JP6061634B2 - Wireless communication device - Google Patents

Description

  The present invention relates to a technique for transmitting and receiving data related to a position.

With the recent development of mobile terminal devices such as mobile phones and smartphones, it is possible to access information anytime and anywhere.
However, for example, information such as content data (hereinafter also simply referred to as “content”) that you want to provide only to people who visit a specific location, and highly confidential communications that can be performed only when you are in a specific location. You may want to perform access control.

  As a prior art of a system that performs access control as to whether or not content is disclosed depending on the position of a mobile terminal device, there is a method of performing encryption using position information as a key (for example, Patent Document 1).

In the technique of Patent Document 1, an encryption key is generated based on position information that enables content reference in the server device, and the content is encrypted using the generated encryption key. The content is transmitted to the mobile terminal device.
Then, the mobile terminal device generates a decryption key based on its current position information obtained from a GPS (Global Positioning System) satellite, and decrypts the content using the generated decryption key.
Since the common key encryption is used for the encryption method, when the position information of the encryption key and the decryption key matches, the encryption key and the decryption key match, and the content can be decrypted.

Further, in the technique of Patent Document 1, conversion is performed in which arbitrary coordinates in a rectangular area or arbitrary coordinates in a circular area are mapped to specific coordinates by a separately designated parameter.
For this reason, when the server device designates specific coordinates in the rectangular area or the circular area when generating the encryption key, the mobile terminal device either in the rectangular area or the circular area when decrypting the content. If the mobile terminal apparatus is located at the position of the mobile terminal apparatus, a conversion is performed in which the coordinates of the mobile terminal apparatus are mapped to specific coordinates designated when the encryption key is generated.
As a result, it is handled that the mobile terminal device is located at a position corresponding to the specific coordinates designated when generating the encryption, and a decryption key capable of decrypting the content is obtained.

Special table 2004-528739 gazette

In the technique of Patent Document 1, when the positioning accuracy of the mobile terminal device is low and the positioning error range of the mobile terminal device is larger than the rectangular region or the circular region, the mobile terminal device is actually a rectangular region or a circular region. In some cases, a positioning result indicating that the user is located in a rectangular region or a circular region may be obtained even though the user is located outside.
In this case, there is a problem that the content is decrypted even when the mobile terminal device is located at an unintended position on the server device side.

  The main object of the present invention is to solve such a problem, and it is mainly intended to avoid a situation where encrypted data in which a position where decryption is permitted is specified is decrypted at a position other than the designated position. With a purpose.

An information processing apparatus according to the present invention includes:
An information processing device that transmits encrypted data to a wireless communication device that measures a location when performing a decryption process,
A condition designating unit for designating a location condition of the wireless communication device and a positioning accuracy condition of the wireless communication device for transmission target data to be transmitted;
The location of the wireless communication device measured by the wireless communication device when performing the decoding process matches the condition of the location specified by the condition specifying unit, and the positioning accuracy realized by the wireless communication device is An encryption unit that encrypts the transmission target data by an encryption method that obtains an appropriate decryption result when the positioning accuracy condition specified by the condition specifying unit is met,
And a data transmission unit configured to transmit the transmission target data encrypted by the encryption unit to the wireless communication device.

In the present invention, the transmission target data is encrypted by an encryption method that obtains an appropriate decryption result when the location condition of the wireless communication apparatus and the positioning accuracy condition of the wireless communication apparatus are met.
For this reason, since the transmission target data is decoded only when the wireless communication device that matches the positioning accuracy condition is located at a position that matches the location position condition, the transmission target data is decoded at a non-designated position. There is no such thing.

1 is a diagram illustrating a configuration example of a position-based content providing system according to Embodiment 1. FIG. FIG. 3 is a diagram illustrating a configuration example of a content distribution server device according to the first embodiment. FIG. 3 shows a configuration example of a mobile terminal apparatus according to Embodiment 1; FIG. 3 is a flowchart showing an example of content distribution operation of the content distribution server device according to the first embodiment. FIG. 3 is a flowchart showing an example of content reception operation of the mobile terminal device according to the first embodiment. FIG. 3 is a flowchart showing an example of content decrypting operation of the mobile terminal device according to the first embodiment. FIG. 6 shows a configuration example of a mobile terminal apparatus according to Embodiment 2. The figure which shows the hardware structural example of the content delivery server apparatus which concerns on Embodiment 1 and 2, and a mobile terminal device.

As described above, in the related art, when the positioning accuracy of the mobile terminal device is low, the positioning error range is large, and thus there is a possibility that the content is decoded at an unintended position.
In this regard, in the following first and second embodiments, a configuration will be described in which decoding of content at an unintended position is avoided by making it impossible to decode content when the positioning error does not satisfy a specified condition. .

In the prior art, since the encryption key and the decryption key are uniquely determined by one position designated on the server device side, it is necessary to specify a plurality of positions that enable content disclosure control and content decryption for each user. I can't.
In this regard, in the following first and second embodiments, a configuration capable of performing content disclosure control and designation of a plurality of positions for each user will be described.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a position-based content providing system according to the present embodiment.

In FIG. 1, the content distribution server device 100 encrypts content data and transmits the encrypted content data to the mobile terminal device 200 via the network 300.
The content distribution server device 100 is realized by, for example, a general computer that can implement the content distribution method shown in the present embodiment and the second embodiment.
The content distribution server device 100 may be a device such as a portable information terminal device.
The content distribution server device 100 corresponds to an example of an information processing device.
The content data distributed by the content distribution server device 100 may be any data, for example, any of document data, image data, video data, audio data, script file, or a combination thereof. .

The mobile terminal device 200 receives the encrypted content data from the content distribution server device 100 by wireless communication, and performs a decryption process on the received encrypted content data.
The mobile terminal device 200 is realized by a notebook information or tablet computer, a portable information terminal device such as a smartphone, a mobile phone, or a wireless terminal.
The mobile terminal device 200 may be a computer or a navigation system mounted on a moving body such as a vehicle, an aircraft, or a ship.
The mobile terminal device 200 corresponds to an example of a wireless communication device.

The network 300 is used for communication between the content distribution server device 100 and the mobile terminal device 200.
The network 300 is configured using the Internet, a public telephone line, a mobile phone line, a dedicated line, a wireless line, a satellite communication line, or the like.

In FIG. 1, only one content distribution server device 100 and one mobile terminal device 200 are illustrated, but a plurality of content distribution server devices 100 and mobile terminal devices 200 may be provided.
The network 300 may also be configured with a combination of a plurality of lines.

  Here, an outline of the operation of the position-based content providing system according to the present embodiment will be described.

The content distribution server device 100 designates the location condition of the mobile terminal device 200 and the positioning accuracy condition of the mobile terminal device 200 for the content data (an example of transmission target data).
Hereinafter, the condition of the location of the mobile terminal apparatus 200 is also referred to as a position condition, and the positioning accuracy condition of the mobile terminal apparatus 200 is also referred to as an accuracy condition.
The content distribution server device 100 encrypts the content data by a method called functional encryption using the position condition and the accuracy condition.
In the functional encryption method, encryption is performed using a logical expression (for example, “attribute value a AND attribute value b”, “attribute value a OR attribute value b”, etc.) in which attribute values of attributes that are permitted to be decrypted are combined. Do.
A proper decoding result is obtained only when the combination of attributes represented in the logical expression is satisfied.
In the present embodiment, the content data is encrypted by the functional encryption method using the position condition and accuracy condition as attribute values.
The encrypted content data is data that has been encrypted with the position condition and accuracy condition set in this way, and corresponds to an example of condition-set encrypted data.
The mobile terminal device 200 measures the location when performing decryption processing of the encrypted content data.
The location position measured by the mobile terminal device 200 when decrypting the encrypted content data matches the position condition specified by the content distribution server device 100, and the positioning accuracy realized by the mobile terminal device 200 is the content distribution server. When the accuracy condition specified by the device 100 is met, the content data is properly decrypted in the mobile terminal device 200.
Thereby, since the content data cannot be decoded when the positioning accuracy of the mobile terminal device 200 does not satisfy the accuracy condition, it is possible to avoid a situation in which the content data is decoded at a position outside the designation.

Further, in the present embodiment, the content distribution server device 100 can specify a plurality of positions where decryption is permitted as attribute values, and can encrypt content data by a functional encryption method.
Therefore, it is possible to designate a plurality of positions where the content data can be decrypted.

Furthermore, in the present embodiment, the content distribution server device 100 encrypts content data by a functional encryption method using the public key of the user of the mobile terminal device 200.
For this reason, disclosure control of content data for each user can be performed.

  FIG. 2 shows a configuration example of the content distribution server device 100 according to the present embodiment.

  The content storage unit 110 stores content data to be distributed.

The position condition specifying unit 120 specifies, for each piece of content data stored in the content storage unit 110, a position condition (position condition) that permits decoding of the content data.
The position condition designation unit 120 corresponds to an example of a condition designation unit.

The accuracy condition designating unit 130 designates a positioning accuracy condition (accuracy condition) that permits decoding of the content data for each content data stored in the content storage unit 110.
The accuracy condition specifying unit 130 corresponds to an example of the condition specifying unit.

  The condition storage unit 170 stores the position condition specified by the position condition specifying unit 120 and the accuracy condition specified by the accuracy condition specifying unit 130 for each content data stored in the content storage unit 110.

  The public key storage unit 150 stores a user public key (a user of the mobile terminal device 200) that is a key for encrypting content data.

  The encryption unit 140 inputs content data from the content storage unit 110, inputs a position condition and accuracy condition from the condition storage unit 170, inputs a user public key from the public key storage unit 150, and encrypts the user public key. The content data is encrypted according to the functional encryption algorithm using the key and the position condition and the accuracy condition as the decryption conditions.

The encrypted content transmission unit 160 transmits the encrypted content data to the mobile terminal device 200.
The encrypted content transmission unit 160 corresponds to an example of a data transmission unit.

The content storage unit 110 can be realized by configuring a file system or a database system on a general storage system.
The content storage unit 110 temporarily or permanently stores and manages content data such as documents, videos, images, and audio that the content data administrator wants to distribute to users.

The condition storage unit 170 is for holding the position condition and accuracy condition specified for each content data, and configures a file system or a database system on a general storage system in the same manner as the content storage unit 110. This can be achieved.
The condition storage unit 170 may be constructed on the same database system as the content storage unit 110 or may be separate.

  In addition, the content distribution server device 100 may have a user interface such as a setting screen for accepting designation of a position condition and a positioning accuracy condition by the content manager.

  FIG. 3 shows a configuration example of the mobile terminal apparatus 200 according to the present embodiment.

The encrypted content receiving unit 210 receives encrypted content data from the network 300.
The encrypted content receiving unit 210 corresponds to an example of a data receiving unit.

  The encrypted content storage unit 220 stores the encrypted content data received by the encrypted content receiving unit 210.

The position information acquisition unit 230 measures the current position of the mobile terminal device 200 itself.
The position information acquisition unit 230 corresponds to an example of a positioning unit.

The accuracy information acquisition unit 240 derives the positioning accuracy realized in the positioning of the position information acquisition unit 230.
The accuracy information acquisition unit 240 corresponds to an example of a positioning accuracy deriving unit.

  The secret key storage unit 270 stores the user secret key (the secret key of the user of the mobile terminal device 200).

  The decryption key generation unit 260 uses the current position information of the mobile terminal device 200 obtained by the position information acquisition unit 230 and the accuracy information obtained by the accuracy information acquisition unit 240 as attributes, and decrypts the encrypted content data from the user secret key. Generate a decryption key for.

  The decryption unit 250 decrypts the encrypted content data using the decryption key generated by the decryption key generation unit 260.

When the location of the mobile terminal device 200 matches the position condition and the positioning accuracy of the mobile terminal device 200 matches the accuracy condition, the decoding unit 250 can obtain an appropriate decoding result.
In other words, in the decryption process by the decryption unit 250 and the decryption key generation unit 260, it is determined whether the location of the mobile terminal device 200 matches the position condition, and the positioning accuracy of the mobile terminal device 200 meets the accuracy condition. This is equivalent to performing the operation to determine whether or not to perform on the encrypted content data.
Note that the decryption unit 250 and the decryption key generation unit 260 correspond to examples of the decryption processing unit.

  The content disclosure unit 280 is an interface for the user to browse and view the content data decrypted by the decryption unit 250.

The encrypted content transmission unit 160 and the encrypted content reception unit 210 can be configured to execute transmission and reception of encrypted content data using a general communication protocol.
The encrypted content data may be transmitted from the encrypted content transmitting unit 160 to the encrypted content receiving unit 210 using an e-mail transfer protocol or other data transfer protocol during distribution of the encrypted content data.
In addition, the encrypted content transmission unit 160 configures a server function such as an HTTP (HyperText Transfer Protocol) server, and the encrypted content reception unit 210 transmits a request for acquiring encrypted content data as an HTTP client, and encrypts it as a response. The encrypted content transmitting unit 160 may receive the encrypted content data.
These distributions may be executed in response to a request from the user, or may be configured to be distributed (push distribution) asynchronously with the user state in response to a request from the content manager.

The encrypted content storage unit 220 is realized, for example, by configuring a file system or a database system on a storage system that is built in or externally attached to the mobile terminal device 200.
Alternatively, the encrypted content storage unit 220 is configured on the memory of the mobile terminal device 200.
The encrypted content storage unit 220 stores the encrypted content data from when the encrypted content data is received until it is decrypted and viewed and viewed by the user.
The encrypted content data may be deleted at the time of decryption, or may be stored after decryption so that it can be browsed and viewed whenever conditions are met.

For example, the position information acquisition unit 230 receives a positioning signal from a GPS satellite or a quasi-zenith satellite, and generates the current position information of the mobile terminal device 200 as geographical position information.
In the case of using the quasi-zenith satellite, in addition to the positioning information having the same accuracy as that of the GPS satellite, high-accuracy positioning is possible by the reinforcement signal.
Further, as a positioning method, a positioning method using correction information called DGPS (Differential GPS), a correction method using position information of a base station such as a mobile phone as auxiliary information, a gyro / acceleration sensor, etc. It is also possible to use a method such as performing correction using the obtained information.

Latitude and longitude can be used to represent geographical location information.
In this case, the geographical position information can be expressed as “35.680865, 139.776621”.
North latitude and east longitude are positive, and south latitude and west longitude are negative (-) numbers.
Alternatively, it may be expressed by only a positive number by adding an offset of +90 to latitude and +180 to longitude.
The data format of the geographical location information may be decimal + comma text information as in the above example, or more efficient encoding may be used.
For example, “Eastern longitude 139.776621” can be converted into an integer by multiplying 1000000 and expressed as a 32-bit integer type numerical value, and the latitude can also be converted into a 32-bit integer in the same manner and expressed as a 64-bit integer.
In this case, the bit length of the integer is a bit length sufficient to express the effective accuracy.
The current position information may include altitude and positioning time in addition to latitude and longitude.
In addition, as a method for expressing geographical location information, other methods such as GEOREF (World Geometric Reference System) can be used.

The accuracy information acquisition unit 240 acquires information on the positioning accuracy when the position information acquisition unit 230 acquires the current position information.
As an example, there is a method of determining accuracy information by a positioning method used to acquire current position information.
For example, the accuracy of positioning using only GPS satellites is determined to be 10 m (meter) class, 1 m class using DGPS, and 10 cm (centimeter) class using a quasi-zenith satellite reinforcement signal. it can.
As the format of the accuracy information, the above-mentioned 10 m or the like can be used as text information, but it is also possible to perform ID conversion by conversion such as 1 for 10 m and 2 for 1 m.
Furthermore, as accuracy acquisition methods, the accuracy is statistically measured using a calculation method that takes into account the number of satellites captured at the time of GPS reception and radio wave conditions, and the results of multiple measurements at the same position. You may use the method to do.

In the content distribution server device 100, in order to correspond to the format / accuracy of the current location information, the location condition designating unit 120 designates the location in the same geographic location information format as the location information acquisition unit 230.
The accuracy condition designation unit 130 designates a grid size for designating an area for one coordinate and an accuracy condition for designating an allowable range for positioning accuracy in the mobile terminal device 200.
The grid size is specified by the size in the latitude direction and the longitude direction, and the grid that divides the coordinates in the latitude direction and the longitude direction for each size is specified.
When the coordinates included in the rectangular area surrounded by the lattice points of each of two points adjacent to each other in the latitude direction and the longitude direction (a total of four points) are represented by one point (for example, the lower left lattice point) in the region, A region for a specified point can be determined.
The position condition designating unit 120 designates a rectangular area that permits decryption of the encrypted content data, converts it to one point (for example, the lower left lattice point) in the rectangular area based on the grid size, and after the conversion These points (coordinates) are used as attribute values at the time of encryption, that is, position conditions.
The condition storage unit 170 stores a position condition indicating a point (coordinates) converted by the position condition specifying unit 120 together with the accuracy condition and the grid size.
Note that the size of the rectangular area (that is, the grid size) may be different for each rectangular area.
The length of the side of the rectangular area is determined based on the size of the area where the content provider permits content disclosure and the possible positioning accuracy.
The accuracy condition is also determined so as to be on the order of the same or about 1/10 according to the length of the side of the rectangular area.
For example, if the long side of the rectangular area is about 5 m, the accuracy condition may be 1 m, and if the long side is about 50 m, the accuracy condition may be 10 m.

Further, the grid size information is attached to the encrypted content data in an unencrypted state, or is transmitted from the encrypted content transmission unit 160 to the mobile terminal device 200 as separate data.
In the mobile terminal device 200, when the encrypted content data is decrypted, the positional information acquisition unit 230 converts the positional information similar to the above using the grid size information transmitted in association with the encrypted content data. As a result, the position information for the designated area can be matched.
That is, the position information acquisition unit 230 sets the current position (coordinates) of the mobile terminal device 200 obtained by positioning based on the grid size to a specific position (coordinate) (for example, the lower left corner of the rectangular area including the current position). The decryption key generation unit 260 generates a decryption key using the converted position (coordinates).
Note that the position (coordinates) conversion using the grid size can use, for example, the method described in Patent Document 1.
Detailed description of the position (coordinate) conversion using the grid size is omitted.

Further, in the present embodiment, the description will be made on the assumption that the content distribution server device 100 collects the coordinates of the lower left lattice point of the rectangular area and designates the position condition.
Instead of this, the content distribution server device 100 may use a circular area, and in this case, the position condition may be specified by collecting the coordinates of the center point of the circular area.

  The positioning accuracy is specified according to the format of accuracy information of the current position information generated by the accuracy information acquisition unit 240, and is used as an attribute value when encrypting content data.

The encryption unit 140, the decryption unit 250, and the decryption key generation unit 260 use a functional encryption algorithm as described above.
When performing encryption using a functional encryption method, a conditional expression of an attribute that permits decryption is specified, and data is encrypted using the user's public key.
When data is decrypted, a decryption key is generated from the decryption-side attribute and the user's private key, and decryption is possible only when the decryption-side attribute satisfies the conditional expression of the attribute that permits decryption.
The encryption unit 140 encrypts the position condition and accuracy condition that allow the content data to be disclosed in the conditional expression, and the decryption key generation unit 260 uses the current position information and accuracy information of the mobile terminal device 200 as attributes. A decryption key is generated as follows, and the decryption unit 250 performs decryption using the decryption key, so that the disclosed content can be decrypted only when the current position and the positioning accuracy satisfy the conditions. It can be carried out.

Details of the functional encryption method are shown in the following references, for example.
Reference: Nikkei Electronics 2012.7.23 pages 87-95

The following are examples of position conditions and positioning accuracy conditions, and examples of attributes at the time of decoding.
Example of encryption conditions 1:
(Position condition = 35.680865, 139.776621) AND
((Accuracy condition = 1m) OR (Accuracy condition = 10cm))
Example of attributes when decrypting:
Positioning position = 35.680865, 139.776621, positioning accuracy = 1 m
→ Decoding possible Positioning position = 35.680865, 139.776621, Positioning accuracy = 10m
→ Decoding impossible Positioning position = 36.123456, 139.776621, Positioning accuracy = 10 cm
→ Cannot decrypt

Note that the encryption condition ((accuracy condition = 1 m) OR (accuracy condition = 10 cm)) is that the level of positioning accuracy obtained by the mobile terminal device 200 is limited to any one of 10 m, 1 m, and 10 cm. Corresponds to the case.
That is, intermediate positioning accuracy of 50 cm or 5 cm is not obtained, and for the mobile terminal device 200 limited to any one of 10 m, 1 m, and 10 cm, the encryption condition is either 10 m, 1 m, or 10 cm. It is necessary to specify with.
The above ((accuracy condition = 1 m) OR (accuracy condition = 10 cm)) allows a positioning error of 1 m as an allowable value, and if the positioning error exceeds 1 m, the mobile terminal device 200 does not decode the content data. means.
In the case of the mobile terminal device 200 in which the positioning accuracy is obtained as a continuous value, for example, it is possible to specify an accuracy condition such that accuracy condition = 1 m or less.

A position condition can be specified by a set of a plurality of points (or rectangular areas) as an attribute condition allowing decoding.
For example, in the above-described example, the position of (position condition =...) Is set to an OR condition for a plurality of positions such as ((position condition = position 1) OR (position condition = position 2)). Decoding is possible when the location of the terminal device 200 matches either position 1 or position 2.
Thereby, decoding is possible not only in the case where the position information matches at one point (or one rectangular area or the like) as in the prior art, but also in an area having a complicated shape.

An example using a plurality of positions as position conditions is shown below.
Example 2 of encryption conditions:
(Position condition = 35.680865, 139.776621) OR
(Position condition = 35.680098, 139.776621)
Example of attributes when decrypting:
Positioning position = 35.680865, 139.766621
→ Decoding possible Positioning position = 35.680098, 139.776621
→ Decoding possible Positioning position = 36.123456, 139.776621
→ Cannot decrypt

Example 3 of encryption conditions:
((Position condition = 35.680865, 139.776621) OR
(Position condition = 35.680098, 139.776621)) AND
((Accuracy condition = 1m) OR (Accuracy condition = 10cm))
Example of attributes when decrypting:
Positioning position = 35.680865, 139.776621, positioning accuracy = 1 m
→ Decoding possible Positioning position = 35.680098, 139.776621, Positioning accuracy = 10m
→ Decoding impossible Positioning position = 36.123456, 139.776621, Positioning accuracy = 10 cm
→ Cannot decrypt

For key exchange, a pair of a user secret key and a user public key is generated in advance in the mobile terminal device 200, the user public key is transmitted to the content distribution server device 100 and stored in the public key storage unit 150, and the user secret key Is stored in the secret key storage unit 270.
For example, when a user subscribes to a content distribution service provided by the content distribution server device 100, a content browsing / viewing application is downloaded from the content distribution server device 100, and a key pair is generated in the initial setting of the application. The user public key may be registered in the content distribution server device 100.
By using a functional encryption method using public key cryptography, disclosure control is performed so that only a user with a specific secret key can decrypt, not everyone can decrypt if the location information matches as in the prior art. This improves security against theft or resale of encrypted content.
Further, by providing a key expiration date, it is possible to perform operations similar to general public key cryptography, such as regenerating a key pair upon expiration of the expiration date.

The secret key storage unit 270 is secured in a secure data area in the mobile terminal device 200.
For example, the secret key storage unit 270 may be a storage area where access control is performed using a password, and the user secret key may be encrypted and stored in the secret key storage unit 270.
Alternatively, the tamper-resistant storage device can be attached to or built in the mobile terminal device 200, and the secret key storage unit 270 can be provided in the tamper-resistant storage device to improve security.

Next, the operation will be described.
FIG. 4 is a flowchart showing an example of the content distribution operation of the content distribution server device 100.
FIG. 5 is a flowchart illustrating an example of content reception operation of the mobile terminal device 200.
FIG. 6 is a flowchart illustrating an example of the content decrypting operation of the mobile terminal device 200.

When the specific content data is distributed to a specific user in the content distribution server device 100, first, as shown in FIG. 4, the encryption unit 140 reads out the content data to be distributed from the content storage unit 110 (S101). .
Note that any method may be used for determining the content data to be distributed to the user.
For example, before the user goes out, the mobile terminal device 200 notifies the content distribution server device 100 of the name of the outing destination (for example, “Tokyo Station”), and the content distribution server device 100 uses the content data targeted for the outing destination. Can be considered as content data to be distributed.
Or, for the purpose of attracting customers to a specific store or sightseeing spot, a method of sending in advance content data such as benefits and items that can be opened when the user visits the place according to the user's profile is also considered. It is done.
Alternatively, it is possible to take a form in which contents (for example, prizes or the next mission) that can be opened when a user reaches a specific place by participating in a specific mission (for example, a game) are distributed. It is.
Prior to the processing of S101, the position condition designating unit 120 designates a position condition for each content data, the accuracy condition designating unit 130 designates an accuracy condition, and the location condition and accuracy for each content data. The condition is stored in the condition storage unit 170.

Next, the encryption unit 140 acquires a position condition that enables decryption of the content data to be distributed from the condition storage unit 170 (S102), and further acquires an accuracy condition from the condition storage unit 170 (S103). .
As described above, the coordinates indicated in the position condition acquired from the condition storage unit 170 are the coordinates of the lower left point of the rectangular area.

  Next, the encryption unit 140 acquires the user public key of the distribution destination from the public key storage unit 150 (S104), combines the position condition and the accuracy condition, and the content data to be distributed by the functional encryption method. Encryption is performed (S105).

  Finally, the encrypted content transmission unit 160 transmits the encrypted content data and grid size information to the mobile terminal device 200 (S106).

In the mobile terminal device 200, as shown in FIG. 5, the encrypted content receiving unit 210 receives the encrypted content data and grid size information (S151).
Then, the encrypted content storage unit 220 stores the received encrypted content data and grid size information (S152).

  Also, in the mobile terminal device 200, when the user browses / views the received content, as shown in FIG. 6, the decryption unit 250 firstly encrypts the encrypted content data designated by the user, as shown in FIG. The position information acquisition unit 230 reads the grid size information of the encrypted content data from the encrypted content storage unit 220 (S201).

Next, the position information acquisition unit 230 acquires current position information (S202), and converts the current position information into specific coordinates based on the grid size (S203).
That is, the position information acquisition unit 230 converts the coordinates indicated in the position information acquired in S202 into the coordinates of the lower left lattice point of the corresponding rectangular area.

  Further, the accuracy information acquisition unit 240 acquires accuracy information of the current position information (S204).

Next, the decryption key generation unit 260 acquires the user secret key from the secret key storage unit 270 (S205), the acquired user secret key, the coordinates converted by the position information acquisition unit 230, and the accuracy information acquisition unit 240. A decryption key is generated using the accuracy information acquired by (S206).
The generation of the decryption key follows a functional encryption algorithm.

  Then, the decryption unit 250 acquires the decryption key from the decryption key generation unit 260, and performs the decryption process of the encrypted content data read in S201 using the acquired decryption key (S207).

  If the coordinates obtained in S203 and the accuracy information obtained in S204 match the position conditions and accuracy conditions specified by the content distribution server device 100, the encrypted content data can be decrypted, and the header information of the content data can be used. Then, it can be determined whether or not the decrypted content is the original content data, that is, whether or not an appropriate decryption result has been obtained (S208).

When the content data can be decrypted (YES in S208), the content disclosure unit 280 displays and reproduces the content data (S209), so that the user can view and view the content.
If decryption has failed (NO in S208), the content disclosing unit 280 performs error processing when content data cannot be decrypted (S210).
For example, a display is made to indicate to the user that the decoding could not be performed because the conditions were not met.

In the above description, the example in which the condition storage unit 170 stores the coordinates of the lower left lattice point of the rectangular area as the position condition has been described.
Instead, for example, the condition storage unit 170 stores the coordinates of the position specified by the position condition specifying unit 120, and the position condition specifying unit 120 is stored in the condition storage unit 170 when the content data is distributed. The coordinates may be converted into the coordinates of the lower left lattice point of the rectangular area, and the converted coordinates (lower left lattice point of the rectangular area) may be used as the position condition.
In this case, between the processes of S103 and S104 in FIG. 4, the position condition specifying unit 120 converts the coordinates stored in the condition storage unit 170 into the coordinates of the lower left grid point of the rectangular area based on the grid size. To do.

As described above, according to the present embodiment, the content distribution server device encrypts the content by specifying the position information and accuracy information attributes as conditional expressions when encrypting by the functional encryption method, and the mobile terminal By performing decryption by the functional encryption method using the current position information and accuracy information as attributes in the apparatus, disclosure control for each user can be performed, and position designation of complicated shapes by designation of a plurality of positions can be performed once. It can be controlled only by encryption / decryption.
In addition, when the positioning error does not satisfy the specified condition, it is possible to avoid decoding at an unintended position by disabling decoding.

As described above, in the present embodiment,
Means for storing digital content and one or more location information indicative of a particular geographic region of interest;
Means for storing the user's public key;
Means for generating encrypted content by encrypting the digital content by a functional encryption method using the public key under the condition of a combination of the one or more pieces of position information;
Means for transmitting the encrypted content;
A first information processing apparatus including:
Means for receiving the encrypted content;
Means for storing the user's private key;
Means for acquiring a current position of the second information processing apparatus;
Means for generating a decryption key from the secret key using the current position as an attribute;
Means for decrypting the digital content from the encrypted content using a functional encryption scheme using the decryption key,
The position-based content providing system has been described in which the decoding means can decode the digital content only when the current position matches a combination condition of the one or more pieces of position information.

In the present embodiment, the first information processing apparatus further includes:
Means for storing accuracy information representing accuracy of position information necessary for specifying the specific geographical area in association with the position information;
Means for performing encryption by the functional cryptosystem on the condition of the accuracy information in addition to the combination of the one or more pieces of position information,
The second information processing apparatus further includes:
Means for obtaining positioning accuracy of the current position;
Means for generating the decryption key using the positioning accuracy as an attribute in addition to the current position,
The decoding means can decode the digital content only when the current position matches the combination condition of the one or more pieces of position information and the positioning accuracy matches the condition of the accuracy information. explained.

  Further, in the present embodiment, it has been described that the condition of the accuracy information is given by a plurality of OR conditions.

In the present embodiment,
The means for acquiring the current position performs position information acquisition by GPS alone and position information acquisition combined with DGPS,
It has been explained that the plurality of accuracies consist of the accuracy of position information obtained by GPS alone and the accuracy of position information combined with DGPS.

In the present embodiment,
The means for acquiring the current position performs position information acquisition by GPS alone and position information acquisition by combining one or more reinforcement signals by GPS and a quasi-zenith satellite,
It has been explained that the plurality of accuracies consist of the accuracy of position information by GPS alone and the position information combined with the reinforcement signal.

Embodiment 2. FIG.
FIG. 7 is a block configuration diagram showing a configuration example of the mobile terminal device 200 according to the present embodiment.
7 is different from FIG. 3 in that the mobile terminal device 200 includes a position-based decryption key generation unit 290.
The content distribution server device 100 has the same configuration as that in FIG.
Hereinafter, differences from the first embodiment will be described.

The position-based decryption key generation unit 290 includes a position information acquisition unit 230, an accuracy information acquisition unit 240, a secret key storage unit 270, and a decryption key generation unit 260, and these functions are implemented by one inseparable hardware. .
As the hardware, for example, an IC (Integrated Circuit), an IC card, a USB (Universal Serial Bus) token, or the like can be used, and the hardware is more preferably configured with tamper resistance.
As a result, content security can be improved by preventing content eavesdropping due to fabrication of position information and accuracy information.

Further, the decryption key generation unit 260 may be provided with a decryption function by a functional encryption method.
In other words, without encrypting the entire content data with the functional encryption method, the content data is encrypted with the common key encryption method, and the common key used for the encryption is encrypted with the functional encryption method to obtain the encrypted content data. Can be configured to add.
Also in this case, the common key is encrypted by the functional distribution algorithm in the content distribution server device 100 with the location condition of the mobile terminal device 200 and the positioning accuracy condition of the mobile terminal device 200 set as attribute values. .
Then, the decryption key generation unit 260 decrypts the encrypted key using a functional encryption algorithm, and outputs the decrypted key to the decryption unit 250.
The decryption unit 250 decrypts the encrypted content data according to the common key encryption method using the key input from the decryption key generation unit 260.
With this configuration, it is possible to process encryption / decryption of content data with a large size using high-speed common key encryption, and the processing speed can be improved.
In this case, the common key corresponds to an example of data to be transmitted, and the encrypted key (common key) corresponds to an example of condition setting encrypted data.

As described above, in the present embodiment,
Means for storing the user's private key;
Means for obtaining the current position;
It has been described that the means for generating a decryption key from the secret key using the current position as an attribute is mounted on one IC chip, IC card, or USB token.

Note that the first embodiment and the second embodiment may be combined.
That is, the mobile terminal apparatus 200 shown in Embodiment 1 and the mobile terminal apparatus 200 shown in Embodiment 2 may be mixed.
Also, a method for encrypting content data with a functional encryption algorithm (the method of the first embodiment), a method for encrypting content data with a common key encryption method, and a key for encrypting the common key encryption with a functional encryption algorithm The content distribution server device 100 may properly use (the method of the second embodiment) according to the mobile terminal device 200.
Each embodiment may be partially implemented.
In addition, this invention is not limited to these embodiment, A various change is possible as needed.

Finally, a hardware configuration example of the content distribution server device 100 and the mobile terminal device 200 shown in the first and second embodiments will be described with reference to FIG.
The content distribution server device 100 and the mobile terminal device 200 are computers, and each element of the content distribution server device 100 and the mobile terminal device 200 can be realized by a program.
As hardware configurations of the content distribution server device 100 and the mobile terminal device 200, an arithmetic device 901, an external storage device 902, a main storage device 903, a communication device 904, and an input / output device 905 are connected to the bus.

The arithmetic device 901 is a CPU (Central Processing Unit) that executes a program.
The external storage device 902 is, for example, a ROM (Read Only Memory), a flash memory, or a hard disk device.
The main storage device 903 is a RAM (Random Access Memory).
The content storage unit 110, the public key storage unit 150, the condition storage unit 170, the encrypted content storage unit 220, and the secret key storage unit 270 are realized by the external storage device 902 or the main storage device 903.
The communication device 904 corresponds to the physical layer of the encrypted content transmission unit 160 and the encrypted content reception unit 210.
The input / output device 905 is, for example, a mouse, a keyboard, a display device, or the like.
The content disclosure unit 280 is realized by the input / output device 905.

The program is normally stored in the external storage device 902, and is loaded into the main storage device 903 and sequentially read into the arithmetic device 901 and executed.
The program is “˜” shown in FIGS. 2 and 3 (except for the content storage unit 110, the public key storage unit 150, the condition storage unit 170, the encrypted content storage unit 220, and the secret key storage unit 270, and so on) It is a program that realizes the function described as.
Further, an operating system (OS) is also stored in the external storage device 902. At least a part of the OS is loaded into the main storage device 903, and the arithmetic device 901 executes the OS, as shown in FIGS. Executes a program that realizes the function of "~ part".
In the description of the first and second embodiments, “determination of”, “determination of”, “designation of”, “acquisition of”, “conversion of”, “encryption of”, “ "Decoding", "Derivation of", "Setting of", "Generation of", "Selection of", "Calculation of", "Receiving of", "Input of", " Information, data, signal values, and variable values indicating the results of the processing described as “output” and the like are stored in the main storage device 903 as files.
In addition to the encryption key / decryption key, random values and parameters may be stored in the main storage device 903 as files.

  The configuration in FIG. 8 is merely an example of the hardware configuration of the content distribution server device 100 and the mobile terminal device 200, and the hardware configuration of the content distribution server device 100 and the mobile terminal device 200 is described in FIG. It is not limited to this configuration, and other configurations may be used.

  Further, according to the procedure shown in the first and second embodiments, the processing of the content distribution server device 100 and the mobile terminal device 200 can be regarded as a data processing method.

  DESCRIPTION OF SYMBOLS 100 Content delivery server apparatus, 110 Content memory | storage part, 120 Position condition designation | designated part, 130 Accuracy condition designation | designated part, 140 Encryption part, 150 Public key memory | storage part, 160 Encrypted content transmission part, 170 Condition memory | storage part, 200 Mobile terminal device , 210 Encrypted content receiving unit, 220 Encrypted content storage unit, 230 Location information acquisition unit, 240 Accuracy information acquisition unit, 250 Decryption unit, 260 Decryption key generation unit, 270 Private key storage unit, 280 Content disclosure unit, 290 Location Base decryption key generation unit, 300 network.

Claims (4)

A wireless communication device that measures a location,
Condition setting encryption in which a public key of the user of the wireless communication device is used, a condition of a location of the wireless communication device and a condition of positioning accuracy of the wireless communication device are set, and encrypted by a functional encryption method A data receiving unit for receiving data;
A secret key storage unit for storing a secret key of a user of the wireless communication device;
A decryption processing unit for performing decryption processing on the condition setting encrypted data;
A positioning unit for positioning the location of the wireless communication device when the decryption processing unit performs decryption processing on the condition-set encrypted data;
A positioning accuracy deriving unit for deriving positioning accuracy when the positioning unit measures the location of the wireless communication device;
The decryption processing unit
As a decryption process for the condition setting encrypted data,
It is determined whether or not the location of the wireless communication device measured by the positioning unit matches the condition of the location of the condition setting encrypted data, and the positioning accuracy derived by the positioning accuracy deriving unit is a computation whether matching the positioning accuracy of the condition of the conditional setting encrypted data is determined, had row for the condition setting encrypted data,
The decryption processing unit further includes:
Using the private key of the user of the wireless communication device, the location of the wireless communication device measured by the positioning unit, and the positioning accuracy derived by the positioning accuracy deriving unit, the condition setting encrypted data A decryption key generation unit for generating a decryption key for decryption;
Using the decryption key generated by the decryption key generation unit, it is divided into a decryption unit that performs an operation for decrypting the condition setting encrypted data,
The wireless communication device
The wireless communication apparatus, wherein the secret key storage unit, the decryption key generation unit, the positioning unit, and the positioning accuracy deriving unit are mounted on the same hardware . The data receiver is
When the location of the wireless communication device measured by the positioning unit matches the location position condition, and the positioning accuracy derived by the positioning accuracy deriving unit matches the positioning accuracy condition, it is decoded properly. the wireless communication apparatus according to condition setting encrypted data, to claim 1, characterized in that receiving that. The data receiver is
As a condition of the positioning accuracy, receiving the encrypted data of the condition setting encrypted by setting the allowable value of the positioning error caused by the positioning,
The positioning accuracy deriving unit
As positioning accuracy, a positioning error that occurs when the positioning unit measures the location of the wireless communication device is derived,
The decryption processing unit
As a decryption process for the condition setting encrypted data,
It is determined whether or not the location of the wireless communication device measured by the positioning unit matches the location position condition, and whether or not the positioning error derived by the positioning accuracy deriving unit is less than or equal to the allowable value. the wireless communication apparatus according to claim 1 or 2 or the operations to be determined, and performing with respect to the condition setting encrypted data. The data receiver is
The condition setting encrypted data in which two or more positions are set and encrypted is received as the condition of the location,
The decryption processing unit
As a decryption process for the condition setting encrypted data,
It is determined whether or not the location of the wireless communication apparatus measured by the positioning unit matches at least one of the two or more positions, and the positioning accuracy derived by the positioning accuracy deriving unit is the condition. The radio according to any one of claims 1 to 3 , wherein a calculation for determining whether or not the positioning accuracy condition of the set encrypted data is met is performed on the condition set encrypted data. Communication device.

Images