WO2005103910A1 - Icカード及びアクセス制御方法 - Google Patents
Icカード及びアクセス制御方法 Download PDFInfo
- Publication number
- WO2005103910A1 WO2005103910A1 PCT/JP2005/007641 JP2005007641W WO2005103910A1 WO 2005103910 A1 WO2005103910 A1 WO 2005103910A1 JP 2005007641 W JP2005007641 W JP 2005007641W WO 2005103910 A1 WO2005103910 A1 WO 2005103910A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- folder
- access
- card
- value
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/388—Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- the present invention relates to an IC card capable of internally creating a rights-value file, and an access control method for controlling access to the IC card and the created rights-value file.
- Patent Document 1 JP-A-2000-163533
- an issuer of an e-value file has generally been able to freely set rules for using the e-value file issued by himself and operate the e-value file based on the use rules.
- the owner of the IC card holding the right-value file must follow the usage rules set by the issuer when using the right-value file. For this reason, for example, the owner of an IC card holding multiple types of e-value files may wish to freely select which e-value file to use when using these e-value files.
- the issuer has previously set use rules, the use rules may have to be obeyed and may not be as desired by the owner himself.
- the present invention has been made to solve the above-described problems, and has flexible access control to the rights-value file while ensuring the security of the rights-value file in the IC card. It is an object of the present invention to provide an IC card and an access control method capable of performing the above.
- an IC card in response to a request for creation of an e-value file from a communication partner, creates a file for e-rights using the communication partner as an eligibility issuer.
- file access authority setting means for setting access authority to the created authority value file in response to an access authority setting request from the communication partner as the authority value issuer
- Folder creation means for creating a folder in response to a folder creation request from the owner requesting creation of a folder containing files, and the created folder in response to an access right setting request from the owner.
- a folder access right setting means for setting an access right to the folder, and an access to the set rights / value file.
- Authority and at least one on based V access authority for the folder including the voucher file Te characterized that you with an access control means for controlling access to the voucher file.
- the access control method provides a file creation step in which, in response to a request for creating an e-value file from a communication partner, an e-value file is created in the IC card using the communication partner as an e-rights issuer.
- a folder creation step of creating a folder in the IC card and an access right setting request from the owner Set access rights to the created folder accordingly
- a folder access right setting step and when there is a request for access to the right / value file in the IC card, the set access right to the right / value file and access to the folder including the right / value file
- a folder including one or more e-rights-value files can be created in response to a folder creation request from the owner, and the folder can be created in response to an access authority setting request from the owner. Access rights can be set. Then, based on at least one of the set access rights to the rights-value file and the folders, the access to the rights-value file is controlled.
- access control to the e-value file is controlled not only based on the access right to the e-value file set by the e-value issuer but also based on the access right to the folder set by the owner of the IC card. Is performed. In other words, it is possible to control the access to the e-rights file according to the wishes of the owner of the IC card while ensuring the security of the e-rights file in the IC card.
- FIG. 1 is a functional block diagram showing a configuration of an IC card according to an embodiment of the present invention.
- FIG. 2 is a flowchart showing the contents of an access control process.
- FIG. 3 is a diagram showing an example of an access control list of a folder.
- FIG. 4 is a diagram showing an example of an access control list of a file in folder 1;
- FIG. 1 is a functional block diagram showing a configuration of the IC card 10.
- the IC card 10 includes an authentication unit 11 that authenticates both or one of the communication partner 20 and the owner 30 of the IC card 10 according to an authentication mode described later,
- a file creation unit 12 that creates an e-rights-value file (hereinafter simply referred to as “file”) using the correspondent 20 as the e-rights issuer in response to the e-value file creation request, and a correspondent as the e-values issuer
- file access authority setting unit 13 that sets the access authority to the file in response to the access authority setting request from 20, and the folder creation request from the owner 30 that requests the creation of a folder containing one or more files Folder creation unit 14 to create a folder, and a folder access authority setting to set the access authority to the folder in response to an access authority setting request from the owner 30.
- an access control unit 16 for controlling access to the file based on at least one of the set access right to the file and the access right to the folder, and stores the folder and the files included in the folder. It is configured to include a file storage unit 17 and an access control list storage unit 18 that stores information on the access right to the set file and the access right to the folder in a list format.
- the authentication unit 11 stores an ID certificate 11A for certifying the ID.
- the communication by the IC card 10 includes communication in which the IC card 10 authenticates the communicating party and communication in which the IC card 10 does not authenticate the communicating party.
- authentication communication In the “authentication” in this case, there are a case where the owner 30 of the IC card 10 is authenticated and a case where the IC cards are authenticated with another IC card (the communication partner 20).
- the mode (authentication mode) in which the IC card 10 performs authentication control of the access partner by the authentication unit 11 is “owner authentication mode” in which the owner 30 of the IC card 10 is authenticated, and another IC card (communication mode).
- the owner authentication mode authentication is performed using biometric information such as a password or a fingerprint that is stored in the IC card 10 in advance.
- biometric information such as a password or a fingerprint that is stored in the IC card 10 in advance.
- ID certificates are presented to each other, and mutual authentication is performed according to the conventionally known mechanism of PKI (Public Key Infrastructure).
- a new file can be created on the IC card 10.
- the created file is added with issuer information indicating who created the file. This is the ID of the owner 30's own IC card in the owner authentication mode, and the ID of the communication partner (other IC card) 20 in the partner authentication mode. These are called the "issuer IDs" of the file.
- the issuer restricts access to the file (in this case, copy Z transfer) from access other than the issuer ID. be able to.
- the issuer (creator of the file) can set the file access control list that restricts the ability of anyone other than the issuer to execute the copy and transfer of the file when creating the file.
- copying corresponds to issuing a voucher. Except in special cases, copying is set to "impossible".
- the file access control list 18B includes information indicating whether or not copying is permitted for each file such as file 1, file 2, file 3, and the like. Information indicating whether or not to permit, and issuer information are stored.
- the access control list 18B of this file is stored in the access control list storage unit 18.
- a file in the IC card 10 can be accessed as an owner (details will be described later).
- the owner can restrict others from creating, reading, and transferring the file to the IC card 10.
- the owner can set a folder that includes one or more files stored in the IC card 10 and set the folder.
- an access control list can be set to restrict the ability of a person other than the owner to create or read files in the folder.
- creation corresponds to, for example, transfer of the right value
- reading corresponds to the inquiry of the balance of the right value.
- the folder access control list 18A includes information indicating whether or not reading is permitted for each folder such as folder 1, folder 2, and creation permission. Information indicating whether the transfer is permitted and information indicating whether the transfer is permitted are stored. As shown in FIG. 1, the access control list 18A of the folder is stored in the access control list storage unit 18 in association with the access control lists 18B and 18C of the files for each folder.
- the access control list of the folder is not restricted, but is set in the file. Will be obeyed.
- the operation differs depending on the file issuer ID.
- the issuer ID is different from the ID of the communication partner (other IC card) 20 that is accessing, both the access control list of the folder containing the file and the access control list of the file will be followed.
- the issuer ID is the same as the ID of the communication partner (other IC card) 20 that is accessing, it is not bound by the file access control list. However, the access control list of the folder containing the file will be followed.
- both the access control list of the folder containing the file and the access control list of the file are always followed. That is, file access will fail unless allowed by both access control lists. Will be done.
- the authentication unit 11 determines how to authenticate the access partner based on the authentication mode information specified at the start of communication (the authentication mode). J) is determined.
- the process proceeds to S2, where the authentication unit 11 executes a predetermined authentication process in the owner authentication mode. That is, as described above, authentication is performed by using biometric information such as a password or a fingerprint stored in the IC card 10 in advance. If the authentication is not successful in S2, the process proceeds to S6, and the target operation is not permitted and ends in failure. If the authentication is successful in S2, the process proceeds to S3, and the access control unit 16 checks the access right of the target file. In other words, in the case of the owner authentication mode, there is no need to check the access authority of the folder because it is not restricted by the setting of the access control list of the folder.
- the access control unit 16 determines whether or not the target operation is permitted by the investigation in S3 (S4) . If the target operation is not permitted, the process proceeds to S6, and the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S4, the process proceeds to S5, and the target operation is executed as being permitted.
- the process proceeds to S7, where the authentication unit 11 performs a predetermined authentication process in the partner authentication mode. That is, as described above, ID certificates are presented to each other, and mutual authentication is performed in accordance with the well-known PKI mechanism. If the authentication is not successful in S7, the process proceeds to S6, where the target operation is not permitted and ends in failure. If the authentication is successful in S7, the process proceeds to S8, and the access control unit 16 checks the access right of the current folder. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S8 (S9).
- the process proceeds to S6, where the target operation is not permitted and ends in failure. It will be.
- the process proceeds to S10, and the access control unit 16 checks the issuer ID of the target file. Then, in S11, it is determined whether or not the issuer ID of the target file is the same as the ID of the authentication partner.
- the process proceeds to S5, and the target operation is executed as being permitted.
- the process proceeds to S12, where the access control unit 16 checks the access authority of the target file. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S12 (S13) . If the target operation is not permitted, the process proceeds to S6, and the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S13, the process proceeds to S5, where the target operation is executed as it is permitted.
- the access control list of the folder containing the file and the access of the file are set. If the issuer ID is the same as the ID of the communicating party (other IC card) 20 that is accessing the file, the file is not bound by the file access control list, but the The access control list will be followed.
- the flow proceeds to S14, where the access control unit 16 checks the access authority of the current folder. Then, the access control unit 16 determines whether or not the target operation is permitted by the investigation in S14 (S15) . If the target operation is not permitted, the process proceeds to S6, where the target operation is rejected and failed. It will end. On the other hand, if the target operation is permitted in S15, the process proceeds to S16, and the access control unit 16 checks the access right of the target file. Then, the access control unit 16 determines whether or not the target operation is permitted based on the investigation in S16 (S17).
- the process proceeds to S6, where the target operation is not permitted and ends in failure. It will be. On the other hand, if the target operation is permitted in S17, the process proceeds to S5, and the target operation is executed as being permitted.
- the access control list of the folder containing the file and the access control list of the file are always followed.
- the communication partner 20 (ID is 00006)
- the process proceeds from S1 to S7 in FIG. If the authentication is successful in S7, “permission” is obtained as the “read” access authority information on the folder 1 from the folder access control list 18A in S8. Therefore, since the target operation “read” is permitted, the process proceeds to S10, and the access control list 18B of the file in the folder 1 is obtained, and “00006” is obtained as the publisher ID of the target file (file 2).
- the present invention is not limited to the example in which three modes of the owner authentication mode, the partner authentication mode, and the non-authentication mode exist as the authentication mode. If the non-authentication mode does not exist, another mode such as the mode may be adopted.
- the present invention uses an IC card capable of internally creating an e-rights file and an access control method for controlling access to the created e-rights / e-value file. It ensures flexible access control to the e-rights-and-rights file while ensuring the security of the e-rights-and-values file.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Finance (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/578,974 US7814557B2 (en) | 2004-04-21 | 2005-04-21 | IC card and access control method |
EP05734139A EP1739563A4 (en) | 2004-04-21 | 2005-04-21 | IC CARD AND ACCESS CONTROL METHOD |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-126045 | 2004-04-21 | ||
JP2004126045A JP3947528B2 (ja) | 2004-04-21 | 2004-04-21 | Icカード及びアクセス制御方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005103910A1 true WO2005103910A1 (ja) | 2005-11-03 |
Family
ID=35197162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/007641 WO2005103910A1 (ja) | 2004-04-21 | 2005-04-21 | Icカード及びアクセス制御方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US7814557B2 (ja) |
EP (1) | EP1739563A4 (ja) |
JP (1) | JP3947528B2 (ja) |
KR (1) | KR100849380B1 (ja) |
CN (1) | CN100407176C (ja) |
WO (1) | WO2005103910A1 (ja) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8601283B2 (en) | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
US8504849B2 (en) | 2004-12-21 | 2013-08-06 | Sandisk Technologies Inc. | Method for versatile content control |
KR100818244B1 (ko) | 2005-05-10 | 2008-04-02 | 삼성전자주식회사 | 태그-관련정보 보안방법 및 이를 적용한 태그-관련정보보안시스템 |
EP2024894A4 (en) | 2006-05-12 | 2016-09-21 | Samsung Electronics Co Ltd | APPARATUS AND METHOD FOR MANAGING SECURITY DATA |
EP1873728B1 (en) * | 2006-06-29 | 2013-11-27 | Incard SA | Method for configuring an IC Card in order to receive personalization commands |
US8613103B2 (en) * | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
US8639939B2 (en) | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
JP2008040925A (ja) * | 2006-08-09 | 2008-02-21 | Fuji Xerox Co Ltd | バインダ処理装置 |
JP2008146601A (ja) * | 2006-12-13 | 2008-06-26 | Canon Inc | 情報処理装置及び情報処理方法 |
JP2008181295A (ja) * | 2007-01-24 | 2008-08-07 | Sony Corp | 認証システム、情報処理装置および方法、プログラム、並びに記録媒体 |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US8319606B2 (en) * | 2009-10-29 | 2012-11-27 | Corestreet, Ltd. | Universal validation module for access control systems |
US9769164B2 (en) * | 2009-10-29 | 2017-09-19 | Assa Abloy Ab | Universal validation module for access control systems |
CN102812473A (zh) * | 2010-02-11 | 2012-12-05 | 惠普发展公司,有限责任合伙企业 | 基于可执行程序身份的文件访问 |
JP2012027650A (ja) * | 2010-07-22 | 2012-02-09 | Nec Corp | コンテンツ管理装置およびコンテンツ管理方法 |
CN102880897B (zh) * | 2011-07-14 | 2016-01-27 | 中国移动通信集团公司 | 一种智能卡的应用数据共享方法和智能卡 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07152837A (ja) * | 1993-09-17 | 1995-06-16 | At & T Corp | スマートカード |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH087720B2 (ja) | 1986-09-16 | 1996-01-29 | 富士通株式会社 | 複数サービス用icカードの領域アクセス方法 |
DE69320900T3 (de) | 1992-08-13 | 2007-04-26 | Matsushita Electric Industrial Co., Ltd., Kadoma | IC-Karte mit hierarchischer Dateienstruktur |
JP3176209B2 (ja) * | 1994-02-25 | 2001-06-11 | 富士通株式会社 | カード型記憶媒体およびカード型記憶媒体発行装置 |
DE19522029A1 (de) * | 1995-06-17 | 1996-12-19 | Uestra Hannoversche Verkehrsbe | Vorrichtung zum Lesen und/oder Schreiben von Speicherkarten |
DE19716015A1 (de) * | 1997-04-17 | 1998-10-29 | Ibm | Einbringen von Information auf einer Chipkarte |
JP2000163533A (ja) | 1998-11-27 | 2000-06-16 | Pentel Corp | Icカード所有者識別装置 |
GB2350703A (en) * | 1999-06-02 | 2000-12-06 | Ncr Int Inc | Smart devices |
JP4501197B2 (ja) * | 2000-01-07 | 2010-07-14 | ソニー株式会社 | 情報携帯処理システム、情報携帯装置のアクセス装置及び情報携帯装置 |
WO2001077920A1 (fr) * | 2000-04-06 | 2001-10-18 | Sony Corporation | Procede de division de zone de stockage pour dispositif portable |
NL1016547C2 (nl) * | 2000-11-06 | 2002-05-07 | Easychip C V | Werkwijze en systeem voor het plaatsen van een dienst op een inrichting met een geheugen en een verwerkingseenheid. |
JP2002163235A (ja) * | 2000-11-28 | 2002-06-07 | Mitsubishi Electric Corp | アクセス権限譲渡装置、共有リソース管理システム及びアクセス権限設定方法 |
US20030047936A1 (en) * | 2001-09-10 | 2003-03-13 | Falcon Rafael Jose | Statement folder (for credit and debit cards) |
CN2585316Y (zh) * | 2002-11-05 | 2003-11-05 | 云航(天津)国际贸易有限公司 | 一种ic卡计算机防护装置 |
GB2397904B (en) * | 2003-01-29 | 2005-08-24 | Hewlett Packard Co | Control of access to data content for read and/or write operations |
CN1458595A (zh) * | 2003-05-26 | 2003-11-26 | 邵军利 | 应用软件版权保护及操作权限管理系统和方法 |
US7421555B2 (en) * | 2003-08-22 | 2008-09-02 | Bluearc Uk Limited | System, device, and method for managing file security attributes in a computer file storage system |
-
2004
- 2004-04-21 JP JP2004126045A patent/JP3947528B2/ja not_active Expired - Lifetime
-
2005
- 2005-04-21 WO PCT/JP2005/007641 patent/WO2005103910A1/ja active Application Filing
- 2005-04-21 EP EP05734139A patent/EP1739563A4/en not_active Withdrawn
- 2005-04-21 KR KR1020067024404A patent/KR100849380B1/ko not_active IP Right Cessation
- 2005-04-21 US US11/578,974 patent/US7814557B2/en not_active Expired - Fee Related
- 2005-04-21 CN CN2005800125222A patent/CN100407176C/zh not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07152837A (ja) * | 1993-09-17 | 1995-06-16 | At & T Corp | スマートカード |
Also Published As
Publication number | Publication date |
---|---|
US7814557B2 (en) | 2010-10-12 |
EP1739563A1 (en) | 2007-01-03 |
CN1947104A (zh) | 2007-04-11 |
CN100407176C (zh) | 2008-07-30 |
JP3947528B2 (ja) | 2007-07-25 |
KR100849380B1 (ko) | 2008-07-31 |
JP2005309779A (ja) | 2005-11-04 |
EP1739563A4 (en) | 2009-02-18 |
US20080134341A1 (en) | 2008-06-05 |
KR20060134222A (ko) | 2006-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005103910A1 (ja) | Icカード及びアクセス制御方法 | |
US10142324B2 (en) | Method for reading attributes from an ID token | |
JP5517314B2 (ja) | ソフトトークンを生成する方法、プログラム及びコンピュータシステム | |
EP3839720B1 (en) | Mobile credential revocation | |
ES2714177T3 (es) | Procedimiento para leer atributos desde un código de identidad-ID | |
WO2005103911A1 (ja) | Icカード及び権限委譲制御方法 | |
US8707415B2 (en) | Method for storing data, computer program product, ID token and computer system | |
US9847883B2 (en) | Revocation status using other credentials | |
JP2003524252A (ja) | デジタル署名を用いたプログラムによるリソースへのアクセス制御 | |
KR20120048553A (ko) | 아이디 토큰으로부터 속성을 읽기 위한 방법 | |
WO2007094165A1 (ja) | 本人確認システムおよびプログラム、並びに、本人確認方法 | |
KR20230044953A (ko) | 블록체인의 계정인증을 통해 파일을 관리하기 위한 컴퓨팅 방법 및 시스템 | |
JP2008090701A (ja) | 認証アクセス制御システム及びこれに使用するアドインモジュール | |
JP3887234B2 (ja) | コマンド実行権限譲渡方法及びシステム | |
JP2000286840A (ja) | アクセス制御システム | |
JP2005250636A (ja) | Icカード |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 200580012522.2 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005734139 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020067024404 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1020067024404 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2005734139 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11578974 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 11578974 Country of ref document: US |