JP5942612B2 - Information storage device and access determination method thereof - Google Patents

Description

  The present invention relates to an information storage device and an access determination method thereof.

  Conventionally, a portable electronic device relating to access control to a memory area of an IC card incorporating an IC chip has been disclosed (see Patent Document 1). The portable electronic device of Patent Document 1 includes a memory unit having a plurality of areas and a control unit for accessing the memory unit.

  The portable electronic device stores, for each authentication information, a verification result of a plurality of authentication information (key data) used for accessing the area and authentication information from the outside, and authentication information necessary for accessing the area. Also remember the combination. Then, when accessing the area, it is determined whether or not access is possible based on each verification result of the combination of authentication information. Therefore, a combination of authentication information necessary for access can be arbitrarily set for each area of the memory unit, and access conditions for each area can be set finely.

  Further, the communication method and encryption technology between the IC card and the terminal are defined by the EMV standard, which is an international de facto standard, and the specifications for secure messaging are also defined (Non-patent Document 1).

Japanese Patent No. 2831660

EMV v4.3 Book2 Security and Key Management (November 2011)

Although the portable electronic device of Patent Document 1 can set fine authentication conditions for each area of the memory unit, when restricting users for each area, it is necessary to set different authentication conditions. For this reason, when the number of files that can be accessed increases, it is necessary to set a large number of authentication conditions accordingly, and there is a problem that the setting becomes complicated. Further, when encrypting a communication message (secure messaging), an authentication key for secure messaging is used. However, the secure messaging key cannot be used for user restriction (authentication) as disclosed in Patent Document 1.
Moreover, although patent document 2 is a technique regarding the specification of secure messaging, there existed a problem which cannot be used for a restriction | limiting of a user as mentioned above.

  The present invention has been proposed in view of such circumstances, and an information storage device capable of restricting accessible users while preventing eavesdropping by a third party without using an authentication key, and An object is to provide an access determination method.

  An information storage device according to the present invention receives a file storage unit that stores one or more files, and an access request based on a secure messaging key for any one target file stored in the file storage unit. Receiving means, corresponding to each file stored in the file storage means, each key identification information of a plurality of secure messaging keys, and whether or not each secure messaging key has an access right to the file An access right information storage means for storing the access right information indicating each of the plurality of secure messaging keys, and whether or not secure messaging by each secure messaging key is valid. Status information storage means for storing the status information, and the access right information Referring to the storage means and the status information storage means, the secure messaging key of the access request received by the receiving means has the right to access the target file, and the secure messaging by each secure messaging key is performed. And an access determining unit that determines that the target file can be accessed when it is valid.

  The receiving unit receives an access request based on a secure messaging key or an authentication key for any one target file stored in the file storage unit, and the access right information storage unit includes: Provided corresponding to each file stored in the file storage means, each key identification information of a plurality of secure messaging keys or authentication keys, each secure messaging key or each authentication key to the file Access status information indicating whether or not there is an access right is stored, and the status information storage means stores the key identification information of each of a plurality of secure messaging keys or authentication keys and secure messaging using each secure messaging key. This indicates whether it is valid and whether authentication with the authentication key is valid. The access determination means refers to the access right information storage means and the status information storage means, and the secure messaging key or authentication key of the access request received by the receiving means is the target. It is determined that access to the target file is possible when the file has an access right and the secure messaging by each secure messaging key or the authentication by the authentication key is valid.

  The access determination method of the information storage device according to the present invention receives an access request based on a secure messaging key for any one target file of one or more files stored in a file storage unit, Provided corresponding to each file stored in the file storage unit, each key identification information of a plurality of secure messaging keys, and whether or not each secure messaging key has the right to access the file Stores access right information storage unit for storing access right information, key identification information of each of a plurality of secure messaging keys, and status information indicating whether or not secure messaging by each secure messaging key is valid The received access request is secured with reference to the status information storage unit. The key for the messaging has access the target file, and, when secure messaging by the secure messaging key is valid, wherein the access to the target file is determined to be.

  According to the present invention, it is possible to limit accessible users while preventing eavesdropping by a third party without using an authentication key.

It is a block diagram which shows the structure of an information processing system. It is a figure which shows the file (data) memorize | stored in the memory area in an IC card. It is a figure which shows the structure of the access right of file (alpha). It is a figure which shows the structure of the access right of file (beta). It is a figure which shows the structure of the access right of file (theta). It is a figure which shows the structure of a security status. It is a flowchart which shows an access request determination routine. It is a figure which shows the other structure of a security status. It is a figure which shows the other structure of a security status. It is a figure which shows the other structure of a security status. It is a figure which shows the file (data) memorize | stored in the memory area in an IC card.

Embodiments of the present invention will be described below.
[First Embodiment]
FIG. 1 is a block diagram illustrating a configuration of an information processing system 1 according to the first embodiment. The information processing system 1 includes an information terminal device 10 and an IC card 30 that determines whether an access request is received from the information terminal device 10.

  The information terminal device 10 includes a CPU (Central Processing Unit) 11, a ROM 12 (Read Only Memory), a RAM (Random Access Memory) 13, a bus 14, an interface (I / F) 15, a reader / writer (R / W) 16, an input. Unit 17, display 18, and magnetic disk 19.

  The CPU 11, ROM 12, RAM 13, and interface 15 are connected to each other by a bus 14. The R / W 16, the input unit 17, the display 18, and the magnetic disk 19 are connected to each other by an interface 15. The ROM 12 is a nonvolatile read-only memory. The ROM 12 stores basic software such as an operating system (hereinafter referred to as “OS”).

  The CPU 11 executes various processes in accordance with the OS stored in the ROM 12 and the program (application program) read from the magnetic disk 19 and developed in the RAM 13. The RAM 13 is a volatile memory capable of rewriting stored data, and stores programs necessary for the CPU 11 to execute various processes.

  The interface 15 manages input / output of information among the R / W 16, the input unit 17, the display 18 and the magnetic disk 19. The interface 15 is connected to the CPU 11, ROM 12, and RAM 13 via the bus 14. The R / W 16 is in electrical contact with the contact terminal of the IC card 30 and mediates communication between the CPU 11 and the IC card 30.

  The input unit 17 is, for example, a keyboard or a pointing device, and inputs various commands from the user, other necessary information, and the like according to user operations. The display 18 is an LCD (Liquid Crystal Display), for example, and displays various information such as characters and images. The magnetic disk 19 stores an encryption / decryption application program and data necessary for executing the program.

  The IC card 30 is inserted into the R / W 16 of the information terminal device 10 and can communicate with the information terminal device 10. The IC card 30 includes a communication unit 31 that receives power supply from the R / W 16 and performs contact communication, a CPU 32 connected to the communication unit 31, a RAM 33 connected to the CPU 32, a ROM 34, and a nonvolatile memory 35. Yes.

  In the RAM 33, for example, a security status read from the nonvolatile memory 35 and expanded is stored. The security status is set to a default value at the time of starting or resetting, but is appropriately changed according to an instruction from the operator. The ROM 34 stores a control program (execution routine) for the CPU 32 and an access right corresponding to each file in the IC card 30.

  The nonvolatile memory 35 stores a program executed by the CPU 32 and data necessary for executing the program. Further, the non-volatile memory 35 includes files α, β, θ, secure messaging (SM) key A, SM key B for preventing eavesdropping of communication contents to the files α, β, θ, and a default time. The security status is stored.

FIG. 2 is a diagram showing files (data) stored in the memory area in the IC card 30. The memory area of the IC card 30 is a virtual representation of each storage area of the RAM 33, ROM 34, and nonvolatile memory 35.
The memory area of the IC card 30 stores the file α and its access right, the file β and its access right, the file θ and its access right. Further, the memory area stores a key A (SM key A), a key B (SM key B), and a security status.

3 is a diagram showing the configuration of each of the access rights for the file α, FIG. 4 is the access rights for the file β, and FIG. As shown in FIGS. 3 to 5, the access right is determined for each file.
For example, as shown in FIG. 3, for the file α, the key ID_A is “TRUE”, and the keys ID_B to ID_H are “−”. Here, “TRUE” indicates that authentication with an authentication key or SM with an SM key is required to access a file. “-” Indicates that “TRUE” or “FALSE” may be used. Therefore, in order to access the file α, authentication using the authentication key A or SM using the SM key A is required.

  Further, according to FIG. 4, in order to access the file β, authentication using the authentication key B or SM using the SM key B is required. According to FIG. 5, in order to access the file θ, authentication by the authentication key A and authentication key B, or authentication by the authentication key A and SM by the SM key B, or by the SM key A Authentication with SM and authentication key B, or SM with SM key A and SM key B is required.

  FIG. 6 is a diagram showing the configuration of the security status. The security status is information indicating whether or not the key indicated by the key ID is valid for each key ID. Specifically, for each key ID, the security status indicates whether an SM communication command using an SM key is valid (SM communication using an SM key is valid) or not, and whether authentication using an authentication key is valid. It has a flag (TRUE / FALSE) indicating whether or not. This security status is updated to “FALSE” by resetting each status at the time of starting or resetting. Also, since this security status is managed only by the key ID, whether authentication is valid or whether SM communication with the SM key is valid, there is no difference between authentication and SM status management. When this key authentication or SM by key is valid, the status of the key ID is rewritten to “TRUE” by the CPU 32.

  In the key ID, whether it is an SM key or an authentication key is distinguished by key attribute information. That is, whether the key is an authentication key or an SM key is set as an attribute of the key file stored in the IC card 30. Here, the SM key and the authentication key are configured in the same format, and have a key ID and attached information (information such as key size and algorithm). The SM key and the authentication key may be assigned the same key ID. In the case of the same key ID, the security status can be validated for either key by performing authentication using the SM for SM having the same ID or authentication using the authentication key. Alternatively, the file may have another ID, the file may have access rights, both IDs may be required, or any ID may be required.

  In FIG. 6, the SM key or the authentication key identified by the key ID_A, the key ID_B,..., The key ID_H (hereinafter, the key of the key ID_X is referred to as “key X”). It is shown whether SM communication by is effective or whether authentication by the authentication key is effective. Specifically, when the SM by the SM key associated with the key ID is valid, or when the authentication key associated with the key ID is authenticated (valid), the status becomes “TRUE”.

  In this way, whether or not the authentication key is authenticated only by indicating the flag (valid or not) for each key ID without considering whether the security status is the authentication key or the SM key. (Whether it is valid) or whether SM using the SM key is valid. The security status is set to a default value (FIG. 6) when the IC card 30 is activated, but can be changed as appropriate according to control from the information terminal device 10 and communication status.

(Use of general authentication key)
In general, when there is an authentication key A for accessing the file α and an authentication key B for accessing the file β in the IC card, users who can access the file are restricted as follows.

When there are users A and B of the IC card, the authentication key A is notified only to the user A, and the authentication key B is notified only to the user B. As a result, the access status of each user is as follows.
The user A can access the file α when the authentication key A is authenticated.
Since the user A does not know the authentication key B, the user A cannot access the file β.
The user B can access the file β when the authentication key B is authenticated.
Since the user B does not know the authentication key A, the user B cannot access the file α.

(Use of general secure messaging key)
As a countermeasure against wiretapping of communication between the IC card and the information terminal device (R / W), there is secure messaging (SM) that encrypts communication between the IC card and the information terminal device. Therefore, when a secret file that needs to be kept secret is stored in the IC card, the secret file is protected by secure messaging using the SM key in order to prevent a third party from eavesdropping on access communication to the secret file. Need access to.

  When accessing the secret file, it is determined whether or not SM communication using the SM key is being performed. Then, it is determined that access is possible when communication by SM is performed, and access is impossible when communication is not performed, and access is restricted depending on whether SM is valid or not.

(Problems when using authentication and SM keys)
When the user is restricted by a file and countermeasures against eavesdropping are to be taken, it is necessary to use the authentication key and the SM key. In that case, in the case of the above example, the IC card needs to store three types of keys: an authentication key A, an authentication key B, and an SM key. Also, the information terminal device (host side) needs to manage what the key stored in the IC card is.
However, when the number of types of keys increases according to the number of files, there is a problem that the management cost increases. Furthermore, it is necessary to manage access restrictions by authentication of authentication keys and secure messaging using SM keys by completely different mechanisms.

  In general, since the SM key is common to the user A and the user B, the user A can eavesdrop on the contents of the user B accessing the file B, for example. Thus, if two types of SM keys, SM key A and SM key B, are prepared, user A uses SM key A and user B uses SM key B to eavesdrop on each other. Can be prevented.

  However, such a method requires a total of four types of keys, that is, an authentication key A, an authentication key B, an SM key A, and an SM key B, and the number of keys stored in the IC card increases. There is a problem that the burden of key management costs increases.

  Therefore, in the information processing system 1 according to the present embodiment, the IC card 30 uses the SM key to prevent eavesdropping by a third party, and without using the authentication key, the access right and the security status. Is used to limit who can access the file by executing the following routine:

FIG. 7 is a flowchart showing an access request determination routine by the CPU 32 of the IC card 30.
In step S <b> 1, the CPU 32 receives an access request command via the communication unit 31 before making an access request at the SM.
In step S2, the CPU 32 stores in the RAM 33 as a security status which SM key is used for the SM when the access request command is received.
In step S3, when the CPU 32 receives an access request that is a request to read the target file or a write request to the target file, the process proceeds to step S4.

In step S4, the CPU 32 refers to the access right stored in the ROM 34, and determines whether or not the SM key used in step S1 has an access right for the target file. If there is an access right, the process proceeds to step S5. If there is no access right, the process proceeds to step S6.
In step S5, the CPU 32 refers to the security status stored in the RAM 33, and determines whether SM or authentication using a key having an access right for the target file is valid. If it is valid, the process proceeds to step S7, and if it is not valid, the process proceeds to step S6.

In step S <b> 7, the CPU 32 performs processing according to the access request via the communication unit 31. For example, when the access request is a file read, the file is read and the read result is returned to the information processing terminal 10, and when the access request is a write, the result of writing and writing is performed. Is returned to the information terminal device 10.
On the other hand, in step S <b> 6, the CPU 32 returns an access non-permission to the information terminal device 10 via the communication unit 31. Thereby, the information terminal device 10 cannot access the file of the IC card 30, and reading or writing of the file is prohibited.

(For access requests without secure messaging)
Here, when the security status is configured as shown in FIG. 6 and there is an access request without secure messaging (without using a key) for the target file, the following occurs.

In the case of an access request for the file α, according to the access right of the file α (FIG. 3), the key A corresponding to the key ID_A has the access right of the file α. However, the access request is not permitted because it does not use a key.
In the case of an access request for the file β, according to the access right for the file β (FIG. 4), the key B corresponding to the key ID_B has the access right for the file β. However, the access request is not permitted because the key B is not used.

(For access request in secure messaging with key A)
FIG. 8 is a diagram showing another configuration of the security status. For example, as shown in FIG. 8, the status of the key ID_A is “TRUE”, the status of the other key ID is “FALSE”, and the access request for secure messaging using the key A is performed on the target file. If there is, it will be as follows.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), the key A corresponding to the key ID_A has the access right of the file α. Furthermore, according to the security status shown in FIG. 8, the key A is valid. For this reason, an access request in secure messaging using the key A is permitted.

  In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B corresponding to the key ID_B and not the key A that has the access right of the file β. For this reason, an access request in secure messaging using the key A is not permitted.

  In the case of an access request to the file θ, according to the access right of the file θ (FIG. 5), both the key A and the key B have the access right of the file θ. For this reason, an access request in secure messaging using the key A without the key B is not permitted.

(For access request in secure messaging using key B)
FIG. 9 is a diagram showing another configuration of the security status. For example, as shown in FIG. 9, the status of the key ID_B is “TRUE”, the status of the other key ID is “FALSE”, and the access request for secure messaging using the key B is performed on the target file. If there is, it will be as follows.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A and not the key B that has the access right of the file α. For this reason, an access request for the file α in secure messaging using the key B is not permitted.

  In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B that has the access right of the file β. Furthermore, according to the security status shown in FIG. 9, the key B is valid. Therefore, an access request for the file β in secure messaging using the key B is permitted.

  In the case of an access request for the file θ, according to the access right for the file θ (FIG. 5), the key A and the key B have the access right for the file θ. Therefore, an access request for the file θ in secure messaging using the key B without the key A is not permitted.

(In case of access request in secure messaging using both key A and key B)
FIG. 10 is a diagram showing another configuration of the security status. Here, the key A is an SM key having an encryption function, and the key B is an SM key having a message authentication function. Then, as shown in FIG. 10, the status of the key ID_A and the key ID_B is “TRUE”, the status of the other key ID is “FALSE”, and the key A and the key B are in the target file. When there is an access request for secure messaging by both, it is as follows.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A that has the access right of the file α. Then, according to the security status shown in FIG. 10, the key A is valid. For this reason, an access request in secure messaging using both the key A and the key B is permitted.

  In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B that has the access right of the file β. Then, according to the security status shown in FIG. 10, the key B is valid. For this reason, an access request in secure messaging using both the key A and the key B is permitted.

  In the case of an access request for the file θ, according to the access right for the file θ (FIG. 5), the key A and the key B have the access right for the file θ. Then, according to the security status shown in FIG. 10, both the key A and the key B are valid. For this reason, an access request in secure messaging using both the key A and the key B is permitted.

  As described above, in the IC card 30 according to the present embodiment, when there is an access request for secure messaging using the SM key for the target file, the SM key of the access request uses the access right for the target file. Is granted and valid.

  That is, since the IC card 30 restricts users using the access right and security status defined by the key ID, it is not necessary to distinguish between the authentication key and the SM key, and authentication and secure messaging are performed with different mechanisms. There is no need to manage. As a result, even if there is no authentication key, the IC card 30 can freely limit the users who are allowed to access the target file by simply checking which SM key is used, and can manage the key. Cost can be suppressed.

For example, with respect to the file A and the file B in the IC card, in order to prevent eavesdropping by a third party and restrict accessible users, conventionally, four types of keys are necessary.
On the other hand, the IC card 30 according to the present embodiment can restrict users who can access with only two types of SM key A and SM key B by using the access right and the security status. .

[Second Embodiment]
Next, a second embodiment of the present invention will be described. In addition, the same code | symbol is attached | subjected to the same site | part and process step as 1st Embodiment, and while overlapping description is abbreviate | omitted, a different point is mainly demonstrated.

  FIG. 11 is a diagram showing files (data) stored in the memory area in the IC card 30. The memory area of the IC card 30 stores the file α and its access right, the file β and its access right, the file θ and its access right. Further, the memory area stores a key A (SM key A), a key B (authentication key B), and a security status. That is, in the present embodiment, an SM key and an authentication key are used.

  Also in the second embodiment, the access request determination routine shown in FIG. 7 is executed. As a result, the IC card 30 can restrict accessible users even when there is an access request as shown below.

(For secure messaging and access requests without authentication)
When the security status is configured as shown in FIG. 6 and there is an access request without a secure messaging and authentication (no key is used) for the target file, the following occurs.

In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A that has the access right of the file α. However, the access request is not permitted because it does not use a key.
In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B that has the access right of the file β. However, the access request is not permitted because it does not use a key.

(For access request in secure messaging with key A)
When the security status is configured as shown in FIG. 8 and there is an access request for secure messaging using the key A for the target file, the following occurs.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A that has the access right of the file α. Furthermore, according to the security status shown in FIG. 8, the key A is valid. For this reason, an access request in secure messaging using the key A is permitted.

  In the case of an access request for the file β, according to the access right for the file β (FIG. 4), the key B has the access right for the file β, not the key A. For this reason, an access request in secure messaging using the key A is not permitted.

  In the case of an access request to the file θ, according to the access right of the file θ (FIG. 5), both the key A and the key B have the access right of the file θ. For this reason, an access request in secure messaging using the key A without the key B is not permitted.

(In case of access request after authenticating with key B)
When the security status is configured as shown in FIG. 9 and there is an access request after performing authentication with the key B for the target file, the following occurs.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A and not the key B that has the access right of the file α. For this reason, an access request after authentication by the key B is not permitted.

  In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B that has the access right of the file β. Furthermore, according to the security status shown in FIG. 9, the key B is valid. For this reason, an access request after authentication by the key B is permitted.

  In the case of an access request for the file θ, according to the access right for the file θ (FIG. 5), the key A and the key B have the access right for the file θ. For this reason, an access request after authenticating with the key B without the key A is not permitted.

(In case of access request by secure messaging with key A after authentication with key B)
When the security status is configured as shown in FIG. 10 and the target file is authenticated by the key B and the access request by the secure messaging by the key A is made, the following is performed.

  In the case of an access request for the file α, according to the access right of the file α (FIG. 3), it is the key A that has the access right of the file α. Then, according to the security status shown in FIG. 10, the key A is valid. For this reason, after performing authentication using the key B, an access request by secure messaging using the key A is permitted.

  In the case of an access request to the file β, according to the access right of the file β (FIG. 4), it is the key B that has the access right of the file β. Then, according to the security status shown in FIG. 10, the key B is valid. For this reason, after performing authentication using the key B, an access request by secure messaging using the key A is permitted.

  In the case of an access request for the file θ, according to the access right for the file θ (FIG. 5), the key A and the key B have the access right for the file θ. Then, according to the security status shown in FIG. 10, both the key A and the key B are valid. For this reason, after performing authentication using the key B, an access request by secure messaging using the key A is permitted.

  As described above, the IC card 30 according to the second embodiment uses the access right and the security status using the key ID as in the first embodiment, so that the key used in the access request is the SM key. It is possible to restrict the users who can access the file without distinguishing between the authentication key and the authentication key.

The present invention is not limited to the above-described embodiments, and can be applied to design changes within the scope of the matters described in the claims. For example, when a plurality of keys are designated for the access right stored in the IC card 30, access is permitted when all the designated keys are valid (key A and key B are TRUE (necessary) In the case of “when both key A and key B are TRUE”, access is permitted when either of the specified keys is valid (when key A and key B are TRUE) Can be accessed when “key A or key B is TRUE”. Further, they may be combined (when key A, key B, key C, or key D is specified, “one of key A, key B or both are TRUE”, and “one of key C, key D is selected. (Alternatively, access permission when both are TRUE). In secure messaging, when secure messaging is performed using a secure messaging key, secure messaging using a key derived using the secure messaging key may be used.
Further, the IC card 30 is not limited to a contact type card and a non-contact type card, but can also be applied to a hybrid card or a two-way access card combining them.

Further, the program for realizing the functions of the information terminal device 10 or the IC card 30 in FIG. 1 is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed. By doing so, key update management may be performed. Here, the “computer system” includes an OS and hardware such as peripheral devices.
Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used.
The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included. The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.

30 IC card 31 communication unit 32 CPU
33 RAM
34 ROM
35 Nonvolatile memory

Claims (3)

File storage means for storing one or more files;
Receiving means for receiving an access request based on a secure messaging key for any one of the target files stored in the file storage means;
Provided corresponding to each file stored in the file storage means, each key identification information of a plurality of secure messaging keys, and whether or not each secure messaging key has an access right to the file Access right information storage means for storing access right information;
Status information storage means for storing status information indicating the key identification information of each of the plurality of secure messaging keys and whether or not secure messaging by each secure messaging key is valid;
Referring to the access right information storage means and the status information storage means, the secure messaging key of the access request received by the receiving means has the access right of the target file, and is based on the secure messaging key. An access determination unit that determines that access to the target file is possible when secure messaging is enabled;
An information storage device comprising: The receiving means receives an access request based on a secure messaging key or an authentication key for any one of the target files stored in the file storage means,
The access right information storage means is provided corresponding to each file stored in the file storage means, and each key identification information of a plurality of secure messaging keys or authentication keys and each secure messaging key or each Stores access right information indicating whether or not the authentication key has access rights to the file,
The status information storage means includes key identification information for each of a plurality of secure messaging keys or authentication keys, whether or not secure messaging using each secure messaging key is effective, and authentication using an authentication key is effective Status information indicating whether or not
The access determination means refers to the access right information storage means and the status information storage means, and the secure messaging key or authentication key of the access request received by the receiving means has the access right to the target file. The information storage device according to claim 1, wherein when the secure messaging by the secure messaging key or the authentication by the authentication key is valid, it is determined that the target file can be accessed. Receiving an access request based on the secure messaging key for any one of the one or more target files stored in the file storage unit;
Provided corresponding to each file stored in the file storage unit, each key identification information of a plurality of secure messaging keys, and whether or not each secure messaging key has the right to access the file Stores access right information storage unit for storing access right information, key identification information for each of a plurality of secure messaging keys, and status information indicating whether or not secure messaging by each secure messaging key is valid. And the secure messaging key or authentication key of the received access request has access rights to the target file, and secure messaging using the secure messaging key is valid. In some cases, the target file can be accessed. Access method for determining information storage apparatus characterized by a constant.

Images