JP6237870B2 - Information processing device, terminal device, and program - Google Patents

Description

The present invention relates to an information processing apparatus, an end terminal apparatus and a program.

  In recent years, as a mobile terminal device that can arbitrarily access an electronic device desired by a user from among a large number of electronic devices, for example, a single mobile terminal performs user authentication required for each of a plurality of electronic devices. There is a technology that can be realized by using an apparatus (see Patent Document 1). This portable terminal device stores device identification information (device ID) and device authentication information (device password) for each electronic device (for example, an electronic key of a house entrance or a car, a home personal computer, etc.). When an arbitrary electronic device that is managed and desired to be accessed is specified, the user on the electronic device side reads out the device password corresponding to the device identification information (device ID) and transmits it to the electronic device. Authentication is performed.

JP 2000-29840 A

  In the technique of the above-described Patent Document 1, since user authentication for each electronic device can be performed only by user authentication for the mobile terminal device, a complicated input operation for user authentication is not required for each electronic device. However, as a further development of such technology, there is a demand for safety when the mobile terminal device is lost or stolen. For example, when a mobile terminal device is lost or stolen, if a third party who acquires the mobile terminal device knows the password of the terminal device, it becomes possible to access multiple electronic devices as it is. There was a risk that the electronic keys of automobiles and the like were unlocked. Even if the password used for the mobile terminal device is not known, since the device passwords for various electronic devices are stored in the mobile terminal device, the stored data in the terminal device can be decrypted. There was also a risk that all passwords were stolen.

An object of the present invention is to be able to prevent authentication by unauthorized access Ru good to the terminal device based on the correspondence between the electronic devices.

Claim 1 is an information processing apparatus for controlling an authentication depending on the request from a terminal device, the terminal device for accessing an electronic device that requires authentication is present in the vicinity of the electronic equipment, and a determination unit that determine whether the electronic device to one terminal which is previously registered in correspondence, according to by that discrimination result in the discriminating means, whether to permit authentication to the electronic device and control means for controlling, you characterized by comprising a.
Claim 4 is an information processing apparatus that controls authentication in response to a request from a terminal device. When an authentication request is received from a terminal device, the information processing device is pre-corresponding to the terminal device in the vicinity of the terminal device. Determining means for determining whether or not a registered electronic device exists, and control means for controlling to permit authentication by the terminal device on condition that an electronic device registered in advance by the determining means is present It was characterized by comprising.

Claim 7 is the external processing apparatus capable of communicating with the terminal device, an electronic device that requires authentication or electronic equipment or not registered in advance in correspondence with the terminal apparatus to said external processing device and confirmation means for confirming by requiring the the electronic apparatus wherein that the electronic device registered in advance in correspondence with the terminal device external processing apparatus confirms the condition by said confirming means, said electronic device and control means for controlling to allow the authentication to, you characterized by comprising a.
Claim 11 is a terminal device that communicates with an external processing device, and confirming means for confirming whether or not an electronic device existing in the vicinity of the terminal device is an electronic device registered in advance corresponding to the terminal device And a control means for controlling to permit authentication by the terminal device on the condition that the electronic device is confirmed to be the registered electronic device by the confirmation means.

According to the present invention, based on the correspondence between the electronic device can be prevented authentication by unauthorized access Ru good to the terminal device, it is possible to enhance the security.

The block diagram which showed the communication network system (apparatus authentication management system) which makes an information management server apparatus a core. FIG. 3 is a block diagram for explaining basic components of the information management server device 1; The block diagram for demonstrating the basic component of the portable terminal device. (1), (2) is a figure for demonstrating the apparatus information table ET and the terminal information table TT. The flowchart which showed the operation | movement outline | summary of the characteristic part of this embodiment among the whole operation | movement of the information management server apparatus 1. FIG. 6 is a flowchart following the operation of FIG. The flowchart which showed the operation | movement outline | summary of the characteristic part of this embodiment among the whole operation | movement of the portable terminal device. 8 is a flowchart following the operation of FIG.

Hereinafter, an embodiment of the present invention will be described with reference to FIGS.
FIG. 1 is a block diagram showing a communication network system (device authentication management system) having an information management server device as a core.
The communication network system is a communication system having an information management server device (information management device) 1, a mobile terminal device 2, and various electronic devices 3, and performs user authentication individually required when accessing various electronic devices 3, This is a device authentication management system that can be executed by using one mobile terminal device 2.

  In the device authentication management system, access is made to an electronic device 3 that is present in the vicinity of the mobile terminal device 2 among a plurality of electronic devices (for example, electronic keys) 3 installed at the entrance of a home or company, an automobile, etc. In order to do so, device authentication information (for example, a device password used when accessing the electronic device 3) used to authenticate the device itself is transmitted from the portable terminal device 2 to the electronic device 3. I have to. At that time, the mobile terminal device 2 acquires the device authentication information of the electronic device 3 to be accessed from the information management server device 1 via the public communication network (wide area communication network) 4 and then performs the electronic communication by short-range wireless communication. The data is transmitted to the device 3.

  That is, the information management server device 1 stores and manages device authentication information corresponding to each of a plurality of electronic devices 3 that can be accessed for each mobile terminal device 2, and the mobile terminal device 2 stores the electronic device 3. The device authentication information is received and acquired from the information management server device 1 every time the access is made. However, hereinafter, the mobile terminal device 2 accesses the electronic device 3 via the information management server device 1. This is called indirect access to the electronic device 3. On the electronic device 3 side, the user authentication is performed based on the device authentication information received from the mobile terminal device 2 by the short-range wireless communication, and it is authenticated that the user is an authorized user having the access authority to the electronic device 3. As conditions, processing specific to the device (for example, unlocking processing, access restriction releasing processing, etc.) is performed.

  The information management server device 1 is a server device that forms the core of the device authentication management system, and for each portable terminal device 2, information indicating which electronic device 3 can be accessed by which portable terminal device 2. The device authentication information and the like are collectively stored and managed for each accessible electronic device 3, and have a device information table ET, a terminal information table TT, and the like, which will be described later. Then, the information management server device 1 receives information processing such as each mobile terminal device 2 and other devices (for example, tablet terminals, personal computers, etc.) via a public communication network (wide area communication network) 4 such as the Internet or a mobile communication network. Device) 5. The other device 5 may be any one of the electronic devices 3.

  The mobile terminal device 2 is, for example, a multi-function mobile phone (smart phone), and in addition to a call function, an e-mail function, an Internet connection function (Web access function), an electronic device that is an external device for the mobile terminal device 2 3 is provided with a short-range wireless communication function for performing short-range communication with the mobile phone 3. And the portable terminal device 2 is an access target among various electronic devices (for example, an electronic key of a house entrance or a car, a personal computer of a house, etc.) 3 that can be accessed by its own terminal device (own terminal). After obtaining authentication information for an electronic device (an electronic device existing in the vicinity) 3 from the information management server device 1 by indirect access to the electronic device 3 described above, the authentication information for the device is obtained from the electronic device 3. To send to.

FIG. 2 is a block diagram for explaining basic components of the information management server device 1.
A central processing unit for controlling the overall operation of the information management server apparatus 1 according to various programs stored in the storage section 13 is operated by the CPU 11 that is the core of the information management server apparatus 1. It is. Although not shown in the figure, the storage unit 13 stores a program area shown in the flowcharts of FIGS. 5 and 6 to be described later, and a data area that stores various data necessary for the information management server device 1. , A temporary storage work area such as a flag, and terminal authentication information used for authentication of the mobile terminal device 2 itself is stored in the data area.

The terminal authentication information is authentication standard information that serves as a reference for authenticating whether or not the access is from a legitimate user who has the authority to access the mobile terminal device 2. For example, numerical value string data, character string User passwords and keywords consisting of data. Note that the storage unit 13 may include a recording medium such as an SD card, or may include a storage area on another server device (not shown). The wide area communication unit 14 can be accessed in large numbers simultaneously, and is connected to the broadband Internet (for example, optical communication connection).
The operation unit 15 has a full keyboard and the like, and the CPU 11 executes processing according to an input signal from the operation unit 15. The display unit 16 displays, for example, an operator confirmation screen or work screen.

FIG. 3 is a block diagram for explaining basic components of the mobile terminal device 2.
The CPU 21, which is the core of the mobile terminal device 2, operates by supplying power from a power supply unit 22 including a secondary battery, and controls the overall operation of the mobile terminal device 2 according to various programs in the storage unit 23. . Although not shown in the drawing, the storage unit 23 stores a program area shown in the flowcharts of FIGS. 7 and 8 to be described later, a data area that stores various data necessary for the mobile terminal device 2, and A work area for temporary storage is provided. The wide-area communication unit 24 modulates and transmits voice and data when receiving a call function, an e-mail function, and an Internet connection function, or receives radio waves and demodulates them into voice and data. Make phone calls and data communications.

  The near field communication unit 25 transmits and receives data to and from the electronic device 3 existing in the vicinity, and performs near field wireless communication by non-contact type Bluetooth (registered trademark) within the communicable area ( For example, communication is performed within a radius of 3 m). In this case, at the time of communication between the mobile terminal device 2 and the nearby electronic device 3, each other's own identification information (terminal ID, device ID) is transmitted and received, and the communication partner is specified as the cooperation target. . The short-range communication unit 25 is not limited to Bluetooth (registered trademark) communication, and may be configured to perform infrared communication or the like. The operation unit 26 has various push button type keys such as a power button, and authentication information (for example, a password) is input during authentication. The touch display unit 27 has a configuration in which a touch panel 27b is stacked on the display panel 27a, and displays a function name as a software key (soft key) or various icons.

  In addition, although illustration was abbreviate | omitted about the structure of the various electronic devices 3, each electronic device 3 has power supply parts, such as AC power supply and a secondary battery, the central processing unit (CPU) which controls whole operation, a program, And a basic device of a storage unit that stores data such as device identification information (device ID), and a short-range communication unit that transmits and receives data to and from the mobile terminal device 2. When the electronic device 3 receives the device authentication information transmitted from the mobile terminal device 2, the electronic device 3 executes an authentication process based on the device authentication information. A predetermined process such as is executed.

FIG. 4 is a diagram for explaining the device information table ET and the terminal information table TT.
FIG. 4A is a diagram for explaining the device information table ET. The device information table ET is configured to store a plurality of “device identification information” and “device authentication information” for each “terminal identification information” of the mobile terminal device 2 as information about the electronic device 3, and the contents thereof are as follows. The information input by the input operation on the user side such as the portable terminal device 2 is information arbitrarily registered by being transmitted to the information management server device 1. The “terminal identification information” is terminal identification information for identifying the mobile terminal device 2. The “device identification information” is device identification information for identifying the electronic device 3 that can be accessed by the corresponding portable terminal device 2, and the “terminal identification information” and the “device identification information” are determined by which portable terminal device 2. This is information indicating a correspondence relationship as to which electronic device 3 can be accessed. The “apparatus authentication information” is a user password used at the time of an authentication process executed when the corresponding electronic device 3 is accessed, and is numeric string data or character string data. In addition, information such as a data format may be stored in the item “device authentication information”.

  FIG. 4B is a diagram for explaining the terminal information table TT. This terminal information table TT is configured to be able to store “terminal availability information” and “authentication information” for each “terminal identification information” of the mobile terminal device 2 as information relating to the mobile terminal device 2, and the contents are portable The information input by the input operation on the user side such as the terminal device 2 is information arbitrarily registered by being transmitted to the information management server device 1. “Terminal availability information” is information indicating whether or not use of the corresponding mobile terminal device 2 is permitted (information indicating whether the mobile terminal device 2 is valid / invalid), and “invalid” is the mobile terminal device 2. This information is set to limit unauthorized use by a third party due to theft or loss of the user (unusable), and “valid” is information set to allow normal users to use it normally. is there.

  Here, the user who has stolen or lost the portable terminal device 2 accesses the information management server device 1 using another device (for example, tablet terminal, home personal computer, etc.) 5 and authenticates it by the authentication process. When authenticated as a user, an operation is performed to set the content of “terminal availability information” corresponding to the stolen or lost portable terminal device 2 to “invalid”. When the stolen or lost mobile terminal device 2 returns to the user, an operation is performed to set the content of the “terminal use availability information” to “valid”. In this case, the content of the “terminal availability information” can be changed from “invalid” to “valid” by using either the mobile terminal device 2 or another device 5. You may make it prohibit the change by the terminal device 2. FIG. Moreover, even if it is a legitimate user, for example, when the portable terminal device 2 is not used for a long period of time, the information management server device 1 is accessed using the portable terminal device 2, and the “terminal availability” The content of “information” may be set to “invalid”.

  When the portable terminal device 2 transmits information indicating invalidity / validity of terminal use input by such user operation to the information management server device 1, the information management server device 1 searches the terminal information table TT, A process of setting invalid / valid in “terminal availability information” is performed. “Authentication information” is authentication reference information that serves as a reference for authenticating whether or not the access is from a legitimate user who has the authority to access the information management server device 1. Authentication information for server access used for authentication, for example, a user password consisting of numeric string data and character string data, and a keyword.

  Next, the operation concept of the information management server device 1 and the mobile terminal device 2 constituting the device authentication management system in the present embodiment will be described with reference to the flowcharts shown in FIGS. Here, each function described in these flowcharts is stored in the form of a readable program code, and operations according to the program code are sequentially executed. Further, it is possible to sequentially execute the operation according to the above-described program code transmitted via a transmission medium such as a network. In other words, in addition to the recording medium, an operation unique to the present embodiment can be executed using a program / data supplied externally via a transmission medium.

FIG. 5 and FIG. 6 are flowcharts showing an outline of the operation of the characteristic part of the present embodiment in the overall operation of the information management server device 1.
First, the CPU 11 of the information management server device 1 waits for an access request from the portable terminal device 2 (step A1 in FIG. 5) and receives an access request from any portable terminal device 2 (YES in step A1). Then, it is checked whether the result of the authentication process executed on the portable terminal device 2 side has been received (step A2). In the present embodiment, whether authentication processing for checking whether the request is from a user who has access authority to use the information management server device 1 is performed on the information management server device 1 side or the mobile terminal device 2 side. Can be arbitrarily selected and set, and when the information management server device 1 receives the processing result of the authentication processing executed on the mobile terminal device 2 side (YES in step A2), the information management server device 1 It is checked whether the request is from a legitimate user having access authority (step A4).

  Also, when the information management server device 1 receives server access authentication information (for example, a password and a keyword) input by a user operation on the mobile terminal device 2 side (NO in step A2), the authentication information and the terminal An authentication process for collating “authentication information” in the information table TT is executed (step A3), and it is checked whether the request is from a legitimate user having access authority based on the processing result (step A4). If it is not a request from a legitimate user (NO in step A4), the process returns to the first step A1 without accepting the request, but if it is a request from a legitimate user (YES in step A4), It is checked whether the access is for requesting setting to the device information table ET or the terminal information table TT (step A5).

  If a setting request to the table is received (YES in step A5), if the setting request is a request to the device information table ET (YES in step A6), the information transmitted from the mobile terminal device 2 is changed. Processing to set “terminal identification information”, “device identification information”, and “device authentication information” in the device information table ET is performed (step A7), and if the request is for the terminal information table TT (NO in step A6) Then, a process of setting the information transmitted from the mobile terminal device 2 to “terminal identification information”, “terminal availability information”, and “authentication information” in the terminal information table TT is performed (step A8). Thereafter, the process returns to the first step A1. The “terminal availability information” is obtained by accessing the information management server device 1 from another device (tablet terminal or the like) 5 of the user in place of the stolen or lost mobile terminal device 2. Can be changed from “valid” to “invalid”.

  On the other hand, if it is not a setting request to the device information table ET or the terminal information table TT (NO in step A5), the flow proceeds to the flow of FIG. 6 and the electronic device 3 to be accessed is connected to the indirect access via the information management server device 1. If the request is not a request for indirect access (NO in step A9), processing corresponding to another request (step A10) is performed, and then the process returns to the first step A1 in FIG. If it is a request for indirect access (YES in step A9), the device identification information to be accessed and the terminal identification information of the own terminal transmitted from the mobile terminal device 2 are received and acquired (step A11). The device information table ET is referred to based on the identification information and the terminal identification information (step A12), and whether the device identification information is stored in association with the terminal identification information, that is, the electronic device 3 of the device identification information is accessed. It is checked whether the request is from the portable terminal device 2 that can be performed (step A13).

  If the terminal identification information does not correspond to the device identification information, that is, if the request is not a request from the portable terminal device 2 that can access the electronic device 3 of the device identification information (NO in step A13), an error occurs. After transmitting the message to the requesting mobile terminal device 2 (step A19), the process returns to the first step A1 in FIG. If the terminal identification information and the device identification information are stored in association with each other, that is, if the terminal is accessible (YES in step A13), the terminal information table TT is referred to based on the terminal identification information. (Step A14), it is checked whether the “terminal availability information” is “valid”, that is, whether the request is from the mobile terminal device 2 that is permitted to be used (Step A15). Now, if the “terminal availability information” is “invalid”, for example, if it is an access request in which the terminal use is not permitted due to theft or loss of the mobile terminal device 2 (NO in step A15), an error will occur. After the message is transmitted to the requesting mobile terminal device 2 (step A19), the process returns to the first step A1 in FIG.

  If the “terminal availability information” is “valid”, that is, if it is an access request in a state where terminal use is permitted (YES in step A15), a terminal corresponding to the electronic device 3 to be accessed is provided. It is checked whether “apparatus authentication information” is stored in the information table TT (step A16). If “apparatus authentication information” is not stored (NO in step A16), an error message is sent to the requesting mobile terminal. After transmitting to the apparatus 2 (step A19), the process returns to the first step A1 in FIG. Here, if the request is from the mobile terminal device 2 that can access the target device (YES in step A13) and the request is from the mobile terminal device 2 that is permitted to be used (step Furthermore, on the condition that “apparatus authentication information” is stored in the terminal information table TT (YES in step A16), the “apparatus authentication information” is read (step A17) and requested. The device authentication information is transmitted to the original mobile terminal device 2 (step A18). Thereafter, the process returns to the first step A1 in FIG.

7 and 8 are flowcharts showing an outline of the operation of the characteristic part of the present embodiment in the entire operation of the mobile terminal device 2, and the execution is started in response to power-on.
First, the CPU 21 of the mobile terminal device 2 displays an authentication input screen in response to power-on (step B1 in FIG. 7), and authentication information is input from the operation unit 26 into this input screen (step B2). ), An authentication process is performed based on the authentication information (step B3). In this case, the authentication information is terminal authentication information (for example, a terminal password and a keyword used when accessing the mobile terminal device 2) used for authentication of the mobile terminal device 2 itself. Authentication processing is performed by comparing the stored authentication standard information (not shown) with the inputted terminal authentication information. As a result, it is determined whether or not the access is from a legitimate user who has the authority to access the mobile terminal device 2 (step B4). If the access is not from a legitimate user (NO in step B4), Return to the first step B1 to invalidate the access.

  If the access is from a legitimate user (YES in step B4), it is checked whether an access request to the information management server device 1 is instructed by a user operation (step B5). As a result, if access to the information management server device 1 is not instructed (NO in step B5), the process proceeds to step B6, and processing such as incoming call processing and outgoing call processing can be performed. When access is instructed (YES in step B5), a setting for performing authentication processing on the information management server device 1 side to check whether the request is from a legitimate user having access authority to use the information management server device 1 (Step B7).

  If it is set in advance that authentication processing should be performed on the information management server device 1 side (YES in step B7), an authentication input screen is displayed (step B8). When authentication information is entered in this input screen (step B9), this authentication information is transmitted to the information management server device 1 (step B10). In this case, the authentication information is server access authentication information used for authentication of the information management server device 1 itself (for example, a server password and a keyword used when accessing the information management server device 1). If the authentication process on the information management server device 1 side is omitted (NO in step B7), the processing result in step B3 described above (information indicating that the request is from a legitimate user). It transmits to the information management server apparatus 1 (step B11).

  Then, proceeding to the flow of FIG. 8, is the access instruction to the information management server device 1 instructing table setting (step B <b> 12), or the electronic device 3 from the portable terminal device 2 via the information management server device 1. It is checked whether indirect access to access is instructed (step B16). If it is a table setting instruction (YES in step B12), it is further checked whether it is a setting instruction for the device information table ET (step B13). If it is a setting instruction for the device information table ET (step B13). YES), a process of transmitting information input by a user operation to the information management server device 1 as setting information in the device information table ET is performed (step B14). If the instruction is a setting instruction for the terminal information table TT (NO in step B13), a process of transmitting information input by a user operation to the information management server apparatus 1 as setting information for the terminal information table TT is performed (step S1). B15).

  Further, when an indirect access to access the electronic device 3 is instructed from the mobile terminal device 2 via the information management server device 1 (YES in step B16), the short-range communication unit 25 is activated to exist in the vicinity. By transmitting / receiving data to / from the electronic device 3 that is currently in operation, mutual identification information (terminal ID, device ID) is transmitted / received to search for a communication partner (neighboring device) (step B17). As a result, the device identification information is received and acquired from the electronic device (search device) 3 with which communication has been established (step B18), and the device identification information and the terminal identification information of the own terminal are transmitted to the information management server device 1. To request indirect access (step B19).

  In response to this indirect access, it is checked whether or not device authentication information is received from the information management server device 1 (step B17). If device authentication information is not received (NO in step B20), an error message is displayed. (Step B22) When the device authentication information is received (YES in Step B20), an access request including the device authentication information is transmitted to the nearby electronic device (search device) 3 via the short-range communication unit 25 (Step B22). Step B21). Then, it returns to step B1 of FIG. Note that when the electronic device 3 receives device authentication information from the mobile terminal device 2, the electronic device 3 performs authentication processing, and performs processing such as unlocking and access restriction release if the access request is from a legitimate user.

  As described above, in the present embodiment, when the information management server device 1 receives a request for indirect access from the mobile terminal device 2 to the electronic device 3 via the information management server device 1, the information management server device 1 stores the device information table ET. It is determined whether or not the request is from the mobile terminal device 2 that can access the electronic device 3, and the mobile terminal device 2 that is permitted to use the terminal with reference to the terminal information table TT. It is a request from the portable terminal device 2 that can access the electronic device 3 as a result of determining whether or not the request is from the portable terminal device 2 that is permitted to use the terminal. If it is determined that the device authentication information for the electronic device 3 is transmitted to the requesting mobile terminal device 2, the mobile terminal device 2 is lost or stolen. But it is possible to prevent unauthorized access to the electronic device 3 according to the portable terminal device 2, it is possible to enhance the security.

  That is, the mobile terminal device 2 associates with each accessible electronic device 3 and stores and manages the device authentication information on the own terminal side, so that the device authentication information obtained from the information management server device 1 is obtained. Is transmitted to the electronic device 3, and the user can access the electronic device 3. If the mobile terminal device 2 is lost or stolen, the user uses the other device 5 to manage information. Since the server device 1 can be accessed and the use of the mobile terminal device 2 can be set invalid, it is possible to prevent unauthorized access to the electronic device 3 using the lost or stolen mobile terminal device 2. It is possible to increase security.

  When the information management server device 1 receives an access request from the mobile terminal device 2, the information management server device 1 determines whether the request is from a legitimate user of the mobile terminal device 2. It is a request from the mobile terminal device 2 that can be accessed, a request from the mobile terminal device 2 that is permitted to use the terminal, and a request from a legitimate user with access authority. As a result, the device authentication information of the electronic device can be transmitted, and the security can be further improved.

  When the information management server device 1 receives an access request from the mobile terminal device 2, the information management server device 1 receives the result of the authentication processing executed on the mobile terminal device 2 side, and is the authorized user based on the processing result? Since it is determined whether or not the access is from a legitimate user only by receiving the result of the authentication process executed on the mobile terminal device 2 side when accessing the information management server device 1 Can be determined. In this case, if the mobile terminal device 2 is authenticated as a legitimate user, it is possible to omit an operation for inputting server authentication information when accessing the information management server device 1.

  When the information management server device 1 receives an access request from the mobile terminal device 2, the information management server device 1 performs authentication processing by comparing the authentication information included in the access request with “authentication information” in the terminal information table TT. Since it is determined whether the request is from a legitimate user having access authority based on the processing result, security can be further improved.

  In the information management server device 1, the device information table ET stores device identification information for identifying a plurality of electronic devices 3 that can be accessed by the mobile terminal device 2 corresponding to each of the plurality of mobile terminal devices 2. Since the device authentication information used for authentication of each device identification information is stored, and the terminal information table TT stores the availability information corresponding to each of the plurality of mobile terminal devices 2, The information management server device 1 transmits device authentication information corresponding to an access request from each mobile terminal device 2 to the requesting mobile terminal device 2 by collectively managing information related to the plurality of mobile terminal devices 2. It becomes possible.

  The request for indirect access from the mobile terminal device 2 to the electronic device 3 via the information management server device 1 is an access request including the device identification information received and acquired from the electronic device 3 searched by the mobile terminal device 2 by short-range communication. Therefore, the electronic device 3 to be accessed can be specified on the information management server device 1 side even if the user operation for designating the electronic device 3 is not performed on the mobile terminal device 2 side.

  When the information management server device 1 determines whether or not the request is from the mobile terminal device 2 that can access the electronic device 3 in response to a request for indirect access from the mobile terminal device 2, the device information table If the device identification information and device authentication information of the electronic device 3 are stored corresponding to the mobile terminal device 2 with reference to the ET, the mobile device 2 can access the electronic device 3 from the mobile terminal device 2. Since it is determined that it is a request, it is possible to cope with a case where the setting of information is forgotten, and a more reliable determination is possible.

  When the mobile terminal device 2 acquires the device identification information of the electronic device 3 to be accessed and accesses the electronic device 3, the mobile terminal device 2 transmits its own device identification information together with the device identification information to the information management server device 1 to obtain information. After receiving the request, the device authentication information transmitted from the information management server device 1 is received on the condition that the electronic device 3 can be accessed by the mobile terminal device 2, and the device authentication information is received. Since it was transmitted to the electronic device 3 to be accessed by short-range wireless communication, it was obtained from the information management server device 1 without storing and managing device authentication information of each electronic device 3 on its own terminal side By transmitting the device authentication information to the electronic device 3, the electronic device 3 can be accessed, and the device authentication information is not lost even if the mobile terminal device 2 is lost or stolen. Nor it is read.

  Since the mobile terminal device 2 makes a request for indirect access to the information management server device 1 when it is authenticated that the mobile terminal device 2 is an authorized user of the mobile terminal device 2 based on the terminal authentication information, If the terminal device 2 is authenticated as a legitimate user, the operation of inputting the server authentication information when accessing the information management server device 1 can be omitted.

  Since the mobile terminal device 2 transmits the result of authenticating that it is a legitimate user having the authority to access the mobile terminal device 2 to the information management server device 1, the information management server device 1 confirms that. Is possible.

  Since the portable terminal device 2 transmits the authentication information used for authentication of the information management server device 1 itself to the information management server device 1 together with the authentication information, the information management server device 1 is It is possible to perform processing for authenticating on the information management server device 1 side whether the user is a legitimate user having the authority to access.

  The mobile terminal device 2 is a request from the mobile terminal device 2 that can access the electronic device 3 on the information management server device 1 side, and a request from the mobile terminal device 2 that is permitted to use the terminal. Since the device authentication information transmitted on the condition is received and transmitted to the electronic device 3, when the mobile terminal device 2 is lost or stolen, the user can use another device 5. If the information management server device 1 is accessed and the use / invalidity of use of the portable terminal device 2 is set, unauthorized access to the electronic device 3 using the lost or stolen portable terminal device 2 can be performed. Can be prevented.

  Since the mobile terminal device 2 receives and acquires the device identification information from the nearby electronic device 3 searched by the short-range communication, it is possible to save the trouble of inputting the device identification information by a user operation.

  In the above-described embodiment, the information management server device 1 exemplifies a case in which all device authentication information of each electronic device 3 that can be accessed for each mobile terminal device 2 is stored and managed. 3, device authentication of some of the electronic devices 3 may be stored on the mobile terminal device 2 side. For example, for the electronic device 3 that requires strict security maintenance, the device authentication information is stored on the information management server device 1 side, but for the other electronic device 3, the device authentication information is stored in the information management server. You may make it memorize | store in the apparatus 1 side.

  In this way, when storing device authentication of some electronic devices 3 on the mobile terminal device 2 side, a table for storing the device authentication information in association with the device identification information is provided in the mobile terminal device 2. Just keep it. And the portable terminal device 2 checks whether the device authentication information is stored corresponding to the device identification information with reference to the above-mentioned table when receiving and acquiring the device identification information from the nearby electronic device 3, If stored, the device authentication information read directly from the table is transmitted by short-range communication. If not stored in the table, an indirect access request is made to the information management server device 1 and responded thereto. The received device authentication information may be transmitted by short-range communication. As described above, the access method to the electronic device 3 can be properly used according to the type (security) of the electronic device 3.

  In the above-described embodiments, passwords and keywords are exemplified as the authentication information, but biometric information such as voices, face images, and fingerprints recorded from the user's voices may be used.

  In the above-described embodiment, the information management server device 1 may be a server device in a company or a home, or a server device on the side of a business that develops a nationwide service. Moreover, although the case where it applied to a multifunctional mobile phone (smartphone) as the portable terminal device 2 was illustrated, PDA (personal portable information communication equipment), such as an electronic wristwatch, a key-type terminal, a tablet terminal, a digital camera, music It may be a player.

  Further, the “apparatus” and “unit” shown in each of the above-described embodiments may be separated into a plurality of cases by function, and are not limited to a single case. In addition, each step described in the above-described flowchart is not limited to time-series processing, and a plurality of steps may be processed in parallel or separately.

The embodiment of the present invention has been described above. However, the present invention is not limited to this, and includes the invention described in the claims and the equivalent scope thereof.
Hereinafter, the invention described in the claims of the present application will be appended.
(Appendix)
(Claim 1)
The invention described in claim 1
An information management device that transmits information in response to a request in response to a request from a portable terminal device connectable via a communication network,
Device information storage means for storing device identification information for identifying an electronic device accessible by the mobile terminal device and device authentication information used for authentication of the device itself for each device identification information;
Terminal information storage means for storing usability information indicating whether or not to permit use of the mobile terminal device;
When a request for indirect access to an electronic device via the information management device is received from the portable terminal device, the portable information device can access the electronic device by referring to the device information storage unit. A determination means for determining whether or not the request is a request from a portable terminal device permitted to use the terminal by referring to the terminal information storage means; and
If the determination means determines that the request is from a mobile terminal device capable of accessing an electronic device and is a request from a mobile terminal device that is permitted to use the terminal, the access requested electronic device Transmitting means for transmitting the device authentication information of the device to the requesting mobile terminal device;
It is an information management device characterized by comprising.
(Claim 2)
The invention according to claim 2 is the information management apparatus according to claim 1,
The determination means, when receiving an access request from the mobile terminal device, further determines whether it is an access request from a legitimate user having access authority,
The transmission means is a request from a mobile terminal device that can access an electronic device by the determination means, and is a request from a mobile terminal device that is permitted to use the terminal. When it is determined that the request is from a user, the device authentication information of the electronic device requested to be accessed is transmitted to the requesting mobile terminal device.
This is an information management apparatus characterized by being configured as described above.
(Claim 3)
The invention according to claim 3 is the information management apparatus according to claim 2,
When the determination unit receives an access request from the mobile terminal device, the determination unit receives a processing result of an authentication process executed on the mobile terminal device side, and whether or not the user is a legitimate user based on the processing result. To determine the
This is an information management apparatus characterized by being configured as described above.
(Claim 4)
The invention according to claim 4 is the information management device according to claim 2,
Reference information storage means for storing authentication information of a legitimate user having access authority as reference information for authentication processing;
An authentication unit that executes an authentication process by comparing authentication information included in the access request with the reference information when an access request is received from the mobile terminal device;
Further comprising
The determination means determines whether or not the user is a regular user based on the processing result by the authentication means.
This is an information management apparatus characterized by being configured as described above.
(Claim 5)
The invention according to claim 5 is the information management apparatus according to claim 1,
The device information storage means stores device identification information for identifying a plurality of electronic devices that can be accessed by the mobile terminal device, corresponding to each of the plurality of mobile terminal devices, and for each device identification information, Storing device authentication information used for authentication of the device itself, the terminal information storage means stores the usability information corresponding to each of a plurality of mobile terminal devices,
This is an information management apparatus characterized by being configured as described above.
(Claim 6)
The invention according to claim 6 is the information management apparatus according to claim 1,
The electronic device requested for indirect access from the portable terminal device via the information management device is an electronic device searched by the portable terminal device by short-range communication,
The request for indirect access from the mobile terminal device to the electronic device via the information management device is an access request including the device identification information received and acquired from the electronic device searched by the mobile terminal device by short-range communication.
This is an information management apparatus characterized by the above.
(Claim 7)
The invention according to claim 7 is the information management device according to claim 1,
The determining means determines whether the request is from a portable terminal device that can access the electronic device in response to a request for indirect access from the portable terminal device to the electronic device via the information management device. If the device identification information and device authentication information of the electronic device are stored corresponding to the portable terminal device, the portable device capable of accessing the electronic device is referred to. Determining that the request is from a terminal device,
This is an information management apparatus characterized by being configured as described above.
(Claim 8)
The invention according to claim 8 provides:
A portable terminal device that accesses a peripheral external device by short-range wireless communication,
Obtaining means for obtaining device identification information for identifying an external device to be accessed;
For the information management device that stores and manages device identification information of external devices that can be accessed for each portable terminal device and device authentication information used for authentication of the device itself, the device management information is acquired together with the device identification information acquired by the acquisition means. Information request means for requesting information necessary for accessing the external device by transmitting terminal identification information;
If it is determined on the information management device side that the external device indicated by the device identification information can be accessed by the mobile terminal device indicated by the terminal identification information in response to the information request, Receiving means for receiving the authentication information for the external device to be transmitted;
Transmitting means for transmitting the device authentication information received by the receiving means to the external device to be accessed by short-range wireless communication;
It is a portable terminal device provided with.
(Claim 9)
The invention according to claim 9 is the portable terminal device according to claim 8,
Reference information storage means for storing terminal authentication information used for authentication of the mobile terminal device itself as authentication reference information;
Authentication means for authenticating whether the user is a legitimate user by executing authentication processing by comparing the input terminal authentication information with the authentication reference information;
Further comprising
The information request means, when the authentication means is authenticated as a legitimate user, transmits the terminal identification information of the user together with the device identification information to request information.
This is a portable terminal device that is characterized as described above.
(Claim 10)
The invention according to claim 10 is the portable terminal device according to claim 9,
The information request unit further transmits an authentication result by the authentication processing unit.
This is a portable terminal device that is characterized as described above.
(Claim 11)
The invention according to claim 11 is the portable terminal device according to claim 8, further comprising input means for inputting authentication information used for authentication of the information management device itself,
The information request means requests the information by transmitting the authentication information input by the input means to the information management apparatus together;
This is a portable terminal device that is characterized as described above.
(Claim 12)
The invention according to claim 12 is the portable terminal device according to claim 8,
The receiving means is determined to be able to access the external device indicated by the device identification information by the mobile terminal device indicated by the terminal identification information in response to the information request on the information management device side; and When it is determined that the request is from a mobile terminal device that is permitted to use the terminal by referring to the usability information indicating whether or not the use of the mobile terminal device is permitted, it is transmitted on the condition Receive device authentication information,
This is a portable terminal device that is characterized as described above.
(Claim 13)
The invention according to claim 13 is the mobile terminal device according to claim 8,
The acquisition means receives and acquires the device identification information from the electronic device searched by near field communication.
This is a portable terminal device that is characterized as described above.
(Claim 14)
The invention according to claim 14 is the portable terminal device according to claim 8,
Device identification information for identifying each of a plurality of accessible electronic devices, and device information storage means for storing the device authentication information for each device identification information;
A determining unit that determines whether or not device authentication information corresponding to the device identification information is stored by referring to the device information storage unit based on the device identification information acquired by the acquiring unit;
Further comprising
The information requesting unit makes an information request to the information management device when the determining unit determines that the corresponding device authentication information is not stored.
This is a portable terminal device that is characterized as described above.
(Claim 15)
The invention according to claim 15 is:
Against the computer,
Function of storing and managing device identification information for identifying an electronic device that can be accessed by the portable terminal device corresponding to the portable terminal device and device authentication information used for authentication of the device itself for each piece of the device identification information as device information When,
A function for storing and managing as usage information whether or not to allow use of the terminal device, which is information arbitrarily set corresponding to the mobile terminal device, as terminal information;
When a request for indirect access to an electronic device via the information management device is received from the portable terminal device via a communication network, the portable terminal can access the electronic device by referring to the device information A function of determining whether or not the request is from a device, and determining whether or not the request is from a mobile terminal device that is permitted to use the terminal by referring to the terminal information;
When it is determined that the request is from a mobile terminal device capable of accessing the electronic device and the request is from a mobile terminal device that is permitted to use the terminal, the electronic device requested to access the electronic device A function of transmitting device authentication information to the requesting mobile terminal device; and
It is a program for realizing.
(Claim 16)
The invention described in claim 16
Against the computer,
A function of acquiring device identification information for identifying an external device to be accessed;
Sends its own terminal identification information along with the acquired device identification information to the information management device that stores and manages device identification information and device authentication information of external devices that can be accessed for each portable terminal device A function for requesting information necessary to access the external device,
Based on the device identification information and the terminal identification information received at the time of the information request, the information management device determines that the external device indicated by the device identification information can be accessed by the mobile terminal device indicated by the terminal identification information On the condition, the function of receiving the device authentication information transmitted from the information management device,
A function of transmitting the received device authentication information to the access target external device by short-range wireless communication;
It is a program for realizing.

1 Information management server device 2 Mobile terminal device 3 Electronic equipment (external device)
4 Public communication network (wide area communication network)
11, 21 CPU
13, 23 Storage unit 14, 24 Wide area communication unit 25 Near field communication unit ET Device information table TT Terminal information table

Claims (17)

An information processing apparatus depending controls the authentication request from a terminal device,
Terminal device for accessing an electronic device that requires authentication, and the present in the vicinity of the electronic device, and discriminating means you determine whether the electronic device to one terminal which is previously registered in correspondence,
Depending on the discrimination means by that determination result, the control means for controlling whether to permit authentication to the electronic device,
Information processing apparatus, characterized in that provided with the. The determining means further determines whether or not the terminal device is a terminal device permitted to be used,
The control means controls whether or not to allow authentication to the electronic device based on whether or not the terminal device is further permitted to use by the determination means.
The information processing apparatus according to claim 1. The control means refers to device storage means for storing device authentication information for unlocking the electronic device corresponding to a plurality of electronic devices, so that the device authentication information of the electronic device accessed by the terminal device And control to allow the authentication based on the device authentication information,
The information processing apparatus according to claim 1 or 2. An information processing device that controls authentication in response to a request from a terminal device,
When receiving an authentication request by a terminal device, a determination means for determining whether or not an electronic device registered in advance corresponding to the terminal device exists in a position near the terminal device;
Control means for controlling to permit authentication by the terminal device, on condition that there is an electronic device registered in advance by the determination means;
An information processing apparatus comprising: The determining means further determines whether or not the terminal device is a terminal device permitted to be used,
The control means performs control so as to permit authentication by the terminal device on the condition that the determining device further determines that the terminal device is permitted to be used.
The information processing apparatus according to claim 4. The control unit refers to a device storage unit that stores device authentication information for unlocking the electronic device corresponding to a plurality of electronic devices, so that the device of the electronic device in the vicinity of the terminal device Control to allow the authentication by obtaining authentication information;
The information processing apparatus according to claim 4, wherein the information processing apparatus is an information processing apparatus. A terminal device capable of communicating with an external processing device ,
And confirmation means for confirming by the electronic device that requires authentication request or electronic equipment or not registered in advance in correspondence with the terminal apparatus to said external processing device,
Control for controlling to permit authentication to the electronic device on the condition that the external processing device has confirmed that the electronic device is an electronic device registered in advance corresponding to the terminal device by the confirmation unit. Means,
End terminal device being characterized in that comprises a. The control means further controls to allow authentication to the electronic device on the condition that the external processing device has confirmed that the terminal device is a terminal device permitted to use.
The terminal device according to claim 7. The confirmation means requests an electronic device in the vicinity of the terminal device to be an electronic device that requires the authentication, and confirms whether the electronic device is an electronic device registered in advance corresponding to the terminal device. To
The information processing apparatus according to claim 7 or 8, characterized in that: The control means controls to permit authentication to the electronic device by receiving device authentication information for unlocking the electronic device that is transmitted on condition that the external processing device has made the confirmation. ,
The information processing apparatus according to any one of claims 7 to 9. A terminal device that communicates with an external processing device,
Confirmation means for confirming whether or not the electronic device existing in the vicinity of the terminal device is an electronic device registered in advance corresponding to the terminal device;
Control means for controlling to allow authentication by the terminal device on the condition that the confirmation means confirms that the electronic device is the registered electronic device;
A terminal device comprising: The control means further controls to allow authentication by the terminal device on the condition that the external processing device confirms that the terminal device is a terminal device permitted to use.
The terminal device according to claim 11. The control means controls to allow the authentication by obtaining device authentication information for unlocking the electronic device on the condition of the confirmation;
The information processing apparatus according to claim 11, wherein the information processing apparatus is an information processing apparatus. A program for controlling a computer of an information processing device that controls authentication in response to a request from a terminal device,
The computer ,
Terminal device for accessing an electronic device that requires authentication is present in the vicinity of the electronic device, and discriminating means you determine whether the electronic device to one terminal which is previously registered in correspondence,
Control means for controlling whether or not to permit authentication to the electronic device according to the determination result by the determination means;
Program to function as. A program for controlling a computer of an information processing device that controls authentication in response to a request from a terminal device,
The computer,
When receiving an authentication request by a terminal device, a determination means for determining whether or not an electronic device registered in advance corresponding to the terminal device exists in a position near the terminal device;
Control means for controlling to allow authentication by the terminal device on condition that there is an electronic device registered in advance by the determination means;
Program to function as. A program for controlling a computer of a terminal device capable of communicating with an external processing device,
The computer ,
Confirmation means for confirming by the electronic device that requires authentication request or electronic equipment or not registered in advance in correspondence with the terminal apparatus to said external processing device,
Control for controlling to permit authentication to the electronic device on the condition that the external processing device has confirmed that the electronic device is an electronic device registered in advance corresponding to the terminal device by the confirmation unit. means,
Program to function as. A program for controlling a computer of a terminal device that communicates with an external processing device,
The computer,
Confirmation means for confirming whether or not the electronic device existing in the vicinity of the terminal device is an electronic device registered in advance corresponding to the terminal device;
Control means for controlling to permit authentication by the terminal device on the condition that the confirmation means confirms that the electronic apparatus is the registered electronic apparatus,
Program to function as.

Images