
A provider terminal that sets the hall data required for verification of the use permit in the use control device, and
The use control device is provided with a user terminal for notifying the use permit.
The management device is
A transaction management means that manages transaction information including conditions related to the use of the usage target, and
An object management means that manages the first private key / public key in association with the usage control device,
A hall management means that manages the second private key / public key in association with the usage control device,
A user management means that manages a third public key in association with the user terminal,
Using the first private key managed by the object management means, a first signature is generated for the hall data including the second public key managed by the hall management means, and the hall is generated. A hall data processing means for transmitting data and the first signature to the provider terminal, and
Using the second private key managed by the hall management means, the transaction information managed by the transaction management means and the third public key managed by the user management means are included. It has a usage permit processing means for generating a second signature for the usage permit and transmitting the usage permit and the second signature to the user terminal.
The provider terminal is
The hall data received from the management device and the first signature are transmitted to the utilization control device by short-range wireless communication.
The user terminal is
A secret key storage means for storing a third private key paired with the third public key associated with itself and stored in the user management means of the management device.
A usage permit transmitting means for transmitting the usage permit and the second signature received from the management device to the usage control device by short-range wireless communication.
The third secret key stored in the secret key storage means is used to generate a third signature for the nonce received from the utilization control device, and the third signature is used by short-range wireless communication. It has a nonce processing means for transmitting to a control device, and has
The utilization control device is
Communication is possible only by short-range wireless communication,
The first signature received from the provider terminal together with the hall data is verified with the first public key registered in advance, and if the verification is successful, the hall setting for setting the hall data in the own device is performed. Means and
When the usage permit and the second signature are received from the user terminal, the signature acquisition means for transmitting the nonce to the user terminal and acquiring the third signature from the user terminal. ,
The second signature received from the user terminal together with the usage permit is verified by the second public key included in the hall data set in the own device, and is verified by the signature acquisition means. The acquired third signature is verified with the third public key included in the license, and if the verification for the second and third signatures is established, the license is used. A transaction information acquisition means for acquiring the included transaction information, and
It is characterized in that it has a means for releasing the usage restriction of the usage target if the conditions specified by the transaction information are satisfied by referring to the transaction information acquired by the transaction information acquisition means. Usage management system. The usage management system according to claim 1.
In the management device
The transaction management means manages the transaction information including the time when the license can be obtained.
When the use permit processing means receives the use permit request accompanied by the designation of the transaction information from the user terminal, the use permit processing means is managed by the transaction management means, and is designated by the use permit request. If the usage permit acquisition time included in the transaction information has passed, the usage permit including the transaction information and the third public key managed by the user management means is generated. At the same time, using the second private key managed by the hall management means, a second signature for the usage permit is generated, and the usage permit and the second signature are sent to the user terminal. A usage management system characterized by sending. The usage management system according to claim 2.
The management device is
When a usage request including the usage conditions of the usage target is received from the user terminal, a transaction including the conditions and inquiring the transaction approval / disapproval of the usage service of the usage target is transmitted to the provider terminal. Approval / rejection inquiry means and
When a transaction permission response is received from the provider terminal as a response to the transaction approval / disapproval inquiry transmitted to the provider terminal by the transaction approval / disapproval inquiry means, the use of the usage target included in the transaction approval / disapproval inquiry. Further having a transaction information processing means for generating the transaction information including the conditions and the time when the usage permit can be obtained and transmitting a transaction establishment notification including the time when the usage permit can be obtained to the user terminal. A usage management system featuring. The usage management system according to any one of claims 1 to 3.
In the management device
When the hall data processing means receives the hall generation request accompanied by the designation of the utilization control device from the provider terminal, the hall data processing means generates the second private key / public key, and in accordance with the hall generation request, the hall data processing means. The first signature on the hall data including the second public key is generated using the first private key managed by the object management means, and the hall data and the first signature are generated. A usage management system characterized by sending to the provider terminal. The usage management system according to any one of claims 1 to 4.
In the management device
When an object registration request accompanied by the designation of the usage control device is received from the provider terminal, the first private key / public key is generated, and an object registration notification including the first public key is provided. It also has an object registration request processing means to be sent to the person terminal.
The provider terminal is
The object registration notification received from the management device is transmitted to the usage control device by short-range wireless communication, and the object registration notification is transmitted to the usage control device.
The utilization control device is
A usage management system characterized in that the first public key included in the object registration notification received from the provider terminal is registered. The usage management system according to any one of claims 1 to 5.
In the management device
The hall management means also manages a common key in association with the usage control device.
The hall data processing means transmits the hall data including the common key.
The use permit processing means uses the common key to encrypt the transaction information to be included in the use permit.
In the utilization control device
The transaction information acquisition means decrypts the encrypted transaction information included in the use permit by using the common key included in the hall data set in the own device. A featured usage management system. A management device that manages a usage control device that controls the usage of a usage target by locking / unlocking, access control, or encryption / decryption based on a usage permit.
A transaction management means that manages transaction information including conditions related to the use of the usage target, and
An object management means that manages the first private key / public key in association with the usage control device,
A hall management means that manages the second private key / public key in association with the usage control device,
A user management means that manages a third public key in association with a user terminal that notifies the use control device of the use permit.
Using the first private key managed by the object management means, the first hole data required for verification of the usage permit including the second public key managed by the hall management means is used. The hall data processing means for generating the signature of the above and transmitting the hall data and the first signature to the provider terminal that sets the hall data in the utilization control device.
Using the second private key managed by the hall management means, the transaction information managed by the transaction management means and the third public key managed by the user management means are included. A management device comprising: a usage permit processing means for generating a second signature for the usage permit and transmitting the usage permit and the second signature to the user terminal. It is a usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption based on the usage permit.
Communication is possible only by short-range wireless communication,
The first signature received from the provider terminal together with the hall data required for verification of the usage permit is verified with the first public key registered in advance, and if the verification is successful, the hall data is used as the own device. Hall setting means to set to
When the usage permit is received from the user terminal together with the second signature, a signature acquisition means for transmitting a nonce to the user terminal and acquiring the third signature from the user terminal, and
The second signature received from the user terminal together with the usage permit is verified by the second public key included in the hall data set in the own device, and is verified by the signature acquisition means. The acquired third signature is verified with the third public key included in the license, and if the verification for the second and third signatures is established, the license is used. Transaction information acquisition means to acquire the included transaction information,
It is characterized in that it has a means for releasing the usage restriction of the usage target if the conditions specified by the transaction information are satisfied by referring to the transaction information acquired by the transaction information acquisition means. Usage control device. Based on the usage permit, the usage permit obtained from the management device that manages the usage control device is applied to the usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption. It is a user terminal that notifies
A secret key storage means for storing a third private key paired with a third public key associated with the own terminal and stored in the management device.
A usage permit transmitting means for transmitting the usage permit and the second signature received from the management device to the usage control device by short-range wireless communication.
The third secret key stored in the secret key storage means is used to generate a third signature for the nonce received from the utilization control device, and the third signature is used by short-range wireless communication. A user terminal having a nonce processing means for transmitting to a control device. A usage control device that controls the use of a usage target by locking / unlocking, access control, or encryption / decryption based on a usage permit, and a management device that manages the usage target in association with the usage control device. , The use target using the provider terminal for setting the hall data required for verification of the use permit in the use control device and the user terminal for notifying the use permit to the use control device. It is a usage management method that manages the usage of
The management device is
It manages transaction information including conditions related to the use of the usage target, manages the first private key / public key and the second private key / public key in association with the usage control device, and manages the user. Manage the third public key in association with the terminal,
Using the first private key, a first signature is generated for the hall data including the second public key, and the hall data and the first signature are transmitted to the provider terminal.
The second private key is used to generate a second signature on the usage permit containing the transaction information and the third public key, and the usage permit and the second signature are used on the user terminal. Send to
The provider terminal is
The hall data received from the management device and the first signature are transmitted to the utilization control device by short-range wireless communication.
The user terminal is
The usage permit and the second signature received from the management device are transmitted to the usage control device by short-range wireless communication.
When the nonce is received from the utilization control device, a third signature for the nonce is generated by using the third private key registered in advance, and the third signature is used by short-range wireless communication. Send to the controller
The utilization control device is
Communication is possible only by short-range wireless communication,
The first signature received together with the hall data from the provider terminal is verified with the first public key registered in advance, and if the verification is successful, the hall data is set in the own device.
The second signature received from the user terminal together with the usage permit is verified by the second public key included in the hall data set in the own device, and the nonce is used. It is transmitted to the user terminal, the third signature is received from the user terminal, and the third signature is verified with the third public key included in the usage permit.
If the verification of the second and third signatures is successful, the transaction information included in the usage permit is referred to, and if the conditions specified by the transaction information are satisfied, the use target. A usage management method characterized by lifting the usage restrictions of. The computer is made to function as a management device that manages a usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption based on the usage permit.
The management device is
A transaction management means that manages transaction information including conditions related to the use of the usage target, and
An object management means that manages the first private key / public key in association with the usage control device,
A hall management means that manages the second private key / public key in association with the usage control device,
A user management means that manages a third public key in association with a user terminal that notifies the use control device of the use permit.
Using the first private key managed by the object management means, the first hole data required for verification of the usage permit including the second public key managed by the hall management means is used. The hall data processing means for generating the signature of the above and transmitting the hall data and the first signature to the provider terminal that sets the hall data in the utilization control device.
Using the second private key managed by the hall management means, the transaction information managed by the transaction management means and the third public key managed by the user management means are included. A program comprising: a usage permit processing means for generating a second signature for the usage permit and transmitting the usage permit and the second signature to the user terminal. The computer is made to function as a usage control device that controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption based on the usage permit.
The utilization control device is
Communication is possible only by short-range wireless communication,
The first signature received from the provider terminal together with the hall data required for verification of the usage permit is verified with the first public key registered in advance, and if the verification is successful, the hall data is used as the own device. Hall setting means to set to
When the usage permit is received from the user terminal together with the second signature, a signature acquisition means for transmitting a nonce to the user terminal and acquiring the third signature from the user terminal, and
The second signature received from the user terminal together with the usage permit is verified by the second public key included in the hall data set in the own device, and is verified by the signature acquisition means. The acquired third signature is verified with the third public key included in the license, and if the verification for the second and third signatures is established, the license is used. A transaction information acquisition means for acquiring the included transaction information, and
It is characterized in that it has a means for releasing the usage restriction of the usage target if the conditions specified by the transaction information are satisfied by referring to the transaction information acquired by the transaction information acquisition means. program. The usage obtained from the management device that manages the usage control device, which controls the usage of the usage target by locking / unlocking, access control, or encryption / decryption, based on the usage permit. It functions as a user terminal that notifies the permit,
The user terminal is
A secret key storage means for storing a third private key paired with a third public key associated with itself and stored in the management device.
A usage permit transmitting means for transmitting the usage permit and the second signature received from the management device to the usage control device by short-range wireless communication.
The third secret key stored in the secret key storage means is used to generate a third signature for the nonce received from the utilization control device, and the third signature is used by short-range wireless communication. A program characterized by having a nonce processing means for transmitting to a control device.

Images