WO2002095593A1 - Electronic information protection system in communication terminal device - Google Patents

Electronic information protection system in communication terminal device Download PDF

Info

Publication number
WO2002095593A1
WO2002095593A1 PCT/JP2002/004997 JP0204997W WO02095593A1 WO 2002095593 A1 WO2002095593 A1 WO 2002095593A1 JP 0204997 W JP0204997 W JP 0204997W WO 02095593 A1 WO02095593 A1 WO 02095593A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic information
electronic
information
storage device
protection system
Prior art date
Application number
PCT/JP2002/004997
Other languages
French (fr)
Japanese (ja)
Inventor
Yutaka Yasukura
Original Assignee
Yutaka Yasukura
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yutaka Yasukura filed Critical Yutaka Yasukura
Publication of WO2002095593A1 publication Critical patent/WO2002095593A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Definitions

  • the present invention relates to a communication terminal device having a personal authentication function in a transaction and a function to prevent information leakage in the event of loss, and more particularly to an electronic information protection system that can be used for settlement via a portable telephone.
  • Japanese Patent Application Laid-Open No. H10-3336345 states that, when trying to receive a service from a commercial provider, a sender authentication method using an account code and password obtains information by some other means.
  • a method of authenticating a sender with a higher security level by physically confirming and authenticating the information terminal device itself that has requested communication access. .
  • the disclosure method is based on the caller's telephone number of the actual telephone means used with the information terminal device, and one individual physically accesses the information terminal device for personal use, especially a portable information terminal device such as a PDA. It can greatly improve the security level of caller authentication when used exclusively.
  • the disclosed method merely authenticates the portable information terminal device itself, it cannot prevent unauthorized use of the appropriate terminal device by others. For this reason, it cannot be applied to communication access with financial institutions, etc., which require particularly high reliability.
  • the portable information terminal device can store a lot of information such as address book, memo pad, authentication information, ID number, electronic money, medical information, and data equivalent to the official seal. As a result, if the terminal device is lost or stolen, confidential information will be leaked to others. Disclosure of the invention
  • an object of the present invention is to provide an electronic information protection system capable of performing user authentication with a higher security-level in transactions via a digital information communication network.
  • the purpose is to provide an electronic information protection system that prevents information leakage.
  • An electronic information protection system uses a communication terminal device which is connected to a detachable external storage device to exchange electronic information and has an internal storage device.
  • the communication terminal device has an electronic tally means.
  • the target electronic information is physically divided into two electronic information blocks by the electronic tally means, the first electronic information block is stored in the internal storage device, and the second electronic information block is stored in the external storage device. It is characterized by storing.
  • the electronic tally means means that one piece of electronic information is divided into two or more pieces and shared at two or more places, and when necessary, the divided pieces of electronic information are united into the original electronic information. The one that restores information.
  • the divided electronic information is difficult to guess the content by itself.
  • the authentication information can be restored and the communication terminal itself can be authenticated only after the external storage device is set in the communication terminal device, so that the owner can transfer the communication terminal device and the external storage device. If managed separately, communication terminal equipment cannot be authenticated unless it is a valid contractor. Therefore, more secure caller authentication can be performed as compared with a caller authentication method using an account code and a passcode or a method of authenticating only by physically confirming the communication terminal device itself.
  • a personal identification number provided by a financial institution or the like is physically divided, and one is stored in an internal storage device of a communication terminal device, and the other is stored in an external storage device. , Split and hold, and the first time an external storage device is If it is set in a communication terminal device and integrated and determined, it is possible to conduct transactions safely through a digital information communication network.
  • the electronic tally means divides the original electronic information into a plurality of electronic information elements, distributes the divided electronic information elements to the first electronic information block and the second electronic information block, and within each electronic information block. It is preferable to change the order of the electronic information element, generate restoration information that records the procedures of division and order change, and include all or one of the divided information in each electronic information block. Further, the electronic tally means restores the original electronic information by integrating the electronic information blocks based on the restored information.
  • the electronic tally means newly decides a method of dividing and allocating electronic information when the use of the communication terminal device is finished, and converts it into electronic tally.
  • the shape of the half of the electronic information stored in the storage device changes, so that it is almost impossible to steal secret information even if it is intended by another person.
  • an electronic computer or the like connected to the electronic information communication network can be used.
  • a mobile information terminal device such as a mobile phone or a personal 'digital' assist (PDA) can be used.
  • PDA personal 'digital' assist
  • any electronic information stored in the communication terminal can be converted into electronic tally and used for secure electronic payment, especially by storing authentication information separately. be able to.
  • the present invention further deposits the first electronic information block stored in the internal storage device with the information depository connected to the communication terminal device, acquires the first electronic information block deposited from the information depository as needed, and obtains the original electronic information block. It can be restored in the internal storage device of another communication device or the internal storage device of another communication terminal device. Due to the function of the electronic tallying method, an external information depository such as a database center It is possible to prevent the content of information from being inferred from the electronic information block.
  • the communication terminal device such as a mobile phone
  • the communication terminal device such as a mobile phone
  • the phone Since the original electronic information can be restored, there is no need to verify the identity again and reissue an authentication number.
  • the information stored in the communication terminal equipment is often stored and stored in a very large amount, and it is not easy to restore the equipment when it is newly installed.However, by depositing the information with an information depository, Various electronic information previously stored can be easily restored.
  • the second electronic information block may be deposited with the information depository that deposited the first electronic information block.
  • the electronic information is divided into three or more electronic information blocks by electronic tally means, the first electronic information block is stored in the internal storage device, the second electronic information block is stored in the external storage device, and the third and subsequent electronic information blocks are stored.
  • This electronic information block can be stored in another external storage device.
  • the third and subsequent electronic information blocks may be stored in one or more information depository organizations.
  • FIG. 1 is a perspective view of a communication terminal device to which an embodiment of an electronic information protection system according to the present invention is applied
  • FIG. 2 is a block diagram of the configuration of a communication terminal device main body
  • FIG. 3 is an electronic tally in this embodiment
  • FIG. 4 is a block diagram showing the configuration of an embodiment of the electronic information protection system of the present invention.
  • the electronic information protection system according to the present embodiment is applied to a case where transactions are performed via an Internet communication network.
  • the bank issues an ID code individually to a mobile phone owned by a customer, divides the provided ID code into a telephone body and an external storage device, and This is a security method in which the transaction cannot be communicated with the bank unless the transaction is merged, so that the transaction is assumed to be by the customer.
  • the communication terminal device used in the present embodiment is a mobile phone. As shown in FIG. 1, the mobile phone 1 includes a main body 10 and an external storage device 30.
  • the external storage device 30 makes it possible to read and write a relatively large amount of electronic information safely using the data processing capability of the IC card.
  • the mobile phone body 10 has a display 11 for displaying the phone numbers of incoming and outgoing calls and character image data to be communicated, a keyboard 12 for inputting phone numbers, character information or operation instructions 12, a microphone 13 and a speed 1 4. Antenna 15 and card slot 16 for exchanging data with external storage device 30.
  • a CPU 20 As shown in the block diagram of FIG. 2, a CPU 20, a ROM 21 for storing programs, a rewritable RAM 22 for storing electronic information, and a telephone, as shown in the block diagram of FIG. Unit 23, a card reader / writer 17 provided at the back of the card entry 16 for exchanging electronic information with an external storage IC card.
  • the internal circuit device is driven and controlled using the RAM 22 and the electronic information stored in the external storage device 30.
  • the microphone 13, the speaker 14, and the antenna 15 are connected to the telephone unit 23. It performs communication control such as outgoing call, incoming call detection, transmission and reception.
  • the mobile phone 1 uses the electronic tally program stored in the R ⁇ M 21 to divide the electronic information used for telephone operations or electronic commerce and distribute it to the telephone main body 10 and the IC card 30. Can be stored.
  • the part forming the electronic tally of the electronic tally program divides the original electronic information 41 into an arbitrary number of child information elements 42 as shown in FIG.
  • the divided electronic information elements are divided into two blocks as appropriate, rearranged appropriately, and electronic information blocks 43, 44 are made so that the content of the information cannot be estimated as it is.
  • the electronic information block formed in this way is called an electronic tally, and the procedure for forming the electronic tally is called electronic tallying.
  • the electronic information tallies A and B which are the formed electronic information blocks 43 and 44, are stored separately in the RAM 22 of the mobile phone main body 10 and the memory of the external storage device (IC card) 30.
  • the division position of the electronic information is physically determined irrespective of the division of the content. This is because, for example, in the case of connecting pieces that are cut in bit units, it is difficult to grasp even local information contents.
  • the information on the position divided into the electronic information elements and the information on the procedure of distributing and rearranging the electronic information elements are attached as header information Ha and Hb of electronic tally A and B, respectively.
  • the split position information and the distribution rearrangement information may also be divided into tally in the same procedure as when the original electronic information was allocated to the electronic information block, and distributed to each. .
  • the bank authenticates the customer, and then sends the ID code to the mobile phone 1 that the customer intends to use.
  • the telephone 1 receives the ID code and performs an electronic tallying process to form two electronic tallies A and B.
  • One of the electronic tallies A is stored in the RAM 22 of the telephone main body 10, and the other is.
  • the electronic tally B is transmitted to the IC card 30 via the card reader / writer 17 and stored therein.
  • the customer always removes and holds the IC card 30 from the mobile phone body 10 and inserts the IC card 30 into the card slot 16 when making a transaction with a bank, and the contents are transferred via the card reader / writer 17. And merge it with the contents of R AM 21, Operate telephone 1.
  • the mobile phone 1 uses the RAM 22 and the electronic tally A and B stored in the external storage device 30. To restore the ID code and send the restored ID code to the bank.
  • the bank verifies the identity by comparing the stored ID code information with the received ID code, and if successful, opens a transaction account and accepts the transaction details.
  • the electronic information can be restored by dividing the electronic tallies A and B into electronic information Eleanon by the reverse procedure based on the information of the electronic tallying procedure included in the header information Ha and Hb and rearranging them in the original order.
  • the information of the electronic tallying procedure is further converted into electronic tally to generate header information, the information of the electronic tallying procedure is restored, and then the original information is restored.
  • the provided ID code is physically divided and stored as an electronic tally which is extremely difficult to guess at the phone main unit 10 and the IC card 3 ⁇ . can do. Therefore, since the transaction is approved only after the customer inserts the IC card 30 stored in the telephone main body 10, the user cannot use the telephone unless he / she uses a genuine telephone and cannot use the telephone. You can authenticate yourself. Also, even if the phone body 10 or the IC card 30 is lost, the information cannot be presumed simply by acquiring one of them, so that the information can be safely protected.
  • the ID code is provided by a bank or the like, but it goes without saying that the customer may decide and register the ID code. May be provided.
  • the electronic information When the electronic information is used, it is restored to its original state in the phone, but after the transaction is completed, the restored electronic information is subjected to electronic tallying processing using parameters different from those before and a new one is created.
  • the saved electronic tally can be stored separately in the RAM and IC card inside the phone.
  • the restored electronic information is It is preferable to erase. This is because if the authentication information remains on the telephone body, a person other than the user can operate the telephone and conduct electronic commerce.
  • the system of this embodiment can be used for flexible disks in so-called PDAs, such as portable small-sized computers with communication functions, and for personal-use computers connected to a communication network.
  • the present invention can be similarly applied to any device having an external storage device such as a disk or a CD disk or a storage device separated in the main body.
  • the external storage device may be any device that can write and read information, and may be not only an electronic storage device but also a paper medium using a bar code or the like.
  • Authentication information which forms the basis of credit in electronic commerce, is divided into two by electronic tallying, and one is stored in a storage device inside the main unit, and the other is stored in a removable external storage device or another storage device .
  • both electronic information is unified, restored, and transmitted.
  • FIG. 4 is a block diagram illustrating an electronic information protection system constructed using the above-mentioned communication terminal device such as a mobile phone.
  • the user's mobile phone 1 and personal computer 2 are connected to the communication network 3.
  • the communication network 3 is connected to a first database center 15 and a second database center 6 in addition to a commerce institution 4 such as a bank or a shop for electronic commerce.
  • a commerce institution 4 such as a bank or a shop for electronic commerce.
  • Each of the mobile phone 1 and the computer 2 can insert and use an IC card or a flexible disk to fetch and use the electronic information stored in these external storage devices.
  • the mobile phone 1 converts the ID code supplied to the user into an electronic tally, stores one electronic tally A1 in the main body, and stores the other electronic tally B1 in the IC card.
  • the electronic computer 2 converts the ID code into an electronic tally, and records one electronic tally A 2 on the main body and the other electronic tally B 2 on the flexible disk.
  • an external storage medium is set in the communication terminal device, the electronic tally is read, the ID code is restored by inverse conversion, and the electronic tally is transmitted to a commercial transaction organization 4 such as a bank.
  • the commercial institution 4 confirms that the received ID code is appropriate, accepts the commercial transaction, and executes the commercial transaction such as transfer or debit in the name of the user.
  • two database centers 5 and 6 are installed. These database centers are depository institutions for electronic information equipped with large-scale storage devices. The first data center 5 receives tally Al and A2 distributed to telephones and computers, and the second database The center 6 receives and stores the electronic tallies B 1 and B 2 distributed to the external storage device.
  • the user When a user replaces a mobile phone or other device with a new one due to loss or malfunction, the user requests the first depositary institution 5 and the first depositary institution 5 authenticates the user and deposits the electronic tally A 1, A2 will be provided. Also, when replacing the external storage device of the user, request the second depositary institution 6 to provide the electronic tally B1, B2 deposited.
  • the entire ID code is centralized in one place, it may be possible to restore it by some means and use it.Therefore, improving security by separating and depositing each electronic tally Let me. For subjects with relatively low security requirements, a single depository may handle both electronic tallys. Whether or not to deposit an electronic tally, and which electronic tally to deposit, may be determined by the user's option.
  • the present invention is not limited to the ID code, but may be applied to a communication secret key, personal authentication data, and the like.
  • the information may be private information of the user such as an address book. Since the amount of information to be stored in a mobile phone or the like increases as the phone is used, it is complicated to replace the past information on a new phone when replacing the phone.
  • the electronic information stored in the RAM of the telephone is converted into an electronic tally and deposited at the depository, so that the information can be collected safely and easily installed on a new telephone. can do. In addition, it is used for such a purpose. In some cases, electronic tally need to be generated for the latest electronic information.
  • one or both of the electronic tallies may be automatically sent to the information depository at the same time as the electronic tally operation is performed.
  • the control device of the communication terminal device When the operator selects and indicates electronic information to be tallyed and presses the tallying button, the control device of the communication terminal device generates an electronic tally of the electronic information and stores it in a predetermined storage device. The electronic tally will be sent automatically to the designated information depository.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

An electronic information protection system capable of ensuring a higher-safety user authentication in an electronic commerce using an information terminal device, characterized by using a communication terminal device that uses a detachable external storage device connected therewith, physically splitting targeted electronic information into two electronic information blocks by means of an electronically tallying means provided in the communication terminal device, and storing the first electronic information block into a communication terminal device body, and the second electronic information block into an external storage device.

Description

明細書  Specification
通信端末装置における電子情報保護システム 技術分野  Electronic information protection system for communication terminal equipment
本発明は、 取引における本人認証機能や紛失時における情報漏出防止機能を備 えた通信端末装置に関し、 特に携帯型電話器を介した決済などに利用できる電子 情報保護システムに関する。 背景技術  The present invention relates to a communication terminal device having a personal authentication function in a transaction and a function to prevent information leakage in the event of loss, and more particularly to an electronic information protection system that can be used for settlement via a portable telephone. Background art
公衆電話網ゃィンターネットなどの情報通信ネットワークを介して銀行などの 金融機関や各種商業者との取引を行うことが普通に行われるようになつてきた。 通信ネットワークを介した取引は、 面接によって本人認証するわけではないので、 ユーザが契約者の一人であることを認証する手段が重要になる。  It has become common to conduct transactions with financial institutions such as banks and various types of merchants via public information networks such as the public telephone network and the Internet. Transactions over a communication network are not conducted through interviews, so a means to authenticate that a user is one of the subscribers is important.
たとえば、 特開平 1 0— 3 3 6 3 4 5には、 商用プロバイダからサービスの提 供を受けようとするときに、 アカウントコードとパスワードによる発信者認証方 法では何らかの手段で情報を取得した他人が盗用する危険があることに鑑みて、 通信ァクセスを要求してきた情報端末装置そのものを物理的に確認し認証するよ うにしてセキュリティ · レベルがより高い発信者認証を行う方法が開示されてい る。  For example, Japanese Patent Application Laid-Open No. H10-3336345 states that, when trying to receive a service from a commercial provider, a sender authentication method using an account code and password obtains information by some other means. In view of the danger of plagiarism, there is disclosed a method of authenticating a sender with a higher security level by physically confirming and authenticating the information terminal device itself that has requested communication access. .
開示方法は、 情報端末装置と共に用いられる現実の電話手段の発信者電話番号 に基づいて行うもので、 パーソナルユースの情報端末装置、 特に P D A等の携帯 用情報端末装置のように一個人が物理的に専有した状態で使用するような場合に おける発信者認証のセキュリティ . レベルを大きく向上することができる。  The disclosure method is based on the caller's telephone number of the actual telephone means used with the information terminal device, and one individual physically accesses the information terminal device for personal use, especially a portable information terminal device such as a PDA. It can greatly improve the security level of caller authentication when used exclusively.
しかし、 開示方法は、 携帯用情報端末装置自体の認証をするものに過ぎないか ら、 他人が適正な端末装置を不正に使用することを防ぐことはできない。 このた め、 特に高い信頼性が要求される金融機関などとの通信アクセスには安心して適 用することができない。  However, since the disclosed method merely authenticates the portable information terminal device itself, it cannot prevent unauthorized use of the appropriate terminal device by others. For this reason, it cannot be applied to communication access with financial institutions, etc., which require particularly high reliability.
また、 携帯用情報端末装置は、 アドレス帳、 メモ帳、 認証情報、 I D番号、 電 子マネー、 医療情報、 実印相当データなど多くの情報を記録しておくことができ るようになっているので、 端末装置を紛失したり窃盗にあった場合などには、 他 人に秘密情報が漏出することになる。 発明の開示 In addition, the portable information terminal device can store a lot of information such as address book, memo pad, authentication information, ID number, electronic money, medical information, and data equivalent to the official seal. As a result, if the terminal device is lost or stolen, confidential information will be leaked to others. Disclosure of the invention
そこで、 本発明は、 デジタル情報通信網を介した取引においてよりセキユリテ ィ - レベルの高い利用者認証を行うことができるような電子情報保護システムを 提供することを目的とし、 また情報端末装置からの情報漏出を防止する電子情報 保護システムを提供することを目的とする。  Therefore, an object of the present invention is to provide an electronic information protection system capable of performing user authentication with a higher security-level in transactions via a digital information communication network. The purpose is to provide an electronic information protection system that prevents information leakage.
本発明の電子情報保護システムは、 着脱可能な外部記憶装置を接続して電子情 報の交換ができかつ内部記憶装置を備えた通信端末装置を用いるもので、 通信端 末装置には電子割符手段を備え、 この電子割符手段によって対象とする電子情報 を物理的に 2個の電子情報ブロックに分割し、 第 1の電子情報プロックを内部記 憶装置に第 2の電子情報プロックを外部記憶装置に記憶することを特徴とする。 ここで、 電子割符手段とは、 1個の電子情報を 2個以上に分割して 2個以上の 場所で分かち持たせるようにして、 必要なときに分割した電子情報を合体して元 の電子情報を復元するものをいう。 特に、 分割した電子情報はそれぞれ単独では 内容を推し量ることが困難になるようにすることが好ましい。  An electronic information protection system according to the present invention uses a communication terminal device which is connected to a detachable external storage device to exchange electronic information and has an internal storage device. The communication terminal device has an electronic tally means. The target electronic information is physically divided into two electronic information blocks by the electronic tally means, the first electronic information block is stored in the internal storage device, and the second electronic information block is stored in the external storage device. It is characterized by storing. Here, the electronic tally means means that one piece of electronic information is divided into two or more pieces and shared at two or more places, and when necessary, the divided pieces of electronic information are united into the original electronic information. The one that restores information. In particular, it is preferable that the divided electronic information is difficult to guess the content by itself.
本発明のシステムによれば、 外部記憶装置を通信端末装置にセットして始めて 認証情報の復元ができて通信端末装置自体を認証することができるので、 所有者 が通信端末装置と外部記憶装置を分離して管理しておけば正当な契約者でなけれ ば通信端末装置の認証を受けられない。 したがって、 アカウントコードとパスヮ 一ドによる発信者認証方法や通信端末装置自体を物理的に確認するのみで認証す る方法と比較して一段と安全な発信者認証が可能となる。  According to the system of the present invention, the authentication information can be restored and the communication terminal itself can be authenticated only after the external storage device is set in the communication terminal device, so that the owner can transfer the communication terminal device and the external storage device. If managed separately, communication terminal equipment cannot be authenticated unless it is a valid contractor. Therefore, more secure caller authentication can be performed as compared with a caller authentication method using an account code and a passcode or a method of authenticating only by physically confirming the communication terminal device itself.
また、 たとえば通信端末装置を取得した他人は割符化した電子情報の片割れだ けしか見ることができないので、 意味のある情報として認識することができない。 したがって、 秘密情報の漏洩を心配する必要がない。  Also, for example, another person who has acquired the communication terminal device can see only one half of the tallyed electronic information, and cannot recognize it as meaningful information. Therefore, there is no need to worry about leakage of confidential information.
たとえば、 本発明のシステムを活用して、 金融機関などから給付される本人認 証番号を物理的に分割して一方を通信端末装置の内部記憶装置に格納し残りを外 部記憶装置に格納して分割して保持し、 取引を行うときに始めて外部記憶装置を 通信端末装置にセットして統合して判定するようにすれば、 デジタル情報通信網 を介して安全に取引することができる。 For example, utilizing the system of the present invention, a personal identification number provided by a financial institution or the like is physically divided, and one is stored in an internal storage device of a communication terminal device, and the other is stored in an external storage device. , Split and hold, and the first time an external storage device is If it is set in a communication terminal device and integrated and determined, it is possible to conduct transactions safely through a digital information communication network.
なお、 電子割符手段は、 元の電子情報を複数の電子情報エレメントに分割して 分割された電子情報ェレメントを第 1電子情報プロックと第 2電子情報プロック に配分し、 それぞれの電子情報プロック内で電子情報ェレメントの順序を変更し、 さらに分割と順序変更の手順を記録した復元情報を生成してその全部あるいは分 割した一方ずつをそれぞれの電子情報プロックに含ませるようにすることが好ま しい。 また、 電子割符手段は、 復元情報に基づき電子情報ブロックを統合して元 の電子情報を復元する。  The electronic tally means divides the original electronic information into a plurality of electronic information elements, distributes the divided electronic information elements to the first electronic information block and the second electronic information block, and within each electronic information block. It is preferable to change the order of the electronic information element, generate restoration information that records the procedures of division and order change, and include all or one of the divided information in each electronic information block. Further, the electronic tally means restores the original electronic information by integrating the electronic information blocks based on the restored information.
このような電子割符手段を用いることにより、 簡単な操作にもかかわらず分割 された電子情報それぞれが容易には内容を推定することができなくなり、 内部記 憶装置を備える通信情報装置か外部記憶装置の片方を他人が入手した場合にも情 報の漏洩を心配する必要がない。  The use of such electronic tally means makes it impossible to easily estimate the content of each of the divided electronic information despite simple operations, so that a communication information device having an internal storage device or an external storage device can be used. There is no need to worry about information leakage if one obtains one.
さらに、 電子割符手段は、 通信端末装置の使用し終わるとき電子情報の分割及 ぴ配分方法を新たに決定して電子割符化するようにすることが好ましい。  Further, it is preferable that the electronic tally means newly decides a method of dividing and allocating electronic information when the use of the communication terminal device is finished, and converts it into electronic tally.
このように、 電子割符化方法をたびたび変更することにより、 記憶装置に格納 される電子情報の片割れの形が変化するので、 他人が意図しても秘密情報を盗む ことはほぼ不可能になる。  As described above, by frequently changing the electronic tallying method, the shape of the half of the electronic information stored in the storage device changes, so that it is almost impossible to steal secret information even if it is intended by another person.
なお、 通信端末装置としては、 電子情報通信網に接続した電子計算機などを用 いることができるが、 特に携帯電話機やパーソナル 'デジタル 'アシスト (P D A) など携帯情報端末装置を使用することができる。  As the communication terminal device, an electronic computer or the like connected to the electronic information communication network can be used. In particular, a mobile information terminal device such as a mobile phone or a personal 'digital' assist (PDA) can be used.
また、 通信端末装置に記憶されるあらゆる電子情報について電子割符化して科 用することができるが、 特に認証用情報を対象にして分割保管するようにするこ とにより、 安全な電子決済に利用することができる。  In addition, any electronic information stored in the communication terminal can be converted into electronic tally and used for secure electronic payment, especially by storing authentication information separately. be able to.
本発明は、 さらに通信端末装置に接続する情報寄託機関に内部記憶装置に格納 する第 1電子情報プロックを寄託し、 必要の応じて情報寄託機関から寄託した第 1電子情報プロックを取得して元の内部記憶装置もしくは別の通信端末装置の内 部記憶装置内に復元することができるようにすることができる。 なお、 電子割符 手段の作用によって、 データベースセンターなど外部の情報寄託機関が受託した 電子情報ブロックから情報の内容を推量できないようにすることができる。 The present invention further deposits the first electronic information block stored in the internal storage device with the information depository connected to the communication terminal device, acquires the first electronic information block deposited from the information depository as needed, and obtains the original electronic information block. It can be restored in the internal storage device of another communication device or the internal storage device of another communication terminal device. Due to the function of the electronic tallying method, an external information depository such as a database center It is possible to prevent the content of information from being inferred from the electronic information block.
このように、 通信端末に記憶する第 1電子情報プロックを外部機関に寄託する ことにより、 携帯電話機など通信端末装置を修理したときや、 電話器を破損して 買い換えたり紛失して新しくしたときに元の電子情報を復元することができるの で、 改めて本人確認して認証番号を再発行したりする必要がない。 また、 通信端 末装置に記憶させる情報は蓄積されてかなり大量になっている場合が多く機器を 新しく したときに復元することは容易でないが、 情報寄託機関に情報を寄託して おくことにより、 以前に記憶させておいた色々な電子情報を簡単に復元すること ができる。  In this way, by depositing the first electronic information block stored in the communication terminal with an external organization, it is possible to repair the communication terminal device such as a mobile phone, or to replace the phone with a new one after it has been damaged or replaced or lost. Since the original electronic information can be restored, there is no need to verify the identity again and reissue an authentication number. Also, the information stored in the communication terminal equipment is often stored and stored in a very large amount, and it is not easy to restore the equipment when it is newly installed.However, by depositing the information with an information depository, Various electronic information previously stored can be easily restored.
なお、 第 1電子情報プロックを寄託した情報寄託機関に第 2電子情報プロック を寄託できるようにしても良い。  The second electronic information block may be deposited with the information depository that deposited the first electronic information block.
このように、 両方の電子情報をいずれも寄託しておくことにより、 外部記憶装 置を紛失したり破損して復元する場合にも簡単に対処できるようになる。 なお、 外部の機関に電子情報を寄託するか、 寄託するときにはどの情報を寄託するかは、 ユーザあるいはユーザが利用する機関が任意に決定する事項とすることが好まし い。 '  In this way, depositing both electronic information makes it easy to deal with lost or damaged external storage devices that can be restored. In addition, it is preferable that the user or the institution used by the user arbitrarily determine whether the electronic information is to be deposited with an external institution and which information is to be deposited at the time of the deposit. '
また、 通信端末装置に接続する別の情報寄託機関に第 1電子情報プロック以外 の電子情報プロックを寄託することができるようにすると、 情報が 1力所に集ま らないので安全性がより向上する。  In addition, if electronic information blocks other than the first electronic information block can be deposited at another information depository connected to the communication terminal device, the information will not be collected at one place, thus improving security. I do.
さらに、 電子割符手段によって電子情報を 3個以上の電子情報プロックに分割 し、 第 1の電子情報プロックを内部記憶装置に第 2の電子情報プロックを外部記 憶装置に記憶するほか、 第 3以降の電子情報プロックを別の外部記憶装置に記憶 させることもできる。 なお、 第 3以降の電子情報ブロックを 1個以上の情報寄託 機関に記憶させるようにしてもよい。  In addition, the electronic information is divided into three or more electronic information blocks by electronic tally means, the first electronic information block is stored in the internal storage device, the second electronic information block is stored in the external storage device, and the third and subsequent electronic information blocks are stored. This electronic information block can be stored in another external storage device. The third and subsequent electronic information blocks may be stored in one or more information depository organizations.
分割保管数が多いほど情報の安全を確保しゃすいことはいうまでもない。  It goes without saying that the greater the number of divided storages, the more secure the information.
また、 電子割符手段によって電子情報を電子情報プロックに分割して記憶する ときに同時に、 情報寄託機関に電子情報プロックを自動的に寄託するようにする と、 操作者は特別の注意を払わなくても常に電子情報の安全を確保することがで さる。 図面の簡単な説明 Also, when electronic information is divided into electronic information blocks by the electronic tally means and stored at the same time as the electronic information block is automatically deposited at the information depository, the operator does not need to pay special attention. However, security of electronic information can always be ensured. BRIEF DESCRIPTION OF THE FIGURES
第 1図は本発明の電子情報保護システムの 1実施例を適用した通信端末装置の 斜視図、 第 2図は通信端末装置本体の構成ブロック図、 第 3図は本実施例におけ る電子割符化手順を説明するフロー図、 第 4図は本発明の電子情報保護システム の 1実施例の構成を示すブロック図である。 発明を実施するための最良の形態  FIG. 1 is a perspective view of a communication terminal device to which an embodiment of an electronic information protection system according to the present invention is applied, FIG. 2 is a block diagram of the configuration of a communication terminal device main body, and FIG. 3 is an electronic tally in this embodiment. FIG. 4 is a block diagram showing the configuration of an embodiment of the electronic information protection system of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION
本実施例の電子情報保護システムは、 インターネット通信網を介して取り引き する場合に適用したものである。  The electronic information protection system according to the present embodiment is applied to a case where transactions are performed via an Internet communication network.
本実施例の方法は、 銀行が顧客の所有する携帯電話機に対して個別に I Dコー ドを発行し、 給付された I Dコードを電話機本体と外部記憶装置に分割し、 電話 機本体と外部記憶装置を合体しないと銀行と通信できないようにすることにより 取引が顧客本人によるものであると推認するようにした安全確保方法である。 本実施例に用いる通信端末装置は携帯電話機であって、 第 1図に示すように、 携帯電話機 1が本体 1 0と外部記憶装置 3 0から構成される。 外部記憶装置 3 0 は I Cカードのデータ処理能力を利用して比較的大量の電子情報を安全に読み書 きできるようにしている。  In the method of this embodiment, the bank issues an ID code individually to a mobile phone owned by a customer, divides the provided ID code into a telephone body and an external storage device, and This is a security method in which the transaction cannot be communicated with the bank unless the transaction is merged, so that the transaction is assumed to be by the customer. The communication terminal device used in the present embodiment is a mobile phone. As shown in FIG. 1, the mobile phone 1 includes a main body 10 and an external storage device 30. The external storage device 30 makes it possible to read and write a relatively large amount of electronic information safely using the data processing capability of the IC card.
携帯電話機本体 1 0は、 送信着信の電話番号や通信する文字画像データなどを 表示する表示器 1 1、 電話番号や文字情報あるいは操作指示を入力するキーボー ド 1 2、 マイク 1 3、 スピー力 1 4、 ァンテナ 1 5、 外部記憶装置 3 0とデータ 交換するためのカード揷入口 1 6を備える。  The mobile phone body 10 has a display 11 for displaying the phone numbers of incoming and outgoing calls and character image data to be communicated, a keyboard 12 for inputting phone numbers, character information or operation instructions 12, a microphone 13 and a speed 1 4. Antenna 15 and card slot 16 for exchanging data with external storage device 30.
携帯電話機本体 1 0の内部には、 さらに第 2図の構成ブロック図に示すように、 C P U 2 0 , プログラムを格納する R OM 2 1、 電子情報を記憶する書換可能な R AM 2 2、 電話ュニット 2 3、 カード揷入口 1 6の奥に設けられ外部記憶用 I Cカードと電子情報を交換するカードリーダライター 1 7を備える。  As shown in the block diagram of FIG. 2, a CPU 20, a ROM 21 for storing programs, a rewritable RAM 22 for storing electronic information, and a telephone, as shown in the block diagram of FIG. Unit 23, a card reader / writer 17 provided at the back of the card entry 16 for exchanging electronic information with an external storage IC card.
C P U 2 C^S、 R OM 2 1に格納されたプログラムに従い、 R AM 2 2と外部 記憶装置 3 0に格納された電子情報を使って内部の回路装置を駆動制御する。 電 話ユニット 2 3にはマイク 1 3、 スピーカ 1 4、 アンテナ 1 5が接続されており、 発呼、 着信検知、 送受信などの通信制御を行う。 In accordance with the program stored in the CPU 2 C ^ S and the ROM 21, the internal circuit device is driven and controlled using the RAM 22 and the electronic information stored in the external storage device 30. The microphone 13, the speaker 14, and the antenna 15 are connected to the telephone unit 23. It performs communication control such as outgoing call, incoming call detection, transmission and reception.
携帯電話機 1は、 R〇M 2 1に格納'された電子割符プログラムを用いて電話操 作あるいは電子商取引などに使用される電子情報を分割して電話機本体 1 0と I Cカード 3 0に分配して格納することができる。  The mobile phone 1 uses the electronic tally program stored in the R〇M 21 to divide the electronic information used for telephone operations or electronic commerce and distribute it to the telephone main body 10 and the IC card 30. Can be stored.
電子割符プログラムの電子割符を形成する部分は、 第 3図に示すように、 元の 電子情報 4 1を任意の数の 子情報エレメント 4 2に分割する。 分割した電子情 報エレメントを適宜に 2つのブロックに分けて、 それぞれ適当に配列し直し、 そ のままでは情報の内容を推定することができないような電子情報プロック 4 3、 4 4にする。 このようにして形成された電子情報ブロックを電子割符といい、 電 子割符を形成する手順を電子割符化という。  The part forming the electronic tally of the electronic tally program divides the original electronic information 41 into an arbitrary number of child information elements 42 as shown in FIG. The divided electronic information elements are divided into two blocks as appropriate, rearranged appropriately, and electronic information blocks 43, 44 are made so that the content of the information cannot be estimated as it is. The electronic information block formed in this way is called an electronic tally, and the procedure for forming the electronic tally is called electronic tallying.
形成した電子情報プロック 4 3、 4 4である電子割符 A、 Bはそれぞれ携帯電 話機本体 1 0の R AM 2 2と外部記憶装置 (I Cカード) 3 0のメモリ一に分け て格納する。  The electronic information tallies A and B, which are the formed electronic information blocks 43 and 44, are stored separately in the RAM 22 of the mobile phone main body 10 and the memory of the external storage device (IC card) 30.
電子情報の分割位置は、 コンテンツの区切りに関わりなく物理的に決定するこ とが好ましい。 たとえばビット単位で切断したもの同士を接続したものでは局部 的な情報内容であっても把握しにくくなるからである。  It is preferable that the division position of the electronic information is physically determined irrespective of the division of the content. This is because, for example, in the case of connecting pieces that are cut in bit units, it is difficult to grasp even local information contents.
また、 電子情報エレメントに分割した位置の情報と電子情報エレメントを分配 して再配列した手順の情報はそれぞれ電子割符 A、 Bのへッダ情報 H a、 H bと して付属させる。 安全性をさらに向上させるためには、 分割位置情報と分配再配 列情報についても、 元の電子情報を電子情報プロックに配分したと同じような手 順で割符化してそれぞれに分配しても良い。  In addition, the information on the position divided into the electronic information elements and the information on the procedure of distributing and rearranging the electronic information elements are attached as header information Ha and Hb of electronic tally A and B, respectively. In order to further improve security, the split position information and the distribution rearrangement information may also be divided into tally in the same procedure as when the original electronic information was allocated to the electronic information block, and distributed to each. .
本実施例では、 銀行が顧客を認証した上で、 顧客が使用しょうとする携帯電話 機 1に対して I Dコードを送出する。 電話機 1は I Dコードを受信して、 電子割 符化処理をして 2個の電子割符 A、 Bを形成し、 一方の電子割符 Aを電話機本体 1 0の R AM 2 2に格納し、 他方の電子割符 Bをカードリーダライター 1 7を介 して I Cカード 3 0に送信して格納させる。  In this embodiment, the bank authenticates the customer, and then sends the ID code to the mobile phone 1 that the customer intends to use. The telephone 1 receives the ID code and performs an electronic tallying process to form two electronic tallies A and B. One of the electronic tallies A is stored in the RAM 22 of the telephone main body 10, and the other is. The electronic tally B is transmitted to the IC card 30 via the card reader / writer 17 and stored therein.
顧客は、 常時は I Cカード 3 0を携帯電話機本体 1 0から取り外して保持し、 銀行と取引するときに I Cカード 3 0をカード挿入口 1 6に差し込んで、 カード リーダライター 1 7を介して内容を読み込ませて R AM 2 1の内容と合体して、 電話機 1を操作する。 The customer always removes and holds the IC card 30 from the mobile phone body 10 and inserts the IC card 30 into the card slot 16 when making a transaction with a bank, and the contents are transferred via the card reader / writer 17. And merge it with the contents of R AM 21, Operate telephone 1.
携帯電話機 1は、 R OM 2 1に格納された電子割符プログラムの電子割符を復 元するためのサブプログラムに従い、 R AM 2 2と外部記憶装置 3 0に格納され た電子割符 A、 Bを使って I Dコードを復元し、 復元した I Dコードを銀行に送 信する。 銀行は保管しておいた I Dコード情報と受信した I Dコードを照合させ て本人認証し、 認証に合格すると取引口座を開いて取引内容を受容する。  In accordance with the sub-program for restoring the electronic tally of the electronic tally program stored in the ROM 21, the mobile phone 1 uses the RAM 22 and the electronic tally A and B stored in the external storage device 30. To restore the ID code and send the restored ID code to the bank. The bank verifies the identity by comparing the stored ID code information with the received ID code, and if successful, opens a transaction account and accepts the transaction details.
電子情報は、 ヘッダ情報 H a、 H bに含まれる電子割符化手順の情報に基づい た逆手順により電子割符 A、 Bを電子情報ェレノントに分割し元の順に並べ直す ことにより復元することができる。 なお、 電子割符化手順の情報をさらに電子割 符化してへッダ情報にする場合は、 電子割符化手順の情報を復元した上で元の情 報を復元するようにする。  The electronic information can be restored by dividing the electronic tallies A and B into electronic information Eleanon by the reverse procedure based on the information of the electronic tallying procedure included in the header information Ha and Hb and rearranging them in the original order. . When the information of the electronic tallying procedure is further converted into electronic tally to generate header information, the information of the electronic tallying procedure is restored, and then the original information is restored.
上記説明した携帯電話機 1を用いると、 支給された I Dコ一ドは物理的に分割 されて内容を推量することが極めて困難な電子割符として、 電話機本体 1 0と I Cカード 3◦に分けて保管することができる。 したがって、 顧客が保管している I Cカード 3 0を電話機本体 1 0に挿入して始めて取引を認めるので、 本人が純 正な電話機を用レ、て利用しなければ利用することができず自ずから正しレ、本人認 証を行うことができる。 また、 電話機本体 1 0や I Cカード 3 0を紛失したりし ても、 他人がその一方を取得しただけでは内容を推定することができないので、 情報も安全に保護することができる。  Using the mobile phone 1 described above, the provided ID code is physically divided and stored as an electronic tally which is extremely difficult to guess at the phone main unit 10 and the IC card 3◦. can do. Therefore, since the transaction is approved only after the customer inserts the IC card 30 stored in the telephone main body 10, the user cannot use the telephone unless he / she uses a genuine telephone and cannot use the telephone. You can authenticate yourself. Also, even if the phone body 10 or the IC card 30 is lost, the information cannot be presumed simply by acquiring one of them, so that the information can be safely protected.
ここで、 I Dコードは銀行などが支給するとしたが、 顧客自身が決定して登録 するようにしても良いことはいうまでもなく、 さらに携帯電話機を提供する機関 が携帯電話機に固有なコードとして一緒に提供しても良い。  Here, it is assumed that the ID code is provided by a bank or the like, but it goes without saying that the customer may decide and register the ID code. May be provided.
なお、 電子情報は使用するときには電話器内で元の状態に復元されるが、 取引 が終了した後で以前と異なるパラメータを用いて復元された電子情報について電 子割符化処理を行い、 新しく形成された電子割符を再び電話機本体内の R AMと I Cカードに分割保管するようにすることができる。  When the electronic information is used, it is restored to its original state in the phone, but after the transaction is completed, the restored electronic information is subjected to electronic tallying processing using parameters different from those before and a new one is created. The saved electronic tally can be stored separately in the RAM and IC card inside the phone.
このように取引ごとに電子割符を更新するようにすると、 以前に傍取された電 子情報があっても次の機会には利用できなくなっているので、 安全性が著しく向 上する。 なお、 電子割符を生成した後は、 復元された電子情報を電話機本体から 消去することが好ましい。 電話機本体に認証情報が残っていると本人以外の者が 電話機を操作して電子商取引を行うことができるからである。 Updating the electronic tally for each transaction in this way significantly improves security because previously intercepted electronic information is no longer available on the next opportunity. After generating the electronic tally, the restored electronic information is It is preferable to erase. This is because if the authentication information remains on the telephone body, a person other than the user can operate the telephone and conduct electronic commerce.
ここでは、 携帯電話機について詳しく説明したが、 本実施例のシステムは通信 機能を付属する携帯用小型電子計算機などのいわゆる P D Aや、 通信網に接続し たパーソナルユースの電子計算機などにおいても、 フレキシブルディスクや C D ディスクなどの外部記憶装置や本体内に分離する記憶装置を備えたものであれば 同様に適用することができる。 また、 外部記憶装置は、 情報の書き込みと読み取 りができるものであればよいので、 電気的に記録するものばかりでなく、 たとえ ばバーコードなどを利用した紙媒体などであっても良い。  Although the mobile phone has been described in detail here, the system of this embodiment can be used for flexible disks in so-called PDAs, such as portable small-sized computers with communication functions, and for personal-use computers connected to a communication network. The present invention can be similarly applied to any device having an external storage device such as a disk or a CD disk or a storage device separated in the main body. The external storage device may be any device that can write and read information, and may be not only an electronic storage device but also a paper medium using a bar code or the like.
電子商取引において信用の基礎となる認証情報を、 電子割符化処理により二分 して、 一方を本体内部の記憶装置に格納し、 他方を着脱可能な外部記憶装置ある いは別の記憶装置に格納する。 電子商取引を行うときには、 両方の電子情報を一 体化して復元して伝達することにより実行する。  Authentication information, which forms the basis of credit in electronic commerce, is divided into two by electronic tallying, and one is stored in a storage device inside the main unit, and the other is stored in a removable external storage device or another storage device . When conducting electronic commerce, both electronic information is unified, restored, and transmitted.
第 4図は、 上記の携帯電話機などの通信端末装置を使用して構築した電子情報 保護システムを説明するブロック図である。  FIG. 4 is a block diagram illustrating an electronic information protection system constructed using the above-mentioned communication terminal device such as a mobile phone.
利用者の携帯電話機 1や個人使用の電子計算機 2が通信網 3に接続されている。 通信網 3には、 電子商取引する銀行やショップなどの商取引機関 4に加えて、 第 1のデータベースセンタ一 5と第 2のデータベースセンター 6が接続されている。 携帯電話機 1と電子計算機 2はそれぞれ、 I Cカードやフレキシブルディスク を挿入してこれら外部記憶装置に記憶された電子情報を取り込んで使用すること ができる。 携帯電話機 1は利用者に支給された I Dコードを電子割符化し、 本体 にその一方の電子割符 A 1を記憶し I Cカードに他方の電子割符 B 1を記憶して おく。 また、 電子計算機 2は I Dコードを電子割符化し本体に一方の電子割符 A 2、 フレキシブルディスクに他方の電子割符 B 2を記録する。  The user's mobile phone 1 and personal computer 2 are connected to the communication network 3. The communication network 3 is connected to a first database center 15 and a second database center 6 in addition to a commerce institution 4 such as a bank or a shop for electronic commerce. Each of the mobile phone 1 and the computer 2 can insert and use an IC card or a flexible disk to fetch and use the electronic information stored in these external storage devices. The mobile phone 1 converts the ID code supplied to the user into an electronic tally, stores one electronic tally A1 in the main body, and stores the other electronic tally B1 in the IC card. The electronic computer 2 converts the ID code into an electronic tally, and records one electronic tally A 2 on the main body and the other electronic tally B 2 on the flexible disk.
利用者が電子商取引を行うときには、 通信端末装置に外部記憶媒体をセットし て電子割符を読み込んで逆変換により I Dコードを復元して、 銀行等の商取引機 関 4に送信する。 商取引機関 4は受け取った I Dコードが適正であることを確認 した上で商取引を受け入れて、 利用者名義の振込や引き落としなど商取引を実行 する。 本実施例の電子情報保護システムでは、 2個のデータベースセンター 5、 6が 設置されている。 これらデータベースセンターは大型の記憶装置を備えた電子情 報の寄託機関であって、 第 1データセンター 5は電話機本体や電子計算機本体に 分配される割符 A l 、 A 2を受託し、 第 2データベースセンター 6は外部記憶装 置に分配される電子割符 B 1 、 B 2を受託して記憶する。 When a user conducts electronic commerce, an external storage medium is set in the communication terminal device, the electronic tally is read, the ID code is restored by inverse conversion, and the electronic tally is transmitted to a commercial transaction organization 4 such as a bank. The commercial institution 4 confirms that the received ID code is appropriate, accepts the commercial transaction, and executes the commercial transaction such as transfer or debit in the name of the user. In the electronic information protection system of the present embodiment, two database centers 5 and 6 are installed. These database centers are depository institutions for electronic information equipped with large-scale storage devices.The first data center 5 receives tally Al and A2 distributed to telephones and computers, and the second database The center 6 receives and stores the electronic tallies B 1 and B 2 distributed to the external storage device.
携帯電話機などの紛失や故障で新しい機器に取り替えたときには、 利用者が第 1の寄託機関 5に要請すると、 第 1寄託機関 5は利用者の認証を行った上で預か つていた電子割符 A 1 、 A 2を支給する。 また、 利用者の外部記憶装置を取り替 えるときには、 第 2寄託機関 6に要請して寄託しておいた電子割符 B 1 、 B 2を 提供させる。  When a user replaces a mobile phone or other device with a new one due to loss or malfunction, the user requests the first depositary institution 5 and the first depositary institution 5 authenticates the user and deposits the electronic tally A 1, A2 will be provided. Also, when replacing the external storage device of the user, request the second depositary institution 6 to provide the electronic tally B1, B2 deposited.
I Dコードの全体が一力所に集約されるようにすると、 何らかの手段で復元し て利用できる状態が生じうるため、 電子割符のそれぞれ一方ずつを分けて寄託す るようにして、 安全性を向上させている。 安全に対する要求度が比較的低い対象 については、 1個の寄託機関で両方の電子割符を扱うようにしても良い。 また、 電子割符を寄託するか否か、 いずれの電子割符を寄託するかは、 利用者のォプシ ヨンで決定すればよい。  If the entire ID code is centralized in one place, it may be possible to restore it by some means and use it.Therefore, improving security by separating and depositing each electronic tally Let me. For subjects with relatively low security requirements, a single depository may handle both electronic tallys. Whether or not to deposit an electronic tally, and which electronic tally to deposit, may be determined by the user's option.
このような寄託機関を存在させることにより、 銀行やショップなど 4がそのた びに I Dコードの再発行するなど直接介入する必要がない。 なお、 利用者が電子 割符の片割れ B l 、 B 2を記憶した外部記憶装置を使用しない限り I Dコードを 復元することができないので、 寄託機関が受託した電子情報を提供しても秘密に すべき情報は安全に保護される。  By having such a depositary institution, there is no need for direct intervention by banks and shops4 such as reissuing the ID code every time. Note that the ID code cannot be restored unless the user uses an external storage device that stores the electronic tally Bl, B2, so the secret information must be kept confidential even if the deposited information is provided by the depository. Information is safe.
なお、 上記実施例の電子情報保護システムでは I Dコードの保護と復元を行う ものとして説明したが、 I D コードに限らず、 通信用秘密鍵や個人認証データな どに適用してもよいし、. またァドレス帳など利用者の私的情報であっても良い。 携帯電話機などに記憶させておく情報の量は電話機を使う内に増大するため、 電話機の交換をするときには新しい電話機に過去の情報を搭載し直す作業が繁雑 である。 本実施例のシステムを利用して、 電話機の R AMに記憶してあった電子 情報を電子割符化して寄託機関に寄託しておくことにより、 安全に情報を回収し て新しい電話機に簡単に搭載することができる。 なお、 このような用途に利用す るときには、 電子割符は最新の電子情報について生成させる必要があることはい うまでもない。 Although the electronic information protection system of the above embodiment is described as protecting and restoring the ID code, the present invention is not limited to the ID code, but may be applied to a communication secret key, personal authentication data, and the like. The information may be private information of the user such as an address book. Since the amount of information to be stored in a mobile phone or the like increases as the phone is used, it is complicated to replace the past information on a new phone when replacing the phone. Using the system of this embodiment, the electronic information stored in the RAM of the telephone is converted into an electronic tally and deposited at the depository, so that the information can be collected safely and easily installed on a new telephone. can do. In addition, it is used for such a purpose. In some cases, electronic tally need to be generated for the latest electronic information.
また、 通信端末装置の扱いを確実かつ容易にするため、 電子割符操作を行うと きに同時に電子割符の一方または両方を自動的に情報寄託機関に送付するように しても良い。 操作者が割符化する電子情報を選択して指示し割符化ボタンを押す と、 通信端末装置の制御装置が電子情報の電子割符を生成して、 決められた記憶 装置に記憶すると同時に、 決められた電子割符を決められた情報寄託機関に自動 的に送付する。  Also, in order to reliably and easily handle the communication terminal device, one or both of the electronic tallies may be automatically sent to the information depository at the same time as the electronic tally operation is performed. When the operator selects and indicates electronic information to be tallyed and presses the tallying button, the control device of the communication terminal device generates an electronic tally of the electronic information and stores it in a predetermined storage device. The electronic tally will be sent automatically to the designated information depository.
なお、 上記では、 電子情報は 2個の電子割符の分割するようにしたシステムに ついて説明したが、 3個以上のブロックに分割して、 第 3以降の情報ブロックを 別の記憶領域、 別の外部記憶装置あるいは情報寄託機関などに記憶させるように すれば、 収集しなければならない電子情報ブロックの数が大きくなるので、 より 確実に電子情報を保護することができる。 産業上の利用可能性  In the above description, a system in which the electronic information is divided into two electronic tallies has been described.However, the electronic information is divided into three or more blocks, and the third and subsequent information blocks are stored in another storage area and another. If the information is stored in an external storage device or an information depository, the number of electronic information blocks that need to be collected increases, so that the electronic information can be more reliably protected. Industrial applicability
以上詳細に説明した通り、 本発明の電子情報保護システムによれば、 情報端末 装置を用いた電子商取引においてより安全性の高い利用者認証を行うことができ るようになる。  As described above in detail, according to the electronic information protection system of the present invention, more secure user authentication can be performed in electronic commerce using the information terminal device.

Claims

請求の範囲 The scope of the claims
1 . 着脱可能な外部記憶装置を接続して電子情報の交換ができかつ内部記憶装置 を備えた通信端末装置において、 電子割符手段を備え、 該電子割符手段によって 記憶すべき電子情報を物理的に 2個の電子情報プロックに分割し、 第 1の電子情 報プロックを前記内部記憶装置に第 2の電子情報プロックを前記外部記憶装置に 記憶することを特徴とする電子情報保護システム。  1. A communication terminal device which is connected to a removable external storage device so that electronic information can be exchanged and has an internal storage device, comprising electronic tally means, wherein electronic information to be stored by the electronic tally means is physically stored. An electronic information protection system, wherein the electronic information protection system is divided into two electronic information blocks, and a first electronic information block is stored in the internal storage device and a second electronic information block is stored in the external storage device.
2 . 前記電子割符手段が、 前記電子情報を複数の電子情報ェレメントに分割して 分割された電子情報ェレメントを第 1電子情報ブロックと第 2電子情報プロック に配分し、 それぞれの電子情報プロック内で電子情報ェレメントの順序を変更し、 さらに分割と順序変更の手順を記録した復元情報を生成してその全部あるいは分 割した一方ずつを前記電子情報プロックに含ませるようにすることを特徴とする 請求の範囲第 1項記載の電子情報保護システム。  2. The electronic tally means divides the electronic information into a plurality of electronic information elements, distributes the divided electronic information elements to a first electronic information block and a second electronic information block, and within each electronic information block. The order of the electronic information element is changed, and further, restoration information recording the procedure of division and order change is generated, and all or one of the divided information is included in the electronic information block. Electronic information protection system according to paragraph 1.
3 . 前記電子割符手段が、 前記通信端末装置の使用が終了するときに前記電子情 報の分割及び配分方法を新たに決定することを特徴とする請求の範囲第 2項記載 の電子情報保護システム。  3. The electronic information protection system according to claim 2, wherein the electronic tally means newly determines a method of dividing and distributing the electronic information when the use of the communication terminal device ends. .
4 . 前記電子割符手段によつて前記電子情報を 2個に分割する代わりに 3個以上 の電子情報プロックに分割し、 第 1の電子情報プロックを前記内部記憶装置に第 2の電子情報プロックを前記外部記憶装置に記憶するほかに、 第 3以降の電子情 報プロックを前記内部記憶装置の別の記憶領域、 前記外部記憶装置の別の記憶領 域、 別の外部記憶装置あるいは外部の情報寄託機関に記憶させることを特徴とす る請求の範囲第 1項から第 3項のいずれかに記載の電子情報保護システム。  4. Instead of dividing the electronic information into two by the electronic tally means, the electronic information is divided into three or more electronic information blocks, and the first electronic information block is stored in the internal storage device with the second electronic information block. In addition to storing in the external storage device, a third or later electronic information block is stored in another storage area of the internal storage device, another storage area of the external storage device, another external storage device or external information deposit. 4. The electronic information protection system according to claim 1, wherein the electronic information protection system is stored in an institution.
5 . 前記電子割符手段が、 集合させた前記分割した電子情報ブロックに対して前 記復元情報に基づいて前記記憶すべき電子情報を復元することを特徴とする請求 の範囲第 2項から第 4項のいずれかに記載の電子情報保護システム。 5. The electronic tally means restores the electronic information to be stored to the grouped divided electronic information blocks based on the restoration information. Electronic information protection system according to any of the preceding paragraphs.
6 . 前記通信端末装置が携帯情報端末装置であることを特徴とする請求の範囲第 1項から第 5項のいずれかに記載の電子情報保護システム。 6. The electronic information protection system according to any one of claims 1 to 5, wherein the communication terminal device is a portable information terminal device.
7 . 前記記憶すべき電子情報が、 認証用情報であることを特徴とする請求の範囲 第 1項から第 6項のいずれかに記載の電子情報保護システム。  7. The electronic information protection system according to any one of claims 1 to 6, wherein the electronic information to be stored is authentication information.
8 . 前記通信端末装置に通信網を介して接続する情報寄託機関を備え、 該情報寄 託機関に前記内部記憶装置に格納する第 1電子情報プロックを寄託し、 必要の応 じて該情報寄託機関から前記第 1電子情報プロックを取得して前記内部記憶装置 もしくは別の通信端末装置の内部記憶装置に再録することができるようにしたこ とを特徴とする請求の範囲第 1項から第 7項のいずれかに記載の電子情報保護シ ステム。 8. An information depository connected to the communication terminal device via a communication network is provided. Depositing a first electronic information block stored in the internal storage device into a depository, acquiring the first electronic information block from the information depository as necessary, and retrieving the first electronic information block from the internal storage device or another communication terminal device. 8. The electronic information protection system according to claim 1, wherein the electronic information protection system can be re-recorded in an internal storage device.
9 . 前記情報寄託機関もしくは前記通信端末装置に接続する別の情報寄託機関に 前記第 1電子情報プロック以外のいずれかの電子情報プロックを寄託することが できるようにしたことを特徴とする請求の範囲第 8項記載の電子情報保護システ ム。  9. An electronic information block other than the first electronic information block can be deposited at the information depository or another information depository connected to the communication terminal device. Electronic information protection system according to paragraph 8.
1 0 . 前記情報寄託機関への前記電子情報ブロックの寄託は、 前記電子割符手段 によつて前記電子情報を電子情報プロックに分割するときに自動的に行うことを 特徴とする請求の範囲第 8項または第 9項記載の電子情報保護  10. The depositing of the electronic information block with the information depositing organization is automatically performed when the electronic information is divided into electronic information blocks by the electronic tallying means. Electronic information protection as described in paragraph 9 or
PCT/JP2002/004997 2001-05-24 2002-05-23 Electronic information protection system in communication terminal device WO2002095593A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2001-154814 2001-05-24
JP2001154814A JP2002351845A (en) 2001-05-24 2001-05-24 Electronic information protection system in communication terminal device

Publications (1)

Publication Number Publication Date
WO2002095593A1 true WO2002095593A1 (en) 2002-11-28

Family

ID=18999097

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2002/004997 WO2002095593A1 (en) 2001-05-24 2002-05-23 Electronic information protection system in communication terminal device

Country Status (2)

Country Link
JP (1) JP2002351845A (en)
WO (1) WO2002095593A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009116454A (en) * 2007-11-02 2009-05-28 Nippon Telegr & Teleph Corp <Ntt> User authentication method, terminal device for access, program, and recording medium

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100343774C (en) * 2003-01-06 2007-10-17 索尼株式会社 Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium
JP2004234632A (en) * 2003-01-06 2004-08-19 Sony Corp System, server, method, and program for authentication, terminal, method and program for requiring authentication, and storage medium
JP2005202650A (en) * 2004-01-15 2005-07-28 Casio Comput Co Ltd Authentication system
JP2005267328A (en) * 2004-03-19 2005-09-29 Japan Wave:Kk Rental system of digital contents, recording device used for same system, reproduction device used for same system, recording software used for same system, and reproduction software used for same system
CN1947372A (en) * 2004-04-23 2007-04-11 松下电器产业株式会社 Personal information management device, distributed key storage device, and personal information management system
JP4545496B2 (en) * 2004-06-22 2010-09-15 京セラミタ株式会社 Electrical equipment
JP2006048643A (en) * 2004-07-08 2006-02-16 Namco Ltd Terminal device, program, information storage medium, and data processing method
WO2006041031A1 (en) * 2004-10-08 2006-04-20 Matsushita Electric Industrial Co., Ltd. Authentication system
JP2006113764A (en) * 2004-10-14 2006-04-27 Dainippon Printing Co Ltd Data decoding prevention method
JP2006301849A (en) * 2005-04-19 2006-11-02 Global Friendship Inc Electronic information storage system
JP4908941B2 (en) * 2006-06-16 2012-04-04 株式会社三井住友銀行 Initial password issuance processing method and system
JP4964048B2 (en) * 2007-07-13 2012-06-27 株式会社日立ソリューションズ Authentication system and authentication method using non-contact IC and portable information terminal
JP5127050B2 (en) * 2008-05-20 2013-01-23 株式会社日立製作所 Communication terminal device take-out management system, communication terminal device take-out management method, program, and storage medium
JP5403708B2 (en) * 2009-06-17 2014-01-29 Necディスプレイソリューションズ株式会社 Information processing apparatus, data processing method, and program
JP4692669B2 (en) * 2009-10-09 2011-06-01 富士ゼロックス株式会社 Job processing apparatus and control program
CN103189886B (en) 2011-10-20 2016-10-05 株式会社东芝 Electronic receipt system, terminal installation, the offer method of electronic receipt and program
JP2013222273A (en) * 2012-04-13 2013-10-28 Lapis Semiconductor Co Ltd Semiconductor device, confidential data management system, and confidential data management method
JP5895093B1 (en) * 2015-10-14 2016-03-30 ネクスト・イット株式会社 Number restoration system, support device, and restoration support method
JP7204439B2 (en) 2018-11-21 2023-01-16 株式会社東芝 IC card, portable electronic device, IC card processing method and program
JP6760631B1 (en) * 2019-12-28 2020-09-23 国立大学法人千葉大学 Authentication request system and authentication request method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08286904A (en) * 1995-02-14 1996-11-01 Fujitsu Ltd Method and system for ciphering/deciphering software
JPH11134259A (en) * 1997-10-29 1999-05-21 Oki Electric Ind Co Ltd Management method and device for information
JP2000173178A (en) * 1998-11-30 2000-06-23 Nec Gumma Ltd Digital data storage method and computer system using the method
JP2000242563A (en) * 1999-02-22 2000-09-08 Nippon Columbia Co Ltd Recording medium, and recording and reproducing device
JP2001027969A (en) * 1999-07-14 2001-01-30 Minolta Co Ltd Data processor
JP2001034164A (en) * 1999-07-23 2001-02-09 Toshiba Corp Privacy distributed system and recording medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08286904A (en) * 1995-02-14 1996-11-01 Fujitsu Ltd Method and system for ciphering/deciphering software
JPH11134259A (en) * 1997-10-29 1999-05-21 Oki Electric Ind Co Ltd Management method and device for information
JP2000173178A (en) * 1998-11-30 2000-06-23 Nec Gumma Ltd Digital data storage method and computer system using the method
JP2000242563A (en) * 1999-02-22 2000-09-08 Nippon Columbia Co Ltd Recording medium, and recording and reproducing device
JP2001027969A (en) * 1999-07-14 2001-01-30 Minolta Co Ltd Data processor
JP2001034164A (en) * 1999-07-23 2001-02-09 Toshiba Corp Privacy distributed system and recording medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YASUKURA KAWASHIRO: "'Denshi Warifu' no digital shakai he no oyo", IPSJ: INFORMATION PROCESSING SOCIETY OF JAPAN DENSHIKA CHITEKI ZAISAN-SHAKAI KIBAN KENKYUKAI KENKYU HOKOKU, 2000-EIP-8, vol. 2000, no. 56, 2 June 2000 (2000-06-02), pages 19 - 25, XP002957374 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009116454A (en) * 2007-11-02 2009-05-28 Nippon Telegr & Teleph Corp <Ntt> User authentication method, terminal device for access, program, and recording medium

Also Published As

Publication number Publication date
JP2002351845A (en) 2002-12-06

Similar Documents

Publication Publication Date Title
WO2002095593A1 (en) Electronic information protection system in communication terminal device
EP0995177B1 (en) Symmetrically-secured electronic communication system
US6163771A (en) Method and device for generating a single-use financial account number
US20050085931A1 (en) Online ATM transaction with digital certificate
JP2000222362A (en) Method and device for realizing multiple security check point
CN108764907A (en) Assets method for retrieving, system and computer readable storage medium
JP2013539561A (en) Management method of electronic money
US20030135731A1 (en) CA in a card
US20060064600A1 (en) Method and system for identifying an authorized individual by means of unpredictable single-use passwords
US20130138571A1 (en) Systems and Protocols for Anonymous Mobile Payments with Personal Secure Devices
EP1046976B1 (en) Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information
KR102078566B1 (en) Method and system of preventing loss of a cryptocurrency
US6606387B1 (en) Secure establishment of cryptographic keys
JP2002288427A (en) Transaction executing method
WO2010028163A1 (en) Secure pin character retrieval and setting
KR100675423B1 (en) IC Card contained with Electronic Bankbooks and Public Certificates and Processing Machine for the IC Card and Server for issuing the IC Card
CN113570369B (en) Block chain privacy transaction method, device, equipment and readable storage medium
KR102475434B1 (en) Security method and system for crypto currency
JP3549657B2 (en) Private key retention management method
JP2003030155A (en) Authentication system
KR20070104026A (en) Method and system for generating random numbers for object oriented otp
JP4270589B2 (en) Electronic frequency payment method and apparatus
EP1299848A2 (en) Secure system for conducting electronic transactions and method for use thereof
CN115082067B (en) Digital currency double-off-line payment method and device based on SM2
JP2007065727A (en) Ic card use system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase