WO2013031115A1 - Mobile terminal, authentication method, authentication program and authentication system - Google Patents

Mobile terminal, authentication method, authentication program and authentication system Download PDF

Info

Publication number
WO2013031115A1
WO2013031115A1 PCT/JP2012/005157 JP2012005157W WO2013031115A1 WO 2013031115 A1 WO2013031115 A1 WO 2013031115A1 JP 2012005157 W JP2012005157 W JP 2012005157W WO 2013031115 A1 WO2013031115 A1 WO 2013031115A1
Authority
WO
WIPO (PCT)
Prior art keywords
unit
read
pseudo
tag
mobile terminal
Prior art date
Application number
PCT/JP2012/005157
Other languages
French (fr)
Japanese (ja)
Inventor
安齋 潤
隆博 中西
Original Assignee
パナソニック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニック株式会社 filed Critical パナソニック株式会社
Publication of WO2013031115A1 publication Critical patent/WO2013031115A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/667Preventing unauthorised calls from a telephone set
    • H04M1/67Preventing unauthorised calls from a telephone set by electronic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2250/00Details of telephonic subscriber devices
    • H04M2250/04Details of telephonic subscriber devices including near field communication means, e.g. RFID

Definitions

  • the present invention relates to a portable terminal, an authentication method, an authentication program, and an authentication system for authenticating an ID (Identification) read using a non-contact IC (Integrated Circuit) reader function.
  • the IDs of the non-contact IC card and RFID tag read by the portable terminal are assumed to be used for, for example, authentication in the portable terminal.
  • Patent Documents 1 to 3 are known in relation to such an authentication method. It has been.
  • the portable electronic device of Patent Document 1 includes a non-contact IC reader / writer, receives an ID number stored in a non-contact IC card via the non-contact IC reader / writer, and receives the received ID number. It is stored in the lock related record of the storage unit.
  • the portable electronic device authenticates for unlocking, it receives the ID number stored in the non-contact IC card via the non-contact IC reader / writer and stores it in the received ID number and the lock related record. The ID number is verified. Thereby, the portable electronic device can perform authentication based on the ID number of the non-contact IC without burdening the user or the like.
  • the authentication system of Patent Document 2 uses an IC tag, a portable terminal device having a reader function and a writer function for reading and writing a card ID that specifies the IC tag, a plurality of service providing servers, and a portable terminal device. And an authentication server for authenticating an accessor to the service providing server.
  • the mobile terminal device reads the card ID from the IC tag, and transmits the card ID and the terminal ID of the mobile terminal device to the authentication server.
  • the authentication server associates and registers a user ID for identifying an accessor and a unique card ID and terminal ID for each service, and further associates a rewrite password different from the card ID with the user ID and registers them in the database. To do.
  • the authentication system further includes a card update unit that updates the card ID registered in the database every time the service is used, and rewrites the card ID with a new card ID through the writer function of the mobile terminal device.
  • the authentication server authenticates by using the card ID associated with the service related to the access request, and when the authentication is successful, permits the access to the service providing server that provides the permitted service, and the card ID is not acquired. In this case, a rewrite password is acquired, and the rewrite password is authenticated instead of the card ID.
  • the authentication system reduces burdens on the user, such as complicated operations, during authentication processing for receiving services provided by a portable information terminal such as a mobile phone or PDA (Personal Digital Assistant) through a communication network such as the Internet.
  • security can be improved effectively.
  • the mobile phone control system of Patent Document 3 has a built-in IC chip with a unique ID attached to a card that displays the function to be activated on the surface, reads the ID with a mobile phone, and has a function corresponding to a pre-registered ID. to start.
  • the mobile phone control system can allow a user who is restricted in fine operation with keys such as a visually impaired person and an elderly person to easily operate the mobile phone.
  • RFID tag is simply referred to as “tag” in the following description.
  • ID numbers, card IDs, and IDs in Patent Documents 1 to 3 described above are assumed to be always available when the authentication is successful. ing.
  • ID number”, “card ID”, and “ID” are collectively described as “ID”.
  • the ID of the contactless IC card and the tag can always be used according to the specification of the contactless IC card and the tag and the usage status of the user who uses the tag.
  • the specifications of the non-contact IC card and the tag are based on, for example, whether the ID is a fixed value or a random value, the number of digits of the ID, and a registration policy (eg, security level) when using the ID.
  • ID types determined by the The registration policy includes a case where a policy file in which the policy content is described is stored in the storage unit of the portable terminal and a case where the policy file is not present and the content of the registration policy is defined in a part of the program. is there.
  • the mobile terminal displays a list of operations that can be paired.
  • the policy file is read from the storage unit, and “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired.
  • the registration policy can be dynamically changed by rewriting the policy file.
  • types of ID include, for example, type A, type B, type F, ISO15693, and the like.
  • An object of the present invention is to provide a portable terminal, an authentication method, an authentication program, and an authentication system that guarantee the safe execution of the attached operation.
  • the present invention is a portable terminal that wirelessly communicates with a non-contact IC, a read / write unit that reads an ID and data stored in the non-contact IC, and a display unit that displays an operation selection screen in the portable terminal; Based on the ID and data read by the read / write unit, according to the registration policy of the ID, the information identifying the operation in the mobile terminal selected from the selection screen and the ID are associated with each other
  • An availability determination unit that determines whether or not the ID can be used, and if the ID is determined to be available, specifies the ID read by the read / write unit and an operation in the mobile terminal
  • the present invention is an authentication method in a portable terminal that wirelessly communicates with a non-contact IC, the step of reading the ID and data stored in the non-contact IC, and based on the read ID and data Determining whether or not the ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone And the step of writing the generated new pseudo ID in the non-contact IC, and in the storage unit, the information specifying the operation in the portable terminal according to the security level of the ID and the ID are stored in association with each other. Updating the pseudo ID to the new pseudo ID, and changing the pseudo ID stored in the storage unit to the pseudo ID After updating the Shii pseudo ID, and a step of performing an operation in the mobile terminal corresponding to the information for specifying the operation.
  • a portable terminal that is a computer that wirelessly communicates with a non-contact IC, the step of reading an ID and data stored in the non-contact IC, and the reading based on the read ID and data. Determining whether the read ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone. A step of writing the generated new pseudo ID into the non-contact IC, and in the storage unit, the information identifying the operation in the portable terminal according to the security level of the ID and the ID are associated with each other Updating the stored pseudo ID to the new pseudo ID; and the pseudo ID stored in the storage unit. After the ID has been updated the the new pseudo ID, to realize, and performing an operation in the portable terminal corresponding to the information for specifying the operation.
  • the present invention is also an authentication system including a non-contact IC and a portable terminal that wirelessly communicates with the non-contact IC, wherein the non-contact IC stores an ID and data of the non-contact IC.
  • the portable terminal transmits the read signal to the non-contact IC, and the non-contact IC
  • a read / write unit that receives the ID and data from the storage unit, and a storage unit that stores information that specifies an operation in the portable terminal according to the security level of the ID, and a pseudo-ID that is different from the ID and the ID
  • a clone detection unit that determines whether the read ID is a clone based on the ID and data read by the read / write unit, When it is determined that the ID read by the read / write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data, and the operation in the storage unit
  • An operation execution unit that executes an operation in the mobile terminal.
  • an ID of a contactless IC card or tag it is effectively determined whether or not an ID of a contactless IC card or tag can be used reliably, and secure execution of an operation associated with the ID when using the ID is ensured. Can do.
  • a portable terminal according to the present invention is an electronic device that can read an ID and data stored in a non-contact IC mounted on an IC card or a tag.
  • the portable terminal a smartphone, a PDA (Personal Digital Assistant) or an electronic It is a book terminal.
  • the portable terminal which concerns on this invention is demonstrated as a smart phone, the portable terminal which concerns on this invention is not limited to each electronic device mentioned above.
  • the present invention can also be expressed as an authentication program for operating a device that is a mobile terminal or a mobile terminal as a computer. Furthermore, the present invention can also be expressed as an authentication method including each process (step) for authentication executed by the mobile terminal. Furthermore, the present invention can be expressed as an authentication system including an IC card or tag and a mobile terminal. That is, the present invention can be expressed in any category of an apparatus, a method, a program, and a system.
  • FIG. 1 is a system configuration diagram of the authentication system 7 of the present embodiment.
  • An authentication system 7 shown in FIG. 1 includes a tag 2 or an IC card 3 and a mobile terminal 4.
  • the portable terminal 4 performs short-range wireless communication with the non-contact IC 2a of the tag 2 or the non-contact IC 3a of the IC card 3, and transmits a read signal to the tag 2 or the IC card 3. Read the ID and data from the card 3.
  • the tag 2 is configured to have a non-contact IC 2a.
  • the non-contact IC 2 a includes a non-contact IC storage unit 2 a 1 that stores the ID and data of the tag 2 and a communication unit 2 a 2 that transmits the ID and data to the portable terminal 4.
  • the IC card 3 has a non-contact IC 3a.
  • the non-contact IC 3 a includes a non-contact IC storage unit 3 a 1 that stores the ID and data of the IC card 3 and a communication unit 3 a 2 that transmits the ID and data to the portable terminal 4.
  • FIG. 5 is a diagram illustrating an example of a data structure in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a and 3a.
  • the data structure in the non-contact IC storage units 2a1 and 3a1 shown in FIG. 5 has a configuration having an ID area and a Data area.
  • the IDs of the tag 2 and the IC card 3 on which the non-contact IC storage units 2a1 and 3a1 are mounted are written in advance.
  • the ID “AA: 10: FF: FA” is written in the ID area of FIG.
  • Some IDs in the ID area are rewritable and others are not rewritable. For example, a random value is used for the former ID, and a fixed value is used for the latter ID.
  • Data “CC: AC: B1: 84: 12: 44” is written in the Data area of FIG.
  • the data written in the Data area includes, for example, a write flag indicating that the Data area of the non-contact ICs 2a1 and 3a1 can write data by the read / write unit 13 (see later), and a pseudo ID (see later). Is applicable.
  • the pseudo ID is different from the ID written in the ID area.
  • FIG. 2 is a block diagram showing in detail the internal configuration of the mobile terminal 4 of the present embodiment.
  • the mobile terminal 4 displays an operation selection screen in the mobile terminal 4 on the display unit 21, reads the ID and data of the tag 2, and is selected from the selection screen based on the read ID and data.
  • the ID of the tag 2 can be used in association with information (for example, operation ID) for specifying the operation in the portable terminal 4 and the ID according to the ID registration policy (for example, security level). judge.
  • the operation ID includes, for example, an application ID for identifying an application, a file path or URL (Uniform Resource Locator) of an application that is an access destination of an application execution file, and package / class information.
  • a security level will be exemplified and described as an example of a registration policy that is a criterion for storage (registration) of the portable terminal 4, but the example of the registration policy is not limited to the security level.
  • the portable terminal 4 associates the ID of the read tag 2 with the information for specifying the operation in the portable terminal 4, and the ID of the associated tag 2 And information specifying the operation of the portable terminal 4 are stored (registered) in the storage unit.
  • the portable terminal 4 determines whether or not the tag 2 satisfies a predetermined authentication condition (described later) based on the ID and data read when the tag 2 is held over the portable terminal 4. When it is determined that the predetermined authentication condition is satisfied, the mobile terminal 4 performs an operation according to information specifying the operation in the mobile terminal 4 associated with the read ID (see FIGS. 19 to 22). ).
  • an ID generated by a malicious third party by copying the ID of the tag 2 and the like that does not satisfy a specific authentication condition among the predetermined authentication conditions described above is defined as “clone”
  • the tag storing the clone (ID) is defined as “clone tag”.
  • associating the ID of the tag 2 (same for the IC card 3) with the information for specifying the operation in the mobile terminal 4 is defined as “pairing”.
  • the mobile terminal 4 shown in FIG. 2 includes a control unit 10, an operation unit 11, a read / write unit 13, a storage unit 17, a display unit 21, a RAM (Random Access Memory) 22, and a ROM (Read Only Memory) 23.
  • the control unit 10 is configured to include an operation information management unit 12, an availability determination unit 14, a pseudo ID generation unit 15, a registration unit 16, an ID validity verification unit 18, a clone detection unit 19, and an operation execution unit 20.
  • Each unit of the control unit 10 is configured using a CPU (Central Processing Unit) built in the mobile terminal 4 and controls the operation of each unit of the mobile terminal 4. That is, the operation of each unit of the control unit 10 in FIG. 2 is realized by a CPU built in the portable terminal 4.
  • a CPU Central Processing Unit
  • the operation unit 11 is a user interface for a user to input an operation on the mobile terminal 4, and outputs an operation signal corresponding to the operation content of the user to the operation information management unit 12.
  • the operation unit 11 is arranged on the display unit 21 and is configured with a touch panel that can accept an input operation with a user's finger or stylus pen.
  • the operation unit 11 can be configured with various keys such as a numeric keypad for inputting a telephone number and the like, a telephone key for performing on-hook or off-hook, and a function key.
  • the read / write unit 13 responds to any one of a plurality of types of modulation schemes to the tag 2 close to the mobile terminal 4 based on a reading instruction (see below) output from the operation information management unit 12. Send the read signal. Specifically, when the read / write unit 13 transmits a read signal of a modulation method according to the first communication standard and cannot receive the ID and data of the tag 2 according to the read signal, the second write communication 13 A read signal of a modulation method according to the standard is transmitted. When the read / write unit 13 cannot receive the ID and data of the tag 2 according to the read signal of the modulation method according to the second communication standard, the read / write unit 13 transmits the read signal of the modulation method according to another third communication standard. The same applies thereafter.
  • the read / write unit 13 receives the ID and data of the tag 2 sent back from the communication unit 2a2 of the tag 2 in response to the read signal. Thereby, the reading of the ID and data of the tag 2 of the read / write unit 13 is completed.
  • the read / write unit 13 reads the ID and data of the tag 2 by the number of times of reading (see later) included in the reading instruction. For example, when the number of times of reading is 4, the read / write unit 13 reads the ID and data of the tag 2 four times.
  • the read / write unit 13 outputs the communication standard information of the read signal when the ID and data of the tag 2 and the ID and data of the tag 2 are received to the availability determination unit 14. Furthermore, when the above-described write flag is included in the data received from the tag 2, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the write flag. Output to the availability determination unit 14.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 in accordance with the modulation method similar to the read signal to the tag 2, and the pseudo ID output from the pseudo ID generation unit 15 described later is used as the tag. 2 is written in the non-contact IC storage unit 2a1.
  • the read / write unit 13 outputs to the registration unit 16 whether or not the pseudo ID has been successfully written. In FIG. 2, an arrow between the read / write unit 13 and the registration unit 16 is not shown.
  • the read / write unit 13 outputs each ID and data of the tag 2 and communication standard information of the read signal to the ID validity verifying unit 18. Furthermore, when the above-described pseudo ID is included in the data of the tag 2, the read / write unit 13 verifies not only the ID and data of the tag 2, but also the pseudo ID as well as the communication standard information of the read signal. To the unit 18.
  • the operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation.
  • ID registration registration
  • the display unit 21 displays that the tag 2 is close to the mobile terminal 4.
  • the operation information management unit 12 causes the display unit 21 to display an ID security level selection screen after the display indicating that the tag 2 is close to the portable terminal 4 is confirmed by user operation.
  • FIG. 6A shows an example of a security level selection screen.
  • FIG. 6B is a diagram showing another example of the security level selection screen.
  • the operation of the mobile terminal 4 that is recommended for selection or the name of the application installed in the mobile terminal 4 is exemplarily displayed according to each security level. ing.
  • the information of the operation of the mobile terminal 4 that is recommended for selection according to the security level or the application installed in the mobile terminal 4 is stored in advance in the storage unit 17 described later. It should be noted that when an application is newly installed, which security level the application corresponds to may be temporarily stored in the storage unit 17 or may be changed secondarily by a user operation.
  • the operation information management unit 12 may automatically select the security level of the ID to be registered according to the operation or application of the mobile terminal 4 selected by the user operation. This eliminates the need for the mobile terminal 4 to cause the user to select the security level of the ID to be registered for ID, thereby simplifying the user operation.
  • the operation information management unit 12 can be used on the operation selection screen of the portable terminal 4 to be paired or the portable terminal 4 after the ID security level is selected by the user operation from the ID security level selection screen.
  • a menu screen including an ID registration item is displayed on the display unit 21.
  • the operation information management unit 12 outputs to the registration unit 16 information (for example, operation ID) that identifies the operation of the mobile terminal 4 to be paired or the operation selected as the operation according to the application menu.
  • FIG. 7A is a diagram illustrating an example of an operation selection screen of the mobile terminal 4 to be paired.
  • FIG. 7B is a diagram illustrating an example of an operation selection screen corresponding to a menu of an application to be paired.
  • FIG. 7C is a diagram illustrating an example of a selection screen for determining whether or not to disable the activation of an application from an icon after registering the ID of the tag 2.
  • an application to be paired is, for example, application Z.
  • the selection screen in FIG. 7A is a screen that is displayed when the above-described ID setting application is started in a state where the standby screen is displayed on the display unit 21, for example.
  • the terminal lock is a function for preventing the use of a third-party mobile terminal 4 that does not know a password such as a password, for example, in order to ensure the security of the mobile terminal 4.
  • the SafetyBox is an application that keeps important information or data of the user of the mobile terminal 4.
  • the selection screen shown in FIG. 7 (b) for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag ID exchange as the menu of application Z to be paired ,...It is shown.
  • the selection screen of FIG. 7B is different from the selection screen of FIG. 7A in that the application Z to be paired is activated in advance by a user operation, and the ID setting (registration, deletion) described above in the application Z is performed. ) This is the screen displayed when the function is activated.
  • the tag ID registration is selected, the mobile terminal 4 proceeds to a process of registering an ID for pairing with an operation ID indicating activation of the application Z to be paired.
  • the selection screen shown in FIG. 7C is displayed after ID registration performed as a result of (3) tag ID registration being selected in the selection screen shown in FIG. 7B, for example.
  • the user interface including the application Z icon is hidden on the display unit 21 or the user interface including the application Z icon is displayed. It is a screen for inquiring of the user whether or not to perform invalidation setting so as not to start the application Z based on a user operation.
  • the mobile terminal 4 sets the user interface including the icon for starting the application Z to be in a non-display state.
  • the instruction is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
  • the portable terminal 4 can easily hide the presence of the application Z from the user, and the tag 2 is held over the portable terminal 4.
  • the application Z can be activated only when a predetermined authentication condition described later is satisfied. Therefore, the portable terminal 4 can similarly hide the presence of the application Z from, for example, a malicious third party other than the user, and can prevent the third party's application Z from being activated.
  • the mobile terminal 4 selects the application Z based on the user operation of the user interface including the icon of the application Z.
  • the setting instruction for setting the non-operation setting state is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
  • the portable terminal 4 cannot hide the presence of the application Z from the user, the activation of the application Z can be prevented from the user operation of the icon, and the tag 2 is held over the portable terminal 4 and will be described later.
  • the application Z can be activated only when a predetermined authentication condition is satisfied. Therefore, the mobile terminal 4 can prevent, for example, a malicious third party who does not have the tag 2 possessed by the user from starting the application Z.
  • the operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation.
  • “ID deletion” is selected (see FIG. 8A)
  • an ID already registered is read from the storage unit 17 and a selection screen of an ID to be deleted is displayed on the display unit 21.
  • FIG. 8A is a diagram illustrating an example of an ID selection screen to be deleted.
  • IDs to be deleted (1) tag A (ID: XX, photo A), (2) IC card B (ID: YY, photo B),.
  • the photograph A is image data representing a photograph of the tag A.
  • the image of the tag A is captured by an imaging unit (not shown in FIG. 2) according to a user operation.
  • a photograph is captured, and the captured image data is also stored (registered) in the storage unit 17 in association with the ID of the tag A.
  • the user when deleting the ID, the user can specifically recall which tag the name or ID of the tag A is by browsing the photo A, and can stop deleting the ID of the tag A. You can also. Since the same applies to the IC card B (ID: YY, photo B), description thereof is omitted.
  • the operation information management unit 12 uses the ID for pairing between the ID and the operation ID based on the security level of the selected ID and the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application.
  • the availability determination unit 14 is instructed to determine whether the availability is possible.
  • the operation information management unit 12 reads the ID and data of the tag 2 when the tag 2 is brought close to the portable terminal 4 by a user operation in response to a display indicating that the tag 2 is brought close to the portable terminal 4.
  • a reading instruction including the number of readings is output to the read / write unit 13.
  • the availability determination unit 14 acquires the ID and data of the tag 2 read by the read / write unit 13. Based on the ID and data of the tag 2 read by the read / write unit 13, the availability determination unit 14 performs an operation according to the operation of the mobile terminal 4 or the application menu selected by the user operation or the operation information management unit 12. It is determined whether the ID of the tag 2 can be used for the pairing of the operation ID and the ID of the tag 2 according to the user operation or the security level selected by the operation information management unit 12.
  • FIG. 3 is a block diagram showing in detail the internal configuration of the availability determination unit 14. 3 includes an ID fixing determination unit 31, an ID type determination unit 32, a write permission determination unit 33, an ID size determination unit 34, and a security level conformity determination unit 35. Here, the operation of each unit of the availability determination unit 14 will be described.
  • the ID fixing determination unit 31 determines whether or not the ID of the tag 2 read by the read / write unit 13 is a fixed value.
  • the read / write unit 13 reads the ID of the tag 2 by the number of times of reading included in the reading instruction output from the operation information management unit 12. When the number of readings is four, the ID fixing determination unit 31 determines whether or not all four IDs are fixed values, that is, the four IDs have the same value.
  • the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13.
  • the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. It is determined that Further, when the read / write unit 13 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
  • the ID size determination unit 34 determines the ID size of the tag 2 read by the read / write unit 13. For example, when the ID size of the tag 2 read by the read / write unit 13 is 6 digits, the ID size determination unit 34 sets the ID size of the tag 2 read by the read / write unit 13 to 6 digits. judge.
  • the security level conformity determination unit 35 is a read / write unit based on one or more determination results of the determination results of the ID type determination unit 32, the write permission / rejection determination unit 33, and the ID size determination unit 34. It is determined whether or not the ID of the tag 2 read by 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12.
  • the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34 are the ID type of the tag 2, the writability of data, and the ID size of the tag 2.
  • the security level conformity determination unit 35 The ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16 assuming that the ID can be used for pairing the ID and the ID of the tag 2.
  • the security level conformity determination unit 35 selects the ID of the tag 2 read by the read / write unit 13 by the user operation or operation information management unit 12 based on the security level table ST shown in FIG. It is determined whether the security level of the ID of the tag 2 is met.
  • the security level conformity determination unit 35 is based on the determination result of only the ID size determination unit 34, and the operation of the mobile terminal 4 selected by the user operation or the operation information management unit 12 or the operation according to the application menu Whether or not the ID of the tag 2 can be used for pairing between the ID and the ID of the tag 2 may be determined according to the security level selected by the user operation or the operation information management unit 12.
  • FIG. 9 is a diagram illustrating an example of a security level table stored in the storage unit 17.
  • three types of security levels “high”, “medium”, and “low” are defined.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “high”
  • the ID size is “8 to 16 digits”
  • the type is “type 1 ( Example: Type B) ”and the write permission / prohibition is“ permitted ”(that is, writable)
  • the security level of the tag 2 ID is suitable.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “medium”, the ID size is “5 to 7 digits” and the type is “type 2”. (Example: Type A) ”, and the write permission / prohibition is“ possible ”(that is, write is possible), it is determined that the security level of the tag 2 ID is suitable.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “low”, the ID size is “4 digits” and the type is “type 3 (example: ISO15693) ”and the write permission / prohibition is“ impossible ”(that is, writing is impossible), it is determined that the security level of the ID of the tag 2 is suitable.
  • the operation of the portable terminal 4 or the application installed in the portable terminal 4 that is recommended for selection according to the security level is exemplarily determined.
  • the operation information management unit 12 reads the content of “corresponding operation, corresponding application” recommended for selection according to each level of the security level table ST, and displays the selection screen shown in FIG. indicate.
  • the pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 or the clone detection unit 19 (the pseudo ID determination unit 41) described later.
  • the pseudo ID generation unit 15 outputs the generated pseudo ID to the registration unit 16.
  • the pseudo ID is a random value, and the pairing of the operation ID of the operation of the mobile terminal 4 according to the security level of the ID of the tag 2 or the operation according to the menu of the application and the ID of the tag 2 This is a value written in the Data area of the non-contact IC storage unit 2a1 of the tag 2 when the ID is usable and data can be written to the tag 2.
  • the registration unit 16 calculates a digest value of the predetermined data using a keyed hash function (Keyed Hashing Function) program for the predetermined data.
  • the program of the keyed hash function may be defined in advance in the operation of the registration unit 16, or may be stored in the storage unit 17.
  • the registration unit 16 operates the keyed hash function program stored in the storage unit 17 when calculating the digest value. Read and execute automatically.
  • the registration unit 16 uses a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 when the availability determination unit 14 determines that the ID of the tag 2 is usable.
  • the digest value of the tag 2 ID is calculated.
  • the case where the ID of the tag 2 is usable means that the operation in the portable terminal 4 according to the security level of the ID of the tag 2 selected by the user operation or the operation information management unit 12 or the operation according to the menu of the application This is a case where it is determined that the ID of the tag 2 can be used for pairing the ID and the ID of the tag 2.
  • the registration unit 16 pairs the calculated digest value of the ID of the tag 2 with the operation ID output from the operation information management unit 12, and sets the digest value of the ID of the paired tag 2 and the operation ID. Store (register) in the storage unit 17.
  • the registration unit 16 calculates a pseudo ID digest value using a keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15.
  • the registration unit 16 pairs the digest value of the ID of the tag 2 stored (registered) in the storage unit 17, the operation ID, and the digest value of the pseudo ID, and the digest value of the ID of the paired tag 2
  • the operation ID and the digest value of the pseudo ID are stored (registered) in the storage unit 17.
  • the registration unit 16 indicates that not only the operation ID, the digest value of the ID of the tag 2 and the digest value of the pseudo ID, but also that data can be written to the tag 2, that the ID of the tag 2 is a fixed value,
  • the ID size and the ID type of the tag 2 may be further paired.
  • the ID validity verification unit 18 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data.
  • the key hash function program may be defined in advance in the operation of the ID validity verification unit 18 or may be stored in the storage unit 17.
  • the ID validity verification unit 18 calculates the digest value of the keyed hash function stored in the storage unit 17. Load and execute the program dynamically.
  • the ID validity verification unit 18 acquires the ID read by the read / write unit 13, the pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), and the communication standard information of the read signal. .
  • the ID validity verifying unit 18 calculates a digest value of the ID using a keyed hash function program for the ID read by the read / write unit 13.
  • the ID validity verification unit 18 determines whether or not the digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (authentication condition 1). When it is determined that the digest value that is the same as the calculated digest value of the ID is not stored (registered) in the storage unit 17, the ID validity verification unit 18 sets the ID read by the read / write unit 13. Based on this, an authentication result indicating that the user cannot use the ID is output to the operation information management unit 12.
  • the ID validity verification unit 18 determines the ID, pseudo ID (non-contact IC storage unit of the tag 2). 2a1), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
  • the ID validity verifying unit 18 satisfies all the authentication conditions, and stores (registers) the digest value of the new pseudo ID generated by the pseudo ID generating unit 15 using the keyed hash function in the storage unit 17.
  • An operation execution instruction for executing the operation represented by the operation ID paired with the ID of the tag 2 read by the unit 13 is output to the operation execution unit 20.
  • the clone detection unit 19 includes an ID output from the ID validity verification unit 18, a pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), communication standard information of the read signal, and clone detection Based on the determination instruction, it is determined whether or not the ID read by the read / write unit 13 is a clone.
  • FIG. 4 is a block diagram showing the internal configuration of the clone detection unit 19 in detail.
  • the clone detection unit 19 illustrated in FIG. 4 includes a pseudo ID determination unit 41, an ID type determination unit 42, and a writability determination unit 43.
  • a pseudo ID determination unit 41 the ID type determination unit 42
  • a writability determination unit 43 the operation of each part of the clone detection unit 19 will be described.
  • the pseudo ID determination unit 41 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data.
  • the keyed hash function program may be specified in advance in the operation of the pseudo ID determination unit 41 or may be stored in the storage unit 17.
  • the pseudo ID determination unit 41 calculates the digest value and stores the keyed hash function program stored in the storage unit 17. Is dynamically loaded and executed.
  • the pseudo ID determination unit 41 When there is a pseudo ID paired with the ID registered in the storage unit 17, the pseudo ID determination unit 41 adds a keyed hash function program to the pseudo ID output from the ID validity verification unit 18. Use to calculate the digest value of the pseudo ID.
  • the pseudo ID determination unit 41 determines whether the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 (authentication condition 3), or is stored in the storage unit 17 It is determined whether or not it is the digest value of the latest pseudo ID among a plurality of pseudo IDs (authentication condition 4).
  • the pseudo ID determination unit 41 reads / writes the pseudo ID
  • the authentication result that the ID of the tag 2 read by 13 is a clone is output to the ID validity verification unit 18.
  • the pseudo ID determination unit 41 determines that the calculated pseudo ID digest value is the digest value of the latest pseudo ID among a plurality of pseudo IDs stored (registered) in the storage unit 17. Then, a generation instruction for generating a new pseudo ID is output to the pseudo ID generation unit 15.
  • the ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether or not the determined ID type of the tag 2 is the same as the ID type paired with the ID of the tag 2 stored (registered) in the storage unit 17. (Authentication condition 2).
  • the ID type determination unit 32 of the availability determination unit 14, the ID type determination unit 42 of the clone detection unit 19, and two ID type determination units are described.
  • two ID type determination units may be shared as one ID type determination unit.
  • the ID type determination unit 42 determines that the ID type of the determined tag 2 is not the same as the ID type of the same tag paired with the ID of the tag 2 stored (registered) in the storage unit 17. If the ID of the tag 2 read by the read / write unit 13 is a clone, the authentication result indicating that the ID is a clone is output to the ID validity verification unit 18.
  • the writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (authentication condition 5). Specifically, when the write flag is not output from the ID validity verification unit 18, that is, from the Data area of the non-contact IC storage unit 2 a 1 of the tag 2 by the read / write unit 13. When the write flag is not read, the authentication result that the ID of the tag 2 read by the read / write unit 13 is a clone is output to the ID validity verification unit 18.
  • the write permission determination unit 43 reads the write flag from the Data area of the non-contact IC storage unit 2a1 of the tag 2 by the read / write unit 13. If it is determined, it is determined that a new pseudo ID can be written in the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2.
  • the read / write determination unit 43 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
  • the operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18.
  • the storage unit 17 is configured using a hard disk or a flash memory built in the mobile terminal 4, and includes, for example, a security level table ST (see FIG. 9), an application executed by the operation execution unit 20, and an availability determination unit. 14, the ID of the tag 2 determined to be usable and the selected operation ID are paired and stored.
  • the display unit 21 is configured using an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence) display, and based on the display instruction output from the operation information management unit 12, the display instruction output from the operation information management unit 12 The contents corresponding to the are displayed.
  • LCD Liquid Crystal Display
  • organic EL Electrode
  • the RAM 22 operates as a work memory in each operation of each unit of the control unit 10. In FIG. 2, an arrow from each part of the control unit 10 to the RAM 22 is not shown.
  • the ROM 23 stores a program in which each operation of each unit of the control unit 10 of the mobile terminal 4 is defined in advance.
  • Each unit of the control unit 10 can be configured by hardware or software.
  • the CPU built in the portable terminal 4 reads a program in which each operation of each unit of the control unit 10 is defined in advance from the ROM 23, so that the control unit 10 10 units can operate.
  • FIG. 2 the arrow to the ROM 23 is not shown.
  • FIG. 10 is a flowchart for explaining processing in the ID setting application or the ID setting function in the mobile terminal 4 of the present embodiment.
  • the ID setting application or the ID setting menu called in the application includes a menu (ID registration) for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4, and already At least a menu (ID deletion) for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed.
  • ID registration for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4
  • ID deletion for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed.
  • the master ID stored in the master tag or the master PIN Personal Identification Number
  • the master tag is a tag that stores a master ID that proves the identity of the user in identity confirmation in the ID setting application or ID setting menu of the mobile terminal 4, and is affixed to, for example, a drawer on the desk of the user's home. Yes.
  • the ID setting application or the ID setting menu is activated and the master tag input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user brings the mobile terminal 4 close to the master tag.
  • the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and the identity verification succeeds when the same ID as the master ID of the master tag stored (registered) in the storage unit 17 is read. It is determined that
  • the master PIN is a personal identification number (PIN) that proves the identity of the user in identity verification in the ID setting application of the mobile terminal 4.
  • PIN personal identification number
  • the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and when the same PIN as the master PIN stored (registered) in the storage unit 17 is input by a user operation, the identity confirmation is performed. Judge as successful.
  • the operation information management unit 12 confirms the identity of the user who uses the mobile terminal 4 (S11). The identity verification of the user is performed using the above-described master tag or master PIN.
  • the operation information management unit 12 determines that the user identification has not been successful (S12, NO)
  • the operation information management unit 12 does not allow the user to use the ID setting application or the ID setting menu. Thereby, the process of the flowchart of FIG. 10 is completed.
  • the ID registration or ID deletion process is selected from the ID setting application or the ID setting menu by the user operation. (S13).
  • the operation information management unit 12 When the ID deletion process is selected (S13, ID deletion), the operation information management unit 12 reads the ID stored (registered) from the storage unit 17 and selects the ID to be deleted. Is displayed on the display unit 21 (S14). When any ID is selected by a user operation on the selection screen displayed on the display unit 21 (S15, YES), the operation information management unit 12 selects the ID selected by the user operation in step S15 and the ID. The operation ID paired with is deleted. As a result, the ID deletion process of FIG. 10 ends.
  • the operation information management unit 12 displays on the display unit 21 that the tag 2 is brought close to the portable terminal 4 (S16).
  • the operation information management unit 12 displays an ID security level selection screen on the display unit 21 after confirming that the tag 2 is brought close to the portable terminal 4 by a user operation (S17).
  • the operation information management unit 12 When any security level is selected by a user operation on the selection screen displayed on the display unit 21 (S18, YES), the operation information management unit 12 performs the operation of the mobile terminal 4 to be paired.
  • a menu screen including an ID registration item is displayed on the display unit 21 (S19).
  • the operation information management unit 12 determines the security level of the selected ID and the operation of the mobile terminal 4 Alternatively, based on the operation ID of the operation according to the menu of the application, the availability determining unit 14 is instructed to determine whether or not the ID can be used for pairing the ID and the operation ID.
  • the availability determination unit 14 is selected by the user operation or the operation information management unit 12 based on the instruction for availability determination from the operation information management unit 12 and the ID and data of the tag 2 read by the read / write unit 13.
  • the ID of the tag 2 is set according to the security level selected by the user operation or the operation information management unit 12. It is determined whether or not it can be used (S21). The availability determination process in step S21 will be described later with reference to FIG.
  • step S21 If it is determined after step S21 that the ID of the tag 2 is not usable (S22, NO), the operation information management unit 12 indicates that the ID of the tag 2 is not usable by the availability determination unit 14. The availability determination processing result is acquired, and the display unit 21 displays that the ID of the tag 2 is not available. As a result, the ID registration process of FIG. 10 ends.
  • the operation information management unit 12 indicates that the ID of the tag 2 is usable by the availability determination unit 14. Is obtained, and it is determined whether or not the ID of the tag 2 is already paired and stored (registered) in the storage unit 17 (S23). When it is determined that the ID of the tag 2 can be used (S22, YES), the availability determination unit 14 outputs the ID of the tag 2 determined to be usable to the registration unit 16.
  • the operation information management unit 12 selects the operation selected as the pairing target The ID is output to the registration unit 16.
  • the registration unit 16 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 (S24). Furthermore, the registration unit 16 pairs the operation ID output from the operation information management unit 12 with the digest value of the ID of the tag 2 and stores (registers) it in the storage unit 17 (S24).
  • the registration unit 16 outputs a pseudo ID generation instruction to the pseudo ID generation unit 15.
  • the pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 (S25).
  • the pseudo ID generation unit 15 outputs the generated pseudo ID to the read / write unit 13 and the registration unit 16, respectively.
  • the read / write unit 13 and the registration unit 16 each acquire the pseudo ID output from the pseudo ID generation unit 15.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the pseudo ID output from the pseudo ID generation unit 15 as the non-tag of the tag 2. Write to the contact IC storage unit 2a1 (S26).
  • step S26 If writing of the pseudo ID to the tag 2 is not successful in step S26 (S27, NO), the tag 2 is selected in step S13 as a tag incapable of writing data to the non-contact IC storage unit 2a1.
  • the ID registration process is completed. As a result, the ID registration process of FIG. 10 ends.
  • the registration unit 16 uses the keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15 to generate the pseudo ID.
  • the digest value is calculated (S28).
  • the registration unit 16 stores the operation ID stored (registered) in the storage unit 17 in step S24, the digest value of the tag 2 ID, and the pseudo ID digest value calculated in step S28 in a paired manner. It is stored (registered) in the unit 17 (S28).
  • the registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
  • FIG. 8B is a diagram illustrating an example of the availability determination processing result indicating that the ID is usable.
  • the various information includes, for example, an operation ID, a pseudo ID, that data can be written to the tag 2, that the ID is fixed, the size of the ID, the type of ID, the name of the tag 2, and the like.
  • FIG. 11 is a flowchart illustrating ID availability determination processing in the mobile terminal 4 of the present embodiment.
  • the read / write unit 13 initializes the number N of read signal transmissions based on the read instruction output from the operation information management unit 12 (S31), and the number of read signal transmissions to be actually transmitted (read). The number of times M is determined (S32).
  • the read / write unit 13 starts transmitting the read signal after the number M of read signal transmissions is determined in step S32 (S33).
  • the read / write unit 13 reads when the number N of read signal transmissions reaches the parameter M (YES in S34), that is, when the ID and data are read M times from the tag 2 by transmitting the read signal M times.
  • the signal transmission is stopped (S36). If the read signal transmission count N has not reached the parameter M (S34, NO), the read / write unit 13 increments the parameter N (S35). After step S35, until the number N of read signal transmissions reaches the parameter M, reading of the ID and data of the tag 2 by the read / write unit 13 is repeated.
  • the ID fixing determination unit 31 determines whether or not all M IDs of the tag 2 read by the read / write unit 13 are fixed values (S37). When it is determined that all of the M IDs are not fixed values (S37, NO), the ID fixing determination unit 31 uses that the IDs of the tag 2 cannot be used because the M IDs are random numbers. The result of the availability determination process is output to the operation information management unit 12. Thereby, the availability determination process in FIG. 11 ends.
  • the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13 (S38). Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13 (S38).
  • the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S39). Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. (S39).
  • the ID size determination unit 34 determines the size of the ID of the tag 2 read by the read / write unit 13 (S40).
  • the security level conformity determination unit 35 determines the tag 2 read by the read / write unit 13 based on the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34. It is determined whether the ID matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41).
  • the security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41). YES), the availability determination processing result indicating that the ID of the tag 2 is usable is output to the operation information management unit 12, and the ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16. . Thereby, the availability determination process in FIG. 11 ends.
  • the security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 does not conform to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 ( (S41, NO), the operation information management unit 12 outputs the availability determination result of the reason information indicating that the ID of the tag 2 is unusable and why the ID of the tag 2 is unusable.
  • the operation information management unit 12 causes the display unit 21 to display reason information indicating why the ID of the tag 2 is unavailable in response to the output from the security level conformity determination unit 35. Thereby, the availability determination process in FIG. 11 ends.
  • FIG. 12 is an explanatory diagram showing a first pattern of clone detection in the mobile terminal of this embodiment.
  • FIG. 13 is an explanatory diagram showing a second pattern of clone detection in the mobile terminal of this embodiment.
  • FIG. 12 and FIG. 13 it is assumed that what is stored (registered) in the storage unit 17 is a pseudo ID and not a digest value of the pseudo ID.
  • the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a.
  • the portable terminal 4 authenticates the tag 2 when the tag 2 comes close to the portable terminal 4. That is, the portable terminal 4 determines whether the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2. The authentication process will be described later with reference to FIG.
  • the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 in the authentication process (Step 1) and authenticates the tag 2 (Step 2).
  • the mobile terminal 4 updates the pseudo ID stored in the tag 2 and the storage unit 17 (Step 3).
  • the updated pseudo ID is assumed to be pseudo ID2.
  • the portable terminal 4 writes the pseudo ID 2 in the tag 2 (Step 4).
  • a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 5).
  • a tag 2 ' is generated by unauthorized copying of the tag 2
  • the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2a'.
  • the portable terminal 4 authenticates the tag 2 'when the tag 2' is brought close to the portable terminal 4 by a malicious third party. However, since the pseudo ID has been updated to pseudo ID 2 by the mobile terminal 4 in Step 3, since the pseudo ID 1 of the tag 2 ′ and the pseudo ID 2 of the mobile terminal 4 are different from each other, the tag 2 is detected as having detected the existence of the clone. It is determined that authentication of 'failed.
  • the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. It is assumed that a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 1).
  • a tag 2 ′ is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2 a ′.
  • the portable terminal 4 authenticates the tag 2 ′ when the tag 2 ′ comes close to the portable terminal 4. That is, the mobile terminal 4 determines whether or not the ID of the tag 2 ′ has already been stored (registered) as an ID that can be used in the mobile terminal 4. The authentication process will be described later with reference to FIG.
  • the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 'in the authentication process (Step 2) and authenticates the tag 2' (Step 3). If the authentication of the tag 2 'is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2' and the storage unit 17 (Step 4). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 '(Step 5).
  • the portable terminal 4 When the tag 2 is brought close to the portable terminal 4 by a legitimate user, the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 (Step 6) and authenticates the tag 2 (Step 7). However, since the pseudo ID is updated to pseudo ID 2 by the mobile terminal 4 in Step 4, the pseudo ID 1 of the tag 2 and the pseudo ID 2 of the mobile terminal 4 are different from each other in the mobile terminal 4. It is determined that the authentication of the tag 2 has failed because the presence of the clone is detected (Step 8). In this case, it is preferable to invalidate the ID of the tag 2 stored (registered) in the storage unit 17 of the mobile terminal 4.
  • FIG. 14 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17 and the tag 2 when no clone is detected.
  • FIG. 15 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17, clone tag, and tag 2 when a clone is detected.
  • the tag 2 stores the ID of a fixed value (ID1) in the ID area of the non-contact IC storage unit 2a1, and enables the pseudo ID to be stored in the Data area of the non-contact IC storage unit 2a1.
  • ID1 a fixed value
  • ID2 a fixed value
  • FIG. 15 it is assumed that the clone tag is used between the first use and the second use of the tag 2.
  • the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent.
  • the ID (ID1) and the pseudo ID (PID1) are stored (registered) in the storage unit 17, and the data in the non-contact IC storage unit 2a1 of the tag 2 is stored.
  • a pseudo ID (PID1) is stored in the area.
  • the pseudo ID stored (registered) in the storage unit 17 is PID1.
  • the pseudo ID stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
  • the pseudo ID stored (registered) in the storage unit 17 is obtained from PID (n-2).
  • the pseudo ID updated to PID (n ⁇ 1) and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID (n ⁇ 2) to PID (n ⁇ 1).
  • the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent.
  • the ID (ID 1) and the pseudo ID (PID 1) are stored (registered) in the storage unit 17, and are stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2.
  • a pseudo ID (PID1) is stored.
  • the pseudo ID stored in the storage unit 17 is changed from PID1 to PID2.
  • the pseudo ID updated and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
  • the pseudo stored in (registered) in the storage unit 17 The ID is updated from PID2 to PID3, and the pseudo ID stored in the Data area of the non-contact IC storage unit of the clone tag is updated from PID2 to PID3.
  • the mobile terminal 4 After the first use of the clone tag, when the tag 2 is used for the second time, the mobile terminal 4 stores the pseudo ID 3 stored (registered) in the storage unit 17 and the Data area of the non-contact IC storage unit 2a1 of the tag 2 It is determined that the pseudo ID 2 stored in the ID does not match. That is, the portable terminal 4 determines that the clone tag exists when the tag 2 is used for the second time and that the clone tag has been used before the second use of the tag 2.
  • FIG. 16 is a flowchart for explaining the authentication process of the tag 2 in the mobile terminal 4 of the present embodiment. The authentication process in FIG. 16 starts when the tag 2 to be authenticated is brought close to the mobile terminal 4.
  • the read / write unit 13 reads the ID and data of the tag 2 by transmitting a read signal to the tag 2 by the number of times set in advance (S51). Although detailed description of step S51 is omitted, the read / write unit 13 operates in step S51 in the same manner as the processes in steps S31 to S35 of FIG.
  • the read / write unit 13 outputs the ID and data of the tag 2 and the communication standard information of the read signal to the ID validity verification unit 18. Further, when the tag 2 data includes a pseudo ID, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the pseudo ID as an ID validity verification unit 18. Output to.
  • the ID validity verification unit 18 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the read / write unit 13 (S52). The ID validity verification unit 18 determines whether or not a digest value identical to the calculated digest value of the ID of the tag 2 is stored (registered) in the storage unit 17 (S53, authentication condition 1).
  • the ID validity verification unit 18 uses the read / write unit 13. Based on the ID of the read tag 2, an authentication result indicating that the user cannot use the ID of the tag 2 is output to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 17B is a diagram illustrating an example of an authentication result indicating that the authentication has failed.
  • the ID validity verification unit 18 determines the ID of the tag 2
  • the pseudo ID when stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
  • the ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13 (S54). Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17. (S54, authentication condition 2).
  • the ID type determination unit 42 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag) to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 18A shows that a clone has been detected and the previous authentication success date and location.
  • the operation information management unit 12 adds the previous authentication to the authentication result indicating that the clone has been detected. It is preferable to display the date (including time) and location at the time of success on the display unit 21. Thereby, the portable terminal 4 can provide the user with a hint as to when and where the clone was generated.
  • GPS Global Positioning System
  • the pseudo ID determination unit 41 determines whether or not there is a pseudo ID associated with the ID and the action ID in the storage unit 17 (S55).
  • the pseudo ID determination unit 41 determines the ID of the tag 2 read by the read / write unit 13.
  • the fact that the authentication was successful is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an operation execution instruction to the operation execution unit 20 to execute the operation indicated by the operation ID associated with the ID of the tag 2 read by the read / write unit 13.
  • the operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ).
  • the pseudo ID determination unit 41 uses the pseudo ID output from the ID validity verification unit 18 as a key.
  • the digest value of the pseudo ID is calculated using the attached hash function program (S56).
  • the pseudo ID determination unit 41 determines whether the calculated digest ID of the pseudo ID is the same as the pseudo ID stored (registered) in the storage unit 17 (S57, authentication condition 3), or further stored in the storage unit 17. It is determined whether or not it is the digest value of the latest pseudo ID among the plurality of pseudo IDs that have been set (S58, authentication condition 4).
  • the pseudo ID determination unit 41 determines that the tag 2 read by the read / write unit 13 An authentication result indicating that the user cannot use the ID of the tag 2 based on the ID is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the user cannot use the ID of the tag 2 based on the ID of the tag 2 read by the read / write unit 13 to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B).
  • the pseudo ID determination unit 41 indicates the authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag). Output to.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17, and is the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17.
  • the pseudo ID determination unit 41 outputs a new pseudo ID generation instruction to the pseudo ID generation unit 15.
  • the pseudo ID generation unit 15 generates a new pseudo ID based on the new pseudo ID generation instruction output from the pseudo ID determination unit 41 (S59).
  • the pseudo ID generation unit 15 outputs the generated new pseudo ID to the read / write unit 13 and the registration unit 16, respectively.
  • the read / write unit 13 and the registration unit 16 obtain new pseudo IDs output from the pseudo ID generation unit 15, respectively.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the new pseudo ID output from the pseudo ID generation unit 15 for the tag 2.
  • the writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S61, authentication condition 5 ).
  • the writability determination unit 43 indicates that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2
  • the authentication result indicating that the tag is a clone tag is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • the write permission / inhibition determination unit 43 can use the ID read by the read / write unit 13, that is, authentication that the authentication is successful. The result is output to the ID validity verification unit 18. Further, the registration unit 16 calculates a digest value of the new pseudo ID by using a keyed hash function program for the new pseudo ID output from the pseudo ID generation unit 15 (S62). Furthermore, the registration unit 16 pairs the operation ID stored (registered) in the storage unit 17, the digest value of the ID of the tag 2, and the digest value of the new pseudo ID calculated in step S ⁇ b> 62. Is stored (registered) (S62). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
  • the ID validity verification unit 18 stores (registers) the digest value of the new pseudo-ID keyed hash function that satisfies all the authentication conditions and is generated (registered) in the storage unit 17, and then the read / write unit
  • the operation execution instruction to the effect that the operation represented by the operation ID paired with the ID of the tag 2 read by 13 is executed is output to the operation execution unit 20.
  • the operation execution unit 20 executes the operation represented by the operation ID paired with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 17A is a diagram illustrating an example of an authentication result indicating that the authentication is successful.
  • the authentication result shown in FIG. 17A indicates that the ID of the tag 2 read by the read / write unit 13 has been successfully authenticated, for example, for canceling the use stop state (lock state) of the SafetyBox that is the application.
  • a confirmation notification icon IC11 is displayed. When the icon IC 11 is confirmed and pressed by a user operation, the locked state of the Safety Box that is the application is released and becomes usable.
  • FIG. 18B is a diagram illustrating an example of a selection screen for determining whether or not to invalidate the ID of the tag 2 detected as a clone.
  • the screen for identity verification shown in FIG. 18C is displayed.
  • the mobile terminal 4 stores (registers) in the storage unit 17 a setting instruction indicating that the authentication of the ID of the tag 2 is not successful in association with the ID.
  • FIG. 18C is a diagram illustrating an example of a screen when the identity is confirmed.
  • the portable terminal 4 may be configured not to execute an operation according to the operation ID associated with the ID of the tag 2. it can.
  • the portable terminal 4 of the authentication system 7 of the present embodiment can effectively determine whether or not the ID of the contactless IC card 3 and the tag 2 can be used reliably. Furthermore, when the portable terminal 4 authenticates using the ID and data of the non-contact IC card 3 and the tag 2 and satisfies all the authentication conditions, the portable terminal 4 executes the operation of the operation ID associated with the ID. Safety can be secured appropriately.
  • FIGS. 19 to 22 are explanatory diagrams showing an outline of a flow in which the mobile terminal according to the present embodiment authenticates the ID of the tag or the IC card and executes the first operation to the fourth operation of the mobile terminal, respectively.
  • the ID of the tag 2 or the IC card 3 is the security selected by the user operation in association with the ID of each operation of the mobile terminal 4 selected by the user operation. It is assumed that the availability determination unit 14 of the mobile terminal 4 determines that it can be used according to the level.
  • the mobile terminal 4 stores the ID and data of the tag 2
  • the ID of the tag 2 is authenticated based on the read ID and data. If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state. Thereby, the screen of the portable terminal 4 shifts from the locked screen to the standby screen, and the user can use the portable terminal 4 safely.
  • the mobile terminal 4 when the tag 2 is brought close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. Thereby, the screen of the portable terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used, and the user can safely use the Safety Box.
  • the mobile terminal 4 when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 confirms the unlocking of the SafetyBox before the operation of the operation ID associated with the ID of the tag 2, that is, the unlocking state of the SafetyBox. Displays an icon that represents the screen. Further, after this icon is confirmed and pressed by a user operation, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box.
  • the screen of the mobile terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used via a confirmation screen for unlocking the Safety Box to the user, and the user can safely use the Safe Box. Can be used.
  • the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. .
  • the portable terminal 4 starts the operation corresponding to the operation ID associated with the ID of the tag 2, that is, the browser as an application.
  • the screen of the portable terminal 4 shifts from the standby screen to a browser screen displayed when the browser is activated, and the user can safely use the browser as an application.
  • FIG. 23A is a diagram showing an example of an operation selection screen of the mobile terminal 4 to be paired.
  • FIG. 23B is a diagram showing an example of a message screen for approaching the tag 2 to be exchanged when the tag 2 is exchanged.
  • FIG. 23C is a diagram showing an example of a message screen for a tag 2 invalidation success notification and a new tag proximity instruction.
  • FIG. 23D is a diagram showing an example of a message screen for notification of success of new tag registration and tag exchange.
  • the selection screen in FIG. 23A for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag as operations of the mobile terminal 4 to be paired ID exchange,... Is shown.
  • the selection screen in FIG. 23A is similar to the selection screen in FIG. 7B, and an application to be paired (Z) is activated in advance by a user operation. It is a screen displayed when the setting (registration, deletion) application is activated.
  • the portable terminal 4 approaches the portable terminal 4 so that the tag 2 having the same ID as the ID already stored (registered) in the storage unit 17 in the application Z An instruction is displayed (see FIG. 23B).
  • the mobile terminal 4 After the tag 2 having the ID to be exchanged is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23B is confirmed by user operation, the mobile terminal 4 It is determined whether or not the tag 2 satisfying the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 to be exchanged satisfies the authentication condition.
  • the mobile terminal 4 invalidates the ID of the tag 2 and sets the ID of the tag 2 to be unusable. Furthermore, the portable terminal 4 brings the invalidation success notification that the invalidation of the tag 2 is successful and a new tag (V) to be registered instead of the invalidated tag 2 to the portable terminal 4.
  • a message screen with a proximity instruction to the effect is displayed on the display unit 21 (see FIG. 23C).
  • the mobile terminal 4 After the new tag V having the ID to be registered is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23C is confirmed and pressed by the user operation, the mobile terminal 4 It is determined whether the new target tag V satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the explanation, it is assumed that the new tag V to be registered satisfies the authentication condition.
  • the mobile terminal 4 pairs the ID of the new tag V with the operation ID paired with the ID of the tag 2 to be exchanged. To be stored (registered) in the storage unit 17. Further, the portable terminal 4 stores (registers) the ID of the new tag V in the storage unit 17 and causes the display unit 21 to display a success notification message screen indicating that the tag 2 has been successfully exchanged (FIG. 23 ( d)).
  • FIG. 24A is a diagram illustrating an example of a message screen for periodically updating the pseudo ID of the tag 2 and a proximity instruction for the tag 2 to be periodically updated.
  • FIG. 24B is a diagram illustrating an example of a message screen indicating a successful notification of periodic update of the pseudo ID of the tag 2.
  • tag 2 the tag for which the pseudo ID is periodically updated is referred to as tag 2.
  • the mobile terminal 4 periodically updates the pseudo ID paired with the ID of the tag 2 already stored (registered) in the storage unit 17 in a predetermined cycle (eg, once a week).
  • a message screen for approaching the tag 2 to be updated is displayed on the display unit 21 (see FIG. 24A).
  • the portable terminal 4 After the tag 2 having the pseudo ID to be periodically updated is brought close to the portable terminal 4 and the message screen of the proximity instruction shown in FIG. 24A is confirmed by user operation, the portable terminal 4 It is determined whether the tag 2 having the pseudo ID to be updated satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 having a pseudo ID that is a target of periodic update satisfies the authentication condition.
  • the mobile terminal 4 updates the pseudo ID of the tag 2 to a new pseudo ID different from the pseudo ID of the tag 2, and The ID is paired with the operation ID that has been paired with the ID of the tag 2 having the pseudo ID to be periodically updated, and stored (registered) in the storage unit 17. Further, the portable terminal 4 pairs the new pseudo ID with the ID and the operation ID of the tag 2 and stores (registers) the new pseudo ID in the storage unit 17 so that the periodic update of the tag 2 is successful. Is displayed on the display unit 21 (see FIG. 23D).
  • the authentication system according to the present invention has been described as a configuration including the tag 2 or the IC card 3 and the portable terminal 4 as shown in FIG. 1, but the tag 2 or the IC card 3 as shown in FIG. And it is good also as a structure which consists of the portable terminal 4 and the authentication server 5 which carries out radio
  • the authentication system 7 'shown in FIG. 25 will be described.
  • FIG. 25 is a system configuration diagram of an authentication system 7 'according to a modification of the present embodiment.
  • FIG. 26 is a block diagram showing the internal configuration of the mobile terminal 4 ′ and the authentication server 8 in the authentication system 7 ′ according to the modification of the present embodiment.
  • the portable terminal 4 ′ performs short-range wireless communication with the tag 2 on which the non-contact IC 2 a is mounted or the IC card 3 on which the non-contact IC 2 b is mounted, and wirelessly communicates with the authentication server 8 via the wireless base station BTS.
  • the mobile terminal 4 ′ includes at least the read / write unit 13, the display unit 21, the operation unit 11, and the operation execution unit 20 in the configuration illustrated in FIG. 2 (see FIG. 26).
  • the authentication server 8 includes the operation information management unit 12, the availability determination unit 14, the pseudo ID generation unit 15, the registration unit 16, the storage unit 17, the ID validity verification unit 18, the clone of the configuration of the mobile terminal 4 in FIG.
  • the configuration includes a detection unit 19, a RAM 22, and a ROM 23, and further includes a communication unit 25 for wireless communication with the mobile terminal 4 ′.
  • the operation of each part of the mobile terminal 4 ′ and the authentication server 8 is the same as that of each part of the mobile terminal 4 in FIG.
  • the ID server availability determination process and the authentication process shown in FIG. 2 are executed in the authentication server 8 and executed based on the authentication result from the authentication server 8. It is possible to simplify the circuit configuration of the portable terminal 4 ′.
  • the present invention effectively determines whether or not an ID of a contactless IC card or tag can be used reliably, and ensures a safe execution of an operation associated with the ID when using the ID, It is useful as an authentication method, an authentication program, and an authentication system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A mobile terminal is provided with: a read/write unit for reading an ID and data of a contactless IC; a display unit for displaying a selection screen for an operation in the mobile terminal; a usability determination unit for determining whether or not the ID can be used, said determination being made in accordance with an ID registration policy which, on the basis of the ID and data, is associated with the ID and information specifying the operation in the mobile terminal that is selected from the selection screen; a registration unit which associates the ID, which is read if it is determined that the ID is usable, and the information specifying the operation in the mobile terminal; and a storage unit for storing the associated ID and information specifying the operation.

Description

携帯端末、認証方法、認証プログラム及び認証システムMobile terminal, authentication method, authentication program, and authentication system
 本発明は、非接触IC(Integrated Circuit)リーダ機能を用いて読み取られたID(Identification)を認証する携帯端末、認証方法、認証プログラム及び認証システムに関する。 The present invention relates to a portable terminal, an authentication method, an authentication program, and an authentication system for authenticating an ID (Identification) read using a non-contact IC (Integrated Circuit) reader function.
 近年、Edy(登録商標)等のサービス利用の際に、非接触ICカード,RFID(Radio Frequency Identification)タグに用いられている非接触ICのIDを読み取るリーダ機能を有する携帯端末が普及している。この様な携帯端末の開発は進められており、今後、IDを読み取るリーダ機能に限らず、IDを書き換えるライタ機能を有する携帯端末が登場すると考えられている。 In recent years, when using services such as Edy (registered trademark), portable terminals having a reader function for reading IDs of non-contact ICs used in non-contact IC cards and RFID (Radio-Frequency-Identification) tags have become widespread. . Development of such a portable terminal is underway, and it is considered that not only a reader function for reading ID but also a portable terminal having a writer function for rewriting ID will appear in the future.
 携帯端末により読み取られた非接触ICカード,RFIDタグのIDは例えば携帯端末における認証に用いられることが想定され、この様な認証方法に関連して、例えば特許文献1~特許文献3がそれぞれ知られている。 The IDs of the non-contact IC card and RFID tag read by the portable terminal are assumed to be used for, for example, authentication in the portable terminal. For example, Patent Documents 1 to 3 are known in relation to such an authentication method. It has been.
 例えば、特許文献1の携帯型電子機器は、非接触IC用リーダライタを備え、非接触ICカードに記憶されているID番号を、非接触IC用リーダライタを介して受け取り、受け取ったID番号を記憶部のロック関連レコードに記憶させる。携帯型電子機器は、ロック解除のために認証する場合、非接触ICカードに記憶されているID番号を、非接触IC用リーダライタを介して受け取り、受け取ったID番号とロック関連レコードに記憶されたID番号とを照合する。これにより、携帯型電子機器は、ユーザなどに手間及び負担をかけることなく、非接触ICのID番号による認証を行うことができる。 For example, the portable electronic device of Patent Document 1 includes a non-contact IC reader / writer, receives an ID number stored in a non-contact IC card via the non-contact IC reader / writer, and receives the received ID number. It is stored in the lock related record of the storage unit. When the portable electronic device authenticates for unlocking, it receives the ID number stored in the non-contact IC card via the non-contact IC reader / writer and stores it in the received ID number and the lock related record. The ID number is verified. Thereby, the portable electronic device can perform authentication based on the ID number of the non-contact IC without burdening the user or the like.
 特許文献2の認証システムは、ICタグと、ICタグを特定するカードIDの読み出し及び書き込みを行うリーダ機能及びライタ機能を備える携帯端末装置と、複数のサービス提供サーバと、携帯端末装置を用いてサービス提供サーバへのアクセス者の認証を行う認証サーバとを備える。この認証システムにおいては、携帯端末装置は、ICタグからカードIDを読み出し、カードIDと携帯端末装置の端末IDとを認証サーバに送信する。認証サーバは、アクセス者を特定するユーザIDと、サービス毎に固有のカードID及び端末IDとを関連付けて登録し、更に、カードIDとは異なる書換用パスワードとユーザIDとを関連付けてデータベースに登録する。 The authentication system of Patent Document 2 uses an IC tag, a portable terminal device having a reader function and a writer function for reading and writing a card ID that specifies the IC tag, a plurality of service providing servers, and a portable terminal device. And an authentication server for authenticating an accessor to the service providing server. In this authentication system, the mobile terminal device reads the card ID from the IC tag, and transmits the card ID and the terminal ID of the mobile terminal device to the authentication server. The authentication server associates and registers a user ID for identifying an accessor and a unique card ID and terminal ID for each service, and further associates a rewrite password different from the card ID with the user ID and registers them in the database. To do.
 また、認証システムは、データベースに登録されたカードIDを、サービスの利用毎に更新し、携帯端末装置のライタ機能を通じてカードIDを新規のカードIDに書き換えるカード更新部を更に備える。認証サーバは、アクセス要求に係るサービスに関連付けられたカードIDを用いて認証し、認証が成功した場合には許可されたサービスを提供するサービス提供サーバへのアクセスを許可し、カードIDが取得されない場合には書換用パスワードを取得し、書換用パスワードをカードIDに代えて認証する。これにより、認証システムは、インターネット等の通信ネットワークを通じて、携帯電話又はPDA(Personal Digital Assistant)等の携帯情報端末によりサービスの提供を受けるための認証処理に際し、煩雑な操作等、ユーザに対する負担を軽減しつつ、有効にセキュリティを向上させることができる。 The authentication system further includes a card update unit that updates the card ID registered in the database every time the service is used, and rewrites the card ID with a new card ID through the writer function of the mobile terminal device. The authentication server authenticates by using the card ID associated with the service related to the access request, and when the authentication is successful, permits the access to the service providing server that provides the permitted service, and the card ID is not acquired. In this case, a rewrite password is acquired, and the rewrite password is authenticated instead of the card ID. As a result, the authentication system reduces burdens on the user, such as complicated operations, during authentication processing for receiving services provided by a portable information terminal such as a mobile phone or PDA (Personal Digital Assistant) through a communication network such as the Internet. However, security can be improved effectively.
 特許文献3の携帯電話制御システムは、起動する機能を表面に表示したカードにユニークなIDが付与されたICチップを内蔵し、IDを携帯電話機で読み取り、予め登録されたIDに対応する機能を起動する。これにより、携帯電話制御システムは、視覚障害者、高齢者などキーでの細かい操作に制約のあるユーザが、簡単に携帯電話を操作可能とすることができる。 The mobile phone control system of Patent Document 3 has a built-in IC chip with a unique ID attached to a card that displays the function to be activated on the surface, reads the ID with a mobile phone, and has a function corresponding to a pre-registered ID. to start. As a result, the mobile phone control system can allow a user who is restricted in fine operation with keys such as a visually impaired person and an elderly person to easily operate the mobile phone.
 なお、記載を簡略化するために、以下の説明において「RFIDタグ」を単に「タグ」と記載する。 In order to simplify the description, “RFID tag” is simply referred to as “tag” in the following description.
日本国特開2006-113719号公報Japanese Patent Laid-Open No. 2006-1113719 日本国特許第4716704号公報Japanese Patent No. 4716704 日本国特開2010-57053号公報Japanese Unexamined Patent Publication No. 2010-57053
 上述した特許文献1~特許文献3におけるID番号、カードID及びIDは、いずれもこれらの認証が成功した場合には、各ID番号、カードID及びIDが常に利用可能であることが前提とされている。ここで、説明を簡単にするために、「ID番号」、「カードID」及び「ID」を総称して「ID」と記載して説明する。 The ID numbers, card IDs, and IDs in Patent Documents 1 to 3 described above are assumed to be always available when the authentication is successful. ing. Here, in order to simplify the description, “ID number”, “card ID”, and “ID” are collectively described as “ID”.
 しかしながら、IDの認証が成功した場合でも、非接触ICカード,タグの仕様及び非接触ICカード,タグを用いるユーザの利用状況に応じて、非接触ICカード,タグのIDが常に利用可能となることがユーザのID利用において安全であるとは言い難いという課題が存在する。 However, even when the ID authentication is successful, the ID of the contactless IC card and the tag can always be used according to the specification of the contactless IC card and the tag and the usage status of the user who uses the tag. However, there is a problem that it is difficult to say that it is safe to use the user's ID.
 ここで、非接触ICカード,タグの仕様には、例えば、IDが固定値又は乱数値であること、IDの桁数だけでなく、IDの利用時における登録ポリシ(例:セキュリティレベル)に基づいて定められるIDの種類等が含まれる。なお、登録ポリシは、ポリシの内容が記述されたポリシファイルが携帯端末の記憶部に記憶される場合と、ポリシファイルが存在せずプログラムの一部において登録ポリシの内容が規定される場合とがある。 Here, the specifications of the non-contact IC card and the tag are based on, for example, whether the ID is a fixed value or a random value, the number of digits of the ID, and a registration policy (eg, security level) when using the ID. ID types determined by the The registration policy includes a case where a policy file in which the policy content is described is stored in the storage unit of the portable terminal and a case where the policy file is not present and the content of the registration policy is defined in a part of the program. is there.
 例えば前者の場合、登録ポリシの内容が「ペアリング(後述参照)が可能な動作は動作A、動作B、動作C」とすると、携帯端末はペアリングの可能な動作の一覧を表示するときに、記憶部からポリシファイルを読み出し、ペアリングの可能な動作として「動作A、動作B、動作C」を明示的に表示する。この場合、ポリシファイルを書き直すことにより、登録ポリシを動的に変更可能である。 For example, in the former case, if the content of the registration policy is “operation A, operation B, and operation C that can be paired (see later)”, the mobile terminal displays a list of operations that can be paired. The policy file is read from the storage unit, and “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired. In this case, the registration policy can be dynamically changed by rewriting the policy file.
 例えば後者の場合、登録ポリシの内容が「ペアリング(後述参照)が可能な動作は動作A、動作B、動作C」とすると、携帯端末がペアリングの可能な動作の一覧を表示するときに、登録ポリシの内容が規定されたプログラムを実行することにより、ペアリングの可能な動作として「動作A、動作B、動作C」を明示的に表示する。この場合、ポリシファイルが存在しないので、登録ポリシを変更するためには、登録ポリシの内容が規定されたプログラムの変更が必要となる。 For example, in the latter case, if the content of the registration policy is “operations that can be paired (see later) are operation A, operation B, and operation C”, when the mobile terminal displays a list of operations that can be paired By executing a program in which the contents of the registration policy are defined, “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired. In this case, since there is no policy file, in order to change the registration policy, it is necessary to change the program in which the contents of the registration policy are defined.
 また、IDの種類には、例えば、タイプA、タイプB、タイプF及びISO15693等が存在することが一般に知られている。 Further, it is generally known that types of ID include, for example, type A, type B, type F, ISO15693, and the like.
 本発明は、上述した従来の事情に鑑みてなされたものであり、非接触ICカード,タグのIDが確実に利用可能であるか否かを効果的に判定し、ID利用時においてIDと対応付けられた動作の安全な実行を担保する携帯端末、認証方法、認証プログラム及び認証システムを提供することを目的とする。 The present invention has been made in view of the above-described conventional circumstances, and effectively determines whether or not the ID of a contactless IC card or tag can be used reliably, and corresponds to the ID when using the ID. An object of the present invention is to provide a portable terminal, an authentication method, an authentication program, and an authentication system that guarantee the safe execution of the attached operation.
 本発明は、非接触ICと無線通信する携帯端末であって、前記非接触ICに記憶されているID及びデータを読み取るリードライト部と、前記携帯端末における動作の選択画面を表示する表示部と、前記リードライト部により読み取られた前記ID及びデータを基に、前記選択画面から選択された前記携帯端末における動作を特定する情報と前記IDとの対応付けに、前記IDの登録ポリシに応じて前記IDが利用可能であるか否かを判定する利用可否判定部と、前記IDが利用可能であると判定された場合、前記リードライト部により読み取られた前記IDと前記携帯端末における動作を特定する情報とを対応付ける登録部と、前記登録部により対応付けられた前記ID及び前記動作を特定する情報を記憶する記憶部と、を備える。 The present invention is a portable terminal that wirelessly communicates with a non-contact IC, a read / write unit that reads an ID and data stored in the non-contact IC, and a display unit that displays an operation selection screen in the portable terminal; Based on the ID and data read by the read / write unit, according to the registration policy of the ID, the information identifying the operation in the mobile terminal selected from the selection screen and the ID are associated with each other An availability determination unit that determines whether or not the ID can be used, and if the ID is determined to be available, specifies the ID read by the read / write unit and an operation in the mobile terminal A registration unit for associating information to be performed, and a storage unit for storing information identifying the ID and the operation associated with each other by the registration unit.
 また、本発明は、非接触ICと無線通信する携帯端末における認証方法であって、前記非接触ICに記憶されているID及びデータを読み取るステップと、前記読み取られたID及びデータを基に、前記IDがクローンであるか否かを判定するステップと、前記読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成するステップと、前記生成された新しい擬似IDを前記非接触ICに書き込むステップと、記憶部において、前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDとに対応付けて記憶されている擬似IDを、前記新しい擬似IDに更新するステップと、前記記憶部に記憶されている前記擬似IDを前記新しい擬似IDに更新した後、前記動作を特定する情報に対応した前記携帯端末における動作を実行するステップと、を備える。 Further, the present invention is an authentication method in a portable terminal that wirelessly communicates with a non-contact IC, the step of reading the ID and data stored in the non-contact IC, and based on the read ID and data Determining whether or not the ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone And the step of writing the generated new pseudo ID in the non-contact IC, and in the storage unit, the information specifying the operation in the portable terminal according to the security level of the ID and the ID are stored in association with each other. Updating the pseudo ID to the new pseudo ID, and changing the pseudo ID stored in the storage unit to the pseudo ID After updating the Shii pseudo ID, and a step of performing an operation in the mobile terminal corresponding to the information for specifying the operation.
 また、本発明は、非接触ICと無線通信するコンピュータである携帯端末に、前記非接触ICに記憶されているID及びデータを読み取るステップと、前記読み取られたID及びデータを基に、前記読み取られた前記IDがクローンであるか否かを判定するステップと、前記読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成するステップと、前記生成された新しい擬似IDを前記非接触ICに書き込むステップと、記憶部において、前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDとに対応付けて記憶されている擬似IDを、前記新しい擬似IDに更新するステップと、前記記憶部に記憶されている前記擬似IDを前記新しい擬似IDに更新した後、前記動作を特定する情報に対応した前記携帯端末における動作を実行するステップと、を実現させる。 According to another aspect of the present invention, there is provided a portable terminal that is a computer that wirelessly communicates with a non-contact IC, the step of reading an ID and data stored in the non-contact IC, and the reading based on the read ID and data. Determining whether the read ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone A step of writing the generated new pseudo ID into the non-contact IC, and in the storage unit, the information identifying the operation in the portable terminal according to the security level of the ID and the ID are associated with each other Updating the stored pseudo ID to the new pseudo ID; and the pseudo ID stored in the storage unit. After the ID has been updated the the new pseudo ID, to realize, and performing an operation in the portable terminal corresponding to the information for specifying the operation.
 また、本発明は、非接触ICと、前記非接触ICと無線通信する携帯端末とを含む認証システムであって、前記非接触ICは、前記非接触ICのID及びデータを記憶する非接触IC記憶部と、前記携帯端末からの読み取り信号を受信し、前記ID及びデータを送信する通信部と、を備え、前記携帯端末は、前記非接触ICに前記読み取り信号を送信し、前記非接触ICから前記ID及びデータを受信するリードライト部と、前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDと前記IDとは異なる擬似IDとを対応付けて記憶する記憶部と、前記リードライト部により読み取られた前記ID及びデータを基に、前記読み取られた前記IDがクローンであるか否かを判定するクローン検出部と、前記リードライト部により読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成する擬似ID生成部と、前記記憶部において前記動作を特定する情報と前記IDとに対応付けて記憶されている前記擬似IDを、前記擬似ID生成部により生成された前記新しい擬似IDに更新する登録部と、前記動作を特定する情報に対応した前記携帯端末における動作を実行する動作実行部と、を備える。 The present invention is also an authentication system including a non-contact IC and a portable terminal that wirelessly communicates with the non-contact IC, wherein the non-contact IC stores an ID and data of the non-contact IC. A storage unit; and a communication unit that receives a read signal from the portable terminal and transmits the ID and data. The portable terminal transmits the read signal to the non-contact IC, and the non-contact IC A read / write unit that receives the ID and data from the storage unit, and a storage unit that stores information that specifies an operation in the portable terminal according to the security level of the ID, and a pseudo-ID that is different from the ID and the ID And a clone detection unit that determines whether the read ID is a clone based on the ID and data read by the read / write unit, When it is determined that the ID read by the read / write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data, and the operation in the storage unit The registration unit for updating the pseudo ID stored in association with the information to be identified and the ID to the new pseudo ID generated by the pseudo ID generation unit, and the information corresponding to the information for specifying the operation An operation execution unit that executes an operation in the mobile terminal.
 上述した構成によれば、非接触ICカード,タグのIDが確実に利用可能であるか否かを効果的に判定し、ID利用時においてIDと対応付けられた動作の安全な実行を担保することができる。 According to the configuration described above, it is effectively determined whether or not the ID of the contactless IC card and the tag can be reliably used, and the safe execution of the operation associated with the ID is ensured when the ID is used. be able to.
 本発明によれば、非接触ICカード,タグのIDが確実に利用可能であるか否かを効果的に判定し、ID利用時においてIDと対応付けられた動作の安全な実行を担保することができる。 According to the present invention, it is effectively determined whether or not an ID of a contactless IC card or tag can be used reliably, and secure execution of an operation associated with the ID when using the ID is ensured. Can do.
本実施形態の認証システムのシステム構成図System configuration diagram of the authentication system of the present embodiment 本実施形態の携帯端末の内部構成を詳細に示すブロック図The block diagram which shows the internal structure of the portable terminal of this embodiment in detail 利用可否判定部の内部構成を詳細に示すブロック図Block diagram showing in detail the internal configuration of the availability determination unit クローン検出部の内部構成を詳細に示すブロック図Block diagram showing the internal configuration of the clone detector in detail 非接触ICの非接触IC記憶部におけるデータ構造の一例を示す図The figure which shows an example of the data structure in the non-contact IC memory | storage part of non-contact IC (a)セキュリティレベルの選択画面の一例を示す図、(b)セキュリティレベルの選択画面の他の一例を示す図(A) The figure which shows an example of the selection screen of a security level, (b) The figure which shows another example of the selection screen of a security level (a)ペアリングの対象となる携帯端末の動作の選択画面の一例を示す図、(b)ペアリングの対象となるアプリケーションのメニューに応じた動作の選択画面の一例を示す図、(c)タグのIDの登録後にアイコンからのアプリケーションの起動を無効化するか否かの選択画面の一例を示す図(A) The figure which shows an example of the operation selection screen of the portable terminal used as the object of pairing, (b) The figure which shows an example of the operation selection screen according to the menu of the application used as the object of pairing, (c) The figure which shows an example of the selection screen of whether the starting of the application from an icon is invalidated after registration of tag ID (a)削除の対象となるIDの選択画面の一例を示す図、(b)利用可能なIDであることを表す利用可否判定処理結果の一例を示す図(A) The figure which shows an example of the selection screen of ID used as the object of deletion, (b) The figure which shows an example of the availability determination processing result showing that it is usable ID セキュリティレベルテーブルの一例を示す図The figure which shows an example of a security level table 本実施形態の携帯端末におけるID設定アプリケーション又はID設定機能における処理を説明するフローチャートThe flowchart explaining the process in the ID setting application or ID setting function in the portable terminal of this embodiment 本実施形態の携帯端末におけるIDの利用可否判定処理を説明するフローチャートFlowchart for explaining ID availability determination processing in the portable terminal of this embodiment 本実施形態の携帯端末におけるクローンの検出の第1パターンを示す説明図Explanatory drawing which shows the 1st pattern of the detection of the clone in the portable terminal of this embodiment 本実施形態の携帯端末におけるクローンの検出の第2パターンを示す説明図Explanatory drawing which shows the 2nd pattern of the detection of the clone in the portable terminal of this embodiment クローンが検出されていない場合における記憶部及びタグの各ID及び擬似IDを示す説明図Explanatory drawing which shows each ID and pseudo | simulation ID of a memory | storage part when a clone is not detected, and a tag クローンが検出された場合における記憶部、クローンタグ及びタグの各ID及び擬似IDを示す説明図Explanatory drawing which shows each ID and pseudo | simulation ID of a memory | storage part, a clone tag, and a tag when a clone is detected 本実施形態の携帯端末におけるタグの認証処理を説明するフローチャートThe flowchart explaining the tag authentication process in the portable terminal of this embodiment (a)認証に成功したことを示す認証結果の一例を示す図、(b)認証に失敗したことを示す認証結果の一例を示す図(A) The figure which shows an example of the authentication result which shows that authentication was successful, (b) The figure which shows an example of the authentication result which shows that authentication failed (a)クローンを検出した旨と前回の認証成功日付及び場所とを示す図、(b)クローンとして検出されたタグのIDを無効化するか否かの選択画面の一例を示す図、(c)本人確認時の画面の一例を示す図(A) A diagram showing that a clone has been detected and the previous authentication success date and location, (b) a diagram showing an example of a selection screen for determining whether or not to invalidate an ID of a tag detected as a clone, (c) ) Diagram showing an example of the screen when verifying identity 本実施形態の携帯端末がタグ又はICカードのIDを認証して携帯端末の第1の動作を実行する流れの概要を示す説明図Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 1st operation | movement of a portable terminal 本実施形態の携帯端末がタグ又はICカードのIDを認証して携帯端末の第2の動作を実行する流れの概要を示す説明図Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 2nd operation | movement of a portable terminal 本実施形態の携帯端末がタグ又はICカードのIDを認証して携帯端末の第3の動作を実行する流れの概要を示す説明図Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 3rd operation | movement of a portable terminal 本実施形態の携帯端末がタグ又はICカードのIDを認証して携帯端末の第4の動作を実行する流れの概要を示す説明図Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 4th operation | movement of a portable terminal (a)ペアリングの対象となる携帯端末の動作の選択画面の一例を示す図、(b)タグの交換時において交換の対象となるタグの近接指示のメッセージ画面の一例を示す図、(c)タグの無効化成功通知と新しいタグの近接指示とのメッセージ画面の一例を示す図、(d)新しいタグの登録とタグの交換との成功通知のメッセージ画面の一例を示す図(A) A figure showing an example of a selection screen of operation of a portable terminal which is a pairing target, (b) a figure showing an example of a message screen for approaching a tag to be exchanged at the time of tag exchange, (c) ) A diagram showing an example of a message screen with a tag invalidation success notification and a new tag proximity instruction, (d) a diagram showing an example of a success notification message screen with a new tag registration and tag exchange (a)タグの擬似IDを定期更新する旨と定期更新の対象となるタグの近接指示とのメッセージ画面の一例を示す図、(b)タグの擬似IDの定期更新の成功通知を示すメッセージ画面の一例を示す図(A) The figure which shows an example of the message screen of the fact that the pseudo ID of the tag is periodically updated and the proximity instruction of the tag to be periodically updated, (b) The message screen which shows the successful notification of the periodic update of the pseudo ID of the tag Figure showing an example 本実施形態の変形例の認証システムのシステム構成図System configuration diagram of an authentication system according to a modification of the present embodiment 本実施形態の変形例の認証システムにおける携帯端末及び認証サーバの内部構成を示すブロック図The block diagram which shows the internal structure of the portable terminal and authentication server in the authentication system of the modification of this embodiment.
 以下、本発明に係る携帯端末、認証方法、認証プログラム及び認証システムの実施形態について、図面を参照して説明する。本発明に係る携帯端末は、ICカード又はタグに実装された非接触ICに記憶されているID及びデータを読み取り可能な電子機器であり、例えば携帯電話機、スマートフォン、PDA(Personal Digital Assistant)又は電子書籍端末である。以下、本発明に係る携帯端末はスマートフォンとして説明するが、本発明に係る携帯端末は上述した各電子機器に限定されない。 Hereinafter, embodiments of a mobile terminal, an authentication method, an authentication program, and an authentication system according to the present invention will be described with reference to the drawings. A portable terminal according to the present invention is an electronic device that can read an ID and data stored in a non-contact IC mounted on an IC card or a tag. For example, the portable terminal, a smartphone, a PDA (Personal Digital Assistant) or an electronic It is a book terminal. Hereinafter, although the portable terminal which concerns on this invention is demonstrated as a smart phone, the portable terminal which concerns on this invention is not limited to each electronic device mentioned above.
 なお、本発明は、携帯端末である装置、又は携帯端末をコンピュータとして動作させるための認証プログラムとして表現することも可能である。更に、本発明は、携帯端末により実行される認証のための各処理(ステップ)を含む認証方法として表現することも可能である。更に、本発明は、ICカード又はタグと、携帯端末とを含む認証システムとして表現することも可能である。即ち、本発明は、装置、方法、プログラム及びシステムのうちいずれのカテゴリーにおいても表現可能である。 Note that the present invention can also be expressed as an authentication program for operating a device that is a mobile terminal or a mobile terminal as a computer. Furthermore, the present invention can also be expressed as an authentication method including each process (step) for authentication executed by the mobile terminal. Furthermore, the present invention can be expressed as an authentication system including an IC card or tag and a mobile terminal. That is, the present invention can be expressed in any category of an apparatus, a method, a program, and a system.
(認証システム)
 図1は、本実施形態の認証システム7のシステム構成図である。図1に示す認証システム7は、タグ2又はICカード3と、携帯端末4とを含む構成である。図1において、携帯端末4は、タグ2の非接触IC2a又はICカード3の非接触IC3aとの間で近距離無線通信し、タグ2又はICカード3に読み取り信号を送信し、タグ2又はICカード3からID及びデータを読み取る。 (Authentication system)
FIG. 1 is a system configuration diagram of the authentication system 7 of the present embodiment. An authentication system 7 shown in FIG. 1 includes a tag 2 or an IC card 3 and a mobile terminal 4. In FIG. 1, the portable terminal 4 performs short-range wireless communication with the non-contact IC 2a of the tag 2 or the non-contact IC 3a of the IC card 3, and transmits a read signal to the tag 2 or the IC card 3. Read the ID and data from the card 3.
(タグ,ICカード)
 タグ2は、非接触IC2aを有する構成である。非接触IC2aは、タグ2のID及びデータを記憶する非接触IC記憶部2a1と、携帯端末4にID及びデータを送信する通信部2a2とを含む構成である。 (Tag, IC card)
The tag 2 is configured to have a non-contact IC 2a. The non-contact IC 2 a includes a non-contact IC storage unit 2 a 1 that stores the ID and data of the tag 2 and a communication unit 2 a 2 that transmits the ID and data to the portable terminal 4.
 ICカード3は、非接触IC3aを有する構成である。非接触IC3aは、ICカード3のID及びデータを記憶する非接触IC記憶部3a1と、携帯端末4にID及びデータを送信する通信部3a2とを含む構成である。 The IC card 3 has a non-contact IC 3a. The non-contact IC 3 a includes a non-contact IC storage unit 3 a 1 that stores the ID and data of the IC card 3 and a communication unit 3 a 2 that transmits the ID and data to the portable terminal 4.
 図5は、非接触IC2a,3aの非接触IC記憶部2a1,3a1におけるデータ構造の一例を示す図である。図5に示す非接触IC記憶部2a1,3a1におけるデータ構造は、ID領域とData領域を有する構成である。 FIG. 5 is a diagram illustrating an example of a data structure in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a and 3a. The data structure in the non-contact IC storage units 2a1 and 3a1 shown in FIG. 5 has a configuration having an ID area and a Data area.
 ID領域には、非接触IC記憶部2a1,3a1が実装されているタグ2,ICカード3のIDが予め書き込まれている。図5のID領域にはID「AA:10:FF:FA」が書き込まれている。ID領域のIDは、書き換え可能であるものと、書き換え可能でないものとがある。前者のIDは例えば乱数値が用いられるものと、後者のIDは固定値が用いられるものとがある。 In the ID area, the IDs of the tag 2 and the IC card 3 on which the non-contact IC storage units 2a1 and 3a1 are mounted are written in advance. The ID “AA: 10: FF: FA” is written in the ID area of FIG. Some IDs in the ID area are rewritable and others are not rewritable. For example, a random value is used for the former ID, and a fixed value is used for the latter ID.
 Data領域には、非接触IC2a1,3a1の非接触IC記憶部2a1,3a1に具体的に記憶されているデータが書き込まれている。図5のData領域にはデータ「CC:AC:B1:84:12:44」が書き込まれている。Data領域に書き込まれているデータは、例えば、非接触IC2a1,3a1のData領域がリードライト部13(後述参照)によりデータを書き込み可能であることを表す書込フラグ、及び擬似ID(後述参照)が該当する。なお、擬似IDはID領域に書き込まれているIDとは異なる。 In the Data area, data specifically stored in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a1 and 3a1 is written. Data “CC: AC: B1: 84: 12: 44” is written in the Data area of FIG. The data written in the Data area includes, for example, a write flag indicating that the Data area of the non-contact ICs 2a1 and 3a1 can write data by the read / write unit 13 (see later), and a pseudo ID (see later). Is applicable. The pseudo ID is different from the ID written in the ID area.
 以下、説明を簡略化するために、携帯端末4はタグ2と近距離無線通信する例を説明するが、当該説明は携帯端末4とICカード3との間の近距離無線通信においても同様に適用可能である。 Hereinafter, in order to simplify the description, an example in which the mobile terminal 4 performs short-distance wireless communication with the tag 2 will be described, but the description also applies to short-range wireless communication between the mobile terminal 4 and the IC card 3. Applicable.
(携帯端末)
 本実施形態の携帯端末4の構成及び各部の動作を、図2を参照して説明する。図2は、本実施形態の携帯端末4の内部構成を詳細に示すブロック図である。 (Mobile device)
The configuration of the mobile terminal 4 and the operation of each unit of the present embodiment will be described with reference to FIG. FIG. 2 is a block diagram showing in detail the internal configuration of the mobile terminal 4 of the present embodiment.
 本実施形態では、携帯端末4は、携帯端末4における動作の選択画面を表示部21に表示し、タグ2のID及びデータを読み取り、読み取られたID及びデータを基に、選択画面から選択された携帯端末4における動作を特定する情報(例:動作ID)とIDとの対応付けに、IDの登録ポリシ(例:セキュリティレベル)に応じてタグ2のIDが利用可能であるか否かを判定する。なお、動作IDは、例えばアプリケーションを識別するアプリケーションID、アプリケーションの実行ファイルへのアクセス先であるアプリケーションのファイルパス若しくはURL(Uniform Resource Locator)、パッケージ/クラス情報、といったものがある。以下、IDを携帯端末4の記憶(登録)の判断基準となる登録ポリシの一例としてセキュリティレベルを例示して説明するが、登録ポリシの一例はセキュリティレベルに限定されない。 In the present embodiment, the mobile terminal 4 displays an operation selection screen in the mobile terminal 4 on the display unit 21, reads the ID and data of the tag 2, and is selected from the selection screen based on the read ID and data. Whether or not the ID of the tag 2 can be used in association with information (for example, operation ID) for specifying the operation in the portable terminal 4 and the ID according to the ID registration policy (for example, security level). judge. The operation ID includes, for example, an application ID for identifying an application, a file path or URL (Uniform Resource Locator) of an application that is an access destination of an application execution file, and package / class information. Hereinafter, a security level will be exemplified and described as an example of a registration policy that is a criterion for storage (registration) of the portable terminal 4, but the example of the registration policy is not limited to the security level.
 携帯端末4は、タグ2のIDが利用可能であると判定された場合、読み取られたタグ2のIDと携帯端末4における動作を特定する情報とを対応付け、対応付けられたタグ2のIDと携帯端末4における動作を特定する情報とを記憶部に記憶させる(登録する)。 When it is determined that the ID of the tag 2 can be used, the portable terminal 4 associates the ID of the read tag 2 with the information for specifying the operation in the portable terminal 4, and the ID of the associated tag 2 And information specifying the operation of the portable terminal 4 are stored (registered) in the storage unit.
 更に、携帯端末4は、タグ2が携帯端末4にかざされた場合に読み取られたID及びデータを基に、タグ2が所定の認証条件(後述参照)を満たすか否かを判定する。携帯端末4は、所定の認証条件を満たすと判定された場合に、読み取られたIDと対応付けられた携帯端末4における動作を特定する情報に応じた動作を実行する(図19~図22参照)。 Furthermore, the portable terminal 4 determines whether or not the tag 2 satisfies a predetermined authentication condition (described later) based on the ID and data read when the tag 2 is held over the portable terminal 4. When it is determined that the predetermined authentication condition is satisfied, the mobile terminal 4 performs an operation according to information specifying the operation in the mobile terminal 4 associated with the read ID (see FIGS. 19 to 22). ).
 以下の説明において、悪意ある第三者によってタグ2のIDのコピー等によって生成されたIDであって、上述した所定の認証条件のうち特定の認証条件を満たさないIDを、「クローン」と定義し、クローン(ID)を記憶しているタグを「クローンタグ」と定義する。 In the following description, an ID generated by a malicious third party by copying the ID of the tag 2 and the like that does not satisfy a specific authentication condition among the predetermined authentication conditions described above is defined as “clone” The tag storing the clone (ID) is defined as “clone tag”.
 以下の説明において、タグ2(ICカード3も同様)のIDと携帯端末4における動作を特定する情報(例:動作ID)とを対応付けることを「ペアリング」と定義する。 In the following description, associating the ID of the tag 2 (same for the IC card 3) with the information for specifying the operation in the mobile terminal 4 (example: operation ID) is defined as “pairing”.
 図2に示す携帯端末4は、制御部10、操作部11、リードライト部13、記憶部17、表示部21、RAM(Random Access Memory)22及びROM(Read Only Memory)23を含む構成である。制御部10は、動作情報管理部12、利用可否判定部14、擬似ID生成部15、登録部16、ID正当性検証部18、クローン検出部19及び動作実行部20を含む構成である。 The mobile terminal 4 shown in FIG. 2 includes a control unit 10, an operation unit 11, a read / write unit 13, a storage unit 17, a display unit 21, a RAM (Random Access Memory) 22, and a ROM (Read Only Memory) 23. . The control unit 10 is configured to include an operation information management unit 12, an availability determination unit 14, a pseudo ID generation unit 15, a registration unit 16, an ID validity verification unit 18, a clone detection unit 19, and an operation execution unit 20.
 制御部10の各部は、携帯端末4に内蔵されるCPU(Central Processing Unit)を用いて構成され、携帯端末4の各部の動作を制御する。即ち、図2の制御部10の各部の動作は、携帯端末4に内蔵されるCPUにより実現される。ここで、説明の都合上、制御部10の各部の動作を説明する前に、操作部11及びリードライト部13の各動作を説明する。 Each unit of the control unit 10 is configured using a CPU (Central Processing Unit) built in the mobile terminal 4 and controls the operation of each unit of the mobile terminal 4. That is, the operation of each unit of the control unit 10 in FIG. 2 is realized by a CPU built in the portable terminal 4. Here, for convenience of explanation, each operation of the operation unit 11 and the read / write unit 13 will be described before describing the operation of each unit of the control unit 10.
 操作部11は、ユーザが携帯端末4に対する操作を入力するためのユーザインターフェースであり、ユーザの操作内容に応じた操作信号を動作情報管理部12に出力する。操作部11は、例えば、携帯端末4がスマートフォンである場合には、表示部21の上に配置され、ユーザの指又はスタイラスペンによる入力操作を受け付け可能なタッチパネルで構成される。また、操作部11は、携帯端末4が携帯電話機である場合には、電話番号等を入力するテンキー、オンフック又はオフフックを行う通話器キー及びファンクションキー等の各種キーで構成可能である。 The operation unit 11 is a user interface for a user to input an operation on the mobile terminal 4, and outputs an operation signal corresponding to the operation content of the user to the operation information management unit 12. For example, when the mobile terminal 4 is a smartphone, the operation unit 11 is arranged on the display unit 21 and is configured with a touch panel that can accept an input operation with a user's finger or stylus pen. Further, when the mobile terminal 4 is a mobile phone, the operation unit 11 can be configured with various keys such as a numeric keypad for inputting a telephone number and the like, a telephone key for performing on-hook or off-hook, and a function key.
 リードライト部13は、動作情報管理部12から出力された読み取り指示(後述参照)を基に、携帯端末4に近接されたタグ2に複数の種類の変調方式のうちいずれかの変調方式に応じた読み取り信号を送信する。具体的には、リードライト部13は、第1通信規格に応じた変調方式の読み取り信号を送信し、当該読み取り信号に応じてタグ2のID及びデータを受信できない場合に、他の第2通信規格に応じた変調方式の読み取り信号を送信する。リードライト部13は、第2通信規格に応じた変調方式の読み取り信号に応じてタグ2のID及びデータを受信できない場合に、他の第3通信規格に応じた変調方式の読み取り信号を送信し、以後同様である。 The read / write unit 13 responds to any one of a plurality of types of modulation schemes to the tag 2 close to the mobile terminal 4 based on a reading instruction (see below) output from the operation information management unit 12. Send the read signal. Specifically, when the read / write unit 13 transmits a read signal of a modulation method according to the first communication standard and cannot receive the ID and data of the tag 2 according to the read signal, the second write communication 13 A read signal of a modulation method according to the standard is transmitted. When the read / write unit 13 cannot receive the ID and data of the tag 2 according to the read signal of the modulation method according to the second communication standard, the read / write unit 13 transmits the read signal of the modulation method according to another third communication standard. The same applies thereafter.
 リードライト部13は、読み取り信号に対してタグ2の通信部2a2から折り返して送信されたタグ2のID及びデータを受信する。これにより、リードライト部13のタグ2のID及びデータの読み取りが完了する。リードライト部13は、読み取り指示に含まれる読み取り回数(後述参照)の分、タグ2のID及びデータを読み取る。例えば読み取り回数が4回である場合、リードライト部13は、タグ2のID及びデータをそれぞれ4回分、読み取る。 The read / write unit 13 receives the ID and data of the tag 2 sent back from the communication unit 2a2 of the tag 2 in response to the read signal. Thereby, the reading of the ID and data of the tag 2 of the read / write unit 13 is completed. The read / write unit 13 reads the ID and data of the tag 2 by the number of times of reading (see later) included in the reading instruction. For example, when the number of times of reading is 4, the read / write unit 13 reads the ID and data of the tag 2 four times.
 リードライト部13は、タグ2の各ID及びデータ、タグ2のID及びデータを受信したときの読み取り信号の通信規格情報を利用可否判定部14に出力する。更に、リードライト部13は、タグ2から受信したデータに上述した書込フラグが含まれている場合には、タグ2の各ID及びデータ、読み取り信号の通信規格情報だけではなく書込フラグも利用可否判定部14に出力する。 The read / write unit 13 outputs the communication standard information of the read signal when the ID and data of the tag 2 and the ID and data of the tag 2 are received to the availability determination unit 14. Furthermore, when the above-described write flag is included in the data received from the tag 2, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the write flag. Output to the availability determination unit 14.
 リードライト部13は、読み取り信号と同様の変調方式に応じた、タグ2にデータを書き込むための書き込み信号をタグ2に送信し、後述する擬似ID生成部15から出力された擬似IDを、タグ2の非接触IC記憶部2a1に書き込む。リードライト部13は、擬似IDの書き込みが成功したか否かを登録部16に出力する。なお、図2において、リードライト部13と登録部16との間の矢印の図示は省略している。 The read / write unit 13 transmits a write signal for writing data to the tag 2 in accordance with the modulation method similar to the read signal to the tag 2, and the pseudo ID output from the pseudo ID generation unit 15 described later is used as the tag. 2 is written in the non-contact IC storage unit 2a1. The read / write unit 13 outputs to the registration unit 16 whether or not the pseudo ID has been successfully written. In FIG. 2, an arrow between the read / write unit 13 and the registration unit 16 is not shown.
 リードライト部13は、タグ2の各ID及びデータ並びに読み取り信号の通信規格情報をID正当性検証部18に出力する。更に、リードライト部13は、タグ2のデータに上述した擬似IDが含まれている場合には、タグ2の各ID及びデータ、読み取り信号の通信規格情報だけではなく擬似IDもID正当性検証部18に出力する。 The read / write unit 13 outputs each ID and data of the tag 2 and communication standard information of the read signal to the ID validity verifying unit 18. Furthermore, when the above-described pseudo ID is included in the data of the tag 2, the read / write unit 13 verifies not only the ID and data of the tag 2, but also the pseudo ID as well as the communication standard information of the read signal. To the unit 18.
 動作情報管理部12は、携帯端末4において予めインストールされているID設定(登録,削除)アプリケーション又はユーザ操作により起動済みのアプリケーションにおいて呼び出されたID設定(登録,削除)機能においてユーザ操作によりメニュー「ID登録」が選択された場合、タグ2を携帯端末4に近接する旨を表示部21に表示させる。 The operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation. When “ID registration” is selected, the display unit 21 displays that the tag 2 is close to the mobile terminal 4.
 動作情報管理部12は、タグ2を携帯端末4に近接する旨の表示がユーザ操作により確認的に押下された後、IDのセキュリティレベルの選択画面を表示部21に表示させる。本実施形態において、セキュリティレベルは「高」、「中」及び「低」の3種類とする。 The operation information management unit 12 causes the display unit 21 to display an ID security level selection screen after the display indicating that the tag 2 is close to the portable terminal 4 is confirmed by user operation. In this embodiment, there are three types of security levels: “high”, “medium”, and “low”.
 図6(a)は、セキュリティレベルの選択画面の一例を示す図である。図6(b)は、セキュリティレベルの選択画面の他の一例を示す図である。図6(a)に示すセキュリティレベルの選択画面は、各セキュリティレベルに応じて、選択の推奨とされる携帯端末4の動作又は携帯端末4にインストールされているアプリケーションの名称が例示的に表示されている。 FIG. 6A shows an example of a security level selection screen. FIG. 6B is a diagram showing another example of the security level selection screen. In the security level selection screen shown in FIG. 6A, the operation of the mobile terminal 4 that is recommended for selection or the name of the application installed in the mobile terminal 4 is exemplarily displayed according to each security level. ing.
 セキュリティレベルに応じた選択の推奨とされる携帯端末4の動作又は携帯端末4にインストールされているアプリケーションの情報は、後述する記憶部17に予め記憶されている。なお、アプリケーションが新たにインストールされた時に、そのアプリケーションがどのセキュリティレベルに応じているかが記憶部17に一次的に記憶されても良いし、ユーザ操作により二次的に変更されても良い。 The information of the operation of the mobile terminal 4 that is recommended for selection according to the security level or the application installed in the mobile terminal 4 is stored in advance in the storage unit 17 described later. It should be noted that when an application is newly installed, which security level the application corresponds to may be temporarily stored in the storage unit 17 or may be changed secondarily by a user operation.
 図6(b)に示すセキュリティレベルの選択画面は、単に、各セキュリティレベルである「高」、「中」及び「低」が表示部21において表示されている。 In the security level selection screen shown in FIG. 6B, “high”, “medium”, and “low”, which are security levels, are simply displayed on the display unit 21.
 なお、動作情報管理部12は、ユーザ操作により選択された携帯端末4の動作又はアプリケーションに応じて、ID登録の対象となるIDのセキュリティレベルを自動的に選択しても良い。これにより、携帯端末4は、ID登録の対象となるIDのセキュリティレベルの選択をユーザに行わせる必要がなくなり、ユーザ操作をより簡易にできる。 The operation information management unit 12 may automatically select the security level of the ID to be registered according to the operation or application of the mobile terminal 4 selected by the user operation. This eliminates the need for the mobile terminal 4 to cause the user to select the security level of the ID to be registered for ID, thereby simplifying the user operation.
 動作情報管理部12は、IDのセキュリティレベルの選択画面からIDのセキュリティレベルがユーザ操作により選択された後、ペアリングの対象となる携帯端末4の動作の選択画面又は携帯端末4において利用可能なアプリケーションにおいてIDの登録項目を含むメニュー画面を表示部21に表示させる。動作情報管理部12は、ペアリングの対象となる携帯端末4の動作又はアプリケーションのメニューに応じた動作として選択された動作を特定する情報(例:動作ID)を登録部16に出力する。 The operation information management unit 12 can be used on the operation selection screen of the portable terminal 4 to be paired or the portable terminal 4 after the ID security level is selected by the user operation from the ID security level selection screen. In the application, a menu screen including an ID registration item is displayed on the display unit 21. The operation information management unit 12 outputs to the registration unit 16 information (for example, operation ID) that identifies the operation of the mobile terminal 4 to be paired or the operation selected as the operation according to the application menu.
 図7(a)は、ペアリングの対象となる携帯端末4の動作の選択画面の一例を示す図である。図7(b)は、ペアリングの対象となるアプリケーションのメニューに応じた動作の選択画面の一例を示す図である。図7(c)は、タグ2のIDの登録後にアイコンからのアプリケーションの起動を無効化するか否かの選択画面の一例を示す図である。なお、図7の説明において、ペアリングの対象となるアプリケーションを例えばアプリケーションZとする。 FIG. 7A is a diagram illustrating an example of an operation selection screen of the mobile terminal 4 to be paired. FIG. 7B is a diagram illustrating an example of an operation selection screen corresponding to a menu of an application to be paired. FIG. 7C is a diagram illustrating an example of a selection screen for determining whether or not to disable the activation of an application from an icon after registering the ID of the tag 2. In the description of FIG. 7, an application to be paired is, for example, application Z.
 図7(a)に示す選択画面には、ペアリングの対象となる携帯端末4の動作として、例えば、(1)ブラウザ起動、(2)端末ロック、(3)SafetyBox、…が示されている。図7(a)の選択画面は、例えば待ち受け画面が表示部21に表示されている状態において上述したID設定アプリケーションが起動した時に表示された画面である。端末ロックは、携帯端末4のセキュリティを担保するために、例えばパスワード等の暗証番号を知らない第三者の携帯端末4の使用を防ぐための機能である。また、SafetyBoxは、携帯端末4のユーザの大切な情報若しくはデータを預かるアプリケーションである。 In the selection screen shown in FIG. 7A, for example, (1) browser activation, (2) terminal lock, (3) SafetyBox,... Are shown as operations of the portable terminal 4 to be paired. . The selection screen in FIG. 7A is a screen that is displayed when the above-described ID setting application is started in a state where the standby screen is displayed on the display unit 21, for example. The terminal lock is a function for preventing the use of a third-party mobile terminal 4 that does not know a password such as a password, for example, in order to ensure the security of the mobile terminal 4. The SafetyBox is an application that keeps important information or data of the user of the mobile terminal 4.
 図7(b)に示す選択画面には、ペアリングの対象となるアプリケーションZのメニューとして、例えば(1)ブラウザ停止、(2)ブラウザ削除、(3)タグID登録、(4)タグID交換、…が示されている。図7(b)の選択画面は、図7(a)の選択画面と異なり、予めペアリングの対象となるアプリケーションZがユーザ操作により起動しており、アプリケーションZにおいて上述したID設定(登録,削除)機能が起動した状態において表示された画面である。(3)タグID登録が選択されると、携帯端末4は、ペアリングの対象となるアプリケーションZの起動を表す動作IDとペアリングするためのIDを登録する処理に移行する。 In the selection screen shown in FIG. 7 (b), for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag ID exchange as the menu of application Z to be paired ,…It is shown. The selection screen of FIG. 7B is different from the selection screen of FIG. 7A in that the application Z to be paired is activated in advance by a user operation, and the ID setting (registration, deletion) described above in the application Z is performed. ) This is the screen displayed when the function is activated. (3) When the tag ID registration is selected, the mobile terminal 4 proceeds to a process of registering an ID for pairing with an operation ID indicating activation of the application Z to be paired.
 なお、図7(c)に示す選択画面は、例えば図7(b)に示す選択画面において(3)タグID登録が選択された結果として行われたIDの登録後に表示される。図7(c)の選択画面は、タグ2のIDを登録し終えた場合に、アプリケーションZのアイコンを含むユーザインターフェースを表示部21において非表示する、又は、アプリケーションZのアイコンを含むユーザインターフェースのユーザ操作に基づいてアプリケーションZを起動させない様な無効化の設定を行うか否かをユーザに問い合わせる画面である。 Note that the selection screen shown in FIG. 7C is displayed after ID registration performed as a result of (3) tag ID registration being selected in the selection screen shown in FIG. 7B, for example. In the selection screen of FIG. 7C, when the ID of the tag 2 has been registered, the user interface including the application Z icon is hidden on the display unit 21 or the user interface including the application Z icon is displayed. It is a screen for inquiring of the user whether or not to perform invalidation setting so as not to start the application Z based on a user operation.
 図7(c)の選択画面において「YES」が選択された場合には、携帯端末4(の登録部16)は、アプリケーションZを起動するためのアイコンを含むユーザインターフェースを非表示状態とする設定指示を、ペアリングの対象となるタグ2のID及びアプリケーションZの起動を表す動作IDをペアリングして記憶部17に記憶させる(登録する)。 When “YES” is selected on the selection screen of FIG. 7C, the mobile terminal 4 (the registration unit 16) sets the user interface including the icon for starting the application Z to be in a non-display state. The instruction is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
 これにより、携帯端末4は、アプリケーションZのアイコンを含むユーザインターフェースが表示部21に表示されないため、アプリケーションZの存在をユーザに簡易的に隠すことができ、更に、タグ2が携帯端末4にかざされて後述する所定の認証条件が満たされた場合のみ、アプリケーションZを起動できる。従って、携帯端末4は、アプリケーションZの存在をユーザ以外の例えば悪意の第三者にも同様に隠すことができ、当該第三者のアプリケーションZの起動を防ぐことができる。 Thereby, since the user interface including the icon of the application Z is not displayed on the display unit 21, the portable terminal 4 can easily hide the presence of the application Z from the user, and the tag 2 is held over the portable terminal 4. Thus, the application Z can be activated only when a predetermined authentication condition described later is satisfied. Therefore, the portable terminal 4 can similarly hide the presence of the application Z from, for example, a malicious third party other than the user, and can prevent the third party's application Z from being activated.
 また、図7(c)の選択画面において「YES」が選択された場合には、携帯端末4(の登録部16)は、アプリケーションZをアプリケーションZのアイコンを含むユーザインターフェースのユーザ操作に基づいて非動作設定状態とする設定指示を、ペアリングの対象となるタグ2のID及びアプリケーションZの起動を表す動作IDをペアリングして記憶部17に記憶させる(登録する)。 When “YES” is selected on the selection screen of FIG. 7C, the mobile terminal 4 (the registration unit 16) selects the application Z based on the user operation of the user interface including the icon of the application Z. The setting instruction for setting the non-operation setting state is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
 これにより、携帯端末4は、アプリケーションZの存在をユーザに隠すことはできないが、アイコンのユーザ操作からアプリケーションZの起動を防ぐことができ、更に、タグ2が携帯端末4にかざされて後述する所定の認証条件が満たされた場合のみ、アプリケーションZを起動できる。従って、携帯端末4は、ユーザが所持するタグ2を所持しない例えば悪意の第三者がアプリケーションZを起動することを防ぐことができる。 Thereby, although the portable terminal 4 cannot hide the presence of the application Z from the user, the activation of the application Z can be prevented from the user operation of the icon, and the tag 2 is held over the portable terminal 4 and will be described later. The application Z can be activated only when a predetermined authentication condition is satisfied. Therefore, the mobile terminal 4 can prevent, for example, a malicious third party who does not have the tag 2 possessed by the user from starting the application Z.
 動作情報管理部12は、携帯端末4において予めインストールされているID設定(登録,削除)アプリケーション又はユーザ操作により起動済みのアプリケーションにおいて呼び出されたID設定(登録,削除)機能においてユーザ操作によりメニュー「ID削除」が選択された場合(図8(a)参照)、既に登録されているIDを記憶部17から読み出して削除の対象となるIDの選択画面を表示部21に表示させる。 The operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation. When “ID deletion” is selected (see FIG. 8A), an ID already registered is read from the storage unit 17 and a selection screen of an ID to be deleted is displayed on the display unit 21.
 図8(a)は、削除の対象となるIDの選択画面の一例を示す図である。図8(a)に示す選択画面には、削除の対象となるIDとして、(1)タグA(ID:XX、写真A)、(2)ICカードB(ID:YY、写真B)、…が示されている。写真Aは、タグAの写真を表す画像データであり、例えばタグAのIDが記憶部17に記憶(登録)される際、ユーザ操作に応じて図2に不図示の撮像部によってタグAの写真が撮像され、撮像された画像データもタグAのIDと関連付けて記憶部17に記憶(登録)される。これにより、ユーザは、IDを削除する場合に、写真Aを閲覧することによってタグAの名称又はIDがどのタグであるかを具体的に思い返すことができ、タグAのIDの削除を踏みとどまることもできる。ICカードB(ID:YY、写真B)についても同様であるため、説明を省略する。 FIG. 8A is a diagram illustrating an example of an ID selection screen to be deleted. In the selection screen shown in FIG. 8A, as IDs to be deleted, (1) tag A (ID: XX, photo A), (2) IC card B (ID: YY, photo B),. It is shown. The photograph A is image data representing a photograph of the tag A. For example, when the ID of the tag A is stored (registered) in the storage unit 17, the image of the tag A is captured by an imaging unit (not shown in FIG. 2) according to a user operation. A photograph is captured, and the captured image data is also stored (registered) in the storage unit 17 in association with the ID of the tag A. Thus, when deleting the ID, the user can specifically recall which tag the name or ID of the tag A is by browsing the photo A, and can stop deleting the ID of the tag A. You can also. Since the same applies to the IC card B (ID: YY, photo B), description thereof is omitted.
 また、動作情報管理部12は、選択されたIDのセキュリティレベル及び携帯端末4の動作又はアプリケーションのメニューに応じた動作の動作IDを基に、IDと動作IDとのペアリングに当該IDが利用可能であるか否かの利用可否判定処理を利用可否判定部14に指示する。 In addition, the operation information management unit 12 uses the ID for pairing between the ID and the operation ID based on the security level of the selected ID and the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application. The availability determination unit 14 is instructed to determine whether the availability is possible.
 また、動作情報管理部12は、タグ2を携帯端末4に近接する旨の表示に応じてユーザ操作によりタグ2が携帯端末4に近接された場合には、タグ2のID及びデータを読み取る旨並びに読み取り回数を含む読み取り指示をリードライト部13に出力する。 In addition, the operation information management unit 12 reads the ID and data of the tag 2 when the tag 2 is brought close to the portable terminal 4 by a user operation in response to a display indicating that the tag 2 is brought close to the portable terminal 4. In addition, a reading instruction including the number of readings is output to the read / write unit 13.
 利用可否判定部14は、リードライト部13により読み取られたタグ2のID及びデータを取得する。利用可否判定部14は、リードライト部13により読み取られたタグ2のID及びデータを基に、ユーザ操作又は動作情報管理部12により選択された携帯端末4における動作又はアプリケーションのメニューに応じた動作の動作IDとタグ2のIDとのペアリングに、ユーザ操作又は動作情報管理部12により選択されたセキュリティレベルに応じて当該タグ2のIDが利用可能であるか否かを判定する。 The availability determination unit 14 acquires the ID and data of the tag 2 read by the read / write unit 13. Based on the ID and data of the tag 2 read by the read / write unit 13, the availability determination unit 14 performs an operation according to the operation of the mobile terminal 4 or the application menu selected by the user operation or the operation information management unit 12. It is determined whether the ID of the tag 2 can be used for the pairing of the operation ID and the ID of the tag 2 according to the user operation or the security level selected by the operation information management unit 12.
 図3は、利用可否判定部14の内部構成を詳細に示すブロック図である。図3に示す利用可否判定部14は、ID固定判定部31、ID種類判定部32、書込可否判定部33、IDサイズ判定部34及びセキュリティレベル適合判定部35を含む構成である。ここで、利用可否判定部14の各部の動作を説明する。 FIG. 3 is a block diagram showing in detail the internal configuration of the availability determination unit 14. 3 includes an ID fixing determination unit 31, an ID type determination unit 32, a write permission determination unit 33, an ID size determination unit 34, and a security level conformity determination unit 35. Here, the operation of each unit of the availability determination unit 14 will be described.
 ID固定判定部31は、リードライト部13により読み取られたタグ2のIDが固定値であるか否かを判定する。リードライト部13は、動作情報管理部12から出力された読み取り指示に含まれる読み取り回数の分、タグ2のIDを読み取る。読み取り回数が4回である場合、ID固定判定部31は、4つのIDが全て固定値、即ち4つのIDが同一の値であるか否かを判定する。 The ID fixing determination unit 31 determines whether or not the ID of the tag 2 read by the read / write unit 13 is a fixed value. The read / write unit 13 reads the ID of the tag 2 by the number of times of reading included in the reading instruction output from the operation information management unit 12. When the number of readings is four, the ID fixing determination unit 31 determines whether or not all four IDs are fixed values, that is, the four IDs have the same value.
 ID種類判定部32は、リードライト部13により読み取られたタグ2のIDの種類を判定する。具体的には、ID種類判定部32は、リードライト部13から出力された読み取り信号の通信規格情報を基に、タグ2のIDの種類を判定する。 The ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13.
 書込可否判定部33は、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であるか否かを判定する。具体的には、書込可否判定部33は、リードライト部13から書込フラグが出力されている場合には、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であると判定する。また、書込可否判定部33は、リードライト部13がタグ2にデータを実際に書き込めた旨の書込成功通知をリードライト部13から取得した場合に、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であると判定しても良い。 The writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. It is determined that Further, when the read / write unit 13 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
 IDサイズ判定部34は、リードライト部13により読み取られたタグ2のIDのサイズを判定する。例えば、リードライト部13により読み取られたタグ2のIDのサイズが6桁である場合には、IDサイズ判定部34は、リードライト部13により読み取られたタグ2のIDのサイズを6桁と判定する。 The ID size determination unit 34 determines the ID size of the tag 2 read by the read / write unit 13. For example, when the ID size of the tag 2 read by the read / write unit 13 is 6 digits, the ID size determination unit 34 sets the ID size of the tag 2 read by the read / write unit 13 to 6 digits. judge.
 セキュリティレベル適合判定部35は、ID種類判定部32、書込可否判定部33及びIDサイズ判定部34の各判定結果のうちいずれか1つ又は2つ以上の判定結果を基に、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合するか否かを判定する。ID種類判定部32、書込可否判定部33及びIDサイズ判定部34の各判定結果は、タグ2のIDの種類、データの書き込み可否及びタグ2のIDのサイズである。 The security level conformity determination unit 35 is a read / write unit based on one or more determination results of the determination results of the ID type determination unit 32, the write permission / rejection determination unit 33, and the ID size determination unit 34. It is determined whether or not the ID of the tag 2 read by 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12. The determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34 are the ID type of the tag 2, the writability of data, and the ID size of the tag 2.
 セキュリティレベル適合判定部35は、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合すると判定された場合、動作IDとタグ2のIDとのペアリングに当該IDが利用可能であるとして、リードライト部13により読み取られたタグ2のIDを登録部16に出力する。 When it is determined that the ID of the tag 2 read by the read / write unit 13 matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12, the security level conformity determination unit 35 The ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16 assuming that the ID can be used for pairing the ID and the ID of the tag 2.
 具体的には、セキュリティレベル適合判定部35は、図9に示すセキュリティレベルテーブルSTを基に、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合するか否かを判定する。 Specifically, the security level conformity determination unit 35 selects the ID of the tag 2 read by the read / write unit 13 by the user operation or operation information management unit 12 based on the security level table ST shown in FIG. It is determined whether the security level of the ID of the tag 2 is met.
 なお、セキュリティレベル適合判定部35は、IDサイズ判定部34だけの判定結果を基に、ユーザ操作又は動作情報管理部12により選択された携帯端末4における動作又はアプリケーションのメニューに応じた動作の動作IDとタグ2のIDとのペアリングに、ユーザ操作又は動作情報管理部12により選択されたセキュリティレベルに応じて当該タグ2のIDが利用可能であるか否かを判定しても良い。 The security level conformity determination unit 35 is based on the determination result of only the ID size determination unit 34, and the operation of the mobile terminal 4 selected by the user operation or the operation information management unit 12 or the operation according to the application menu Whether or not the ID of the tag 2 can be used for pairing between the ID and the ID of the tag 2 may be determined according to the security level selected by the user operation or the operation information management unit 12.
 図9は、記憶部17に記憶されているセキュリティレベルテーブルの一例を示す図である。図9には、「高」、「中」及び「低」の3種類のセキュリティレベルが定められている。例えば、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルが「高」である場合には、IDサイズが「8桁~16桁」であり、種類が「種類1(例:タイプB)」であり、書き込み可否は「可」(即ち、書き込み可能)である場合に、タグ2のIDのセキュリティレベルは適合すると判定される。 FIG. 9 is a diagram illustrating an example of a security level table stored in the storage unit 17. In FIG. 9, three types of security levels “high”, “medium”, and “low” are defined. For example, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “high”, the ID size is “8 to 16 digits” and the type is “type 1 ( Example: Type B) ”and the write permission / prohibition is“ permitted ”(that is, writable), it is determined that the security level of the tag 2 ID is suitable.
 同様に、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルが「中」である場合には、IDサイズが「5桁~7桁」であり、種類が「種類2(例:タイプA)」であり、書き込み可否は「可」(即ち、書き込み可能)である場合に、タグ2のIDのセキュリティレベルは適合すると判定される。 Similarly, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “medium”, the ID size is “5 to 7 digits” and the type is “type 2”. (Example: Type A) ”, and the write permission / prohibition is“ possible ”(that is, write is possible), it is determined that the security level of the tag 2 ID is suitable.
 同様に、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルが「低」である場合には、IDサイズが「4桁」であり、種類が「種類3(例:ISO15693)」であり、書き込み可否は「不可」(即ち、書き込み不可)である場合に、タグ2のIDのセキュリティレベルは適合すると判定される。 Similarly, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “low”, the ID size is “4 digits” and the type is “type 3 (example: ISO15693) ”and the write permission / prohibition is“ impossible ”(that is, writing is impossible), it is determined that the security level of the ID of the tag 2 is suitable.
 また、図9に示すセキュリティレベルテーブルSTには、セキュリティレベルに応じて選択の推奨とされる携帯端末4の動作又は携帯端末4にインストールされているアプリケーションが例示的に定められている。動作情報管理部12は、セキュリティレベルテーブルSTの各レベルに応じて選択の推奨とされる「対応動作、対応アプリケーション」の内容を読み出して、図7(a)に示す選択画面を表示部21に表示する。 Further, in the security level table ST shown in FIG. 9, the operation of the portable terminal 4 or the application installed in the portable terminal 4 that is recommended for selection according to the security level is exemplarily determined. The operation information management unit 12 reads the content of “corresponding operation, corresponding application” recommended for selection according to each level of the security level table ST, and displays the selection screen shown in FIG. indicate.
 擬似ID生成部15は、後述する登録部16又はクローン検出部19(の擬似ID判定部41)から出力された擬似ID生成指示を基に、擬似IDを生成する。擬似ID生成部15は、生成された擬似IDを登録部16に出力する。擬似IDは、乱数値であって、タグ2のIDのセキュリティレベルに応じた携帯端末4における動作又はアプリケーションのメニューに応じた動作の動作IDとタグ2のIDとのペアリングに当該タグ2のIDが利用可能であって且つタグ2にデータの書き込みが可能である場合に、タグ2の非接触IC記憶部2a1のData領域に書き込まれる値である。 The pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 or the clone detection unit 19 (the pseudo ID determination unit 41) described later. The pseudo ID generation unit 15 outputs the generated pseudo ID to the registration unit 16. The pseudo ID is a random value, and the pairing of the operation ID of the operation of the mobile terminal 4 according to the security level of the ID of the tag 2 or the operation according to the menu of the application and the ID of the tag 2 This is a value written in the Data area of the non-contact IC storage unit 2a1 of the tag 2 when the ID is usable and data can be written to the tag 2.
 登録部16は、所定のデータに鍵付きハッシュ関数(Keyed Hashing Function)のプログラムを用いて、所定のデータのダイジェスト値を算出する。鍵付きハッシュ関数のプログラムは、登録部16の動作において予め規定されていても良いし、又は記憶部17に記憶されていても良い。なお、鍵付きハッシュ関数のプログラムが記憶部17に記憶されている場合には、登録部16は、ダイジェスト値を算出する場合に、記憶部17に記憶されている鍵付きハッシュ関数のプログラムを動的に読み込んで実行する。 The registration unit 16 calculates a digest value of the predetermined data using a keyed hash function (Keyed Hashing Function) program for the predetermined data. The program of the keyed hash function may be defined in advance in the operation of the registration unit 16, or may be stored in the storage unit 17. When the keyed hash function program is stored in the storage unit 17, the registration unit 16 operates the keyed hash function program stored in the storage unit 17 when calculating the digest value. Read and execute automatically.
 登録部16は、タグ2のIDが利用可能であると利用可否判定部14により判定された場合に利用可否判定部14から出力されたタグ2のIDに、鍵付きハッシュ関数のプログラムを用いて、タグ2のIDのダイジェスト値を算出する。タグ2のIDが利用可能である場合とは、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに応じた携帯端末4における動作又はアプリケーションのメニューに応じた動作の動作IDとタグ2のIDとのペアリングに当該タグ2のIDが利用可能であると判定された場合である。 The registration unit 16 uses a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 when the availability determination unit 14 determines that the ID of the tag 2 is usable. The digest value of the tag 2 ID is calculated. The case where the ID of the tag 2 is usable means that the operation in the portable terminal 4 according to the security level of the ID of the tag 2 selected by the user operation or the operation information management unit 12 or the operation according to the menu of the application This is a case where it is determined that the ID of the tag 2 can be used for pairing the ID and the ID of the tag 2.
 登録部16は、算出されたタグ2のIDのダイジェスト値と、動作情報管理部12から出力された動作IDとをペアリングし、ペアリングされたタグ2のIDのダイジェスト値と動作IDとを記憶部17に記憶させる(登録する)。 The registration unit 16 pairs the calculated digest value of the ID of the tag 2 with the operation ID output from the operation information management unit 12, and sets the digest value of the ID of the paired tag 2 and the operation ID. Store (register) in the storage unit 17.
 登録部16は、タグ2にデータの書き込みが可能である場合には、擬似ID生成部15から出力された擬似IDに鍵付きハッシュ関数のプログラムを用いて、擬似IDのダイジェスト値を算出する。登録部16は、記憶部17に記憶(登録)されたタグ2のIDのダイジェスト値と動作IDと更に擬似IDのダイジェスト値とをペアリングし、ペアリングされたタグ2のIDのダイジェスト値と動作IDと擬似IDのダイジェスト値とを記憶部17に記憶させる(登録する)。 When the data can be written to the tag 2, the registration unit 16 calculates a pseudo ID digest value using a keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15. The registration unit 16 pairs the digest value of the ID of the tag 2 stored (registered) in the storage unit 17, the operation ID, and the digest value of the pseudo ID, and the digest value of the ID of the paired tag 2 The operation ID and the digest value of the pseudo ID are stored (registered) in the storage unit 17.
 登録部16は、動作ID、タグ2のIDのダイジェスト値及び擬似IDのダイジェスト値だけでなく、タグ2にデータの書き込みが可能である旨、タグ2のIDが固定値である旨、タグ2のIDのサイズ及びタグ2のIDの種類を更にペアリングしても良い。 The registration unit 16 indicates that not only the operation ID, the digest value of the ID of the tag 2 and the digest value of the pseudo ID, but also that data can be written to the tag 2, that the ID of the tag 2 is a fixed value, The ID size and the ID type of the tag 2 may be further paired.
 ID正当性検証部18は、登録部16と同様に、所定のデータに鍵付きハッシュ関数のプログラムを用いて、所定のデータのダイジェスト値を算出する。鍵付きハッシュ関数のプログラムは、ID正当性検証部18の動作において予め規定されていても良いし、又は記憶部17に記憶されていても良い。なお、鍵付きハッシュ関数のプログラムが記憶部17に記憶されている場合には、ID正当性検証部18は、ダイジェスト値を算出する場合に、記憶部17に記憶されている鍵付きハッシュ関数のプログラムを動的に読み込んで実行する。 As with the registration unit 16, the ID validity verification unit 18 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data. The key hash function program may be defined in advance in the operation of the ID validity verification unit 18 or may be stored in the storage unit 17. When a keyed hash function program is stored in the storage unit 17, the ID validity verification unit 18 calculates the digest value of the keyed hash function stored in the storage unit 17. Load and execute the program dynamically.
 ID正当性検証部18は、リードライト部13により読み取られたID、擬似ID(タグ2の非接触IC記憶部2a1のData領域に記憶されている場合)及び読み取り信号の通信規格情報を取得する。ID正当性検証部18は、リードライト部13により読み取られたIDに鍵付きハッシュ関数のプログラムを用いて、IDのダイジェスト値を算出する。 The ID validity verification unit 18 acquires the ID read by the read / write unit 13, the pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), and the communication standard information of the read signal. . The ID validity verifying unit 18 calculates a digest value of the ID using a keyed hash function program for the ID read by the read / write unit 13.
 ID正当性検証部18は、算出されたIDのダイジェスト値と同一のダイジェスト値が記憶部17に記憶(登録)されているか否かを判定する(認証条件1)。算出されたIDのダイジェスト値と同一のダイジェスト値が記憶部17に記憶(登録)されていないと判定された場合には、ID正当性検証部18は、リードライト部13により読み取られたIDを基にユーザの当該ID利用を不可とする旨の認証結果を動作情報管理部12に出力する。 The ID validity verification unit 18 determines whether or not the digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (authentication condition 1). When it is determined that the digest value that is the same as the calculated digest value of the ID is not stored (registered) in the storage unit 17, the ID validity verification unit 18 sets the ID read by the read / write unit 13. Based on this, an authentication result indicating that the user cannot use the ID is output to the operation information management unit 12.
 ID正当性検証部18は、算出されたIDのダイジェスト値と同一のダイジェスト値が記憶部17に登録されていると判定された場合には、ID、擬似ID(タグ2の非接触IC記憶部2a1のData領域に記憶されている場合)、読み取り信号の通信規格情報及びクローン検出判定指示をクローン検出部19に出力する。 If it is determined that the same digest value as the calculated digest value of the ID is registered in the storage unit 17, the ID validity verification unit 18 determines the ID, pseudo ID (non-contact IC storage unit of the tag 2). 2a1), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
 ID正当性検証部18は、認証条件を全て満たし、擬似ID生成部15により生成された新しい擬似IDの鍵付きハッシュ関数によるダイジェスト値を記憶部17に記憶させた(登録した)後、リードライト部13により読み取られたタグ2のIDにペアリングされた動作IDが表す動作を実行する旨の動作実行指示を動作実行部20に出力する。 The ID validity verifying unit 18 satisfies all the authentication conditions, and stores (registers) the digest value of the new pseudo ID generated by the pseudo ID generating unit 15 using the keyed hash function in the storage unit 17. An operation execution instruction for executing the operation represented by the operation ID paired with the ID of the tag 2 read by the unit 13 is output to the operation execution unit 20.
 クローン検出部19は、ID正当性検証部18から出力されたID、擬似ID(タグ2の非接触IC記憶部2a1のData領域に記憶されている場合)、読み取り信号の通信規格情報及びクローン検出判定指示を基に、リードライト部13により読み取られたIDがクローンであるか否かを判定する。 The clone detection unit 19 includes an ID output from the ID validity verification unit 18, a pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), communication standard information of the read signal, and clone detection Based on the determination instruction, it is determined whether or not the ID read by the read / write unit 13 is a clone.
 図4は、クローン検出部19の内部構成を詳細に示すブロック図である。図4に示すクローン検出部19は、擬似ID判定部41、ID種類判定部42及び書込可否判定部43を含む構成である。ここで、クローン検出部19の各部の動作を説明する。 FIG. 4 is a block diagram showing the internal configuration of the clone detection unit 19 in detail. The clone detection unit 19 illustrated in FIG. 4 includes a pseudo ID determination unit 41, an ID type determination unit 42, and a writability determination unit 43. Here, the operation of each part of the clone detection unit 19 will be described.
 擬似ID判定部41は、登録部16と同様に、所定のデータに鍵付きハッシュ関数のプログラムを用いて、所定のデータのダイジェスト値を算出する。鍵付きハッシュ関数のプログラムは、擬似ID判定部41の動作において予め規定されていても良いし、又は記憶部17に記憶されていても良い。なお、鍵付きハッシュ関数のプログラムが記憶部17に記憶されている場合には、擬似ID判定部41は、ダイジェスト値を算出する場合に、記憶部17に記憶されている鍵付きハッシュ関数のプログラムを動的に読み込んで実行する。 Similar to the registration unit 16, the pseudo ID determination unit 41 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data. The keyed hash function program may be specified in advance in the operation of the pseudo ID determination unit 41 or may be stored in the storage unit 17. When the keyed hash function program is stored in the storage unit 17, the pseudo ID determination unit 41 calculates the digest value and stores the keyed hash function program stored in the storage unit 17. Is dynamically loaded and executed.
 擬似ID判定部41は、記憶部17に登録されているIDにペアリングされた擬似IDが存在している場合、ID正当性検証部18から出力された擬似IDに鍵付きハッシュ関数のプログラムを用いて、当該擬似IDのダイジェスト値を算出する。擬似ID判定部41は、算出された擬似IDのダイジェスト値が、記憶部17に記憶(登録)されている擬似IDと同じであるか(認証条件3)、更に、記憶部17に記憶されている複数の擬似IDのうち最新の擬似IDのダイジェスト値であるか否かを判定する(認証条件4)。 When there is a pseudo ID paired with the ID registered in the storage unit 17, the pseudo ID determination unit 41 adds a keyed hash function program to the pseudo ID output from the ID validity verification unit 18. Use to calculate the digest value of the pseudo ID. The pseudo ID determination unit 41 determines whether the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 (authentication condition 3), or is stored in the storage unit 17 It is determined whether or not it is the digest value of the latest pseudo ID among a plurality of pseudo IDs (authentication condition 4).
 擬似ID判定部41は、算出された擬似IDのダイジェスト値が、記憶部17に記憶されている複数の擬似IDのうち最新の擬似IDのダイジェスト値でないと判定された場合には、リードライト部13により読み取られたタグ2のIDはクローンである旨の認証結果をID正当性検証部18に出力する。 When it is determined that the calculated pseudo ID digest value is not the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17, the pseudo ID determination unit 41 reads / writes the pseudo ID The authentication result that the ID of the tag 2 read by 13 is a clone is output to the ID validity verification unit 18.
 擬似ID判定部41は、算出された擬似IDのダイジェスト値が、記憶部17に記憶(登録)されている複数の擬似IDのうち最新の擬似IDのダイジェスト値であると判定された場合には、新しい擬似IDを生成する旨の生成指示を擬似ID生成部15に出力する。 When the pseudo ID determination unit 41 determines that the calculated pseudo ID digest value is the digest value of the latest pseudo ID among a plurality of pseudo IDs stored (registered) in the storage unit 17. Then, a generation instruction for generating a new pseudo ID is output to the pseudo ID generation unit 15.
 ID種類判定部42は、リードライト部13により読み取られたタグ2のIDの種類を判定する。具体的には、ID種類判定部42は、リードライト部13から出力された読み取り信号の通信規格情報を基に、タグ2のIDの種類を判定する。ID種類判定部42は、判定されたタグ2のIDの種類と、記憶部17に記憶(登録)されているタグ2のIDにペアリングされている同IDの種類とが同じであるか否かを判定する(認証条件2)。 The ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether or not the determined ID type of the tag 2 is the same as the ID type paired with the ID of the tag 2 stored (registered) in the storage unit 17. (Authentication condition 2).
 なお、本実施形態の携帯端末4において、利用可否判定部14のID種類判定部32と、クローン検出部19のID種類判定部42と2つのID種類判定部が設けられる構成として説明しているが、2つのID種類判定部を1つのID種類判定部として共用しても良い。更に、利用可否判定部14の書込可否判定部33とクローン検出部19の書込可否判定部43とにおいても同様である。これにより、携帯端末4の回路構成を軽減できる。 In the portable terminal 4 according to the present embodiment, the ID type determination unit 32 of the availability determination unit 14, the ID type determination unit 42 of the clone detection unit 19, and two ID type determination units are described. However, two ID type determination units may be shared as one ID type determination unit. Further, the same applies to the writability determination unit 33 of the use permission determination unit 14 and the writability determination unit 43 of the clone detection unit 19. Thereby, the circuit configuration of the portable terminal 4 can be reduced.
 ID種類判定部42は、判定されたタグ2のIDの種類と、記憶部17に記憶(登録)されているタグ2のIDとペアリングされている同IDの種類とが同じでないと判定された場合、リードライト部13により読み取られたタグ2のIDはクローンである旨の認証結果をID正当性検証部18に出力する。 The ID type determination unit 42 determines that the ID type of the determined tag 2 is not the same as the ID type of the same tag paired with the ID of the tag 2 stored (registered) in the storage unit 17. If the ID of the tag 2 read by the read / write unit 13 is a clone, the authentication result indicating that the ID is a clone is output to the ID validity verification unit 18.
 書込可否判定部43は、擬似ID生成部15により生成された新しい擬似IDを、タグ2の非接触IC2aの非接触IC記憶部2a1に書き込みできるか否かを判定する(認証条件5)。具体的には、書込可否判定部43は、ID正当性検証部18から書込フラグが出力されていない場合、即ち、リードライト部13によりタグ2の非接触IC記憶部2a1のData領域から書込フラグが読み取られていない場合、リードライト部13により読み取られたタグ2のIDはクローンである旨の認証結果をID正当性検証部18に出力する。 The writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (authentication condition 5). Specifically, when the write flag is not output from the ID validity verification unit 18, that is, from the Data area of the non-contact IC storage unit 2 a 1 of the tag 2 by the read / write unit 13. When the write flag is not read, the authentication result that the ID of the tag 2 read by the read / write unit 13 is a clone is output to the ID validity verification unit 18.
 書込可否判定部43は、ID正当性検証部18から書込フラグが出力されている場合、即ち、リードライト部13によりタグ2の非接触IC記憶部2a1のData領域から書込フラグが読み取られている場合、タグ2の非接触IC2aの非接触IC記憶部2a1に新しい擬似IDを書き込み可能であると判定する。 When the write flag is output from the ID validity verification unit 18, that is, the write permission determination unit 43 reads the write flag from the Data area of the non-contact IC storage unit 2a1 of the tag 2 by the read / write unit 13. If it is determined, it is determined that a new pseudo ID can be written in the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2.
 また、書込可否判定部43は、リードライト部13がタグ2にデータを実際に書き込めた旨の書込成功通知をリードライト部13から取得した場合に、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であると判定しても良い。 Further, when the read / write determination unit 43 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
 動作実行部20は、ID正当性検証部18から出力された動作実行指示を基に、リードライト部13により読み取られたタグ2のIDに対応付けられた動作IDが表す動作を実行する。 The operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18.
 記憶部17は、携帯端末4に内蔵されるハードディスク又はフラッシュメモリを用いて構成され、例えば、セキュリティレベルテーブルST(図9参照)、動作実行部20により実行されるアプリケーション、並びに、利用可否判定部14により利用可能と判定されたタグ2のID及び選択された動作ID等をペアリングして記憶している。 The storage unit 17 is configured using a hard disk or a flash memory built in the mobile terminal 4, and includes, for example, a security level table ST (see FIG. 9), an application executed by the operation execution unit 20, and an availability determination unit. 14, the ID of the tag 2 determined to be usable and the selected operation ID are paired and stored.
 表示部21は、LCD(Liquid Crystal Display)又は有機EL(Electroluminescence)ディスプレイを用いて構成され、動作情報管理部12から出力された表示指示を基に、動作情報管理部12から出力された表示指示に応じた内容を表示する。 The display unit 21 is configured using an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence) display, and based on the display instruction output from the operation information management unit 12, the display instruction output from the operation information management unit 12 The contents corresponding to the are displayed.
 RAM22は、制御部10の各部の各動作におけるワークメモリとして動作する。なお、図2においては、制御部10の各部からRAM22への矢印の図示を省略している。 The RAM 22 operates as a work memory in each operation of each unit of the control unit 10. In FIG. 2, an arrow from each part of the control unit 10 to the RAM 22 is not shown.
 ROM23は、携帯端末4の制御部10の各部の各動作が予め規定されたプログラムを記憶している。なお、制御部10の各部は、ハードウェア又はソフトウェアで構成することが可能である。特に、制御部10の各部がソフトウェアにより構成される際には、携帯端末4に内蔵されているCPUが制御部10の各部の各動作が予め規定されたプログラムをROM23から読み出すことにより、制御部10の各部が動作可能となる。なお、図2においては、ROM23への矢印の図示を省略している。 The ROM 23 stores a program in which each operation of each unit of the control unit 10 of the mobile terminal 4 is defined in advance. Each unit of the control unit 10 can be configured by hardware or software. In particular, when each unit of the control unit 10 is configured by software, the CPU built in the portable terminal 4 reads a program in which each operation of each unit of the control unit 10 is defined in advance from the ROM 23, so that the control unit 10 10 units can operate. In FIG. 2, the arrow to the ROM 23 is not shown.
(携帯端末の動作:ID設定(ID登録,ID削除)アプリケーション又はID設定メニューにおける処理)
 次に、携帯端末4においてインストールされているID設定アプリケーション又は既に起動しているアプリケーションにおいて呼び出されたID設定メニューにおける携帯端末4の動作を、図10を参照して説明する。図10は、本実施形態の携帯端末4におけるID設定アプリケーション又はID設定機能における処理を説明するフローチャートである。 (Operation of portable terminal: ID setting (ID registration, ID deletion) application or processing in ID setting menu)
Next, the operation of the portable terminal 4 in the ID setting menu called in the ID setting application installed in the portable terminal 4 or an application already activated will be described with reference to FIG. FIG. 10 is a flowchart for explaining processing in the ID setting application or the ID setting function in the mobile terminal 4 of the present embodiment.
 ID設定アプリケーション又はアプリケーションにおいて呼び出されたID設定メニューは、リードライト部13により読み取られたタグ又はICカードのIDを携帯端末4に記憶させる(登録する)ためのメニュー(ID登録)、及び、既に携帯端末4に記憶(登録)されたタグ又はICカードのIDを削除するためのメニュー(ID削除)を少なくとも実行可能である。なお、ID設定アプリケーション又はアプリケーションにおいて呼び出されたID設定メニューの初回起動時においては、マスタタグに記憶されているマスタID、又はマスタPIN(Personal Identification Number)がユーザの本人確認のために登録されることが好ましい。 The ID setting application or the ID setting menu called in the application includes a menu (ID registration) for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4, and already At least a menu (ID deletion) for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed. When the ID setting application or the ID setting menu called in the application is started for the first time, the master ID stored in the master tag or the master PIN (Personal Identification Number) is registered for user identification. Is preferred.
 マスタタグは、携帯端末4のID設定アプリケーション又はID設定メニューにおける本人確認においてユーザ本人であることを証明するマスタIDを記憶しているタグであり、例えばユーザの自宅の机の引き出し等に貼付されている。ID設定アプリケーション又はID設定メニューを起動した場合に本人確認用のマスタタグの入力画面が動作情報管理部12により表示部21に表示された場合、ユーザは、マスタタグに携帯端末4を近接させる。これにより、携帯端末4の動作情報管理部12は、ユーザの本人確認を行い、記憶部17に記憶(登録)されているマスタタグのマスタIDと同一のIDが読み取られた場合に本人確認が成功したと判定する。 The master tag is a tag that stores a master ID that proves the identity of the user in identity confirmation in the ID setting application or ID setting menu of the mobile terminal 4, and is affixed to, for example, a drawer on the desk of the user's home. Yes. When the ID setting application or the ID setting menu is activated and the master tag input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user brings the mobile terminal 4 close to the master tag. As a result, the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and the identity verification succeeds when the same ID as the master ID of the master tag stored (registered) in the storage unit 17 is read. It is determined that
 マスタPINは、携帯端末4のID設定アプリケーションにおける本人確認においてユーザ本人であることを証明する暗証番号(PIN)である。ID設定アプリケーション又はID設定メニューを起動した場合に本人確認用のマスタPINの入力画面が動作情報管理部12により表示部21に表示された場合、ユーザは、当該入力画面の入力欄にマスタPINを入力する。これにより、携帯端末4の動作情報管理部12は、ユーザの本人確認を行い、記憶部17に記憶(登録)されているマスタPINと同一のPINがユーザ操作により入力された場合に本人確認が成功したと判定する。 The master PIN is a personal identification number (PIN) that proves the identity of the user in identity verification in the ID setting application of the mobile terminal 4. When the ID setting application or the ID setting menu is activated and the master PIN input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user enters the master PIN in the input field of the input screen. input. As a result, the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and when the same PIN as the master PIN stored (registered) in the storage unit 17 is input by a user operation, the identity confirmation is performed. Judge as successful.
 図10において、動作情報管理部12は、携帯端末4を使用するユーザの本人確認を行う(S11)。ユーザの本人確認は、上述したマスタタグ又はマスタPINを用いて行われる。ユーザの本人確認が成功しなかったと動作情報管理部12により判定された場合には(S12、NO)、動作情報管理部12は、ID設定アプリケーション又はID設定メニューを当該ユーザに利用させない。これにより、図10のフローチャートの処理は終了する。 In FIG. 10, the operation information management unit 12 confirms the identity of the user who uses the mobile terminal 4 (S11). The identity verification of the user is performed using the above-described master tag or master PIN. When the operation information management unit 12 determines that the user identification has not been successful (S12, NO), the operation information management unit 12 does not allow the user to use the ID setting application or the ID setting menu. Thereby, the process of the flowchart of FIG. 10 is completed.
 ユーザの本人確認が成功したと動作情報管理部12により判定された場合には(S12、YES)、ユーザ操作により、ID設定アプリケーション又はID設定メニューのうちID登録又はID削除の処理が選択される(S13)。 When the operation information management unit 12 determines that the user identity has been successfully confirmed (S12, YES), the ID registration or ID deletion process is selected from the ID setting application or the ID setting menu by the user operation. (S13).
 ID削除の処理が選択された場合には(S13、ID削除)、動作情報管理部12は、既に記憶(登録)されているIDを記憶部17から読み出して削除の対象となるIDの選択画面を表示部21に表示させる(S14)。表示部21に表示された選択画面においてユーザ操作によりいずれかのIDが選択された場合には(S15、YES)、動作情報管理部12は、ステップS15においてユーザ操作により選択されたID及び当該IDとペアリングされている動作IDを削除する。これにより、図10のID削除の処理は終了する。 When the ID deletion process is selected (S13, ID deletion), the operation information management unit 12 reads the ID stored (registered) from the storage unit 17 and selects the ID to be deleted. Is displayed on the display unit 21 (S14). When any ID is selected by a user operation on the selection screen displayed on the display unit 21 (S15, YES), the operation information management unit 12 selects the ID selected by the user operation in step S15 and the ID. The operation ID paired with is deleted. As a result, the ID deletion process of FIG. 10 ends.
 ID登録の処理が選択された場合には(S13、ID登録)、動作情報管理部12は、タグ2を携帯端末4に近接させる旨を表示部21に表示させる(S16)。動作情報管理部12は、タグ2を携帯端末4に近接させる旨の表示がユーザ操作により確認的に押下された後、IDのセキュリティレベルの選択画面を表示部21に表示させる(S17)。 When the ID registration process is selected (S13, ID registration), the operation information management unit 12 displays on the display unit 21 that the tag 2 is brought close to the portable terminal 4 (S16). The operation information management unit 12 displays an ID security level selection screen on the display unit 21 after confirming that the tag 2 is brought close to the portable terminal 4 by a user operation (S17).
 表示部21に表示された選択画面においてユーザ操作によりいずれかのセキュリティレベルが選択された場合には(S18、YES)、動作情報管理部12は、ペアリングの対象となる携帯端末4の動作の選択画面又は携帯端末4において利用可能なアプリケーションにおいてIDの登録項目を含むメニュー画面を表示部21に表示させる(S19)。 When any security level is selected by a user operation on the selection screen displayed on the display unit 21 (S18, YES), the operation information management unit 12 performs the operation of the mobile terminal 4 to be paired. In the selection screen or an application that can be used on the mobile terminal 4, a menu screen including an ID registration item is displayed on the display unit 21 (S19).
 表示部21に表示された選択画面においてユーザ操作によりいずれかの動作が選択された場合には(S20、YES)、動作情報管理部12は、選択されたIDのセキュリティレベル及び携帯端末4の動作又はアプリケーションのメニューに応じた動作の動作IDを基に、IDと動作IDとのペアリングに当該IDが利用可能であるか否かの利用可否判定処理を利用可否判定部14に指示する。 When any operation is selected by a user operation on the selection screen displayed on the display unit 21 (S20, YES), the operation information management unit 12 determines the security level of the selected ID and the operation of the mobile terminal 4 Alternatively, based on the operation ID of the operation according to the menu of the application, the availability determining unit 14 is instructed to determine whether or not the ID can be used for pairing the ID and the operation ID.
 利用可否判定部14は、動作情報管理部12からの利用可否判定の指示及びリードライト部13により読み取られたタグ2のID及びデータを基に、ユーザ操作又は動作情報管理部12により選択された携帯端末4における動作又はアプリケーションのメニューに応じた動作の動作IDとタグ2のIDとのペアリングに、ユーザ操作又は動作情報管理部12により選択されたセキュリティレベルに応じて当該タグ2のIDが利用可能であるか否かを判定する(S21)。ステップS21の利用可否判定処理については、図11を参照して後述する。 The availability determination unit 14 is selected by the user operation or the operation information management unit 12 based on the instruction for availability determination from the operation information management unit 12 and the ID and data of the tag 2 read by the read / write unit 13. In the pairing of the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application and the ID of the tag 2, the ID of the tag 2 is set according to the security level selected by the user operation or the operation information management unit 12. It is determined whether or not it can be used (S21). The availability determination process in step S21 will be described later with reference to FIG.
 ステップS21の後、タグ2のIDが利用可能でないと判定された場合には(S22、NO)、動作情報管理部12は、利用可否判定部14よりタグ2のIDが利用不可である旨の利用可否判定処理結果を取得し、タグ2のIDが利用不可である旨を表示部21に表示させる。これにより、図10のID登録の処理は終了する。 If it is determined after step S21 that the ID of the tag 2 is not usable (S22, NO), the operation information management unit 12 indicates that the ID of the tag 2 is not usable by the availability determination unit 14. The availability determination processing result is acquired, and the display unit 21 displays that the ID of the tag 2 is not available. As a result, the ID registration process of FIG. 10 ends.
 ステップS21の後、タグ2のIDが利用可能であると判定された場合には(S22、YES)、動作情報管理部12は、利用可否判定部14よりタグ2のIDが利用可能である旨の利用可否判定処理結果を取得し、当該タグ2のIDが既にペアリングされて記憶部17に記憶(登録)されているか否かを判定する(S23)。また、タグ2のIDが利用可能であると判定された場合には(S22、YES)、利用可否判定部14は、利用可能と判定されたタグ2のIDを登録部16に出力する。 If it is determined that the ID of the tag 2 is usable after step S21 (S22, YES), the operation information management unit 12 indicates that the ID of the tag 2 is usable by the availability determination unit 14. Is obtained, and it is determined whether or not the ID of the tag 2 is already paired and stored (registered) in the storage unit 17 (S23). When it is determined that the ID of the tag 2 can be used (S22, YES), the availability determination unit 14 outputs the ID of the tag 2 determined to be usable to the registration unit 16.
 タグ2のIDが既にペアリングされて記憶部17に記憶(登録)されていると判定された場合には(S23、YES)、ID登録の処理は既に行われているとして、図10のID登録の処理は終了する。 If it is determined that the ID of the tag 2 has already been paired and stored (registered) in the storage unit 17 (S23, YES), the ID registration process has already been performed and the ID of FIG. The registration process ends.
 タグ2のIDが既にペアリングされて記憶部17に記憶(登録)されていないと判定された場合には(S23、NO)、動作情報管理部12は、ペアリングの対象として選択された動作IDを登録部16に出力する。 When it is determined that the ID of the tag 2 has not been paired and stored (registered) in the storage unit 17 (S23, NO), the operation information management unit 12 selects the operation selected as the pairing target The ID is output to the registration unit 16.
 登録部16は、利用可否判定部14から出力されたタグ2のIDに鍵付きハッシュ関数のプログラムを用いて、タグ2のIDのダイジェスト値を算出する(S24)。更に、登録部16は、動作情報管理部12から出力された動作IDとタグ2のIDのダイジェスト値とを、ペアリングして記憶部17に記憶させる(登録する)(S24)。 The registration unit 16 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 (S24). Furthermore, the registration unit 16 pairs the operation ID output from the operation information management unit 12 with the digest value of the ID of the tag 2 and stores (registers) it in the storage unit 17 (S24).
 登録部16は、擬似IDの生成指示を擬似ID生成部15に出力する。擬似ID生成部15は、登録部16から出力された擬似IDの生成指示に基づいて、擬似IDを生成する(S25)。擬似ID生成部15は、生成された擬似IDをリードライト部13及び登録部16にそれぞれ出力する。リードライト部13及び登録部16は、擬似ID生成部15から出力された擬似IDをそれぞれ取得する。 The registration unit 16 outputs a pseudo ID generation instruction to the pseudo ID generation unit 15. The pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 (S25). The pseudo ID generation unit 15 outputs the generated pseudo ID to the read / write unit 13 and the registration unit 16, respectively. The read / write unit 13 and the registration unit 16 each acquire the pseudo ID output from the pseudo ID generation unit 15.
 リードライト部13は、読み取り信号と同様の変調方式に応じた、タグ2にデータを書き込むための書き込み信号をタグ2に送信し、擬似ID生成部15から出力された擬似IDをタグ2の非接触IC記憶部2a1に書き込む(S26)。 The read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the pseudo ID output from the pseudo ID generation unit 15 as the non-tag of the tag 2. Write to the contact IC storage unit 2a1 (S26).
 ステップS26において擬似IDのタグ2への書き込みが成功しなかった場合(S27、NO)、タグ2は非接触IC記憶部2a1へのデータの書き込みは不可のタグであるとして、ステップS13において選択されたID登録の処理は完了する。これにより、図10のID登録の処理は終了する。 If writing of the pseudo ID to the tag 2 is not successful in step S26 (S27, NO), the tag 2 is selected in step S13 as a tag incapable of writing data to the non-contact IC storage unit 2a1. The ID registration process is completed. As a result, the ID registration process of FIG. 10 ends.
 ステップS26において擬似IDのタグ2への書き込みが成功した場合(S27、YES)、登録部16は、擬似ID生成部15から出力された擬似IDに鍵付きハッシュ関数のプログラムを用いて、擬似IDのダイジェスト値を算出する(S28)。更に、登録部16は、ステップS24において記憶部17に記憶(登録)された動作IDとタグ2のIDのダイジェスト値とステップS28において算出された擬似IDのダイジェスト値とを、ペアリングして記憶部17に記憶させる(登録)する(S28)。登録部16は、記憶部17への記憶(登録)が終了した旨を動作情報管理部12に出力する。 If the pseudo ID is successfully written to the tag 2 in step S26 (S27, YES), the registration unit 16 uses the keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15 to generate the pseudo ID. The digest value is calculated (S28). Furthermore, the registration unit 16 stores the operation ID stored (registered) in the storage unit 17 in step S24, the digest value of the tag 2 ID, and the pseudo ID digest value calculated in step S28 in a paired manner. It is stored (registered) in the unit 17 (S28). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
 動作情報管理部12は、登録部16からの記憶(登録)終了通知を基に、記憶部17に記憶(登録)されたID及び動作ID等を表示部21に表示させる(図8(b)参照)。図8(b)は、利用可能なIDであることを表す利用可否判定処理結果の一例を示す図である。図8(b)に示す利用可否判定処理結果には、利用可能なID、当該IDとペアリングされた各種情報が表示されている。各種情報は、例えば、動作ID、擬似ID、タグ2にデータが書き込み可能であること、IDが固定であること、IDのサイズ、IDの種類、タグ2の名前等である。これにより、図10のID登録の処理は終了する。 Based on the storage (registration) end notification from the registration unit 16, the operation information management unit 12 displays the ID and operation ID stored in the storage unit 17 on the display unit 21 (FIG. 8B). reference). FIG. 8B is a diagram illustrating an example of the availability determination processing result indicating that the ID is usable. In the availability determination process result shown in FIG. 8B, available IDs and various information paired with the IDs are displayed. The various information includes, for example, an operation ID, a pseudo ID, that data can be written to the tag 2, that the ID is fixed, the size of the ID, the type of ID, the name of the tag 2, and the like. As a result, the ID registration process of FIG. 10 ends.
(携帯端末の動作:利用可否判定部14における利用可否判定処理)
 次に、図10のステップS21の利用可否判定部14における利用可否判定処理について、図11を参照して説明する。図11は、本実施形態の携帯端末4におけるIDの利用可否判定処理を説明するフローチャートである。 (Operation of portable terminal: availability determination process in availability determination unit 14)
Next, the availability determination process in the availability determination unit 14 in step S21 of FIG. 10 will be described with reference to FIG. FIG. 11 is a flowchart illustrating ID availability determination processing in the mobile terminal 4 of the present embodiment.
 図11において、リードライト部13は、動作情報管理部12から出力された読み取り指示を基に、読み取り信号の送信回数Nを初期化し(S31)、実際に送信するべき読み取り信号の送信回数(読み取り回数)Mを判定する(S32)。 In FIG. 11, the read / write unit 13 initializes the number N of read signal transmissions based on the read instruction output from the operation information management unit 12 (S31), and the number of read signal transmissions to be actually transmitted (read). The number of times M is determined (S32).
 ステップS32において、読み取り信号の送信回数Mは、図10のステップS17において選択されたセキュリティレベルに応じて判定されても良いし、セキュリティレベルに拘わらず一定値(例:M=5)として判定されても良い。例えば、選択されたセキュリティレベルが「高」である場合には読み取り信号の送信回数Mは「5」であり、選択されたセキュリティレベルが「中」である場合には読み取り信号の送信回数Mは「3」であり、選択されたセキュリティレベルが「低」である場合には読み取り信号の送信回数Mは「2」である。なお、後述する認証処理においてタグ2のIDを読み取る場合においても、送信回数Mの判定が適用されてもよい。 In step S32, the number M of read signal transmissions may be determined according to the security level selected in step S17 in FIG. 10, or may be determined as a constant value (eg, M = 5) regardless of the security level. May be. For example, when the selected security level is “high”, the read signal transmission count M is “5”, and when the selected security level is “medium”, the read signal transmission count M is When “3” is selected and the selected security level is “low”, the read signal transmission count M is “2”. Note that even when the ID of the tag 2 is read in the authentication process described later, the determination of the number of transmissions M may be applied.
 リードライト部13は、ステップS32において読み取り信号の送信回数Mが判定された後、読み取り信号の送信を開始する(S33)。リードライト部13は、読み取り信号の送信回数NがパラメータMに達した場合(S34、YES)、即ち、読み取り信号をM回送信してタグ2からID及びデータをM回読み取った場合に、読み取り信号の送信を停止する(S36)。リードライト部13は、読み取り信号の送信回数NがパラメータMに達していない場合(S34、NO)、パラメータNをインクリメントする(S35)。ステップS35の後、読み取り信号の送信回数NがパラメータMに達するまで、リードライト部13によるタグ2のID及びデータの読み取りが繰り返される。 The read / write unit 13 starts transmitting the read signal after the number M of read signal transmissions is determined in step S32 (S33). The read / write unit 13 reads when the number N of read signal transmissions reaches the parameter M (YES in S34), that is, when the ID and data are read M times from the tag 2 by transmitting the read signal M times. The signal transmission is stopped (S36). If the read signal transmission count N has not reached the parameter M (S34, NO), the read / write unit 13 increments the parameter N (S35). After step S35, until the number N of read signal transmissions reaches the parameter M, reading of the ID and data of the tag 2 by the read / write unit 13 is repeated.
 ID固定判定部31は、リードライト部13により読み取られたタグ2のM個のIDが全て固定値であるか否かを判定する(S37)。M個のIDが全て固定値でないと判定された場合(S37、NO)、ID固定判定部31は、M個のIDはそれぞれ乱数値であるとしてタグ2のIDは利用不可である旨の利用可否判定処理結果を動作情報管理部12に出力する。これにより、図11の利用可否判定処理は終了する。 The ID fixing determination unit 31 determines whether or not all M IDs of the tag 2 read by the read / write unit 13 are fixed values (S37). When it is determined that all of the M IDs are not fixed values (S37, NO), the ID fixing determination unit 31 uses that the IDs of the tag 2 cannot be used because the M IDs are random numbers. The result of the availability determination process is output to the operation information management unit 12. Thereby, the availability determination process in FIG. 11 ends.
 M個のIDが全て固定値であると判定された場合(S37、YES)、ID種類判定部32は、リードライト部13により読み取られたタグ2のIDの種類を判定する(S38)。具体的には、ID種類判定部32は、リードライト部13から出力された読み取り信号の通信規格情報を基に、タグ2のIDの種類を判定する(S38)。 When it is determined that all M IDs are fixed values (S37, YES), the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13 (S38). Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13 (S38).
 ステップS38の後、書込可否判定部33は、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であるか否かを判定する(S39)。具体的には、書込可否判定部33は、リードライト部13から書込フラグが出力されている場合には、タグ2の非接触IC2aの非接触IC記憶部2a1へのデータの書き込みが可能であると判定する(S39)。 After step S38, the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S39). Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. (S39).
 ステップS39の後、IDサイズ判定部34は、リードライト部13により読み取られたタグ2のIDのサイズを判定する(S40)。 After step S39, the ID size determination unit 34 determines the size of the ID of the tag 2 read by the read / write unit 13 (S40).
 ステップS40の後、セキュリティレベル適合判定部35は、ID種類判定部32、書込可否判定部33及びIDサイズ判定部34の各判定結果を基に、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合するか否かを判定する(S41)。 After step S40, the security level conformity determination unit 35 determines the tag 2 read by the read / write unit 13 based on the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34. It is determined whether the ID matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41).
 セキュリティレベル適合判定部35は、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合すると判定された場合(S41、YES)、タグ2のIDが利用可能である旨の利用可否判定処理結果を動作情報管理部12に出力し、更にリードライト部13により読み取られたタグ2のIDを登録部16に出力する。これにより、図11の利用可否判定処理は終了する。 The security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41). YES), the availability determination processing result indicating that the ID of the tag 2 is usable is output to the operation information management unit 12, and the ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16. . Thereby, the availability determination process in FIG. 11 ends.
 セキュリティレベル適合判定部35は、リードライト部13により読み取られたタグ2のIDが、ユーザ操作又は動作情報管理部12により選択されたタグ2のIDのセキュリティレベルに適合しないと判定された場合(S41、NO)、タグ2のIDが利用不可である旨及びなぜタグ2のIDが利用不可であるかを示す理由情報の利用可否判定処理結果を動作情報管理部12に出力する。動作情報管理部12は、セキュリティレベル適合判定部35からの出力に応じて、なぜタグ2のIDが利用不可であるかを示す理由情報を表示部21に表示させる。これにより、図11の利用可否判定処理は終了する。 The security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 does not conform to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 ( (S41, NO), the operation information management unit 12 outputs the availability determination result of the reason information indicating that the ID of the tag 2 is unusable and why the ID of the tag 2 is unusable. The operation information management unit 12 causes the display unit 21 to display reason information indicating why the ID of the tag 2 is unavailable in response to the output from the security level conformity determination unit 35. Thereby, the availability determination process in FIG. 11 ends.
(クローンの検出の動作概要)
 次に、携帯端末4におけるクローンの検出の動作概要について、図12及び図13を参照して説明する。図12は、本実施形態の携帯端末におけるクローンの検出の第1パターンを示す説明図である。図13は、本実施形態の携帯端末におけるクローンの検出の第2パターンを示す説明図である。なお、説明を簡単にするために、図12及び図13において、記憶部17に記憶(登録)されるのは擬似IDであって、擬似IDのダイジェスト値ではないものとして説明する。 (Overview of clone detection operation)
Next, an outline of clone detection operation in the mobile terminal 4 will be described with reference to FIGS. 12 and 13. FIG. 12 is an explanatory diagram showing a first pattern of clone detection in the mobile terminal of this embodiment. FIG. 13 is an explanatory diagram showing a second pattern of clone detection in the mobile terminal of this embodiment. In order to simplify the description, in FIG. 12 and FIG. 13, it is assumed that what is stored (registered) in the storage unit 17 is a pseudo ID and not a digest value of the pseudo ID.
 図12に示す認証システムにおいて、タグ2は、オリジナルであってクローンタグでない正当な第1世代のタグであり、擬似ID1を非接触IC2aに記憶している。携帯端末4は、タグ2が携帯端末4に近接された場合にタグ2を認証する。即ち、携帯端末4は、タグ2のID及びデータを基に、タグ2が所定の認証条件を満たすか否かを判定する。認証処理は図16を参照して後述する。 In the authentication system shown in FIG. 12, the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. The portable terminal 4 authenticates the tag 2 when the tag 2 comes close to the portable terminal 4. That is, the portable terminal 4 determines whether the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2. The authentication process will be described later with reference to FIG.
 携帯端末4は、認証処理においてタグ2に記憶されている擬似ID1を読み取り(Step1)、タグ2を認証する(Step2)。タグ2の認証が成功した場合、携帯端末4は、タグ2及び記憶部17に記憶されている擬似IDを更新する(Step3)。更新された擬似IDを擬似ID2とする。携帯端末4は、擬似ID2をタグ2に書き込む(Step4)。 The portable terminal 4 reads the pseudo ID 1 stored in the tag 2 in the authentication process (Step 1) and authenticates the tag 2 (Step 2). When the authentication of the tag 2 is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2 and the storage unit 17 (Step 3). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 (Step 4).
 タグ2の認証が携帯端末4において成功した後に、悪意の第三者がタグ2を不正コピーしてタグ2’を生成したとする(Step5)。図12において、タグ2’は、タグ2の不正コピーによって生成され、第1世代のクローン(ID)及び擬似ID1を非接触IC2a’に記憶している。 Suppose that after the authentication of the tag 2 succeeds in the mobile terminal 4, a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 5). In FIG. 12, a tag 2 'is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2a'.
 携帯端末4は、悪意の第三者によりタグ2’が携帯端末4に近接された場合にタグ2’を認証する。ところが、Step3において携帯端末4により擬似IDが擬似ID2に更新されたため、携帯端末4は、タグ2’の擬似ID1と携帯端末4の擬似ID2とが異なるため、クローンの存在を検出したとしてタグ2’の認証が失敗したと判定する。 The portable terminal 4 authenticates the tag 2 'when the tag 2' is brought close to the portable terminal 4 by a malicious third party. However, since the pseudo ID has been updated to pseudo ID 2 by the mobile terminal 4 in Step 3, since the pseudo ID 1 of the tag 2 ′ and the pseudo ID 2 of the mobile terminal 4 are different from each other, the tag 2 is detected as having detected the existence of the clone. It is determined that authentication of 'failed.
 図13に示す認証システムにおいて、タグ2は、オリジナルであってクローンタグでない正当な第1世代のタグであり、擬似ID1を非接触IC2aに記憶している。悪意の第三者がタグ2を不正コピーしてタグ2’を生成したとする(Step1)。図13において、タグ2’は、タグ2の不正コピーによって生成され、第1世代のクローン(ID)及び擬似ID1を非接触IC2a’に記憶している。 In the authentication system shown in FIG. 13, the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. It is assumed that a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 1). In FIG. 13, a tag 2 ′ is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2 a ′.
 携帯端末4は、タグ2’が携帯端末4に近接された場合にタグ2’を認証する。即ち、携帯端末4は、タグ2’のIDが携帯端末4において利用可能なIDとして既に記憶(登録)されているか否かを判定する。認証の処理は図16を参照して後述する。 The portable terminal 4 authenticates the tag 2 ′ when the tag 2 ′ comes close to the portable terminal 4. That is, the mobile terminal 4 determines whether or not the ID of the tag 2 ′ has already been stored (registered) as an ID that can be used in the mobile terminal 4. The authentication process will be described later with reference to FIG.
 携帯端末4は、認証処理においてタグ2’に記憶されている擬似ID1を読み取り(Step2)、タグ2’を認証する(Step3)。タグ2’の認証が成功した場合、携帯端末4は、タグ2’及び記憶部17に記憶されている擬似IDを更新する(Step4)。更新された擬似IDを擬似ID2とする。携帯端末4は、擬似ID2をタグ2’に書き込む(Step5)。 The portable terminal 4 reads the pseudo ID 1 stored in the tag 2 'in the authentication process (Step 2) and authenticates the tag 2' (Step 3). If the authentication of the tag 2 'is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2' and the storage unit 17 (Step 4). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 '(Step 5).
 携帯端末4は、正当なユーザによりタグ2が携帯端末4に近接された場合に、タグ2に記憶されている擬似ID1を読み取り(Step6)、タグ2を認証する(Step7)。ところが、Step4において携帯端末4により擬似IDが擬似ID2に更新されたため、携帯端末4は、タグ2の擬似ID1と携帯端末4の擬似ID2とが異なるため、タグ2の認証の前にクローンが認証に用いられたとして、クローンの存在を検出したとしてタグ2の認証が失敗したと判定する(Step8)。この場合には、携帯端末4の記憶部17に記憶(登録)されているタグ2のIDを無効化することが好ましい。 When the tag 2 is brought close to the portable terminal 4 by a legitimate user, the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 (Step 6) and authenticates the tag 2 (Step 7). However, since the pseudo ID is updated to pseudo ID 2 by the mobile terminal 4 in Step 4, the pseudo ID 1 of the tag 2 and the pseudo ID 2 of the mobile terminal 4 are different from each other in the mobile terminal 4. It is determined that the authentication of the tag 2 has failed because the presence of the clone is detected (Step 8). In this case, it is preferable to invalidate the ID of the tag 2 stored (registered) in the storage unit 17 of the mobile terminal 4.
 次に、クローンが検出されていない場合及びクローンが検出されている場合における記憶部17、クローンタグ及びタグ2の各ID及び擬似IDの様子を、図14及び図15を参照して説明する。図14は、クローンが検出されていない場合における記憶部17及びタグ2の各ID及び擬似IDを示す説明図である。図15は、クローンが検出された場合における記憶部17、クローンタグ及びタグ2の各ID及び擬似IDを示す説明図である。 Next, the state of each ID and pseudo ID of the storage unit 17, the clone tag and the tag 2 when no clone is detected and when a clone is detected will be described with reference to FIGS. FIG. 14 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17 and the tag 2 when no clone is detected. FIG. 15 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17, clone tag, and tag 2 when a clone is detected.
 タグ2は、非接触IC記憶部2a1のID領域において固定値(ID1)のIDを記憶し、非接触IC記憶部2a1のData領域において擬似IDを記憶可能とする。なお、図15の説明において、クローンタグはタグ2の使用1回目と使用2回目との間に使用されたとする。 The tag 2 stores the ID of a fixed value (ID1) in the ID area of the non-contact IC storage unit 2a1, and enables the pseudo ID to be stored in the Data area of the non-contact IC storage unit 2a1. In the description of FIG. 15, it is assumed that the clone tag is used between the first use and the second use of the tag 2.
 図14において、初期状態においては、記憶部17にはタグ2のID及び擬似IDも記憶(登録)されていなく、タグ2の非接触IC記憶部2a1のData領域にも擬似IDは記憶されていない。タグ2が携帯端末4に新規に記憶(登録)された時、記憶部17にはID(ID1)及び擬似ID(PID1)が記憶(登録)され、タグ2の非接触IC記憶部2a1のData領域に擬似ID(PID1)が記憶される。 In FIG. 14, in the initial state, the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent. When the tag 2 is newly stored (registered) in the portable terminal 4, the ID (ID1) and the pseudo ID (PID1) are stored (registered) in the storage unit 17, and the data in the non-contact IC storage unit 2a1 of the tag 2 is stored. A pseudo ID (PID1) is stored in the area.
 タグ2の記憶(登録)後、タグ2の1回目の使用時、即ちタグ2が携帯端末4における1回目の認証に成功した時、記憶部17に記憶(登録)されている擬似IDはPID1からPID2に更新され、タグ2の非接触IC記憶部2a1のData領域に記憶されている擬似IDはPID1からPID2に更新される。 After the tag 2 is stored (registered), when the tag 2 is used for the first time, that is, when the tag 2 succeeds in the first authentication in the portable terminal 4, the pseudo ID stored (registered) in the storage unit 17 is PID1. The pseudo ID stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
 同様に、タグ2のn回目の使用時、即ちタグ2が携帯端末4におけるn回目の認証に成功した時、記憶部17に記憶(登録)されている擬似IDはPID(n-2)からPID(n-1)に更新され、タグ2の非接触IC記憶部2a1のData領域に記憶されている擬似IDはPID(n-2)からPID(n-1)に更新される。 Similarly, when the tag 2 is used n times, that is, when the tag 2 succeeds in the n-th authentication in the portable terminal 4, the pseudo ID stored (registered) in the storage unit 17 is obtained from PID (n-2). The pseudo ID updated to PID (n−1) and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID (n−2) to PID (n−1).
 図15において、初期状態においては、記憶部17にはタグ2のID及び擬似IDも記憶(登録)されていなく、タグ2の非接触IC記憶部2a1のData領域にも擬似IDは記憶されていない。タグ2が携帯端末4に記憶(登録)された時、記憶部17にはID(ID1)及び擬似ID(PID1)が記憶(登録)され、タグ2の非接触IC記憶部2a1のData領域に擬似ID(PID1)が記憶される。
In FIG. 15, in the initial state, the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent. When the tag 2 is stored (registered) in the portable terminal 4, the ID (ID 1) and the pseudo ID (PID 1) are stored (registered) in the storage unit 17, and are stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2. A pseudo ID (PID1) is stored.
 タグ2の記憶(登録)後、タグ2の1回目の使用時、即ちタグ2が携帯端末4における1回目の認証に成功した時、記憶部17に記憶されている擬似IDはPID1からPID2に更新され、タグ2の非接触IC記憶部2a1のData領域に記憶されている擬似IDはPID1からPID2に更新される。 After the tag 2 is stored (registered), when the tag 2 is used for the first time, that is, when the tag 2 succeeds in the first authentication in the portable terminal 4, the pseudo ID stored in the storage unit 17 is changed from PID1 to PID2. The pseudo ID updated and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
 タグ2の1回目の使用後、クローンタグが1回目の使用がなされた場合、即ちクローンタグが携帯端末4における1回目の認証に成功した時、記憶部17に記憶(登録)されている擬似IDはPID2からPID3に更新され、クローンタグの非接触IC記憶部のData領域に記憶されている擬似IDはPID2からPID3に更新される。 When the clone tag is used for the first time after the first use of the tag 2, that is, when the clone tag succeeds in the first authentication in the mobile terminal 4, the pseudo stored in (registered) in the storage unit 17 The ID is updated from PID2 to PID3, and the pseudo ID stored in the Data area of the non-contact IC storage unit of the clone tag is updated from PID2 to PID3.
 クローンタグの1回目の使用後、タグ2の2回目の使用時において、携帯端末4は、記憶部17に記憶(登録)されている擬似ID3とタグ2の非接触IC記憶部2a1のData領域に記憶されている擬似ID2とが一致しないと判定する。即ち、携帯端末4は、タグ2の2回目の使用時において、クローンタグが存在し且つタグ2の2回目の使用前に当該クローンタグの使用があったことを判定する。 After the first use of the clone tag, when the tag 2 is used for the second time, the mobile terminal 4 stores the pseudo ID 3 stored (registered) in the storage unit 17 and the Data area of the non-contact IC storage unit 2a1 of the tag 2 It is determined that the pseudo ID 2 stored in the ID does not match. That is, the portable terminal 4 determines that the clone tag exists when the tag 2 is used for the second time and that the clone tag has been used before the second use of the tag 2.
(携帯端末の動作:認証処理)
 次に、携帯端末4におけるタグ2のIDの認証処理、即ち、タグ2のID及びデータを基にタグ2が所定の認証条件を満たすか否かの判定処理について、図16を参照して説明する。図16は、本実施形態の携帯端末4におけるタグ2の認証処理を説明するフローチャートである。図16の認証処理は、認証対象のタグ2が携帯端末4に近接された場合に開始する。 (Mobile device operation: Authentication process)
Next, an authentication process for the ID of the tag 2 in the portable terminal 4, that is, a process for determining whether or not the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2 will be described with reference to FIG. To do. FIG. 16 is a flowchart for explaining the authentication process of the tag 2 in the mobile terminal 4 of the present embodiment. The authentication process in FIG. 16 starts when the tag 2 to be authenticated is brought close to the mobile terminal 4.
 図16において、リードライト部13は、予め設定された読み取り回数の分、読み取り信号をタグ2に送信してタグ2のID及びデータを読み取る(S51)。ステップS51の詳細の説明は省略するが、リードライト部13は、ステップS51において、図11のステップS31~ステップS35の各処理と同様に動作する。リードライト部13は、タグ2のID及びデータ並びに読み取り信号の通信規格情報をID正当性検証部18に出力する。更に、リードライト部13は、タグ2のデータに擬似IDが含まれている場合には、タグ2の各ID及びデータ、読み取り信号の通信規格情報だけではなく擬似IDもID正当性検証部18に出力する。 In FIG. 16, the read / write unit 13 reads the ID and data of the tag 2 by transmitting a read signal to the tag 2 by the number of times set in advance (S51). Although detailed description of step S51 is omitted, the read / write unit 13 operates in step S51 in the same manner as the processes in steps S31 to S35 of FIG. The read / write unit 13 outputs the ID and data of the tag 2 and the communication standard information of the read signal to the ID validity verification unit 18. Further, when the tag 2 data includes a pseudo ID, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the pseudo ID as an ID validity verification unit 18. Output to.
 ID正当性検証部18は、リードライト部13から出力されたタグ2のIDに鍵付きハッシュ関数のプログラムを用いて、当該タグ2のIDのダイジェスト値を算出する(S52)。ID正当性検証部18は、算出されたタグ2のIDのダイジェスト値と同一のダイジェスト値が記憶部17に記憶(登録)されているか否かを判定する(S53、認証条件1)。 The ID validity verification unit 18 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the read / write unit 13 (S52). The ID validity verification unit 18 determines whether or not a digest value identical to the calculated digest value of the ID of the tag 2 is stored (registered) in the storage unit 17 (S53, authentication condition 1).
 算出されたIDのダイジェスト値と同一のダイジェスト値が記憶部17に記憶(登録)されていないと判定された場合には(S53、NO)、ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDを基にしたユーザの当該タグ2のID利用を不可とする旨の認証結果を動作情報管理部12に出力する。動作情報管理部12は、タグ2のID利用を不可とする旨の認証結果を、ユーザに明示的に示すために表示部21に表示させる(図17(b)参照)。これにより、図16の認証処理は終了する。図17(b)は、認証に失敗したことを表す認証結果の一例を示す図である。 When it is determined that the digest value identical to the calculated digest value of the ID is not stored (registered) in the storage unit 17 (S53, NO), the ID validity verification unit 18 uses the read / write unit 13. Based on the ID of the read tag 2, an authentication result indicating that the user cannot use the ID of the tag 2 is output to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B). Thereby, the authentication process of FIG. 16 is completed. FIG. 17B is a diagram illustrating an example of an authentication result indicating that the authentication has failed.
 算出されたIDのダイジェスト値と同一のダイジェスト値が記憶部17に記憶(登録)されていると判定された場合には(S53、YES)、ID正当性検証部18は、タグ2のID、擬似ID(タグ2の非接触IC記憶部2a1のData領域に記憶されている場合)、読み取り信号の通信規格情報及びクローン検出判定指示をクローン検出部19に出力する。 When it is determined that the digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (S53, YES), the ID validity verification unit 18 determines the ID of the tag 2, The pseudo ID (when stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
 ID種類判定部42は、リードライト部13により読み取られたタグ2のIDの種類を判定する(S54)。具体的には、ID種類判定部42は、リードライト部13から出力された読み取り信号の通信規格情報を基に、タグ2のIDの種類を判定する。ID種類判定部42は、判定されたタグ2のIDの種類と、記憶部17に記憶(登録)されているタグ2のIDに対応付けられている同IDの種類とが同じであるか否かを判定する(S54、認証条件2)。 The ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13 (S54). Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17. (S54, authentication condition 2).
 判定されたタグ2のIDの種類と、記憶部17に記憶(登録)されているタグ2のIDに対応付けられている同IDの種類とが同じでないと判定された場合(S54、NO)、ID種類判定部42は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果をID正当性検証部18に出力する。ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を動作情報管理部12に出力する。動作情報管理部12は、タグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を、ユーザに明示的に示すために表示部21に表示させる(図18(a)参照)。これにより、図16の認証処理は終了する。図18(a)は、クローンを検出したこと及び前回の認証成功日付及び場所を示す図である。 When it is determined that the ID type of the determined tag 2 is not the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17 (NO in S54). The ID type determination unit 42 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag) to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed. FIG. 18A shows that a clone has been detected and the previous authentication success date and location.
 なお、携帯端末4が図2に不図示のタイマ及びGPS(Global Positioning System)受信器を含む構成である場合に、動作情報管理部12は、クローンを検出した旨の認証結果に、前回の認証成功時における日付(時間含む)及び場所を表示部21に表示させることが好ましい。これにより、携帯端末4は、クローンがいつどこで生成されたかのヒントをユーザに対して提供することができる。 When the mobile terminal 4 includes a timer and a GPS (Global Positioning System) receiver (not shown in FIG. 2), the operation information management unit 12 adds the previous authentication to the authentication result indicating that the clone has been detected. It is preferable to display the date (including time) and location at the time of success on the display unit 21. Thereby, the portable terminal 4 can provide the user with a hint as to when and where the clone was generated.
 判定されたタグ2のIDの種類と、記憶部17に記憶(登録)されているタグ2のIDに対応付けられている同IDの種類とが同じであると判定された場合(S54、YES)、擬似ID判定部41は、記憶部17においてID及び動作IDに対応付けられている擬似IDが存在するか否かを判定する(S55)。 When it is determined that the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17 (YES in S54) ), The pseudo ID determination unit 41 determines whether or not there is a pseudo ID associated with the ID and the action ID in the storage unit 17 (S55).
 記憶部17においてID及び動作IDに対応付けられている擬似IDが存在しないと判定された場合(S55、NO)、擬似ID判定部41は、リードライト部13により読み取られたタグ2のIDの認証は成功した旨をID正当性検証部18に出力する。ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDに対応付けられた動作IDが表す動作を実行する旨の動作実行指示を動作実行部20に出力する。動作実行部20は、ID正当性検証部18から出力された動作実行指示を基に、リードライト部13により読み取られたタグ2のIDに対応付けられた動作IDが表す動作を実行する(S63)。 When it is determined in the storage unit 17 that there is no pseudo ID associated with the ID and the operation ID (S55, NO), the pseudo ID determination unit 41 determines the ID of the tag 2 read by the read / write unit 13. The fact that the authentication was successful is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an operation execution instruction to the operation execution unit 20 to execute the operation indicated by the operation ID associated with the ID of the tag 2 read by the read / write unit 13. The operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ).
 記憶部17においてID及び動作IDに対応付けられている擬似IDが存在すると判定された場合(S55、YES)、擬似ID判定部41は、ID正当性検証部18から出力された擬似IDに鍵付きハッシュ関数のプログラムを用いて、当該擬似IDのダイジェスト値を算出する(S56)。 When it is determined in the storage unit 17 that there is a pseudo ID associated with the ID and the action ID (S55, YES), the pseudo ID determination unit 41 uses the pseudo ID output from the ID validity verification unit 18 as a key. The digest value of the pseudo ID is calculated using the attached hash function program (S56).
 擬似ID判定部41は、算出された擬似IDのダイジェスト値が、記憶部17に記憶(登録)されている擬似IDと同じであるか(S57、認証条件3)、更に、記憶部17に記憶されている複数の擬似IDのうち最新の擬似IDのダイジェスト値であるか否かを判定する(S58、認証条件4)。 The pseudo ID determination unit 41 determines whether the calculated digest ID of the pseudo ID is the same as the pseudo ID stored (registered) in the storage unit 17 (S57, authentication condition 3), or further stored in the storage unit 17. It is determined whether or not it is the digest value of the latest pseudo ID among the plurality of pseudo IDs that have been set (S58, authentication condition 4).
 算出された擬似IDのダイジェスト値が記憶部17に記憶(登録)されている擬似IDと同じでない場合(S57、NO)、擬似ID判定部41は、リードライト部13により読み取られたタグ2のIDを基にしたユーザの当該タグ2のID利用を不可とする旨の認証結果をID正当性検証部18に出力する。ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDを基にしたユーザの当該タグ2のID利用を不可とする旨の認証結果を動作情報管理部12に出力する。動作情報管理部12は、タグ2のID利用を不可とする旨の認証結果を、ユーザに明示的に示すために表示部21に表示させる(図17(b)参照)。 When the calculated digest ID of the pseudo ID is not the same as the pseudo ID stored (registered) in the storage unit 17 (S57, NO), the pseudo ID determination unit 41 determines that the tag 2 read by the read / write unit 13 An authentication result indicating that the user cannot use the ID of the tag 2 based on the ID is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the user cannot use the ID of the tag 2 based on the ID of the tag 2 read by the read / write unit 13 to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B).
 算出された擬似IDのダイジェスト値が記憶部17に記憶(登録)されている擬似IDと同じであるが記憶部17に記憶されている複数の擬似IDのうち最新の擬似IDのダイジェスト値でない場合(S58-NO)、擬似ID判定部41は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果をID正当性検証部18に出力する。ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を動作情報管理部12に出力する。動作情報管理部12は、タグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を、ユーザに明示的に示すために表示部21に表示させる(図18(a)参照)。これにより、図16の認証処理は終了する。 When the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 but is not the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17 (S58-NO), the pseudo ID determination unit 41 indicates the authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag). Output to. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
 算出された擬似IDのダイジェスト値が記憶部17に記憶(登録)されている擬似IDと同じであって記憶部17に記憶されている複数の擬似IDのうち最新の擬似IDのダイジェスト値である場合(S58-YES)、擬似ID判定部41は、新しい擬似IDの生成指示を擬似ID生成部15に出力する。擬似ID生成部15は、擬似ID判定部41から出力された新しい擬似IDの生成指示に基づいて、新しい擬似IDを生成する(S59)。擬似ID生成部15は、生成された新しい擬似IDをリードライト部13及び登録部16にそれぞれ出力する。リードライト部13及び登録部16は、擬似ID生成部15から出力された新しい擬似IDをそれぞれ取得する。 The calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17, and is the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17. In this case (S58-YES), the pseudo ID determination unit 41 outputs a new pseudo ID generation instruction to the pseudo ID generation unit 15. The pseudo ID generation unit 15 generates a new pseudo ID based on the new pseudo ID generation instruction output from the pseudo ID determination unit 41 (S59). The pseudo ID generation unit 15 outputs the generated new pseudo ID to the read / write unit 13 and the registration unit 16, respectively. The read / write unit 13 and the registration unit 16 obtain new pseudo IDs output from the pseudo ID generation unit 15, respectively.
 リードライト部13は、読み取り信号と同様の変調方式に応じた、タグ2にデータを書き込むための書き込み信号をタグ2に送信し、擬似ID生成部15から出力された新しい擬似IDをタグ2の非接触IC記憶部2a1に書き込む(S60)。書込可否判定部43は、擬似ID生成部15により生成された新しい擬似IDを、タグ2の非接触IC2aの非接触IC記憶部2a1に書き込みできるか否かを判定する(S61、認証条件5)。 The read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the new pseudo ID output from the pseudo ID generation unit 15 for the tag 2. Write to the non-contact IC storage unit 2a1 (S60). The writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S61, authentication condition 5 ).
 新しい擬似IDのタグ2への書き込みが成功しなかった場合(S61、NO)、書込可否判定部43は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果をID正当性検証部18に出力する。ID正当性検証部18は、リードライト部13により読み取られたタグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を動作情報管理部12に出力する。動作情報管理部12は、タグ2のIDはクローンである旨(タグ2はクローンタグである旨)の認証結果を、ユーザに明示的に示すために表示部21に表示させる(図18(a)参照)。これにより、図16の認証処理は終了する。 When the writing of the new pseudo ID to the tag 2 is not successful (S61, NO), the writability determination unit 43 indicates that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 The authentication result indicating that the tag is a clone tag is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
 新しい擬似IDのタグ2への書き込みが成功した場合(S61、YES)、書込可否判定部43は、リードライト部13により読み取られたIDは利用可能である、即ち認証が成功した旨の認証結果をID正当性検証部18に出力する。更に、登録部16は、擬似ID生成部15から出力された新しい擬似IDに鍵付きハッシュ関数のプログラムを用いて、新しい擬似IDのダイジェスト値を算出する(S62)。更に、登録部16は、記憶部17に記憶(登録)された動作IDとタグ2のIDのダイジェスト値とステップS62において算出された新しい擬似IDのダイジェスト値とを、ペアリングして記憶部17に記憶させる(登録)する(S62)。登録部16は、記憶部17への記憶(登録)が終了した旨を動作情報管理部12に出力する。 When the writing of the new pseudo ID into the tag 2 is successful (S61, YES), the write permission / inhibition determination unit 43 can use the ID read by the read / write unit 13, that is, authentication that the authentication is successful. The result is output to the ID validity verification unit 18. Further, the registration unit 16 calculates a digest value of the new pseudo ID by using a keyed hash function program for the new pseudo ID output from the pseudo ID generation unit 15 (S62). Furthermore, the registration unit 16 pairs the operation ID stored (registered) in the storage unit 17, the digest value of the ID of the tag 2, and the digest value of the new pseudo ID calculated in step S <b> 62. Is stored (registered) (S62). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
 ID正当性検証部18は、認証条件を全て満たし擬似ID生成部15により生成された新しい擬似IDの鍵付きハッシュ関数によるダイジェスト値を記憶部17に記憶させた(登録した)後、リードライト部13により読み取られたタグ2のIDにペアリングされた動作IDが表す動作を実行する旨の動作実行指示を動作実行部20に出力する。動作実行部20は、ID正当性検証部18から出力された動作実行指示を基に、リードライト部13により読み取られたタグ2のIDにペアリングされた動作IDが表す動作を実行する(S63)。これにより、図16の認証処理は終了する。 The ID validity verification unit 18 stores (registers) the digest value of the new pseudo-ID keyed hash function that satisfies all the authentication conditions and is generated (registered) in the storage unit 17, and then the read / write unit The operation execution instruction to the effect that the operation represented by the operation ID paired with the ID of the tag 2 read by 13 is executed is output to the operation execution unit 20. The operation execution unit 20 executes the operation represented by the operation ID paired with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ). Thereby, the authentication process of FIG. 16 is completed.
 図17(a)は、認証に成功したことを表す認証結果の一例を示す図である。図17(a)に示す認証結果には、リードライト部13により読み取られたタグ2のIDの認証が成功した旨として、例えばアプリケーションであるSafetyBoxの使用停止状態(ロック状態)を解除するための確認通知のアイコンIC11が表示されている。アイコンIC11がユーザ操作により確認的に押下されると、アプリケーションであるSafetyBoxのロック状態が解除されて使用可能状態となる。 FIG. 17A is a diagram illustrating an example of an authentication result indicating that the authentication is successful. The authentication result shown in FIG. 17A indicates that the ID of the tag 2 read by the read / write unit 13 has been successfully authenticated, for example, for canceling the use stop state (lock state) of the SafetyBox that is the application. A confirmation notification icon IC11 is displayed. When the icon IC 11 is confirmed and pressed by a user operation, the locked state of the Safety Box that is the application is released and becomes usable.
 図18(b)は、クローンとして検出されたタグ2のIDを無効化するか否かの選択画面の一例を示す図である。図18(b)の選択画面において「YES」が選択された場合には、図18(c)に示す本人確認時の画面が表示され、本人確認が適正に行われた結果、携帯端末4(の登録部16)は、当該タグ2のIDの認証を成功させないとする設定指示を、当該IDに対応付けて記憶部17に記憶させる(登録する)。図18(c)は、本人確認時の画面の一例を示す図である。これにより、一旦クローンとして検出されたタグ2のIDを無効化することができるため、携帯端末4は、タグ2のIDと対応付けられた動作IDに応じた動作を実行させない様にすることができる。 FIG. 18B is a diagram illustrating an example of a selection screen for determining whether or not to invalidate the ID of the tag 2 detected as a clone. When “YES” is selected on the selection screen shown in FIG. 18B, the screen for identity verification shown in FIG. 18C is displayed. As a result of proper identity verification, the mobile terminal 4 ( The registration unit 16) stores (registers) in the storage unit 17 a setting instruction indicating that the authentication of the ID of the tag 2 is not successful in association with the ID. FIG. 18C is a diagram illustrating an example of a screen when the identity is confirmed. Thereby, since the ID of the tag 2 once detected as a clone can be invalidated, the portable terminal 4 may be configured not to execute an operation according to the operation ID associated with the ID of the tag 2. it can.
 以上により、本実施形態の認証システム7の携帯端末4は、非接触ICカード3,タグ2のIDが確実に利用可能であるか否かを効果的に判定することができる。更に、携帯端末4は、非接触ICカード3,タグ2のID及びデータを用いて認証し、当該認証条件を全て満たす場合に、当該IDに対応付けられた動作IDの動作を実行する時の安全性を適正に担保することができる。 As described above, the portable terminal 4 of the authentication system 7 of the present embodiment can effectively determine whether or not the ID of the contactless IC card 3 and the tag 2 can be used reliably. Furthermore, when the portable terminal 4 authenticates using the ID and data of the non-contact IC card 3 and the tag 2 and satisfies all the authentication conditions, the portable terminal 4 executes the operation of the operation ID associated with the ID. Safety can be secured appropriately.
 図19~図22は、本実施形態の携帯端末がタグ又はICカードのIDを認証して携帯端末の第1の動作~第4の動作をそれぞれ実行する流れの概要を示す説明図である。図19~図22の説明において、タグ2又はICカード3のIDは、当該IDとユーザ操作により選択された携帯端末4の各動作の動作IDとの対応付けに、ユーザ操作により選択されたセキュリティレベルに応じて利用可能であると携帯端末4の利用可否判定部14により判定されたとする。 19 to 22 are explanatory diagrams showing an outline of a flow in which the mobile terminal according to the present embodiment authenticates the ID of the tag or the IC card and executes the first operation to the fourth operation of the mobile terminal, respectively. In the description of FIGS. 19 to 22, the ID of the tag 2 or the IC card 3 is the security selected by the user operation in association with the ID of each operation of the mobile terminal 4 selected by the user operation. It is assumed that the availability determination unit 14 of the mobile terminal 4 determines that it can be used according to the level.
 図19に示す例においては、例えばタグ2(ICカード3も同様。図20~図22においても同様)が携帯端末4に近接された場合に、携帯端末4は、タグ2のID及びデータを読み取り、当該ID及びデータを基にタグ2のIDを認証する。認証が成功した場合には、携帯端末4は、当該タグ2のIDに対応付けられていた動作IDの動作、即ち、ロック状態を解除する。これにより、携帯端末4の画面はロック状態の画面から待ち受け画面に移行し、ユーザは、携帯端末4を安全に使用することができる。 In the example shown in FIG. 19, for example, when the tag 2 (same for the IC card 3; the same applies to FIGS. 20 to 22) is brought close to the mobile terminal 4, the mobile terminal 4 stores the ID and data of the tag 2 The ID of the tag 2 is authenticated based on the read ID and data. If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state. Thereby, the screen of the portable terminal 4 shifts from the locked screen to the standby screen, and the user can use the portable terminal 4 safely.
 図20に示す例においては、例えばタグ2が携帯端末4に近接された場合に、携帯端末4は、タグ2のID及びデータを読み取り、当該ID及びデータを基にタグ2のIDを認証する。認証が成功した場合には、携帯端末4は、当該タグ2のIDに対応付けられていた動作IDの動作、即ち、SafetyBoxのロック状態を解除する。これにより、携帯端末4の画面はSafetyBoxのロック状態の画面からSafetyBoxが使用可能な画面に移行し、ユーザは、SafetyBoxを安全に使用することができる。 In the example illustrated in FIG. 20, for example, when the tag 2 is brought close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. Thereby, the screen of the portable terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used, and the user can safely use the Safety Box.
 図21に示す例においては、例えばタグ2が携帯端末4に近接された場合に、携帯端末4は、タグ2のID及びデータを読み取り、当該ID及びデータを基にタグ2のIDを認証する。認証が成功した場合には、携帯端末4は、当該タグ2のIDに対応付けられていた動作IDの動作、即ち、SafetyBoxのロック状態の解除の前に、SafetyBoxのロックを解除するための確認画面を表すアイコンを表示する。更に、このアイコンがユーザ操作により確認的に押下された後、携帯端末4は、当該タグ2のIDに対応付けられていた動作IDの動作、即ち、SafetyBoxのロック状態を解除する。これにより、携帯端末4の画面はSafetyBoxのロック状態の画面からユーザへのSafetyBoxのロックを解除するための確認画面を介して、SafetyBoxが使用可能な画面に移行し、ユーザは、SafetyBoxを安全に使用することができる。 In the example illustrated in FIG. 21, for example, when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 confirms the unlocking of the SafetyBox before the operation of the operation ID associated with the ID of the tag 2, that is, the unlocking state of the SafetyBox. Displays an icon that represents the screen. Further, after this icon is confirmed and pressed by a user operation, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. As a result, the screen of the mobile terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used via a confirmation screen for unlocking the Safety Box to the user, and the user can safely use the Safe Box. Can be used.
 図22に示す例においては、例えばタグ2が携帯端末4に近接された場合に、携帯端末4は、タグ2のID及びデータを読み取り、当該ID及びデータを基にタグ2のIDを認証する。認証が成功した場合には、携帯端末4は、当該タグ2のIDに対応付けられていた動作IDの動作、即ち、アプリケーションであるブラウザを起動する。これにより、携帯端末4の画面は待ち受け画面からブラウザが起動した時に表示されるブラウザ画面に移行し、ユーザは、アプリケーションであるブラウザを安全に使用することができる。 In the example illustrated in FIG. 22, for example, when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . When the authentication is successful, the portable terminal 4 starts the operation corresponding to the operation ID associated with the ID of the tag 2, that is, the browser as an application. Thereby, the screen of the portable terminal 4 shifts from the standby screen to a browser screen displayed when the browser is activated, and the user can safely use the browser as an application.
 以上、図面を参照しながら各種の実施の形態について説明したが、本発明はかかる例に限定されないことは言うまでもない。当業者であれば、特許請求の範囲に記載された範疇内において、各種実施の形態の変更例または修正例、更に各種実施の形態の組み合わせ例に想到し得ることは明らかであり、それらについても当然に本発明の技術的範囲に属するものと了解される。 Although various embodiments have been described above with reference to the drawings, it goes without saying that the present invention is not limited to such examples. It is obvious for those skilled in the art that variations and modifications of various embodiments, and combinations of various embodiments can be conceived within the scope of the claims. Of course, it is understood that it belongs to the technical scope of the present invention.
 上述した実施形態においては、タグ2のIDを新規に登録することについて説明したが、認証システム7においては一旦登録されたIDを交換することも可能である。タグ2のIDを交換することについて、図23(a)~図23(d)を参照して説明する。 In the embodiment described above, the description has been given of newly registering the ID of the tag 2. However, in the authentication system 7, it is also possible to exchange the ID once registered. The exchange of the ID of the tag 2 will be described with reference to FIGS. 23 (a) to 23 (d).
 図23(a)は、ペアリングの対象となる携帯端末4の動作の選択画面の一例を示す図である。図23(b)は、タグ2の交換時において交換の対象となるタグ2の近接指示のメッセージ画面の一例を示す図である。図23(c)は、タグ2の無効化成功通知と新しいタグの近接指示とのメッセージ画面の一例を示す図である。図23(d)は、新しいタグの登録とタグの交換との成功通知のメッセージ画面の一例を示す図である。 FIG. 23A is a diagram showing an example of an operation selection screen of the mobile terminal 4 to be paired. FIG. 23B is a diagram showing an example of a message screen for approaching the tag 2 to be exchanged when the tag 2 is exchanged. FIG. 23C is a diagram showing an example of a message screen for a tag 2 invalidation success notification and a new tag proximity instruction. FIG. 23D is a diagram showing an example of a message screen for notification of success of new tag registration and tag exchange.
 図23(a)に示す選択画面には、ペアリングの対象となる携帯端末4の動作として、例えば、(1)ブラウザ停止、(2)ブラウザ削除、(3)タグID登録、(4)タグID交換、…が示されている。図23(a)の選択画面は、図7(b)の選択画面と同様に、予めペアリングの対象となるアプリケーション(Zとする)がユーザ操作により起動しており、アプリケーションZにおいて上述したID設定(登録,削除)アプリケーションが起動した状態において表示された画面である。(4)タグID交換が選択されると、携帯端末4は、アプリケーションZにおいて既に記憶部17に記憶(登録)されているIDと同じIDを有するタグ2を携帯端末4に近接させる旨の近接指示を表示する(図23(b)参照)。 In the selection screen shown in FIG. 23A, for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag as operations of the mobile terminal 4 to be paired ID exchange,... Is shown. The selection screen in FIG. 23A is similar to the selection screen in FIG. 7B, and an application to be paired (Z) is activated in advance by a user operation. It is a screen displayed when the setting (registration, deletion) application is activated. (4) When tag ID exchange is selected, the portable terminal 4 approaches the portable terminal 4 so that the tag 2 having the same ID as the ID already stored (registered) in the storage unit 17 in the application Z An instruction is displayed (see FIG. 23B).
 交換の対象となるIDを有するタグ2が携帯端末4に近接されて図23(b)に示す近接指示のメッセージ画面がユーザ操作により確認的に押下された後、携帯端末4は、交換の対象となるタグ2が図16のフローチャートにおいて説明した認証条件を満たすか否かを判定する。ここでは、説明を簡単にするために、交換の対象となるタグ2は認証条件を満たすとする。 After the tag 2 having the ID to be exchanged is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23B is confirmed by user operation, the mobile terminal 4 It is determined whether or not the tag 2 satisfying the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 to be exchanged satisfies the authentication condition.
 交換の対象となるタグ2が認証条件を満たすと、携帯端末4は、当該タグ2のIDを無効化し、当該タグ2のIDを利用不可に設定する。更に、携帯端末4は、タグ2の無効化が成功した旨の無効化成功通知と、無効化されたタグ2の代わりに登録の対象となる新しいタグ(Vとする)を携帯端末4に近接させる旨の近接指示とのメッセージ画面を表示部21に表示させる(図23(c)参照)。 When the tag 2 to be exchanged satisfies the authentication condition, the mobile terminal 4 invalidates the ID of the tag 2 and sets the ID of the tag 2 to be unusable. Furthermore, the portable terminal 4 brings the invalidation success notification that the invalidation of the tag 2 is successful and a new tag (V) to be registered instead of the invalidated tag 2 to the portable terminal 4. A message screen with a proximity instruction to the effect is displayed on the display unit 21 (see FIG. 23C).
 登録の対象となるIDを有する新しいタグVが携帯端末4に近接されて図23(c)に示す近接指示のメッセージ画面がユーザ操作により確認的に押下された後、携帯端末4は、登録の対象となる新しいタグVが図16のフローチャートにおいて説明した認証条件を満たすか否かを判定する。ここでは、説明を簡単にするために、登録の対象となる新しいタグVは認証条件を満たすとする。 After the new tag V having the ID to be registered is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23C is confirmed and pressed by the user operation, the mobile terminal 4 It is determined whether the new target tag V satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the explanation, it is assumed that the new tag V to be registered satisfies the authentication condition.
 登録の対象となる新しいタグVが認証条件を満たすと、携帯端末4は、当該新しいタグVのIDと、交換の対象となるタグ2のIDとペアリングされていた動作IDとをペアリングして記憶部17に記憶させる(登録する)。更に、携帯端末4は、新しいタグVのIDを記憶部17に記憶させて(登録して)タグ2の交換が成功した旨の成功通知のメッセージ画面を表示部21に表示させる(図23(d)参照)。 When the new tag V to be registered satisfies the authentication condition, the mobile terminal 4 pairs the ID of the new tag V with the operation ID paired with the ID of the tag 2 to be exchanged. To be stored (registered) in the storage unit 17. Further, the portable terminal 4 stores (registers) the ID of the new tag V in the storage unit 17 and causes the display unit 21 to display a success notification message screen indicating that the tag 2 has been successfully exchanged (FIG. 23 ( d)).
 また、上述した実施形態においては、タグ2のIDを新規に登録することについて説明したが、認証システム7においては一旦登録された同じタグ2の擬似IDを定期的に更新することも可能である。タグ2の擬似IDを定期的に更新することについて、図24(a)及び図24(b)を参照して説明する。図24(a)は、タグ2の擬似IDを定期更新する旨と定期更新の対象となるタグ2の近接指示のメッセージ画面の一例を示す図である。図24(b)は、タグ2の擬似IDの定期更新の成功通知を示すメッセージ画面の一例を示す図である。図24(a)及び図24(b)の説明において、擬似IDが定期更新される対象となるタグをタグ2とする。 In the above-described embodiment, the description has been given of newly registering the ID of the tag 2. However, in the authentication system 7, the pseudo ID of the same tag 2 once registered can be periodically updated. . The periodic update of the pseudo ID of the tag 2 will be described with reference to FIGS. 24 (a) and 24 (b). FIG. 24A is a diagram illustrating an example of a message screen for periodically updating the pseudo ID of the tag 2 and a proximity instruction for the tag 2 to be periodically updated. FIG. 24B is a diagram illustrating an example of a message screen indicating a successful notification of periodic update of the pseudo ID of the tag 2. In the description of FIG. 24A and FIG. 24B, the tag for which the pseudo ID is periodically updated is referred to as tag 2.
 携帯端末4は、所定の周期(例:1週間に1回)において、既に記憶部17に記憶(登録)されているタグ2のIDにペアリングされている擬似IDを定期更新する旨と定期更新の対象となるタグ2の近接指示のメッセージ画面を表示部21に表示させる(図24(a)参照)。 The mobile terminal 4 periodically updates the pseudo ID paired with the ID of the tag 2 already stored (registered) in the storage unit 17 in a predetermined cycle (eg, once a week). A message screen for approaching the tag 2 to be updated is displayed on the display unit 21 (see FIG. 24A).
 定期更新の対象となる擬似IDを有するタグ2が携帯端末4に近接されて図24(a)に示す近接指示のメッセージ画面がユーザ操作により確認的に押下された後、携帯端末4は、定期更新の対象となる擬似IDを有するタグ2が図16のフローチャートにおいて説明した認証条件を満たすか否かを判定する。ここでは、説明を簡単にするために、定期更新の対象となる擬似IDを有するタグ2は認証条件を満たすとする。 After the tag 2 having the pseudo ID to be periodically updated is brought close to the portable terminal 4 and the message screen of the proximity instruction shown in FIG. 24A is confirmed by user operation, the portable terminal 4 It is determined whether the tag 2 having the pseudo ID to be updated satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 having a pseudo ID that is a target of periodic update satisfies the authentication condition.
 定期更新の対象となる擬似IDを有するタグ2が認証条件を満たすと、携帯端末4は、当該タグ2の擬似IDを、当該タグ2の擬似IDと異なる新しい擬似IDに更新し、当該新しい擬似IDを、定期更新の対象となる擬似IDを有するタグ2のIDとペアリングされていた動作IDとをペアリングして記憶部17に記憶させる(登録する)。更に、携帯端末4は、新しい擬似IDをタグ2のID及び動作IDにペアリングして記憶部17に記憶させて(登録して)タグ2の定期更新が成功した旨の成功通知のメッセージ画面を表示部21に表示させる(図23(d)参照)。 When the tag 2 having the pseudo ID to be periodically updated satisfies the authentication condition, the mobile terminal 4 updates the pseudo ID of the tag 2 to a new pseudo ID different from the pseudo ID of the tag 2, and The ID is paired with the operation ID that has been paired with the ID of the tag 2 having the pseudo ID to be periodically updated, and stored (registered) in the storage unit 17. Further, the portable terminal 4 pairs the new pseudo ID with the ID and the operation ID of the tag 2 and stores (registers) the new pseudo ID in the storage unit 17 so that the periodic update of the tag 2 is successful. Is displayed on the display unit 21 (see FIG. 23D).
 なお、本発明に係る認証システムは、図1に示す様に、タグ2又はICカード3と、携帯端末4とからなる構成として説明したが、図25に示す様に、タグ2又はICカード3と、携帯端末4と、無線基地局BTSを介して携帯端末4と無線通信する認証サーバ5とからなる構成としても良い。図25に示す認証システム7’について説明する。図25は、本実施形態の変形例の認証システム7’のシステム構成図である。図26は、本実施形態の変形例の認証システム7’における携帯端末4’及び認証サーバ8の内部構成を示すブロック図である。 The authentication system according to the present invention has been described as a configuration including the tag 2 or the IC card 3 and the portable terminal 4 as shown in FIG. 1, but the tag 2 or the IC card 3 as shown in FIG. And it is good also as a structure which consists of the portable terminal 4 and the authentication server 5 which carries out radio | wireless communication with the portable terminal 4 via the wireless base station BTS. The authentication system 7 'shown in FIG. 25 will be described. FIG. 25 is a system configuration diagram of an authentication system 7 'according to a modification of the present embodiment. FIG. 26 is a block diagram showing the internal configuration of the mobile terminal 4 ′ and the authentication server 8 in the authentication system 7 ′ according to the modification of the present embodiment.
 携帯端末4’は、非接触IC2aが実装されたタグ2又は非接触IC2bが実装されたICカード3と近距離無線通信し、無線基地局BTSを介して認証サーバ8と無線通信する。携帯端末4’は、図2の構成のうち、少なくともリードライト部13、表示部21、操作部11及び動作実行部20を含む構成である(図26参照)。認証サーバ8は、図2の携帯端末4の構成のうち、動作情報管理部12、利用可否判定部14、擬似ID生成部15、登録部16、記憶部17、ID正当性検証部18、クローン検出部19、RAM22及びROM23を含み、携帯端末4’と無線通信するための通信部25を更に含む構成である。携帯端末4’及び認証サーバ8の各部の動作は上述した図2の携帯端末4の各部と同様であるため、説明を省略する。 The portable terminal 4 ′ performs short-range wireless communication with the tag 2 on which the non-contact IC 2 a is mounted or the IC card 3 on which the non-contact IC 2 b is mounted, and wirelessly communicates with the authentication server 8 via the wireless base station BTS. The mobile terminal 4 ′ includes at least the read / write unit 13, the display unit 21, the operation unit 11, and the operation execution unit 20 in the configuration illustrated in FIG. 2 (see FIG. 26). The authentication server 8 includes the operation information management unit 12, the availability determination unit 14, the pseudo ID generation unit 15, the registration unit 16, the storage unit 17, the ID validity verification unit 18, the clone of the configuration of the mobile terminal 4 in FIG. The configuration includes a detection unit 19, a RAM 22, and a ROM 23, and further includes a communication unit 25 for wireless communication with the mobile terminal 4 ′. The operation of each part of the mobile terminal 4 ′ and the authentication server 8 is the same as that of each part of the mobile terminal 4 in FIG.
 図25に示す認証システムによれば、図2に示す携帯端末4のIDの利用可否判定処理及び認証処理を認証サーバ8において実行させて認証サーバ8からの認証結果を基に動作実行することができ、携帯端末4’の回路構成を簡易にすることができる。 According to the authentication system shown in FIG. 25, the ID server availability determination process and the authentication process shown in FIG. 2 are executed in the authentication server 8 and executed based on the authentication result from the authentication server 8. It is possible to simplify the circuit configuration of the portable terminal 4 ′.
 なお、本出願は、2011年8月31日出願の日本特許出願(特願2011-189850)に基づくものであり、その内容はここに参照として取り込まれる。 Note that this application is based on a Japanese patent application filed on August 31, 2011 (Japanese Patent Application No. 2011-189850), the contents of which are incorporated herein by reference.
 本発明は、非接触ICカード,タグのIDが確実に利用可能であるか否かを効果的に判定し、ID利用時においてIDと対応付けられた動作の安全な実行を担保する携帯端末、認証方法、認証プログラム及び認証システムとして有用である。 The present invention effectively determines whether or not an ID of a contactless IC card or tag can be used reliably, and ensures a safe execution of an operation associated with the ID when using the ID, It is useful as an authentication method, an authentication program, and an authentication system.
2 RFIDタグ(タグ)
2a、3a 非接触IC
3 ICカード
4、4’ 携帯端末
7、7’ 認証システム
10 制御部
11 操作部
12 動作情報管理部
13 リードライト部
14 利用可否判定部
15 擬似ID生成部
16 登録部
17 記憶部
18 ID正当性検証部
19 クローン検出部
20 動作実行部
21 表示部
22 RAM
23 ROM
31 ID固定判定部
32、42 ID種類判定部
33、43 書込可否判定部
34 IDサイズ判定部
35 セキュリティレベル適合判定部
41 擬似ID判定部 2 RFID tags (tags)
2a, 3a Non-contact IC
3 IC card 4, 4 ′ mobile terminal 7, 7 ′ authentication system 10 control unit 11 operation unit 12 operation information management unit 13 read / write unit 14 availability determination unit 15 pseudo ID generation unit 16 registration unit 17 storage unit 18 ID validity Verification unit 19 Clone detection unit 20 Operation execution unit 21 Display unit 22 RAM
23 ROM
31 ID fixation determination unit 32, 42 ID type determination unit 33, 43 Writability determination unit 34 ID size determination unit 35 Security level conformity determination unit 41 Pseudo ID determination unit

Claims (20)

  1.  非接触ICと無線通信する携帯端末であって、
     前記非接触ICに記憶されているID及びデータを読み取るリードライト部と、
     前記携帯端末における動作の選択画面を表示する表示部と、
     前記リードライト部により読み取られた前記ID及びデータを基に、前記選択画面から選択された前記携帯端末における動作を特定する情報と前記IDとの対応付けに、前記IDの登録ポリシに応じて前記IDが利用可能であるか否かを判定する利用可否判定部と、
     前記IDが利用可能であると判定された場合、前記リードライト部により読み取られた前記IDと前記携帯端末における動作を特定する情報とを対応付ける登録部と、
     前記登録部により対応付けられた前記ID及び前記動作を特定する情報を記憶する記憶部と、を備える携帯端末。     A portable terminal that wirelessly communicates with a non-contact IC,
    A read / write unit for reading the ID and data stored in the non-contact IC;
    A display unit for displaying an operation selection screen in the mobile terminal;
    Based on the ID and data read by the read / write unit, the information that specifies the operation in the mobile terminal selected from the selection screen and the ID are associated with the ID according to the registration policy of the ID. An availability determination unit that determines whether an ID is available;
    If it is determined that the ID is usable, a registration unit that associates the ID read by the read / write unit with information for specifying an operation in the mobile terminal;
    A storage unit that stores the ID associated with the registration unit and information that specifies the operation.
  2.  請求項1に記載の携帯端末であって、
     前記IDの登録ポリシとしてのセキュリティレベルの選択画面を前記表示部に表示させる動作情報管理部と、を更に備え、
     前記動作情報管理部は、
     前記選択された前記IDのセキュリティレベルを基に、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であるか否かの利用可否判定処理を前記利用可否判定部に指示する携帯端末。     The mobile terminal according to claim 1,
    An operation information management unit that displays a selection screen of a security level as a registration policy of the ID on the display unit;
    The operation information management unit
    Based on the security level of the selected ID, instruct the availability determination unit to determine whether the ID can be used for associating the information specifying the operation with the ID. Mobile terminal.
  3.  請求項1に記載の携帯端末であって、
     前記IDの登録ポリシに応じた前記携帯端末における動作の選択画面を前記表示部に表示させる動作情報管理部と、を更に備え、
     前記動作情報管理部は、前記選択画面から選択された前記携帯端末における動作を特定する情報及び前記IDの登録ポリシを基に、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であるか否かの利用可否判定処理を前記利用可否判定部に指示する携帯端末。     The mobile terminal according to claim 1,
    An operation information management unit for causing the display unit to display an operation selection screen in the mobile terminal according to the ID registration policy;
    The operation information management unit is configured to associate the information specifying the operation with the ID based on the information specifying the operation in the mobile terminal selected from the selection screen and the registration policy of the ID. The portable terminal which instruct | indicates the availability determination process of whether it is usable to the said availability determination part.
  4.  請求項2に記載の携帯端末であって、
     前記動作情報管理部は、前記IDの登録ポリシに応じた前記携帯端末における動作の選択画面を前記表示部に表示させ、前記選択画面から選択された前記携帯端末における動作を特定する情報及び前記IDの登録ポリシを基に、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であるか否かの利用可否判定処理を前記利用可否判定部に指示する携帯端末。     The mobile terminal according to claim 2,
    The operation information management unit displays an operation selection screen in the mobile terminal according to the registration policy of the ID on the display unit, and specifies the operation in the mobile terminal selected from the selection screen and the ID A portable terminal that instructs the availability judging unit to determine whether or not the ID can be used for associating the information specifying the operation with the ID based on the registered policy.
  5.  請求項1に記載の携帯端末であって、
     前記IDの登録ポリシに応じた前記携帯端末のアプリケーションにおいて、前記IDの登録項目を含むメニュー画面を前記表示部に表示させる動作情報管理部と、を更に備え、
     前記動作情報管理部は、前記メニュー画面から選択された前記IDの登録項目に応じた前記アプリケーションの動作を特定する情報及び前記IDの登録ポリシを基に、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であるか否かの利用可否判定処理を前記利用可否判定部に指示する携帯端末。     The mobile terminal according to claim 1,
    In the application of the portable terminal according to the registration policy of the ID, further comprising an operation information management unit that displays a menu screen including the registration item of the ID on the display unit,
    The operation information management unit, based on information specifying the operation of the application corresponding to the registration item of the ID selected from the menu screen and the registration policy of the ID, information specifying the operation, and the ID A portable terminal that instructs the availability judgment unit to determine whether or not the ID can be used for the association.
  6.  請求項2に記載の携帯端末であって、
     前記動作情報管理部は、前記IDの登録ポリシに応じた前記携帯端末のアプリケーションにおいて前記IDの登録項目を含むメニュー画面を前記表示部に表示させ、前記メニュー画面から選択された前記IDの登録項目に応じた前記携帯端末のアプリケーションの動作を特定する情報及び前記IDの登録ポリシを基に、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であるか否かの利用可否判定を前記利用可否判定部に指示する携帯端末。     The mobile terminal according to claim 2,
    The operation information management unit causes the display unit to display a menu screen including the registration item of the ID in the application of the mobile terminal according to the registration policy of the ID, and the registration item of the ID selected from the menu screen Use of whether or not the ID can be used for associating the information specifying the operation with the ID based on the information specifying the operation of the application of the mobile terminal according to the ID and the registration policy of the ID A portable terminal for instructing availability determination to the availability determination unit.
  7.  請求項1~6のうちいずれか一項に記載の携帯端末であって、
     前記利用可否判定部は、
     前記リードライト部により読み取られた前記IDが固定値であるか否かを判定するID固定判定部、を含み、
     前記利用可否判定部は、前記ID固定判定部により前記IDが固定値でないと判定された場合、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用不可であると判定する携帯端末。     The mobile terminal according to any one of claims 1 to 6,
    The availability determination unit
    An ID fixing determination unit that determines whether or not the ID read by the read / write unit is a fixed value;
    The availability determination unit determines that the ID is unusable for associating the information specifying the operation with the ID when the ID fixing determination unit determines that the ID is not a fixed value. Terminal.
  8.  請求項7に記載の携帯端末であって、
     前記利用可否判定部は、
     前記リードライト部により読み取られた前記IDのサイズを判定するIDサイズ判定部と、
     前記判定された前記IDのサイズを基に、前記リードライト部により読み取られた前記IDが、前記選択された前記IDのセキュリティレベルに適合するか否かを判定するセキュリティレベル適合判定部と、を更に含み、
     前記利用可否判定部は、前記リードライト部により読み取られた前記IDが前記選択された前記IDのセキュリティレベルに適合すると判定された場合、前記動作を特定する情報と前記IDとの対応付けに前記IDが利用可能であると判定する携帯端末。     The mobile terminal according to claim 7,
    The availability determination unit
    An ID size determination unit that determines the size of the ID read by the read / write unit;
    A security level conformity determination unit that determines whether the ID read by the read / write unit conforms to the security level of the selected ID based on the determined size of the ID; In addition,
    When it is determined that the ID read by the read / write unit conforms to the security level of the selected ID, the availability determination unit is configured to associate the information specifying the operation with the ID. A mobile terminal that determines that an ID is available.
  9.  請求項1~8のうちいずれか一項に記載の携帯端末であって、
     前記リードライト部により読み取られた前記IDとは異なる擬似IDを生成する擬似ID生成部と、を更に備え、
     前記リードライト部は、前記擬似ID生成部により生成された前記擬似IDを、前記非接触ICに書き込み、
     前記登録部は、前記擬似ID生成部により生成された前記擬似IDを、前記ID及び前記動作を特定する情報に対応付けて前記記憶部に登録する携帯端末。     A mobile terminal according to any one of claims 1 to 8,
    A pseudo ID generation unit that generates a pseudo ID different from the ID read by the read / write unit;
    The read / write unit writes the pseudo ID generated by the pseudo ID generation unit to the non-contact IC,
    The registration unit is a mobile terminal that registers the pseudo ID generated by the pseudo ID generation unit in the storage unit in association with the ID and information specifying the operation.
  10.  請求項9に記載の携帯端末であって、
     前記登録部は、前記動作を特定する情報に対応する前記携帯端末における動作を起動するためのアイコンを含むユーザインターフェースを非表示に設定すると共に、前記ユーザインターフェースを前記表示部において非表示状態とすることを、前記ID及び前記動作を特定する情報に対応付けて前記記憶部に登録する携帯端末。     The mobile terminal according to claim 9,
    The registration unit sets a user interface including an icon for starting an operation in the mobile terminal corresponding to the information specifying the operation to be hidden, and sets the user interface to a non-display state on the display unit. This is registered in the storage unit in association with the ID and the information specifying the operation.
  11.  請求項9に記載の携帯端末であって、
     前記登録部は、前記動作を特定する情報に対応する前記携帯端末における動作を起動するためのアイコンを含むユーザインターフェースの操作に基づいて前記動作を起動させない設定を行うと共に、前記ユーザインターフェースの操作に基づいて前記携帯端末における動作を非動作設定状態とすることを、前記ID及び前記動作を特定する情報に対応付けて前記記憶部に登録する携帯端末。     The mobile terminal according to claim 9,
    The registration unit is configured not to activate the operation based on an operation of a user interface including an icon for activating an operation in the mobile terminal corresponding to the information specifying the operation, and for the operation of the user interface. A mobile terminal that registers in the storage unit that the operation in the mobile terminal is set to a non-operation setting state in association with the ID and the information specifying the operation.
  12.  請求項2~11のうちいずれか一項に記載の携帯端末であって、
     前記動作情報管理部は、前記IDが利用可能であると判定された場合、前記動作を特定する情報と対応付けられる前記IDの前記記憶部への登録結果情報を前記表示部に表示させる携帯端末。     The mobile terminal according to any one of claims 2 to 11,
    When it is determined that the ID is usable, the operation information management unit displays on the display unit registration result information of the ID associated with the information specifying the operation in the storage unit .
  13.  請求項10に記載の携帯端末であって、
     前記動作情報管理部は、前記登録結果情報として、少なくとも前記IDの名称、又は前記IDを記憶する非接触ICを含むタグ又はICカードの名称を前記表示部に表示させる携帯端末。     It is a portable terminal of Claim 10, Comprising:
    The said operation information management part is a portable terminal which displays the name of the tag or IC card containing the contactless IC which memorize | stores the said ID at least as the said registration result information on the said display part.
  14.  請求項2~9のうちいずれか一項に記載の携帯端末であって、
     前記動作情報管理部は、前記IDが利用可能でないと判定された場合、前記IDと前記IDが利用可能でない理由情報とを前記表示部に表示する携帯端末。     A mobile terminal according to any one of claims 2 to 9,
    When it is determined that the ID is not usable, the operation information management unit displays the ID and reason information that the ID is not usable on the display unit.
  15.  請求項1~14のうちいずれか一項に記載の携帯端末であって、
     前記リードライト部により読み取られた前記IDが、前記登録部により前記記憶部に登録された前記IDと一致するか否かを判定するID正当性検証部と、
     前記リードライト部により読み取られた前記ID及びデータを基に、前記リードライト部により読み取られたIDがクローンであるか否かを判定するクローン検出部と、を更に備え、
     前記動作情報管理部は、前記IDが前記記憶部に登録された前記IDと一致しないと判定された場合、前記リードライト部により読み取られた前記IDの認証が失敗した旨を前記表示部に表示する携帯端末。     The mobile terminal according to any one of claims 1 to 14,
    An ID validity verification unit that determines whether or not the ID read by the read / write unit matches the ID registered in the storage unit by the registration unit;
    A clone detection unit that determines whether the ID read by the read / write unit is a clone based on the ID and data read by the read / write unit;
    When it is determined that the ID does not match the ID registered in the storage unit, the operation information management unit displays on the display unit that the authentication of the ID read by the read / write unit has failed. Mobile terminal.
  16.  請求項15に記載の携帯端末であって、
     前記リードライト部により読み取られた前記ID及びデータを基に、前記リードライト部により読み取られたIDがクローンであるか否かを判定するクローン検出部と、を備え、
     前記クローン検出部は、
     前記リードライト部により読み取られた前記データに含まれる擬似IDが、前記登録部により前記記憶部に登録された前記IDに対応付けて記憶されている複数の前記擬似IDのうち最新の前記擬似IDであるか否かを判定する擬似ID判定部と、
     前記データに含まれる擬似IDが前記複数の前記擬似IDのうち最新以外の前記擬似IDと一致すると判定された場合、前記リードライト部により読み取られた前記IDがクローンであると判定するクローン検出判定部と、を更に含む携帯端末。     The mobile terminal according to claim 15, wherein
    A clone detection unit that determines whether the ID read by the read / write unit is a clone based on the ID and data read by the read / write unit;
    The clone detection unit is
    The pseudo ID included in the data read by the read / write unit is the latest pseudo ID among the plurality of pseudo IDs stored in association with the ID registered in the storage unit by the registration unit. A pseudo ID determination unit that determines whether or not
    Clone detection determination for determining that the ID read by the read / write unit is a clone when it is determined that the pseudo ID included in the data matches the pseudo ID other than the latest one among the plurality of pseudo IDs A portable terminal.
  17.  請求項16に記載の携帯端末であって、
     前記クローン検出部は、
     前記リードライト部により読み取られた前記データに含まれる擬似IDが、前記登録部により前記記憶部に登録された前記IDに対応付けて記憶されている複数の前記擬似IDのうち最新の前記擬似IDであるか否かを判定する擬似ID判定部と、を更に備え、
     前記擬似ID生成部は、前記擬似ID判定部にて前記データに含まれる擬似IDが前記複数の前記擬似IDのうち最新の前記擬似IDであると判定された場合、前記データに含まれる擬似IDと異なる新しい擬似IDを生成し、
     前記リードライト部は、前記擬似ID生成部により生成された前記新しい擬似IDを、前記非接触ICに書き込む携帯端末。     The mobile terminal according to claim 16, wherein
    The clone detection unit is
    The pseudo ID included in the data read by the read / write unit is the latest pseudo ID among the plurality of pseudo IDs stored in association with the ID registered in the storage unit by the registration unit. A pseudo ID determination unit that determines whether or not
    The pseudo ID generation unit, when the pseudo ID determination unit determines that the pseudo ID included in the data is the latest pseudo ID among the plurality of pseudo IDs, the pseudo ID included in the data Generate a new pseudo ID different from
    The read / write unit is a portable terminal that writes the new pseudo ID generated by the pseudo ID generation unit to the non-contact IC.
  18.  非接触ICと無線通信する携帯端末における認証方法であって、
     前記非接触ICに記憶されているID及びデータを読み取るステップと、
     前記読み取られたID及びデータを基に、前記IDがクローンであるか否かを判定するステップと、
     前記読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成するステップと、
     前記生成された新しい擬似IDを前記非接触ICに書き込むステップと、
     記憶部において、前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDとに対応付けて記憶されている擬似IDを、前記新しい擬似IDに更新するステップと、
     前記記憶部に記憶されている前記擬似IDを前記新しい擬似IDに更新した後、前記動作を特定する情報に対応した前記携帯端末における動作を実行するステップと、を備える認証方法。     An authentication method in a portable terminal that wirelessly communicates with a non-contact IC,
    Reading the ID and data stored in the non-contact IC;
    Determining whether the ID is a clone based on the read ID and data; and
    If it is determined that the read ID is not a clone, generating a new pseudo ID different from the pseudo ID included in the read data;
    Writing the generated new pseudo ID to the contactless IC;
    In the storage unit, updating the pseudo ID stored in association with the ID and the information specifying the operation in the portable terminal according to the security level of the ID to the new pseudo ID;
    And performing an operation in the portable terminal corresponding to the information specifying the operation after updating the pseudo ID stored in the storage unit to the new pseudo ID.
  19.  非接触ICと無線通信するコンピュータである携帯端末に、
     前記非接触ICに記憶されているID及びデータを読み取るステップと、
     前記読み取られたID及びデータを基に、前記読み取られた前記IDがクローンであるか否かを判定するステップと、
     前記読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成するステップと、
     前記生成された新しい擬似IDを前記非接触ICに書き込むステップと、
     記憶部において、前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDとに対応付けて記憶されている擬似IDを、前記新しい擬似IDに更新するステップと、
     前記記憶部に記憶されている前記擬似IDを前記新しい擬似IDに更新した後、前記動作を特定する情報に対応した前記携帯端末における動作を実行するステップと、を実現させるための認証プログラム。     To mobile terminals that are computers that communicate wirelessly with non-contact ICs,
    Reading the ID and data stored in the non-contact IC;
    Determining whether the read ID is a clone based on the read ID and data;
    If it is determined that the read ID is not a clone, generating a new pseudo ID different from the pseudo ID included in the read data;
    Writing the generated new pseudo ID to the contactless IC;
    In the storage unit, updating the pseudo ID stored in association with the ID and the information specifying the operation in the portable terminal according to the security level of the ID to the new pseudo ID;
    An authentication program for realizing, after updating the pseudo ID stored in the storage unit to the new pseudo ID, executing an operation in the portable terminal corresponding to the information specifying the operation.
  20.  非接触ICと、前記非接触ICと無線通信する携帯端末とを含む認証システムであって、
     前記非接触ICは、
     前記非接触ICのID及びデータを記憶する非接触IC記憶部と、
     前記携帯端末からの読み取り信号を受信し、前記ID及びデータを送信する通信部と、を備え、
     前記携帯端末は、
     前記非接触ICに前記読み取り信号を送信し、前記非接触ICから前記ID及びデータを受信するリードライト部と、
     前記IDのセキュリティレベルに応じた前記携帯端末における動作を特定する情報と前記IDと前記IDとは異なる擬似IDとを対応付けて記憶する記憶部と、
     前記リードライト部により読み取られた前記ID及びデータを基に、前記読み取られた前記IDがクローンであるか否かを判定するクローン検出部と、
     前記リードライト部により読み取られた前記IDがクローンでないと判定された場合、前記読み取られたデータに含まれる擬似IDとは異なる新しい擬似IDを生成する擬似ID生成部と、
     前記記憶部において前記動作を特定する情報と前記IDとに対応付けて記憶されている前記擬似IDを、前記擬似ID生成部により生成された前記新しい擬似IDに更新する登録部と、
     前記動作を特定する情報に対応した前記携帯端末における動作を実行する動作実行部と、を備える認証システム。     An authentication system including a non-contact IC and a portable terminal that communicates wirelessly with the non-contact IC,
    The non-contact IC is:
    A non-contact IC storage unit for storing the ID and data of the non-contact IC;
    A communication unit that receives a read signal from the mobile terminal and transmits the ID and data,
    The portable terminal is
    A read / write unit that transmits the read signal to the non-contact IC and receives the ID and data from the non-contact IC;
    A storage unit that associates and stores information for specifying an operation in the mobile terminal according to the security level of the ID, the ID, and a pseudo-ID different from the ID;
    Based on the ID and data read by the read / write unit, a clone detection unit that determines whether the read ID is a clone,
    When it is determined that the ID read by the read / write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data;
    A registration unit for updating the pseudo ID stored in association with the information specifying the operation and the ID in the storage unit to the new pseudo ID generated by the pseudo ID generation unit;
    An operation execution unit that executes an operation in the portable terminal corresponding to the information specifying the operation.
PCT/JP2012/005157 2011-08-31 2012-08-14 Mobile terminal, authentication method, authentication program and authentication system WO2013031115A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011189850A JP2013050930A (en) 2011-08-31 2011-08-31 Portable terminal, authentication method, authentication program, and authentication system
JP2011-189850 2011-08-31

Publications (1)

Publication Number Publication Date
WO2013031115A1 true WO2013031115A1 (en) 2013-03-07

Family

ID=47755647

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/005157 WO2013031115A1 (en) 2011-08-31 2012-08-14 Mobile terminal, authentication method, authentication program and authentication system

Country Status (2)

Country Link
JP (1) JP2013050930A (en)
WO (1) WO2013031115A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150039908A1 (en) * 2013-07-30 2015-02-05 Deutsche Telekom Ag System and Method for Securing A Credential Vault On A Trusted Computing Base
EP3554184A1 (en) * 2013-09-26 2019-10-16 Jung, Jaelark Method, communication terminal, and computer-readable recording medium for controlling home screen of communication terminal
CN109040099B (en) * 2013-10-30 2021-06-22 创新先进技术有限公司 Verification method, terminal and system for application
JP6662561B2 (en) 2014-03-31 2020-03-11 フェリカネットワークス株式会社 Information processing method, information processing device, authentication server device and confirmation server device
JP6668890B2 (en) * 2016-03-31 2020-03-18 ブラザー工業株式会社 Communication device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105231A1 (en) * 2007-02-28 2008-09-04 Nec Corporation Information processor having lock function, lock (unlock) method for information processor, and program thereof
JP2010057053A (en) * 2008-08-29 2010-03-11 Nec Corp System and method for controlling mobile phone

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105231A1 (en) * 2007-02-28 2008-09-04 Nec Corporation Information processor having lock function, lock (unlock) method for information processor, and program thereof
JP2010057053A (en) * 2008-08-29 2010-03-11 Nec Corp System and method for controlling mobile phone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHINGO KINOSHITA: "Ubiquitous Kankyo no Security Mondai to Kaiketsu Gijutsu", COMPUTER & NETWORK LAN, vol. 22, no. 2, 1 February 2004 (2004-02-01), pages 18 - 28 *

Also Published As

Publication number Publication date
JP2013050930A (en) 2013-03-14

Similar Documents

Publication Publication Date Title
KR100552984B1 (en) Device and method for restricting content access and storage
US8689002B2 (en) Peripheral device, network system, communication processing method
JP5494496B2 (en) Thin client-server system, thin client terminal, data management method, and computer-readable recording medium
KR100698563B1 (en) Ic card, terminal device, and data communication method
JP4142287B2 (en) Communication terminal, content use restriction method, and program execution restriction method
JP2010049420A (en) Apparatus, method, program and system for processing information
JP2013109695A (en) Application lock release system and application lock release program
WO2013031115A1 (en) Mobile terminal, authentication method, authentication program and authentication system
JP2006209433A (en) Information acquirement control system, portable terminal, information acquirement control method, and program
JP5351953B2 (en) Portable terminal, terminal function management system, terminal function management method, terminal function management program, and computer-readable recording medium for recording the program
CN110795737A (en) Method and terminal equipment for upgrading service application range of electronic identity card
JP5928760B2 (en) Content management method
JP2005050306A (en) Information processor and information processing terminal
KR20080112674A (en) Apparatus, system, method and computer program recorded medium for authenticating internet service server and user by using portable storage with security function
JP2004348475A (en) Cellular phone terminal, ic card, management device, settlement terminal, and ic card management method and program
JP6350659B2 (en) Drug history information management device and method, registration terminal device and method, and program
JP2012226394A (en) Terminal installation system and terminal installation method
JP2005157429A (en) Information processor, information processing system, and program
JP6065623B2 (en) Information management device, portable terminal device, and program
JP2017111667A (en) Management device, terminal device, program and settlement system
JP2014011495A (en) Portable terminal and information processing method
JP6237870B2 (en) Information processing device, terminal device, and program
JP2012063863A (en) Information processing equipment, authentication control method and authentication control program
JP2009212784A (en) Communication system, mobile terminal and communication method
JP2006209183A (en) Name card information management server, name card information management terminal, name card information management program, recording medium and card information management method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12828444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12828444

Country of ref document: EP

Kind code of ref document: A1