WO2005103910A1 - Icカード及びアクセス制御方法 - Google Patents

Icカード及びアクセス制御方法 Download PDF

Info

Publication number
WO2005103910A1
WO2005103910A1 PCT/JP2005/007641 JP2005007641W WO2005103910A1 WO 2005103910 A1 WO2005103910 A1 WO 2005103910A1 JP 2005007641 W JP2005007641 W JP 2005007641W WO 2005103910 A1 WO2005103910 A1 WO 2005103910A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
folder
access
card
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2005/007641
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Ken Sakamura
Noboru Koshizuka
Kazuhiko Ishii
Masayuki Terada
Kensaku Mori
Sadayuki Hongo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Priority to EP05734139A priority Critical patent/EP1739563A4/en
Priority to US11/578,974 priority patent/US7814557B2/en
Publication of WO2005103910A1 publication Critical patent/WO2005103910A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the present invention relates to an IC card capable of internally creating a rights-value file, and an access control method for controlling access to the IC card and the created rights-value file.
  • Patent Document 1 JP-A-2000-163533
  • an issuer of an e-value file has generally been able to freely set rules for using the e-value file issued by himself and operate the e-value file based on the use rules.
  • the owner of the IC card holding the right-value file must follow the usage rules set by the issuer when using the right-value file. For this reason, for example, the owner of an IC card holding multiple types of e-value files may wish to freely select which e-value file to use when using these e-value files.
  • the issuer has previously set use rules, the use rules may have to be obeyed and may not be as desired by the owner himself.
  • the present invention has been made to solve the above-described problems, and has flexible access control to the rights-value file while ensuring the security of the rights-value file in the IC card. It is an object of the present invention to provide an IC card and an access control method capable of performing the above.
  • an IC card in response to a request for creation of an e-value file from a communication partner, creates a file for e-rights using the communication partner as an eligibility issuer.
  • file access authority setting means for setting access authority to the created authority value file in response to an access authority setting request from the communication partner as the authority value issuer
  • Folder creation means for creating a folder in response to a folder creation request from the owner requesting creation of a folder containing files, and the created folder in response to an access right setting request from the owner.
  • a folder access right setting means for setting an access right to the folder, and an access to the set rights / value file.
  • Authority and at least one on based V access authority for the folder including the voucher file Te characterized that you with an access control means for controlling access to the voucher file.
  • the access control method provides a file creation step in which, in response to a request for creating an e-value file from a communication partner, an e-value file is created in the IC card using the communication partner as an e-rights issuer.
  • a folder creation step of creating a folder in the IC card and an access right setting request from the owner Set access rights to the created folder accordingly
  • a folder access right setting step and when there is a request for access to the right / value file in the IC card, the set access right to the right / value file and access to the folder including the right / value file
  • a folder including one or more e-rights-value files can be created in response to a folder creation request from the owner, and the folder can be created in response to an access authority setting request from the owner. Access rights can be set. Then, based on at least one of the set access rights to the rights-value file and the folders, the access to the rights-value file is controlled.
  • access control to the e-value file is controlled not only based on the access right to the e-value file set by the e-value issuer but also based on the access right to the folder set by the owner of the IC card. Is performed. In other words, it is possible to control the access to the e-rights file according to the wishes of the owner of the IC card while ensuring the security of the e-rights file in the IC card.
  • FIG. 1 is a functional block diagram showing a configuration of an IC card according to an embodiment of the present invention.
  • FIG. 2 is a flowchart showing the contents of an access control process.
  • FIG. 3 is a diagram showing an example of an access control list of a folder.
  • FIG. 4 is a diagram showing an example of an access control list of a file in folder 1;
  • FIG. 1 is a functional block diagram showing a configuration of the IC card 10.
  • the IC card 10 includes an authentication unit 11 that authenticates both or one of the communication partner 20 and the owner 30 of the IC card 10 according to an authentication mode described later,
  • a file creation unit 12 that creates an e-rights-value file (hereinafter simply referred to as “file”) using the correspondent 20 as the e-rights issuer in response to the e-value file creation request, and a correspondent as the e-values issuer
  • file access authority setting unit 13 that sets the access authority to the file in response to the access authority setting request from 20, and the folder creation request from the owner 30 that requests the creation of a folder containing one or more files Folder creation unit 14 to create a folder, and a folder access authority setting to set the access authority to the folder in response to an access authority setting request from the owner 30.
  • an access control unit 16 for controlling access to the file based on at least one of the set access right to the file and the access right to the folder, and stores the folder and the files included in the folder. It is configured to include a file storage unit 17 and an access control list storage unit 18 that stores information on the access right to the set file and the access right to the folder in a list format.
  • the authentication unit 11 stores an ID certificate 11A for certifying the ID.
  • the communication by the IC card 10 includes communication in which the IC card 10 authenticates the communicating party and communication in which the IC card 10 does not authenticate the communicating party.
  • authentication communication In the “authentication” in this case, there are a case where the owner 30 of the IC card 10 is authenticated and a case where the IC cards are authenticated with another IC card (the communication partner 20).
  • the mode (authentication mode) in which the IC card 10 performs authentication control of the access partner by the authentication unit 11 is “owner authentication mode” in which the owner 30 of the IC card 10 is authenticated, and another IC card (communication mode).
  • the owner authentication mode authentication is performed using biometric information such as a password or a fingerprint that is stored in the IC card 10 in advance.
  • biometric information such as a password or a fingerprint that is stored in the IC card 10 in advance.
  • ID certificates are presented to each other, and mutual authentication is performed according to the conventionally known mechanism of PKI (Public Key Infrastructure).
  • a new file can be created on the IC card 10.
  • the created file is added with issuer information indicating who created the file. This is the ID of the owner 30's own IC card in the owner authentication mode, and the ID of the communication partner (other IC card) 20 in the partner authentication mode. These are called the "issuer IDs" of the file.
  • the issuer restricts access to the file (in this case, copy Z transfer) from access other than the issuer ID. be able to.
  • the issuer (creator of the file) can set the file access control list that restricts the ability of anyone other than the issuer to execute the copy and transfer of the file when creating the file.
  • copying corresponds to issuing a voucher. Except in special cases, copying is set to "impossible".
  • the file access control list 18B includes information indicating whether or not copying is permitted for each file such as file 1, file 2, file 3, and the like. Information indicating whether or not to permit, and issuer information are stored.
  • the access control list 18B of this file is stored in the access control list storage unit 18.
  • a file in the IC card 10 can be accessed as an owner (details will be described later).
  • the owner can restrict others from creating, reading, and transferring the file to the IC card 10.
  • the owner can set a folder that includes one or more files stored in the IC card 10 and set the folder.
  • an access control list can be set to restrict the ability of a person other than the owner to create or read files in the folder.
  • creation corresponds to, for example, transfer of the right value
  • reading corresponds to the inquiry of the balance of the right value.
  • the folder access control list 18A includes information indicating whether or not reading is permitted for each folder such as folder 1, folder 2, and creation permission. Information indicating whether the transfer is permitted and information indicating whether the transfer is permitted are stored. As shown in FIG. 1, the access control list 18A of the folder is stored in the access control list storage unit 18 in association with the access control lists 18B and 18C of the files for each folder.
  • the access control list of the folder is not restricted, but is set in the file. Will be obeyed.
  • the operation differs depending on the file issuer ID.
  • the issuer ID is different from the ID of the communication partner (other IC card) 20 that is accessing, both the access control list of the folder containing the file and the access control list of the file will be followed.
  • the issuer ID is the same as the ID of the communication partner (other IC card) 20 that is accessing, it is not bound by the file access control list. However, the access control list of the folder containing the file will be followed.
  • both the access control list of the folder containing the file and the access control list of the file are always followed. That is, file access will fail unless allowed by both access control lists. Will be done.
  • the authentication unit 11 determines how to authenticate the access partner based on the authentication mode information specified at the start of communication (the authentication mode). J) is determined.
  • the process proceeds to S2, where the authentication unit 11 executes a predetermined authentication process in the owner authentication mode. That is, as described above, authentication is performed by using biometric information such as a password or a fingerprint stored in the IC card 10 in advance. If the authentication is not successful in S2, the process proceeds to S6, and the target operation is not permitted and ends in failure. If the authentication is successful in S2, the process proceeds to S3, and the access control unit 16 checks the access right of the target file. In other words, in the case of the owner authentication mode, there is no need to check the access authority of the folder because it is not restricted by the setting of the access control list of the folder.
  • the access control unit 16 determines whether or not the target operation is permitted by the investigation in S3 (S4) . If the target operation is not permitted, the process proceeds to S6, and the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S4, the process proceeds to S5, and the target operation is executed as being permitted.
  • the process proceeds to S7, where the authentication unit 11 performs a predetermined authentication process in the partner authentication mode. That is, as described above, ID certificates are presented to each other, and mutual authentication is performed in accordance with the well-known PKI mechanism. If the authentication is not successful in S7, the process proceeds to S6, where the target operation is not permitted and ends in failure. If the authentication is successful in S7, the process proceeds to S8, and the access control unit 16 checks the access right of the current folder. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S8 (S9).
  • the process proceeds to S6, where the target operation is not permitted and ends in failure. It will be.
  • the process proceeds to S10, and the access control unit 16 checks the issuer ID of the target file. Then, in S11, it is determined whether or not the issuer ID of the target file is the same as the ID of the authentication partner.
  • the process proceeds to S5, and the target operation is executed as being permitted.
  • the process proceeds to S12, where the access control unit 16 checks the access authority of the target file. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S12 (S13) . If the target operation is not permitted, the process proceeds to S6, and the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S13, the process proceeds to S5, where the target operation is executed as it is permitted.
  • the access control list of the folder containing the file and the access of the file are set. If the issuer ID is the same as the ID of the communicating party (other IC card) 20 that is accessing the file, the file is not bound by the file access control list, but the The access control list will be followed.
  • the flow proceeds to S14, where the access control unit 16 checks the access authority of the current folder. Then, the access control unit 16 determines whether or not the target operation is permitted by the investigation in S14 (S15) . If the target operation is not permitted, the process proceeds to S6, where the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S15, the process proceeds to S16, and the access control unit 16 checks the access right of the target file. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S16 (S17).
  • the process proceeds to S6, where the target operation is not permitted and ends in failure. It will be. On the other hand, if the target operation is permitted in S17, the process proceeds to S5, and the target operation is executed as being permitted.
  • the access control list of the folder containing the file and the access control list of the file are always followed.
  • the communication partner 20 (ID is 00006)
  • the process proceeds from S1 to S7 in FIG. If the authentication is successful in S7, “permission” is obtained as the “read” access authority information on the folder 1 from the folder access control list 18A in S8. Therefore, since the target operation “read” is permitted, the process proceeds to S10, and the access control list 18B of the file in the folder 1 is obtained, and “00006” is obtained as the publisher ID of the target file (file 2).
  • the present invention is not limited to the example in which three modes of the owner authentication mode, the partner authentication mode, and the non-authentication mode exist as the authentication mode. If the non-authentication mode does not exist, another mode such as the mode may be adopted.
  • the present invention uses an IC card capable of internally creating an e-rights file and an access control method for controlling access to the created e-rights / e-value file. It ensures flexible access control to the e-rights-and-rights file while ensuring the security of the e-rights-and-values file.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
PCT/JP2005/007641 2004-04-21 2005-04-21 Icカード及びアクセス制御方法 Ceased WO2005103910A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP05734139A EP1739563A4 (en) 2004-04-21 2005-04-21 IC CARD AND ACCESS CONTROL METHOD
US11/578,974 US7814557B2 (en) 2004-04-21 2005-04-21 IC card and access control method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004-126045 2004-04-21
JP2004126045A JP3947528B2 (ja) 2004-04-21 2004-04-21 Icカード及びアクセス制御方法

Publications (1)

Publication Number Publication Date
WO2005103910A1 true WO2005103910A1 (ja) 2005-11-03

Family

ID=35197162

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/007641 Ceased WO2005103910A1 (ja) 2004-04-21 2005-04-21 Icカード及びアクセス制御方法

Country Status (6)

Country Link
US (1) US7814557B2 (enExample)
EP (1) EP1739563A4 (enExample)
JP (1) JP3947528B2 (enExample)
KR (1) KR100849380B1 (enExample)
CN (1) CN100407176C (enExample)
WO (1) WO2005103910A1 (enExample)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504849B2 (en) 2004-12-21 2013-08-06 Sandisk Technologies Inc. Method for versatile content control
US8601283B2 (en) 2004-12-21 2013-12-03 Sandisk Technologies Inc. Method for versatile content control with partitioning
KR100818244B1 (ko) 2005-05-10 2008-04-02 삼성전자주식회사 태그-관련정보 보안방법 및 이를 적용한 태그-관련정보보안시스템
EP2024894A4 (en) 2006-05-12 2016-09-21 Samsung Electronics Co Ltd DEVICE AND METHOD FOR MANAGING SAFETY DATA
EP1873728B1 (en) * 2006-06-29 2013-11-27 Incard SA Method for configuring an IC Card in order to receive personalization commands
US8613103B2 (en) * 2006-07-07 2013-12-17 Sandisk Technologies Inc. Content control method using versatile control structure
US8639939B2 (en) 2006-07-07 2014-01-28 Sandisk Technologies Inc. Control method using identity objects
JP2008040925A (ja) * 2006-08-09 2008-02-21 Fuji Xerox Co Ltd バインダ処理装置
JP2008146601A (ja) * 2006-12-13 2008-06-26 Canon Inc 情報処理装置及び情報処理方法
JP2008181295A (ja) * 2007-01-24 2008-08-07 Sony Corp 認証システム、情報処理装置および方法、プログラム、並びに記録媒体
US9104618B2 (en) 2008-12-18 2015-08-11 Sandisk Technologies Inc. Managing access to an address range in a storage device
US9769164B2 (en) * 2009-10-29 2017-09-19 Assa Abloy Ab Universal validation module for access control systems
US8319606B2 (en) * 2009-10-29 2012-11-27 Corestreet, Ltd. Universal validation module for access control systems
WO2011099972A1 (en) * 2010-02-11 2011-08-18 Hewlett-Packard Company, L. P. Executable identity based file access
JP2012027650A (ja) * 2010-07-22 2012-02-09 Nec Corp コンテンツ管理装置およびコンテンツ管理方法
CN102880897B (zh) * 2011-07-14 2016-01-27 中国移动通信集团公司 一种智能卡的应用数据共享方法和智能卡

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07152837A (ja) * 1993-09-17 1995-06-16 At & T Corp スマートカード

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH087720B2 (ja) * 1986-09-16 1996-01-29 富士通株式会社 複数サービス用icカードの領域アクセス方法
EP0583006B2 (en) * 1992-08-13 2006-11-29 Matsushita Electric Industrial Co., Ltd. IC card with hierarchical file structure
JP3176209B2 (ja) * 1994-02-25 2001-06-11 富士通株式会社 カード型記憶媒体およびカード型記憶媒体発行装置
DE19522029A1 (de) * 1995-06-17 1996-12-19 Uestra Hannoversche Verkehrsbe Vorrichtung zum Lesen und/oder Schreiben von Speicherkarten
DE19716015A1 (de) * 1997-04-17 1998-10-29 Ibm Einbringen von Information auf einer Chipkarte
JP2000163533A (ja) 1998-11-27 2000-06-16 Pentel Corp Icカード所有者識別装置
GB2350703A (en) 1999-06-02 2000-12-06 Ncr Int Inc Smart devices
JP4501197B2 (ja) 2000-01-07 2010-07-14 ソニー株式会社 情報携帯処理システム、情報携帯装置のアクセス装置及び情報携帯装置
CN1293482C (zh) 2000-04-06 2007-01-03 索尼公司 便携装置的存储区域分割方法
NL1016547C2 (nl) 2000-11-06 2002-05-07 Easychip C V Werkwijze en systeem voor het plaatsen van een dienst op een inrichting met een geheugen en een verwerkingseenheid.
JP2002163235A (ja) * 2000-11-28 2002-06-07 Mitsubishi Electric Corp アクセス権限譲渡装置、共有リソース管理システム及びアクセス権限設定方法
US20030047936A1 (en) * 2001-09-10 2003-03-13 Falcon Rafael Jose Statement folder (for credit and debit cards)
CN2585316Y (zh) * 2002-11-05 2003-11-05 云航(天津)国际贸易有限公司 一种ic卡计算机防护装置
GB2397904B (en) * 2003-01-29 2005-08-24 Hewlett Packard Co Control of access to data content for read and/or write operations
CN1458595A (zh) * 2003-05-26 2003-11-26 邵军利 应用软件版权保护及操作权限管理系统和方法
US7421555B2 (en) * 2003-08-22 2008-09-02 Bluearc Uk Limited System, device, and method for managing file security attributes in a computer file storage system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07152837A (ja) * 1993-09-17 1995-06-16 At & T Corp スマートカード

Also Published As

Publication number Publication date
JP3947528B2 (ja) 2007-07-25
KR20060134222A (ko) 2006-12-27
CN1947104A (zh) 2007-04-11
EP1739563A1 (en) 2007-01-03
US20080134341A1 (en) 2008-06-05
KR100849380B1 (ko) 2008-07-31
US7814557B2 (en) 2010-10-12
CN100407176C (zh) 2008-07-30
EP1739563A4 (en) 2009-02-18
JP2005309779A (ja) 2005-11-04

Similar Documents

Publication Publication Date Title
JP5397917B2 (ja) Idトークンから属性を読み込む方法とプログラム、idトークン、およびコンピュータシステム
JP5517314B2 (ja) ソフトトークンを生成する方法、プログラム及びコンピュータシステム
WO2005103910A1 (ja) Icカード及びアクセス制御方法
EP3839720B1 (en) Mobile credential revocation
ES2714177T3 (es) Procedimiento para leer atributos desde un código de identidad-ID
US8707415B2 (en) Method for storing data, computer program product, ID token and computer system
US9847883B2 (en) Revocation status using other credentials
US20070245152A1 (en) Biometric authentication system for enhancing network security
JP2003524252A (ja) デジタル署名を用いたプログラムによるリソースへのアクセス制御
ES2984852T3 (es) Emisión de credencial digital verificable
KR20120048553A (ko) 아이디 토큰으로부터 속성을 읽기 위한 방법
WO2007094165A1 (ja) 本人確認システムおよびプログラム、並びに、本人確認方法
JPWO2010103663A1 (ja) 個人認証システムおよび個人認証方法
CN100419717C (zh) Ic卡以及权限转让控制方法
JP2004213265A (ja) 電子文書管理装置、文書作成者装置、文書閲覧者装置、電子文書管理方法及び電子文書管理システム
KR20230044953A (ko) 블록체인의 계정인증을 통해 파일을 관리하기 위한 컴퓨팅 방법 및 시스템
JP3887234B2 (ja) コマンド実行権限譲渡方法及びシステム
JP2008090701A (ja) 認証アクセス制御システム及びこれに使用するアドインモジュール
JP2000286840A (ja) アクセス制御システム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200580012522.2

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2005734139

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWE Wipo information: entry into national phase

Ref document number: 1020067024404

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 1020067024404

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005734139

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 11578974

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 11578974

Country of ref document: US