JPH11275661A - Radio terminal security system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent confidential communication from being monitored or interfered by an unlawful user by making radio terminal equipment incapable of being used, when the terminal equipment is stolen. SOLUTION: An ID characteristic to an electronic key 6 is stored in the key 6. An input-output processing section 5 which reads out the ID of the key 6 and a processing section 4 which stores the ID peculiar to the key 6, computes the combination of the IDs of the key 6 and radio terminal equipment, and stores the combination value are provided to the radio terminal equipment. The central processor of the processing section 4 computes the combination of the IDs of the key 6 and terminal equipment and stores the combination in a storage device as an electronic canceling mark. When the electronic key 6 is different from the last used electronic key, the terminal equipment is made usable by accepting the confirmed results as being 'OK', and when the electronic key is the same as the last used key, the terminal equipment is made unusable by rejecting the confirmed results as 'Unacceptable'. Since the radio terminal equipment ca be used by only using an electronic key which is different from the last used electronic key, the terminal equipment becomes incapable of being used until the different electronic key is used and the leakage of a confidentialities or interferences can be prevented.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a wireless terminal security system including an electronic key and a wireless terminal, and more particularly, to a wireless communication system in which continuous use of the same electronic key is prohibited to enhance security against loss or theft. The present invention relates to a terminal device security system.

[0002]

2. Description of the Related Art A conventional radio base station 12 as shown in FIG.
When some kind of secret communication is required in the wireless communication system including the wireless terminal 13 and the wireless terminal 13, the communication message is encrypted using an encryption key recorded in the wireless terminal 13 in advance, and the encrypted communication is performed. FIG. 7 shows a block diagram of the internal configuration of the wireless terminal 13. In FIG. 7, wireless communication with the base station 12 is performed by the antenna 1 and the wireless unit 2, and the communication control unit 3
To perform the protocol processing, and the processing section 4 performs overall management. The wireless terminal 13 does not use any electronic or mechanical key other than the encryption key. In such a wireless terminal, when the wireless terminal is lost or stolen, there is a possibility that secret communication may be intercepted or communication may be interrupted. In order to avoid such a situation, a key is provided to a wireless terminal. For example, in the case of a railway protection radio device mounted on a train or a police radio device mounted on a police car, if a radio device is operated by anyone other than those involved, the effect is large, so a mechanical key or an electronic key must be used. It can be operated only by using a key.

FIG. 8 shows an example in which an electronic key 19 is provided in the wireless terminal 13. The key 19 is inserted into the wireless device 20, the data of the key 19 is read by the input / output device 22, the central control device 23 compares the data with the data in the nonvolatile storage device 24, and if they match, the wireless device 20 is used. can do. This way, the key
If you do not use 19, you can neither receive nor transmit, so even if you lose the wireless device, secret communication will not be intercepted. FIG.
Is an example of a wireless device in which a central processing unit 23 is provided also in the part of the key 19, complicates key data, makes it impossible to forge the key, and enhances security.

[0004]

In the above conventional example, the radio operates when the key data matches the data stored in the radio, and a general key is applied to the radio. It was done. In such a wireless device, if both the key and the wireless device are stolen, theft of the wireless device cannot be prevented. If the wireless terminal device is stolen by an unauthorized user, there is a risk that the contents of the secret communication may be easily intercepted or malicious information may be transmitted.

[0005] The present invention solves the above-mentioned conventional problems, and even if the wireless terminal device and one key are stolen at the same time, the wireless terminal device cannot be used and secrets can be released to an unauthorized user.
It is an object of the present invention to realize a wireless terminal security system that can prevent interference.

[0006]

In order to solve the above-mentioned problems, the present invention provides a wireless terminal security system which stores a key ID unique to an electronic key and reads out the ID of the electronic key to a wireless terminal device. Means for storing a unique terminal ID, means for calculating a value of a combination of a key ID and a terminal ID,
Means for storing the value of the combination, means for comparing the value of the previous combination with the value of the current combination, and means for making the authentication OK only when the comparison result does not match are provided.

[0007] With this configuration, even if one electronic key and the wireless terminal device are stolen together, if the same electronic key is used continuously, the authentication becomes NG and the wireless terminal device can be used. Thus, it is possible to prevent an unauthorized user from intercepting or obstructing the confidential communication when the wireless terminal device is stolen.

[0008]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS According to a first aspect of the present invention, in a wireless terminal security system comprising a plurality of electronic keys and a wireless terminal device, the electronic key is a storage device for storing an ID unique to the key. Wherein the wireless terminal device comprises:
Means for reading the ID of the electronic key, and ID of the electronic key
Calculating means for obtaining a key value by a predetermined function from a storage means for storing the key value; comparing means for comparing the key value stored in the storage means with the key value obtained this time; A wireless terminal security system comprising: a means for rejecting authentication if it indicates that it has passed the authentication only if it indicates a match, and a means for disabling the wireless terminal device until a different electronic key is used and the authentication is passed. Yes,
This has the effect of making the authentication OK only with an electronic key different from the last used electronic key.

According to a second aspect of the present invention, in the wireless terminal security system including a plurality of electronic keys and a wireless terminal device, the electronic key includes a storage device for storing a unique ID of the key. The wireless terminal device includes a unit that reads the ID of the electronic key, a storage unit that stores an ID unique to the terminal, a calculation unit that calculates a combination value from the two types of IDs, and a storage that stores the combination value. Means,
Comparing means for comparing the value of the previous combination with the value of the current combination; means for passing the authentication only when the comparing means shows a mismatch; means for failing the authentication when the comparing means shows a match And a means for disabling use of the wireless terminal device until a different electronic key is used and the authentication is successful.
Authentication is OK by comparing the combination value calculated from D and the terminal ID.
By doing so, there is an effect that the tamper resistance of the wireless device that can be used only by an electronic key different from the electronic key used last is further improved.

Hereinafter, an embodiment of the present invention will be described with reference to FIG.
This will be described in detail with reference to FIG.

(Embodiment) In an embodiment of the present invention, an ID unique to a key is stored in an electronic key, an ID unique to a terminal is stored in a wireless terminal device, an ID of an electronic key is read, and an ID unique to a terminal is read. The hash value of the ID and the ID of the electronic key is calculated, the previously stored hash value is compared with the current hash value, and if the comparison result does not match, authentication is OK and the wireless terminal device can be used. In this wireless terminal security system, if the same electronic key as the last used electronic key is used, the authentication becomes NG and the wireless terminal device cannot be used until a different electronic key is used.

FIG. 1 is a block diagram showing a configuration of a wireless terminal security system according to an embodiment of the present invention. In FIG. 1, an antenna 1 and a radio unit 2 are means for performing wireless communication with a base station, a communication control unit 3 is a unit for performing a protocol process, and a processing unit 4 is a unit for performing overall management. . The input / output processing unit 5 is a means for exchanging information with the electronic key 6. The electronic key 6 may be of any type as long as it can store digital data, such as a magnetic card, IC card, or optical card.

FIG. 2 is a block diagram showing the processing unit 4, the input / output processing unit 5, and the electronic key 6 in FIG. 1 in more detail. In FIG. 2, the central processing unit 7 of the processing unit 4 accesses the storage device, reads out the terminal ID 8 and the electronic postmark 9, and writes and updates the calculated electronic postmark 9. The terminal ID 8 is identification data having a value unique to each wireless terminal, and is stored in a read-only storage device. The electronic postmark 9 is data used at the time of authentication, and is stored in a readable and writable nonvolatile storage device.

Hereinafter, the functions of the wireless terminal security system according to the embodiment of the present invention will be described with reference to FIGS. The key ID reading device 10 detects the insertion of the electronic key 6, reads the unique key ID 11 recorded in the electronic key 6, and notifies the central processing unit 7. Central processing unit 7
After confirming that the key ID 11 is a correct key ID satisfying a predetermined condition, calculates the electronic postmark 9 from the terminal ID 8 and the key ID 11 using a one-way hash function. Due to the property of the hash function, the same electronic postmark 9 can be obtained from the same combination of the terminal ID 8 and the key ID 11. If the number of digits of the hash function is set to be appropriately large, the same postmark will not be generated with a combination of different IDs. Thus, it is determined whether or not the same key is continuously inserted, and if the same key is used, the power is turned off to prevent unauthorized use of the wireless terminal.

FIG. 3 is a flowchart showing the operation of the central processing unit 7. The operation of the central processing unit 7 will be described in detail with reference to the flowchart of FIG. First, when the wireless terminal is used, the power is turned on (step A).
1). Next, it waits until the electronic key 6 is inserted into the key ID reading device 10 (step A2). Upon detecting the insertion of the electronic key 6, a new electronic postmark is calculated from the terminal ID 8 and the key ID 11 immediately (step A3). In order to determine whether it is the same as the key ID 11 used immediately before,
The electronic postmark 9 is read from the storage device (step A4).

The calculated electronic postmark is compared with the read electronic postmark 9 (step A5). As a result, in the case of a mismatch, the electronic postmark 9 is updated with the calculated electronic postmark. (Step A6). Finally, the process waits until the inserted electronic key 6 is removed (step A7). Electronic key 6
, The communication can be started.

If the comparison results of the electronic postmark match,
It is determined that the same key has been used successively, and power-off processing is performed (step A8). When the key is inserted, the red lamp is turned on, and when the authentication is successful, the communication is changed to a green lamp to indicate that communication is possible. Alternatively, in the case of authentication NG, it may be notified by a sound such as a buzzer. Alternatively, when the authentication has failed for a certain number of times or more, the base station may be notified.

FIG. 4 is a state transition diagram showing the operation of the wireless terminal security system according to the present embodiment. Here, for simplicity, the number of keys is two (α and β). State 0 is an initial state at the time of shipment, in which the electronic postmark is invalid and the power is not turned on. State 1 is a state in which the key has never been inserted, the electronic postmark is invalid, and the power is turned on. State 2 is a state in which the authentication has been successfully performed with the key α. In the state 3, the authentication is successfully performed with the key β. State 4
Is a state in which the authentication with the key α has failed. State 5 is a state in which authentication with the key β has failed.

First, starting from state 0, the state immediately transitions to state 1 when the power is turned on, and waits for authentication with a key.
Next, when the authentication is attempted by inserting the key α, the state transits to the state 2 in the state transition diagram, and the operation always becomes normal at first. In this state 2, if the key β is used at the time of the next authentication, the authentication is successful, and the state transits to the state 3 (normal state). On the other hand, if the key α is used again in the state 2, the authentication fails, and the state transits to the state 4 (abnormal state). In this state 4,
The state transits to the state 3 by using the key β, and returns to the normal state.

On the other hand, even if the key α is used again in the state 4, the state returns to the original state (abnormal state). A similar transition occurs when an attempt is made to authenticate with key β in state 1. As described above, if authentication is continuously attempted with the same key, the operation stops there. Thus, even if one of the keys is stolen, the operation can be reliably stopped.

In the above-described embodiment, an example has been described in which two keys, keys α and β, are used. However, the same applies when three or more keys are used. When many keys are used, the state transition diagram shows that a normal state and abnormal state
It only increases one by one, and the number of transition branches only increases correspondingly. As the number of keys increases, there is no need to change hardware and software.

In this embodiment, a one-way hash function is used to calculate the value of the combination of the key ID and the terminal ID. However, the value of the combination can be easily calculated with other types of functions. The inverse operation may be any one-way function that is almost impossible. By calculating the electronic postmark using a one-way function, disassemble the wireless terminal and change the ID,
It becomes difficult to modify the wireless terminal so that the wireless terminal can be used without one key or without the key, and the tamper resistance is improved.
In addition, by calculating the electronic postmark using the ID unique to the wireless terminal, the electronic postmark differs for each wireless terminal, making it difficult for all wireless terminals to find a common attack method, thereby increasing security. . It is not appropriate to calculate a combination value using a number common to all terminals without using the wireless terminal ID, or to authenticate by comparing with the previous key ID because security is reduced.

FIG. 5 is a modification of the wireless terminal security system of the present embodiment. The electronic postmark 17 is stored in the storage device of the electronic key 6. There is no particular difference except that reading and writing of the electronic postmark 17 are performed via the key ID reading device 16.

Although the present embodiment has been described by taking as an example a device having a transmission / reception function as a wireless device, the present invention can be applied to a reception-only radio device and a transmission-only radio device, and has the same effect. It is. Further, the present invention is not limited to a wireless device communicating via a base station, and can be applied to a wireless device performing direct communication without a base station.

As described above, in the embodiment of the present invention,
An electronic key having means for storing a unique ID, a means for reading an ID of an electronic key, a means for storing a unique ID, a means for calculating a hash value thereof, and a means for storing a hash value And a wireless terminal device having hash value comparison means, so that the wireless terminal device can be used only when the electronic key is different from the last used electronic key, and the same electronic key was used. In that case, the wireless terminal device can not be used,
Even if the wireless terminal device is stolen with the key, eavesdropping and interference can be prevented.

[0026]

As described above, according to the present invention, the wireless terminal security system includes an electronic key having means for storing a unique ID, a means for reading the ID of the electronic key, and a unique I / O.
D, a means for calculating a combination of two IDs, a means for storing the value of the combination, and a wireless terminal device having a comparing means, so that the same electronic key as the last used electronic key Is used as an authentication NG when the wireless terminal is used, the wireless terminal device cannot be used until a different electronic key is used, and even if the wireless terminal is stolen together with the key, the wireless terminal device cannot be used. Is obtained.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a wireless terminal device according to an embodiment of the present invention;

FIG. 2 is a block diagram showing details of an internal configuration of the wireless terminal device according to the embodiment of the present invention;

FIG. 3 is a flowchart showing an operation of the wireless terminal device according to the embodiment of the present invention;

FIG. 4 is a state transition diagram showing an operation of the wireless terminal device according to the embodiment of the present invention;

FIG. 5 is a block diagram showing a modification of the wireless terminal device according to the embodiment of the present invention;

FIG. 6 is a schematic diagram showing a configuration of a wireless communication system.

FIG. 7 is a block diagram showing a configuration of a conventional wireless terminal device.

FIG. 8 is a block diagram showing details of the internal configuration of a conventional wireless terminal device;

FIG. 9 is a block diagram showing details of an internal configuration of a conventional wireless terminal device.

[Explanation of symbols]

 Reference Signs List 1 antenna 2 radio unit 3 communication control unit 4 processing unit 5 input / output processing unit 6 electronic key 7 central processing unit 8 terminal ID 9 electronic postmark 10 key ID reading device 11 key ID 12 wireless base station 13 wireless terminal 14 central processing unit 15 Terminal ID 16 Key ID reading device 17 Electronic postmark 18 Key ID 19 Key 20 Radio 21 Operation unit 22 Input / output device 23 Central processing unit 24 Non-volatile storage device 25 Read-only storage device

Claims (2)

[Claims] 1. A wireless terminal security system comprising a plurality of electronic keys and a wireless terminal device, wherein the electronic key includes a storage device for storing an ID unique to the key, and wherein the wireless terminal device has an ID of the electronic key. Means for reading a key value, an operation means for obtaining a key value from the ID of the electronic key by a predetermined function, a storage means for storing the key value, and a comparison between the key value stored in the storage means and the key value obtained this time. Means of comparison;
The comparison means comprises means for accepting authentication only when indicating a mismatch and means for rejecting authentication when indicating a match, and means for disabling the wireless terminal device until a different electronic key is used and authentication is passed. Wireless terminal security system. 2. A wireless terminal security system comprising a plurality of electronic keys and a wireless terminal device, wherein the electronic key includes a storage device for storing an ID unique to the key, and wherein the wireless terminal device has an ID of the electronic key. Reading means, a storage means for storing an ID unique to the terminal, a calculating means for calculating a combination value from the two kinds of IDs, a storage means for storing the value of the combination, Comparing means for comparing the values of combinations of the above, means for authenticating only when the comparing means indicates a mismatch, and means for rejecting the authentication when indicating a match. Means for disabling the use of the terminal device.