WO2011016349A1 - 情報処理装置、情報処理方法、操作端末および情報処理システム - Google Patents
情報処理装置、情報処理方法、操作端末および情報処理システム Download PDFInfo
- Publication number
- WO2011016349A1 WO2011016349A1 PCT/JP2010/062434 JP2010062434W WO2011016349A1 WO 2011016349 A1 WO2011016349 A1 WO 2011016349A1 JP 2010062434 W JP2010062434 W JP 2010062434W WO 2011016349 A1 WO2011016349 A1 WO 2011016349A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- unit
- transmission
- request
- security level
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/4104—Peripherals receiving signals from specially adapted client devices
- H04N21/4126—The peripheral being portable, e.g. PDAs or mobile phones
- H04N21/41265—The peripheral being portable, e.g. PDAs or mobile phones having a remote control device for bidirectional communication between the remote control device and client device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/02—Power saving arrangements
- H04W52/0209—Power saving arrangements in terminal devices
- H04W52/0212—Power saving arrangements in terminal devices managed by the network, e.g. network or access point is master and terminal is slave
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- the present invention relates to an information processing apparatus, an information processing method, an operation terminal, and an information processing system.
- the specification of ZigBee (registered trademark) is approved by ZigBee (registered trademark) Alliance as version 1.0.
- IEEE (registered trademark) 802.15.4 is compiled by the IEEE (registered trademark) standardization committee as specifications of a physical layer and a MAC (Media Access Control) layer.
- the RF remote control standard ZigBee (registered trademark) RF4CE (Radio Frequency for Consumer Electronics) v1.0 spec is standardized by an industry group.
- a key (Encryption key) is shared. This key is used mainly when transmitting operation information, credit card information, and the like from the remote control to the television, and a third party who does not know the key cannot intercept this information.
- an information processing device such as a television receives a key transmission request from a remote controller (hereinafter also referred to as an “operation terminal”)
- the number of key divisions (Key Fragment) described in the key transmission request is equal to the number of split keys (Key Fragment).
- the remote controller that has received the split key obtains a final key by taking an exclusive OR of all elements.
- an eavesdropper who has a wall between the information processing device and the remote control has a poor propagation path for radio waves transmitted and received between the information processing device and the remote control. The key cannot be received without error, and the key cannot be obtained.
- the remote controller determines the number of key divisions as described above, the probability that an eavesdropper will fail to receive the division key depends on the number of key divisions determined on the remote control side. That is, it can be said that the strength of communication safety between the remote controller and the information processing apparatus is determined by the number of key divisions.
- the remote controller has a problem that the safety of communication cannot be maintained if the number of key divisions is kept small in response to demands such as battery saving and calculation amount reduction.
- it is generally an information processing device that grasps the importance of operation information input by the user, and there is an imbalance in the right to determine the strength of safety. There was a problem.
- an object of the present invention is to provide an information processing system in which a key is divided according to the number of key divisions designated by the operation terminal and the information processing apparatus returns. Therefore, it is an object of the present invention to provide a new and improved technique capable of giving an information processing apparatus the right to determine the safety strength of communication between an operation terminal and the information processing apparatus.
- a storage unit that stores a key used for encrypting or decrypting data, and a key transmission including a key division number by a radio signal from an operation terminal
- a reception unit that receives a request, a key transmission request acquisition unit that acquires a key transmission request from a radio signal received by the reception unit, and a security level at the time of transmitting a key to the operation terminal is determined as a transmission security level A security level determination unit; a transmission power determination unit that determines transmission power according to the transmission security level determined by the security level determination unit and the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit;
- the key acquisition unit that acquires each split key by dividing the key stored in the storage unit into the number of key splits, and the transmission power determination unit
- the storage unit further stores the first key division number and the first security level
- the transmission power determination unit acquires the first key division number and the first security level stored in the storage unit, and the security level.
- the storage unit further stores the second key division number and the second security level
- the transmission power determination unit acquires the second key division number and the second security level stored by the storage unit, and
- the transmission security level determined by the determination unit is less than or equal to the second security level and the second condition that the number of key divisions included in the key transmission request is greater than or equal to the second key division number is satisfied
- the transmission power May be determined as a value larger than the transmission power used when the second condition is not satisfied.
- the information processing apparatus further includes a processing request acquisition unit and a processing execution unit, and the receiving unit encrypts the processing request using a key generated by the operation terminal based on each split key after receiving the key transmission request.
- the encrypted processing request obtained from the operation terminal is further received from the operation terminal by a wireless signal, the processing request acquisition unit acquires the encrypted processing request from the wireless signal received by the receiving unit, and the processing execution unit is a storage unit.
- the encrypted process request may be decrypted using the key stored in step, and the process may be executed in accordance with the process request obtained by decryption.
- the transmission power determination unit registers the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit in the storage unit.
- An encrypted processing request obtained by encrypting a processing request using a key generated by taking an exclusive OR with the wireless signal received from the wireless signal received by the receiving unit, and the processing executing unit stores it in the storage unit Encryption using a key generated by exclusive-ORing every divided key obtained by dividing the stored key into the number of key divisions stored by the storage unit
- the request may be decrypted, and the process may be executed according to the processing request obtained by decrypting the request.
- the storage unit may further store an application that is started in order for the process execution unit to execute the process, and the security level determination unit may determine the transmission security level according to the type of application.
- the information processing apparatus further includes a pairing request acquisition unit, a pairing processing unit, and a key requesting terminal determination unit, and the receiving unit is model identification information for identifying the model of the operation terminal before receiving the key transmission request.
- a pairing request including the operation terminal identification information for identifying the operation terminal is further received from the operation terminal by a radio signal, and the pairing request acquisition unit acquires the pairing request from the radio signal received by the reception unit
- the pairing processing unit stores the operation terminal identification information as communication-permitted terminal information.
- the key requesting terminal determination unit stores the operation terminal identification information included in the key transmission request acquired by the key transmission request acquisition unit in the storage unit as communication-permitted terminal information.
- the transmission unit determines whether or not the operation terminal identification information included in the key transmission request is registered in the storage unit as communication-permitted terminal information by the key request terminal determination unit.
- the split keys may not be transmitted to the operation terminal by radio signals.
- the pairing processing unit When the pairing request further includes performance information indicating the performance of the operation terminal, the pairing processing unit further registers the performance information in association with the communication-permitted terminal information, and the security level determination unit The transmission security level may be determined according to the performance information associated with the information and registered in the storage unit.
- the transmission power determination unit registers the key division number included in the key transmission request acquired by the key transmission request acquisition unit and the determined transmission power in the storage unit as the previous key division number and the previous transmission power, respectively, and the processing execution unit When the decryption of the encrypted processing request fails, the key division number included in the key transmission request acquired by the key transmission request acquisition unit is acquired again, and is registered in the acquired key division number and the storage unit.
- a difference value from the previous key division number may be calculated, and when the calculated difference value is equal to or less than a predetermined value, it may be determined as a value larger than the previous transmission power registered in the storage unit.
- the storage unit may further store environment identification information for identifying the environment in which the device is installed, and the security level determination unit may determine the transmission security level according to the environment identification information.
- the security level determination unit may determine the transmission security level according to the reception power of the radio signal when the reception unit receives the key transmission request by the radio signal.
- the information processing apparatus further includes a display unit and a display control unit, and the display control unit includes a transmission security level determined by the security level determination unit and a key division number included in the key transmission request acquired by the key transmission request acquisition unit. At least one of the transmission power determined by the transmission power determination unit may be displayed on the display unit.
- the safety of communication between the operation terminal and the information processing apparatus It is possible to give the information processing apparatus the right to determine the strength of sex.
- First embodiment 1-1 Application example of information processing system 1-2. Transmission of key transmission request and split key 1-3. When the split key is successfully transmitted 1-4. When transmission of split key fails 1-5. Configuration of information processing apparatus 1-6. Configuration of operation terminal 1-7. Configuration example of correspondence information held by information processing apparatus 1-8. Flow of processing executed by information processing system 1-9. 1. Flow of processing executed by information processing apparatus Modification 3 Summary
- FIG. 1 is a diagram illustrating an application example of the information processing system according to the present embodiment. With reference to FIG. 1 (refer to other figures as appropriate), an application example of the information processing system according to the present embodiment will be described.
- the information processing system 10 includes an information processing apparatus 100 and an operation terminal 200.
- the information processing apparatus 100 receives a radio signal TE using radio waves from the operation terminal 200, performs processing according to a request included in the received radio signal TE, and returns the processing result to the operation terminal 200 including the radio signal RE1 using radio waves.
- the information processing apparatus 100 is assumed to be a television, for example, but is not limited to the television.
- the information processing apparatus 100 has a function of receiving a radio signal TE from the operation terminal 200, performing processing according to a request included in the received radio signal TE, and including a processing result in the radio signal RE1 and returning it to the operation terminal 200
- it may be a television program recording / playback device.
- the operation terminal 200 accepts input of operation information by the user U, generates a request based on the operation information accepted, and transmits the generated request to the information processing apparatus 100 by including the generated request in the radio signal TE. . Further, the operation terminal 200 receives the radio signal RE1 from the information processing apparatus 100 as a reply to the radio signal TE.
- the operation terminal 200 is assumed to be, for example, an RF remote controller as described above, but is not particularly limited to the RF remote controller.
- the operation terminal 200 receives an input of operation information, includes a function based on the operation information included in the radio signal TE, and transmits the request to the information processing apparatus 100 or a response to the radio signal TE from the information processing apparatus 100 as the radio signal RE1. As long as it has a function of receiving.
- the operation terminal 200 and the user U wish to prevent the operation information input by the user U from being read by the operation terminal RC owned by the interceptor B from being misused.
- Key sharing is performed with the information processing apparatus 100.
- this key is used mainly when transmitting operation information, credit card information, and the like from the operation terminal 200 to the information processing apparatus 100.
- Interceptor B who does not know cannot be intercepted.
- the information processing apparatus 100 When the information processing apparatus 100 receives the key transmission request from the operation terminal 200 by the radio signal TE, the information processing apparatus 100 transmits the divided key obtained by dividing the key into the number of key divisions included in the key transmission request to the operation terminal 200. To do.
- the operation terminal 200 that has received the split key receives all the split keys, and acquires the keys based on all the received split keys.
- an operation terminal RC owned by an eavesdropper B that exists between the information processing apparatus 100 and the operation terminal 200 with a wall W or the like is transmitted and received between the information processing apparatus 100 and the operation terminal 200. Since the radio wave propagation path is not good, all these split keys cannot be received without error, and the keys cannot be acquired.
- the operation terminal RC owned by the interceptor B has successfully read the key by receiving the radio signal RE2 from the information processing apparatus 100, information such as operation information and credit card information is intercepted. It will be possible.
- the interceptor B exists in the room R2 adjacent to the wall R with the room R1 in which the user U exists, but is not limited to such a case. Can be anywhere. For example, the interceptor B may exist outside a house where the user U exists.
- the probability that the operation terminal RC owned by the interceptor B fails to receive the division key depends only on the number of key divisions determined on the operation terminal 200 side. Become. That is, it can be said that the strength of communication safety between the operation terminal 200 and the information processing apparatus 100 is determined by the number of key divisions. However, the safety of the remote control cannot be maintained when the number of key divisions is kept small in response to requests such as battery saving and reduction in calculation amount. In practice, it is generally the information processing apparatus 100 that grasps the importance of the operation information input from the user U, and an imbalance arises in the right to determine the strength of safety.
- the information processing apparatus 100 that the information processing apparatus 100 replies by dividing the key according to the number of key divisions specified by the operation terminal 200, the safety of communication between the operation terminal 200 and the information processing apparatus 100.
- a technique that makes it possible for the information processing apparatus 100 to have the right to determine the strength of the information will be described. Further, although it is described that a non-encrypted plaintext bit string is used for the key itself, an encrypted key may be used.
- the transmission power used by the information processing apparatus 100 to transmit the division key is reduced. It is assumed that control is performed. By reducing the transmission power, even if the number of key divisions designated from the operation terminal 200 is small, there is a transmission error before the division key reaches the operation terminal RC owned by the interceptor B from the information processing apparatus 100. Can increase the probability of occurrence. That is, it is possible to reduce the probability that the key is stolen by the interceptor B.
- the transmission power is reduced too much, the possibility that a key transmission error will occur between the information processing apparatus 100 and the operation terminal 200 corresponding to a desired communication partner will increase more than necessary. . As a result, the key cannot be correctly transmitted from the information processing apparatus 100 to the operation terminal 200.
- the transmission power used when transmitting the division key may be increased. . Thereby, the information processing apparatus 100 can transmit the key to the operation terminal 200 more reliably.
- the information processing apparatus 100 transmits the next key to be transmitted. It is also possible to increase the power and increase the probability of successful key transmission.
- FIG. 2 is a diagram for explaining transmission of a key transmission request and a split key. With reference to FIG. 2 (refer to other figures as appropriate), transmission of a key transmission request and a split key will be described.
- the operation terminal 200 transmits a key transmission request including N as the number of key divisions to the information processing apparatus 100.
- the information processing apparatus 100 transmits the divided keys (divided keys F1, F2,... FN) obtained by dividing the key into N pieces to the operation terminal 200.
- the operating terminal RC owned by the interceptor B also tries to receive the split key (split keys F1, F2,... FN).
- the operation terminal 200 succeeds in receiving the split key (split keys F1, F2,... FN).
- the operating terminal RC fails to receive part or all of the split keys (split keys F1, F2,... FN).
- FIG. 2 shows an example in which reception of the split key FN-2 fails.
- FIG. 3 is a diagram for explaining an example when transmission of a split key is successful. With reference to FIG. 3 (refer to other figures as appropriate), an example in the case of successful transmission of the split key will be described.
- split keys F1, F2,... FN split keys F1, F2,... FN
- the information processing apparatus 100 and the operation terminal 200 hold the same split key (split keys F1, F2,... FN). If the information processing apparatus 100 and the operation terminal 200 hold the same split key (split keys F1, F2,... FN), the same key may be generated based on the split keys (split keys F1, F2,... FN).
- the information processing apparatus 100 and the operation terminal 200 can share the same key (shared key).
- FIG. 1 split keys F1, F2,... FN
- FIG. 3 shows an example in which the information processing apparatus 100 and the operation terminal 200 generate a key by taking an exclusive OR for each bit of a split key (split keys F1, F2,... FN).
- split keys F1, F2,... FN split keys
- the method of generating the key is not limited to the technique of taking the exclusive OR.
- FIG. 4 is a diagram for explaining an example when transmission of a split key fails. With reference to FIG. 4 (refer to other figures as appropriate), an example in the case where transmission of the split key fails will be described.
- FIG. 2 shows an example in which the information processing apparatus 100 and the operation terminal RC generate a key by taking an exclusive OR for each bit of the split key. It is not limited to the technique of taking a logical OR.
- FIG. 5 is a diagram illustrating a configuration of the information processing apparatus according to the present embodiment. With reference to FIG. 5 (refer to other figures as appropriate), the configuration of the information processing apparatus according to the present embodiment will be described.
- the information processing apparatus 100 includes at least a reception unit 110, a control unit 130, a storage unit 140, and a transmission unit 160.
- the information processing apparatus 100 includes a reception control unit 120, a transmission control unit 150, a display unit 170, and the like as necessary.
- control unit 130 includes at least a request acquisition unit 131, a security level determination unit 133, a transmission power determination unit 134, and a key acquisition unit 135, and a key request terminal determination unit as necessary. 132, a pairing processing unit 136, a processing execution unit 137, a display control unit 139, and the like.
- the control unit 130 is configured by, for example, a CPU (Central Processing Unit), a RAM (Random Access Memory), etc., reads a program stored in the storage unit 140, expands the program in the RAM, and executes the program expanded in the RAM. This function is realized.
- the control unit 130 may be configured by dedicated hardware, for example.
- the request acquisition unit 131 includes at least a key transmission request acquisition unit 1311 and includes a pairing request acquisition unit 1312 and a processing request acquisition unit 1313 as necessary.
- the receiving unit 110 is configured by an antenna or the like, and receives a radio signal from the operation terminal 200.
- the reception unit 110 receives a key transmission request including the number of key divisions from the operation terminal 200 using a radio signal.
- the number of key divisions may be set at a predetermined position of the key transmission request, for example.
- the predetermined position of the key transmission request is not particularly limited, and may be at the head of the key transmission request or after a predetermined bit from the head of the key transmission request.
- the reception control unit 120 converts the radio signal received by the receiving unit 110 from a high frequency signal to a baseband signal by down-conversion as necessary, and demodulates the frequency-converted baseband signal. In addition, when the control unit 130 performs processing using a digital signal, the reception control unit 120 converts an analog signal obtained by demodulation into a digital signal.
- the storage unit 140 is configured by a storage device such as an HDD (Hard Disk Drive), and stores correspondence information 141 and a key 142 used for encrypting or decrypting data.
- the control unit 130 is configured by a CPU (Central Processing Unit), a RAM (Random Access Memory), or the like, it is used when a program to be executed by the control unit 130 or a program by the control unit 130 is executed. It has a function of storing various data.
- the key transmission request acquisition unit 1311 acquires a key transmission request from the radio signal received by the reception unit 110.
- the method by which the key transmission request acquisition unit 1311 acquires the key transmission request is not particularly limited.
- the value acquired by the request acquisition unit 131 at a predetermined position of the radio signal received by the reception unit 110 When is a value indicating a key transmission request, it is possible to obtain a radio signal extracted as a key transmission request.
- the security level determination unit 133 determines a security level at the time of transmitting a key to the operation terminal 200 as a transmission security level. The determination of the transmission security level by the security level determination unit 133 will be described later.
- the transmission power determination unit 134 determines transmission power according to the transmission security level determined by the security level determination unit 133 and the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit 1311. is there.
- the key acquisition unit 135 acquires each divided key by dividing the key 142 stored in the storage unit 140 into the number of key divisions.
- dividing the key 142 into the number of key divisions for example, it is assumed that the key 142 is equally divided into the number of key divisions. However, if the information processing apparatus 100 and the operation terminal 200 are divided based on the same algorithm, it is not necessary to perform equal division.
- the transmission unit 160 includes an antenna that is the same as or different from that of the reception unit 110, and operates each split key acquired by the key acquisition unit 135 using the transmission power determined by the transmission power determination unit 134 by a radio signal. This is transmitted to the terminal 200.
- the transmission control unit 150 converts the digital signal to be transmitted into an analog signal when the control unit 130 performs processing using a digital signal. Further, the transmission control unit 150 modulates an analog signal as necessary, frequency-converts the baseband signal obtained by the modulation into a high-frequency signal by up-conversion, and outputs the high-frequency signal to the transmission unit 160.
- the storage unit 140 may further store the first key division number and the first security level.
- the transmission power determination unit 134 acquires the first key division number and the first security level stored in the storage unit 140.
- the transmission power determination unit 134 has a transmission security level determined by the security level determination unit 133 equal to or higher than the first security level, and the number of key divisions included in the key transmission request is smaller than the first key division number. When the first condition is satisfied, the transmission power is determined as a value smaller than the transmission power used when the first condition is not satisfied.
- the first key division number is set to “100” in the “key division number N” of the correspondence information 141
- the first security level is set to “high” in the “security level” of the correspondence information 141, for example. It is set (see, for example, FIG. 7).
- the storage unit 140 may further store the second key division number and the second security level.
- the transmission power determination unit 134 acquires the second key division number and the second security level stored in the storage unit 140. Then, the transmission power determination unit 134 has the transmission security level determined by the security level determination unit 133 equal to or lower than the second security level, and the number of key divisions included in the key transmission request is equal to or greater than the second key division number. , The transmission power is determined as a value larger than the transmission power used when the second condition is not satisfied.
- the second key division number is set to “10” in the “key division number N” of the correspondence information 141
- the second security level is set to “low” in the “security level” of the correspondence information 141, for example. It is set (see, for example, FIG. 7).
- the information processing apparatus 100 may further include a processing request acquisition unit 1313 and a processing execution unit 137.
- the receiving unit 110 receives the encrypted processing request obtained by encrypting the processing request using the key generated by the operation terminal 200 based on each split key after receiving the key transmission request. 200 further receives by radio signal.
- the processing request acquisition unit 1313 acquires the encryption processing request from the radio signal received by the reception unit 110, and the processing execution unit 137 uses the key 142 stored in the storage unit 140 to perform the encryption processing.
- the request may be decrypted, and the process may be executed according to the processing request obtained by decrypting the request.
- the method by which the processing request acquisition unit 1313 acquires the processing request is not particularly limited.
- the request acquisition unit 131 processes the value set at a predetermined position of the wireless signal received by the reception unit 110.
- the value indicates a request, it is possible to acquire the wireless signal extracted as a processing request.
- the process executed by the process execution unit 137 is not particularly limited, but as a process having a relatively high security level, an electronic payment process that handles the personal information of the user U is assumed.
- a TV program recording process or the like is assumed to be a process with a relatively low security level.
- the method used when encrypting or decrypting the processing request using the key 142 is not particularly limited, and for example, a common key encryption method can be used.
- a common key cryptosystem AES (Advanced Encryption Standard) or DES (Data Encryption Standard) can be used.
- the transmission power determination unit 134 may register the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit 1311 in the storage unit 140.
- the processing request acquisition unit 1313 encrypts the processing request by using the key generated by the operation terminal 200 taking an exclusive OR for each bit for all the divided keys.
- the encryption processing request is acquired from the wireless signal received by the receiving unit 110.
- the process execution unit 137 performs an exclusive OR for each bit on all the divided keys obtained by dividing the key 142 stored in the storage unit 140 into the number of key divisions stored in the storage unit 140.
- the encrypted processing request is decrypted using the generated key.
- the process execution part 137 performs a process according to the process request obtained by decoding.
- the storage unit 140 may further store an application that is activated in order for the process execution unit 137 to execute the process, and the security level determination unit 133 may determine the transmission security level according to the type of application. For example, when an application that handles electronic payment processing as an example of processing with a relatively high security level is activated, a high value may be determined as the transmission security level. Further, for example, when an application that handles a recording process as an example of a process with a relatively low security level is activated, a low value may be determined as the transmission security level.
- the information processing apparatus 100 may further include a pairing request acquisition unit 1312, a pairing processing unit 136, and a key request terminal determination unit 132.
- the receiving unit 110 includes a pairing request including model identification information for identifying the model of the operation terminal 200 and operation terminal identification information for identifying the operation terminal 200 before receiving the key transmission request. Is further received from the operation terminal 200 by a radio signal.
- the pairing request acquisition unit 1312 acquires a pairing request from the radio signal received by the reception unit 110, and the pairing processing unit 136 includes a model identification included in the pairing request acquired by the pairing request acquisition unit 1312
- the operation terminal identification information is registered in the storage unit 140 as communication-permitted terminal information
- the key request terminal determination unit 132 acquires the key transmission acquired by the key transmission request acquisition unit 1311. It is determined whether the operation terminal identification information included in the request is registered in the storage unit 140 as communication-permitted terminal information, and the transmission unit 160 is operated by the key request terminal determination unit 132 to include the operation terminal identification information included in the key transmission request. Is determined not to be registered in the storage unit 140 as communication-permitted terminal information, each split key is transmitted to the operation terminal using a radio signal. It is also possible not to transmit to 200.
- the method by which the pairing request acquisition unit 1312 acquires the pairing request is not particularly limited.
- the pairing request acquisition unit 1312 is set at a predetermined position of the radio signal received by the reception unit 110.
- the existing value is a value indicating a pairing request, it is possible to acquire a radio signal extracted as a pairing request.
- the model identification information for identifying the model of the operation terminal 200 includes, for example, information for identifying the manufacturer that manufactured the operation terminal 200, information for identifying the type of the operation terminal 200, and the version of the operation terminal 200. The information shown can be used. Further, as the operation terminal identification information for identifying the operation terminal 200, the MAC address of the operation terminal 200 or the like can be used.
- the predetermined model identification information is not particularly limited.
- the storage unit 140 stores information for identifying the manufacturer that manufactured the information processing apparatus 100
- the information processing apparatus 100 is stored. It can be assumed that the information is information for identifying the manufacturer. In this case, the information processing apparatus 100 does not transmit a key to the operation terminal 200 when, for example, the manufacturer that manufactured the operation terminal 200 is different from the manufacturer that manufactured the information processing apparatus 100. Can do.
- the pairing processing unit 136 may further register the performance information in the storage unit 140 in association with the communication-permitted terminal information.
- the security level determination unit 133 may determine the transmission security level according to the performance information associated with the communication-permitted terminal information and registered in the storage unit 140. In this way, for example, for the operation terminal 200 having a relatively high wireless signal reception performance, the security level determination unit 133 determines a high transmission security level and operates with a relatively low wireless signal reception performance. For terminal 200, the transmission security level can be determined low.
- the transmission power determination unit 134 registers the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit 1311 and the determined transmission power in the storage unit 140 as the previous key division number and the previous transmission power, respectively. It is good. In that case, when the process execution unit 137 fails to decrypt the encrypted process request, the transmission power determination unit 134 again splits the key included in the key transmission request acquired by the key transmission request acquisition unit 1311. Get the number.
- the transmission power determination unit 134 calculates a difference value between the acquired number of key divisions and the previous number of key divisions registered in the storage unit 140. When the calculated difference value is equal to or less than a predetermined value, the transmission power determination unit 134 stores The transmission power may be determined as a value larger than the registered previous transmission power. In this way, it is possible to eliminate the shortage of transmission power used when the key is transmitted again, assuming that the reason for the key transmission failure is due to the shortage of transmission power.
- the storage unit 140 may further store environment identification information for identifying the environment in which the device is installed, and the security level determination unit 133 may determine the transmission security level according to the environment identification information. .
- environment identification information for identifying the environment in which the device is installed
- the security level determination unit 133 may determine the transmission security level according to the environment identification information.
- a value for determining a low transmission security level is set in the environment identification information.
- the environment identification information has a high transmission security level.
- a value can be set.
- the information processing apparatus 100 is installed in an area where it is difficult for the eavesdropper B to intercept the key because the distance to the adjacent house is relatively large (or the wall W between the adjacent house is thick). In this case, a value for determining a low transmission security level can be set in the environment identification information. Further, for example, the information processing apparatus 100 is installed in an area where the key can be easily intercepted by the eavesdropper B because the distance to the adjacent house is relatively small (or the wall W between the adjacent house is thin). In this case, a value for determining a high transmission security level can be set in the environment identification information.
- the environment identification information may be stored in the storage unit 140 when the information processing apparatus 100 is manufactured by the manufacturer, or may be stored by the user U using the operation terminal 200 after the information processing apparatus 100 is manufactured by the manufacturer. It may be possible to register in the unit 140. Further, for example, the environment identification information stored in the storage unit 140 at the stage of manufacture by the manufacturer may be changed by the operation terminal 200 of the user U.
- the security level determination unit 133 may determine the transmission security level according to the reception power of the radio signal when the reception unit 110 receives the key transmission request by the radio signal. In this way, for example, the security level determination unit 133 determines that the operation terminal 200 exists near the information processing apparatus 100 when the reception power of the wireless signal when receiving the key transmission request is relatively large. Thus, the transmission security level can be determined high. Further, for example, the security level determination unit 133 determines that the operation terminal 200 does not exist near the information processing apparatus 100 when the reception power of the radio signal when the key transmission request is received is relatively small. The transmission security level can be determined low.
- the information processing apparatus 100 may further include a display unit 170 and a display control unit 139.
- the display control unit 139 also transmits the transmission security level determined by the security level determination unit 133, the number of key divisions included in the key transmission request acquired by the key transmission request acquisition unit 1311, and the transmission power determined by the transmission power determination unit 134. At least one of them may be displayed on the display unit 170. Further, the display control unit 139 may cause the display unit 170 to display a message indicating that the communication safety between the information processing apparatus 100 and the operation terminal 200 is maintained.
- the display control unit 139 can display the result of the pairing process executed by the pairing processing unit 136 and the result of the process executed by the process execution unit 137 on the display unit 170 as appropriate. .
- FIG. 6 is a diagram illustrating a configuration of the operation terminal according to the present embodiment. With reference to FIG. 6 (refer to other figures as appropriate), the configuration of the operation terminal according to the present embodiment will be described.
- the operation terminal 200 includes at least a reception unit 210, a control unit 230, a storage unit 240, and a transmission unit 260.
- the operation terminal 200 includes a reception control unit 220, a transmission control unit 250, an input unit 270, and the like as necessary.
- the input unit 270 can receive input of operation information from the user U by, for example, a button operation.
- the control unit 230 includes at least a response acquisition unit 231 and a key transmission request generation unit 233. If necessary, a pairing request generation unit 234, a processing request generation unit 235, and operation information acquisition The unit 232 and the like are provided.
- the response acquisition unit 231 includes at least a key acquisition unit 2311.
- the control unit 230 is configured by, for example, a CPU, a RAM, and the like, and the function is realized by reading the program stored in the storage unit 240 and expanding the program in the RAM, and executing the program expanded in the RAM.
- the control unit 230 may be configured by dedicated hardware, for example.
- the operation information acquisition unit 232 includes a key request operation acquisition unit 2321, a pairing request operation acquisition unit 2322, a processing request operation acquisition unit 2323, and the like.
- the key transmission request generator 233 generates a key transmission request including the number of key divisions.
- the operation terminal 200 includes the input unit 270 and the key request operation acquisition unit 2321
- the input unit 270 receives an input of a key transmission request operation from the user U
- the key request operation acquisition unit 2321 transmits a key from the input unit 270.
- the request operation is acquired and output to the key transmission request generation unit 233.
- the key transmission request generation unit 233 generates a key transmission request based on the key transmission request operation output from the key request operation acquisition unit 2321.
- the transmission unit 260 is configured by an antenna or the like, and transmits a radio signal to the information processing apparatus 100.
- the transmission unit 260 transmits a key transmission request to the information processing apparatus 100 using a radio signal.
- the receiving unit 210 is configured by the same or separate antenna as the transmitting unit 260, and receives a radio signal from the information processing apparatus 100. For example, the receiving unit 210 receives from the information processing apparatus 100 each divided key divided by the information processing apparatus 100 into the number of key divisions.
- the key acquisition unit 2311 generates a key based on each split key received by the reception unit 210, and registers the generated key in the storage unit 240. As described above, the key acquisition unit 2311 can generate a key by taking an exclusive OR for each bit of the split key (split keys F1, F2,... FN). However, the present invention is not limited to the technique of taking the exclusive OR.
- the pairing request generator 234 generates a pairing request.
- the operation terminal 200 includes the input unit 270 and the pairing request operation acquisition unit 2322
- the input unit 270 receives an input of the pairing request operation from the user U
- the pairing request operation acquisition unit 2322 receives the input from the input unit 270.
- a pairing request operation is acquired and output to the pairing request generator 234.
- the pairing request generation unit 234 generates a pairing request based on the pairing request operation output from the pairing request operation acquisition unit 2322.
- the processing request generation unit 235 generates a processing request and generates an encrypted processing request obtained by encrypting the generated processing request using a key registered in the storage unit 140.
- the operation terminal 200 includes the input unit 270 and the processing request operation acquisition unit 2323
- the input unit 270 receives an input of the processing request operation from the user U
- the processing request operation acquisition unit 2323 receives the processing request operation from the input unit 270. Is output to the processing request generator 235.
- the process request generator 235 generates a process request based on the process request operation output from the process request operation acquisition unit 2323.
- the reception control unit 220 converts the frequency of the radio signal received by the reception unit 210 from a high frequency signal to a baseband signal by down-conversion as necessary, and demodulates the frequency-converted baseband signal. In addition, when the control unit 230 performs processing using a digital signal, the reception control unit 220 converts an analog signal obtained by demodulation into a digital signal.
- the transmission control unit 250 converts the digital signal to be transmitted into an analog signal. Further, the transmission control unit 250 modulates an analog signal as necessary, frequency-converts the baseband signal obtained by the modulation into a high-frequency signal by up-conversion, and outputs it to the transmission unit 260.
- FIG. 7 is a diagram illustrating a configuration example of correspondence information held by the information processing apparatus. With reference to FIG. 7 (refer to other figures as appropriate), a configuration example of correspondence information held by the information processing apparatus will be described.
- the correspondence information 141 is obtained by associating, for example, a key division number, a security level, and transmission power.
- the number of key divisions is N
- the number N of key divisions is “arbitrary” and the security level is “normal”
- the transmission power is “not adjusted”.
- the information shown is set.
- the key division number N is “N> 10” and the security level is “low”
- information indicating that the transmission power is “not adjusted” is set
- the key division number N is When “N ⁇ 100” and the security level is “high”, information indicating that the transmission power is “not adjusted” is set.
- the security level is not limited to three levels of “low”, “normal”, and “high”. For example, “low”, “slightly low”, “normal”, “slightly high”, and “high”. The case may be divided into five stages. Further, although “10”, “100”, and the like are set as threshold values for the number N of key divisions, the value is not limited to these values.
- FIG. 8 is a sequence diagram showing a flow of processing executed by the information processing system. With reference to FIG. 8 (refer to other figures as appropriate), the flow of processing executed by the information processing system will be described. FIG. 8 shows the flow of processing executed when the key transmission request includes the key division number N. Details of step S102 and steps S104A to S104C of the information processing apparatus 100 will be described later with reference to FIG.
- the operation terminal 200 transmits a key transmission request to the information processing apparatus 100 (step S101).
- the information processing apparatus 100 receives the key transmission request (step S102) and determines transmission power (step S103).
- the information processing apparatus 100 transmits the split key F1 to the operation terminal 200 according to the determined transmission power (step S104A).
- the operation terminal 200 receives the split key F1 from the information processing apparatus 100 (step S105A).
- the information processing apparatus 100 transmits the split key F2 to the operation terminal 200 according to the determined transmission power (step S104B).
- the operation terminal 200 receives the split key F2 from the information processing apparatus 100 (step S105B).
- the information processing apparatus 100 transmits the split key FN to the operation terminal 200 according to the determined transmission power (step S104C).
- the operation terminal 200 receives the split key F2 from the information processing apparatus 100 (step S105C).
- the information processing apparatus 100 transmits the split keys F3 to FN-1 to the operation terminal 200 according to the determined transmission power, and the operation terminal 200 receives the split key from the information processing apparatus 100.
- the process for receiving F3 to FN-1 is executed in the same manner.
- the operation terminal 200 generates a key based on the received split keys F1 to FN (step S106), and encrypts the processing request with the generated key (step S107).
- the key can be generated, for example, by taking an exclusive OR for each bit of each split key as described above.
- the operation terminal 200 transmits the encrypted processing request to the information processing apparatus 100 (step S108).
- the information processing apparatus 100 receives the encrypted processing request from the operation terminal 200 (step S109), and decrypts the received encrypted processing request with the key (step S110).
- the information processing apparatus 100 executes processing according to the processing request obtained by decryption (step S111).
- FIG. 9 is a flowchart showing a flow of processing executed by the information processing apparatus. With reference to FIG. 9 (refer to other figures as appropriate), the flow of processing executed by the information processing apparatus will be described.
- the information processing apparatus 100 determines whether or not the transmission source of the key transmission request is appropriate as a key transmission partner (step S201). For example, as described above, the key requesting terminal determining unit 132 determines whether the operation terminal identification information included in the key transmission request acquired by the key transmission request acquiring unit 1311 is communicated. This is done by determining whether or not it is registered in the storage unit 140 as allowable terminal information.
- the information processing apparatus 100 determines that the transmission source of the key transmission request is not appropriate as a key transmission partner (“No” in step S201), the information transmission apparatus 100 ends the key transmission process without transmitting the key. If the information processing apparatus 100 determines that the transmission source of the key transmission request is appropriate as the key transmission partner (“Yes” in step S201), the information processing apparatus 100 acquires the number of key divisions from the key transmission request (step S202). Then, it is determined whether or not the acquired key division number and security level are appropriate (step S203). As described above, the security level is determined by the security level determination unit 133 of the information processing apparatus 100 by various methods.
- step S203 If the information processing apparatus 100 determines that the number of key divisions and the security level are appropriate (“Yes” in step S203), the information processing apparatus 100 proceeds to step S205. If the information processing apparatus 100 determines that the number of key divisions and the security level are not appropriate (“No” in step S203), the information processing apparatus 100 adjusts the transmission power at the time of transmission of the division key (step S204), and proceeds to step S205. move on.
- the information processing apparatus 100 transmits the split key to the operation terminal 200 (step S205), and determines whether or not the split key is transmitted for the number of key splits (step S206). If the information processing apparatus 100 determines that the number of split keys has not been transmitted for the number of key splits (“No” in step S206), the information processing apparatus 100 returns to step S205 to transmit the continuation of the split key to the operation terminal 200. . If the information processing apparatus 100 determines that the number of split keys has been transmitted for the number of key splits (“Yes” in step S206), the key transmission process is terminated.
- an unencrypted plaintext bit string is used for the key itself, but an encrypted key may be used.
- the display control part 139 of the information processing apparatus 100 demonstrated the example which displays at least any one among a transmission security level, the number of key divisions, and transmission power on the display part 170
- the operation terminal 200 may display such information.
- the information processing apparatus 100 may transmit a key transmission completion notification including at least one of the transmission security level, the number of key divisions, and the transmission power to the operation terminal 200.
- the display control unit included in the operation terminal 200 causes the display unit included in the operation terminal 200 to display at least one of the transmission security level, the key division number, and the transmission power included in the received key transmission completion notification. You can do that.
- the display control unit included in the operation terminal 200 may cause the display unit included in the operation terminal 200 to display a message indicating that the safety of communication between the information processing apparatus 100 and the operation terminal 200 is maintained.
- communication between the operation terminal 200 and the information processing apparatus 100 is performed in the information processing system 10 in which the information processing apparatus 100 replies by dividing the key according to the number of key divisions specified by the operation terminal 200. It is possible to give the information processing apparatus 100 the right to determine the strength of security. Thereby, the imbalance regarding the right to determine the strength of safety of communication between the operation terminal 200 and the information processing apparatus 100 can be eliminated.
- the information processing apparatus 100 since the transmission power used when the information processing apparatus 100 transmits a key can be determined, the information processing apparatus 100 reduces the transmission power and transmits the key, so that the operation terminal 200 and the information processing apparatus 100 can communicate with each other. It is possible to increase the strength of communication safety.
- the information transmission apparatus 100 since the transmission power used when the information processing apparatus 100 transmits a key can be determined, the information transmission apparatus 100 increases the transmission power and transmits the key, thereby improving the success rate of transmitting the key to the operation terminal 200. It becomes possible to make it.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Telephone Function (AREA)
Abstract
Description
1-1. 情報処理システムの適用例
1-2. 鍵送信要求と分割鍵との送信
1-3. 分割鍵の送信に成功した場合
1-4. 分割鍵の送信に失敗した場合
1-5. 情報処理装置の構成
1-6. 操作端末の構成
1-7. 情報処理装置が保持する対応情報の構成例
1-8. 情報処理システムによって実行される処理の流れ
1-9. 情報処理装置によって実行される処理の流れ
2. 変形例
3. まとめ
本発明の第1実施形態について説明する。
図1は、本実施形態に係る情報処理システムの適用例を示す図である。図1を参照して(適宜他の図参照)、本実施形態に係る情報処理システムの適用例について説明する。
図2は、鍵送信要求と分割鍵との送信について説明するための図である。図2を参照して(適宜他の図参照)、鍵送信要求と分割鍵との送信について説明する。
図3は、分割鍵の送信に成功した場合の例について説明するための図である。図3を参照して(適宜他の図参照)、分割鍵の送信に成功した場合の例について説明する。
図4は、分割鍵の送信に失敗した場合の例について説明するための図である。図4を参照して(適宜他の図参照)、分割鍵の送信に失敗した場合の例について説明する。
図5は、本実施形態に係る情報処理装置の構成を示す図である。図5を参照して(適宜他の図参照)、本実施形態に係る情報処理装置の構成について説明する。
図6は、本実施形態に係る操作端末の構成を示す図である。図6を参照して(適宜他の図参照)、本実施形態に係る操作端末の構成について説明する。
図7は、情報処理装置が保持する対応情報の構成例を示す図である。図7を参照して(適宜他の図参照)、情報処理装置が保持する対応情報の構成例について説明する。
図8は、情報処理システムによって実行される処理の流れを示すシーケンス図である。図8を参照して(適宜他の図参照)、情報処理システムによって実行される処理の流れについて説明する。図8には、鍵送信要求に鍵分割数Nが含まれている場合に実行される処理の流れが示されている。また、情報処理装置100のステップS102、ステップS104A~ステップS104Cについての詳細は、図9を参照して後述する。
図9は、情報処理装置によって実行される処理の流れを示すフローチャートである。図9を参照して(適宜他の図参照)、情報処理装置によって実行される処理の流れについて説明する。
なお、添付図面を参照しながら本発明の好適な実施形態について説明したが、本発明は係る例に限定されないことは言うまでもない。当業者であれば、請求の範囲に記載された範疇内において、各種の変更例または修正例に想到し得ることは明らかであり、それらについても当然に本発明の技術的範囲に属するものと了解される。
第1実施形態によれば、操作端末200によって指定された鍵分割数に従って鍵を分割して情報処理装置100が返信する情報処理システム10において、操作端末200と情報処理装置100との間の通信の安全性の強度に対する決定権を情報処理装置100に持たせることが可能となる。これによって、操作端末200と情報処理装置100との間の通信の安全性の強度に対する決定権に関するアンバランスを解消することができる。
100 情報処理装置
110 受信部
120 受信制御部
130 制御部
131 要求取得部
1311 鍵送信要求取得部
1312 ペアリング要求取得部
1313 処理要求取得部
132 鍵要求端末判断部
133 セキュリティレベル決定部
134 送信電力決定部
135 鍵取得部
136 ペアリング処理部
137 処理実行部
139 表示制御部
140 記憶部
141 対応情報
142 鍵
150 送信制御部
160 送信部
170 表示部
200 操作端末
210 受信部
220 受信制御部
230 制御部
231 応答取得部
2311 鍵取得部
232 操作情報取得部
2321 鍵要求操作取得部
2322 ペアリング要求操作取得部
2323 処理要求操作取得部
233 鍵送信要求生成部
234 ペアリング要求生成部
235 処理要求生成部
240 記憶部
250 送信制御部
260 送信部
270 入力部
Claims (15)
- データを暗号化または復号するために使用される鍵を記憶する記憶部と、
操作端末から無線信号によって鍵分割数を含む鍵送信要求を受信する受信部と、
前記受信部によって受信された前記無線信号から前記鍵送信要求を取得する鍵送信要求取得部と、
前記操作端末に対して前記鍵を送信する際のセキュリティレベルを送信セキュリティレベルとして決定するセキュリティレベル決定部と、
前記セキュリティレベル決定部によって決定された前記送信セキュリティレベルと前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数とに応じて送信電力を決定する送信電力決定部と、
前記記憶部によって記憶されている前記鍵を前記鍵分割数に分割することによって各分割鍵を取得する鍵取得部と、
前記送信電力決定部によって決定された前記送信電力を使用して前記鍵取得部によって取得された前記各分割鍵を無線信号によって前記操作端末に送信する送信部と、
を備える、情報処理装置。 - 前記記憶部は、
第1鍵分割数と第1セキュリティレベルとをさらに記憶し、
前記送信電力決定部は、
前記記憶部によって記憶されている前記第1鍵分割数と前記第1セキュリティレベルとを取得し、前記セキュリティレベル決定部によって決定された前記送信セキュリティレベルが前記第1セキュリティレベル以上であり、かつ、前記鍵送信要求に含まれる前記鍵分割数が前記第1鍵分割数より小さい、という第1条件を満たす場合に、前記送信電力を、前記第1条件を満たさない場合に使用される送信電力よりも小さい値として決定する、
請求項1に記載の情報処理装置。 - 前記記憶部は、
第2鍵分割数と第2セキュリティレベルとをさらに記憶し、
前記送信電力決定部は、
前記記憶部によって記憶されている前記第2鍵分割数と前記第2セキュリティレベルとを取得し、前記セキュリティレベル決定部によって決定された前記送信セキュリティレベルが前記第2セキュリティレベル以下であり、かつ、前記鍵送信要求に含まれる前記鍵分割数が前記第2鍵分割数以上である、という第2条件を満たす場合に、前記送信電力を、前記第2条件を満たさない場合に使用される送信電力よりも大きい値として決定する、
請求項2に記載の情報処理装置。 - 処理要求取得部と処理実行部とをさらに備え、
前記受信部は、
前記鍵送信要求を受信した後に前記操作端末が前記各分割鍵に基づいて生成した鍵を使用して処理要求を暗号化して得た被暗号化処理要求を前記操作端末から無線信号によってさらに受信し、
前記処理要求取得部は、
前記被暗号化処理要求を前記受信部によって受信された前記無線信号から取得し、
前記処理実行部は、
前記記憶部によって記憶されている前記鍵を使用して前記被暗号化処理要求を復号し、復号して得た処理要求に従って処理を実行する、
請求項1に記載の情報処理装置。 - 前記送信電力決定部は、
前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数を前記記憶部に登録し、
前記処理要求取得部は、
前記操作端末がすべての前記各分割鍵に対してビットごとに排他的論理和をとって生成した鍵を使用して処理要求を暗号化して得た被暗号化処理要求を前記受信部によって受信された前記無線信号から取得し、
前記処理実行部は、
前記記憶部によって記憶されている前記鍵を前記記憶部によって記憶されている前記鍵分割数に分割して得られるすべての各分割鍵に対してビットごとに排他的論理和をとって生成した鍵を使用して前記被暗号化処理要求を復号し、復号して得た処理要求に従って処理を実行する、
請求項4に記載の情報処理装置。 - 前記記憶部は、
前記処理実行部が前記処理を実行するために起動するアプリケーションをさらに記憶し、
前記セキュリティレベル決定部は、
前記アプリケーションの種類に応じて前記送信セキュリティレベルを決定する、
請求項4に記載の情報処理装置。 - ペアリング要求取得部とペアリング処理部と鍵要求端末判断部とをさらに備え、
前記受信部は、
前記鍵送信要求を受信する前に前記操作端末の機種を識別するための機種識別情報と前記操作端末を識別するための操作端末識別情報とを含むペアリング要求を前記操作端末から無線信号によってさらに受信し、
前記ペアリング要求取得部は、
前記ペアリング要求を前記受信部によって受信された前記無線信号から取得し、
前記ペアリング処理部は、
前記ペアリング要求取得部によって取得された前記ペアリング要求に含まれる前記機種識別情報が所定の機種識別情報である場合には、前記操作端末識別情報を通信許容端末情報として前記記憶部に登録し、
前記鍵要求端末判断部は、
前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる操作端末識別情報が前記通信許容端末情報として前記記憶部に登録されているか否かを判断し、
前記送信部は、
前記鍵要求端末判断部によって前記鍵送信要求に含まれる前記操作端末識別情報が前記通信許容端末情報として前記記憶部に登録されていないと判断された場合には、前記各分割鍵を無線信号によって前記操作端末に送信しない、
請求項1に記載の情報処理装置。 - 前記ペアリング処理部は、
前記ペアリング要求が前記操作端末の性能を示す性能情報をさらに含む場合に前記通信許容端末情報に対応付けて前記性能情報をさらに前記記憶部に登録し、
前記セキュリティレベル決定部は、
前記通信許容端末情報に対応付けられて前記記憶部に登録されている前記性能情報に応じて前記送信セキュリティレベルを決定する、
請求項7に記載の情報処理装置。 - 前記送信電力決定部は、
前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数と決定した前記送信電力とをそれぞれ前回鍵分割数と前回送信電力として前記記憶部に登録し、前記処理実行部が前記被暗号化処理要求の復号に失敗した場合に、再度、前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数を取得し、取得した前記鍵分割数と前記記憶部に登録された前記前回鍵分割数との差分値を算出し、算出した差分値が所定の値以下である場合に、前記記憶部に登録された前記前回送信電力よりも大きい値として決定する、
請求項1に記載の情報処理装置。 - 前記記憶部は、
自装置が設置される環境を識別するための環境識別情報をさらに記憶し、
前記セキュリティレベル決定部は、
前記環境識別情報に応じて前記送信セキュリティレベルを決定する、
請求項1に記載の情報処理装置。 - 前記セキュリティレベル決定部は、
前記受信部が前記無線信号によって前記鍵送信要求を受信した際の前記無線信号の受信電力に応じて前記送信セキュリティレベルを決定する、
請求項1に記載の情報処理装置。 - 表示部と表示制御部とをさらに備え、
前記表示制御部は、
前記セキュリティレベル決定部が決定した前記送信セキュリティレベルと前記鍵送信要求取得部が取得した前記鍵送信要求に含まれる前記鍵分割数と前記送信電力決定部が決定した前記送信電力とのうち少なくともいずれか1つを前記表示部に表示させる、
請求項1に記載の情報処理装置。 - データを暗号化または復号するために使用される鍵を記憶する記憶部と、受信部と、鍵送信要求取得部と、セキュリティレベル決定部と、送信電力決定部と、鍵取得部と、送信部とを備える情報処理装置の前記受信部により、操作端末から無線信号によって鍵分割数を含む鍵送信要求を受信するステップと、
前記鍵送信要求取得部により、前記受信部によって受信された前記無線信号から前記鍵送信要求を取得するステップと、
前記セキュリティレベル決定部により、前記操作端末に対して前記鍵を送信する際のセキュリティレベルを送信セキュリティレベルとして決定するステップと、
前記送信電力決定部により、前記セキュリティレベル決定部によって決定された前記送信セキュリティレベルと前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数とに応じて送信電力を決定するステップと、
前記鍵取得部により、前記記憶部によって記憶されている前記鍵を前記鍵分割数に分割することによって各分割鍵を取得するステップと、
前記送信部により、前記送信電力決定部によって決定された前記送信電力を使用して前記鍵取得部によって取得された前記各分割鍵を無線信号によって前記操作端末に送信するステップと、
を含む、情報処理方法。 - 記憶部と、
鍵分割数を含む鍵送信要求を生成する鍵送信要求生成部と、
無線信号によって前記鍵送信要求を情報処理装置に送信する送信部と、
前記情報処理装置によって前記鍵分割数に分割された各分割鍵を前記情報処理装置から受信する受信部と、
前記受信部によって受信された前記各分割鍵に基づいて鍵を生成し、生成した鍵を前記記憶部に登録する鍵取得部と、
を備える、操作端末。 - 情報処理装置と操作端末とを備える情報処理システムであって、
前記情報処理装置は、
データを暗号化または復号するために使用される鍵を記憶する記憶部と、
前記操作端末から無線信号によって鍵分割数を含む鍵送信要求を受信する受信部と、
前記受信部によって受信された前記無線信号から前記鍵送信要求を取得する鍵送信要求取得部と、
前記操作端末に対して前記鍵を送信する際のセキュリティレベルを送信セキュリティレベルとして決定するセキュリティレベル決定部と、
前記セキュリティレベル決定部によって決定された前記送信セキュリティレベルと前記鍵送信要求取得部によって取得された前記鍵送信要求に含まれる前記鍵分割数とに応じて送信電力を決定する送信電力決定部と、
前記記憶部によって記憶されている前記鍵を前記鍵分割数に分割することによって各分割鍵を取得する鍵取得部と、
前記送信電力決定部によって決定された前記送信電力を使用して前記鍵取得部によって取得された前記各分割鍵を無線信号によって前記操作端末に送信する送信部と、
を有し、
前記操作端末は、
記憶部と、
鍵分割数を含む鍵送信要求を生成する鍵送信要求生成部と、
無線信号によって前記鍵送信要求を前記情報処理装置に送信する送信部と、
前記情報処理装置によって前記鍵分割数に分割された各分割鍵を前記情報処理装置から受信する受信部と、
前記受信部によって受信された前記各分割鍵に基づいて鍵を生成し、生成した鍵を前記記憶部に登録する鍵取得部と、
を有する、情報処理システム。
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112012002306A BR112012002306A2 (pt) | 2009-08-07 | 2010-07-23 | aparelho de processamento de informação, método de processamento de informação, terminal de operação, e, sistema de processamento de informação |
US13/387,152 US8611538B2 (en) | 2009-08-07 | 2010-07-23 | Information processing apparatus, information processing method, operation terminal, and information processing system |
EP10806348.8A EP2464050B1 (en) | 2009-08-07 | 2010-07-23 | Transmission of key fragments over a wireless channel by adapting the transmission power in function of security requirements and the number of said key fragments. |
RU2012103174/08A RU2536364C2 (ru) | 2009-08-07 | 2010-07-23 | Устройство обработки информации, способ обработки информации, операционный терминал и система обработки информации |
CN2010800342136A CN102474666A (zh) | 2009-08-07 | 2010-07-23 | 信息处理装置、信息处理方法、操作终端以及信息处理系统 |
IN774DEN2012 IN2012DN00774A (ja) | 2009-08-07 | 2012-01-27 | |
US14/062,581 US9204297B2 (en) | 2009-08-07 | 2013-10-24 | Information processing apparatus, information processing method, operation terminal, and information processing system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-185053 | 2009-08-07 | ||
JP2009185053A JP5446566B2 (ja) | 2009-08-07 | 2009-08-07 | 情報処理装置、情報処理方法、操作端末および情報処理システム |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/387,152 A-371-Of-International US8611538B2 (en) | 2009-08-07 | 2010-07-23 | Information processing apparatus, information processing method, operation terminal, and information processing system |
US14/062,581 Continuation US9204297B2 (en) | 2009-08-07 | 2013-10-24 | Information processing apparatus, information processing method, operation terminal, and information processing system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011016349A1 true WO2011016349A1 (ja) | 2011-02-10 |
Family
ID=43544246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/062434 WO2011016349A1 (ja) | 2009-08-07 | 2010-07-23 | 情報処理装置、情報処理方法、操作端末および情報処理システム |
Country Status (8)
Country | Link |
---|---|
US (2) | US8611538B2 (ja) |
EP (1) | EP2464050B1 (ja) |
JP (1) | JP5446566B2 (ja) |
CN (1) | CN102474666A (ja) |
BR (1) | BR112012002306A2 (ja) |
IN (1) | IN2012DN00774A (ja) |
RU (1) | RU2536364C2 (ja) |
WO (1) | WO2011016349A1 (ja) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5446566B2 (ja) | 2009-08-07 | 2014-03-19 | ソニー株式会社 | 情報処理装置、情報処理方法、操作端末および情報処理システム |
US8544054B2 (en) * | 2011-05-20 | 2013-09-24 | Echostar Technologies L.L.C. | System and method for remote device pairing |
US9049593B2 (en) | 2012-06-28 | 2015-06-02 | Qualcomm Incorporated | Method and apparatus for restricting access to a wireless system |
CN103678174A (zh) * | 2012-09-11 | 2014-03-26 | 联想(北京)有限公司 | 数据安全方法、存储装置和数据安全系统 |
CN105184180B (zh) * | 2014-06-12 | 2019-03-29 | 联想(北京)有限公司 | 一种文件处理方法及装置 |
CN105634771B (zh) * | 2014-10-31 | 2020-04-14 | 索尼公司 | 通信系统中用户侧装置和网络侧装置及无线通信方法 |
US10897706B2 (en) * | 2014-11-06 | 2021-01-19 | Samsung Electronics Co., Ltd. | Bootstrapping Wi-Fi direct communication by a trusted network entity |
US10541811B2 (en) * | 2015-03-02 | 2020-01-21 | Salesforce.Com, Inc. | Systems and methods for securing data |
CN106252749B (zh) * | 2015-06-04 | 2020-12-29 | 松下知识产权经营株式会社 | 蓄电池包的控制方法以及蓄电池包 |
US10263968B1 (en) * | 2015-07-24 | 2019-04-16 | Hologic Inc. | Security measure for exchanging keys over networks |
US11368292B2 (en) | 2020-07-16 | 2022-06-21 | Salesforce.Com, Inc. | Securing data with symmetric keys generated using inaccessible private keys |
US11522686B2 (en) | 2020-07-16 | 2022-12-06 | Salesforce, Inc. | Securing data using key agreement |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003187394A (ja) * | 2001-12-18 | 2003-07-04 | Mitsubishi Electric Corp | ロケーションシステム |
JP2004350044A (ja) * | 2003-05-22 | 2004-12-09 | Tdk Corp | 送信機および受信機、ならびに通信システムおよび通信方法 |
JP2007274388A (ja) * | 2006-03-31 | 2007-10-18 | Brother Ind Ltd | ネットワークシステム、通信装置、及び、プログラム |
WO2008044155A2 (en) * | 2006-10-12 | 2008-04-17 | Nokia Corporation | Secure key exchange algorithm for wireless protocols |
JP2009055402A (ja) | 2007-08-28 | 2009-03-12 | Kddi Corp | 鍵生成装置、端末装置、ストレージサーバおよびコンピュータプログラム |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6182214B1 (en) | 1999-01-08 | 2001-01-30 | Bay Networks, Inc. | Exchanging a secret over an unreliable network |
US20060173848A1 (en) * | 2000-03-09 | 2006-08-03 | Pkware, Inc. | System and method for manipulating and managing computer archive files |
US6928295B2 (en) * | 2001-01-30 | 2005-08-09 | Broadcom Corporation | Wireless device authentication at mutual reduced transmit power |
JP3823929B2 (ja) * | 2002-05-17 | 2006-09-20 | ソニー株式会社 | 情報処理装置、情報処理方法、およびコンテンツ配信装置、コンテンツ配信方法、並びにコンピュータ・プログラム |
US20060133338A1 (en) * | 2004-11-23 | 2006-06-22 | Interdigital Technology Corporation | Method and system for securing wireless communications |
EP1873985B1 (en) * | 2005-04-04 | 2009-09-09 | Research In Motion Limited | Determining a transmit power in a wireless system according to security requirements |
JP4839049B2 (ja) * | 2005-09-20 | 2011-12-14 | クラリオン株式会社 | 情報処理装置および表示画面制御方法 |
US9635625B2 (en) * | 2005-12-28 | 2017-04-25 | Google Technology Holdings LLC | Method for switching between predefined transmit power classes on a mobile telecommunications device |
JP4213176B2 (ja) * | 2006-11-16 | 2009-01-21 | シャープ株式会社 | センサデバイス、サーバノード、センサネットワークシステム、通信経路の構築方法、制御プログラム、および記録媒体 |
JP2008263308A (ja) * | 2007-04-10 | 2008-10-30 | Sony Corp | リモートコントローラ、電子機器および遠隔操作システム |
US8064599B2 (en) * | 2007-08-29 | 2011-11-22 | Red Hat, Inc. | Secure message transport using message segmentation |
US8736427B2 (en) * | 2008-09-03 | 2014-05-27 | Apple Inc. | Intelligent infrared remote pairing |
JP5446566B2 (ja) | 2009-08-07 | 2014-03-19 | ソニー株式会社 | 情報処理装置、情報処理方法、操作端末および情報処理システム |
-
2009
- 2009-08-07 JP JP2009185053A patent/JP5446566B2/ja not_active Expired - Fee Related
-
2010
- 2010-07-23 EP EP10806348.8A patent/EP2464050B1/en not_active Not-in-force
- 2010-07-23 BR BR112012002306A patent/BR112012002306A2/pt not_active IP Right Cessation
- 2010-07-23 CN CN2010800342136A patent/CN102474666A/zh active Pending
- 2010-07-23 WO PCT/JP2010/062434 patent/WO2011016349A1/ja active Application Filing
- 2010-07-23 RU RU2012103174/08A patent/RU2536364C2/ru not_active IP Right Cessation
- 2010-07-23 US US13/387,152 patent/US8611538B2/en not_active Expired - Fee Related
-
2012
- 2012-01-27 IN IN774DEN2012 patent/IN2012DN00774A/en unknown
-
2013
- 2013-10-24 US US14/062,581 patent/US9204297B2/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003187394A (ja) * | 2001-12-18 | 2003-07-04 | Mitsubishi Electric Corp | ロケーションシステム |
JP2004350044A (ja) * | 2003-05-22 | 2004-12-09 | Tdk Corp | 送信機および受信機、ならびに通信システムおよび通信方法 |
JP2007274388A (ja) * | 2006-03-31 | 2007-10-18 | Brother Ind Ltd | ネットワークシステム、通信装置、及び、プログラム |
WO2008044155A2 (en) * | 2006-10-12 | 2008-04-17 | Nokia Corporation | Secure key exchange algorithm for wireless protocols |
JP2009055402A (ja) | 2007-08-28 | 2009-03-12 | Kddi Corp | 鍵生成装置、端末装置、ストレージサーバおよびコンピュータプログラム |
Non-Patent Citations (1)
Title |
---|
See also references of EP2464050A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20140050323A1 (en) | 2014-02-20 |
EP2464050A4 (en) | 2013-05-01 |
US20120121089A1 (en) | 2012-05-17 |
US8611538B2 (en) | 2013-12-17 |
BR112012002306A2 (pt) | 2016-05-31 |
JP5446566B2 (ja) | 2014-03-19 |
IN2012DN00774A (ja) | 2015-06-26 |
CN102474666A (zh) | 2012-05-23 |
JP2011040909A (ja) | 2011-02-24 |
EP2464050A1 (en) | 2012-06-13 |
US9204297B2 (en) | 2015-12-01 |
EP2464050B1 (en) | 2016-08-31 |
RU2536364C2 (ru) | 2014-12-20 |
RU2012103174A (ru) | 2013-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5446566B2 (ja) | 情報処理装置、情報処理方法、操作端末および情報処理システム | |
US8406735B2 (en) | Method for pairing electronic equipment in a wireless network system | |
US10298391B2 (en) | Systems and methods for generating symmetric cryptographic keys | |
KR101366243B1 (ko) | 인증을 통한 데이터 전송 방법 및 그 장치 | |
US7828213B2 (en) | RF label identification | |
US20080235517A1 (en) | Update System for Cipher System | |
US20100293379A1 (en) | method for secure data transmission in wireless sensor network | |
US20060209843A1 (en) | Secure spontaneous associations between networkable devices | |
CN110011987B (zh) | 一种手机程序与智能硬件进行绑定的系统及方法 | |
CN105007163A (zh) | 预共享密钥的发送、获取方法及发送、获取装置 | |
US11716367B2 (en) | Apparatus for monitoring multicast group | |
US20080279385A1 (en) | Method and host device for using content using mobile card, and mobile card | |
CN111680326A (zh) | 一种数据处理方法及装置 | |
CN114386049A (zh) | 加密方法、解密方法、装置及设备 | |
KR20140033824A (ko) | 스마트 디바이스에서 해쉬값 기반 대칭키 암호화 시스템 및 방법 | |
CN107872312B (zh) | 对称密钥动态生成方法、装置、设备及系统 | |
KR20090037720A (ko) | 브로드캐스트암호화를 이용한 컨텐츠 서비스 제공 방법 및기기간 인증 방법 그리고 재생기기 및 저자원 디바이스 | |
Fernàndez-Mir et al. | Secure and scalable RFID authentication protocol | |
CN112769744B (zh) | 一种数据发送方法和装置 | |
CN111684759B (zh) | 建立在第一终端与第二终端之间共享的加密密钥的方法 | |
US11943365B2 (en) | Secure cross-device authentication system | |
CN115955306B (zh) | 一种数据加密传输方法、装置、电子设备及存储介质 | |
KR20110050932A (ko) | Rfid 시스템에서 리더 및 태그 간 상호 인증 방법 | |
WO2022204949A1 (en) | Network time protocol key encryption | |
KR101758232B1 (ko) | 블록 암호화 또는 블록 복호화 방법, 그 장치 및 블록 암호화 또는 복호화 프로그램을 저장하는 저장매체 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080034213.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10806348 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2010806348 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010806348 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13387152 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 774/DELNP/2012 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012103174 Country of ref document: RU |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112012002306 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 112012002306 Country of ref document: BR Kind code of ref document: A2 Effective date: 20120131 |