JP6497841B2 - Network connection method and electronic device - Google Patents

Description

  The present invention relates to a network connection method and the like.

  In recent years, in data communication between devices using a wireless local area network (LAN), a security standard has been created by the Institute of Electrical and Electronic Engineers (IEEE), etc., and data communication is relatively safe by following this standard. Can be executed.

  For example, in a wireless LAN, devices communicate with each other within a relatively narrow area where radio waves reach, and the user of each device can confirm the device of the communication partner. For this reason, there is a technique for performing highly confidential wireless communication by distributing a common secret key to each device that can identify a communication partner and using the common secret key.

  Further, after providing the user with a storage medium storing various codes for accessing the server and performing authentication using the terminal used by the user and the code of the storage medium, the storage medium is based on the code stored in the storage medium. There is a technique for controlling communication between a user terminal and a server.

Japanese translation of PCT publication No. 2002-507025

  However, the above-described conventional technology has a problem that communication control cannot be performed at a connection setting level corresponding to a maintenance worker who operates remotely.

  In one aspect, an object is to provide a network connection method and an electronic apparatus that can perform communication control according to a connection setting level corresponding to a maintenance worker who operates remotely.

  In the first proposal, the network connection method causes the first electronic device and the second electronic device to execute the following processing. The first electronic device includes first configuration information, user identification information, a policy that defines a connection level of communication between the first electronic device and the second electronic device via a network, a network or a portable medium. To the second electronic device. The first configuration information is the configuration information of the first electronic device collected by the tamper-resistant chip mounted on the first electronic device and approved by the third party device. The second electronic device acquires and stores the first configuration information, user identification information, and policy. The second electronic device collects the second configuration information of the second electronic device collected by the tamper-resistant chip mounted on the second electronic device and approved by the third party device via a network or a portable medium. To the first electronic device. The first electronic device acquires and stores the second identification information. The first electronic device receives user identification information input from a user, first configuration information at the time when the user identification information is input, and second configuration information stored in advance through a network. Send to electronic device. When the second electronic device stores user identification information corresponding to the user identification information received via the network, the second electronic device specifies a policy corresponding to the user identification information. The second electronic device controls connection between the first electronic device and the second electronic device via the network based on the identified policy, the first configuration information acquired via the network, and the second configuration information. To do.

  According to one embodiment of the present invention, communication control can be performed at a connection setting level corresponding to a maintenance worker who operates remotely.

FIG. 1 is a diagram illustrating a configuration of a system according to the present embodiment. FIG. 2 is a diagram for explaining data exchanged between the IC card, the mobile terminal, and the wireless LAN router. FIG. 3 is a diagram for explaining data exchanged between the IC card, the mobile terminal, and the wireless LAN router. FIG. 4 is a diagram illustrating an example of processing for setting a connection level. FIG. 5 is a flowchart showing a processing procedure when the mobile terminal and the wireless LAN router prepare for connection using an IC card. FIG. 6 is a flowchart illustrating a processing procedure of processing in which the mobile terminal requests the ISP to calculate the configuration information match degree. FIG. 7 is a flowchart (1) illustrating a processing procedure of processing in which the mobile terminal prepares for connection. FIG. 8 is a flowchart showing a processing procedure when the wireless LAN router receives a connection request from the mobile terminal. FIG. 9 is a functional block diagram illustrating the configuration of the IC card according to the present embodiment. FIG. 10 is a diagram illustrating an example of a data structure of a corresponding policy of an IC card. FIG. 11 is a diagram illustrating an example of the data structure of an IC card determination table. FIG. 12 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the IC card. FIG. 13 is a functional block diagram illustrating the configuration of the mobile terminal according to the present embodiment. FIG. 14 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the mobile terminal. FIG. 15 is a diagram illustrating an example of a data structure of the connection permission list of the mobile terminal. FIG. 16A is a diagram illustrating an example of a data structure of a correspondence policy of a mobile terminal. FIG. 16B is a diagram illustrating an example of a data structure of the determination table of the mobile terminal. FIG. 17 is a diagram illustrating an example of the data structure of the registration table of the mobile terminal. FIG. 18 is a diagram illustrating an example of the data structure of the determination policy. FIG. 19 is a diagram illustrating an example of the data structure of the qualification table. FIG. 20 is a diagram illustrating an example of a data structure of the freshness leveling policy. FIG. 21 is a diagram illustrating an example of the data structure of the history table. FIG. 22 is a diagram illustrating an example of the data structure of the matching leveling policy. FIG. 23 is a diagram illustrating an example of a data structure of the calculation result table. FIG. 24 is a diagram illustrating an example of the data structure of the determination result table. FIG. 25 is a functional block diagram illustrating the configuration of the wireless LAN router according to the present embodiment. FIG. 26 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the wireless LAN router. FIG. 27 is a diagram illustrating an example of a data structure of a connection permission list of the wireless LAN router. FIG. 28 is a diagram illustrating an example of the data structure of the correspondence policy of the wireless LAN router. FIG. 29 is a diagram illustrating an example of the data structure of the registration table of the wireless LAN router. FIG. 30 is a diagram illustrating an example of a data structure of a determination policy of the wireless LAN router. FIG. 31 is a diagram illustrating an example of the data structure of the connection request table. FIG. 32 is a diagram illustrating an example of the data structure of the determination result table for confirmation. FIG. 33 is a diagram for explaining the second determination criterion. FIG. 34 is a diagram for explaining the third determination criterion. FIG. 35 is a functional block diagram showing the configuration of the ISP according to the present embodiment. FIG. 36 is a diagram illustrating an example of the data structure of the leveling policy.

  Hereinafter, embodiments of a network connection method and an electronic device disclosed in the present application will be described in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

  An example of TCG (Trusted Computing Group) technology used in the present embodiment will be described. Terminals and devices connected to the Internet are constantly exposed to security threats, and there are cases where unexpected modifications are made to the software structure that constitutes the platform due to viruses, spyware, other malicious scripts, unauthorized access, and the like. For such risks, TCG realizes a safe computing environment by ensuring the reliability of the platform. Here, the platform indicates hardware, an OS (Operating System), an application, and the like.

  For example, there is a limit to conventional security measures that depend only on software against the threat of software tampering. For this reason, TCG embeds a TPM (Trusted Platform Module) chip in the platform and uses the TPM chip as a trust route to construct a reliable computing environment that is extremely difficult to falsify. Further, by using the TPM chip, hardware-based data / certificate protection and a secure cryptographic processing environment can be realized.

  Next, the TPM chip will be described. The TPM chip is a birdware chip bound to an electronic device and has tamper resistance. The TPM chip is physically bound to the main components of the electronic device so that it cannot be removed from the electronic device. For example, the component parts of the electronic device correspond to a motherboard or the like. Since the TPM chip is designed with the functions, memory area, and processor power to be suppressed as much as possible, it can be manufactured at low cost and can be applied to various electronic devices and platforms.

  For example, the functions of the TPM include a function for generating and storing an RSA (Rivest Shamir Adleman) secret key, and a function for signing, encrypting, and decrypting with an RSA secret key. In RSA, a pair of a private key and a public key is created. In addition, the functions of the TPM include a function for performing a hash calculation of SHA-1 (Secure Hash Algorithm 1) and a function for holding environment information of the electronic device. When the bound electronic device is activated, the TPM chip measures the software code in the boot process to the BIOS, OSloader, and OS kernel, hashs the measured software code, and registers it in a register inside the TPM chip. Also, the TPM chip collects hardware information of the bound electronic device, hashes the hardware information, and registers the information in a register inside the TPM chip. In the following description, software code and hardware information are collectively referred to as configuration information as appropriate.

  In TCG, a software stack and a software interface are defined in order to use a TPM chip that is a hardware device from a higher-level application or library. This software stack is called TSS (TCG Software Stack), and is composed of software modules that store the functions of TPM chips whose resources are limited. The application of the electronic device can access the function of the TPM chip described above using the interface provided by the TSS.

  Next, the configuration of the system according to the first embodiment will be described. In the first embodiment, as an example, a description will be given on the assumption that a maintenance worker performs maintenance work on a wireless LAN router and various devices connected to the wireless LAN router using a mobile terminal. Note that electronic devices used by maintenance workers are not limited to mobile terminals. For example, the electronic device used by the maintenance worker may be a plurality of electronic devices or a permanent electronic device. In the following description, these electronic devices are represented as mobile terminals.

  First, the maintenance worker stores information on the mobile terminal used by the worker in an IC (Integrated Circuit) card. Further, the maintenance worker may add information identifying the maintenance worker, such as the maintenance worker ID, password, and bio-information, to the IC card. Here, when storing the information of the IC card in the mobile terminal, or when storing the information of the mobile terminal in the IC card, a third party is responsible for the exchange between each mobile terminal and the IC card. The card is approved. Then, the information that the IC card is approved is given to the mobile terminal. In addition, the mobile terminal gives information such as its configuration to the IC card in a format including information approved by the third party. The maintenance worker goes to the installation location of the device to be maintained and meets the device manager. The administrator confirms whether the maintenance worker is a reliable person as opposed to the maintenance worker. As a result of the relative confirmation, if the maintenance worker is a reliable person, the connection between the IC card and the wireless LAN router is permitted. When the connection between the IC card and the wireless LAN router is permitted, the mobile terminal information stored in the IC card is passed to the wireless LAN router, and the wireless LAN router information is stored in the IC card.

  Subsequently, the maintenance worker changes the IC card, connects the IC card and the mobile terminal, and stores the wireless LAN router information in the mobile terminal, thereby completing the connection setting. After the connection setting is completed, the mobile terminal and the wireless LAN router are securely connected via a long-distance network such as the Internet, and the maintenance worker performs the maintenance work.

  FIG. 1 is a diagram illustrating a configuration of a system according to the present embodiment. As shown in FIG. 1, user terminals 10a and 10b and a hard disk device 11 are connected to a wireless LAN router 200a by a wireless LAN 60a.

  A user terminal 10c and an Internet television 12 are connected to the wireless LAN router 200b by a wireless LAN 60b. The certificate authority 20, the mobile terminals 100a and 100b, the wireless LAN routers 200a and 200b, and the ISP (Internet Services Provider) 300 are connected to each other via the network 50.

  The maintenance worker uses the IC card 30 to convey the information about the mobile terminal 100a to the wireless LAN router 200a and convey the information about the wireless LAN router 200a to the mobile terminal 100a. The maintenance worker inserts the IC card 30 into the interface of the mobile terminal 100 and connects the IC card 30 and the mobile terminal 100. The maintenance worker inserts the IC card 30 into the interface of the wireless LAN router 200 and connects to the wireless LAN router 200. Alternatively, the mobile terminal 100a and the wireless LAN router 200a may be connected to the IC card 30 using an IC card reader or the like. In addition, the mobile terminal 100a and the wireless LAN router 200a may be connected to the IC card 30 using existing technology. A TPM chip is mounted on the IC card 30.

  The user terminals 10a, 10b, and 10c are terminal devices such as PCs used by users. The hard disk device 11 is an external storage device used by the user terminals 10a, 10b and the like. The Internet television 12 is a television for viewing a video program through a service provided on the Internet via an Internet connection.

  The certificate authority 20 is a device that issues a public key used in the mobile terminals 100a and 100b, the wireless LAN routers 200a and 200b, and the ISP 300, and a digital certificate for the public key. In the first embodiment, secure data communication is executed between devices using a public key infrastructure. For example, the certificate authority 20 holds the public keys of the IC card 30, the mobile terminals 100a and 100b, the wireless LAN routers 200a and 200b, and the ISP 300. The mobile terminals 100 a and 100 b, the wireless LAN routers 200 a and 200 b, the ISP 300, and the IC card 30 acquire each public key from the certificate authority 20.

  The mobile terminals 100a and 100b are, for example, terminal devices used when a maintenance worker performs maintenance work. In the following description, the mobile terminals 100a and 100b are collectively referred to as the mobile terminal 100 as appropriate. The mobile terminal 100 is equipped with a TPM chip.

  The wireless LAN routers 200a and 200b are devices that relay data communication between each device connected to the wireless LAN and the Internet 50. In the following description, the wireless LAN routers 200a and 200b are collectively referred to as a wireless LAN router 200 as appropriate. The wireless LAN router 200 is equipped with a TPM chip.

  The ISP 300 acquires the configuration information of the mobile terminal 100 from the TPM chip of the mobile terminal 100 and approves the mobile terminal 100. The TPM chip of the mobile terminal may add the name of the mobile terminal 100, the unique ID of the mobile terminal 100, and the like to the configuration information. The ISP 300 acquires the configuration information of the wireless LAN router 200 from the TPM chip of the wireless LAN router 200 and approves the wireless LAN router. Further, the ISP 300 acquires the configuration information of the IC card 30 from the TPM chip of the IC card 30 and approves the IC card.

  Next, data exchanged between the IC card 30, the mobile terminal 100, and the wireless LAN router 200 shown in FIG. 1 will be described. 2 and 3 are diagrams for explaining data exchanged between the IC card, the mobile terminal, and the wireless LAN router.

  At a stage before data is exchanged, the IC card 30 has configuration information 31 a of the IC card 30. The mobile terminal 100 includes configuration information 110a of the mobile terminal 100, a registration table 111, and a determination policy 112. The wireless LAN router 200 has configuration information 210a. Here, the registration table 111 is a table having various types of information related to maintenance workers. The determination policy 112 is a table that defines the connection level of communication between the mobile terminal 100 and the wireless LAN router 200. Specific description regarding each piece of information shown in FIG. 2 will be described later.

  In FIG. 2, when the mobile terminal 100 and the IC card 30 are approved by the ISP 300, the mobile terminal 100 and the IC card 30 are connected. Then, the configuration information 31a of the IC card 30 is registered in the mobile terminal 100, and the configuration information 110a of the mobile terminal 100 is registered in the IC card 30. In addition, the registration table 111 and the determination policy 112 of the mobile terminal 100 are registered in the IC card 30.

  The maintenance worker carries the IC card 30 to the installation position of the wireless LAN router 200. When the wireless LAN router 200 and the IC card 30 are approved by the ISP 300, the wireless LAN router 200 and the IC card 30 are connected. Then, the configuration information 31a of the IC card 30 is registered in the wireless LAN router 200. The configuration information 110a of the mobile terminal 100 is registered in the wireless LAN router 200 as the connection permission list 210b. Further, the registration table 111 and the determination policy 112 of the IC card 30 are registered as the registration table 211 and the determination policy 212 in the wireless LAN router 200.

  In FIG. 3, configuration information 210 a of the wireless LAN router 200 is registered in the IC card 30. 3, illustration of the configuration information 110a, the configuration information 31a, the registration table 111, and the determination policy 112 shown in the IC card 30 of FIG. 2 is omitted. The maintenance worker takes the IC card 30 back to the installation position of the mobile terminal 100. When the mobile terminal 100 and the IC card 30 are approved again by the ISP 300, the configuration information 210a of the wireless LAN router 200 is registered in the mobile terminal 100 as the connection permission list 110b.

  Next, an example of processing for setting a connection level between the mobile terminal 100 and the wireless LAN router 200 via the network 50 will be described. FIG. 4 is a diagram illustrating an example of processing for setting a connection level. Assume that the processing described with reference to FIGS. 2 and 3 is performed before the processing illustrated in FIG. 4 is performed.

As shown in FIG. 4, the mobile terminal 100 transmits connection request information 40 to the wireless LAN router 200 via the network 50. For example, the connection request information 40 includes registration identification information, configuration information match degree, freshness level, verification level, number of persons, and qualification information.

  The registration identification information is information that uniquely identifies the maintenance worker. The configuration information match degree is a value given by the ISP 300 based on the configuration information 110 a of the mobile terminal 100. The freshness level is a value indicating how much time has passed since registration identification information was registered in the mobile terminal 100. The collation level is a value indicating to what degree the collation performed for the maintenance worker is collated. The number of persons indicates the number of maintenance workers who perform maintenance work on the wireless LAN router 200 using the mobile terminal 100. The qualification is qualification information that the maintenance worker has.

  The mobile terminal 100 compares the information of the connection request 40 with the determination policy 112, determines the connection level, and stores the determination result in the determination result table 118. The mobile terminal 100 transmits the determination result table 118 to the wireless LAN router 200 via the network 50.

On the other hand, the wireless LAN router 200 acquires the connection request information 40 from the mobile terminal 100 and uses the registration identification information of the registration table 211 associated with the determination policy 212 and the registration identification information of the connection request information 40 as keys. The determination policy 212 is specified. The wireless LAN router 200 compares the information of the connection request information 40 with the determination policy 212 to determine the network connection level, and registers the determination result in the determination result table 213 for confirmation.

  The wireless LAN router 200 compares the network connection level stored in the confirmation determination result table 213 with the connection level of the determination result table 118 received from the mobile terminal 100, and sets the network connection level 41 corresponding to the comparison result. judge. The wireless LAN router 200 transmits information on the network connection level 41 to the mobile terminal 100.

  Also, the wireless LAN router 200 and the mobile terminal 100 determine whether or not the set of the configuration information 110a and 31a and the connection permission list 110b matches the set of the configuration information 210a and 31a and the connection permission list 210b. The wireless LAN router 200 determines whether or not to allow communication with the mobile terminal 100 according to the comparison result with each group, and when communication is permitted, within the range of the network connection level 41, the mobile LAN router 200 Communication with the terminal 100 is executed.

  Next, a processing procedure when the mobile terminal 100 and the wireless LAN router 200 perform connection preparation using the IC card 30 will be described. FIG. 5 is a flowchart showing a processing procedure when the mobile terminal and the wireless LAN router prepare for connection using an IC card.

  As shown in FIG. 5, the mobile terminal 100 is connected to the IC card 30 (step S101). In step S <b> 101, the maintenance worker inserts the IC card 30 into the interface of the mobile terminal 100 and connects the IC card 30 and the mobile terminal 100.

  The mobile terminal 100 acquires registration identification information from the maintenance worker (step S102). Here, “registration identification information” is identification information registered by the maintenance worker for the first time, and corresponds to biometric information such as fingerprint information, voiceprint information, vein information, and the like.

  The mobile terminal 100 generates a hash value of the registration identification information (Step S103). The mobile terminal 100 stores the hash value of the registration identification information in the registration table 111 (Step S104). The data structure of the registration table will be described later. The mobile terminal 100 stores the registration table 111 and the determination policy 112 in association with each other in the IC card 30 (step S105).

  The mobile terminal 100 stores the configuration information 110a of the mobile terminal 100 in the IC card 30 (step S106). The mobile terminal 100 acquires the configuration information 31a of the IC card 30 from the IC card 30 (step S107).

  The mobile terminal 100 is disconnected from the IC card 30 (step S108). In step S <b> 108, the maintenance worker takes out the IC card 30 from the interface of the mobile terminal 100. Then, the maintenance worker carries the IC card 30 to the position of the wireless LAN router 200.

  The wireless LAN router 200 is connected to the IC card 30 (step S109). In step S109, the maintenance worker inserts the IC card 30 into the interface of the wireless LAN router 200 and connects the IC card and the wireless LAN router.

  The wireless LAN router 200 acquires the registration table 111 and the determination policy 112 from the IC card 30 and stores them (step S110). Further, the wireless LAN router 200 acquires the configuration information 110a of the mobile terminal 100 and the configuration information 31a of the IC card 30 from the IC card 30 and stores them (step S111).

  The wireless LAN router 200 stores the configuration information 110a of the mobile terminal 100 as the connection permission list 210b (step S112). The wireless LAN router 200 stores the configuration information 210a of the wireless LAN router 200 in the IC card 30 (step S113).

  The wireless LAN router 200 is disconnected from the IC card 30 (step S114). In step S <b> 114, the maintenance worker takes out the IC card 30 from the interface of the wireless LAN router 200. Then, the maintenance worker carries the IC card 30 to the position of the mobile terminal 100.

  Mobile terminal 100 is connected to IC card 30 (step S115). In step S <b> 115, the maintenance worker inserts the IC card 30 into the interface of the mobile terminal 100 and connects the IC card 30 and the mobile terminal 100.

  The mobile terminal 100 acquires the configuration information 210a of the wireless LAN router from the IC card 30 (step S116). The mobile terminal 100 stores the configuration information 210a of the wireless LAN router 200 as the connection permission list 110b (step S117).

  Next, processing in which the mobile terminal 100 requests the ISP 300 to calculate the degree of configuration information match before connecting to the wireless LAN router 200 via the network 50 will be described. FIG. 6 is a flowchart illustrating a processing procedure of processing in which the mobile terminal requests the ISP to calculate the configuration information match degree.

  As illustrated in FIG. 6, the mobile terminal 100 acquires the configuration information 110a of the mobile terminal 100 using the TPM chip installed in the mobile terminal 100 (step S201), and stores the hashed configuration information 110a in the ISP 300. Transmit (step S202).

  The ISP 300 receives the hashed configuration information 110a (step S203). The ISP 300 compares the configuration information 110a and the leveling policy to calculate the configuration information match level (step S204). Here, the leveling policy is a policy for approving the electronic device based on the configuration information. A highly reliable electronic device has a higher configuration information match value than an unreliable electronic device. A detailed description of the leveling policy will be described later.

  The ISP 300 transmits the configuration information match degree to the mobile terminal 100 (step S205). The mobile terminal 100 receives the configuration information match level (step S206), and stores the configuration information match level in the calculation result table (step S207). Here, the calculation result table is a table that stores the freshness level and the collation level shown in FIG. Detailed description regarding the calculation result table will be described later.

  Next, a connection preparation processing procedure performed before the mobile terminal 100 connects to the wireless LAN router 200 via the network 50 will be described. FIG. 7 is a flowchart illustrating a processing procedure of processing in which the mobile terminal prepares for connection.

  As shown in FIG. The mobile terminal 100 determines whether or not there is a login acceptance request from the maintenance worker (step S301). When the mobile terminal 100 does not accept a login from the maintenance worker (No at Step S301), the mobile terminal 100 proceeds to Step S301 again.

  When there is a log-in reception from the maintenance worker (step S301, Yes), the mobile terminal 100 reads the personal identification information of the maintenance worker (step S302). In step S302, the personal identification information is identification information input from a maintenance worker at the time of log-in reception, and corresponds to biological information such as fingerprint information, voiceprint information, and vein information of the maintenance worker.

  The mobile terminal 100 determines whether authentication is OK (step S303). In step 303, for example, the mobile terminal 100 compares the registered identification information registered in advance with the personal identification information read in step 302, and the authentication is OK when the matching degree is a predetermined value or more. Is determined.

  If the authentication is not OK (step S303, No), the mobile terminal 100 displays an error screen (step S304) and ends the process.

  On the other hand, if the authentication is OK (step S303, Yes), the mobile terminal 100 generates a hash value of the personal identification information and registers it in the history table (step S305). The history table is a table for registering a hash value of personal identification information, information on a matching degree, and the like. Detailed description regarding the history table will be described later.

  The mobile terminal 100 registers the matching degree in the history table (step S306). The mobile terminal 100 calculates the elapsed date and time from the registration date of the registration identification information to the current date and time, and specifies the freshness level (step S307). The mobile terminal 100 registers the freshness level in the calculation result table (step S308).

  The mobile terminal 100 specifies the matching level based on the matching level (step S309). The mobile terminal 100 registers the matching level in the calculation result table (step S310).

  The mobile terminal 100 compares the calculation result table, the number of persons, the qualification information, and the determination policy 112, determines the connection level, and registers the determination result in the determination result table (step S311). The mobile terminal 100 encrypts the hash value of the registration identification information, the calculation result table, the number of people information, the qualification information, and the determination result table, and transmits them to the wireless LAN router 200 (step S312).

  Next, a processing procedure when the wireless LAN router 200 receives a connection request from the mobile terminal 100 will be described. For example, the wireless LAN router 200 determines that a connection request has been received when receiving each piece of information shown in step S312 of FIG. FIG. 8 is a flowchart showing a processing procedure when the wireless LAN router receives a connection request from the mobile terminal.

  As shown in FIG. 8, the wireless LAN router 200 determines whether there is a connection request (step S401). If there is no connection request (step S401, No), the wireless LAN router 200 proceeds to step S401 again.

  On the other hand, when there is a connection request (step S401, Yes), the wireless LAN router 200, the hash value of the encrypted registration identification information, the calculation result table, the number of people information, the qualification information, and the determination result table Is decoded (step S402). The wireless LAN router 200 determines whether there is a determination policy corresponding to the registered identification information (step S403).

  If there is a determination policy corresponding to the registration identification information (Yes in step S403), the wireless LAN router 200 includes the registration identification information, the configuration information match degree, the freshness level, the collation level, and the qualification information in the connection request table. Is registered (step S405).

  The wireless LAN router 200 compares the connection request table with the determination policy 112, determines the connection level, and registers it in the determination result table for confirmation (step S406). The wireless LAN router 200 determines the connection level based on the determination result table received from the mobile terminal 100 and the determination result table for confirmation (step S407).

  The wireless LAN router 200 notifies the mobile terminal 100 of the connection level (step S408). The wireless LAN router 200 performs communication control between the mobile terminal 100 and the wireless LAN router 200 according to the connection level (step S409). If there is no determination policy corresponding to the registered identification information (No in step S403), an error is output (step S404).

  Next, the configuration of the IC card 30 according to the present embodiment will be described. FIG. 9 is a functional block diagram illustrating the configuration of the IC card according to the present embodiment. As illustrated in FIG. 9, the IC card 30 includes a storage unit 31, a TPM chip 32, a communication unit 33, and a control unit 34. Other configurations are the same as the configuration of a general IC card, and thus the description thereof is omitted here.

  The storage unit 31 includes configuration information 110a, configuration information 210a, a correspondence policy 31b, a determination table 31c, a registration table 111, and a determination policy 112. For example, the storage unit 31 corresponds to a storage device such as a semiconductor memory element such as a random access memory (RAM), a read only memory (ROM), and a flash memory.

  The configuration information 110a is the configuration information 110a that the IC card 30 acquires from the mobile terminal 100 in FIG. The configuration information 210a is the configuration information 210a that the IC card 30 acquires from the wireless LAN router 200 in FIG. The registration table 111 is the registration table 111 that the IC card 30 acquires from the mobile terminal 100 in FIG. The determination policy 112 is the determination policy 112 that the IC card 30 acquires from the mobile terminal 100 in FIG.

  The correspondence policy 31b is policy information indicating the content of processing allowed for the IC card 30. FIG. 10 is a diagram illustrating an example of a data structure of a corresponding policy of an IC card. As shown in FIG. 10, the correspondence policy 31b has a creation date, a creation time, a policy, and availability. The creation date indicates the date when the corresponding record was generated. The creation time indicates the time when the corresponding record is generated. The policy indicates the content of processing using an IC card, for example. The permission / inhibition indicates whether or not the process indicated in the policy is permitted. For example, in the record on the first line in FIG. 10, information indicating that “permitting” the process of “transferring data to an IC card” is registered.

  The determination table 31 c is a table for determining the connection level between the IC card 30 and the mobile terminal 100 and the connection level between the IC card 30 and the wireless LAN router 200. FIG. 11 is a diagram illustrating an example of the data structure of an IC card determination table. As shown in FIG. 11, the determination table 31c holds the degree of configuration information match and the connection level in association with each other. The configuration information match degree is a value calculated by the ISP 300 based on the leveling policy. For example, when the configuration information matching degree is “40”, the ISP 300 allows a connection level having a configuration information matching degree of “40” or less. For example, connection levels with a configuration information match degree of “40” or lower are “migrate data to IC card” and “acquire data from IC card”. Of the connection levels allowed for the ISP 300, the extent to which the IC card 30 is allowed is defined by the corresponding policy 31b.

  The TPM chip 32 collects configuration information of the IC card 30 when the IC card 30 is activated. The TPM chip 32 hashes the collected configuration information and stores it as configuration information 31a. The TPM chip 32 stores a secret key 32a. The secret key 32a is a secret key of the IC card 30.

  FIG. 12 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the IC card. As shown in FIG. 12, the configuration information 31a has an item number and an item. For example, the item number “1” stores the configuration information of the device configuration part of the IC card in a hashed state. For example, the device component corresponds to a device model number, a device serial number, and the like.

  The communication unit 33 is a processing unit that connects to the mobile terminal 100, the wireless LAN router 200, and the like, and executes data communication with the mobile terminal and the wireless LAN router. The communication unit 33 performs data communication with the certificate authority 20 and the ISP 300 via the mobile terminal 100 while connected to the mobile terminal 100. The communication unit 33 may perform data communication with the certificate authority 20 or the ISP 300 via a card reader having a communication function.

  The control unit 34 includes a connection setting unit 34a. The controller 34 corresponds to, for example, an integrated device such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA). Moreover, the control part 34 respond | corresponds to electronic circuits, such as CPU and MPU (Micro Processing Unit), for example.

  After receiving the approval by the ISP 300, the connection setting unit 34a exchanges the configuration information 31a and 110a, the registration table 111, the determination policy 112, and the like with the mobile terminal 100. The connection setting unit 34a exchanges configuration information 31a, 110a, 210a, a registration table 111, a determination policy 112, and the like with the wireless LAN router 200 after receiving an approval by the ISP 300.

  An example of processing executed by the connection setting unit 34a with the ISP 300 will be described. The connection setting unit 34 a acquires the configuration information 31 a from the TPM chip 32 after connecting to the mobile terminal 100. The connection setting unit 34a generates a configuration information report by encrypting the configuration information 31a with the public key of the ISP 300, and transmits the configuration information report to the ISP 300.

  The connection setting unit 34 a receives the response information encrypted from the ISP 300 after transmitting the configuration information report to the ISP 300. This response information includes information on the degree of configuration information match of the configuration information 31a. The connection setting unit 34a decrypts the response information with the secret key 32a of the TPM chip 32, and extracts configuration information match degree information from the response information.

  The connection setting unit 34a compares the configuration information match degree and the determination table 31c to determine the connection level. The connection setting unit 34a compares the determined connection level with the corresponding policy 31b, and specifies the connection level between the IC card 30, the mobile terminal 100, and the wireless LAN router 200. For example, the connection setting unit 34a executes a process permitted by the corresponding policy 31b among the processes according to the connection level.

  For example, in FIG. 11, when the configuration information match degree is “40”, the processing according to the connection level is the connection level “acquire data from the IC card” corresponding to the configuration information match degree “40”, and the configuration The connection level processing is the information matching degree “40” or less. Also, as shown in FIG. 10, in the corresponding policy 31b, data migration to the IC card and acquisition of data from the IC card are permitted. For this reason, the connection setting unit 34a permits data migration to the IC card 30 and processing for acquiring data from the IC card 30 when the configuration information match degree is “40”.

  Next, a connection setting process when the connection setting unit 34a connects to the mobile terminal 100 will be described. However, data communication between the mobile terminal 100 and the connection setting unit 34a is executed within the range of processing permitted by the connection level and the corresponding policy 31b.

  The connection setting unit 34 a acquires the encrypted configuration information 110 a from the mobile terminal 100 and registers the encrypted configuration information 110 a in the storage unit 31. The encrypted configuration information 110 a is encrypted with the public key of the mobile terminal 100 and further encrypted with the public key of the wireless LAN router 200.

  The connection setting unit 34 a acquires the encrypted registration table 111 and determination policy 112, and registers the encrypted registration table 111 and determination policy 112 in the storage unit 31. For example, the encrypted registration table 111 and determination policy 112 are encrypted with the public key of the wireless LAN router 200. Further, the connection setting unit 34 a transmits the configuration information 31 a to the mobile terminal 100.

  Next, a connection setting process when the connection setting unit 34a connects to the wireless LAN router 200 will be described. However, data communication between the wireless LAN router 200 and the connection setting unit 34a is executed within the range of processing permitted by the connection level and the corresponding policy 31b.

  The connection setting unit 34 a acquires the encrypted configuration information 210 a from the wireless LAN router 200 and registers the encrypted configuration information 210 a in the storage unit 31. The encrypted configuration information 210 a is encrypted with the public key of the mobile terminal 100 and further encrypted with the public key of the wireless LAN router 200. The connection setting unit 34a outputs the configuration information 31a to the wireless LAN router 200.

  As described with reference to FIG. 3, the IC card 30 is connected to the mobile terminal 100 again after being connected to the wireless LAN router 200. In this case, the connection setting unit 34a outputs the configuration information 210a to the mobile terminal 100.

  Next, the configuration of the mobile terminal 100 according to the present embodiment will be described. FIG. 13 is a functional block diagram illustrating the configuration of the mobile terminal according to the present embodiment. As illustrated in FIG. 13, the mobile terminal 100 includes a TPM chip 105, a storage unit 110, a communication unit 120, an input unit 130, a display unit 140, an interface unit 150, an authentication unit 155, and a control unit 160. Since other configurations are the same as those of a general mobile terminal, description thereof is omitted here.

  For example, the TPM chip 105 collects configuration information of the mobile terminal 100 when the mobile terminal 100 is activated. The TPM chip 105 hashes the collected configuration information and stores it as configuration information 110a. Further, the TPM chip 105 stores a secret key 105a. The secret key 105a is a secret key of the mobile terminal 100.

  FIG. 14 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the mobile terminal. As shown in FIG. 14, the configuration information 110a has an item number and an item. For example, the item number “1” stores the configuration information of the boot block portion of the mobile terminal 100 in a hashed state. The item number “2” stores the configuration information of the BIOS portion of the mobile terminal 100 in a hashed state. The item number “3” stores the configuration information of the device configuration portion of the mobile terminal 100 in a hashed state. In the item number “4”, the identification number of the authentication unit 155 connected to the mobile terminal 100 is stored in a hashed state. In the item number “5”, the formware version of the authentication unit 155 connected to the mobile terminal 100 is stored in a hashed state.

  Note that the data structure of the configuration information illustrated in FIG. 14 is an example, and may include the following information, for example. For example, the configuration information may include a physical TCG chip, a physical TCG version, a physical OS, a virtual OS, a guest OS, a virtual TCG chip, a virtual TCG version, mandatory software, prohibited software, and permitted software. Alternatively, the configuration information may include a device model number, device serial, physical OS model number, physical OS serial number, physical OS version, virtual OS model number, virtual OS serial number, virtual OS, and virtual OS version. Alternatively, the configuration information may include a guest OS model number, a guest OS serial number, a guest OS version, a software model number, a software serial number, and a software version. Alternatively, the configuration information may include a prohibited protocol, a permitted protocol, a prohibited operation, and a permitted operation.

  The communication unit 120 is a processing unit that performs data communication with other devices via various networks. The communication unit 120 exchanges data with the wireless LAN router 200a, the certificate authority 20, and the ISP 300 via the network 50. The control unit 160 described later performs data communication with the certificate authority 20, the wireless LAN router 200a, and the ISP 300 via the communication unit 120.

  The input unit 130 is an input device that inputs various types of information to the mobile terminal 100. For example, the input unit 130 corresponds to a keyboard, a mouse, a touch panel, or the like. The display unit 140 is a display device that displays various types of information output from the control unit 160. For example, the display unit 140 corresponds to a liquid crystal display, a touch panel, or the like. The interface unit 150 is an interface connected to various external devices. For example, the mobile terminal 100 may be connected to the IC card 30 via the interface unit 150. Alternatively, an IC card reader may be connected to the interface unit 150 and connected to the IC card 30 via this IC card reader.

  The storage unit 110 includes configuration information 31a, a connection permission list 110b, a determination table 110d, a correspondence policy 110c, a registration table 111, a determination policy 112, a qualification table 113, a freshness leveling policy 114, and a history table 115. In addition, the storage unit 110 includes a matching leveling policy 116, a calculation result table 117, and a determination result table 118. For example, the storage unit 110 corresponds to a storage device such as a semiconductor memory element such as a RAM, a ROM, or a flash memory.

  The configuration information 31a is the configuration information 31a of the IC card 30 shown in FIG.

  The connection permission list 110b is information including the configuration information 210a of the wireless LAN router 200. FIG. 15 is a diagram illustrating an example of a data structure of the connection permission list of the mobile terminal. As shown in FIG. 15, the connection permission list 110b includes creation date, creation time, and connection destination configuration information. In FIG. 15, the creation date indicates the date when the connection permission list 110b is generated, and the creation date indicates the time when the connection permission list 110b is generated. The connection destination configuration information stores configuration information 210a of the wireless LAN router 200a that permits connection. The configuration information 210a of the wireless LAN router 200a is hashed.

  The correspondence policy 110c is policy information indicating the content of processing allowed for the mobile terminal 100. FIG. 16A is a diagram illustrating an example of a data structure of a correspondence policy of a mobile terminal. As shown in FIG. 16A, the correspondence policy 110c has a creation date, a creation time, a policy, and availability. The creation date indicates the date when the corresponding record was generated. The creation time indicates the time when the corresponding record is generated. The policy indicates the content of processing for the IC card 30 and the wireless LAN 200, for example. The permission / inhibition indicates whether or not the process indicated in the policy is permitted. For example, in the record on the first line in FIG. 16A, information indicating that “permit” the process of “referring to the log of the wireless LAN router 200” is registered. In the record on the second line in FIG. 16A, information indicating that “reject” the process of “changing the log of the wireless LAN router 200” is registered. In the record on the third line in FIG. 16A, information indicating that “permitting” the process of “transferring data to an IC card” is registered. In the record on the fourth line in FIG. 16A, information indicating that “permitting” the process of “acquiring data from the IC card” is registered.

  The determination table 110d is a table for determining the connection level between the mobile terminal 100 and the IC card according to the degree of configuration information match. FIG. 16B is a diagram illustrating an example of the data structure of the determination table. As illustrated in FIG. 16B, the determination table 110d holds the configuration information match degree and the connection level in association with each other. For example, if the degree of configuration information match is “30”, data transfer to the IC card 30 is allowed.

  The registration table 111 is a table having various types of information related to maintenance workers. FIG. 17 is a diagram illustrating an example of the data structure of the registration table of the mobile terminal. As illustrated in FIG. 17, this registration table holds a registration date, a personal ID, a hash value of registration identification information, an identification information type, and registration identification information in association with each other. The registration date is information indicating the date on which the registration identification information is registered. The personal ID is information including alphabetic characters or numbers that uniquely identify the maintenance worker. The hash value of the registration identification information is information obtained by hashing the registration identification information. The identification information type indicates the type of biometric information of the registered identification information. The registered identification information is biometric information that uniquely identifies a maintenance worker. The registration identification information is registered at the stage of step S102 in FIG. A password may be set as registered identification information instead of the biometric information.

  In the first level information in FIG. 17, the type of the registration identification information of the maintenance worker with the personal ID “aaa555” is “vein”, and the hash value of the registration identification information is “2231564”. Further, the registration date when the registration identification information is registered is “April 1, 2013”.

  The determination policy 112 is information in which a network connection level is associated with a condition that allows the network connection level. FIG. 18 is a diagram illustrating an example of the data structure of the determination policy. As shown in FIG. 18, the determination policy 112 associates the network connection level, the configuration information matching degree condition, the freshness level condition, the matching level condition, the number of people condition, and the possession qualification condition.

  In FIG. 18, the network connection level indicates the content of processing performed by the mobile terminal 100 for the wireless LAN router 200. The configuration information coincidence condition indicates a configuration information coincidence that allows the corresponding network connection level. The freshness level condition indicates a freshness level that allows the corresponding network connection level. The collation level condition indicates a collation level that allows the corresponding network connection level. The number of persons condition indicates the number of maintenance workers who can accept the corresponding network connection level. The possession qualification condition indicates a qualification that allows the corresponding network connection level.

  For example, in the first row of FIG. 18, if the configuration information match level is “30 or higher”, the freshness level is “10 or higher”, and the collation level is “10 or higher”, the mobile terminal 100 The process of “referencing the router log” is allowed.

  In the fourth row of FIG. 18, the configuration information match degree of “60 or more”, the freshness level of “40 or more”, the collation level of “30 or more”, “2” maintenance workers, and one of the maintenance workers If it has “qualification α” and one of the maintenance workers has “qualification β”, the next processing is permitted. That is, the mobile terminal 100 is allowed to perform a process of “referencing the setting value of the wireless LAN router (high security)”.

  The qualification table 113 is a table that holds qualification information of maintenance workers. FIG. 19 is a diagram illustrating an example of the data structure of the qualification table. As shown in FIG. 19, the qualification table associates the registration date, personal ID, possession qualification, qualification acquisition date, and qualification update date. The registration date indicates the date on which the record was registered. The personal ID is information including alphabetic characters or numbers that uniquely identify the maintenance worker. The possession qualification indicates the qualification possessed by the maintenance worker. The qualification acquisition date indicates the date on which the maintenance worker acquired the qualification. The qualification renewal date indicates the date when the maintenance worker renewed the qualification.

  For example, in the example shown in the first row of FIG. 19, the maintenance worker with the personal ID “aaa555” acquires the qualification “qualification α” on “March 1, 2013”, and the record is “April 2013”. “1 day” is registered.

  The freshness leveling policy 114 is a table that specifies the freshness level. FIG. 20 is a diagram illustrating an example of a data structure of the freshness leveling policy. As shown in FIG. 20, the freshness level policy associates an elapsed period with a freshness level. The elapsed period indicates an elapsed period since registration identification information is registered in the registration table 111. The freshness level increases as the elapsed time from registration of registration identification information to the registration table 111 decreases. For example, when the elapsed period from registration of registration identification information to the registration table 111 is “less than 6 months”, the freshness level of the corresponding registration identification information is “40”.

  The history table 115 is a table that holds a hash value of personal identification information, information on a matching degree, and the like. FIG. 21 is a diagram illustrating an example of the data structure of the history table. As illustrated in FIG. 21, the history table 115 holds the date, personal ID, hash value of personal identification information, identification information type, and matching degree in association with each other. The date / time indicates the date / time when the hash value of the personal identification information is registered. The personal ID is information including alphabetic characters or numbers that uniquely identify the maintenance worker. The hash value of the personal identification information is information obtained by hashing the personal identification information. The identification information type indicates the type of the biometric information of the personal identification information. The collation degree indicates the collation degree between the personal identification information corresponding to the same personal ID and the registered identification information, and is calculated by the authentication unit 155, for example.

  The collation leveling policy 116 is a table that specifies the collation level. FIG. 22 is a diagram illustrating an example of the data structure of the matching leveling policy. As illustrated in FIG. 22, the matching level leveling policy 116 holds the identification information type, the set matching level, and the matching level in association with each other. The identification information type indicates various types of biological information, passwords, and the like. The collation degree indicates the range of the coincidence degree between the registered identification information and the personal identification information, and the collation degree level is specified according to the collation degree.

  For example, if the matching degree is 96% as a result of matching the registered identification information of the identification information type “vein” with the personal identification information, the matching level is “30”.

  The calculation result table 117 is a table that holds the configuration information match degree, freshness level, and collation level in association with the maintenance worker. FIG. 23 is a diagram illustrating an example of a data structure of the calculation result table. As shown in FIG. 23, the calculation result table 117 holds the date and time, personal ID, configuration information match level, freshness level, and collation level in association with each other. The date and time indicates the date and time when the configuration information match level, freshness level, and collation level are registered. The personal ID is information including alphabetic characters or numbers that uniquely identify the maintenance worker. The configuration information matching degree is a matching degree calculated by the ISP 300 based on the configuration information 110 a of the mobile terminal 100. The freshness level is a freshness level calculated based on the freshness leveling policy 114. The collation level is a collation level calculated based on the collation level leveling policy 116.

  The determination result table 118 is a table having network connection level determination results based on the determination policy 112. FIG. 24 is a diagram illustrating an example of the data structure of the determination result table. As shown in FIG. 24, the determination result table 118 includes a network connection level, a configuration information match degree determination result, a freshness level determination result, a collation level determination result, a number determination result, and a possession qualification determination result. Correspondence with connection availability.

  In FIG. 24, the network connection level indicates the content of the process performed by the mobile terminal 100 for the wireless LAN router 200. The network connection level indicates the content of processing performed by the mobile terminal 100 for the wireless LAN router 200.

  The configuration information match level determination result is information indicating whether or not the configuration information match level condition defined in the determination policy 112 is satisfied. If the configuration condition matching degree condition is satisfied, “1” is stored, and if the configuration condition matching degree condition is not satisfied, “0” is stored. For example, the configuration information matching degree condition corresponding to the network connection level “refer to the log of the wireless LAN router” of the determination policy 112 is “30 or more”. For this reason, for example, when the configuration condition matching degree is “30” or more, the configuration information matching degree determination result of the network connection level “refer to the log of the wireless LAN router” is “1”. On the other hand, if the configuration condition matching level is less than “30”, the configuration information matching level determination result of the network connection level “refer to the log of the wireless LAN router” is “0”.

  The freshness level determination result is information indicating whether or not the freshness level condition defined by the determination policy 112 is satisfied. If the freshness level condition is satisfied, “1” is stored, and if the freshness level condition is not satisfied, “0” is stored. For example, the freshness level condition corresponding to the network connection level “refer to the log of the wireless LAN router” of the determination policy 112 is “10 or more”. Therefore, for example, if the freshness level is “10” or higher, the freshness level determination result of the network connection level “refer to the log of the wireless LAN router” is “1”. On the other hand, if the freshness level is less than “10”, the freshness level determination result of the network connection level “refer to the log of the wireless LAN router” is “0”.

  The collation level determination result is information indicating whether the collation level condition defined in the determination policy 112 is satisfied. If the collation level condition is satisfied, “1” is stored, and if the collation level condition is not satisfied, “0” is stored. For example, the collation level condition corresponding to the network connection level “refer to the log of the wireless LAN router” of the determination policy 112 is “10 or more”. Therefore, for example, if the collation level is “10” or higher, the collation level determination result of the network connection level “refer to the log of the wireless LAN router” is “1”. On the other hand, if the collation level is less than “10”, the collation level determination result of the network connection level “refer to the log of the wireless LAN router” is “0”.

  The number determination result is information indicating whether or not the number of persons defined by the determination policy 112 is satisfied. If the number of people condition is satisfied, “1” is stored, and if the number of people condition is not satisfied, “0” is stored. For example, the number of people condition corresponding to the network connection level “refer to the log of the wireless LAN router” of the determination policy 112 is “1 or more”. For this reason, for example, if the number of maintenance workers is “1” or more, the number determination result of the network connection level “refer to the log of the wireless LAN router” is “1”. On the other hand, if the number of maintenance workers is less than “1”, the number determination result of the network connection level “refer to the log of the wireless LAN router” is “0”.

  The possession qualification determination result is information indicating whether or not the possession qualification condition defined in the determination policy 112 is satisfied. If the possession qualification condition is satisfied, “1” is stored, and if the possession qualification condition is not satisfied, “0” is stored. For example, the possession qualification condition of the network connection level “refer to the setting value of the wireless LAN router (high security)” of the determination policy 112 is “one person has the qualification α and one person has the qualification β”. For this reason, for example, if “one person has qualification α and one person has qualification β” among maintenance workers, possession of the network connection level “refer to the setting value of the wireless LAN router (high security)” The qualification determination result is “1”. On the other hand, if “one person does not have the qualification α or one person does not have the qualification β” among the maintenance workers, the network connection level “refer to the setting value of the wireless LAN router ( The result of the possession qualification determination of “high security” is “0”.

  The possession qualification determination result corresponding to the possession qualification condition “-” of the determination policy 112 is “1”. For example, the possession qualification condition corresponding to the network connection level “refer to the log of the wireless LAN router” of the determination policy 112 is “−”. Therefore, the possession qualification determination result corresponding to the network connection level “refer to the log of the wireless LAN router” in the determination result table 118 is “1”.

  The connection availability is information indicating whether or not communication control at a corresponding network connection level is permitted. If the connection permission is “permitted”, the communication control at the corresponding network connection level is permitted. If the connection possibility is “impossible”, communication control at the corresponding network connection level is not permitted.

  The authentication unit 155 executes processing for registering registration identification information of the maintenance worker in the registration table 111 and processing for authenticating the maintenance worker. Hereinafter, the processing of the authentication unit 155 will be specifically described.

  First, a process in which the authentication unit 155 registers the registration identification information of the maintenance worker in the registration table 111 will be described. When the authentication unit 155 receives a registration identification information registration request from a maintenance worker via the input unit 130, the authentication unit 155 reads the biological information of the maintenance worker and outputs the read biological information to the TPM chip 105. Request biometric information hashing. The authentication unit 155 acquires hashed biometric information and registers it in the registration table 111 as a hash value of registration identification information. The authentication unit 155 also registers the registration date, the maintenance worker's personal ID, the identification information type, and the registration information in the registration table 111 together.

  Subsequently, a process in which the authentication unit 155 authenticates the maintenance worker will be described. When the authentication unit 155 receives a login request from the maintenance worker via the input unit 130, the authentication unit 155 reads the biological information of the maintenance worker, outputs the read biological information to the TPM chip 105, and hashes the biological information. Request for conversion. The authentication unit 155 acquires hashed biometric information and registers it in the history table 115 as a hash value of personal identification information. The authentication unit 155 also registers the biometric information date and time, the maintenance worker's personal ID, and the identification information type in the history table 115 together.

  The authentication unit 155 compares the personal identification information in the history table 155 with the registration identification information in the registration table 111 using the personal ID as a key, and calculates a matching degree. Here, the personal identification information used when the authentication unit 155 calculates the matching degree is raw biometric information, not hashed biometric information. The authentication unit 155 may calculate the matching degree using any conventional technique. The authentication unit 155 registers the calculated matching degree in the history table 115 in association with the personal ID. The authentication unit 155 causes the display unit 140 to display an error screen when the matching degree is less than a predetermined value.

  Returning to the description of FIG. The control unit 160 includes a connection setting unit 160a and a connection determination unit 160b. The control unit 160 corresponds to an integrated device such as an ASIC or FPGA, for example. Moreover, the control part 160 respond | corresponds to electronic circuits, such as CPU and MPU, for example.

  When the connection setting unit 160 a is connected to the IC card 30, the connection setting unit 160 a executes the process illustrated in FIG. 6 with the ISP 300. Then, the connection setting unit 160a executes the processing shown in FIGS. Hereinafter, the processing of the connection setting unit 160a will be specifically described.

  First, an example of processing executed by the connection setting unit 160a with the ISP 300 will be described. The connection setting unit 160 a acquires the configuration information 110 a from the TPM chip 105 after connecting to the IC card 30. The connection setting unit 160 a encrypts the configuration information 110 a with the public key of the ISP 300 to generate a configuration information report, and transmits the configuration information report to the ISP 300.

  The connection setting unit 160 a receives the response information encrypted from the ISP 300 after transmitting the configuration information report to the ISP 300. The connection setting unit 160a decrypts the response information with the private key 105a of the TPM chip 105, and extracts configuration information match degree information from the response information.

  Next, a process executed by the connection setting unit 160a with the IC card 30 will be described. The connection setting unit 160a compares the configuration information match degree with the determination table 110d to determine the connection level. The connection setting unit 160a compares the determined connection level with the corresponding policy 110c, and specifies the connection level between the mobile terminal 100 and the IC card 30. For example, the connection setting unit 160a executes a process permitted by the corresponding policy 110c among the processes according to the connection level. Hereinafter, the processing of the connection setting unit 160a will be described on the assumption that the connection levels “data transfer to the IC card 30” and “acquire data from the IC card 30” are permitted.

  The connection setting unit 160 a encrypts the configuration information 110 a with the public key of the mobile terminal 100, encrypts it with the public key of the wireless LAN router 200, and outputs the double-encrypted configuration information 110 a to the IC card 30. Further, the connection setting unit 160 a acquires the configuration information 31 a from the IC card 30 and registers it in the storage unit 110.

  The connection setting unit 160a encrypts the registration table 111 and the determination policy 112 with the public key of the wireless LAN router 200, and registers the encrypted registration table 111 and determination policy 112 in the IC card 30.

  The connection setting unit 160a acquires the encrypted configuration information 210a from the IC card 30. The connection setting unit 160 a generates the connection permission list 110 b by decrypting with the private key 105 a of the mobile terminal 100 and registers it in the storage unit 110. Since the encrypted information is double-encrypted, it remains encrypted with the public key of the wireless LAN router 200 even if it is decrypted with the private key 105a.

  The connection determination unit 160 b is a processing unit that issues a connection request to the wireless LAN router 200 via the network 50 and communicates with the wireless LAN router 200 according to the network connection level notified by the wireless LAN router 200. For example, the connection determination unit 160b executes a process corresponding to FIG. Hereinafter, the processing of the connection determination unit 160b will be specifically described.

  The connection determination unit 160b generates a calculation result table 117, compares the calculation result table 117 with the determination policy 112, and generates a determination result table 118. The connection determination unit 160b encrypts the hash value, the number information, the qualification information, and the determination result table 118 of the registration identification information with the public key of the wireless LAN router 200. In addition, the connection determination unit 160b encrypts the configuration information 31a and 110a and the connection permission list 110b with the public key of the wireless LAN router 200.

  The connection determination unit 160b transmits a connection request to the wireless LAN router 200. The connection request includes the hash value of the encrypted registration identification information, the number information, the qualification information, the determination result table 118, the configuration information 31a and 110a, and the connection permission list 110b.

  After transmitting the connection request, the connection determination unit 160b is notified of the network connection level information from the wireless LAN router 200. The connection determination unit 160b performs data communication with the wireless LAN router 200 according to the notified network connection level. However, it is assumed that the connection determination unit 160b performs data communication within the range of connection levels permitted by the corresponding policy 110c.

  Here, a process in which the connection determination unit 160b generates the calculation result table 117 will be described. The connection determination unit 160b specifies the configuration information match degree, freshness level, and collation level, and registers the specified information in the calculation result table 117. The connection determination unit 160b also registers the date and time when each piece of information is registered and the personal ID of the maintenance worker in the calculation result table 117.

  A process in which the connection determination unit 160b specifies the degree of configuration information match will be described. The connection determination unit 160b acquires the configuration information 110a from the TPM chip 105. The connection setting unit 160 a encrypts the configuration information 110 a with the public key of the ISP 300 to generate a configuration information report, and transmits the configuration information report to the ISP 300. The connection determination unit 160b receives the response information encrypted from the ISP 300 after transmitting the configuration information report to the ISP 300. The connection setting unit 160a decrypts the response information with the private key 105a of the TPM chip 105, and extracts configuration information match degree information from the response information. By executing such processing, the connection determination unit 160b identifies the degree of configuration information match.

  A process in which the connection determination unit 160b specifies the freshness level will be described. The connection determination unit 160b compares the date and time in the history table 115 with the date of registration in the registration table 111 using the personal ID as a key, and specifies the elapsed period since the registration identification information was registered. The connection determination unit 160b compares the elapsed period with the freshness leveling policy 114 to identify the freshness level. For example, as illustrated in FIG. 20, when the elapsed period is “less than 6 months”, the connection determination unit 160 b specifies the freshness level as “40”.

  A process in which the connection determination unit 160b specifies the matching level is described. The connection determination unit 160b compares the matching level and the identification information type registered in the history table 115 with the matching level leveling policy 116 to identify the matching level. For example, as shown in FIG. 22, when the identification information type is “vein” and the matching degree is “96%”, the connection determination unit 160b specifies the matching level as “30”.

  Next, a process in which the connection determination unit 160b generates the determination result table 118 by comparing the calculation result table 117 and the determination policy 112 will be described. The connection determination unit 160b compares the configuration information match degree, freshness level, and collation level of the calculation result table 117 with the configuration information match degree condition, freshness level condition, and collation level condition of the determination policy 112, respectively. It is judged whether or not The connection determination unit 160b registers “1” in each determination result of the determination result table 118 when the condition is satisfied, and registers “0” when the condition is not satisfied.

  The connection determination unit 160b acquires the number information of maintenance workers participating in the maintenance work from the input unit 130, and determines whether the number information and the number of conditions of the determination policy 112 are satisfied. The connection determination unit 160b registers “1” in the number determination result of the determination result table 118 when the number of people condition is satisfied, and registers “0” when the number of person condition is not satisfied.

  The connection determination unit 160b compares the personal ID input from the input unit 130 with the qualification table 113 to identify the possession qualification of the maintenance worker. The connection determination unit 160b determines whether or not the possession qualification condition of the determination policy 112 is satisfied. If the possession qualification condition is satisfied, “1” is registered in the possession qualification determination result of the determination result table 118 and the possession qualification is obtained. If the condition is not satisfied, “0” is registered.

  The connection determination unit 160b repeatedly executes the above processing, and registers “1” or “0” in each determination result for each network connection level in the determination result table 118. After registering information in each determination result, the connection determination unit 160b sets “permitted” or “impossible” to the connection availability. For example, the connection determination unit 160b sets the connection permission / prohibition to “permitted” for all determination results of the network connection level that are “1”. On the other hand, the connection determination unit 160b sets the connection permission / prohibition to “impossible” for all determination results of the network connection level that are not “1”.

  Next, the configuration of the wireless LAN router 200 according to the present embodiment will be described. FIG. 25 is a functional block diagram illustrating the configuration of the wireless LAN router according to the present embodiment. As shown in FIG. 25, the wireless LAN router 200 includes a TPM chip 205, a storage unit 210, a communication unit 220, an input unit 230, a display unit 240, an interface unit 250, and a control unit 260. Since other configurations are the same as the configuration of a general wireless LAN router, description thereof is omitted here.

  For example, the TPM chip 205 collects configuration information of the wireless LAN router 200 when the wireless LAN router 200 is activated. The TPM chip 205 hashes the collected configuration information and stores it as configuration information 210a. Further, the TPM chip 205 stores a secret key 205a. The secret key 205a is a secret key of the wireless LAN router 200.

  FIG. 26 is a diagram illustrating an example of a data structure of configuration information stored in the TPM chip of the wireless LAN router. As shown in FIG. 26, the configuration information 210a has an item number and an item. For example, the item number “1” stores the configuration information of the boot block portion of the wireless LAN router 200 in a hashed state. The item number “2” stores the configuration information of the BIOS portion of the wireless LAN router 200 in a hashed state. The item number “3” stores the configuration information of the device configuration portion of the wireless LAN router 200 in a hashed state.

  The communication unit 220 is a processing unit that performs data communication with other devices via various networks. The communication unit 220 exchanges data with the mobile terminal 100, the certificate authority 20, and the ISP 300 via the network 50. The control unit 260 described later performs data communication with the certificate authority 20, the wireless LAN router 200a, and the ISP 300 via the communication unit 220.

  The input unit 230 is an input device that inputs various types of information to the wireless LAN router 200. For example, the input unit 230 corresponds to a keyboard, a mouse, a touch panel, or the like. The display unit 240 is a display device that displays various types of information output from the control unit 260. For example, the display unit 240 corresponds to a liquid crystal display, a touch panel, or the like. The interface unit 250 is an interface connected to various external devices. For example, the wireless LNA router 200 may be connected to the IC card 30 via the interface unit 250. Alternatively, an IC card reader may be connected to the interface unit 250 and connected to the IC card 30 via this IC card reader.

  The storage unit 210 includes configuration information 31a, a connection permission list 210b, a correspondence policy 210c, a determination table 210d, a registration table 211, a determination policy 212, a connection request table 213, a confirmation determination result table 214, a determination result table 118, and a final determination result. A table 215 is included. For example, the storage unit 210 corresponds to a storage device such as a semiconductor memory element such as a RAM, a ROM, and a flash memory.

  The configuration information 31a is the configuration information 31a of the IC card 30 shown in FIG.

  The connection permission list 210b includes configuration information 110a of the mobile terminal 100. FIG. 27 is a diagram illustrating an example of a data structure of a connection permission list of the wireless LAN router. As shown in FIG. 27, the connection permission list 210b includes creation date, creation time, and connection destination configuration information. In FIG. 27, the creation date indicates the date when the connection permission list 210b is generated, and the creation date indicates the time when the connection permission list 210b is generated. The configuration information of the connection destination stores configuration information 110a of the mobile terminal 100a that allows connection. The configuration information 110a of the mobile terminal 100a is hashed.

  The correspondence policy 210c is a policy indicating the content of processing allowed for the wireless LAN router 200. FIG. 28 is a diagram illustrating an example of the data structure of the correspondence policy of the wireless LAN router. As shown in FIG. 28, the correspondence policy 210c has a creation date, a creation time, a policy, and availability. The creation date indicates the date when the corresponding record was generated. The creation time indicates the time when the corresponding record is generated. The policy indicates the content of processing for the IC card 30 and the wireless LAN 200, for example. The permission / inhibition indicates whether or not the process indicated in the policy is permitted. For example, in the record on the first line in FIG. 28, information indicating that “permit” the process of “refer to the log of the wireless LAN router 200” is registered. In the record on the second line in FIG. 28, information indicating that “reject” the process of “changing the log of the wireless LAN router 200” is registered. In the record on the third line in FIG. 28, information indicating that “permitting” the process of “transferring data to an IC card” is registered. In the record on the fourth line in FIG. 28, information indicating that “permitting” the process of “acquiring data from an IC card” is registered.

  The determination table 210d is a table for determining the connection level between the wireless LAN router 200 and the IC card 30 according to the degree of configuration information match. Since the data structure of the determination table 110d is the same as the data structure of the determination table 110d shown in FIG. 16B, description thereof is omitted here.

  The registration table 211 is a table that holds various types of information related to maintenance workers. FIG. 29 is a diagram illustrating an example of the data structure of the registration table of the wireless LAN router. As shown in FIG. 29, the registration table 211 stores a registration date, a personal ID, a hash value of registration identification information, and determination policy identification information in association with each other. The description regarding the registration date, the personal ID, and the hash value of the registration identification information is the same as the description regarding the registration date, the personal ID, and the hash value of the registration identification information described with reference to FIG.

  The determination policy identification information is information for uniquely identifying the determination policy corresponding to the hash value of the registered identification information. For example, when a connection request is received from the mobile terminal 100 and the hash value “2231564” of the registration identification information is included in the connection request, the determination policy of the determination policy identification information “determination policy 1A” is used.

  The determination policy 212 is information in which a network connection level is associated with a condition that allows the network connection level. The determination policy 212 of the wireless LAN router 200 has a plurality of types of determination policies corresponding to each mobile terminal 100 to be connected.

  FIG. 30 is a diagram illustrating an example of a data structure of a determination policy of the wireless LAN router. As shown in FIG. 30, the determination policy 212 includes determination policy identification information, network connection level, configuration information matching degree condition, freshness level condition, verification level condition, number of persons condition, and possession qualification condition. Associate.

  The determination policy identification information is information for uniquely identifying the determination policy. The network connection level, configuration information match condition, freshness level condition, verification level condition, number of people condition, possession qualification condition are the network connection level, configuration information match condition, freshness level condition, verification level condition described in FIG. This is the same as the explanation regarding the conditions for the number of people and the conditions for possession.

  The connection request table 213 is a table that stores information included in a connection request when a connection request is received from the mobile terminal 100. FIG. 31 is a diagram illustrating an example of the data structure of the connection request table. As shown in FIG. 31, this connection request table 213 associates the registration date, the hash value of the registration identification information, the configuration information match degree, the freshness level, the collation level, the possession qualification, and the number of persons. The description regarding the registration date and the hash value of the registration identification information is the same as the description regarding the registration date and the hash value of the registration identification information in the registration table 111 shown in FIG. The configuration information match degree, freshness level, collation level, and possession qualification are the same as those described for the configuration information match degree, freshness level, and collation level in the calculation result table 117 shown in FIG. The number of persons indicates the number of maintenance workers who perform maintenance work.

  The confirmation determination result table 214 is a table having a determination result of the network connection level based on the determination policy 212. FIG. 32 is a diagram illustrating an example of the data structure of the determination result table for confirmation. As shown in FIG. 32, the determination result table 214 for confirmation includes a network connection level, a configuration information match degree determination result, a freshness level determination result, a collation level determination result, a number determination result, and a possession qualification determination. The result is associated with the connection availability. The description regarding the network connection level, the configuration information match degree determination result, the freshness level determination result, the collation level determination result, the number of persons determination result, the possession qualification determination result, and the connection availability is the same as the description in the determination result table 118 shown in FIG. It is.

  The determination result table 118 is a determination result table 118 notified from the mobile terminal 100. The determination result table 118 has the same data structure as the determination result table shown in FIG.

  The final determination result table 215 is a table that defines the final network connection level. The final determination result table 215 is generated based on the confirmation determination result table 214 and the determination result table 118.

  Returning to the description of FIG. The control unit 260 includes a connection setting unit 260a and a connection determination unit 260b. The control unit 260 corresponds to an integrated device such as an ASIC or FPGA, for example. Moreover, the control part 260 respond | corresponds to electronic circuits, such as CPU and MPU, for example.

  When the connection setting unit 260 a is connected to the IC card 30, the connection setting unit 260 a performs data communication with the ISP 300 to acquire the configuration information matching degree. And the connection setting part 260a performs the process shown in FIG. Hereinafter, the processing of the connection setting unit 260a will be specifically described.

  First, an example of processing executed by the connection setting unit 260a with the ISP 300 will be described. The connection setting unit 260 a acquires the configuration information 210 a from the TPM chip 205 after connecting to the IC card 30. The connection setting unit 260 a encrypts the configuration information 210 a with the public key of the ISP 300 to generate a configuration information report, and transmits the configuration information report to the ISP 300.

  The connection setting unit 260a receives the response information encrypted from the ISP 300 after transmitting the configuration information report to the ISP 300. The connection setting unit 260a decrypts the response information with the secret key 205a of the TPM chip 205, and extracts configuration information match degree information from the response information.

  Next, a process executed by the connection setting unit 260a with the IC card 30 will be described. The connection setting unit 260a compares the configuration information match degree with the determination table 210d to determine the connection level. The connection setting unit 260a compares the determined connection level with the corresponding policy 210c to identify the connection level between the wireless LAN router 200 and the IC card 30. For example, the connection setting unit 160a executes a process permitted by the corresponding policy 210c among the processes according to the connection level. Hereinafter, the processing of the connection setting unit 260a will be described on the assumption that the connection levels “data transfer to the IC card 30” and “acquire data from the IC card 30” are permitted.

  The connection setting unit 260a acquires the encrypted configuration information 110a from the IC card 30. The connection setting unit 260 a generates the connection permission list 210 b by decrypting with the private key 205 a of the wireless LAN router 200 and registers it in the storage unit 210. Since the encrypted information is double-encrypted, it remains encrypted with the public key of the mobile terminal 100 even if decrypted with the private key 205a.

  The connection setting unit 260a acquires the encrypted registration table 111 and determination policy 112. The connection setting unit 260a decrypts the encrypted registration table 111 and determination policy 112 with the private key 205a of the wireless LAN router 200. The connection setting unit 260 a registers information in the registration table 111 in the registration table 211. The connection setting unit 260 a registers information on the determination policy 112 in the determination policy 212. The connection setting unit 260a associates the hash value of the registration identification information in the registration table 211 with the determination policy 212 using the determination policy identification information.

  The connection setting unit 260 a encrypts the configuration information 210 a with the public key of the mobile terminal 100, encrypts the configuration information 210 a with the public key of the wireless LAN router 200, and outputs the double-encrypted configuration information 210 a to the IC card 30. Further, the connection setting unit 260 a acquires the configuration information 31 a from the IC card 30 and registers it in the storage unit 210.

  The connection determination unit 260b is a processing unit that receives a connection request from the mobile terminal 100 via the network 50 and determines a network connection level. The connection determination unit 260b notifies the mobile terminal 100 of the determined network connection level, and allows data processing from the mobile terminal 100 within the range of the network connection level. For example, the connection determination unit 260b executes a process corresponding to FIG. Below, the process of the connection determination part 260b is demonstrated concretely.

  When the connection determination unit 260b receives the connection request, the connection determination unit 260b decrypts the information included in the connection request with the secret key 205a of the wireless LAN router 200 and stores the information in the connection request table 213. As described above, the connection request includes the hash value of the encrypted registration identification information, the number information, the qualification information, the determination result table 118, the configuration information 31a and 210a, and the connection permission list 210b.

  The connection determination unit 260b compares the determination policy 212 with the connection request table 213, and generates a confirmation determination result table 214. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, determines the network connection level, and notifies the mobile terminal 100 of the network connection level.

  Here, a process in which the connection determination unit 260b generates the confirmation determination result table 214 will be described. First, the connection determination unit 260b compares the hash value of the registration identification information included in the connection request with the registration table 211, and specifies the determination policy identification information corresponding to the hash value of the registration identification information. The connection determination unit 260b transmits an error to the mobile terminal 100 when the determination policy identification information corresponding to the hash value of the registration identification information does not exist.

  The connection determination unit 260b acquires a determination policy corresponding to the determination policy identification information from the determination policy 212, and compares the determination policy with the connection request table 213. In the following description, a determination policy corresponding to the determination policy identification information is referred to as a determination policy 212.

  The connection determination unit 260b compares the configuration information match degree, freshness level, and collation level of the connection request table 213 with the configuration information match degree condition, freshness level condition, and collation level condition of the determination policy 212, respectively. It is determined whether or not the above is satisfied. The connection determination unit 260b registers “1” in each determination result of the determination result table 118 when the condition is satisfied, and registers “0” when the condition is not satisfied.

  In addition, the connection determination unit 260b compares the number of persons and possession qualifications of the connection request table 213 with the number of persons condition and possession qualification conditions of the determination policy 212, respectively, and determines whether the condition is satisfied. The connection determination unit 160b registers “1” in each determination result of the determination result table 118 when the condition is satisfied, and registers “0” when the condition is not satisfied.

  Next, processing in which the connection determination unit 260b determines the network connection level will be described. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, and determines the network connection level based on the comparison result. Here, various determination criteria for determining the network connection level are assumed. Here, the first to fourth determination criteria will be described as an example. The connection determination unit 260b may specify the network connection level using any of the following first to fourth determination criteria.

  The “first determination criterion” will be described. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, and when all the determination results match, the connection determination information in the determination result table 118 is used as it is in the final determination. Store in the result table 215. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100. Here, all the determination results coincide with each other when the configuration information match level determination result, the freshness level determination result, the collation level determination result, the number of people determination result, the possession qualification determination result, the determination result table 214 for confirmation, and the determination result This means that the table 118 matches.

  In contrast, the connection determination unit 260b transmits an error to the mobile terminal 100 when all the determination results do not match.

  The “second determination criterion” will be described. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, and when all the determination results match, the connection determination unit 260b stores the determination result table 118 in the same manner as the first determination criterion. Information on whether or not connection is possible is stored in the final determination result table 215 as it is. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  On the other hand, when all the determination results do not match, the connection determination unit 260b generates the final determination result table 215 by giving priority to “impossible” of connection possibility. FIG. 33 is a diagram for explaining the second determination criterion. In the example shown in FIG. 33, the connection failure of the network connection level “wireless LAN router log” in the determination result table 118 is “impossible”. For this reason, the connection determination unit 260b sets the connection prohibition of the network connection level “wireless LAN router log” in the final determination result table 215 to “not possible”.

  In the example shown in FIG. 33, “impossible” indicates that the connection cannot be made at the network connection level “refer to the setting value of the wireless LAN router (high security)” in the determination result table 214 for confirmation. For this reason, the connection determination unit 260b sets the connection prohibition of the network connection level “refer to the setting value of the wireless LAN router (high security)” in the final determination result table 215 to “impossible”. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  The “third determination criterion” will be described. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, and when all the determination results match, the connection determination unit 260b stores the determination result table 118 in the same manner as the first determination criterion. Information on whether or not connection is possible is stored in the final determination result table 215 as it is. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  On the other hand, if all the determination results do not match, the connection determination unit 260b sets the network connection level permitted in the determination result table 118 in the final determination result table 215. FIG. 34 is a diagram for explaining the third determination criterion. In the example shown in FIG. 34, the connection determination unit 260b sets the network connection level “refer to the setting value of the wireless LAN router (high security)” that is “permitted” in the determination result table 118 to “impossible”, The connection level lowered is set in the final determination result table 215. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  The “fourth determination criterion” will be described. The connection determination unit 260b compares the determination result table 214 for confirmation with the determination result table 118, and when all the determination results match, the connection determination unit 260b stores the determination result table 118 in the same manner as the first determination criterion. Information on whether or not connection is possible is stored in the final determination result table 215 as it is. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  On the other hand, if all the determination results do not match, the connection determination unit 260b generates the final determination result table 215 based on a predetermined policy that determines the final determination result. For example, one of the connection availability corresponding to each network connection level may correspond to the connection availability in the confirmation determination result table 214, and the other may correspond to the connection availability in the determination result table 118. The connection determination unit 260b transmits information of the final determination result table 215 to the mobile terminal 100.

  By the way, the connection determination unit 260b, before or after determining the network connection level, the configuration information 31a, 110a, the connection permission list 110b included in the connection request, the configuration information 31a, 210a of the wireless LAN router 200, and the connection permission list 210b. And compare.

  The connection determination unit 260b determines whether or not the configuration information 31a included in the connection request matches the configuration information 31a in the storage unit 210. The connection determination unit 260b determines whether the configuration information 110a matches the connection permission list 210b. Further, the connection determination unit 260b determines whether or not the connection permission list 110b matches the configuration information 210a. The connection determination unit 260b notifies the mobile terminal 100 of the network connection level when all pieces of information match. In addition, the connection determination part 260b notifies an error to the mobile terminal 100, when all information does not correspond.

  Since the connection permission list 210b is encrypted with the public key of the mobile terminal 100, the connection determination unit 260b transmits the request to the mobile terminal 100 of the connection permission list 210b, requests decryption, and connects after decryption. The permission list 210b is compared with the configuration information 110b. Alternatively, the connection determination unit 260b may transmit the connection permission list 210b and the configuration information 110b included in the connection request to the mobile terminal 100 to make a determination request as to whether or not they match.

  After notifying the mobile terminal 100 of the network connection level, the connection determination unit 260b performs communication control based on the network connection level within the range allowed by the corresponding policy 210c.

  Next, the configuration of the ISP 300 according to the present embodiment will be described. FIG. 35 is a functional block diagram showing the configuration of the ISP according to the present embodiment. As illustrated in FIG. 35, the ISP 300 includes a storage unit 310, a communication unit 320, an input unit 330, a display unit 340, an interface unit 350, and a control unit 360.

  The communication unit 320 is a processing unit that performs data communication with the certificate authority 20, the mobile terminal 100, and the wireless LAN router 200, for example. A control unit 360 described later exchanges data with the certificate authority 20, the mobile terminal 100, and the wireless LAN router 200 via the communication unit 320.

  The input unit 330 is an input device that inputs various types of information to the ISP 300. For example, the input unit 330 corresponds to a keyboard, a mouse, a touch panel, or the like. The display unit 340 is a display device that displays various types of information output from the control unit 360. For example, the display unit 340 corresponds to a liquid crystal display, a touch panel, or the like. The interface unit 350 is an interface connected to various external devices.

  The storage unit 310 is a storage device that stores the leveling policy 310a. For example, the storage unit 310 corresponds to a storage device such as a semiconductor memory element such as a RAM, a ROM, or a flash memory.

  The leveling policy 310a is data used when calculating the matching level for specifying the network connection level and the connection level. FIG. 36 is a diagram illustrating an example of the data structure of the leveling policy. As shown in FIG. 36, the leveling policy 310a holds configuration items and values in association with each other. Configuration items include configuration information items. Each piece of information of the configuration item is a hash value. The value is a value added to the degree of match. Configuration information items may be added as appropriate. Each value may be updated as appropriate.

  The control unit 360 includes a receiving unit 360a, a coincidence degree calculating unit 360b, and a transmitting unit 360c. The control unit 360 corresponds to an integrated device such as an ASIC or FPGA, for example. Moreover, the control part 360 respond | corresponds to electronic circuits, such as CPU and MPU, for example.

  The receiving unit 360 a is a processing unit that receives the configuration information report from the IC card 30, receives the configuration information report from the mobile terminal 100, and receives the configuration information report from the wireless LAN router 200. The receiving unit 360a outputs each configuration information report to the coincidence degree calculating unit 360b.

  The matching degree calculation unit 360b calculates the configuration information matching degree of the IC card 30, the configuration information matching degree of the mobile terminal 100, and the configuration information matching degree of the wireless LAN router 200 based on the configuration information report and the leveling policy 310a. Is a processing unit.

  An example of processing in which the degree-of-match calculation unit 360b calculates the degree of configuration information match of the mobile terminal 100 will be described. The degree-of-match calculation unit 360b obtains the configuration information 110a of the mobile terminal 100 by decrypting the configuration information report received from the mobile terminal 100 with the private key of the ISP 300.

  The degree-of-match calculation unit 360b compares the configuration information 110a with the configuration items of the leveling policy 310a, and identifies the configuration item that hits the leveling policy 310a. Then, the matching degree calculation unit 360b calculates the configuration information matching degree of the mobile terminal 100 by totaling the values of the hit configuration items.

  The degree-of-match calculation unit 360b encrypts the configuration information 110a and the information about the degree of match of the configuration information with the public key of the mobile terminal, and generates response information. The degree-of-match calculation unit 360b outputs the response information to the transmission unit 360c.

  An example of a process in which the matching level calculation unit 360b calculates the matching level of the wireless LAN router 200 will be described. The degree-of-match calculation unit 360b obtains the configuration information 210a of the wireless LAN router 200 by decrypting the configuration information report of the wireless LAN router 200 with the private key of the ISP 300.

  The degree-of-match calculation unit 360b compares the configuration information 210a with the configuration items of the leveling policy 310a, and identifies the configuration item that hits the leveling policy 310a. Then, the degree-of-match calculation unit 360b calculates the degree of configuration information match of the wireless LAN router 200 by summing up the values of the hit configuration items.

  The matching degree calculation unit 360b encrypts the configuration information 210a and the configuration information matching degree information with the public key of the wireless LAN router 200, and generates response information. The degree-of-match calculation unit 360b outputs the response information to the transmission unit 360c.

  An example of a process in which the matching level calculation unit 360b calculates the matching level of the IC card 30 will be described. The degree-of-match calculation unit 360b obtains the configuration information 31a of the IC card 30 by decrypting the configuration information report of the IC card 30 with the private key of the ISP 300.

  The degree-of-match calculation unit 360b compares the configuration information 31a with the configuration items of the leveling policy 310a, and identifies the configuration item that hits the leveling policy 310a. Then, the degree-of-match calculation unit 360b calculates the degree of configuration information match of the IC card 30 by summing the values of the hit configuration items.

  The transmission unit 360c is a processing unit that transmits each response information to the IC card 30, the mobile terminal 100, and the wireless LAN router 200, respectively. When the ISP 300 receives the configuration information report 100A from the mobile terminal 100a, the response information is transmitted to the mobile terminal 100a. When the ISP 300 receives the configuration information report from the wireless LAN router 200a, the response information is transmitted to the wireless LAN router 200a. Also, the response information of the IC card is transmitted to the IC card 30. The IC card 30 is connected to the mobile terminal 100 or the wireless LAN router 200.

  Next, the effect of the system according to the present embodiment will be described. When the mobile terminal 100 receives the approval of the configuration information collected by the TPM chip 105 from the ISP 300, the mobile terminal 100 passes the registration table 111 and the determination policy 112 to the wireless LAN router 200 using the IC card 30. Then, the wireless LAN router 200 receives a connection request via the network 50 and specifies the determination policy 212 corresponding to the registration identification information notified from the mobile terminal 100. The wireless LAN router 200 controls the connection between the mobile terminal 100 and the wireless LAN router 200 via the network based on the specified determination policy 212 and each configuration information acquired via the network. As a result, communication control can be performed at a connection setting level corresponding to a maintenance worker who operates remotely.

  In addition, the wireless LAN router 200 of this system receives the network connection level based on the maintenance worker characteristics and determination policy 112 from the mobile terminal 100, and the wireless LAN router 200 itself also has the maintenance worker characteristics and determination policy 212. Based on this, the network connection level is determined. The wireless LAN router 200 and the mobile terminal 100 execute data communication according to the mutual network connection level. As a result, communication control can be performed at a connection setting level corresponding to a maintenance worker who operates remotely. Further, since the wireless LAN router 200 itself determines the network connection level, it can be confirmed whether or not the determination policy exchanged using the IC card 30 is used at the stage of connection preparation.

  Further, the wireless LAN router 200 of this system uses a plurality of determination criteria according to the comparison result between the network connection level determined by itself and the network connection level acquired from the mobile terminal 100. For this reason, for example, even when some network connection levels are different, communication can be permitted or rejected, and it is possible to respond flexibly.

  In addition, the wireless LAN router 200 of this system stores a hash value of registration identification information, which is identification information of a maintenance worker at the time of registration, and a determination policy in association with each other at the stage of connection preparation. When the mobile terminal 100 authenticates the maintenance worker, the mobile terminal 100 notifies the wireless LAN router 200 of the hash value of the registered identification information instead of the identification information at the time of authentication. For this reason, the wireless LAN router 200 can appropriately select the determination policy 212 for determining the network connection level.

  In addition, the wireless LAN router 200 and the mobile terminal 100 of this system specify the network connection level based on the collation level, freshness level, qualification, etc. of the maintenance worker. Therefore, the network connection level can be adjusted according to the characteristics of the maintenance worker.

  By the way, in this embodiment, as an example, the IC card 30 is used to exchange configuration information, a registration table 111, a determination policy 112, and the like between the mobile terminal 100a and the wireless LAN router 200a, and the mobile terminal 100a and the wireless LAN router. Although the case where it connects with 200a was demonstrated, it is not limited to this. For example, configuration information is exchanged between the mobile terminal 100b and the wireless LAN router 200a using the same IC card 30 or another IC card, and the wireless LAN router 200a communicates with the mobile terminal 100a and the mobile terminal 100a. A secure connection can also be established with the terminal 100b. Further, configuration information, a registration table 111, a determination policy 112, and the like may be exchanged between the mobile terminal 100a and the wireless LAN router 200a using a short-distance network such as a LAN.

  In this embodiment, the mobile terminal 100 and the wireless LAN router 200 are used as an example of the electronic device connected via the network 50. However, the electronic device to which the present invention can be applied is not limited to this. . For example, the electronic device to which the present invention can be applied may be any electronic device as long as it is an electronic device connected to a network. For example, it may be a server, a printer, a network device, an external storage, a mobile phone, a smartphone, a refrigerator, a washing machine, a television, a stereo component, a medical device, a machine tool, or the like.

  The connection setting unit 260a illustrated in FIG. 25 is an example of a first acquisition unit and a notification unit. The connection determination unit 260b is an example of a second acquisition unit and a control unit. Note that the configuration information may include a name, a unique ID, and the like.

50 Network 100a, 100b Mobile terminal 200a, 200b Wireless LAN router 300 ISP

Claims (5)

The first electronic device is uniquely collected by the first configuration information of the first electronic device collected by the tamper-resistant chip mounted on the first electronic device and approved by the third party device, and the user. Notification of user identification information to be identified and a policy defining a connection level of communication between the first electronic device and the second electronic device via the network to the second electronic device via the network or a portable medium And
The second electronic device acquires the first configuration information, the user identification information, and the policy, stores the user identification information and the policy, and stores the first configuration information as the first configuration information. Store as connection permission list,
The second electronic device collects the second configuration information of the second electronic device collected by a tamper-resistant chip mounted on the second electronic device and approved by a third party device on a network or portable Notifying the first electronic device via a medium;
The first electronic device acquires the second configuration information, stores the acquired second configuration information as a second connection permission list,
The first electronic device transmits user identification information input from a user, first configuration information at the time when the user identification information is input, and the second connection permission list via the network. 2 Send to electronic equipment,
When the second electronic device stores user identification information corresponding to the user identification information received via the network, the first configuration information and the second connection permission acquired via the network The comparison result between the list set, the first connection permission list and the second configuration information set, and the connection level of the first electronic device and the connection level of the second electronic device with respect to the policy of the user identification information A network connection method for executing each process for controlling connection between the first electronic device and the second electronic device via a network based on a network connection level according to the network. The first electronic device further transmits a characteristic parameter and a first connection level specified based on the policy and the characteristic parameter to the second electronic device via a network;
The second electronic device identifies a second connection level based on the characteristic parameter and the policy;
A first control for rejecting a connection between the first electronic device and the second electronic device via a network when the second connection level is different from the second connection level;
When the second connection level is different from the first connection level, the second electronic device specifies different control contents between the first connection level and the second connection level, and A second control that generates a third connection level that does not allow processing, and that connects the first electronic device and the second electronic device via the network based on the third connection level;
The second electronic device has a plurality of connections for rejecting connection between the first electronic device and the second electronic device via the network when the first connection level is different from the second connection level. A third control that allows connection at a connection level other than high security, and connects the first electronic device and the second electronic device via a network;
When the first connection level and the second connection level are different, the second electronic device has the first electronic device and the second electronic device via a network based on another policy different from the policy. 2. The network connection method according to claim 1, wherein one of the fourth controls for performing connection with the first control is executed. The first electronic device converts user identification information input from a user into a hash value and registers the second electronic device via a network or a portable medium with the hash value as user identification information. Notify
The first electronic device has the hash value, the first configuration information at the time when the user identification information is input, and the first configuration information when the user authentication is successful for the user identification information input by the user. 3. The network connection method according to claim 2, wherein the second connection permission list is transmitted to the second electronic device via a network.   The first electronic device is a first electronic device that is notified by a third party device of the degree of matching between user identification information input from a user and user identification information registered in advance in the first electronic device. The degree of coincidence, the elapsed date and time from the date and time when the user identification information registered in advance to the first electronic device is registered to the date and time when the user identification information input from the user is registered, and the qualifications the user has 3. The network connection method according to claim 2, wherein any one or a plurality of the plurality of parameters is transmitted as a characteristic parameter to the second electronic device. First configuration information of the other electronic device collected by a tamper-resistant chip mounted on another electronic device and approved by a third party device; user identification information for uniquely identifying the user; Obtaining a policy defining a connection level of communication between the other electronic device and the electronic device via the network via the network or a portable medium, and storing the user identification information and the policy A first acquisition unit that stores the first configuration information as a first connection permission list;
Second configuration information of the electronic device collected by a tamper-resistant chip mounted on the electronic device and approved by a third party device is transferred to the other electronic device via a network or a portable medium. A notification unit that stores the second configuration information as a second connection permission list in the other electronic device by notifying;
From the other electronic apparatus, acquired the user identification information entered by the user, the first configuration information at the time when the user identification information is input, and said second connection permission list via the network and the second acquisition unit you,
When storing the user identification information corresponding to the user identification information acquired by the second acquisition unit, a set of the first configuration information and the second connection permission list acquired via the network; The comparison result between the first connection permission list and the second configuration information set, and the connection level of the electronic device and the network connection level corresponding to the connection level of other electronic devices with respect to the policy of the user identification information An electronic device comprising: a control unit that controls connection between another electronic device and its own electronic device via a network.

Images