WO2005103911A1 - Icカード及び権限委譲制御方法 - Google Patents

Icカード及び権限委譲制御方法 Download PDF

Info

Publication number
WO2005103911A1
WO2005103911A1 PCT/JP2005/007642 JP2005007642W WO2005103911A1 WO 2005103911 A1 WO2005103911 A1 WO 2005103911A1 JP 2005007642 W JP2005007642 W JP 2005007642W WO 2005103911 A1 WO2005103911 A1 WO 2005103911A1
Authority
WO
WIPO (PCT)
Prior art keywords
authority
file
access
value
rights
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2005/007642
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Ken Sakamura
Noboru Koshizuka
Kazuhiko Ishii
Masayuki Terada
Kensaku Mori
Sadayuki Hongo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Priority to US11/578,728 priority Critical patent/US20070204148A1/en
Priority to EP05734669A priority patent/EP1739564A4/en
Publication of WO2005103911A1 publication Critical patent/WO2005103911A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to an IC card capable of setting an access right that can be delegated to another person to an internally created right-value file, and a method of controlling the transfer of the access right.
  • Patent Document 1 JP 2003-198541
  • the present invention has been made to solve the above problems, and provides an IC card and an authority transfer control method that can improve access convenience while maintaining security. Aim.
  • an IC card has an authority indicating that all or a part of the access authority set for an e-rights file is to be transferred to a designated authority transfer destination.
  • Certificate presenting means for presenting the certificate data, authentication means for verifying the presented authority transfer certificate data when the authority transfer certificate data is presented, and verification result of the authority transfer certificate data being normal Is an operation for controlling the operation of the rights / value file by a person who has presented the authority transfer certificate data based on the access authority transfer contents indicated in the authority transfer certificate data. And control means.
  • the IC card having the above configuration can perform the characteristic operation of the present invention as a rights-value issuer, a rights-value holder (a person holding a rights-value file), and an authority transfer destination. That is, the right to indicate that the certificate issuing means of the IC card, which is the right value issuer, transfers all or a part of the access right set for the right value file to the designated authority transfer destination.
  • the certificate holding means of the IC card to which the authority is to be transferred receives and holds the issued authority transfer certificate data.
  • the certificate presenting means of the authority delegation presents the authority delegation certificate data at the time of mutual authentication with the IC card as the holder of the rights and values
  • the verification means of the holder of the rights and values is presented. Verify the authority transfer certificate data.
  • the operation control means of the e-rights holder holds the authority transfer certificate based on the delegated access authority indicated in the authority transfer certificate data. Controls the operation on the e-rights-value file by the person who presented the certificate data (authority transferee).
  • the authority transferee can operate on the right-value file in accordance with the access right transfer contents indicated in the right transfer certificate data.
  • the rights issuer can also make the authority transferee operate the rights-value file according to the delegation of the access authority indicated in the authority transfer certificate data issued by the self-issuer.
  • the IC card creates a rights-value file in response to a request for creating a rights-value file of a communication partner, with the communication partner as a rights-value issuer.
  • File creation means file access right setting means for setting access rights to the created right-value file in response to an access right setting request from the right-value issuer, and
  • a certificate issuing means for issuing authority transfer certificate data indicating that all or a part of the access authority set in response to the access authority setting request is to be transferred to the specified authority transfer destination, and
  • the certificate holding means for receiving and holding the issued authority transfer certificate data as an authority transfer destination and the mutual relationship between the authority value creator who created the authority value file
  • a means for presenting the held delegation certificate data as a delegated authority and mutual authentication between the delegated authority as a right value creator Based on the authentication means for verifying the authority transfer certificate data presented by the transferee and the access authority for the set authority value file, the operation on the authority value file
  • the IC card as the e-value creator responds to the e-value file creation request from the communication partner with the communication partner as the e-rights issuer.
  • a file creation step of creating a file on the IC card, and the right-value creator sets an access right to the created right-value file in response to an access right setting request from the right-value issuer.
  • Authorization transfer certificate indicating that the file access authority setting step and the authority / rights issuer delegate all or a part of the access authority set in response to the access authority setting request to the designated authority transfer destination.
  • the IC card which is the creator of the e-rights / e-mail, responds to the request for creating the e-rights value file from the communication partner and sets the e-rights file as the eligibility issuer for the communication partner. Can be created on an IC card.
  • the e-rights creator can also set the access authority to the e-value file created in response to the access authority setting request from the e-rights issuer.
  • the rights-value issuer issues all or one of the access rights set in response to his / her own access rights setting request.
  • the authority delegation destination receives and holds the issued authority delegation certificate data.
  • the delegation destination presents the held delegation certificate data at the time of mutual authentication with the right value creator.
  • the presented value creator verifies the presented authority transfer certificate data at the time of mutual authentication with the authority transferee.
  • the creator of the right and value replaces the set access authority with one based on the delegation contents of the access authority indicated in the authority transfer certificate data.
  • the e-rights issuer also causes the delegation destination to operate the e-rights-value file according to the delegation contents of the access authority indicated in the authority delegation certificate data issued by itself. It becomes possible.
  • the IC card according to the present invention is characterized by a configuration as an e-rights creator, particularly a configuration of an operation control unit. That is, the IC card according to the present invention comprises a file creation means for creating an e-value file in response to an e-value file creation request from a communication partner, with the communication partner as an e-value issuer; File access right setting means for setting the access right to the created rights / value file in response to the access right setting request of the above; Authentication means for performing mutual authentication with the delegation authority delegated from the value issuer, and verifying the delegation certificate data indicating the delegation content presented by the delegation authority; and Based on the access rights to the rights-value file, the operations on the rights-value file are controlled, and the authority transfer certificate data is In the case where the verification result is normal, an operation control for controlling the operation of the right delegation destination on the right-value file based on the delegation content of the access right indicated in the right delegation certificate data instead of the access right Means.
  • the operation control means controls the operation on the right-value file based on the set right of access to the right-value file, and verifies the authority transfer certificate data by the authentication means.
  • the operation of the right transfer destination by the right transfer destination is controlled based on the delegation contents of the access right indicated in the right transfer certificate data.
  • the invention's effect according to the present invention, by setting an access right in advance to an e-rights file, the authority of the access authority to the e-rights file can be freely transferred while maintaining the security (security) of the entire system. By doing so, the convenience of access can be improved.
  • FIG. 1 is a functional block diagram showing a configuration of an IC card according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating a configuration example of an access control list setting unit.
  • FIG. 3 is a diagram showing an example of an access control list of a folder.
  • FIG. 4 is a diagram showing an example of an access control list of each file in a folder 1.
  • FIG. 5 is a diagram showing an example of authority transfer certificate data.
  • FIG. 6 is a chart for explaining a series of processes related to authority transfer control.
  • FIG. 1 is a functional block diagram showing a configuration of three IC cards 10 (IC cards A to C) according to the present embodiment.
  • IC cards A to C IC cards
  • a description will be given of a processing example in which the IC card A operates as an e-value issuer, the IC card B operates as an e-value delegate, and the IC card C operates as an e-value creator.
  • each IC card has all the components necessary to operate as an e-rights issuer, e-rights delegate, and e-value creator.
  • each IC card 10 responds to a request for creation of an e-value file from a communication partner and designates the communication partner as an e-rights issuer and an e-value file (hereinafter referred to as an e-value file).
  • a file creator 16 that simply creates and holds a “file” t ⁇ ⁇ ), and a rights issuer
  • the access control list setting unit 17 sets and holds the access right to the created file as an access control list described later in response to the request for setting the access right, and sets the own access right as a rights issuer.
  • a certificate issuing unit 11 that issues authority transfer certificate data 12A indicating that all or part of the access authority set in response to the request is transferred to the designated authority
  • a certificate that presents the held authority transfer certificate data 12A when performing mutual authentication between the certificate holding unit 12 that receives and holds the authority transfer certificate data 12A and the rights creator that created the file.
  • Mutual authentication between the communication partner including the certificate presentation unit 13 and a certificate verification unit 14A that verifies the authority transfer certificate data 12A presented by the communication partner as the authority transfer destination
  • the operation control unit 15 for controlling the operation on the file by the delegation destination is configured!
  • the IC card 10 has a plurality of IC cards having the same configuration. Each IC card 10 is assigned unique identification information (hereinafter, referred to as “i D ”) in advance.
  • the authentication unit 14 stores an ID certificate (not shown) for proving the ID.
  • a new file can be created in each IC card 10.
  • the created file is added with! / ⁇ ⁇ rights / value issuer information (hereinafter “issuer ID”) indicating who requested the file creation.
  • the e-rights issuer restricts access to the file (in this case, copy / transfer) for access from anyone other than itself. can do. That is, the e-rights issuer can set an access control list of the file at the time of creating the file, which restricts whether or not anyone other than itself can execute the copy Z transfer of the file.
  • copying corresponds to issuing a coupon. Except in special cases, copying is set to "impossible".
  • the file access control list 17B includes information indicating whether or not copying is permitted for each file such as file 1 and file 2, and permitting transfer. Or Information indicating whether or not the information is issued and issuer information are stored.
  • the access control list 17B of this file is set and held by the access control list setting unit 17.
  • IC card C in response to an e-rights value creation request and an access authority setting request from IC card A as the e-rights issuer, IC card C creates and holds file 1 as the e-rights creator.
  • the access control list 17B of the file 1 is set and retained.
  • the IC card C can restrict another IC card from creating, reading, and transferring the file to the IC card C.
  • IC card C can set a folder that contains one or more files held by itself, and other IC cards create files in the folder for the set folder.
  • creation corresponds to, for example, transfer of the right value
  • reading corresponds to the inquiry of the balance of the right value.
  • the folder access control list 17A includes information indicating whether or not reading is permitted for each folder, such as folder 1 and folder 2, and creation permission. Information indicating whether the transfer is permitted and information indicating whether the transfer is permitted are stored. As shown in FIG. 2, the folder access control list 17A is stored in the access control list setting unit 17 in association with the file access control list 17B for each folder.
  • FIG. 5 shows an example of the authority transfer certificate data 12A.
  • the authority transfer certificate data 12A includes the ID of the IC card of the authority transfer source (here, the ID “00006” of the IC card A) and the ID of the IC card of the transfer authority (here, the IC card B ID “00002”), delegated access rights (in this case, “read: permitted”, “copy: not permitted”, “transfer: permitted”) indicating the delegated contents, and the signature of the delegating authority (here, the IC card) A's signature).
  • the IC card A operates as the e-rights-value issuer
  • the IC card B operates as the e-value delegate
  • the IC card C operates as the e-value creator
  • the IC card A (equity and value issuer) requests the IC card C (equity and value creator) so that the file 1 is stored in the IC card C.
  • the process for creating a will be described. That is, in the SI, the ID certificates are mutually presented between the IC cards A and C, and the mutual authentication is performed in accordance with the conventionally known PKI mechanism.
  • IC card A sends a request for creating file 1 and a request for setting access authority to file 1 to IC card C (S3).
  • the IC card C creates and holds the file 1 by the file creating unit 16 and sets the access control list of the file 1 by the access control list setting unit 17 in response to the request.
  • IC card C has created file 1 in folder 1 containing existing file 2.
  • the access control list for folder 1 is set to “read: permit”, “create: permit”, and “transfer: permit”.
  • the access control list for file 1 is set to "read: not available”, “copy: not available”, and "transfer: not available”.
  • the IC card C When the file creation and the setting of the access control list are completed, the IC card C notifies the IC card A that the file creation has been successful (S4).
  • steps S10 to S19 a description will be given of a process when reading the file 1 in the IC card C after the authority is transferred from the IC card B to the IC card A.
  • the IC card A which is the issuer of the right value (file 1), creates authority transfer certificate data for the IC card B of the authority transfer destination (S10).
  • the IC card A sends the created authority transfer certificate data to the IC card B (S11), and the IC card B holds the authority transfer certificate data in the certificate holding unit 12 (see FIG. 1).
  • the ID certificates are mutually presented between the IC cards B and C, and the mutual authentication is performed in accordance with the conventionally known PKI mechanism.
  • the IC card B presents the authority transfer certificate data to the IC card C (S14).
  • the presented IC card C verifies the authority transfer certificate data (S15).
  • IC card B attempts to read file 1 in IC card C (S17). Specifically, a request to read file 1 is transmitted to IC card C.
  • the IC card C receiving this request checks the access right of the file 1 and the access right of the folder 1 including the file 1 in the authority transfer certificate data (S18).
  • the operation on the file 1 is controlled based on the preset access right to the file 1. If the result of the verification of the authority transfer certificate data is normal, instead of the above access right, the authority transfer destination (IC card B ) Controls operations on file 1. This makes it possible to freely delegate access rights to files while maintaining the security (security) of the entire system, making file access more convenient. Performance can be improved.
  • the present invention uses an IC card that can set an access right that can be delegated to another person and a method of controlling the delegation of the access right to an internally created right-value file, while maintaining security, This improves the convenience of access.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
PCT/JP2005/007642 2004-04-21 2005-04-21 Icカード及び権限委譲制御方法 Ceased WO2005103911A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/578,728 US20070204148A1 (en) 2004-04-21 2005-04-21 Ic Card And Authority Transfer Control Method
EP05734669A EP1739564A4 (en) 2004-04-21 2005-04-21 CHIP CARD AND AUTHORITY TRANSFER TAX PROCEDURE

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004126046A JP2005309780A (ja) 2004-04-21 2004-04-21 Icカード及び権限委譲制御方法
JP2004-126046 2004-04-21

Publications (1)

Publication Number Publication Date
WO2005103911A1 true WO2005103911A1 (ja) 2005-11-03

Family

ID=35197163

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/007642 Ceased WO2005103911A1 (ja) 2004-04-21 2005-04-21 Icカード及び権限委譲制御方法

Country Status (6)

Country Link
US (1) US20070204148A1 (enExample)
EP (1) EP1739564A4 (enExample)
JP (1) JP2005309780A (enExample)
KR (1) KR20070012505A (enExample)
CN (1) CN100419717C (enExample)
WO (1) WO2005103911A1 (enExample)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1873728B1 (en) * 2006-06-29 2013-11-27 Incard SA Method for configuring an IC Card in order to receive personalization commands
US8060931B2 (en) 2006-09-08 2011-11-15 Microsoft Corporation Security authorization queries
US8201215B2 (en) * 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US8656503B2 (en) 2006-09-11 2014-02-18 Microsoft Corporation Security language translations with logic resolution
US8938783B2 (en) 2006-09-11 2015-01-20 Microsoft Corporation Security language expressions for logic resolution
JP2010198351A (ja) * 2009-02-25 2010-09-09 Fujitsu Ltd 権利付コンテンツ管理装置
CN101610256B (zh) * 2009-07-14 2012-08-22 中国联合网络通信集团有限公司 许可信息转让请求、转让及受让方法和装置
KR20110024435A (ko) * 2009-09-02 2011-03-09 삼성전자주식회사 제어 디바이스, 피제어 디바이스, 제어 시스템, 그리고 제어권한 제공방법
ITBS20120101A1 (it) 2012-07-05 2014-01-06 Amadio Avagliano Struttura di carta di pagamento e relativo dispositivo di lettura
CN103679045A (zh) * 2012-09-10 2014-03-26 鸿富锦精密工业(深圳)有限公司 文件安全性控制系统及方法
US8843741B2 (en) * 2012-10-26 2014-09-23 Cloudpath Networks, Inc. System and method for providing a certificate for network access
JP6738022B2 (ja) * 2017-03-28 2020-08-12 富士通クライアントコンピューティング株式会社 情報処理装置、情報処理方法および情報処理プログラム

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163235A (ja) * 2000-11-28 2002-06-07 Mitsubishi Electric Corp アクセス権限譲渡装置、共有リソース管理システム及びアクセス権限設定方法

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4837422A (en) * 1987-09-08 1989-06-06 Juergen Dethloff Multi-user card system
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5557518A (en) * 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
EP0583006B2 (en) * 1992-08-13 2006-11-29 Matsushita Electric Industrial Co., Ltd. IC card with hierarchical file structure
US5526428A (en) * 1993-12-29 1996-06-11 International Business Machines Corporation Access control apparatus and method
JP3614480B2 (ja) * 1994-11-18 2005-01-26 株式会社日立製作所 電子チケット販売・払戻システム及びその販売・払戻方法
JPH10105472A (ja) * 1996-09-30 1998-04-24 Toshiba Corp メモリのアクセス管理方法
DE19839847A1 (de) * 1998-09-02 2000-03-09 Ibm Speichern von Datenobjekten im Speicher einer Chipkarte
US6567915B1 (en) * 1998-10-23 2003-05-20 Microsoft Corporation Integrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
JP4201107B2 (ja) * 2001-04-06 2008-12-24 日本電信電話株式会社 埋め込み型権限委譲方法
US20030076957A1 (en) * 2001-10-18 2003-04-24 Nadarajah Asokan Method, system and computer program product for integrity-protected storage in a personal communication device
JP2004013438A (ja) * 2002-06-05 2004-01-15 Takeshi Sakamura 電子価値データ通信方法、通信システム、icカード及び携帯端末
JP4129783B2 (ja) * 2002-07-10 2008-08-06 ソニー株式会社 リモートアクセスシステム及びリモートアクセス方法
CN2585316Y (zh) * 2002-11-05 2003-11-05 云航(天津)国际贸易有限公司 一种ic卡计算机防护装置

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163235A (ja) * 2000-11-28 2002-06-07 Mitsubishi Electric Corp アクセス権限譲渡装置、共有リソース管理システム及びアクセス権限設定方法

Also Published As

Publication number Publication date
EP1739564A1 (en) 2007-01-03
CN100419717C (zh) 2008-09-17
US20070204148A1 (en) 2007-08-30
CN1947103A (zh) 2007-04-11
JP2005309780A (ja) 2005-11-04
EP1739564A4 (en) 2009-08-26
KR20070012505A (ko) 2007-01-25

Similar Documents

Publication Publication Date Title
JP4350549B2 (ja) デジタル著作権管理のための情報処理装置
US10608828B2 (en) Revocation status using other credentials
US9311470B2 (en) Method and system for authenticating a user
EP3460692A1 (en) Identity management for implementing vehicle access and operation management
JP5517314B2 (ja) ソフトトークンを生成する方法、プログラム及びコンピュータシステム
US8499147B2 (en) Account management system, root-account management apparatus, derived-account management apparatus, and program
US8707415B2 (en) Method for storing data, computer program product, ID token and computer system
JP2016032247A (ja) 認証局装置、認証局プログラム、及び認証局運用方法
US20250139258A1 (en) Encrypted verifiable credentials
WO2005103911A1 (ja) Icカード及び権限委譲制御方法
JP3947528B2 (ja) Icカード及びアクセス制御方法
JP5531521B2 (ja) 文書管理システム、文書操作装置及びプログラム
JP2006262393A (ja) 耐タンパ装置およびファイル生成方法
JP2009181598A (ja) デジタル著作権管理のための情報処理装置
KR20230044953A (ko) 블록체인의 계정인증을 통해 파일을 관리하기 위한 컴퓨팅 방법 및 시스템
JP7776051B1 (ja) 情報処理装置、システム、情報処理装置の制御方法及びプログラム
JP2008090701A (ja) 認証アクセス制御システム及びこれに使用するアドインモジュール
JP2007011535A (ja) データファイル保護装置
Adam Comments and Dispositions on the July 2012 Draft of FIPS 201-2

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005734669

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 200580012519.0

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 1020067024414

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005734669

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067024414

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 11578728

Country of ref document: US

Ref document number: 2007204148

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 11578728

Country of ref document: US