JP4936238B2 - Security management device - Google Patents

Description

  The present invention relates to an apparatus for authenticating a user who uses an electronic device, and more particularly to a security management apparatus for identifying and authenticating a user.

Conventionally, face and voice features have been used for personal identification and authentication. Authentication using the characteristics of personal biometric information has begun to be used for various purposes such as identification of individuals in various institutions, entrance / exit management of important facilities, and personal authentication in bank ATMs. For example, Patent Document 1 discloses a system that performs personal authentication using a finger vein image. Authentication using the characteristics of personal action information is also used. For example, the identification of a person by handwriting of a signature has been performed for a long time, and there is a system that performs this electronically (for example, Patent Document 2). Authentication in which the identity is confirmed by paying attention to the characteristics of such biological information and behavior information is generally referred to as biometric authentication. As an apparatus for authentication using this biometric authentication, an authentication token using fingerprint authentication has been developed (Non-patent Document 1).
JP 2005-071118 A JP 2003-271967 A J. HARRIS, "FIU-810 PUPPY FINGERPRINT IDENTITY TOKEN: THECHNICAL ARCHITECTURE OVERVIEW", [online], May 10, 2004, [Search June 13, 2005], Internet <URL: http: //bssc.sel .sony.com / Professional / puppy / files / FIU810_White_Paper_0401.pdf>

  Biometrics authentication is based on personal biometric information and behavior information, and therefore has the advantage that it is not necessary to rely on memory as in the case of a password. In general, “spoofing” is considered to be almost difficult. However, the biometric information and behavioral information that is the basis of this biometric authentication is information that can identify an individual who is actually alive. Therefore, the biological information and behavior information need to be protected. In addition, actions performed in combination with biological information and action information (exchanged data, device operation details, etc.) also require protection.

  In addition, in the conventional biometric authentication, cooperation with PKI (Public Key Infrastructure) which is information security technology is insufficient. In particular, the conventional authentication token has a limit to completely prevent spoofing by another malicious person.

  The present invention aims to solve at least some of these problems.

  The present invention is performed by a person who is permitted or permitted to perform various operations such as operations on electronic devices, creation, browsing, viewing, and decryption of encrypted data using digital devices. In combination with whether the act is about to be performed at the time when it is permitted or permitted, or whether the act is about to be performed at the permitted location (location) To prevent and enhance the security of authentication.

  That is, in the present invention, a data communication means capable of communicating with an external electronic device, a time specifying means for outputting current time data, including a clock capable of acquiring current time data, specifying a geographical position, The position specifying means for outputting data, and acquiring either the current user's biometric information or behavior information, and determining whether the biometric information or behavior information belongs to a registered user registered in advance, User authentication means for outputting registered user ID data for identifying the user when the biometric information or behavior information of the user is that of the registered user, the current time data, Receiving position data and the registered user ID data, and based on at least the registered user ID data and further based on either the current time data or the position data. Based on at least one of authentication information data generating means for generating authentication information data and transmitting the authentication information data, the authentication information data from the authentication information data generating means, and key data from the electronic device An encryption key or a decryption key can be used to perform at least one of encryption of data or decryption of encrypted data, and at least one of encrypted data and decrypted data A security management device is provided, comprising: cryptographic processing means capable of transmitting the data through the data communication means.

  Electronic devices that use this management device include processor-based electronic devices such as computers and digital cameras, electronic devices used in homes such as music players, video disc players, television sets, and set-top boxes, and automatic deposits. Various devices such as electronic devices that require personal authentication such as payment machines (ATMs), authentication terminals used in PKI certificate authorities for performing personal authentication, and personal identification terminals in hospitals to prevent patient misplacement Electronic equipment. The electronic device may be any device as long as it includes electronic processing, for example, a lock management device that manages door locks, an operation management device that manages whether a vehicle can be driven, etc. Is also included.

  The data communication means is, for example, any wired and wireless data communication means capable of communicating digital data, and examples of hardware include RS-232C, parallel connection, SCSI (Small Computer System Interface), USB (Universal Serial Bus), IEEE 1394, TCP / IP (Ethernet), wireless LAN, Bluetooth (registered trademark), wireless USB, and other communication standards and proprietary communication means can be used. To be realized.

  The geographical position is an absolute position on the earth such as latitude, longitude, altitude, or a relative position with respect to a predetermined index whose geographical position is known.

  In the present invention, the security management device acquires either the current user's biological information or behavior information. This biometric information or action information is registered in advance in the security management apparatus for a predetermined registered user. The user authentication means determines whether or not the current user is the same person as the registered user based on the biometric information or the behavior information. If the current user is the same person, the ID data of the registered user that is the same person Is output. When there are a plurality of registered users, ID data of the registered user corresponding to the current user is output.

  The encryption processing means can execute encryption of data and / or decryption of encrypted data using the encryption key or the decryption key, and the encrypted data or the decrypted data can be decrypted. At least one of the data can be transmitted through the data communication means. The encryption key or the decryption key is at least one of authentication information data from the authentication information data generation unit and / or key data from the electronic device, or is generated from either of them.

  In the present invention, it is preferable to provide a sensor for acquiring fingerprint information and compare the fingerprint data acquired by the sensor with the fingerprint data of the registered user. A suitable example of biometric information is a fingerprint. The fingerprint can be optically read or electrostatically read by a relatively simple sensor, and the security management device of the present invention can be downsized. As other biological information, for example, a vein pattern such as a palm or a finger, or an iris pattern can be used. As the behavior information, a voice print, a typing pattern, a signature, or the like can be used.

  In the present invention, it is preferable that the time specifying means includes a radio communication wave or broadcast wave receiving means including time data traceable with respect to the global agreement time, and the timepiece is calibrated according to the time data. The time data traceable to UTC (Coordinated Universal Time) includes Japan Standard Time data from the JJY (registered trademark) service, GPS time data in GPS, and other time distribution data, either directly or indirectly. Time data that can determine the mutual relationship with the time of global agreement. When the time is fixed, the reliability of the current time data used in the authentication is increased, and it is difficult to tamper with the time.

  In the present invention, it is preferable that the position specifying means includes a radio positioning system radio wave receiving means. With this configuration, the geographical position is measured using, for example, a global positioning system (GPS), and the reliability of the position data used in authentication is increased, making it difficult to tamper with the position data.

  In the present invention, further comprising a program storage means for storing a program for specifying which one of a plurality of encryption or decryption algorithms to use and causing the encryption processing means to process the encryption or decryption algorithm, The encryption processing means performs processing according to a program stored in the program storage means, and performs an encryption or decryption algorithm according to an algorithm designation instruction from the electronic device or an algorithm identifier included in data received from the electronic device. It is preferable to switch.

  The plurality of encryption or decryption algorithms refers to, for example, common key encryption algorithms such as DES and AES, and public key encryption algorithms such as RSA. When decrypting encrypted data, it is necessary to decrypt the encrypted data using an algorithm that is encrypted. Further, in order to encrypt unencrypted data (plain data), it is necessary to determine an algorithm for decrypting the encrypted data in advance and execute encryption using an encryption algorithm corresponding to the algorithm. By switching a plurality of encryption or decryption algorithms by a program, the security management apparatus can cope with a plurality of encryption or decryption algorithms. Further, since the type of algorithm itself is a kind of key, security can be improved.

  In the present invention, it further comprises a secret key storage means for storing secret key data of a public key cryptosystem, and the user authentication is performed when the biometric information or the behavior information is of a registered user registered in advance. When the means determines, the encryption processing means reads the secret key data from the secret key storage means, the data is encrypted using the public key data paired with the secret key as an encryption key, It is preferable to decrypt at least one of session key data that is encrypted with the public key and is a common key used for data encryption, using the secret key data as a decryption key.

Since the private key is determined and read by the user authentication means when the user is a registered user, the private key should be strictly managed so as not to leak by managing the private key by the user authentication. Security increases. The session key is a key that becomes a common key. By encrypting only the session key with public key cryptography, even if the volume of data to be encrypted is large, the public key cryptography security and public key cryptography are faster than the common key cryptography. It can be compatible with arithmetic processing.

  In addition, by including some numerical value (for example, registered user ID, biometric information feature data, etc.) corresponding to the registered user's biometric information and behavior information as part of the secret key, the secret key and the user directly correspond. To increase security. In addition, if current time data and position data are further included in a part of the secret key, processing that can be decrypted only at a predetermined time and position can be performed.

  In the present invention, the authentication information data is received from the authentication information data generation means, the authentication request is received by the data communication means, and the authentication information data from the authentication information data generation means is compared with the authentication request. Then, at least one of the comparison result between the current time data and the access permission time range data, or the comparison result between the position data and the access permission position range data, the registered user ID data and the access permission Access control means for controlling whether to output the authentication information data based on the comparison result with the user ID data, and encryption or decryption in the encryption processing means from the authentication information data from the access control means It is preferable to further comprise key generation means for generating key data for

  By controlling whether or not the authentication information data is output according to the result of the authentication process performed by the access control means based on the authentication request, the key data can be generated when the authentication based on the authentication request is successful, Whether or not to execute encryption or decryption processing in the processing means can be determined based on the authentication result.

  According to another aspect of the present invention, there is provided a system including an electronic device and the security management device, wherein the security information is generated by the authentication information data generation unit through the data communication unit. Or the encryption processing unit encrypts the authentication information data to generate encrypted authentication information data and transmits the encrypted authentication information data to the electronic device through the data communication unit. The authentication information data or the encrypted authentication information data is received, and either the current time data or the location data and the registered user ID data are obtained from the authentication information data or the encrypted authentication information data. The access permission time range and / or access permission position range And controls access from the constant to the user, the system is provided.

  This aspect is an aspect of the system. According to this aspect of the system, the authentication information data or the encrypted authentication information data is transmitted from the security management apparatus, and the electronic device specifies at least one of the access permission time range or the access permission position range and the access permitted person. Since the access is controlled, it is possible to specify only the intended user to specify whether the electronic device is usable, to obtain money through the electronic device, to view or copy data, by specifying the time or place. Further, since the authentication information data can be obtained by the security management device, it is possible to achieve a configuration that enhances security even if the configuration of the electronic device is simple.

  As another aspect of the system, the present invention is a system including an electronic device and the security management device, wherein the electronic device is at least one of access permission time range data and access permission position range data. And an access requester ID data are transmitted to the security management device to control access from the user by an access control signal received from the security management device, the security management device, The authentication request is received by the data communication means, the authentication information data from the authentication information data generating means is compared with the authentication request, and a comparison result between the current time data and the access permission time range data, or Comparison result between the position data and the access-permitted position range data An access control signal is generated based on the comparison result between the registered user ID data and the access authorized person ID data, and the access control signal is output to the electronic device through the data communication means. There is also provided a system further comprising control means.

  This aspect is also an aspect of the system. According to this aspect of the system, since the electronic device can transmit an authentication request to the security management device, and the security management device can generate an access control signal accordingly, the electronic device issues an authentication request to the security management device. Thus, the authentication can be performed only by itself, and the processing for authentication can be omitted. Also, by concentrating the authentication and judgment functions on the security management device, the intended use is specified by specifying the time or place, such as whether to use the electronic device, obtaining money through the electronic device, browsing or copying data, etc. Can only be performed by a person.

  According to the present invention, in any one of the system aspects, the encryption processing unit encrypts data received from the electronic device through the data communication unit when the user is permitted to access the electronic device. It is preferable that the data is transmitted to the electronic device after being converted into a decryption or decoding process.

  By performing encryption or decryption processing by the encryption processing means of the security management device, the electronic device can perform encryption or decryption processing only by transmitting data to the security management device and receiving the processed data. It is possible to adopt a configuration in which it is not necessary to perform the process itself.

  Still other system aspects are provided in the present invention. That is, a system including an electronic device and the security management device, wherein the security management device transmits the authentication information data as it is to the electronic device through the data communication unit, or The encryption processing means encrypts the authentication information data to generate encrypted authentication information data, and transmits the encrypted authentication information data to the electronic device through the data communication means. Encrypted content data obtained by encrypting digital content data with an encryption key based on at least one of the decryption permission time range data and the decryption permission position range data and the ID data of the licensee permitted to decrypt Or stored in an internal storage device, and the electronic device Receiving the information data or the encrypted authentication information data, and generating a decryption key for decrypting the encrypted content data based on the decryption of the authentication information data or the encrypted authentication information data; A system is provided in which the encrypted content data is decrypted with the decryption key.

  In this case, when the decryption of the encrypted content data is permitted, the encryption processing unit decrypts at least a part of the encrypted content data received from the electronic device through the data communication unit. More preferably, the processed content data is transmitted to the electronic device.

  When the decryption key is generated by the electronic device, the encryption mode of the encrypted content data need not be reflected in the security management apparatus. In addition, when the encryption processing means of the security management device performs the decryption processing on the portion that can be processed by the encryption processing means, the calculation can be performed by the processing capability of the security management device, and the calculation capability of the electronic device is changed to the encryption processing. You don't have to spend.

  Still other system aspects are provided in the present invention. That is, a system including an electronic device and the security management device, wherein the electronic device is capable of decrypting at least one of decryption permission time range data and decryption permission position range data permitted to be decrypted. Encrypted content data obtained by encrypting digital content data with an encryption key based on the licensed ID data of the licensed person is received from the outside or stored in an internal storage device, and the encryption processing means includes the authentication information Receiving the data, receiving the encrypted content data from the electronic device through the data communication means, generating a decryption key for decrypting the encrypted content data based on the authentication information data, and The encrypted content data is decrypted using an encryption key and restored to the electronic device through the data communication means. It is to send a phased content data, the system is provided.

  By decrypting the encrypted content data from the electronic device by the security management device and transmitting the decrypted content data, the electronic device becomes unnecessary for the authentication processing and encryption processing, and the authentication processing and encryption processing Processes that affect security are collected in the security management device. As a result, if the security management device user carries the security management device, the security management device user is included in the encrypted content data even when using a general electronic device that does not have a special means for authentication and encryption processing. Access to digital content data.

  As another aspect of the present invention, an electronic device managed by a security management device is provided. That is, in the present invention, a registered user in the case of data communication means capable of communicating with an external security management device, wherein the current user's biometric information or behavior information is that of a registered user registered in advance. Receiving at least one of authentication information data based on at least current data or position data based on ID data, or encrypted authentication information data obtained by encrypting the authentication information data Data communication means capable of transmitting and receiving data to be encrypted or decrypted, and the current time included in the authentication information data from the security management device or the encrypted authentication information data Based on either the data or the location data and the registered user ID data. A control means for controlling access from the user, the electronic device to transmit and receive data encrypted or decrypted by the security management device is provided.

  The data communication means capable of communicating with the security management apparatus is connected to the data communication means included in the security management apparatus to perform communication, and any wireless and wired hardware and driver software used as necessary Etc.

  According to the present invention, security control based on personal biometric information or behavior information and time and / or position is possible, and encryption processing is also possible. Therefore, a higher security level can be realized in various electronic devices.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block configuration diagram showing an embodiment of a security management apparatus of the present invention. The security management apparatus 100 includes a data communication unit 110, a time specifying unit 120, a position specifying unit 130, a user authentication unit 140, an authentication information data generation unit 150, and an encryption processing unit 160. . The security management apparatus 100 is connected to the electronic device 200 by the data communication unit 110 to determine whether the user is a valid user for the electronic device 200 or data used by the electronic device 200, It is determined whether it is being used by a user registered there. Then, it is also determined whether or not the time (current time) at which authentication is performed and the position to be used are appropriate. Thus, whether the user who accesses the electronic device 200 or the user who uses the data or decrypts the encrypted data by the electronic device 200 is the original user uses the security management apparatus 100. Authenticated.

  The data communication unit 110 can be any communication unit as described above. Here, a case where a wired connection device such as a USB is used as a wired data communication unit electrically connected to the electronic device 200 is illustrated. ing.

  The time specifying means 120 has a built-in clock. This timepiece is an RTC (real-time clock) that can keep ticking time using a built-in battery, and the time indicated by the timepiece can be acquired as data. This time specifying means 120 can function as a radio timepiece. In other words, traceable time data can be obtained directly or indirectly as appropriate with respect to time data at the time of a global agreement managed by an atomic clock and used as a reference for clocks around the world. The time specifying means 120 can receive a radio wave from the transmitting station 300 that transmits the standard radio wave and calibrate a clock that can be used.

  The position specifying means 130 receives radio waves from a plurality of GPS satellites 400, measures a geographical position on the earth, and additionally adds correction data from a DGPS (differential GPS) station for correcting an error. To determine the position more accurately. GPS radio waves can be obtained as position data of longitude, latitude, and altitude (elevation) by receiving radio waves from four or more satellites. Of the position data, for example, if longitude and latitude are obtained, In most cases even if there is no altitude data, the location is specified, so that data can be used. Further, in preparation for the case where GPS radio waves cannot be obtained at a position where the electronic device 200 is used, the position specifying means 130 is provided with a final specified position storage means 132 for storing data whose position has been specified last. Yes. In this final specific position storage means 132, in addition to the data whose position has been specified at the end, the time data at which the data was obtained are also stored. To be identified.

  The user authentication unit 140 includes a sensor 142 that acquires user fingerprint information as user biometric information, and a registered user fingerprint information storage unit 144 that stores data of the registered user fingerprint information. . The security management apparatus 100 is permitted to be used only by one or more specific users (registered users). The registered user reads the fingerprint information of one or more fingers of his / her hand with the sensor 142 in advance, and stores the fingerprint information data in the registered user fingerprint information storage unit 144. The user authentication unit 140 includes a determination unit 146. Whether the determination unit 146 matches the fingerprint information data of the current user's fingerprint read by the sensor 142 with the registered user's fingerprint information data stored in the registered user fingerprint information storage unit 144. Determine. Thus, the security management apparatus 100 determines whether the user who intends to use the security management apparatus 100 is a registered user.

  The sensor 142 is, for example, a CCD that is used together with an illuminating device (for example, a light emitting diode) that illuminates the surface of a finger pressed on the casing of the security management device 100 by placing a transparent flat window on the housing of the security management device 100. (Charge coupled device) An image reading sensor or a CMOS image reading sensor can be used.

  The fingerprint information data can be data in which a two-dimensional fingerprint pattern is recorded as image information as it is, but here it is data relating to features obtained by performing edge detection and feature extraction processing from this image information. The fingerprint information data is associated with the registered user ID, and a table for performing the association is also stored in the registered user fingerprint information storage unit 144. When the determination unit 146 determines that the fingerprint pattern obtained from the user is the same as the fingerprint pattern of the registered user, the determination unit 146 refers to the table and outputs the ID of the registered user. The registered user ID is arbitrary numerical data sufficient to specify an individual or a group to which the individual belongs in an ID number system for managing authentication.

  The authentication information data generating unit 150 receives current time data from the time specifying unit 120, receives position data from the position specifying unit 130, and receives registered user ID data from the user authentication unit 140. Then, authentication information data 152 including current time data, position data, and registered user ID data as shown in FIG. 2 is generated. The authentication information data 152 is information indicating who has been authenticated, and further indicating when and where the authentication has been performed. The configuration of the authentication information data 152 is selected according to the level of security required in the security management policy. For example, a device ID assigned to the security management device can be optionally added as information indicating the device that has performed authentication.

  The encryption processing unit 160 can execute encryption processing for data encryption or decryption using an encryption key or a decryption key based on the authentication information data 152. The encryption processing unit 160 includes an encryption unit 162 that performs encryption processing and a decryption unit 164 that performs decryption processing. Data to be subject to encryption processing is arbitrary data. As an example of this, data input from the electronic device 200 via the communication unit 110 or the authentication information data 152 itself can be the target of encryption processing. The key data used by the encryption processing means 160 as an encryption key or decryption key for encryption processing is also arbitrary. As an example, the encryption processing unit 160 can use an encryption key or a decryption key generated from the authentication information data 152. The encryption processing unit 160 includes a key generation unit 166 that generates an encryption key and a decryption key from the authentication information data 152. As another example, an encryption key or a decryption key managed by the electronic device 200 can be used. An example of the encryption key generated from the authentication information data 152 is a public key that is paired with a secret key that partially includes the authentication information data 152, and an example of a decryption key generated from the authentication information data is an authentication key. This is a secret key that partially includes the information data 152.

  Returning to FIG. 1 again, the security management apparatus 100 may include a key storage unit 180. The key storage unit 180 stores an encryption key and a decryption key used for encryption processing. This encryption key or decryption key can be a pre-registered key, or key data generated by the key generation unit 166 using the authentication information data 152. In any case, the encryption key and the decryption key may be a common key, or the encryption key may be a public key paired with some secret key, or the decryption key may be externally provided. It may be a private key that is paired with a public key.

  Next, the processing flow in the embodiment of the present invention will be described with reference to FIGS. FIG. 3 is a flowchart showing the processing operation in the embodiment of the security management device and the electronic device of the present invention.

  In the embodiment of the present invention, first, a registered user is registered in the security management apparatus (S102). That is, the fingerprint information of one or more fingers of the user's hand to be authenticated by the security management apparatus 100 is read by the sensor 142 with respect to the security management apparatus 100, and the fingerprint information data is registered as the registered user fingerprint. It is registered in the information storage unit 144. At this time, the fingerprint information is registered in association with the registered user ID.

  When authentication is actually started (S104), current time data is acquired (S106), and position data is acquired (S108). As the current time data, the time data output by the time specifying means 120 is used. In addition, the position data output by the position specifying unit 130 is used as the position data. Then, the fingerprint data of the user is acquired (S110). This fingerprint information is acquired by the sensor 142. The acquired user's fingerprint information is compared with the registered user's fingerprint information stored in the registered user fingerprint information storage unit 144 (S112). As a result of the comparison, if the user's fingerprint does not match any fingerprint of any registered user, the authentication has failed, and the state immediately after the start of authentication is restored to perform authentication again. On the other hand, as a result of the comparison, when the fingerprint of the user matches one of the fingerprints of any registered user, the user is a registered user of the security management apparatus 100 and has been successfully authenticated. Yes. In this case, the registered user ID data corresponding to the registered user's fingerprint that is the same as the user's fingerprint is output and transmitted (S114). Then, authentication information data is generated by the authentication information data generation means 150 by combining the ID data of the registered user with the current time data and the position data (S116).

  In an embodiment of the present invention, the security management apparatus 100 controls the user's access to the electronic device and the user's access to some data through the electronic device. FIG. 4 is a flowchart showing processing performed in this case following the processing flow of FIG. If the user who is authenticated as a registered user is using it, the authentication information data 152 is transmitted to the electronic device through the data communication means 110 (S202). At this time, since the authentication information data 152 includes personal information, it may be transmitted after being encrypted by the encryption processing means 160. The electronic device 200 compares the current time data, location data, and registered user ID included in the authentication information data 152 with the access permission conditions managed by the electronic device 200, so that the user It is then determined whether or not the electronic device 200 can be accessed at that location (S204). As a result, when the access is possible, the electronic device 200 permits the user's access (S212), and when the access is not possible, the electronic device 200 rejects the user's access (S222). .

  As described above, the access to the electronic device 200 is permitted because the user who is permitted to access the electronic device 200 is permitted to access the security management device at the time when the access is permitted. This is limited to a case where both the condition that the user is authenticated by 100 and the condition that the security management apparatus 100 pre-registers the user as a registered user are established. If access is denied, error processing is performed (S224). This error processing is, for example, a process of presenting the reason for access denial to the user, or a process of incrementing the counter of the number of times of access denial and restarting the process from an appropriate step among the once performed processes. Etc.

  When the user's access is permitted, the user can perform some operation or processing by the electronic device. In this process, for example, the electronic device 200 is a web server arranged on the network and manages a website that requires authentication for browsing, and the data communication unit 110 communicates with the electronic device 200 through the network. If it is a bad one, browsing the website is permitted. Further, if the electronic device 200 is an ATM, it is an operation relating to a deposit, and if the electronic device 200 is an automobile operation management device, a driving operation is possible.

  FIG. 5 is a flowchart for explaining processing in the case where the processing permitted by the electronic device is encryption processing and the processing for encrypting or decrypting data is performed in cooperation with the security management apparatus 100. is there. FIG. 5a shows a case where this encryption process is a process for decrypting encrypted data, and FIG. 5b shows a case where this encryption process is a process for performing encryption. When the electronic device 200 and the security management device 100 perform the decryption process in cooperation, the security management device 100 receives the encrypted data from the electronic device 200 (S302). When the electronic device 200 manages the decryption key, the decryption key may be supplied together with the encrypted data. The encryption processing means 160 of the security management device 100 decrypts the received encrypted data (S304). The decryption key may be the one supplied from the electronic device 200 as described above, may be read from the key storage unit 180, or may be generated from the authentication information data 152 by the key generation unit 166. . Then, the decrypted data is transmitted to the electronic device 200 through the data communication unit 110 (S306). Thereafter, the electronic device 200 uses data decrypted in some form (S308).

  When the electronic device 200 and the security management device 100 perform encryption processing in cooperation, the security management device 100 receives data (plain data) before encryption from the electronic device 200 (S312). When the electronic device 200 manages the encryption key at this time, the encryption key may be supplied together with the plain data. The encryption processing means 160 of the security management device 100 encrypts the received plain data (S314). The encryption key may be supplied from the electronic device 200, read from the key storage unit 180, or generated from the authentication information data 152, as in the case of the decryption key described above. Then, the encrypted data is transmitted to the electronic device 200 through the data communication unit 110 (S316). Thereafter, the electronic device 200 stores the encrypted data in some form or transmits it to another electronic device (S318).

  As described above, the security management apparatus 100 can be linked to the electronic device 200 to authenticate or perform encryption processing by combining the current time and / or position with the user's fingerprint data.

  Returning to FIG. 1 again, an embodiment in which the security management apparatus 100 controls user access to the electronic device 200 in addition to authentication will be described. The security management apparatus 100 according to the present embodiment includes an access control unit 182. At this time, the electronic device 200 transmits an authentication request 184. The authentication request 184 includes access permission time range data that defines a time range for permitting access, and access permission position range data that defines a range of positions where access is permitted. This time is composed of, for example, data representing a start time of midnight on June 1, 2005 and data representing a period of 180 days, or simply data of an expiration date when the permission state expires. Can be. In addition, the access permission position range data includes, for example, latitude and latitude such as 139 degrees 44 minutes 28 seconds 9 ± 20 seconds east longitude 35 degrees 39 minutes 29 seconds 2 ± 20 seconds in order to specify the position strictly. It may be determined based on the longitude, or altitude data may be included in this. The authentication request 184 further includes access permitter ID data. This access authorized person ID is an ID of a person who is permitted to access.

  FIG. 6 is a flowchart showing a process performed subsequent to the process flow of FIG. 3 in this case. The electronic device 200 transmits an authentication request 184 to the security management apparatus 100 (S402). The access control unit 182 included in the security management apparatus 100 receives an authentication request from the electronic device 200 by the data communication unit 110 (S404). Then, the access control means 182 compares the access permission time range data, access permission position range data, access permitted person ID data with the current time data, position data, and registered user data included in the authentication information data 152 ( S410 to S416), an access control signal 186 is generated and transmitted to the electronic device 200 by the data communication means 110 (S422, S432). In response to this, the electronic device 200 controls access from the user based on the access control signal received from the security management device (S424, S434). At this time, if the current time data (S412), position data (S414), and registered user data (S416) should be permitted to be accessed as a result of the comparison in step 410, an access control signal indicating success is obtained. 186 is transmitted (S422), and the electronic device 200 permits access (S424). On the other hand, if at least one of current time data (S412), position data (S414), and registered user data (S416) should not be permitted to access, an access control signal 186 indicating failure is transmitted. Then, the electronic device 200 rejects access (S434). If access is permitted, then, for example, processing as already shown in FIG. 5 is performed. If access is denied, error processing is performed (S436).

FIG. 9 shows a security management apparatus 100 ′ that is an embodiment different from the security management apparatus shown in FIG. The security management apparatus 100 ′ having this configuration also controls user access to the electronic device 200 in addition to authentication. The difference between the security management device 100 and the security management device 100 ′ is that the authentication information data 152 ′ from the authentication information data generation unit 150 is input to the access control unit 182 ′ instead of the key generation unit 166, and the access control is performed. The means 182 ′ indicates that the authentication information data 152 ′ ′ is input to the key generation unit 166 and the key storage unit 180 ′ . Also in the security management apparatus 100 ′, when the access control unit 182 ′ receives the authentication request 184 from the electronic device 200, the access control signal 186 is transmitted based on the authentication request 184 and the authentication information data 152 ′. In addition to this, the access control unit 182 ′ transmits the authentication information data 152 ″ to the key generation unit 166 and the key storage unit 180 ′ only when the authentication is successful. The access control unit 182 ′ is configured in this way, and the key generation unit 166 can generate key data from the authentication information data 152 ″. Therefore, it is necessary only when authentication based on the authentication request 184 is successful. The key data is generated and can be encrypted and decrypted by the cryptographic processing means 160. Further, only when the authentication is successful, the authentication information data 152 ″ at that time can be stored in the key storage unit, so that the correct authentication can be performed. It becomes possible to generate key data based on.

  Next, the access to the electronic device and the access to the data held by the electronic device are not explicitly performed based on the authentication information data, but the decryption is performed by using the decryption key based on the authentication information data. An embodiment in which a process of decrypting encrypted data is executed will be described. FIG. 7 is a flowchart describing the process in such a case as a continuation of the process of FIG. In this case, the electronic device 200 receives and stores the encrypted content data from the server 500 via the computer network 10, for example. The encrypted content data includes, for example, music data, video data, or data (digital content data) that is desired to be used by some user. When encrypting the content data, decryption permission time range data indicating a time range for which decryption is permitted, decryption permission position range data indicating a position range for which decryption is permitted, and decryption is permitted. An encryption key based on the ID data of the authorized person is used.

  After obtaining the authentication information data shown in FIG. 3, first, the encryption processing unit 160 of the security management device 100 encrypts the authentication information data 152 to generate encrypted authentication information data, and the electronic device is transmitted through the data communication unit 110. 200 (S502). The electronic device 200 receives the encrypted authentication information data and decrypts it (S504). Since the authentication information data includes current time data, location data, and registered user ID data, the electronic device 200 extracts the decryption key for decrypting the encrypted content data by extracting it. Generate (S506). The electronic device 200 further decrypts the encrypted content data using the decryption key (S508). Here, whether or not the decryption key can properly decrypt the encrypted content data depends on the decryption permission time range data and the decryption permission that are the basis of the encryption key at the time of encryption. It is determined by the relationship between the position range data, licensee ID data, and current time data, position data, and registered user ID data included in the authentication information data. Therefore, whether the decryption of the encrypted content data is successful or unsuccessful indicates whether the decryption is permitted or not, and the decryption is normally performed only when the permitted condition is satisfied. .

  Although the example in which the authentication information data is encrypted and transmitted to the electronic device has been shown, if there is no problem in the security of communication between the security management device 100 and the electronic device 200, the authentication information data is not encrypted and the It may be sent to the device. The decryption (S508) here may be performed by the electronic device 200, but the encrypted content data is transmitted to the security management apparatus 100 and decrypted by the encryption processing means 160 as shown in FIG. 5a. Also good. When the encrypted content data is transmitted to the security management apparatus 100 and decryption is performed by the encryption processing means 160, steps 502 and 504 are omitted, and the decryption key in step 506 is used as the key generation unit 166 (FIG. 1). The encryption processing unit 160 of the security management apparatus 100 can decrypt the encrypted content data by using the decryption key (S508).

  Next, an embodiment will be described in which an algorithm for encryption and decryption of the encryption processing means 160 can be switched and encryption processing is performed using a public key encryption method. FIG. 8 is an explanatory diagram showing the data structure of the encrypted content data 190 in this embodiment. Here, the encrypted digital content data 196 is not encrypted with a public key, but is encrypted with a common key encryption method using a common key called a session key that is randomly generated. The session key is encrypted with the public key and included as part of the encrypted content data. Also, an algorithm identifier used for decrypting the encrypted digital content data by the common key method is also encrypted with the session key and made a part of the encrypted content data. Thus, the encrypted content data 190 includes the session key 192 encrypted with the public key, the algorithm identifier 194 encrypted with the session key, and the digital content data 196 encrypted with the session key. . If there is a secret key corresponding to the public key used to encrypt the session key, the decrypted session key can be obtained. Then, if this session key is used as a common key and the encrypted algorithm identifier is decrypted by a previously known algorithm, the decrypted algorithm identifier can be obtained. Finally, the digital content can be obtained together using the session key by a decryption algorithm corresponding to the algorithm identifier.

  A decoding algorithm is selected by the algorithm identifier. For this reason, the encryption processing means 160 is configured so that the decryption algorithm can be switched by a program. This program is stored in advance in the program storage unit 188 according to each algorithm, and is loaded from the program storage unit 188 to the cryptographic processing unit 160 according to the algorithm identifier.

Next, an embodiment of the electronic device 200 of the present invention will be described.
The electronic device 200 includes data communication means 210. The data communication unit 210 establishes communication with the security management device 100 in cooperation with the data communication unit 110 of the security management device 100. The data communication unit 210 can communicate arbitrary data, and can communicate the authentication information data 152 and the digital content data regardless of whether they are encrypted. The electronic device 200 includes control means 240 for permitting or denying access to the electronic device itself. Further, the encryption processing unit 260 for performing encryption and decryption can be provided, but the encryption processing unit 260 may not necessarily be provided if the security management device 100 includes the encryption processing unit 160. . The electronic device 200 includes a network communication unit 220 and can be connected to a server 500 that provides some data and services via the computer network 10 such as the Internet. In addition, the electronic device 200 may include a storage unit 280 that stores data.

  The electronic device 200 manages security in cooperation with the security management apparatus 100. For example, the control unit 240 can control the user's access to the electronic device 200 in response to the access control signal 186 from the access control unit 182. The storage unit 280 can store data encrypted based on the authentication information data from the security management apparatus 100. Conversely, the encrypted data is stored in the storage unit 280, and the data can be decrypted based on the authentication information data from the security management apparatus 100. Alternatively, the authentication information data obtained by the security management apparatus 100 can be added to data stored in the storage unit 280 or data transmitted from the electronic device 200. In addition, when taking a log indicating who, where, and what operation, it can be based on the current time data, location data, and registered user ID data from the security management device 100.

  Although the embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments, and various modifications, changes and combinations can be made based on the technical idea of the present invention. .

  For example, in FIG. 1, the security management device 100 and the electronic device 200 are described as being directly connected. However, the security management device 100 is configured to be connected via a network such as the Internet or connected by wireless communication means. You can also

  In addition, the time specifying unit 120 may obtain time data from time signal data superimposed on radio waves of radio broadcast or television broadcast. Further, for example, the time specifying unit 120 can use the GPS time by the time data included in the GPS radio wave. This makes it possible to obtain time data that is traceable to the world agreement time without using standard radio waves. For example, the time specifying unit 120 can calibrate the time again after a predetermined period has elapsed since the timepiece was last calibrated.

  The GPS data is not limited to those specified by longitude and latitude and altitude. For example, in order to easily associate with GPS data, for example, X = −3,959,340.1 ± 100 m, Y = 3,352,854.5 ± 100 m, according to the ITRF (International Terrestrial Reference Frame) coordinate system, Z = 3,697, 471.5 ± 100 m may be specified. Of course, if a wider area is set as the access permission position range, for example, access can be made substantially possible only within the area of one country. In addition, as an access permission position range, a position range other than a specific position may be specified to give a position range that substantially does not permit access.

  Further, the authentication information data 152 may be configured such that it is not transmitted unless the user's fingerprint matches the registered user's fingerprint. Thereby, even if the security management device is lost, for example, the authentication information data cannot be extracted unless the finder is a registered user, and security can be improved.

  Furthermore, although the case where fingerprints are mainly used as biometric information has been described, authentication is performed using other biometric information such as iris patterns, finger or palm vein patterns, or action information such as voiceprints or signs. It can also be.

  In addition, in the case of the public key encryption method in which the session key as a common key is encrypted with the public key in connection with FIG. 8, the digital content is directly encrypted with the public key without using the session key. A simpler public key cryptosystem can also be realized as obtained. In addition, when the authentication is successful based on the current time data, the position data, and the registered user ID data, the private key data stored in advance in the key storage unit 180 can be called and used for decryption.

  In the above embodiment, the case where both the current time data and the position data are used in addition to the registered user ID data is mainly described, but the authentication information data 152 includes either the current time data or the position data. May not be included. Depending on the level of security required, it can be determined whether to use both current time data and position data, or only one of them. In this case, if the authentication request 184 in FIG. 1 requires data that is not included, the authentication information data generation unit 150 may generate authentication information data including data corresponding to the authentication request again. Further, the data can be compared with the authentication request 184.

  Some of the processes shown in FIGS. 3 to 7 can be interchanged in order. For example, the processing order of the acquisition of the current time data (S106) and the generation of position data (S108) shown in FIG. 3 is arbitrary as long as it is performed until the generation of authentication information data (S116). As another example, the access control processing in FIGS. 4 and 6 and the encryption processing in FIG. 7 have been described as processing following the authentication processing shown in FIG. 3, but the order of these is completely separated in this way. It does not have to be. In response to the transmission of the authentication request from the electronic device 200 shown in FIG. 6 (S402), after the security management apparatus 100 receives the authentication request (S404), the authentication information data is generated from the acquisition of the time data of FIG. The processing up to (S106 to S116) can also be performed.

  By using the present invention, for example, data whose privacy should be managed can be safely browsed at a plurality of locations and exchanged with each other, and the security level of the operation of the electronic device whose privacy should be managed is managed. You can also In addition, accurate time and accurate position data can be obtained very easily.

  In each of the above embodiments, the determination unit 146, the authentication information data generation unit 150, the encryption processing unit 160, and the access control unit 182 in the reference numeral 102 in FIG. Each of these means may be a functional means realized by a program using a processor and a memory whose functions can be changed by the program.

  When the user carries the security management device of the present invention, the user can prove that he / she is a valid user for various electronic devices whose security is managed. In other words, the security management device of the present invention can be used as an extremely reliable authentication token, like a seal with a seal certificate, by performing a procedure for registering a registered user in the security management device in a public place. Can do.

FIG. 1 is a block configuration diagram showing an embodiment of a security management apparatus of the present invention. FIG. 2 is an explanatory diagram showing a configuration of authentication information data generated in the security management device of the present invention. FIG. 3 is a flowchart showing the processing operation in the embodiment of the security management device and the electronic apparatus of the present invention. FIG. 4 is a flowchart showing a processing operation in the embodiment of the security management device and the electronic apparatus of the present invention. FIG. 5 is a flowchart showing a processing operation in the embodiment of the security management device and the electronic apparatus of the present invention. FIG. 6 is a flowchart showing the processing operation in the embodiment of the security management device and the electronic apparatus of the present invention. FIG. 7 is a flowchart showing a processing operation in the embodiment of the security management device and the electronic apparatus of the present invention. FIG. 8 is an explanatory diagram showing a configuration of encrypted content data that is cryptographically processed in the embodiment of the security management device and the electronic device of the present invention. FIG. 9 is a block diagram showing another embodiment of the security management device of the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Computer network 100 Security management apparatus 110 Data communication means 110 Communication means 120 Time specification means 130 Position specification means 132 Final specific position storage means 140 User authentication means 142 Sensor 144 Registered user fingerprint information storage part 146 Determination part 150 Authentication information data Generating means 152 Authentication information data 160 Cryptographic processing means 180 Key storage unit 182 Access control means 184 Authentication request 186 Access control signal 188 Program storage means 200 Electronic device 210 Data communication means 220 Network communication part 240 Control means 260 Cryptographic processing means 280 Storage means 300 Transmitting station 400 Satellite 500 Server

Claims (21)

Data communication means capable of communicating with an external electronic device;
A time specifying means for outputting current time data, including a clock capable of acquiring current time data;
A position specifying means for specifying a geographical position and outputting position data;
It acquires either the current user's biometric information or behavior information, determines whether the biometric information or behavior information belongs to a registered user registered in advance, and the user's biometric information or behavior User authentication means for outputting registered user ID data for identifying the user when the information is that of the registered user;
Receiving the current time data, the location data, and the registered user ID data, and at least based on the registered user ID data, authentication information data further based on either the current time data or the location data Authentication information data generating means for generating and transmitting the authentication information data;
Using the encryption key or the decryption key based on at least one of the authentication information data from the authentication information data generation means and the key data from the electronic device, the data is encrypted or encrypted. Encryption processing means capable of executing at least one of decryption and transmitting at least one of encrypted data and decrypted data through the data communication means;
A secret key storage means for storing secret key data of the public key cryptosystem;
With
When the user authentication means determines that the biometric information or the behavior information is that of a registered user registered in advance, the encryption processing means reads the secret key data from the secret key storage means, At least either data encrypted using public key data paired with the secret key as an encryption key, or session key data that is encrypted using the public key and is a common key used for data encryption A security management device that decrypts either of them using the secret key data as a decryption key .   The security management apparatus according to claim 1, wherein the user authentication unit includes a sensor that acquires fingerprint information, and compares fingerprint data acquired by the sensor with fingerprint data of a registered user.   The said time specification means contains the reception means of the radio | wireless communication wave or broadcast wave containing traceable time data with respect to the time of world agreement, The said timepiece is calibrated according to the said time data. Security management device.   The security management apparatus according to claim 1, wherein the position specifying unit includes a global positioning system radio wave receiving unit. Program storage means for storing a program for specifying which of a plurality of encryption or decryption algorithms to use and causing the encryption processing means to process the encryption or decryption algorithm;
The encryption processing means performs processing according to a program stored in the program storage means, and performs an encryption or decryption algorithm according to an algorithm designation instruction from the electronic device or an algorithm identifier included in data received from the electronic device. The security management device according to claim 1, wherein the security management device is switched.   The security management device according to claim 4, wherein the time specifying unit calibrates the timepiece according to a time signal of the global positioning system radio wave.   The security management device according to claim 1, wherein the position specifying means includes final specified position storage means for storing position data specified last and time data at that time.   The security management device according to claim 1, wherein the authentication information data generation unit transmits the authentication information data only when the biometric information or behavior information of the user belongs to the registered user. . Receiving the authentication information data from the authentication information data generating means, receiving the authentication request by the data communication means, comparing the authentication information data from the authentication information data generating means with the authentication request, and At least one of a comparison result between time data and the access-permitted time range data, or a comparison result between the position data and the access-permitted position range data, and the registered user ID data and the access-permitted user ID data based on the comparison result, a luer access control means to output the verification data,
The security management device according to claim 1, further comprising: key generation means for generating key data for encryption or decryption in the encryption processing means from the authentication information data from the access control means . A system including an electronic device and the security management device according to claim 1,
In the security management device, the authentication information data generation unit transmits the authentication information data as it is to the electronic device through the data communication unit, or the encryption processing unit encrypts the authentication information data and performs encrypted authentication. Information data is generated and transmitted to the electronic device through the data communication means;
The electronic device receives the authentication information data or the encrypted authentication information data, and from the authentication information data or the encrypted authentication information data, either the current time data or the location data and the registered use A user ID data, and controls access from a user by specifying at least one of an access permission time range or an access permission position range and an access authorized person. A system including an electronic device and the security management device according to claim 1,
The electronic device transmits an authentication request including at least one of access permission time range data or access permission position range data and access permission person ID data to the security management device, and receives the authentication request from the security management device. The access from the user is controlled by the access control signal.
The security management device receives the authentication request by the data communication unit, compares the authentication information data from the authentication information data generation unit with the authentication request, and compares the current time data and the access permission time range data. Access control signal based on the comparison result between the registered user ID data and the access authorized person ID data, and the comparison result between the registered user ID data and the access authorized person ID data And an access control means for outputting the access control signal to the electronic device through the data communication means. When the user is permitted to access the electronic device, the encryption processing means encrypts or decrypts data received from the electronic device and transmits the data to the electronic device through the data communication means. The system according to claim 10 or 11, wherein:
A system including an electronic device and the security management device according to claim 1,
In the security management device, the authentication information data generation unit transmits the authentication information data as it is to the electronic device through the data communication unit, or the encryption processing unit encrypts the authentication information data and performs encrypted authentication. Information data is generated and transmitted to the electronic device through the data communication means;
The electronic device uses the encryption key based on at least one of the decryption permission time range data and the decryption permission position range data permitted to be decrypted and the ID data of the licensee permitted to decrypt the digital content. The encrypted content data obtained by encrypting the data is received from the outside or stored in an internal storage device,
The electronic device receives the authentication information data or the encrypted authentication information data, and decrypts the encrypted content data based on the decryption of the authentication information data or the encrypted authentication information data. Generate a decryption key,
The system, wherein the encrypted content data is decrypted with the decryption key.   When the decryption of the encrypted content data is permitted, the encryption processing unit decrypts at least a part of the encrypted content data received from the electronic device through the data communication unit, and the electronic device The system according to claim 13, wherein the decrypted content data is transmitted. A system including an electronic device and the security management device according to claim 1,
The electronic device uses the encryption key based on at least one of the decryption permission time range data and the decryption permission position range data permitted to be decrypted and the ID data of the licensee permitted to decrypt the digital content. The encrypted content data obtained by encrypting the data is received from the outside or stored in an internal storage device,
The encryption processing means receives the authentication information data, receives the encrypted content data from the electronic device through the data communication means, and decrypts the encrypted content data based on the authentication information data A system for generating a decryption key, decrypting the encrypted content data using the decryption key, and transmitting the decrypted content data to the electronic device through the data communication means. Data communication means capable of communicating with the security management device according to claim 1, wherein the registered user ID data when the current user's biometric information or behavior information is that of a registered user registered in advance. At least one of authentication information data further based on either current time data or position data or encrypted authentication information data obtained by encrypting the authentication information data can be received based on at least Data communication means capable of transmitting and receiving data to be converted or decoded data;
Based on the authentication information data from the security management device, or the current time data or the location data included in the encrypted authentication information data and the registered user ID data, A control means for controlling access;
An electronic device that transmits and receives data encrypted or decrypted by the security management device. A data communication means capable of communicating with the security management device according to claim 1, wherein an authentication request including at least one of access permission time range data or access permission position range data and access permitter ID data is provided. A data communication means capable of transmitting to the security management device, receiving an access control signal from the security management device, and transmitting and receiving data to be encrypted or decrypted;
An authentication request including at least one of access permission time range data or access permission position range data and access permitter ID data is transmitted to the security management device and used by an access control signal received from the security management device Control means for controlling access from the person,
An electronic device that transmits and receives data encrypted or decrypted by the security management device. The electronic device according to claim 16 or 17 , further comprising: an encryption processing unit that encrypts data stored in an internal storage unit or received data based on the authentication information data or the encrypted authentication information data. The authentication information data or on the basis of the encrypted authentication information data, according to claim 16 or 17 further comprising a cryptographic processing means for decrypting the encrypted data or the received encrypted data are stored in an internal storage means Electronic equipment. 18. The data according to claim 16 or 17 , wherein the current time data, the position data, and the registered user ID data included in the authentication information data or the encrypted authentication information data are added to data to be transmitted or stored. Electronics. The electronic apparatus according to claim 16 , wherein a log including any data of a data group including the current time data, the position data, and the registered user ID data is taken.

Images