WO2013168446A1 - Information terminal and individual information storage terminal - Google Patents

Information terminal and individual information storage terminal Download PDF

Info

Publication number
WO2013168446A1
WO2013168446A1 PCT/JP2013/054046 JP2013054046W WO2013168446A1 WO 2013168446 A1 WO2013168446 A1 WO 2013168446A1 JP 2013054046 W JP2013054046 W JP 2013054046W WO 2013168446 A1 WO2013168446 A1 WO 2013168446A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
personal information
information storage
personal
Prior art date
Application number
PCT/JP2013/054046
Other languages
French (fr)
Japanese (ja)
Inventor
裕紀 山▲崎▼
相川 慎
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Publication of WO2013168446A1 publication Critical patent/WO2013168446A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to an information terminal and a personal information storage terminal, and more particularly to an information terminal and a personal information storage terminal with improved security.
  • Patent Document 1 describes “providing a mobile phone including an IC tag in which personal authentication data is stored” as means for using the mobile phone for authentication.
  • an object of the present invention is to provide a personal information storage terminal and an information terminal with improved security.
  • the invention according to the present application includes a plurality of means for solving the above-described problems. For example, “an information server for storing information and authentication based on the user's personal information to the information server are performed.
  • the above-described information terminal in an information system having an information terminal for sending and receiving the information and a personal information storage terminal for storing the personal information of the user, wherein the personal information is stored and connected to the information terminal
  • a first communication unit for sending / receiving the personal information to / from a storage unit; and a storage unit for storing first identification information for the first communication unit to exchange personal information with the personal information storage unit
  • a second communication unit that communicates the personal information with the personal information storage terminal
  • a third communication unit that communicates with the information server via a network
  • a control unit that controls the operation of the information terminal.
  • the control unit acquires, from the personal information storage terminal, second identification information unique to a user of the information terminal stored in the personal information storage terminal via the second communication unit, and the first identification Information or second identification information is selected, and authentication information unique to the user of the information terminal is acquired from the personal information storage unit provided in the information terminal based on the first identification information. Alternatively, it is acquired from the personal information storage terminal based on the second identification information, and the acquired authentication information is controlled to be transmitted to the information server via the third communication unit ”.
  • the above-mentioned personal information means, for example, an encryption key that is secret information.
  • the personal information is information necessary when the information terminal logs into the information server.
  • FIG. 1 is a diagram illustrating an example of an authentication system using an information terminal and a personal information storage terminal.
  • the information terminal 1 and the personal information storage terminal 2 are connected by communication 90, and the information terminal 1 and the information server 3 are connected by a network 91.
  • these may be simply referred to as terminals.
  • terminals when it is necessary to distinguish one constituent element from another constituent element, one may be expressed as a and the other as b.
  • one information terminal 1 and another information terminal 1 there are cases where one is represented as an information terminal 1a and the other as an information terminal 1b.
  • the information terminal 1 is a terminal having a display means capable of displaying information, an input means capable of inputting information, a communication means capable of communicating with other devices and devices, a computing means capable of calculating information, and the like.
  • Authentication information and the like are acquired from the personal information storage terminal 2 through the communication 90 mainly when communicating with the information server 3 via the network 91.
  • the authentication information is information necessary for the information terminal 1 to log in to the information server 3 and is a typical example of the personal information described above.
  • the authentication system may include a plurality of information terminals 1.
  • the information terminal 1 may be a PC (Personal Computer), a thin client terminal (illustrated as the information terminal 1a in FIG. 1), a tablet terminal (illustrated as the information terminal 1b in FIG.
  • the personal information storage terminal 2 is a terminal having display means capable of displaying information, input means capable of inputting information, communication means capable of communicating with other apparatuses and devices, and arithmetic means capable of computing information. Yes, authentication information and the like are mainly transmitted to the information terminal 1 through the communication 90.
  • the personal information storage terminal 2 may be a smartphone or a mobile phone, but is not limited thereto.
  • the authentication system may include a plurality of personal information storage terminals 2. Although not shown in the figure, there is no problem even if the personal information storage terminal 2 is connected to the network 91.
  • the information server 3 is a server connected to the network 91 and communicates with the information terminal 1 via the network 91.
  • the information server 3 is operated by a system used by the user. For example, a system for using a thin client terminal or a business system used by a user for work in a company or the like may be operating.
  • the information server 3 obtains authentication information from the information terminal 1, verifies the authentication information, and determines that the information terminal 1 or the user of the information terminal 1 is valid. Allow access. Further, communication with the personal information storage terminal 2 may be performed via the network 91.
  • the communication 90 is communication performed by the information terminal 1 and the personal information storage terminal 2, and is an international standard communication of Bluetooth (registered trademark), USB (Universal Serial Bus), wired LAN (Local Area Network), wireless LAN, and contactless IC card. Communication using a communication system such as ISO14443, an international standard communication system for contact IC cards, ISO7816, NFC (Near Field Communication), FeliCa (registered trademark), TransferJET (registered trademark), or the like can be considered.
  • a communication system such as ISO14443, an international standard communication system for contact IC cards, ISO7816, NFC (Near Field Communication), FeliCa (registered trademark), TransferJET (registered trademark), or the like can be considered.
  • the network 91 is a WAN (Wide Area Network) such as a WAN (Wide Area Network) using an Internet protocol, a wired LAN, a wireless LAN, LTE (Long Term Evolution Access), HSPA (High Speed Packet Access), and the like. It is a network, and the information terminal 1, the information server 3, etc. are connected to each other to transmit and receive information. Alternatively, the personal information storage terminal 2 may be connected to each other. In FIG. 1, the communication 90 between the information terminal 1a and the personal information storage terminal 2 is illustrated as the communication 90a, and the communication 90 between the information terminal 1b and the personal information storage terminal 2 is illustrated as the communication 90b. It is not indispensable that 2 communicates with both the information terminal 1a and the information terminal 1b.
  • the personal information storage unit 1000 and the personal information storage unit 2000 store authentication information and the like necessary for the information terminal 1 to access the information server 3.
  • the personal information storage unit 1000 and the personal information storage unit 2000 may be a module independent of the information terminal 1 or the personal information storage terminal 2 such as a dongle, an IC card, an SD card, a SIM card, or the information terminal 1 Or as a part of the personal information storage terminal 2 and may be connected to other modules by connection or the like.
  • the module is an independent module, communication is performed by bringing the terminal into contact with, inserting, or approaching the information terminal 1 or the personal information storage terminal 2, and authentication information or the like is provided to the information terminal 1 or the personal information storage terminal 2. To do.
  • USB serial communication
  • Ethernet registered trademark
  • ISO7816 communication conforming to the SD card standard
  • ISO14443 registered trademark
  • NFC Universal Serial Bus
  • FeliCa FeliCa
  • software stored in the information terminal 1 or the personal information storage terminal 2 may be used.
  • the personal information storage unit 1000 and the personal information storage unit 2000 may be described with names such as the personal information storage unit 1000a and the personal information storage unit 1000b for convenience when there are a plurality of the personal information storage unit 2000 and the personal information storage unit 2000.
  • the personal information storage unit 1000a is an SD card and the personal information storage unit 1000b is a SIM card.
  • the personal information storage unit 2000 may be simply referred to as a personal information storage unit.
  • the information terminal 1 is a notebook PC or a desktop PC provided at home or at work, and may be shared by a plurality of people, but recently it is often assigned to each individual.
  • the personal information storage terminal 2 is a smartphone or a mobile phone that is carried in each individual's bag or clothing pocket, and is often assigned to each individual. Since the user carries the notebook PC as the information terminal 1 and the smartphone as the personal information storage terminal 2 together, the information terminal 1 and the personal information storage terminal 2 are located at a short distance from each other. Even when a user uses a desktop PC as the information terminal 1, for example, a smartphone that is the personal information storage terminal 2 is often placed in a pocket, so the information terminal 1 and the personal information storage terminal 2 are close to each other. Located in.
  • this embodiment uses a personal information storage terminal 2 which is a device different from the information terminal 1 as a device for storing personal information.
  • a personal information storage terminal 2 which is a device different from the information terminal 1 as a device for storing personal information.
  • this embodiment improves security. It has one feature.
  • the information terminal 1 and the personal information storage terminal 2 are used, the information terminal 1 and the personal information storage terminal 2 are often located at a short distance from each other.
  • One feature of the present embodiment is that the problem that personal information cannot be acquired when personal information for logging in is requested is solved.
  • the present embodiment can also have one feature of improving security by eliminating the event as will be described later.
  • FIG. 2 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
  • the information terminal 1 includes a personal information storage unit 1000, a display unit 1001, an input unit 1002, a power supply unit 1003, a short-range communication unit 1004, a network communication unit 1005, a storage unit 1006, a control unit 1007, a proximity communication unit 1008, and a wired connection.
  • a communication unit 1009 is provided, and these are connected by a bus line or the like.
  • the personal information storage unit 1000 has been described with reference to FIG.
  • FIG. 2 shows that the personal information storage unit 1000 is physically connected to other modules inside the information terminal 1, the configuration is not limited to this as described above.
  • other modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent.
  • one personal information storage unit 1000 exists, but two or more personal information storage units 1000 may exist, or the personal information storage unit 1000 does not exist in the information terminal 1 and the personal information storage terminal 2 exists.
  • the personal information storage unit 2000 may include one or more personal information storage units 2000.
  • the personal information storage unit 1000 does not exist in the information terminal 1, it is possible to reduce security problems when the user leaves the information terminal 1. That is, even if the information terminal 1 is logged out, the security is such that a third party who knows by stealing the password used by the user (for example, the PIN number described later) uses the information terminal 1 as the user. The above problem can be reduced.
  • the display unit 1001 includes a liquid crystal display, an organic EL (Electro-Luminescence) display, a panel such as electronic paper, a driver circuit, and the like. Under the control of the control unit 1007, arbitrary information (for example, characters, still images, And video). Note that the display unit 1001 may include a plurality of panels that can display different information.
  • the input unit 1002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 1007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 1007. Note that the display unit 1001 and the input unit 1002 may be integrated as in a touch panel.
  • the power supply unit 1003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the information terminal 1 and charges the battery. Whether the information terminal 1 is driven by a battery or an AC adapter is checked, and the remaining battery level is checked.
  • the short-range communication unit 1004 is an element for the information terminal 1 to communicate with the personal information storage terminal 2, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable.
  • the near field communication unit 1004 may be the same module as the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 described later depending on circumstances.
  • the network communication unit 1005 is a function for the information terminal 1 to communicate with the information server 3 via the network 91, and a module for performing communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. Can be considered.
  • the network communication unit 1005 may perform the role of the above-described short-range communication unit 1004 in an example of processing, although not taken up and illustrated.
  • the network communication unit 1005 is used not only for the information terminal 1 to communicate with the information server 3 but also for communicating with the personal information storage terminal 2.
  • the storage unit 1006 includes a memory built in the information terminal 1 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 1007 is stored.
  • the control unit 1007 is configured by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), and the like, and executes a predetermined operation control program and the like.
  • the proximity communication unit 1008 is a function for the information terminal 1 to perform wireless proximity communication with other terminals and the personal information storage unit 1000 as an external module, such as Bluetooth, ISO14443, NFC, FeliCa, and TransferJET. A module for performing communication can be considered.
  • the proximity communication unit 1008 may perform the role played by the short-range communication unit 1004 described above in an example of processing, although it is not taken up and illustrated.
  • the wired communication unit 1009 is a function for the information terminal 1 to communicate with other terminals and the personal information storage unit 1000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816, etc. A module for performing communication can be considered.
  • the wired communication unit 1009 may perform the role of the short-range communication unit 1004 described above in an example of processing.
  • the wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like.
  • the wired communication function includes a connector, a modulation / demodulation circuit, and the like.
  • the near field communication unit 1004, the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 may be configured to correspond to a plurality of communication methods.
  • the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
  • the personal information storage terminal 2 includes a personal information storage unit 2000, a display unit 2001, an input unit 2002, a power supply unit 2003, a near field communication unit 2004, a network communication unit 2005, a storage unit 2006, a control unit 2007, a proximity communication unit 2008, A wired communication unit 2009, a sensor unit 2010, and a position information acquisition unit 2011 are provided, and these are connected by a bus line or the like.
  • the personal information storage unit 2000 has been described with reference to FIG.
  • FIG. 2 shows that the personal information storage unit 2000 is physically connected to other modules within the personal information storage terminal 2, the configuration is not limited to this as described above. .
  • modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent.
  • FIG. 2 there are a plurality of personal information storage units 2000, each of which is personal information 2000a and personal information 2000b. However, there may be one personal information storage unit or three or more personal information storage units. It doesn't matter.
  • the display unit 2001 includes a panel such as a liquid crystal display, an organic EL display, and electronic paper, a driver circuit, and the like. Under the control of the control unit 2007, arbitrary information (for example, characters, still images, and moving images) is displayed. indicate. Note that the display unit 2001 may include a plurality of panels capable of displaying different information.
  • the input unit 2002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 2007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 2007. Note that the display unit 2001 and the input unit 2002 may be integrated as in a touch panel.
  • the power supply unit 2003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the personal information storage terminal 2 and charges the battery.
  • the personal information storage terminal 2 is checked whether the battery is driven or the AC adapter is driven, and the remaining battery level is checked.
  • the short-range communication unit 2004 is a function for the personal information storage terminal 2 to communicate with the information terminal 1, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable.
  • the near field communication unit 2004 may be the same module as the network communication unit 2005, the near field communication unit 2008, and the wire communication unit 2009, which will be described later.
  • the network communication unit 2005 is a function for the personal information storage terminal 2 to communicate with other components via the network 91, and performs communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. A module can be considered.
  • the network communication unit 2005 may be performed in place of the role played by the short-range communication unit 2004 described above in an example of processing, although not taken up and illustrated. In this case, the network communication unit 2005 may be used for communicating with the information terminal 1 via the network 91.
  • the storage unit 2006 includes a memory built in the personal information storage terminal 2 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 2007 is stored.
  • the control unit 2007 includes a CPU, an MPU, a DSP, and the like, and controls the entire operation of the personal information storage terminal 2 by executing a predetermined operation control program.
  • the proximity communication unit 2008 is a function for the personal information storage terminal 2 to perform wireless proximity communication with other terminals and the personal information storage unit 2000 as an external module. Bluetooth, ISO14443, NFC, FeliCa, and TransferJET A module for performing such communication is conceivable.
  • the proximity communication unit 2008 may be performed in place of the role played by the above-described short-range communication unit 2004 in an example of processing, though not taken up and illustrated.
  • the wired communication unit 2009 is a function that allows the personal information storage terminal 2 to communicate with other terminals and the personal information storage unit 2000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816. A module for performing such communication is conceivable.
  • the wired communication unit 2009 may be performed in place of the role of the short-range communication unit 2004 described above in an example of processing.
  • the wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like.
  • the wired communication function includes a connector, a modulation / demodulation circuit, and the like.
  • the near field communication unit 2004, the network communication unit 2005, the near field communication unit 2008, and the wired communication unit 2009 may each be configured to support a plurality of communication methods.
  • the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
  • the sensor unit 2010 has a function of acquiring information related to acceleration of the personal information storage terminal 2 (hereinafter, acceleration information) and the like. From the acquired acceleration information, the state (rotation, drop, vibration, etc.) of the personal information storage terminal 2 can be detected.
  • the sensor unit 2010 has a function of capturing not only information relating to acceleration but also various environmental information in which the personal information storage terminal 2 is placed such as temperature, humidity, video, light quantity, air volume, smell, sound and the like as data. It may be.
  • the location information acquisition unit 2011 acquires information indicating the current location of the personal information storage terminal 2 (hereinafter, location information) by GPS (Global Positioning System), IMES (Indoor Messaging System), wireless LAN, or the like.
  • the sensor unit 2010 and the position information acquisition unit 2011 are provided for the following purposes, for example, as necessary.
  • the user of the information terminal 1 that is a PC logs in the information server 3 with the personal information storage terminal 2 that is a smartphone in a pocket, for example.
  • the user has left the information terminal 1 without logging out of the information server 3 due to the occurrence of a business.
  • a third party impersonates the user and operates the information terminal 1, which causes a security problem.
  • the sensor unit 2010 acquires the acceleration given to the personal information storage terminal 2 or the position information acquisition unit 2011 acquires the current position of the personal information storage terminal 2, the movement of the user described above is controlled.
  • the unit 2007 can detect the user's movement described above. Accordingly, the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the distance between the information terminal 1 and the personal information storage terminal 2 becomes long and communication between the short-range communication units 1004 and 2004 becomes impossible, the use of the third party is greatly limited. However, when communication is not interrupted, the present embodiment exerts a great effect. This is also an effect due to the fact that the information terminal 1 and the personal information storage terminal 2 are different devices.
  • FIG. 3 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
  • FIG. 3 illustrates a case where the personal information storage unit 1000 and the personal information storage unit 2000 are modules independent of the information terminal 1 and the personal information storage terminal 2, respectively.
  • the same components as those in FIG. 3 are identical to those in FIG. 3
  • the information terminal 1 includes a personal information storage unit communication unit 1020 and is connected to other modules by a bus line or the like.
  • the personal information storage unit 1000 communicates with other modules via the personal information storage unit communication unit 1020.
  • As the personal information storage unit communication unit 1020 a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, or the like can be considered.
  • the personal information storage unit communication unit 1020 may be the same module as the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 depending on circumstances.
  • FIG. 3 shows an example in which there is one personal information storage unit 1000 and one personal information storage unit communication unit 1020 as in the example of FIG.
  • a personal information storage unit communication unit 1020 that does not have a corresponding personal information storage unit 1000 may be included in the configuration.
  • the personal information storage unit communication unit 1020 does not exist in the information terminal 1 and one or more personal information storage unit communication units 2020 exist in the personal information storage terminal 2.
  • the personal information storage terminal 2 includes a personal information storage unit communication unit 2020 and is connected to other modules by a bus line or the like.
  • the personal information storage unit 2000 communicates with other modules via the personal information storage unit communication unit 2020.
  • the personal information storage unit communication unit 2020 may be a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, and the like.
  • the personal information storage unit communication unit 2020 may be the same module as the network communication unit 2005, the proximity communication unit 2008, and the wired communication unit 2009 depending on circumstances.
  • FIG. 3 similar to the example of FIG.
  • a plurality of personal information storage units 2000 are set as personal information 2000 a and personal information 2000 b, respectively, and the personal information storage unit communication unit 2020 a and the personal information storage unit communication unit 2020 b respectively.
  • the personal information storage unit communication unit 2020 may be included in the configuration.
  • the personal information storage terminal 2 is preferably provided with a plurality of personal information storage unit communication units 2020 to support many types of storage devices.
  • each of the personal information storage unit 1000 and the personal information storage unit 2000 is a module independent of the information terminal 1 and the personal information storage terminal 2, but only one of them is the example of FIG. As described above, it may be included as an internal configuration of the information terminal 1 or the personal information storage terminal 2. Further, for example, the personal information storage unit 2000a is included as an internal configuration of the personal information storage terminal 2, and the personal information storage unit 2000b communicates with the personal information storage terminal 2 via the personal information storage unit communication unit 2020 as an independent module. Any configuration may be used.
  • the processing flow and the like will be described based on the configuration of FIG. 2, but the portion that exchanges information with the personal information storage unit 1000 and the personal information storage unit 2000 in the processing flow is the configuration of FIG. If the information is exchanged with the personal information storage unit 1000 or the personal information storage unit 2000 via the personal information storage unit communication unit 1020 or the personal information storage unit communication unit 2020 based on the above, there will be no problem.
  • FIG. 4 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1.
  • the storage unit 1006 includes an application storage unit 1100, a personal information storage unit management code 1200, personal information storage unit identification information 1300, an inter-terminal communication control code 1400, and an inter-terminal communication selection information 1401.
  • the application storage unit 1100 includes a personal information storage unit utilization application 1101.
  • the application storage unit 1100 may include a plurality of personal information storage unit utilization applications 1101 or may include other applications.
  • the personal information storage unit use application 1101 is executed by the control unit 1007.
  • the control unit 1007 causes the personal information storage unit use application 1101 to execute processing related to personal authentication using information based on personal information stored in the personal information storage unit 1000 or the personal information storage unit 2000, for example.
  • a PIN number Personal Identification Number
  • a PIN number Personal Identification Number
  • authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are stored in the personal authentication storage unit 1000 or the personal authentication storage unit. It is conceivable that the authentication information is acquired by using 2000 and the authentication information is transmitted via the network communication unit 1005.
  • the personal information storage unit management code 1200 is personal information storage that is identification information necessary for the personal information storage unit utilization application 1101 to use the personal information storage unit 1000 and the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing the copy identification information 1300 and is executed by the control unit 1007.
  • the control unit 1007 transmits the personal information storage unit management code 1200 to the information related to the personal information storage unit 1000 and the personal information storage unit communication unit 1020 of the information terminal 1 or from the short-range communication unit 1004 to the personal information storage unit 2000 or the individual. Information related to the information storage unit communication unit 2020 is collected, and control is performed so as to create or update personal information storage unit identification information 1300 described later.
  • the personal information storage unit management code 1200 When the personal information storage unit use application 1101 uses the personal information storage unit 1000 or the personal information storage unit 2000, the personal information storage unit management code 1200 provides the necessary identification information, and the personal information storage unit A process for transmitting a request for use to the management code 1200 and receiving a result as appropriate is performed.
  • Examples of the personal information storage unit management code 1200 include services, daemons, applications, drivers, etc. that operate in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, combinations thereof, Alternatively, services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
  • Personal information storage unit identification information 1300 is an area for storing information of personal information storage unit 1000 and personal information storage unit 2000 collected by personal information storage unit management code 1200.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • the control unit 1007 may store each information in association with the management ID.
  • the personal information storage unit use application 1101 is stored in the personal information storage unit identification information 1300 and includes information including a management ID that can identify the personal information storage unit 1000 and the personal information storage unit 2000 or a character string of readable characters. It can be considered that the control unit 1007 performs control so as to obtain the personal information storage unit management code 1200.
  • the terminal-to-terminal communication control code 1400 acquires the identification information of the personal information storage unit 2000 from the personal information storage terminal 2 through the short-range communication unit 1004, and transmits and receives requests and responses to the personal information storage unit 2000. And is executed by the control unit 1007.
  • the inter-terminal communication control code 1400 may be, for example, a service, daemon, application, driver, or a combination thereof.
  • the control unit 1007 may control the inter-terminal communication control code 1400 so as to appropriately specify a communication unit to be used as the short-range communication unit 1004 with reference to the inter-terminal communication selection information 1401 described later as necessary. .
  • As information stored in the terminal-to-terminal communication selection information 1401 for example, information indicating the network communication unit 1005, the proximity communication unit 1008, the wired communication unit 1009, and the like can be stored.
  • FIG. 5 is a diagram illustrating an example of information stored in the storage unit 2006 of the personal information storage terminal 2.
  • the storage unit 2006 includes a personal information storage unit management code 2200, personal information storage unit identification information 2300, an inter-terminal communication control code 2400, an inter-terminal communication selection information 2401, and a virtual personal information storage unit 2500.
  • the personal information storage unit management code 2200 is personal information storage unit identification information that is necessary for the personal information storage unit use application 1101 of the information terminal 1 to use the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing 2300, and is executed by the control unit 2007.
  • the control unit 2007 collects information related to the personal information storage unit management code 2200, information related to the personal information storage unit 2000 and the personal information storage unit communication unit 2020, and creates and updates personal information storage unit identification information 2300 described later. To control.
  • a service, daemon, application, driver, etc. operating in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, a combination thereof.
  • services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
  • Personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • the control unit 2007 may store each information in association with the management ID.
  • the control unit 2007 uses the personal information storage unit use application 1101 of the information terminal 1, for example, a management ID or a character string of readable characters stored in the personal information storage unit identification information 2300 that can identify the personal information storage unit 2000 or the like. It is conceivable to perform control so as to acquire information including the information from the personal information storage unit management code 1200 via the short-range communication unit 2004, the short-range communication unit 1004, and the like.
  • the inter-terminal communication control code 2400 is an execution code for transmitting and receiving a request and response from the information terminal 1 to the personal information storage unit 2000 via the short-range communication unit 2004, and is executed by the control unit 2007.
  • the control unit 2007 also has a role of controlling the inter-terminal communication control code 2400 to transmit information stored in the personal information storage unit identification information 2300 to the information terminal 1 through the short-range communication unit 2004.
  • the inter-terminal communication control code 2400 may be, for example, a service, a daemon, an application, a driver, or a combination thereof.
  • the control unit 2007 may control the inter-terminal communication control code 2400 to refer to inter-terminal communication selection information 2401, which will be described later, as necessary, and to appropriately specify a communication unit used as the short-range communication unit 2004. .
  • information stored in the terminal-to-terminal communication selection information 2401 for example, information indicating the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, and the like may be stored.
  • the virtual personal information storage unit 2500 stores various information related to the personal information storage terminal 2.
  • the virtual personal information storage unit 2500 may be an execution code in which means for acquiring various types of information from the personal information storage terminal 2 are collected.
  • Various information of the personal information storage terminal 2 includes, for example, a terminal ID, position information acquired by the position information acquisition unit 2011, acceleration information acquired by the sensor unit 2010 and other environment information, or a login history and a storage file system.
  • General information stored in the unit 2006 can be considered. Therefore, the control unit 2007 uses the same software as the personal information storage unit 2000 for the virtual personal information storage unit 2500 for general information related to the personal information storage terminal 2 as well as personal information used for personal authentication. Can be accessed through the interface.
  • Various data may be managed in association with the data ID.
  • the virtual personal information storage unit 2500 may be inside the storage unit 2006, or may have an independent configuration as an external module.
  • the personal information storage terminal 2 selects and sends either the first identification information 2300 for the personal information storage unit or the second identification information for the information storage unit 2500 to the information terminal 1
  • the information terminal 1 requests to acquire the information stored in the personal information storage terminal 2 from the information storage unit 2500
  • the information stored in the personal information storage terminal 2 is acquired based on the second identification information.
  • an embodiment for sending to the information terminal 1 can be realized.
  • “virtual” in the virtual personal information storage unit 2500 does not necessarily provide a dedicated information storage unit as the virtual personal information storage unit 2500, but for example a software storage unit (for example, RAM) used by the control unit 2007 This means that an information storage unit may be designated and provided within a predetermined address range.
  • the information stored in the virtual personal information storage unit 2500 there are an embodiment in which the information is transmitted to the information terminal 1 and an embodiment in which the information is not transmitted. For example, in the embodiment in which the information terminal 1 determines when the information terminal 1 determines whether or not to log out of the information server 3 using the position information and acceleration information, the information is stored in the virtual personal information storage unit 2500. At least a part of the information is transmitted to the information terminal 1.
  • the storage unit 2006 may also include an application storage unit and an application using a personal information storage unit, similar to the storage unit 1006.
  • the application using the personal information storage unit in the storage unit 2006 executes processing related to personal authentication using information based on the personal information stored in the personal information storage unit 2000, for example, represented by an encryption key. .
  • the PIN number input by the user using the input unit 2002 is authenticated by using the personal information storage unit 2000 or the like.
  • authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are used. It is conceivable to acquire the authentication information and send the authentication information via the network communication unit 2005.
  • FIG. 6 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2000. Before connecting to the information server 3, the information terminal 1 acquires identification information for using the personal information storage unit 2000 from the personal information storage terminal 2 and performs necessary settings.
  • the control unit 1007 uses the personal information storage unit management code 1200 to store the personal information storage unit 1000 or the personal information storage unit communication unit built in or connected to the information terminal 1. Information is collected from 1020 and personal information storage unit identification information 1300 is updated (S101). At this time, if the personal information storage unit 1000 is not found, the personal information storage unit identification information 1300 may be empty.
  • the control unit 1007 confirms the existence of the personal information storage terminal 2 through the short-range communication unit 1004 using the inter-terminal communication control code 1400 (S102). If the personal information storage terminal 2 is not found, the process returns to S102 again, and loops and waits until the personal information storage terminal 2 is found.
  • the control unit 1007 sends a request for obtaining information stored in the personal information storage unit identification information 2300 to the personal information storage terminal 2 and receives a reply described later (S103).
  • the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 may operate in parallel by managing the operating system of the information terminal 1 or the like. Accordingly, when the execution order of S101 and S102 is reversed, the control unit 1007 may acquire the personal information storage unit identification information 2300 at that time in S102, or from S202 until the processing of S101 is completed. You may wait for a reply to the request.
  • the control unit 2007 uses the personal information storage unit management code 2200 to store the personal information storage unit 2000 built in or connected to the personal information storage terminal 2, the personal information Information is collected from the storage unit communication unit 2020 or the virtual personal information storage unit 2500, and the personal information storage unit identification information 2300 is updated (S201). At this time, if the personal information storage unit 2000, the virtual personal information storage unit 2500, etc. are not found, the personal information storage unit identification information 2300 may be empty.
  • the control unit 2007 acquires the request sent in S103 through the short-range communication unit 2004 using the inter-terminal communication control code 2400, and the personal information is stored in the personal information storage unit identification information 2300.
  • Acquire information such as the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal terminal information storage unit 2500 built in or connected to the storage terminal 2, and return to the information terminal 1 through the short-range communication unit 2004 Is transmitted (S202).
  • the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 may operate in parallel by managing the operating system of the personal information storage terminal 2 or the like.
  • the control unit 2007 may acquire the personal information storage unit identification information at that time in S202, or the request from S202 until the processing of S201 is completed. You may wait for a reply to.
  • the control unit 1007 When the response is acquired from the personal information storage terminal 2 in S103, the control unit 1007 notifies the personal information storage unit management code 1200 of the newly acquired identification information using the inter-terminal communication control code 1400, and the personal information storage terminal 2 while waiting for communication with 2.
  • the control unit 1007 uses the received personal information storage unit management code 1200 to update the personal information storage unit identification information 1300 based on the information acquired by the personal information storage unit management code 1200 (S104). Notification from the terminal-to-terminal communication control code 1400 to the personal information storage unit management code 1200 may be performed directly between them, or may be performed through other software such as an operating system.
  • personal information storage unit identification information 1300 includes personal information storage unit 1000 of information terminal 1, personal information storage unit 2000 of personal information storage terminal 2, virtual personal information storage unit 2500, and the like. In any case, the identification information is stored so that it can be used from the personal information storage unit use application 1101 in the same procedure.
  • the control unit 1007 uses the personal information storage unit use application 1101 as part of the startup process after turning on the information terminal 1 or triggered by the input of the PIN number by the user from the input unit 1002, for example. Start processing.
  • the control unit 1007 obtains the identification information stored in the personal information storage unit 1300 by inquiring the personal information storage unit management code 1200 after performing predetermined initial processing using the personal information storage unit utilization application 1101. (S105). If the desired personal information storage unit does not exist in the personal information storage unit identification information 1300 or cannot be used for some reason, the personal information storage unit utilization application 1101 may repeat the inquiry until it can be used.
  • the identification information returned from the personal information storage unit management code 1200 in S105 may include information including a management ID that can identify the personal information storage unit 2000 or the like or a character string of readable characters.
  • S105 may be a PC / SC standard SCardListReaders function.
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the acquired identification information ( S106).
  • the request is transmitted to the personal information storage unit 2000 of the personal information storage terminal 2.
  • the request received by the personal information storage unit management code 1200 is transferred to the terminal-to-terminal communication control code 1400, and further transmitted from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 passes the request to the personal information storage unit 2000 based on the personal information storage unit identification information 2300 using the personal information storage unit management code 2200, and obtains a response (S203).
  • the reply follows the reverse route, and is passed to the personal information storage application 1101 (S106).
  • the exchange between the personal information storage unit use application 1101 and the personal information storage unit management code 1200 may be, for example, a PC / SC standard SCardTransmit function.
  • FIG. 6 is an embodiment in which the information terminal 1 updates the personal information storage unit identification information 1300 of the information terminal 1 in S104 using the identification information acquired from the personal information terminal 2 in S103.
  • a method of selecting and using either the identification information acquired in S101 immediately after power-on or the identification information acquired from the personal information terminal 2 in S103, and the user inputs from the input unit 1002 A method for selecting any one of the above-described identification information based on the obtained information is also conceivable as an embodiment. Both are in the category of this embodiment.
  • FIG. 7 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1 and the storage unit 2006 of the personal information storage terminal 2.
  • the storage unit 1006 includes personal information storage unit identification information 1300.
  • the personal information storage unit identification information 1300 stores information of the personal information storage unit 1000 collected by the personal information storage unit management code 1200 and identification information regarding the personal information storage terminal 2 as one personal information storage unit. It is an area.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • each may be stored in association with the management ID.
  • the control unit 1007 uses the personal information storage unit use application 1101, for example, a management ID or readable character stored in the personal information storage unit identification information 1300 that can identify the personal information storage unit 1000 or the personal information storage terminal 2. It is conceivable to acquire information including the character string from the personal information storage unit management code 1200.
  • FIG. 7 differs from FIG. 4 in that the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2.
  • Each of the personal information storage units 2000 included in the personal information storage terminal 2 is not managed individually.
  • the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1 but supplies only necessary identification information to improve security. Aiming to do.
  • the storage unit 2006 includes personal information storage unit identification information 2300.
  • the personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 in association with the switching information.
  • the switching information at least one of the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal information storage unit 2500 existing in the personal information storage terminal 2 is valid, and the others are invalid. This is information indicating this. The meaning of the validity and invalidity indicated by the information will be described later.
  • a storage method a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When information such as the personal information storage unit 2000 is stored, each may be stored in association with the management ID.
  • the identification information indicating the personal information storage terminal 2 in the personal information storage unit identification information 1300 may exist in the personal information storage unit identification information 1300 regardless of whether the personal information storage terminal 2 exists. . In this case, if the personal information storage terminal 2 is not communicable with the information terminal 1 or there is no personal information storage section that is valid in the personal information storage section identification information 2300 of the personal information storage terminal 2. In this case, for example, when the control unit 1007 attempts to use the personal information storage terminal 2 using the personal information storage unit use application 1101, the control unit 1007 has a desired personal information storage unit. It can be detected that it cannot be used.
  • FIG. 7 when there are two pieces of identification information, that is, the first identification information managed by the management ID 2101 and the second identification information managed by the management ID 2102, one of them is selected and the storage unit 2006 is selected. In particular, when switching information indicating whether it is valid or invalid is added as shown in FIG. 7, one of them is selected based on the switching information.
  • An embodiment in which the user of the information terminal 1 sets the switching information using the input unit 1002 can also be considered.
  • FIG. 8 to be described next an example of processing will be described on the assumption that the identification information of the personal information storage terminal 2 is always present in the personal information storage unit identification information 1300. By doing in this way, the information terminal 1 does not need to acquire the identification information of the personal information storage terminal 2 by communication, and the personal information storage unit 1000 is one individual who also has information stored in the personal information storage terminal 2 It can be handled uniformly as an information storage unit.
  • FIG. 8 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2.
  • the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the inter-terminal communication control code 2400 of the personal information storage terminal 2 does not execute S202. That is, in the example of FIG. 8, unlike FIG. 6, the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1.
  • the information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 in the same manner as in the example of FIG. Initially, all may be invalidated, or any personal information storage unit 2000 may be validated. Alternatively, the switching information immediately before turning off the power may be stored as it is.
  • the terminal-to-terminal communication control code 2400 of the personal information storage terminal 2 enables the personal information storage unit management code 2200 to validate at least one of the identification information of the personal information storage unit identification information 2300 and invalidate the other.
  • a request is made (S204).
  • that the personal information storage unit is valid means that the information terminal 1 can use the personal information storage unit via the short-range communication 1004, and that the personal information storage unit is invalid. Indicates that the information terminal 1 cannot use the personal information storage unit via the short-range communication unit 1004.
  • FIG. 8 shows an embodiment in which the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1, and the personal information storage terminal 2 is requested for identification information from the information terminal 1.
  • the personal information storage unit identification information 2300 only specific identification information is supplied from the personal information storage unit identification information 2300. Enabling at least one of the identification information means that the personal information storage terminal 2 determines which identification information is to be supplied to the information terminal 1. As a result, as shown in FIG. 6, the security can be improved and the processing time can be shortened as compared with the case where the personal information storage unit identification information 2300 itself is exchanged in S103 and S202.
  • the timing at which S204 is executed may be triggered by selection by the user using the display unit 2001 and the input unit 2002. Alternatively, it may be included in the startup process. Alternatively, an input from the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, acceleration information acquired from the sensor unit 2010, position information acquired from the position information acquisition unit 2011, or the like may be triggered.
  • the personal information storage unit management code is set so that all the switching information of the personal information storage unit identification information 2300 is invalidated when there is a change exceeding a predetermined threshold in acceleration information or position information. It can be requested.
  • the switching information of one specific personal information storage unit is switched between valid and invalid by the input from the proximity communication unit 2008, or the personal information storage unit to be valid is in a predetermined order. It is conceivable that a determination is made in step S204 such that the personal information storage unit management code 2200 is appropriately requested.
  • a specific operation when the user moves away from the information terminal 1, if the user supplies an instruction using the input unit 2002 to the information terminal 1 and sets all the switching information to be invalid, the information terminal The possibility of 1 being used by a third party can be reduced, and there is an effect of improving security.
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 8, transmission of a request to the personal information storage terminal 2 is illustrated.
  • the control unit 1007 passes the request received by the personal information storage unit management code 1200 to the inter-terminal communication control code 1400, and further sends the request from the inter-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 uses the personal information storage unit management code 2200 to pass the request to the personal information storage unit for which the switching information of the personal information storage unit identification information 2300 is valid, and obtains a response (S206).
  • the reply follows the reverse route, and is passed to the personal information storage application 1101 (S106). If there is no personal information storage unit in which the switching information is valid in S206, the personal information storage unit utilization application 1101 is notified as an error as a response in S106.
  • FIG. 9 is a diagram illustrating an example of the configuration of information stored in the storage unit of the information terminal and the storage unit of the personal information storage terminal and the personal information storage unit.
  • the configuration of the storage unit 1006 of the information terminal 1 is the same as that in FIG. That is, the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2.
  • the storage unit 2006 includes personal information storage unit identification information 2300.
  • the personal information storage unit identification information 2300 includes information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 and an application ID of a personal information storage application stored in the personal information storage unit 2000 described later. This is an area for storing in association with each other.
  • the control unit 2007 can know in which personal information storage unit 2000 the personal information storage application having a predetermined application ID is stored by referring to the personal information storage unit identification information 2300. This association may be given as a setting in advance, or may be appropriately collected by the control unit 2007 from the personal information storage unit 2000 using the personal information storage unit management code 2200.
  • As a storage method a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • each may be stored in association with the management ID.
  • the personal information storage unit 2000 has a personal information storage application.
  • the personal information storage unit 2000a includes a personal information storage application with an application ID “111111” and a personal information storage application with an application ID “222222”.
  • the personal information storage unit 2000b includes a personal information storage application with an application ID “333333” and a personal information storage application with an application ID “FFFFFF”.
  • the virtual personal information storage unit 2500 has an application ID “444444”.
  • the control unit 2007 refers to the personal information storage unit identification information 2300.
  • the control unit 2007 stores the personal information storage unit 2000a. You can see that you need to request.
  • the request is for the personal information storage application with the application ID “333333”, it is understood that the request may be made to the personal information storage unit 2000b.
  • an undefined application ID is associated with the personal information storage unit 2000b.
  • FIG. 9 shows the authentication identification information related to the first identification information acquired from the storage unit 2003 when the personal information storage terminal 2 is requested by the information terminal 1 for authentication information unique to the user of the information terminal 1.
  • the authentication information is acquired from the personal information storage unit based on (application ID) or authentication identification information (application ID) related to the second identification information. For example, when two information terminals 1a and 1b communicate with the personal information storage terminal 2, it is possible to determine which information is supplied to each information terminal based on the application ID.
  • FIG. 10 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2.
  • the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the control unit 2007 of the personal information storage terminal 2 does not execute S202. This is the same as the example of FIG.
  • S201 information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 as in the example of FIG. Correlate with.
  • This association may be given as a setting in advance, or the personal information storage unit management code 2200 may be appropriately collected from the personal information storage unit 2000 or the like.
  • the association immediately before turning off the power may be stored as it is.
  • it may be triggered by the fact that the personal information storage unit 2000 of the independent module has become communicable from the personal information storage terminal 2.
  • a method of acquiring the application ID from the personal information storage unit a method of acquiring directory information or registry information possessed by the personal information storage unit, or a method of acquiring a partial selection of the application ID is stored inside the personal information storage unit. It is possible to examine all the applications that have been checked. In the example of FIG. 10, it is not necessary to explicitly select the personal information storage unit, so that it is not necessary to execute S204, but it may be executed in combination with the configuration examples shown in FIGS. .
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 10, transmission of a request to the personal information storage terminal 2 is illustrated.
  • the control unit 1007 transfers the request received by the personal information storage unit management code 1200 to the terminal-to-terminal communication control code 1400, and further sends the request from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 refers to the application ID included in the request using the personal information storage unit management code 2200, and selects a predetermined personal information storage unit based on the identification information of the personal information storage unit identification information 2300 ( (S207) After receiving the request, a response is obtained (S203). The reply follows the reverse route, and is passed to the personal information storage application 1101 (S106).
  • a request including an application ID comes at the top of a series of requests.
  • the first request including the application ID is transmitted to a specific personal information storage unit or the like and returns a result indicating success, a series of subsequent requests are transmitted continuously to the personal information storage unit that transmitted the request first.
  • the process of selecting the personal information storage unit that is the transmission destination of the request in S207 is performed by the top request including the application ID, and thereafter, it can be transmitted to the same personal information storage unit until a series of requests are completed. Conceivable.
  • a request including an application ID a SELECT FILE command defined in ISO7816 can be considered.
  • the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 mutually authenticate each other before exchanging information with each other. May be confirmed to be reliable executable code.
  • the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 are mutually authenticated in advance when exchanging information with each other, thereby confirming that they are mutually reliable execution codes. Also good.
  • the terminal-to-terminal communication control code 1400 and the terminal-to-terminal communication control code 2400 are mutually reliable terminals by performing mutual authentication in advance. You may confirm.
  • FIG. 11 is a diagram illustrating an example of an authentication process between the information terminal 1 and the information server 3. Portions showing the same processing contents as those in the examples of FIGS. 6, 8, and 10 may be given the same numbers and description thereof may be omitted.
  • the information terminal 1 transmits a request for authentication to the personal information storage terminal 2 using the personal information storage unit use application 1101 (S107).
  • the personal information storage terminal 2 that has received the request transmits the request to the personal information storage unit, and returns the obtained authentication information as a result to the information terminal 1 (S208).
  • the processing of S107 and S208 can be executed by the same route as S106 and S203 of FIGS. 6, 8, and 10, or S206 and S207, for example.
  • the information terminal 1 transmits the obtained authentication information to the information server 3 (S108), the information server 3 authenticates the received authentication information, and returns the result to the information terminal 1 (S301).
  • Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit.
  • Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor.
  • Information such as programs, tables, and files for realizing each function can be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
  • a program or the like for realizing each function is copied to a server or the like and provided to the information terminal 1, the personal information storage terminal 2 and other terminals, devices, equipment, etc.
  • control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
  • Information terminal 1: Information terminal
  • 90: Near field communication 91: Network
  • 1000: Personal information storage 2000: Personal information storage.

Abstract

There is demand for an information terminal owned by an individual to be utilized as an individual identification means. An information terminal comprising: a first communications unit that communicates with a first individual information storage unit storing individual information; a storage unit for storing first identification information for communications with the first individual information storage unit; a second communications unit that communicates with an individual information storage terminal; and a third communications unit that communicates with an information server. The information terminal: obtains second identification information for identifying a second individual information storage unit electrically connected to the individual information storage terminal from the second communications means; selects either the first identification information or the second identification information; obtains verification information based on individual information from the first or the second individual information storage unit, on the basis of the selected identification information; and transmits same from the third communications unit.

Description

情報端末および個人情報格納端末Information terminal and personal information storage terminal
 本発明は、情報端末および個人情報格納端末に係り、特にセキュリティを向上した情報端末および個人情報格納端末に関する。 The present invention relates to an information terminal and a personal information storage terminal, and more particularly to an information terminal and a personal information storage terminal with improved security.
 特許文献1には、携帯電話を認証に用いる手段として「本人認証用データが蓄積されたICタグを備える携帯電話を提供する。」と記載されている。 Patent Document 1 describes “providing a mobile phone including an IC tag in which personal authentication data is stored” as means for using the mobile phone for authentication.
特開2005-109766号公報JP 2005-109766 A
 近年、携帯電話やスマートフォン等の個人端末の普及により、個人端末を個人識別の手段として利用することが求められている。しかしながら、特許文献1に記載の携帯電話および本人認証システムにおいては、所有者がログインした状態で携帯電話を外部に置き忘れ、また他人に盗まれた場合には、他人が所有者になりすまして使用できるという、セキュリティに係る課題がある。
  そこで本発明は、セキュリティを向上した個人情報格納端末および情報端末を提供することを目的とする。 In recent years, with the widespread use of personal terminals such as mobile phones and smartphones, it has been required to use personal terminals as means for personal identification. However, in the mobile phone and the personal authentication system described in Patent Document 1, if the mobile phone is left in the logged-in state and the mobile phone is left outside and stolen by another person, the other person can impersonate the owner. There are security issues.
Therefore, an object of the present invention is to provide a personal information storage terminal and an information terminal with improved security.
 上記課題を解決するために、例えば特許請求の範囲に記載の構成を採用する。
  本願に係る発明は上記課題を解決する手段を複数含んでいるが、その一例を挙げるならば、「情報を格納する情報サーバと、当該情報サーバに対してユーザの個人情報に基づく認証を行って前記情報を授受する情報端末と、ユーザの前記個人情報を格納する個人情報格納端末とを有する情報システムにおける前記した情報端末であって、前記個人情報が格納され前記情報端末に接続された個人情報格納部に対し前記個人情報を授受する第1の通信部と、当該第1の通信部が前記個人情報格納部と前記個人情報を授受するための第1の識別情報を記憶する記憶部と、前記個人情報格納端末と前記個人情報を通信する第2の通信部と、前記情報サーバとネットワークを介して通信する第3の通信部と、前記情報端末の動作を制御する制御部を有し、当該制御部は、前記第2の通信部を介し前記個人情報格納端末に格納された前記情報端末のユーザに固有な第2の識別情報を前記個人情報格納端末から取得し、前記第1の識別情報、または、第2の識別情報のいずれかを選択し、前記情報端末のユーザに固有な認証情報を、前記第1の識別情報に基づき前記情報端末に備えられた個人情報格納部から取得し、または、前記第2の識別情報に基づき前記個人情報格納端末から取得し、取得した認証情報を前記第3の通信部を介し前記情報サーバへ送出するように制御すること」を特徴とする。 In order to solve the above problems, for example, the configuration described in the claims is adopted.
The invention according to the present application includes a plurality of means for solving the above-described problems. For example, “an information server for storing information and authentication based on the user's personal information to the information server are performed. The above-described information terminal in an information system having an information terminal for sending and receiving the information and a personal information storage terminal for storing the personal information of the user, wherein the personal information is stored and connected to the information terminal A first communication unit for sending / receiving the personal information to / from a storage unit; and a storage unit for storing first identification information for the first communication unit to exchange personal information with the personal information storage unit; A second communication unit that communicates the personal information with the personal information storage terminal; a third communication unit that communicates with the information server via a network; and a control unit that controls the operation of the information terminal. The control unit acquires, from the personal information storage terminal, second identification information unique to a user of the information terminal stored in the personal information storage terminal via the second communication unit, and the first identification Information or second identification information is selected, and authentication information unique to the user of the information terminal is acquired from the personal information storage unit provided in the information terminal based on the first identification information. Alternatively, it is acquired from the personal information storage terminal based on the second identification information, and the acquired authentication information is controlled to be transmitted to the information server via the third communication unit ”.
 本発明によれば、セキュリティを向上した個人情報格納端末および情報端末を提供することができるという効果がある。
  上記した以外の課題、構成および効果は、以下の実施形態の説明により明らかにされる。 According to the present invention, it is possible to provide a personal information storage terminal and an information terminal with improved security.
Problems, configurations, and effects other than those described above will become apparent from the following description of embodiments.
情報端末と個人情報格納端末を用いた認証システムの一例を示す図である。It is a figure which shows an example of the authentication system using an information terminal and a personal information storage terminal. 情報端末および個人情報格納端末の機能構成の一例を示す図である。It is a figure which shows an example of a function structure of an information terminal and a personal information storage terminal. 情報端末および個人情報格納端末の機能構成の一例を示す図である。It is a figure which shows an example of a function structure of an information terminal and a personal information storage terminal. 情報端末の記憶部に格納される情報の一例を示す図である。It is a figure which shows an example of the information stored in the memory | storage part of an information terminal. 個人情報格納端末の記憶部に格納される情報の構成の一例を示す図である。It is a figure which shows an example of a structure of the information stored in the memory | storage part of a personal information storage terminal. 情報端末が個人情報格納部を使用する処理の一例を示す図である。It is a figure which shows an example of the process which an information terminal uses a personal information storage part. 情報端末の記憶部および個人情報格納端末の記憶部に格納される情報の一例を示す図である。It is a figure which shows an example of the information stored in the memory | storage part of an information terminal, and the memory | storage part of a personal information storage terminal. 情報端末が個人情報格納部を使用する処理の一例を示す図である。It is a figure which shows an example of the process which an information terminal uses a personal information storage part. 情報端末の記憶部および個人情報格納端末の記憶部に格納される情報および個人情報格納部の構成の一例を示す図である。It is a figure which shows an example of the structure of the information stored in the memory | storage part of an information terminal, and the memory | storage part of a personal information storage terminal, and a personal information storage part. 情報端末が個人情報格納部を使用する処理の一例を示す図である。It is a figure which shows an example of the process which an information terminal uses a personal information storage part. 情報端末と情報サーバとの認証処理の一例を示す図である。It is a figure which shows an example of the authentication process with an information terminal and an information server.
 以下、本発明に係る実施例について図を用いて説明する。
  本実施例では、情報端末が個人情報格納端末の個人情報を使用するために必要な処理の具体的な例について説明する。なお、前記した個人情報とは、例えば秘密情報である暗号鍵を意味する。また後記するように、個人情報は情報端末が情報サーバにログインする際に必要な情報である。 Embodiments according to the present invention will be described below with reference to the drawings.
In this embodiment, a specific example of processing necessary for the information terminal to use the personal information stored in the personal information storage terminal will be described. The above-mentioned personal information means, for example, an encryption key that is secret information. As will be described later, the personal information is information necessary when the information terminal logs into the information server.
  まず、第1の実施形態について、図1乃至図6を用いて説明する。
  図1は、情報端末と個人情報格納端末を用いた認証システムの一例を示す図である。本発明にかかる認証システムは、情報端末1と、個人情報格納端末2とが、通信90により接続され、さらに、情報端末1と、情報サーバ3が、ネットワーク91で接続されている。なお、以下において、情報端末1および個人情報格納端末2を区別する必要がない場合には、これらを単に端末と言う場合がある。また、一の構成要素と他の構成要素とを区別する必要がある場合には、一方をa、他方をbとして表記する場合がある。例えば、一の情報端末1と他の情報端末1とを区別するときには、一方を情報端末1aとし、他方を情報端末1bとして表記する場合がある。 First, a first embodiment will be described with reference to FIGS.
FIG. 1 is a diagram illustrating an example of an authentication system using an information terminal and a personal information storage terminal. In the authentication system according to the present invention, the information terminal 1 and the personal information storage terminal 2 are connected by communication 90, and the information terminal 1 and the information server 3 are connected by a network 91. In the following, when there is no need to distinguish between the information terminal 1 and the personal information storage terminal 2, these may be simply referred to as terminals. When it is necessary to distinguish one constituent element from another constituent element, one may be expressed as a and the other as b. For example, when distinguishing between one information terminal 1 and another information terminal 1, there are cases where one is represented as an information terminal 1a and the other as an information terminal 1b.
 情報端末1は、情報を表示可能な表示手段、情報を入力可能な入力手段、他の装置や機器と通信可能な通信手段、および情報の演算が可能な演算手段等を有した端末であり、主として、ネットワーク91を介して情報サーバ3と通信を行う場合などに、通信90を通じて個人情報格納端末2から認証情報などを取得する。認証情報とは、情報端末1が情報サーバ3にログインする際に必要な情報であり、前記した個人情報の代表的な一例である。認証システムには複数の情報端末1が含まれていても良い。情報端末1としてはPC(Personal Computer)やシンクライアント端末(図1では情報端末1aとして例示)、あるいはタブレット端末(図1では情報端末1bとして例示)などが考えられるが、これに限るものではない。
  個人情報格納端末2は、情報を表示可能な表示手段、情報を入力可能な入力手段、他の装置や機器と通信可能な通信手段、および情報の演算が可能な演算手段等を有した端末であり、主として、通信90を通じて情報端末1に認証情報などを送信する。個人情報格納端末2としてはスマートフォンや携帯電話などが考えられるが、これに限るものではない。認証システムには複数の個人情報格納端末2が含まれていても良い。また、図に示してはいないが、個人情報格納端末2がネットワーク91に接続されていても何ら問題はない。 The information terminal 1 is a terminal having a display means capable of displaying information, an input means capable of inputting information, a communication means capable of communicating with other devices and devices, a computing means capable of calculating information, and the like. Authentication information and the like are acquired from the personal information storage terminal 2 through the communication 90 mainly when communicating with the information server 3 via the network 91. The authentication information is information necessary for the information terminal 1 to log in to the information server 3 and is a typical example of the personal information described above. The authentication system may include a plurality of information terminals 1. The information terminal 1 may be a PC (Personal Computer), a thin client terminal (illustrated as the information terminal 1a in FIG. 1), a tablet terminal (illustrated as the information terminal 1b in FIG. 1), but is not limited thereto. .
The personal information storage terminal 2 is a terminal having display means capable of displaying information, input means capable of inputting information, communication means capable of communicating with other apparatuses and devices, and arithmetic means capable of computing information. Yes, authentication information and the like are mainly transmitted to the information terminal 1 through the communication 90. The personal information storage terminal 2 may be a smartphone or a mobile phone, but is not limited thereto. The authentication system may include a plurality of personal information storage terminals 2. Although not shown in the figure, there is no problem even if the personal information storage terminal 2 is connected to the network 91.
 情報サーバ3は、ネットワーク91に接続されたサーバであり、ネットワーク91を介して情報端末1と通信を行う。情報サーバ3ではユーザが使用するシステムが動作しており、例えばシンクライアント端末を使用するためのシステムや、ユーザが企業などにおける仕事で使用する業務システムなどが動作していることが考えられる。特に図示しないが、情報サーバ3は情報端末1から認証情報を取得し、認証情報を検証した上で情報端末1や情報端末1のユーザが正当であると判断した場合に、情報端末1からのアクセスを許可する。また、ネットワーク91を介して個人情報格納端末2と通信を行っても良い。
  通信90は情報端末1と個人情報格納端末2が行う通信であり、Bluetooth(登録商標)、USB(Universal Serial Bus)、有線LAN(Local Area Network)、無線LAN、非接触ICカードの国際標準通信方式であるISO14443、接触ICカードの国際標準通信方式であるISO7816、NFC(Near Field Communication)、FeliCa(登録商標)、TransferJET(登録商標)などの通信方式による通信が考えられる。 The information server 3 is a server connected to the network 91 and communicates with the information terminal 1 via the network 91. The information server 3 is operated by a system used by the user. For example, a system for using a thin client terminal or a business system used by a user for work in a company or the like may be operating. Although not shown in particular, the information server 3 obtains authentication information from the information terminal 1, verifies the authentication information, and determines that the information terminal 1 or the user of the information terminal 1 is valid. Allow access. Further, communication with the personal information storage terminal 2 may be performed via the network 91.
The communication 90 is communication performed by the information terminal 1 and the personal information storage terminal 2, and is an international standard communication of Bluetooth (registered trademark), USB (Universal Serial Bus), wired LAN (Local Area Network), wireless LAN, and contactless IC card. Communication using a communication system such as ISO14443, an international standard communication system for contact IC cards, ISO7816, NFC (Near Field Communication), FeliCa (registered trademark), TransferJET (registered trademark), or the like can be considered.
 ネットワーク91はインターネット・プロトコル等を使用するWAN(Wide Area Network)、有線LAN、無線LAN、LTE(Long Term Evolution)、HSPA(High Speed Packet Access)、およびWiMAX(Worldwide Interoperability for Microwave Access)等の通信ネットワークであり、情報端末1、情報サーバ3等を相互に接続し、情報を送受信する。あるいは個人情報格納端末2を含めて相互に接続していてもよい。なお、図1では情報端末1aと個人情報格納端末2との通信90を通信90a、情報端末1bと個人情報格納端末2との通信90を通信90b、として例示しているが、個人情報格納端末2が情報端末1aと情報端末1bの両方と通信することが必須なわけではなく、どちらか一方でよい。 The network 91 is a WAN (Wide Area Network) such as a WAN (Wide Area Network) using an Internet protocol, a wired LAN, a wireless LAN, LTE (Long Term Evolution Access), HSPA (High Speed Packet Access), and the like. It is a network, and the information terminal 1, the information server 3, etc. are connected to each other to transmit and receive information. Alternatively, the personal information storage terminal 2 may be connected to each other. In FIG. 1, the communication 90 between the information terminal 1a and the personal information storage terminal 2 is illustrated as the communication 90a, and the communication 90 between the information terminal 1b and the personal information storage terminal 2 is illustrated as the communication 90b. It is not indispensable that 2 communicates with both the information terminal 1a and the information terminal 1b.
 個人情報格納部1000、個人情報格納部2000は、情報端末1が情報サーバ3にアクセスするために必要な認証情報などを格納する。個人情報格納部1000や個人情報格納部2000は、ドングルやICカード、SDカード、SIMカードなど、情報端末1や個人情報格納端末2と独立したモジュールであってもよいし、あるいは、情報端末1や個人情報格納端末2の一部として組み込まれ、他のモジュールと結線などにより接続されていてもよい。独立したモジュールである場合は、情報端末1や個人情報格納端末2に接触させたり、挿入したり、近づけたりすることで通信し、認証情報等を、情報端末1や個人情報格納端末2に提供する。通信方式は、モジュールによって、USB、シリアル通信、Ethernet(登録商標)、ISO7816、SDカード規格に応じた通信、ISO14443、NFC、FeliCaなどが考えられる。あるいは、情報端末1や個人情報格納端末2に格納されたソフトウェアであってもよい。以降、個人情報格納部1000や個人情報格納部2000について、複数存在する場合に便宜的に個人情報格納部1000a、個人情報格納部1000b、といった名称で説明する場合があるが、これらが同一の構成や通信方式である必要は全くなく、例えば個人情報格納部1000aはSDカードで、個人情報格納部1000bがSIMカード、といった場合でも何ら問題はない。また、個人情報格納部1000や個人情報格納部2000、あるいはそれに順ずる構成要素などを特に区別する必要がない場合は、単に個人情報格納部と表記する場合がある。 The personal information storage unit 1000 and the personal information storage unit 2000 store authentication information and the like necessary for the information terminal 1 to access the information server 3. The personal information storage unit 1000 and the personal information storage unit 2000 may be a module independent of the information terminal 1 or the personal information storage terminal 2 such as a dongle, an IC card, an SD card, a SIM card, or the information terminal 1 Or as a part of the personal information storage terminal 2 and may be connected to other modules by connection or the like. When the module is an independent module, communication is performed by bringing the terminal into contact with, inserting, or approaching the information terminal 1 or the personal information storage terminal 2, and authentication information or the like is provided to the information terminal 1 or the personal information storage terminal 2. To do. Depending on the module, USB, serial communication, Ethernet (registered trademark), ISO7816, communication conforming to the SD card standard, ISO14443, NFC, FeliCa, etc. can be considered as the communication method. Alternatively, software stored in the information terminal 1 or the personal information storage terminal 2 may be used. Hereinafter, the personal information storage unit 1000 and the personal information storage unit 2000 may be described with names such as the personal information storage unit 1000a and the personal information storage unit 1000b for convenience when there are a plurality of the personal information storage unit 2000 and the personal information storage unit 2000. The personal information storage unit 1000a is an SD card and the personal information storage unit 1000b is a SIM card. In addition, when there is no need to particularly distinguish the personal information storage unit 1000, the personal information storage unit 2000, or constituent elements corresponding to the personal information storage unit 1000, the personal information storage unit 2000 may be simply referred to as a personal information storage unit.
 図1で示した実施形態のさらに具体的な例をあげると、次のような実施形態がある。情報端末1は家庭や職場に設けられたノートPC、或いはデスクトップPCであり、複数の人が共用しても良いが、最近は各個人に割り当てられている場合が多い。個人情報格納端末2は各個人のバッグや衣服のポケットに入れて持ち運ばれるスマートフォン、或いは携帯電話であり、各個人に割り当てられている場合が多い。ユーザは情報端末1であるノートPCと個人情報格納端末2であるスマートフォンを共に持ち運ぶので、情報端末1と個人情報格納端末2は互いに近距離に位置する。またユーザがデスクトップPCを情報端末1として使用する場合でも、例えばポケットの中に個人情報格納端末2であるスマートフォンを入れていることが多いので、情報端末1と個人情報格納端末2は互いに近距離に位置する。 More specific examples of the embodiment shown in FIG. 1 include the following embodiments. The information terminal 1 is a notebook PC or a desktop PC provided at home or at work, and may be shared by a plurality of people, but recently it is often assigned to each individual. The personal information storage terminal 2 is a smartphone or a mobile phone that is carried in each individual's bag or clothing pocket, and is often assigned to each individual. Since the user carries the notebook PC as the information terminal 1 and the smartphone as the personal information storage terminal 2 together, the information terminal 1 and the personal information storage terminal 2 are located at a short distance from each other. Even when a user uses a desktop PC as the information terminal 1, for example, a smartphone that is the personal information storage terminal 2 is often placed in a pocket, so the information terminal 1 and the personal information storage terminal 2 are close to each other. Located in.
 本実施例は、前記した特許文献1で開示される例とは異なり、個人情報を格納する装置として情報端末1とは別な装置である個人情報格納端末2を使用する。これにより、例えばユーザが情報端末1を置き忘れた際、盗まれた際に、第三者がユーザになりすまし情報端末1を利用することを困難にしてセキュリティを向上することを、本実施例は一つの特徴としている。また、情報端末1と個人情報格納端末2の双方を使用しているが、情報端末1と個人情報格納端末2は互いに近距離に位置することが多いので、情報端末1のユーザが情報サーバ3にログインするための個人情報を要求した際に、個人情報を取得できないような不具合が解消されることを、本実施例は一つの特徴としている。また、情報端末1のユーザが情報サーバ3にログインしている最中に情報端末1と個人情報格納端末2が互いに近距離に位置しなくなった場合には、セキュリティを損なう事象が発生することが考えられるので、必要に応じて、後記するように当該事象を解消してセキュリティを向上することも、本実施例は一つの特徴とすることができる。 Unlike the example disclosed in Patent Document 1 described above, this embodiment uses a personal information storage terminal 2 which is a device different from the information terminal 1 as a device for storing personal information. Thus, for example, when the user misplaces the information terminal 1 or is stolen, it is difficult for a third party to use the information terminal 1 pretending to be a user, and this embodiment improves security. It has one feature. Although both the information terminal 1 and the personal information storage terminal 2 are used, the information terminal 1 and the personal information storage terminal 2 are often located at a short distance from each other. One feature of the present embodiment is that the problem that personal information cannot be acquired when personal information for logging in is requested is solved. Further, if the information terminal 1 and the personal information storage terminal 2 are not located at a short distance while the user of the information terminal 1 is logged in to the information server 3, an event that impairs security may occur. Since this is conceivable, the present embodiment can also have one feature of improving security by eliminating the event as will be described later.
 図2は、情報端末1および個人情報格納端末2の機能構成の一例を示す図である。
  情報端末1は、個人情報格納部1000、表示部1001、入力部1002、電源供給部1003、近距離通信部1004、ネットワーク通信部1005、記憶部1006、制御部1007、近接通信部1008、および有線通信部1009を備え、これらがバス線などで結線されている。このうち個人情報格納部1000は図1で説明したので説明を省略する。なお、図2では個人情報格納部1000が情報端末1の内部にて他のモジュールと物理的に結線しているように示しているが、先に説明した通り、構成はこの限りではない。また、その他の各モジュールにおいても、必ずしもバス線により結線されている必要はなく、その他の方法で電気的に繋がっていても良いし、必要なモジュール同士のみが相互に接続されている構成でもかまわない。また、図2では、個人情報格納部1000が1つ存在しているが、2つ以上存在してもよいし、あるいは、情報端末1に個人情報格納部1000が存在せず個人情報格納端末2に個人情報格納部2000が1つ以上存在する構成であってもよい。情報端末1に個人情報格納部1000が存在しない場合には、ユーザが情報端末1を置き忘れた際のセキュリティ上の問題を低減することができる。即ち、情報端末1がログアウトされていたとしても、ユーザが使用する暗証番号(例えば後記するPIN番号)を盗み見などして知った第三者がユーザになりすまし情報端末1を使用するような、セキュリティ上の問題を低減することができる。 FIG. 2 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
The information terminal 1 includes a personal information storage unit 1000, a display unit 1001, an input unit 1002, a power supply unit 1003, a short-range communication unit 1004, a network communication unit 1005, a storage unit 1006, a control unit 1007, a proximity communication unit 1008, and a wired connection. A communication unit 1009 is provided, and these are connected by a bus line or the like. Of these, the personal information storage unit 1000 has been described with reference to FIG. Although FIG. 2 shows that the personal information storage unit 1000 is physically connected to other modules inside the information terminal 1, the configuration is not limited to this as described above. Also, other modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent. In FIG. 2, one personal information storage unit 1000 exists, but two or more personal information storage units 1000 may exist, or the personal information storage unit 1000 does not exist in the information terminal 1 and the personal information storage terminal 2 exists. The personal information storage unit 2000 may include one or more personal information storage units 2000. When the personal information storage unit 1000 does not exist in the information terminal 1, it is possible to reduce security problems when the user leaves the information terminal 1. That is, even if the information terminal 1 is logged out, the security is such that a third party who knows by stealing the password used by the user (for example, the PIN number described later) uses the information terminal 1 as the user. The above problem can be reduced.
 表示部1001は、液晶ディスプレイ、有機EL(Electro-Luminescence)ディスプレイ、および電子ペーパー等のパネル並びにドライバ回路等から構成され、制御部1007の制御下にて任意の情報(例えば、文字、静止画、および動画等)を表示する。なお、表示部1001は、それぞれ異なる情報を表示可能な複数のパネルを有していても良い。
  入力部1002は、キーボード、マウス、カーソルキー、およびテンキー等の一または複数を備え、ユーザの操作を受け付け、当該操作に基づいた入力信号を制御部1007に入力する。なお、音声認識、画像認識、またはジェスチャ認識等によって入力信号を生成し、制御部1007に入力するようにしても良い。なお、タッチパネルのように、表示部1001と入力部1002とが一体となった構成であっても良い。 The display unit 1001 includes a liquid crystal display, an organic EL (Electro-Luminescence) display, a panel such as electronic paper, a driver circuit, and the like. Under the control of the control unit 1007, arbitrary information (for example, characters, still images, And video). Note that the display unit 1001 may include a plurality of panels that can display different information.
The input unit 1002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 1007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 1007. Note that the display unit 1001 and the input unit 1002 may be integrated as in a touch panel.
 電源供給部1003は、バッテリ、ACアダプタ、および充電回路等から構成され、情報端末1の各部への電源供給や、バッテリへの充電を行う。情報端末1がバッテリ駆動されているか、ACアダプタ駆動されているかといった状態確認や、バッテリの残量確認を行う。
  近距離通信部1004は、情報端末1が個人情報格納端末2と通信を行うための要素であり、Bluetooth、USB、有線LAN、無線LAN、ISO14443、NFC、FeliCaなどの通信方式を実現するモジュールが考えられる。近距離通信部1004は、場合によって後述するネットワーク通信部1005や近接通信部1008、有線通信部1009と同一のモジュールであってもよい。 The power supply unit 1003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the information terminal 1 and charges the battery. Whether the information terminal 1 is driven by a battery or an AC adapter is checked, and the remaining battery level is checked.
The short-range communication unit 1004 is an element for the information terminal 1 to communicate with the personal information storage terminal 2, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable. The near field communication unit 1004 may be the same module as the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 described later depending on circumstances.
 ネットワーク通信部1005は、情報端末1がネットワーク91を介して情報サーバ3と通信を行うための機能であり、WAN、有線LAN、無線LAN、LTE、HSPA、およびWiMAX等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、ネットワーク通信部1005は、処理の一例において先述の近距離通信部1004が担う役割を代わって行ってもかまわない。この場合、ネットワーク通信部1005は、情報端末1が情報サーバ3と通信するためだけでなく、個人情報格納端末2と通信するためにも、合わせて用いられる。
  記憶部1006は、情報端末1に内蔵されるメモリ、または取り外し可能な外部メモリ等から構成され、各種の情報を記憶する。例えば、制御部1007が実行する動作制御用プログラムを記憶する。 The network communication unit 1005 is a function for the information terminal 1 to communicate with the information server 3 via the network 91, and a module for performing communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. Can be considered. Hereinafter, the network communication unit 1005 may perform the role of the above-described short-range communication unit 1004 in an example of processing, although not taken up and illustrated. In this case, the network communication unit 1005 is used not only for the information terminal 1 to communicate with the information server 3 but also for communicating with the personal information storage terminal 2.
The storage unit 1006 includes a memory built in the information terminal 1 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 1007 is stored.
 制御部1007は、CPU(Central Processiong Unit)、MPU(Micro Processiong Unit)、およびDSP(Digital Signal Processor)等から構成され、所定の動作制御用プログラムを実行するなどして、情報端末1全体の動作を制御する。
  近接通信部1008は、情報端末1が、他の端末や、外部モジュールとしての個人情報格納部1000と無線による近接通信を行うための機能であり、Bluetooth、ISO14443、NFC、FeliCa、およびTransferJET等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、近接通信部1008は、処理の一例において、先述の近距離通信部1004が担う役割を代わって行ってもかまわない。 The control unit 1007 is configured by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), and the like, and executes a predetermined operation control program and the like. To control.
The proximity communication unit 1008 is a function for the information terminal 1 to perform wireless proximity communication with other terminals and the personal information storage unit 1000 as an external module, such as Bluetooth, ISO14443, NFC, FeliCa, and TransferJET. A module for performing communication can be considered. Hereinafter, the proximity communication unit 1008 may perform the role played by the short-range communication unit 1004 described above in an example of processing, although it is not taken up and illustrated.
 有線通信部1009は、情報端末1が、他の端末や、外部モジュールとしての個人情報格納部1000と有線あるいは接触方式による通信を行うための機能であり、USB、シリアル通信、Ethernet、ISO7816等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、有線通信部1009は、処理の一例において、先述の近距離通信部1004が担う役割を代わって行ってもかまわない。
  なお、先述の無線通信機能は、アンテナ、および変復調回路等を含む。有線通信機能は、コネクタ、および変復調回路等を含む。近距離通信部1004、ネットワーク通信部1005、近接通信部1008、有線通信部1009は、それぞれが複数の通信方式に対応するよう構成されても良い。また、近距離通信部1004、ネットワーク通信部1005、近接通信部1008、有線通信部1009は、前記したように互いに役割を代わって行う場合には、その全てが備えられなくとも良い。 The wired communication unit 1009 is a function for the information terminal 1 to communicate with other terminals and the personal information storage unit 1000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816, etc. A module for performing communication can be considered. Hereinafter, although not illustrated, the wired communication unit 1009 may perform the role of the short-range communication unit 1004 described above in an example of processing.
The wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like. The wired communication function includes a connector, a modulation / demodulation circuit, and the like. The near field communication unit 1004, the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 may be configured to correspond to a plurality of communication methods. In addition, the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
 個人情報格納端末2は、個人情報格納部2000、表示部2001、入力部2002、電源供給部2003、近距離通信部2004、ネットワーク通信部2005、記憶部2006、制御部2007、近接通信部2008、有線通信部2009、センサ部2010、および位置情報取得部2011を備え、これらがバス線などで結線されている。このうち個人情報格納部2000は図1で説明したので説明を省略する。なお、図2では個人情報格納部2000が個人情報格納端末2の内部にて他のモジュールと物理的に結線しているように示しているが、先に説明した通り、構成はこの限りではない。また、その他の各モジュールにおいても、必ずしもバス線により結線されている必要はなく、その他の方法で電気的に繋がっていても良いし、必要なモジュール同士のみが相互に接続されている構成でもかまわない。また、図2では、個人情報格納部2000が複数存在し、それぞれ個人情報2000aと個人情報2000bとしているが、個人情報格納部は1つであってもよいし、あるいは3つ以上存在してもかまわない。 The personal information storage terminal 2 includes a personal information storage unit 2000, a display unit 2001, an input unit 2002, a power supply unit 2003, a near field communication unit 2004, a network communication unit 2005, a storage unit 2006, a control unit 2007, a proximity communication unit 2008, A wired communication unit 2009, a sensor unit 2010, and a position information acquisition unit 2011 are provided, and these are connected by a bus line or the like. Of these, the personal information storage unit 2000 has been described with reference to FIG. Although FIG. 2 shows that the personal information storage unit 2000 is physically connected to other modules within the personal information storage terminal 2, the configuration is not limited to this as described above. . Also, other modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent. In FIG. 2, there are a plurality of personal information storage units 2000, each of which is personal information 2000a and personal information 2000b. However, there may be one personal information storage unit or three or more personal information storage units. It doesn't matter.
 表示部2001は、液晶ディスプレイ、有機ELディスプレイ、および電子ペーパー等のパネル並びにドライバ回路等から構成され、制御部2007の制御下にて任意の情報(例えば、文字、静止画、および動画等)を表示する。なお、表示部2001は、それぞれ異なる情報を表示可能な複数のパネルを有していても良い。
  入力部2002は、キーボード、マウス、カーソルキー、およびテンキー等の一または複数を備え、ユーザの操作を受け付け、当該操作に基づいた入力信号を制御部2007に入力する。なお、音声認識、画像認識、またはジェスチャ認識等によって入力信号を生成し、制御部2007に入力するようにしても良い。なお、タッチパネルのように、表示部2001と入力部2002とが一体となった構成であっても良い。 The display unit 2001 includes a panel such as a liquid crystal display, an organic EL display, and electronic paper, a driver circuit, and the like. Under the control of the control unit 2007, arbitrary information (for example, characters, still images, and moving images) is displayed. indicate. Note that the display unit 2001 may include a plurality of panels capable of displaying different information.
The input unit 2002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 2007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 2007. Note that the display unit 2001 and the input unit 2002 may be integrated as in a touch panel.
 電源供給部2003は、バッテリ、ACアダプタ、および充電回路等から構成され、個人情報格納端末2の各部への電源供給や、バッテリへの充電を行う。個人情報格納端末2がバッテリ駆動されているか、ACアダプタ駆動されているかといった状態確認や、バッテリの残量確認を行う。
  近距離通信部2004は、個人情報格納端末2が情報端末1と通信を行うための機能であり、Bluetooth、USB、有線LAN、無線LAN、ISO14443、NFC、FeliCaなどの通信方式を実現するモジュールが考えられる。近距離通信部2004は、場合によって後述するネットワーク通信部2005や近接通信部2008、有線通信部2009と同一のモジュールであってもよい。 The power supply unit 2003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the personal information storage terminal 2 and charges the battery. The personal information storage terminal 2 is checked whether the battery is driven or the AC adapter is driven, and the remaining battery level is checked.
The short-range communication unit 2004 is a function for the personal information storage terminal 2 to communicate with the information terminal 1, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable. The near field communication unit 2004 may be the same module as the network communication unit 2005, the near field communication unit 2008, and the wire communication unit 2009, which will be described later.
 ネットワーク通信部2005は、個人情報格納端末2がネットワーク91を介して他の構成要素と通信を行うための機能であり、WAN、有線LAN、無線LAN、LTE、HSPA、およびWiMAX等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、ネットワーク通信部2005は、処理の一例において先述の近距離通信部2004が担う役割を代わって行ってもかまわない。この場合、ネットワーク通信部2005は、ネットワーク91を介して情報端末1と通信するため等に用いられることが考えられる。
  記憶部2006は、個人情報格納端末2に内蔵されるメモリ、または取り外し可能な外部メモリ等から構成され、各種の情報を記憶する。例えば、制御部2007が実行する動作制御用プログラムを記憶する。 The network communication unit 2005 is a function for the personal information storage terminal 2 to communicate with other components via the network 91, and performs communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. A module can be considered. Hereinafter, the network communication unit 2005 may be performed in place of the role played by the short-range communication unit 2004 described above in an example of processing, although not taken up and illustrated. In this case, the network communication unit 2005 may be used for communicating with the information terminal 1 via the network 91.
The storage unit 2006 includes a memory built in the personal information storage terminal 2 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 2007 is stored.
 制御部2007は、CPU、MPU、およびDSP等から構成され、所定の動作制御用プログラムを実行するなどして、個人情報格納端末2全体の動作を制御する。
  近接通信部2008は、個人情報格納端末2が、他の端末や、外部モジュールとしての個人情報格納部2000と無線による近接通信を行うための機能であり、Bluetooth、ISO14443、NFC、FeliCa、およびTransferJET等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、近接通信部2008は、処理の一例において、先述の近距離通信部2004が担う役割を代わって行ってもかまわない。 The control unit 2007 includes a CPU, an MPU, a DSP, and the like, and controls the entire operation of the personal information storage terminal 2 by executing a predetermined operation control program.
The proximity communication unit 2008 is a function for the personal information storage terminal 2 to perform wireless proximity communication with other terminals and the personal information storage unit 2000 as an external module. Bluetooth, ISO14443, NFC, FeliCa, and TransferJET A module for performing such communication is conceivable. Hereinafter, the proximity communication unit 2008 may be performed in place of the role played by the above-described short-range communication unit 2004 in an example of processing, though not taken up and illustrated.
 有線通信部2009は、個人情報格納端末2が、他の端末や、外部モジュールとしての個人情報格納部2000と有線あるいは接触方式による通信を行うための機能であり、USB、シリアル通信、Ethernet、ISO7816等の通信を行うためのモジュールが考えられる。以下、取り上げて図示したりはしないが、有線通信部2009は、処理の一例において、先述の近距離通信部2004が担う役割を代わって行ってもかまわない。
  なお、先述の無線通信機能は、アンテナ、および変復調回路等を含む。有線通信機能は、コネクタ、および変復調回路等を含む。近距離通信部2004、ネットワーク通信部2005、近接通信部2008、有線通信部2009は、それぞれが複数の通信方式に対応するよう構成されても良い。また、近距離通信部1004、ネットワーク通信部1005、近接通信部1008、有線通信部1009は、前記したように互いに役割を代わって行う場合には、その全てが備えられなくとも良い。 The wired communication unit 2009 is a function that allows the personal information storage terminal 2 to communicate with other terminals and the personal information storage unit 2000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816. A module for performing such communication is conceivable. Hereinafter, although not taken up and illustrated, the wired communication unit 2009 may be performed in place of the role of the short-range communication unit 2004 described above in an example of processing.
The wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like. The wired communication function includes a connector, a modulation / demodulation circuit, and the like. The near field communication unit 2004, the network communication unit 2005, the near field communication unit 2008, and the wired communication unit 2009 may each be configured to support a plurality of communication methods. In addition, the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
 センサ部2010は、個人情報格納端末2の加速度に関する情報(以下、加速度情報)等を取得する等の機能を有する。取得した加速度情報から、個人情報格納端末2の状態(回転、落下、および振動等)を検出できる。また、センサ部2010は、加速度に関する情報だけではなく、温度や湿度、映像、光量、風量、におい、音など、個人情報格納端末2が置かれた種々の環境情報をデータとして取り込む機能を有していてもよい。
  位置情報取得部2011は、GPS(Global Positioning System)、IMES(Indoor Messaging System)、または無線LAN等により、個人情報格納端末2の現在位置を示す情報である(以下、位置情報)を取得する。 The sensor unit 2010 has a function of acquiring information related to acceleration of the personal information storage terminal 2 (hereinafter, acceleration information) and the like. From the acquired acceleration information, the state (rotation, drop, vibration, etc.) of the personal information storage terminal 2 can be detected. The sensor unit 2010 has a function of capturing not only information relating to acceleration but also various environmental information in which the personal information storage terminal 2 is placed such as temperature, humidity, video, light quantity, air volume, smell, sound and the like as data. It may be.
The location information acquisition unit 2011 acquires information indicating the current location of the personal information storage terminal 2 (hereinafter, location information) by GPS (Global Positioning System), IMES (Indoor Messaging System), wireless LAN, or the like.
 センサ部2010、位置情報取得部2011は、必要に応じて例えば次のような目的で設けられる。例えばPCである情報端末1のユーザが、例えばポケットにスマートフォンである個人情報格納端末2を入れ、情報サーバ3にログインしていたとする。次に、用件が発生して情報サーバ3からログアウトすることなく、ユーザが情報端末1から離れたとする。この際、第三者がユーザになりすまして情報端末1を操作する可能性があり、セキュリティ上の問題が発生する。
  この際に、前記したユーザの動きは、例えばセンサ部2010が個人情報格納端末2に与えられる加速度を取得し、または位置情報取得部2011が個人情報格納端末2の現在位置を取得すれば、制御部2007は前記したユーザの動きを検出することができる。これにより、制御部2007はネットワーク通信部1005を介して情報サーバ3に対して、ログアウトを指示することができ、セキュリティを向上することができる。もちろん、情報端末1と個人情報格納端末2の間の距離が遠くなることで、近距離通信部1004と2004の間の通信が不可能となれば第三者の使い道は大幅に制限される。しかし、通信が途絶えない場合には、本実施例が大きな効果を発揮する。これは、情報端末1と個人情報格納端末2が別の装置であることによる効果でもある。 The sensor unit 2010 and the position information acquisition unit 2011 are provided for the following purposes, for example, as necessary. For example, it is assumed that the user of the information terminal 1 that is a PC logs in the information server 3 with the personal information storage terminal 2 that is a smartphone in a pocket, for example. Next, it is assumed that the user has left the information terminal 1 without logging out of the information server 3 due to the occurrence of a business. At this time, there is a possibility that a third party impersonates the user and operates the information terminal 1, which causes a security problem.
At this time, for example, if the sensor unit 2010 acquires the acceleration given to the personal information storage terminal 2 or the position information acquisition unit 2011 acquires the current position of the personal information storage terminal 2, the movement of the user described above is controlled. The unit 2007 can detect the user's movement described above. Accordingly, the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved. Of course, if the distance between the information terminal 1 and the personal information storage terminal 2 becomes long and communication between the short- range communication units 1004 and 2004 becomes impossible, the use of the third party is greatly limited. However, when communication is not interrupted, the present embodiment exerts a great effect. This is also an effect due to the fact that the information terminal 1 and the personal information storage terminal 2 are different devices.
 図3は、情報端末1および個人情報格納端末2の機能構成の一例を示す図である。
  図3は、個人情報格納部1000および個人情報格納部2000が、それぞれ情報端末1および個人情報格納端末2とは独立したモジュールである場合について図示したものである。図3において、図2と同様の構成要素には同じ番号を付し、説明を省略する。 FIG. 3 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
FIG. 3 illustrates a case where the personal information storage unit 1000 and the personal information storage unit 2000 are modules independent of the information terminal 1 and the personal information storage terminal 2, respectively. In FIG. 3, the same components as those in FIG.
 情報端末1は、個人情報格納部通信部1020を備え、他のモジュールとバス線などで結線されている。個人情報格納部1000は個人情報格納部通信部1020を介し、他のモジュールと通信を行う。個人情報格納部通信部1020としては、USB、シリアル通信、Ethernet、ISO7816、SDカード規格に応じた通信、ISO14443、NFC、FeliCaなどの通信を行うモジュールが考えられる。個人情報格納部通信部1020は、場合によってネットワーク通信部1005や近接通信部1008、有線通信部1009と同一のモジュールであってもよい。図3の例では、図2の例にならい、個人情報格納部1000が1つ存在し、それ対し個人情報格納部通信部1020が1つ存在する例を示しているが、個人情報格納部通信部1020が2つ以上あってもよい。また、対応する個人情報格納部1000が存在しない個人情報格納部通信部1020を構成に含んでも良い。あるいは、情報端末1に個人情報格納部通信部1020が存在せず個人情報格納端末2に個人情報格納部通信部2020が1つ以上存在する構成であってもよい。 The information terminal 1 includes a personal information storage unit communication unit 1020 and is connected to other modules by a bus line or the like. The personal information storage unit 1000 communicates with other modules via the personal information storage unit communication unit 1020. As the personal information storage unit communication unit 1020, a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, or the like can be considered. The personal information storage unit communication unit 1020 may be the same module as the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 depending on circumstances. The example of FIG. 3 shows an example in which there is one personal information storage unit 1000 and one personal information storage unit communication unit 1020 as in the example of FIG. There may be two or more parts 1020. In addition, a personal information storage unit communication unit 1020 that does not have a corresponding personal information storage unit 1000 may be included in the configuration. Alternatively, the personal information storage unit communication unit 1020 does not exist in the information terminal 1 and one or more personal information storage unit communication units 2020 exist in the personal information storage terminal 2.
 個人情報格納端末2は、個人情報格納部通信部2020を備え、他のモジュールとバス線などで結線されている。個人情報格納部2000は個人情報格納部通信部2020を介し、他のモジュールと通信を行う。個人情報格納部通信部2020としては、USB、シリアル通信、Ethernet、ISO7816、SDカード規格に応じた通信、ISO14443、NFC、FeliCaなどの通信を行うモジュールが考えられる。個人情報格納部通信部2020は、場合によってネットワーク通信部2005や近接通信部2008、有線通信部2009と同一のモジュールであってもよい。図3の例では、図2の例にならい、複数の個人情報格納部2000をそれぞれ個人情報2000aと個人情報2000bとしており、それぞれに対し個人情報格納部通信部2020aと個人情報格納部通信部2020bを示しているが、個人情報格納部通信部2020は1つでもよいし、3つ以上あってもよい。また、対応する個人情報格納部2000がない個人情報格納部通信部2020を構成に含んでも良い。 The personal information storage terminal 2 includes a personal information storage unit communication unit 2020 and is connected to other modules by a bus line or the like. The personal information storage unit 2000 communicates with other modules via the personal information storage unit communication unit 2020. The personal information storage unit communication unit 2020 may be a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, and the like. The personal information storage unit communication unit 2020 may be the same module as the network communication unit 2005, the proximity communication unit 2008, and the wired communication unit 2009 depending on circumstances. In the example of FIG. 3, similar to the example of FIG. 2, a plurality of personal information storage units 2000 are set as personal information 2000 a and personal information 2000 b, respectively, and the personal information storage unit communication unit 2020 a and the personal information storage unit communication unit 2020 b respectively. However, there may be one personal information storage unit communication unit 2020 or three or more personal information storage units. In addition, a personal information storage unit communication unit 2020 that does not have a corresponding personal information storage unit 2000 may be included in the configuration.
 個人情報格納部通信部2020が複数備えられた場合には、各々で前記したような異なる規格による通信を行うことにより、例えば異なるICカードを用いた個人情報格納部2000に対応することができる。現状では個人情報格納部2000として、個人情報を管理する複数の組織が互いに異なる記憶デバイスを使用する場合が多い。このため、個人情報格納端末2は複数の個人情報格納部通信部2020を備えて、多くの種類の記憶デバイスに対応すると良い。 In the case where a plurality of personal information storage unit communication units 2020 are provided, by performing communication according to different standards as described above, for example, it is possible to correspond to the personal information storage unit 2000 using different IC cards. At present, as the personal information storage unit 2000, a plurality of organizations that manage personal information often use different storage devices. For this reason, the personal information storage terminal 2 is preferably provided with a plurality of personal information storage unit communication units 2020 to support many types of storage devices.
 図3の例では、個人情報格納部1000と個人情報格納部2000のそれぞれが情報端末1や個人情報格納端末2と独立したモジュールになっているが、どちらか一方のみが、図2の例のように情報端末1や個人情報格納端末2の内部構成として含まれていてもかまわない。さらに、例えば、個人情報格納部2000aは個人情報格納端末2の内部構成として含まれ、個人情報格納部2000bは独立モジュールとして個人情報格納部通信部2020を介して個人情報格納端末2と通信するような構成であってもかまわない。 In the example of FIG. 3, each of the personal information storage unit 1000 and the personal information storage unit 2000 is a module independent of the information terminal 1 and the personal information storage terminal 2, but only one of them is the example of FIG. As described above, it may be included as an internal configuration of the information terminal 1 or the personal information storage terminal 2. Further, for example, the personal information storage unit 2000a is included as an internal configuration of the personal information storage terminal 2, and the personal information storage unit 2000b communicates with the personal information storage terminal 2 via the personal information storage unit communication unit 2020 as an independent module. Any configuration may be used.
 以降の例では、図2の構成に基づいて処理フロー等を説明していくが、処理フロー等において個人情報格納部1000や個人情報格納部2000と情報のやりとりを行う部分は、図3の構成に基づいて個人情報格納部通信部1020や個人情報格納部通信部2020を介して個人情報格納部1000や個人情報格納部2000と情報のやりとりを行うと読み替えても、何ら問題は無い。 In the following example, the processing flow and the like will be described based on the configuration of FIG. 2, but the portion that exchanges information with the personal information storage unit 1000 and the personal information storage unit 2000 in the processing flow is the configuration of FIG. If the information is exchanged with the personal information storage unit 1000 or the personal information storage unit 2000 via the personal information storage unit communication unit 1020 or the personal information storage unit communication unit 2020 based on the above, there will be no problem.
 図4は、情報端末1の記憶部1006に格納される情報の一例を示す図である。
  記憶部1006は、アプリケーション格納部1100、個人情報格納部管理コード1200、個人情報格納部識別情報1300、端末間通信制御コード1400、端末間通信選択情報1401を備える。
  アプリケーション格納部1100は個人情報格納部利用アプリ1101を含む。アプリケーション格納部1100は複数の個人情報格納部利用アプリ1101を含んでもよいし、他のアプリケーションを含んでいてもかまわない。 FIG. 4 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1.
The storage unit 1006 includes an application storage unit 1100, a personal information storage unit management code 1200, personal information storage unit identification information 1300, an inter-terminal communication control code 1400, and an inter-terminal communication selection information 1401.
The application storage unit 1100 includes a personal information storage unit utilization application 1101. The application storage unit 1100 may include a plurality of personal information storage unit utilization applications 1101 or may include other applications.
 個人情報格納部利用アプリ1101は制御部1007で実行される。制御部1007は、個人情報格納部利用アプリ1101を、例えば、個人情報格納部1000や個人情報格納部2000に格納される個人情報に基づいた情報を用いて、個人認証にかかる処理を実行するように制御する。例えば、入力部1002によってユーザが入力したPIN番号(Personal Identification Number)を個人情報格納部1000や個人情報格納部2000を使用して認証するといったことが考えられる。また、例えば、情報サーバ3にアクセスする際にネットワーク91に接続するための認証情報や、情報サーバ3で動作する業務システムにログインするための認証情報を、個人認証格納部1000や個人認証格納部2000を使用することで取得し、ネットワーク通信部1005を介して認証情報を送出するといったことが考えられる。 The personal information storage unit use application 1101 is executed by the control unit 1007. The control unit 1007 causes the personal information storage unit use application 1101 to execute processing related to personal authentication using information based on personal information stored in the personal information storage unit 1000 or the personal information storage unit 2000, for example. To control. For example, a PIN number (Personal Identification Number) input by the user via the input unit 1002 may be authenticated using the personal information storage unit 1000 or the personal information storage unit 2000. Further, for example, authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are stored in the personal authentication storage unit 1000 or the personal authentication storage unit. It is conceivable that the authentication information is acquired by using 2000 and the authentication information is transmitted via the network communication unit 1005.
 個人情報格納部管理コード1200は、個人情報格納部利用アプリ1101が、個人情報格納部1000や、個人情報格納端末2の個人情報格納部2000を使用するために必要な識別情報である個人情報格納部識別情報1300を管理する実行コードであり、制御部1007で実行される。制御部1007は、個人情報格納部管理コード1200を、情報端末1の個人情報格納部1000や個人情報格納部通信部1020に関する情報や、あるいは、近距離通信部1004から個人情報格納部2000あるいは個人情報格納部通信部2020に関する情報などを収集し、後述する個人情報格納部識別情報1300の作成や更新を行うように制御する。また、個人情報格納部利用アプリ1101が個人情報格納部1000や個人情報格納部2000を使用する際は、個人情報格納部管理コード1200から、必要な識別情報の提供を受けるほか、個人情報格納部管理コード1200に、使用のための要求を送信し、適宜結果を受け取るといった処理を行う。個人情報格納部管理コード1200の一例としては、ICカードのリーダ・ライタと通信を行うための標準規格であるPC/SC規格に則って動作するサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせ、あるいは、ICカードリーダ・ライタにアクセスするためのその他のインタフェースを提供するサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせが考えられる。 The personal information storage unit management code 1200 is personal information storage that is identification information necessary for the personal information storage unit utilization application 1101 to use the personal information storage unit 1000 and the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing the copy identification information 1300 and is executed by the control unit 1007. The control unit 1007 transmits the personal information storage unit management code 1200 to the information related to the personal information storage unit 1000 and the personal information storage unit communication unit 1020 of the information terminal 1 or from the short-range communication unit 1004 to the personal information storage unit 2000 or the individual. Information related to the information storage unit communication unit 2020 is collected, and control is performed so as to create or update personal information storage unit identification information 1300 described later. When the personal information storage unit use application 1101 uses the personal information storage unit 1000 or the personal information storage unit 2000, the personal information storage unit management code 1200 provides the necessary identification information, and the personal information storage unit A process for transmitting a request for use to the management code 1200 and receiving a result as appropriate is performed. Examples of the personal information storage unit management code 1200 include services, daemons, applications, drivers, etc. that operate in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, combinations thereof, Alternatively, services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
 個人情報格納部識別情報1300は、個人情報格納部管理コード1200が収集した個人情報格納部1000や個人情報格納部2000の情報を格納するための領域である。格納の方式としては、オペレーティングシステムが提供するレジストリや設定ファイル、もしくはデータテーブルやデータベース等が考えられる。個人情報格納部1000や個人情報格納部2000などの情報を格納する際に、制御部1007は、それぞれを管理IDに対応付けて格納してもよい。個人情報格納部利用アプリ1101を、例えば、個人情報格納部識別情報1300に格納された、個人情報格納部1000や個人情報格納部2000を特定可能な管理IDもしくは可読文字の文字列を含む情報を、個人情報格納部管理コード1200から取得するように、制御部1007が制御することが考えられる。 Personal information storage unit identification information 1300 is an area for storing information of personal information storage unit 1000 and personal information storage unit 2000 collected by personal information storage unit management code 1200. As a storage method, a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When storing information such as the personal information storage unit 1000 and the personal information storage unit 2000, the control unit 1007 may store each information in association with the management ID. For example, the personal information storage unit use application 1101 is stored in the personal information storage unit identification information 1300 and includes information including a management ID that can identify the personal information storage unit 1000 and the personal information storage unit 2000 or a character string of readable characters. It can be considered that the control unit 1007 performs control so as to obtain the personal information storage unit management code 1200.
 端末間通信制御コード1400は、近距離通信部1004を介して、個人情報格納端末2から個人情報格納部2000の識別情報を取得し、個人情報格納部2000への要求および応答を送受信する実行コードであり、制御部1007で実行される。端末間通信制御コード1400は、例えばサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせであることが考えられる。制御部1007は、端末間通信制御コード1400を、必要に応じて後述する端末間通信選択情報1401を参照し、近距離通信部1004として使用する通信手段を適宜指定するように制御してもよい。端末間通信選択情報1401に格納される情報としては、例えば、ネットワーク通信部1005、近接通信部1008、有線通信部1009などを示す情報を格納することが考えられる。 The terminal-to-terminal communication control code 1400 acquires the identification information of the personal information storage unit 2000 from the personal information storage terminal 2 through the short-range communication unit 1004, and transmits and receives requests and responses to the personal information storage unit 2000. And is executed by the control unit 1007. The inter-terminal communication control code 1400 may be, for example, a service, daemon, application, driver, or a combination thereof. The control unit 1007 may control the inter-terminal communication control code 1400 so as to appropriately specify a communication unit to be used as the short-range communication unit 1004 with reference to the inter-terminal communication selection information 1401 described later as necessary. . As information stored in the terminal-to-terminal communication selection information 1401, for example, information indicating the network communication unit 1005, the proximity communication unit 1008, the wired communication unit 1009, and the like can be stored.
 図5は、個人情報格納端末2の記憶部2006に格納される情報の一例を示す図である。
  記憶部2006は、個人情報格納部管理コード2200、個人情報格納部識別情報2300、端末間通信制御コード2400、端末間通信選択情報2401、仮想個人情報格納部2500を備える。
  個人情報格納部管理コード2200は、情報端末1の個人情報格納部利用アプリ1101が、個人情報格納端末2の個人情報格納部2000を使用するために必要な識別情報である個人情報格納部識別情報2300を管理する実行コードであり、制御部2007で実行される。制御部2007は、個人情報格納部管理コード2200を、個人情報格納部2000や個人情報格納部通信部2020に関する情報などを収集し、後述する個人情報格納部識別情報2300の作成や更新を行うように制御する。個人情報格納部管理コード2200の一例としては、ICカードのリーダ・ライタと通信を行うための標準規格であるPC/SC規格に則って動作するサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせ、あるいは、ICカードリーダ・ライタにアクセスするためのその他のインタフェースを提供するサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせが考えられる。 FIG. 5 is a diagram illustrating an example of information stored in the storage unit 2006 of the personal information storage terminal 2.
The storage unit 2006 includes a personal information storage unit management code 2200, personal information storage unit identification information 2300, an inter-terminal communication control code 2400, an inter-terminal communication selection information 2401, and a virtual personal information storage unit 2500.
The personal information storage unit management code 2200 is personal information storage unit identification information that is necessary for the personal information storage unit use application 1101 of the information terminal 1 to use the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing 2300, and is executed by the control unit 2007. The control unit 2007 collects information related to the personal information storage unit management code 2200, information related to the personal information storage unit 2000 and the personal information storage unit communication unit 2020, and creates and updates personal information storage unit identification information 2300 described later. To control. As an example of the personal information storage unit management code 2200, a service, daemon, application, driver, etc. operating in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, a combination thereof, Alternatively, services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
 個人情報格納部識別情報2300は、個人情報格納部管理コード2200が収集した個人情報格納部2000などの情報を格納するための領域である。格納の方式としては、オペレーティングシステムが提供するレジストリや設定ファイル、もしくはデータテーブルやデータベース等が考えられる。個人情報格納部2000などの情報を格納する際に、制御部2007は、それぞれを管理IDに対応付けて格納してもよい。制御部2007は、情報端末1の個人情報格納部利用アプリ1101を、例えば、個人情報格納部識別情報2300に格納された、個人情報格納部2000などを特定可能な管理IDもしくは可読文字の文字列を含む情報を、近距離通信部2004や近距離通信部1004等を経由して個人情報格納部管理コード1200から取得するように制御することが考えられる。 Personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200. As a storage method, a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When storing information such as the personal information storage unit 2000, the control unit 2007 may store each information in association with the management ID. The control unit 2007 uses the personal information storage unit use application 1101 of the information terminal 1, for example, a management ID or a character string of readable characters stored in the personal information storage unit identification information 2300 that can identify the personal information storage unit 2000 or the like. It is conceivable to perform control so as to acquire information including the information from the personal information storage unit management code 1200 via the short-range communication unit 2004, the short-range communication unit 1004, and the like.
 端末間通信制御コード2400は、近距離通信部2004を介して、情報端末1から個人情報格納部2000への要求および応答を送受信する実行コードであり、制御部2007で実行される。また、制御部2007は、端末間通信制御コード2400を、個人情報格納部識別情報2300に格納された情報などを、近距離通信部2004を通じて情報端末1に送信するように制御する役割も持つ。端末間通信制御コード2400は、例えばサービスやデーモン、アプリケーション、ドライバ等やそれらの組み合わせであることが考えられる。制御部2007は、端末間通信制御コード2400を、必要に応じて後述する端末間通信選択情報2401を参照し、近距離通信部2004として使用する通信手段を適宜指定するように制御してもよい。端末間通信選択情2401に格納される情報としては、例えば、ネットワーク通信部2005、近接通信部2008、有線通信部2009などを示す情報を格納することが考えられる。 The inter-terminal communication control code 2400 is an execution code for transmitting and receiving a request and response from the information terminal 1 to the personal information storage unit 2000 via the short-range communication unit 2004, and is executed by the control unit 2007. The control unit 2007 also has a role of controlling the inter-terminal communication control code 2400 to transmit information stored in the personal information storage unit identification information 2300 to the information terminal 1 through the short-range communication unit 2004. The inter-terminal communication control code 2400 may be, for example, a service, a daemon, an application, a driver, or a combination thereof. The control unit 2007 may control the inter-terminal communication control code 2400 to refer to inter-terminal communication selection information 2401, which will be described later, as necessary, and to appropriately specify a communication unit used as the short-range communication unit 2004. . As information stored in the terminal-to-terminal communication selection information 2401, for example, information indicating the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, and the like may be stored.
 仮想個人情報格納部2500は、個人情報格納端末2に関する各種情報を格納する。仮想個人情報格納部2500は、各種情報を個人情報格納端末2から取得する手段をまとめた実行コードであってもよい。個人情報格納端末2の各種情報には、例えば端末IDや、位置情報取得部2011で取得する位置情報、センサ部2010で取得する加速度情報やその他の環境情報、もしくはログイン履歴やストレージファイルシステムなど記憶部2006に格納される一般的な情報などが考えられる。したがって制御部2007は、仮想個人情報格納部2500に対して、個人認証に使用するような個人情報のみならず、個人情報格納端末2に関する一般的な情報について、個人情報格納部2000と同等のソフトウェアインタフェースでアクセスすることができる。各種データはデータIDと対応付けて管理されていてもかまわない。仮想個人情報格納部2500は、記憶部2006の内部にあってもよいし、外部モジュールとして独立した構成をとってもかまわない。 The virtual personal information storage unit 2500 stores various information related to the personal information storage terminal 2. The virtual personal information storage unit 2500 may be an execution code in which means for acquiring various types of information from the personal information storage terminal 2 are collected. Various information of the personal information storage terminal 2 includes, for example, a terminal ID, position information acquired by the position information acquisition unit 2011, acceleration information acquired by the sensor unit 2010 and other environment information, or a login history and a storage file system. General information stored in the unit 2006 can be considered. Therefore, the control unit 2007 uses the same software as the personal information storage unit 2000 for the virtual personal information storage unit 2500 for general information related to the personal information storage terminal 2 as well as personal information used for personal authentication. Can be accessed through the interface. Various data may be managed in association with the data ID. The virtual personal information storage unit 2500 may be inside the storage unit 2006, or may have an independent configuration as an external module.
 例えば、個人情報格納部に対する第1の識別情報2300と、情報格納部2500に対する第2の識別情報とのいずれかを、個人情報格納端末2が選択して情報端末1へ送出する実施形態においては、個人情報格納端末2に格納された情報を情報格納部2500から取得するよう情報端末1が要求した場合には、第2の識別情報に基づき個人情報格納端末2に格納された情報を取得して前記情報端末1へ送出する実施形態が実現できる。 For example, in the embodiment in which the personal information storage terminal 2 selects and sends either the first identification information 2300 for the personal information storage unit or the second identification information for the information storage unit 2500 to the information terminal 1 When the information terminal 1 requests to acquire the information stored in the personal information storage terminal 2 from the information storage unit 2500, the information stored in the personal information storage terminal 2 is acquired based on the second identification information. Thus, an embodiment for sending to the information terminal 1 can be realized.
 なお、仮想個人情報格納部2500における“仮想”とは、仮想個人情報格納部2500として必ずしも専用の情報格納部を設けることなく、例えば制御部2007が使用するソフトウェアの格納部(例えばRAM)に対し、所定のアドレス範囲内に情報格納部を指定して設ければ良いことを意味する。
  仮想個人情報格納部2500に格納された情報については、情報端末1に送信する実施形態と送信しない実施形態がある。例えば前記した位置情報、加速度情報を用いて情報端末1が情報サーバ3からログアウトするか否かを判断する際に、情報端末1が判断する実施形態においては、仮想個人情報格納部2500に格納された情報は、少なくも一部が情報端末1に送信される。 Note that “virtual” in the virtual personal information storage unit 2500 does not necessarily provide a dedicated information storage unit as the virtual personal information storage unit 2500, but for example a software storage unit (for example, RAM) used by the control unit 2007 This means that an information storage unit may be designated and provided within a predetermined address range.
Regarding the information stored in the virtual personal information storage unit 2500, there are an embodiment in which the information is transmitted to the information terminal 1 and an embodiment in which the information is not transmitted. For example, in the embodiment in which the information terminal 1 determines when the information terminal 1 determines whether or not to log out of the information server 3 using the position information and acceleration information, the information is stored in the virtual personal information storage unit 2500. At least a part of the information is transmitted to the information terminal 1.
 また、図示してはいないが、記憶部2006もまた記憶部1006と同様にアプリケーション格納部や個人情報格納部利用アプリを含んでもよい。記憶部2006の個人情報格納部利用アプリは、例えば暗号鍵などで代表されるような、個人情報格納部2000に格納される個人情報に基づいた情報を用いて、個人認証にかかる処理を実行する。例えば、入力部2002によってユーザが入力したPIN番号を、個人情報格納部2000等を使用することで認証するといったことが考えられる。また、例えば、情報サーバ3にアクセスする際にネットワーク91に接続するための認証情報や、情報サーバ3で動作する業務システムにログインするための認証情報を、個人認証格納部2000を使用することで取得し、ネットワーク通信部2005を介して認証情報を送出するといったことが考えられる。 Although not shown, the storage unit 2006 may also include an application storage unit and an application using a personal information storage unit, similar to the storage unit 1006. The application using the personal information storage unit in the storage unit 2006 executes processing related to personal authentication using information based on the personal information stored in the personal information storage unit 2000, for example, represented by an encryption key. . For example, it is conceivable that the PIN number input by the user using the input unit 2002 is authenticated by using the personal information storage unit 2000 or the like. Further, for example, by using the personal authentication storage unit 2000, authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are used. It is conceivable to acquire the authentication information and send the authentication information via the network communication unit 2005.
 図6は、情報端末1が個人情報格納部2000を使用する処理の一例を示す図である。
  情報端末1は、情報サーバ3に接続する前に、個人情報格納端末2から個人情報格納部2000を使用するための識別情報を取得し、必要な設定を行う。 FIG. 6 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2000.
Before connecting to the information server 3, the information terminal 1 acquires identification information for using the personal information storage unit 2000 from the personal information storage terminal 2 and performs necessary settings.
 まず、情報端末1は、電源を入れられると、制御部1007は、個人情報格納部管理コード1200を用いて、情報端末1に内蔵または接続された個人情報格納部1000もしくは個人情報格納部通信部1020から情報を収集し、個人情報格納部識別情報1300を更新する(S101)。このとき個人情報格納部1000が見つからなければ個人情報格納部識別情報1300は空でもかまわない。また、電源を入れられると、制御部1007は、端末間通信制御コード1400を用いて、近距離通信部1004を通じて個人情報格納端末2の存在確認を行う(S102)。個人情報格納端末2が見つからない場合は、再度S102に戻り、個人情報格納端末2が見つかるまでループして待機する。個人情報格納端末2がある場合、制御部1007は、個人情報格納部識別情報2300に格納された情報を取得する要求を個人情報格納端末2に送出し、後述する返答を受信する(S103)。ここで、個人情報格納部管理コード1200と端末間通信制御コード1400は情報端末1のオペレーティングシステムの管理などによって平行して動作してかまわない。これによりS101とS102の実行順序が逆転した場合、制御部1007は、その時点の個人情報格納部識別情報2300をS102で取得するようにしてもよいし、S101の処理が完了するまでS202からの要求への返答を待たせてもよい。 First, when the information terminal 1 is turned on, the control unit 1007 uses the personal information storage unit management code 1200 to store the personal information storage unit 1000 or the personal information storage unit communication unit built in or connected to the information terminal 1. Information is collected from 1020 and personal information storage unit identification information 1300 is updated (S101). At this time, if the personal information storage unit 1000 is not found, the personal information storage unit identification information 1300 may be empty. When the power is turned on, the control unit 1007 confirms the existence of the personal information storage terminal 2 through the short-range communication unit 1004 using the inter-terminal communication control code 1400 (S102). If the personal information storage terminal 2 is not found, the process returns to S102 again, and loops and waits until the personal information storage terminal 2 is found. When the personal information storage terminal 2 is present, the control unit 1007 sends a request for obtaining information stored in the personal information storage unit identification information 2300 to the personal information storage terminal 2 and receives a reply described later (S103). Here, the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 may operate in parallel by managing the operating system of the information terminal 1 or the like. Accordingly, when the execution order of S101 and S102 is reversed, the control unit 1007 may acquire the personal information storage unit identification information 2300 at that time in S102, or from S202 until the processing of S101 is completed. You may wait for a reply to the request.
 一方、個人情報格納端末2は、電源を入れられると、制御部2007は、個人情報格納部管理コード2200を用いて、個人情報格納端末2に内蔵または接続された個人情報格納部2000、個人情報格納部通信部2020、もしくは仮想個人情報格納部2500から情報を収集し、個人情報格納部識別情報2300を更新する(S201)。このとき個人情報格納部2000や仮想個人情報格納部2500などが見つからなければ個人情報格納部識別情報2300は空でもかまわない。また、電源を入れられると、制御部2007は、端末間通信制御コード2400を用いて、近距離通信部2004を通じて、S103で送出された要求を取得し、個人情報格納部識別情報2300から個人情報格納端末2に内蔵または接続された個人情報格納部2000、個人情報格納部通信部2020、もしくは仮想個人端末情報格納部2500などの情報を取得し、近距離通信部2004を通じて、情報端末1に返答を送出する(S202)。ここで、個人情報格納部管理コード2200と端末間通信制御コード2400は個人情報格納端末2のオペレーティングシステムの管理などによって平行して動作してかまわない。これによりS201とS202の実行順序が逆転した場合、制御部2007は、その時点の個人情報格納部識別情報をS202で取得するようにしてもよいし、S201の処理が完了するまでS202からの要求への返答を待たせてもよい。 On the other hand, when the personal information storage terminal 2 is turned on, the control unit 2007 uses the personal information storage unit management code 2200 to store the personal information storage unit 2000 built in or connected to the personal information storage terminal 2, the personal information Information is collected from the storage unit communication unit 2020 or the virtual personal information storage unit 2500, and the personal information storage unit identification information 2300 is updated (S201). At this time, if the personal information storage unit 2000, the virtual personal information storage unit 2500, etc. are not found, the personal information storage unit identification information 2300 may be empty. When the power is turned on, the control unit 2007 acquires the request sent in S103 through the short-range communication unit 2004 using the inter-terminal communication control code 2400, and the personal information is stored in the personal information storage unit identification information 2300. Acquire information such as the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal terminal information storage unit 2500 built in or connected to the storage terminal 2, and return to the information terminal 1 through the short-range communication unit 2004 Is transmitted (S202). Here, the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 may operate in parallel by managing the operating system of the personal information storage terminal 2 or the like. Thus, when the execution order of S201 and S202 is reversed, the control unit 2007 may acquire the personal information storage unit identification information at that time in S202, or the request from S202 until the processing of S201 is completed. You may wait for a reply to.
 S103で個人情報格納端末2から返答を取得したら、制御部1007は、端末間通信制御コード1400を用いて個人情報格納部管理コード1200に、新たに取得した識別情報を通知し、個人情報格納端末2と通信可能な状態を保ったまま待機する。制御部1007は、通知を受けた個人情報格納部管理コード1200を用いて、個人情報格納部管理コード1200が取得した情報をもとに個人情報格納部識別情報1300を更新する(S104)。端末間通信制御コード1400から個人情報格納部管理コード1200への通知は、これらの間で直接行ってもよいし、オペレーティングシステムなど他のソフトウェアを通じて行っても良い。S104が完了した時点で個人情報格納部識別情報1300には、情報端末1の個人情報格納部1000などと、個人情報格納端末2の個人情報格納部2000や仮想個人情報格納部2500などとが、いずれも同様の手順で個人情報格納部利用アプリ1101から使用できるように識別情報が格納された状態になる。 When the response is acquired from the personal information storage terminal 2 in S103, the control unit 1007 notifies the personal information storage unit management code 1200 of the newly acquired identification information using the inter-terminal communication control code 1400, and the personal information storage terminal 2 while waiting for communication with 2. The control unit 1007 uses the received personal information storage unit management code 1200 to update the personal information storage unit identification information 1300 based on the information acquired by the personal information storage unit management code 1200 (S104). Notification from the terminal-to-terminal communication control code 1400 to the personal information storage unit management code 1200 may be performed directly between them, or may be performed through other software such as an operating system. When S104 is completed, personal information storage unit identification information 1300 includes personal information storage unit 1000 of information terminal 1, personal information storage unit 2000 of personal information storage terminal 2, virtual personal information storage unit 2500, and the like. In any case, the identification information is stored so that it can be used from the personal information storage unit use application 1101 in the same procedure.
 制御部1007は、個人情報格納部利用アプリ1101を用いて、情報端末1の電源を入れた後のスタートアップ処理の一環として、もしくは、入力部1002からのユーザによる例えばPIN番号の入力などをきっかけに処理を開始する。制御部1007は、個人情報格納部利用アプリ1101を用いて、所定の初期処理を行った後に、個人情報格納部1300に格納された識別情報を、個人情報格納部管理コード1200に問い合わせることで取得する(S105)。個人情報格納部利用アプリ1101は、何らかの理由で所望の個人情報格納部が個人情報格納部識別情報1300に存在しないあるいは使用可能でない場合、使用可能になるまで問い合わせを繰り返しても良い。S105で個人情報格納部管理コード1200から返送される識別情報には、個人情報格納部2000などを特定可能な管理IDもしくは可読文字の文字列を含む情報を含むことが考えられる。また、例えばS105はPC/SC規格のSCardListReaders関数などであることが考えられる。 The control unit 1007 uses the personal information storage unit use application 1101 as part of the startup process after turning on the information terminal 1 or triggered by the input of the PIN number by the user from the input unit 1002, for example. Start processing. The control unit 1007 obtains the identification information stored in the personal information storage unit 1300 by inquiring the personal information storage unit management code 1200 after performing predetermined initial processing using the personal information storage unit utilization application 1101. (S105). If the desired personal information storage unit does not exist in the personal information storage unit identification information 1300 or cannot be used for some reason, the personal information storage unit utilization application 1101 may repeat the inquiry until it can be used. The identification information returned from the personal information storage unit management code 1200 in S105 may include information including a management ID that can identify the personal information storage unit 2000 or the like or a character string of readable characters. For example, S105 may be a PC / SC standard SCardListReaders function.
 続いて制御部1007は、個人情報格納アプリ1101を用いて、取得した識別情報をもとに、所望の個人情報格納部を使用するための要求を、個人情報格納部管理コード1200に送信する(S106)。図6の例では個人情報格納端末2の個人情報格納部2000に要求を送信することを図示している。個人情報格納部管理コード1200が受け取った要求は、端末間通信制御コード1400に受け渡され、さらに、端末間通信コード1400から近距離通信部1004を通じて個人情報格納端末2に送出される。個人情報格納端末2の制御部2007は、端末間通信制御コード2400を用いて、近距離通信部2004から要求を取得し、これを個人情報格納部管理コード2200に受け渡す。制御部2007は、個人情報格納部管理コード2200を用いて、個人情報格納部識別情報2300に基づいて個人情報格納部2000に要求を受け渡し、返答を得る(S203)。返答は先ほどと逆の経路をたどり、個人情報格納部利用アプリ1101に渡される(S106)。
  S106について、特に個人情報格納部利用アプリ1101と個人情報格納部管理コード1200の間のやり取りについては、例えば、PC/SC規格のSCardTransmit関数などであることが考えられる。 Subsequently, the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the acquired identification information ( S106). In the example of FIG. 6, the request is transmitted to the personal information storage unit 2000 of the personal information storage terminal 2. The request received by the personal information storage unit management code 1200 is transferred to the terminal-to-terminal communication control code 1400, and further transmitted from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004. The control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200. The control unit 2007 passes the request to the personal information storage unit 2000 based on the personal information storage unit identification information 2300 using the personal information storage unit management code 2200, and obtains a response (S203). The reply follows the reverse route, and is passed to the personal information storage application 1101 (S106).
Regarding S106, in particular, the exchange between the personal information storage unit use application 1101 and the personal information storage unit management code 1200 may be, for example, a PC / SC standard SCardTransmit function.
 なお、図6は、情報端末1がS103で個人情報端末2から取得した識別情報を用いて、S104において情報端末1が有する個人情報格納部識別情報1300を更新する実施形態である。これに対して、電源投入直後にS101で取得した識別情報と、S103で個人情報端末2から取得した識別情報とのいずれかを選択して使用する方法、さらには、ユーザが入力部1002から入力した情報に基づき、前記した識別情報のいずれかを選択する方法も実施形態として考えられる。いずれも本実施例の範疇にある。 FIG. 6 is an embodiment in which the information terminal 1 updates the personal information storage unit identification information 1300 of the information terminal 1 in S104 using the identification information acquired from the personal information terminal 2 in S103. On the other hand, a method of selecting and using either the identification information acquired in S101 immediately after power-on or the identification information acquired from the personal information terminal 2 in S103, and the user inputs from the input unit 1002 A method for selecting any one of the above-described identification information based on the obtained information is also conceivable as an embodiment. Both are in the category of this embodiment.
  次に、第2の実施形態について、図7と図8を用いて説明する。
  図7は、情報端末1の記憶部1006および個人情報格納端末2の記憶部2006に格納される情報の一例を示す図である。図7の例において図4や図5の構成と同様の構成は記載を省略している場合がある。
  記憶部1006は、個人情報格納部識別情報1300を備える。
  個人情報格納部識別情報1300は、個人情報格納部管理コード1200が収集した個人情報格納部1000の情報、および、個人情報格納端末2をひとつの個人情報格納部とみなした識別情報を格納するための領域である。格納の方式としては、オペレーティングシステムが提供するレジストリや設定ファイル、もしくはデータテーブルやデータベース等が考えられる。個人情報格納部1000や個人情報格納端末2の識別情報を格納する際に、それぞれを管理IDに対応付けて格納してもよい。制御部1007は、個人情報格納部利用アプリ1101を用いて、例えば、個人情報格納部識別情報1300に格納された、個人情報格納部1000や個人情報格納端末2を特定可能な管理IDもしくは可読文字の文字列を含む情報を、個人情報格納部管理コード1200から取得することが考えられる。 Next, a second embodiment will be described with reference to FIGS.
FIG. 7 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1 and the storage unit 2006 of the personal information storage terminal 2. In the example of FIG. 7, the description of the same configuration as the configuration of FIG. 4 or 5 may be omitted.
The storage unit 1006 includes personal information storage unit identification information 1300.
The personal information storage unit identification information 1300 stores information of the personal information storage unit 1000 collected by the personal information storage unit management code 1200 and identification information regarding the personal information storage terminal 2 as one personal information storage unit. It is an area. As a storage method, a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When the identification information of the personal information storage unit 1000 or the personal information storage terminal 2 is stored, each may be stored in association with the management ID. The control unit 1007 uses the personal information storage unit use application 1101, for example, a management ID or readable character stored in the personal information storage unit identification information 1300 that can identify the personal information storage unit 1000 or the personal information storage terminal 2. It is conceivable to acquire information including the character string from the personal information storage unit management code 1200.
 図7は図4とは異なり、情報端末1は個人情報格納端末2に関して、管理ID“1102”で管理される一つの識別情報のみを有している。個人情報格納端末2が有する個人情報格納部2000の各々を個別に管理することはしていない。これは後記するように、図6の場合とは異なり、個人情報格納端末2は個人情報格納部識別情報2300そのものを情報端末1に供給せず、必要な識別情報のみを供給してセキュリティを向上することを狙っている。 FIG. 7 differs from FIG. 4 in that the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2. Each of the personal information storage units 2000 included in the personal information storage terminal 2 is not managed individually. As will be described later, unlike the case of FIG. 6, the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1 but supplies only necessary identification information to improve security. Aiming to do.
 記憶部2006は、個人情報格納部識別情報2300を備える。
  個人情報格納部識別情報2300は、個人情報格納部管理コード2200が収集した個人情報格納部2000などの情報を、切替情報と対応付けて格納するための領域である。切替情報は、個人情報格納端末2に複数存在する個人情報格納部2000、個人情報格納部通信部2020、もしくは仮想個人情報格納部2500について、そのうち多くとも一つが有効であり、その他が無効であることを示す情報である。当該情報が示す有効、無効の意味については後記する。格納の方式としては、オペレーティングシステムが提供するレジストリや設定ファイル、もしくはデータテーブルやデータベース等が考えられる。個人情報格納部2000などの情報を格納する際に、それぞれを管理IDに対応付けて格納してもよい。 The storage unit 2006 includes personal information storage unit identification information 2300.
The personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 in association with the switching information. As for the switching information, at least one of the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal information storage unit 2500 existing in the personal information storage terminal 2 is valid, and the others are invalid. This is information indicating this. The meaning of the validity and invalidity indicated by the information will be described later. As a storage method, a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When information such as the personal information storage unit 2000 is stored, each may be stored in association with the management ID.
 なお、個人情報格納部識別情報1300における個人情報格納端末2を示す識別情報は、個人情報格納端末2が存在するか否かにかかわらず、個人情報格納部識別情報1300に存在してもかまわない。この場合において、もし個人情報格納端末2が情報端末1と通信可能な状態でない場合や、個人情報格納端末2の個人情報格納部識別情報2300において有効になっている個人情報格納部が一つもない場合は、例えば、制御部1007が個人情報格納部利用アプリ1101を用いて個人情報格納端末2の使用を試みた場合に異常が発生することで、制御部1007は、所望の個人情報格納部が使用できないことを検知することができる。 The identification information indicating the personal information storage terminal 2 in the personal information storage unit identification information 1300 may exist in the personal information storage unit identification information 1300 regardless of whether the personal information storage terminal 2 exists. . In this case, if the personal information storage terminal 2 is not communicable with the information terminal 1 or there is no personal information storage section that is valid in the personal information storage section identification information 2300 of the personal information storage terminal 2. In this case, for example, when the control unit 1007 attempts to use the personal information storage terminal 2 using the personal information storage unit use application 1101, the control unit 1007 has a desired personal information storage unit. It can be detected that it cannot be used.
 図7において、管理ID2101で管理される前記第1の識別情報と、管理ID2102で管理される第2の識別情報の二つの識別情報がある場合には、そのいずれかを選択して記憶部2006から取得することとなり、特に図7で示すように有効か無効かを示す切替情報が付加されている場合には、当該切替情報に基づいて、いずれかが選択される。その切替情報を情報端末1のユーザが入力部1002を使用し、設定するような実施形態も考えることができる。
  次に説明する図8では、個人情報格納端末2の識別情報は常に個人情報格納部識別情報1300に存在するものとして、処理の一例を説明する。このようにすることで、情報端末1は、個人情報格納端末2の識別情報を通信によって取得する必要がなくなり、個人情報格納部1000は、個人情報格納端末2が格納する情報も有する一つの個人情報格納部として統一的に扱うことができる。 In FIG. 7, when there are two pieces of identification information, that is, the first identification information managed by the management ID 2101 and the second identification information managed by the management ID 2102, one of them is selected and the storage unit 2006 is selected. In particular, when switching information indicating whether it is valid or invalid is added as shown in FIG. 7, one of them is selected based on the switching information. An embodiment in which the user of the information terminal 1 sets the switching information using the input unit 1002 can also be considered.
In FIG. 8 to be described next, an example of processing will be described on the assumption that the identification information of the personal information storage terminal 2 is always present in the personal information storage unit identification information 1300. By doing in this way, the information terminal 1 does not need to acquire the identification information of the personal information storage terminal 2 by communication, and the personal information storage unit 1000 is one individual who also has information stored in the personal information storage terminal 2 It can be handled uniformly as an information storage unit.
 図8は、情報端末1が個人情報格納部2を使用する処理の一例を示す図である。図8の例において図6の処理と同様の部分は、同じ番号を付し説明を省略する場合がある。
  図8の例では、S102で個人情報格納端末2が存在する場合、制御部1007は、S103を実行せず、個人情報格納端末2と通信可能な状態を保ったまま待機する。したがって、S103を実行しないため、個人情報格納端末2の端末間通信制御コード2400は、S202を実行しない。即ち、図8の例では、図6とは異なり、個人情報格納端末2は個人情報格納部識別情報2300そのものを、情報端末1に供給しない。
  S201では、図6の例と同様に個人情報保護端末2から個人情報格納部2000や仮想個人情報格納部2500の情報を取得するが、その際に切替情報として有効もしくは無効の設定を付与する。初めは全て無効にしていてもよいし、いずれかの個人情報格納部2000などを有効にしていてもよい。あるいは電源をOFFにする直前の切替情報をそのまま記憶していてもよい。 FIG. 8 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2. In the example of FIG. 8, the same parts as those of the process of FIG.
In the example of FIG. 8, when the personal information storage terminal 2 exists in S102, the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the inter-terminal communication control code 2400 of the personal information storage terminal 2 does not execute S202. That is, in the example of FIG. 8, unlike FIG. 6, the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1.
In S201, the information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 in the same manner as in the example of FIG. Initially, all may be invalidated, or any personal information storage unit 2000 may be validated. Alternatively, the switching information immediately before turning off the power may be stored as it is.
 個人情報格納端末2の端末間通信制御コード2400は、個人情報格納部識別情報2300の識別情報の多くともいずれか一つを有効にし、他を無効にするように個人情報格納部管理コード2200に要求する(S204)。ここで、個人情報格納部が有効ということは、情報端末1が近距離通信1004経由で当該個人情報格納部を使用することが可能になることを示し、また、個人情報格納部が無効ということは、情報端末1が近距離通信部1004経由で当該個人情報格納部を使用することが不可能になることを示す。前記したように図8は、個人情報格納端末2は個人情報格納部識別情報2300そのものを、情報端末1に供給しない実施形態であり、個人情報格納端末2が情報端末1から識別情報を要求された場合には、個人情報格納部識別情報2300の中から特定の識別情報のみを供給する実施形態である。識別情報の多くともいずれか一つを有効にするとは、いずれの識別情報を個人情報格納端末2が情報端末1に供給するかを決定することを意味する。これにより、図6で示したように個人情報格納部識別情報2300そのものをS103とS202で授受する場合と比較して、セキュリティを向上でき、さらには処理時間を短縮できるという効果がある。 The terminal-to-terminal communication control code 2400 of the personal information storage terminal 2 enables the personal information storage unit management code 2200 to validate at least one of the identification information of the personal information storage unit identification information 2300 and invalidate the other. A request is made (S204). Here, that the personal information storage unit is valid means that the information terminal 1 can use the personal information storage unit via the short-range communication 1004, and that the personal information storage unit is invalid. Indicates that the information terminal 1 cannot use the personal information storage unit via the short-range communication unit 1004. As described above, FIG. 8 shows an embodiment in which the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1, and the personal information storage terminal 2 is requested for identification information from the information terminal 1. In this case, only specific identification information is supplied from the personal information storage unit identification information 2300. Enabling at least one of the identification information means that the personal information storage terminal 2 determines which identification information is to be supplied to the information terminal 1. As a result, as shown in FIG. 6, the security can be improved and the processing time can be shortened as compared with the case where the personal information storage unit identification information 2300 itself is exchanged in S103 and S202.
 S204が実行されるタイミングは、表示部2001と入力部2002を使用したユーザによる選択をきっかけとしてもよい。あるいは、スタートアップ処理に含まれていてもよい。もしくは、ネットワーク通信部2005、近接通信部2008、有線通信部2009などからの入力や、センサ部2010から取得した加速度情報、位置情報取得部2011から取得した位置情報などをきっかけとしてもよい。例えば、S204の例として、加速度情報や位置情報に所定のしきい値を越える変化があった場合に個人情報格納部識別情報2300の切替情報を全て無効にするよう、個人情報格納部管理コードに要求することが考えられる。
  また、別の例として、近接通信部2008からの入力をきっかけとして、特定の一つの個人情報格納部の切替情報の有効無効を切り替える、あるいは、有効となる個人情報格納部を予め定めた順番などで順次切り替える、といった判断をS204で行い、適宜、個人情報格納部管理コード2200に要求することが考えられる。具体的な動作の一例をあげれば、ユーザが情報端末1から遠ざかる際に、ユーザが入力部2002を使用した指示を情報端末1に供給して全ての切替情報を無効に設定すれば、情報端末1が第三者に利用される可能性を低減でき、セキュリティを向上する効果がある。 The timing at which S204 is executed may be triggered by selection by the user using the display unit 2001 and the input unit 2002. Alternatively, it may be included in the startup process. Alternatively, an input from the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, acceleration information acquired from the sensor unit 2010, position information acquired from the position information acquisition unit 2011, or the like may be triggered. For example, as an example of S204, the personal information storage unit management code is set so that all the switching information of the personal information storage unit identification information 2300 is invalidated when there is a change exceeding a predetermined threshold in acceleration information or position information. It can be requested.
As another example, the switching information of one specific personal information storage unit is switched between valid and invalid by the input from the proximity communication unit 2008, or the personal information storage unit to be valid is in a predetermined order. It is conceivable that a determination is made in step S204 such that the personal information storage unit management code 2200 is appropriately requested. As an example of a specific operation, when the user moves away from the information terminal 1, if the user supplies an instruction using the input unit 2002 to the information terminal 1 and sets all the switching information to be invalid, the information terminal The possibility of 1 being used by a third party can be reduced, and there is an effect of improving security.
 制御部1007は、個人情報格納アプリ1101を用いて、S105で取得した識別情報をもとに、所望の個人情報格納部を使用するための要求を、個人情報格納部管理コード1200に送信する(S106)。図8の例では個人情報格納端末2に要求を送信することを図示している。制御部1007は、個人情報格納部管理コード1200が受け取った要求を、端末間通信制御コード1400に受け渡し、さらに、端末間通信コード1400から近距離通信部1004を通じて個人情報格納端末2に送出するように制御する。個人情報格納端末2の制御部2007は、端末間通信制御コード2400を用いて、近距離通信部2004から要求を取得し、これを個人情報格納部管理コード2200に受け渡す。制御部2007は、個人情報格納部管理コード2200を用いて、個人情報格納部識別情報2300の切替情報が有効となっている個人情報格納部に要求を受け渡し、返答を得る(S206)。返答は先ほどと逆の経路をたどり、個人情報格納部利用アプリ1101に渡される(S106)。なお、S206で切替情報が有効となっている個人情報格納部が存在しない場合は、S106の返答としてその旨を例えばエラーとして個人情報格納部利用アプリ1101に通知する。 The control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 8, transmission of a request to the personal information storage terminal 2 is illustrated. The control unit 1007 passes the request received by the personal information storage unit management code 1200 to the inter-terminal communication control code 1400, and further sends the request from the inter-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004. To control. The control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200. Using the personal information storage unit management code 2200, the control unit 2007 passes the request to the personal information storage unit for which the switching information of the personal information storage unit identification information 2300 is valid, and obtains a response (S206). The reply follows the reverse route, and is passed to the personal information storage application 1101 (S106). If there is no personal information storage unit in which the switching information is valid in S206, the personal information storage unit utilization application 1101 is notified as an error as a response in S106.
  次に、第3の実施形態について、図9乃至図10を用いて説明する。
  図9は、情報端末の記憶部および個人情報格納端末の記憶部に格納される情報および個人情報格納部の構成の一例を示す図である。図9の例において図4や図5、図7の構成と同様の構成は記載を省略している場合がある。
  情報端末1の記憶部1006の構成は図7と同様であるので説明を省略する。即ち、情報端末1は個人情報格納端末2に関して、管理ID“1102”で管理される一つの識別情報のみを有している。
  記憶部2006は、個人情報格納部識別情報2300を備える。 Next, a third embodiment will be described with reference to FIGS.
FIG. 9 is a diagram illustrating an example of the configuration of information stored in the storage unit of the information terminal and the storage unit of the personal information storage terminal and the personal information storage unit. In the example of FIG. 9, the description of the same configuration as that of FIGS. 4, 5, and 7 may be omitted.
The configuration of the storage unit 1006 of the information terminal 1 is the same as that in FIG. That is, the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2.
The storage unit 2006 includes personal information storage unit identification information 2300.
 個人情報格納部識別情報2300は、個人情報格納部管理コード2200が収集した個人情報格納部2000などの情報と、後述する個人情報格納部2000などに格納された個人情報格納アプリのアプリIDとを、対応付けて格納するための領域である。制御部2007は、個人情報格納部識別情報2300を参照することによって、所定のアプリIDを持つ個人情報格納アプリが、いずれの個人情報格納部2000などに格納されているかを知ることができる。この対応付けは、予め設定として与えられていてもよいし、制御部2007が個人情報格納部管理コード2200を用いて個人情報格納部2000などから適宜収集してもよい。格納の方式としては、オペレーティングシステムが提供するレジストリや設定ファイル、もしくはデータテーブルやデータベース等が考えられる。図示してはいないが、個人情報格納部2000などの情報を格納する際に、それぞれを管理IDに対応付けて格納してもよい。 The personal information storage unit identification information 2300 includes information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 and an application ID of a personal information storage application stored in the personal information storage unit 2000 described later. This is an area for storing in association with each other. The control unit 2007 can know in which personal information storage unit 2000 the personal information storage application having a predetermined application ID is stored by referring to the personal information storage unit identification information 2300. This association may be given as a setting in advance, or may be appropriately collected by the control unit 2007 from the personal information storage unit 2000 using the personal information storage unit management code 2200. As a storage method, a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. Although not shown, when information such as the personal information storage unit 2000 is stored, each may be stored in association with the management ID.
 個人情報格納部2000は、個人情報格納アプリを有する。図9の例では、個人情報格納部2000aは、アプリIDが「111111」の個人情報格納アプリと、アプリIDが「222222」の個人情報格納アプリを有する。個人情報格納部2000bは、アプリIDが「333333」の個人情報格納アプリと、アプリIDが「FFFFFF」の個人情報格納アプリを有する。また図示してはいないが、仮想個人情報格納部2500はアプリID「444444」を有する。 The personal information storage unit 2000 has a personal information storage application. In the example of FIG. 9, the personal information storage unit 2000a includes a personal information storage application with an application ID “111111” and a personal information storage application with an application ID “222222”. The personal information storage unit 2000b includes a personal information storage application with an application ID “333333” and a personal information storage application with an application ID “FFFFFF”. Although not shown, the virtual personal information storage unit 2500 has an application ID “444444”.
 図9の例において、制御部2007は、個人情報格納部識別情報2300を参照することにより、例えば、アプリIDが「111111」の個人情報格納アプリへの要求であれば、個人情報格納部2000aに要求すればよいことがわかる。また同様に、アプリIDが「333333」の個人情報格納アプリへの要求であれば、個人情報格納部2000bに要求すればよいことがわかる。また未定義のアプリIDへの要求をどの個人情報格納部に送出すべきかを個人情報格納部識別情報2300に含めることが好ましい。図9の例では一例として未定義のアプリIDを個人情報格納部2000bに対応付けており、例えば、アプリID「FFFFFF」の対応付けが個人情報格納部識別情報2300に明示されていなくとも、個人情報格納部2000bに要求すればよいことがわかる。仮に、個人情報格納部2000bにアプリID「FFFFFF」の個人情報格納アプリが無くとも、無い旨を例えばエラーとして要求元に通知すればよい。 In the example of FIG. 9, the control unit 2007 refers to the personal information storage unit identification information 2300. For example, if the request is for the personal information storage application with the application ID “111111”, the control unit 2007 stores the personal information storage unit 2000a. You can see that you need to request. Similarly, if the request is for the personal information storage application with the application ID “333333”, it is understood that the request may be made to the personal information storage unit 2000b. In addition, it is preferable to include in the personal information storage unit identification information 2300 to which personal information storage unit a request for an undefined application ID should be sent. In the example of FIG. 9, as an example, an undefined application ID is associated with the personal information storage unit 2000b. For example, even if the association of the application ID “FFFFFF” is not specified in the personal information storage unit identification information 2300, It can be seen that a request may be made to the information storage unit 2000b. Even if there is no personal information storage application with the application ID “FFFFFF” in the personal information storage unit 2000b, it may be notified to the request source as an error, for example.
 即ち、図9では図7と同様に、個人情報格納端末2は個人情報格納部識別情報2300そのものを、情報端末1に供給しない実施形態であり、個人情報格納端末2が情報端末1から識別情報を要求された場合には、個人情報格納部識別情報2300の中から特定の識別情報のみを供給する実施形態である。これにより、セキュリティを向上でき、処理時間を短縮できるという効果がある。但し、図7とは異なり、切替情報を有効と無効との間で切替えるのではなく、アプリIDを用いて、個人情報格納端末2が情報端末1に供給する識別情報を選択する実施形態である。
  また、図9は、個人情報格納端末2が情報端末1から情報端末1のユーザに固有な認証情報を要求された場合には、記憶部2003から取得した第1の識別情報に係る認証識別情報(アプリID)または第2の識別情報に係る認証識別情報(アプリID)に基づき、前記認証情報を個人情報格納部から取得する実施形態である。例えば、個人情報格納端末2に対し、二つの情報端末1aと1bが通信を行った場合に、各々の情報端末にどの情報を供給するかをアプリIDに基づいて定めることができる。 That is, in FIG. 9, as in FIG. 7, the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1, and the personal information storage terminal 2 receives the identification information from the information terminal 1. In this embodiment, only specific identification information is supplied from the personal information storage unit identification information 2300. Thereby, there is an effect that security can be improved and processing time can be shortened. However, unlike FIG. 7, the switching information is not switched between valid and invalid, but the identification information supplied from the personal information storage terminal 2 to the information terminal 1 is selected using the application ID. .
FIG. 9 shows the authentication identification information related to the first identification information acquired from the storage unit 2003 when the personal information storage terminal 2 is requested by the information terminal 1 for authentication information unique to the user of the information terminal 1. In this embodiment, the authentication information is acquired from the personal information storage unit based on (application ID) or authentication identification information (application ID) related to the second identification information. For example, when two information terminals 1a and 1b communicate with the personal information storage terminal 2, it is possible to determine which information is supplied to each information terminal based on the application ID.
 図10は、情報端末1が個人情報格納部2を使用する処理の一例を示す図である。図8の例において図6や図10の処理と同様の部分は、同じ番号を付し説明を省略する場合がある。
  図10の例では、S102で個人情報格納端末2が存在する場合、制御部1007は、S103を実行せず、個人情報格納端末2と通信可能な状態を保ったまま待機する。したがって、S103を実行しないため、個人情報格納端末2の制御部2007は、S202を実行しない。これは、図8の例と同様である。 FIG. 10 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2. In the example of FIG. 8, the same parts as the processes of FIG. 6 and FIG.
In the example of FIG. 10, when the personal information storage terminal 2 exists in S102, the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the control unit 2007 of the personal information storage terminal 2 does not execute S202. This is the same as the example of FIG.
 S201では、図6の例と同様に個人情報保護端末2から個人情報格納部2000や仮想個人情報格納部2500の情報を取得するが、その際に制御部2007は、個人情報格納アプリのアプリIDと対応付ける。この対応付けは、予め設定としてあたえられていてもよいし、個人情報格納部管理コード2200が個人情報格納部2000などから適宜収集してもよい。あるいは電源をOFFにする直前の対応付けをそのまま記憶していてもよい。あるいは、独立モジュールの個人情報格納部2000が個人情報格納端末2から通信可能な状態になったことをきっかけに実行してもよい。個人情報格納部からアプリIDを取得する方法としては、個人情報格納部が所持するディレクトリ情報やレジストリ情報を取得するといった方法や、アプリIDの部分選択を行いながら個人情報格納部の内部に格納されたアプリケーションをくまなく調べ上げるといった方法が考えられる。
  なお、図10の例では個人情報格納部を明示的に選択する必要がないので、S204を実行する必要はないが、図7、図8で示した構成例と組み合わせて実行してもかまわない。 In S201, information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 as in the example of FIG. Correlate with. This association may be given as a setting in advance, or the personal information storage unit management code 2200 may be appropriately collected from the personal information storage unit 2000 or the like. Alternatively, the association immediately before turning off the power may be stored as it is. Alternatively, it may be triggered by the fact that the personal information storage unit 2000 of the independent module has become communicable from the personal information storage terminal 2. As a method of acquiring the application ID from the personal information storage unit, a method of acquiring directory information or registry information possessed by the personal information storage unit, or a method of acquiring a partial selection of the application ID is stored inside the personal information storage unit. It is possible to examine all the applications that have been checked.
In the example of FIG. 10, it is not necessary to explicitly select the personal information storage unit, so that it is not necessary to execute S204, but it may be executed in combination with the configuration examples shown in FIGS. .
 制御部1007は、個人情報格納アプリ1101を用いて、S105で取得した識別情報をもとに、所望の個人情報格納部を使用するための要求を、個人情報格納部管理コード1200に送信する(S106)。図10の例では個人情報格納端末2に要求を送信することを図示している。制御部1007は、個人情報格納部管理コード1200が受け取った要求を、端末間通信制御コード1400に受け渡し、さらに、端末間通信コード1400から近距離通信部1004を通じて個人情報格納端末2に送出する。個人情報格納端末2の制御部2007は、端末間通信制御コード2400を用いて、近距離通信部2004から要求を取得し、これを個人情報格納部管理コード2200に受け渡す。制御部2007は、個人情報格納部管理コード2200を用いて、要求に含まれるアプリIDを参照し、個人情報格納部識別情報2300の識別情報に基づいて、所定の個人情報格納部を選択し(S207)、要求を受け渡した後、返答を得る(S203)。返答は先ほどと逆の経路をたどり、個人情報格納部利用アプリ1101に渡される(S106)。なお、個人情報格納アプリを使用するために複数の要求が必要である場合、一連の要求の先頭でアプリIDが含まれる要求が来ることが想定される。アプリIDを含む先頭の要求が特定の個人情報格納部等に送信され、これが成功を示す結果を返送した場合、以降の一連の要求は、先に要求を送信した個人情報格納部に続けて送られることが考えられる。この場合S207で要求の送信先となる個人情報格納部を選択する処理はアプリIDを含む先頭の要求で行われ、以降は一連の要求が完了するまで同一の個人情報格納部に送信することが考えられる。アプリIDを含む要求の例として、ISO7816で規定されたSELECT FILEコマンドが考えられる。 The control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 10, transmission of a request to the personal information storage terminal 2 is illustrated. The control unit 1007 transfers the request received by the personal information storage unit management code 1200 to the terminal-to-terminal communication control code 1400, and further sends the request from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004. The control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200. The control unit 2007 refers to the application ID included in the request using the personal information storage unit management code 2200, and selects a predetermined personal information storage unit based on the identification information of the personal information storage unit identification information 2300 ( (S207) After receiving the request, a response is obtained (S203). The reply follows the reverse route, and is passed to the personal information storage application 1101 (S106). When a plurality of requests are necessary to use the personal information storage application, it is assumed that a request including an application ID comes at the top of a series of requests. When the first request including the application ID is transmitted to a specific personal information storage unit or the like and returns a result indicating success, a series of subsequent requests are transmitted continuously to the personal information storage unit that transmitted the request first. It is possible that In this case, the process of selecting the personal information storage unit that is the transmission destination of the request in S207 is performed by the top request including the application ID, and thereafter, it can be transmitted to the same personal information storage unit until a series of requests are completed. Conceivable. As an example of a request including an application ID, a SELECT FILE command defined in ISO7816 can be considered.
 以上の図6、図8、図10では図示していないが、個人情報格納部管理コード1200と端末間通信制御コード1400は、互いに情報のやり取りを行うにあたり、前もって相互認証をすることで、互いが信頼できる実行コードであることを確認しあってもよい。また同様に、個人情報格納部管理コード2200と端末間通信制御コード2400は、互いに情報のやり取りを行うにあたり、前もって相互認証をすることで、互いが信頼できる実行コードであることを確認しあってもよい。また、情報端末1と個人情報格納端末2が互いに情報のやり取りを行うにあたり、端末間通信制御コード1400と端末間通信制御コード2400が前もって相互認証をすることで、互いが信頼できる端末であることを確認しあってもよい。 Although not shown in FIGS. 6, 8, and 10, the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 mutually authenticate each other before exchanging information with each other. May be confirmed to be reliable executable code. Similarly, the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 are mutually authenticated in advance when exchanging information with each other, thereby confirming that they are mutually reliable execution codes. Also good. In addition, when the information terminal 1 and the personal information storage terminal 2 exchange information with each other, the terminal-to-terminal communication control code 1400 and the terminal-to-terminal communication control code 2400 are mutually reliable terminals by performing mutual authentication in advance. You may confirm.
  次に、第4の実施形態について、図11を用いて説明する。実施例4では、これまで述べた実施例1から実施例3の動作が終了した後において、3つの実施例に共通に実施される情報端末1と情報サーバ3との認証処理について説明する。
  図11は、情報端末1と情報サーバ3との認証処理の一例を示す図である。図6、図8、図10の例と同等の処理内容を示す部分は、同じ番号を付し説明を省略する場合がある。
  情報端末1は、電源を入れられると、図6、図8、図10で例示したS106まで処理を進める。個人情報端末2は、電源を入れられると、図6、図8、図10で例示したS203まで処理を進める。 Next, a fourth embodiment will be described with reference to FIG. In the fourth embodiment, after the operations of the first to third embodiments described so far are completed, an authentication process between the information terminal 1 and the information server 3 that is commonly performed in the three embodiments will be described.
FIG. 11 is a diagram illustrating an example of an authentication process between the information terminal 1 and the information server 3. Portions showing the same processing contents as those in the examples of FIGS. 6, 8, and 10 may be given the same numbers and description thereof may be omitted.
When the information terminal 1 is turned on, the information terminal 1 proceeds to S106 illustrated in FIG. 6, FIG. 8, and FIG. When the personal information terminal 2 is turned on, the process proceeds to S203 illustrated in FIGS.
 情報端末1は、個人情報格納部利用アプリ1101を用いて、個人情報格納端末2に認証に係る要求を送信する(S107)。要求を受けた個人情報格納端末2は、要求を個人情報格納部に送信し、得られた認証情報を結果として情報端末1に返答する(S208)。S107とS208の処理は、例えば図6、図8、図10のS106やS203、あるいはS206、S207と同様の経路で実行されることが考えられる。続いて情報端末1は得られた認証情報を情報サーバ3に送信し(S108)、情報サーバ3は受信した認証情報について認証を行い、結果を情報端末1に返答する(S301)。なお、S107、S208、S108、S301の一連の処理は、情報サーバ3の認証処理が完了するまで必要に応じて繰り返し行われても良い。
  以上の過程を経ることで、情報端末1は個人情報格納端末2を介して、情報サーバ3に対して認証を行い、ログインすることができ、所期の目的を達成することができる。 The information terminal 1 transmits a request for authentication to the personal information storage terminal 2 using the personal information storage unit use application 1101 (S107). The personal information storage terminal 2 that has received the request transmits the request to the personal information storage unit, and returns the obtained authentication information as a result to the information terminal 1 (S208). The processing of S107 and S208 can be executed by the same route as S106 and S203 of FIGS. 6, 8, and 10, or S206 and S207, for example. Subsequently, the information terminal 1 transmits the obtained authentication information to the information server 3 (S108), the information server 3 authenticates the received authentication information, and returns the result to the information terminal 1 (S301). Note that a series of processes of S107, S208, S108, and S301 may be repeated as necessary until the authentication process of the information server 3 is completed.
Through the above process, the information terminal 1 can authenticate and log in to the information server 3 via the personal information storage terminal 2 and achieve the intended purpose.
 なお、本発明は上記した各実施例に限定されるものではなく、様々な変形例が含まれる。例えば、上記した各実施例は本発明を分かりやすく説明するために詳細に説明されたものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。また、ある実施例の構成の一部を他の実施例の構成に置き換えることが可能であり、また、ある実施例の構成に他の実施例の構成を加えることも可能である。また、各実施例の構成の一部について、他の構成の追加・削除・置換をすることが可能である。 In addition, this invention is not limited to each above-mentioned Example, Various modifications are included. For example, each of the above-described embodiments has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.
 また、上記の各構成、機能、処理部、処理手段等は、それらの一部または全部を、例えば集積回路で設計する等によりハードウェアで実現してもよい。また、上記の各構成、機能等は、プロセッサがそれぞれの機能を実現するプログラムを解釈し、実行することによりソフトウェアで実現してもよい。各機能を実現するプログラム、テーブル、ファイル等の情報は、メモリや、ハードディスク、SSD(Solid State Drive)等の記録装置、または、ICカード、SDカード、DVD等の記録媒体に置くことができる。なお、各機能を実現するプログラム等をサーバ等に複製し、情報端末1、個人情報格納端末2およびその他の端末、装置、機器等に有線または無線の通信回線等を介して提供するようにしても良い。この場合、ユーザは、端末等を操作して、サーバ等から必要なプログラム等をダウンロードし、端末等の記憶部にインストールさせることができる。
  また、制御線や情報線は説明上必要と考えられるものを示しており、製品上必ずしも全ての制御線や情報線を示しているとは限らない。実際には殆ど全ての構成が相互に接続されていると考えてもよい。 Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD. A program or the like for realizing each function is copied to a server or the like and provided to the information terminal 1, the personal information storage terminal 2 and other terminals, devices, equipment, etc. via a wired or wireless communication line. Also good. In this case, the user can operate a terminal or the like to download a necessary program or the like from a server or the like and install it in a storage unit such as the terminal.
Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
 1:情報端末、2:個人情報格納端末、3:情報サーバ、90:近距離通信、91:ネットワーク、1000:個人情報格納部、2000:個人情報格納部。 1: Information terminal, 2: Personal information storage terminal, 3: Information server, 90: Near field communication, 91: Network, 1000: Personal information storage, 2000: Personal information storage.

Claims (10)

  1.  情報を格納する情報サーバと、当該情報サーバに対してユーザの個人情報に基づく認証を行って前記情報を授受する情報端末と、ユーザの前記個人情報を格納する個人情報格納端末とを有する情報システムにおける前記した情報端末であって、
     前記個人情報が格納され前記情報端末に接続された個人情報格納部に対し前記個人情報を授受する第1の通信部と、
     当該第1の通信部が前記個人情報格納部と前記個人情報を授受するための第1の識別情報を記憶する記憶部と、
     前記個人情報格納端末と前記個人情報を通信する第2の通信部と、
     前記情報サーバとネットワークを介して通信する第3の通信部と、
     前記情報端末の動作を制御する制御部を有し、
     当該制御部は、
     前記第2の通信部を介し前記個人情報格納端末に格納された前記情報端末のユーザに固有な第2の識別情報を前記個人情報格納端末から取得し、
     前記第1の識別情報、または、第2の識別情報のいずれかを選択し、前記情報端末のユーザに固有な認証情報を、前記第1の識別情報に基づき前記情報端末に備えられた個人情報格納部から取得し、または、前記第2の識別情報に基づき前記個人情報格納端末から取得し、取得した認証情報を前記第3の通信部を介し前記情報サーバへ送出するように制御する
     ことを特徴とする情報端末。     An information system comprising: an information server for storing information; an information terminal for performing authentication based on the user's personal information to the information server to exchange the information; and a personal information storage terminal for storing the user's personal information An information terminal as described above,
    A first communication unit for transferring the personal information to a personal information storage unit in which the personal information is stored and connected to the information terminal;
    A storage unit for storing first identification information for the first communication unit to exchange the personal information with the personal information storage unit;
    A second communication unit for communicating the personal information with the personal information storage terminal;
    A third communication unit that communicates with the information server via a network;
    A control unit for controlling the operation of the information terminal;
    The control unit
    Obtaining from the personal information storage terminal second identification information specific to the user of the information terminal stored in the personal information storage terminal via the second communication unit;
    Personal information provided in the information terminal based on the first identification information by selecting either the first identification information or the second identification information, and authenticating information unique to the user of the information terminal. Obtaining from the storage unit, or obtaining from the personal information storage terminal based on the second identification information, and controlling the acquired authentication information to be sent to the information server via the third communication unit. Characteristic information terminal.
  2.  請求項1に記載の情報端末において、前記第1の識別情報は前記情報端末に、前記第2の識別情報は前記情報格納端末に基づく名称を表す文字列を含むことを特徴とする情報端末。 2. The information terminal according to claim 1, wherein the first identification information includes a character string representing a name based on the information storage terminal, and the second identification information includes the character string representing a name based on the information storage terminal.
  3.  請求項1に記載の情報端末において、前記制御部は、
     前記第2の通信部が前記第2の識別情報を取得できた場合には、前記第1の識別情報を更新して新たな識別情報とし、当該識別情報を用いて前記第2の通信部を介し前記個人情報格納端末に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報サーバへ送出し、
     前記第2の通信部が前記第2の識別情報を取得しない場合には、前記第1の識別情報を用いて前記第1の通信部を介し前記情報端末の個人情報格納部に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報サーバへ送出するように制御する
     ことを特徴とする情報端末。     The information terminal according to claim 1, wherein the control unit includes:
    When the second communication unit can acquire the second identification information, the first identification information is updated to new identification information, and the second communication unit is configured using the identification information. Obtaining authentication information unique to the user of the information terminal stored in the personal information storage terminal, and sending the authentication information to the information server via the third communication unit,
    When the second communication unit does not acquire the second identification information, the first identification information is used to store the personal information storage unit of the information terminal via the first communication unit. An information terminal characterized by acquiring authentication information unique to a user of an information terminal and sending the authentication information to the information server via the third communication unit.
  4.  請求項1に記載の情報端末において、
     当該情報端末は、前記ユーザが前記第1の識別情報と前記第2の識別情報からいずれかを選択するための入力部を有し、
     前記制御部は、
     前記ユーザが前記第1の識別情報を選択した場合には、前記第1の識別情報を用いて前記第1の通信部を介し前記情報端末の個人情報格納部に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報サーバへ送出し、
     前記ユーザが前記第2の識別情報を選択した場合には、前記第2の識別情報を用いて前記第1の識別情報を更新して新たな識別情報とし、当該識別情報を用いて前記第2の通信部を介し前記個人情報格納端末に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報サーバへ送出するように制御する
     ことを特徴とする情報端末。     The information terminal according to claim 1,
    The information terminal includes an input unit for the user to select one of the first identification information and the second identification information,
    The controller is
    When the user selects the first identification information, the user of the information terminal stored in the personal information storage unit of the information terminal via the first communication unit using the first identification information Authentication information unique to the information server, and sending the authentication information to the information server via the third communication unit,
    When the user selects the second identification information, the first identification information is updated using the second identification information to obtain new identification information, and the second identification information is used to update the second identification information. The authentication information unique to the user of the information terminal stored in the personal information storage terminal is acquired via the communication unit, and the authentication information is transmitted to the information server via the third communication unit. An information terminal characterized by that.
  5.  請求項1に記載の情報端末において、前記情報端末に備えられた個人情報格納部は前記情報端末に対し、固定して装着され又は着脱自在に装着されることを特徴とする情報端末。 2. The information terminal according to claim 1, wherein the personal information storage unit provided in the information terminal is fixedly attached to or removable from the information terminal.
  6.  ユーザの個人情報に基づく認証を行って情報を授受する情報端末と、ユーザの前記個人情報を格納する個人情報格納端末とを有する情報システムにおける前記した個人情報格納端末であって、
     前記個人情報が格納され前記個人情報格納端末に備えられた個人情報格納部に対し前記個人情報を授受する第1の通信部と、
     前記個人情報が格納され前記個人情報格納端末に備えられた他の個人情報格納部に対し前記個人情報を授受する前記第1の通信部とは異なる第2の通信部と、
     前記第1の通信部が前記個人情報格納部を識別するための第1の識別情報を記憶し、前記第2の通信部が前記他の個人情報格納部を識別するための第2の識別情報を記憶する記憶部と、
     前記情報端末と前記個人情報を通信する第3の通信部と、
     前記個人情報格納端末の動作を制御する制御部を有し、
     当該制御部は、
     前記第1の識別情報または第2の識別情報のいずれかを選択して前記第1の通信部または第2の通信部を介して前記記憶部から取得し、
     前記情報端末から前記第3の通信部を介して前記情報端末のユーザに固有な認証情報を要求された場合には、取得した前記第1の識別情報または第2の識別情報のいずれかに基づく前記認証情報を前記第1の通信部または第2の通信部を介して前記個人情報格納部から取得し、前記認証情報を前記第3の通信部を介し前記情報端末へ送出するように制御する
     ことを特徴とする個人情報格納端末。     The above-mentioned personal information storage terminal in an information system having an information terminal that performs authentication based on personal information of a user and exchanges information, and a personal information storage terminal that stores the personal information of the user,
    A first communication unit that stores the personal information and transmits / receives the personal information to / from a personal information storage unit provided in the personal information storage terminal;
    A second communication unit different from the first communication unit that stores the personal information and transfers the personal information to another personal information storage unit provided in the personal information storage terminal;
    The first communication unit stores first identification information for identifying the personal information storage unit, and the second communication unit stores second identification information for identifying the other personal information storage unit. A storage unit for storing
    A third communication unit for communicating the personal information with the information terminal;
    A control unit for controlling the operation of the personal information storage terminal;
    The control unit
    Select either the first identification information or the second identification information to obtain from the storage unit via the first communication unit or the second communication unit,
    When authentication information unique to the user of the information terminal is requested from the information terminal via the third communication unit, it is based on either the acquired first identification information or second identification information The authentication information is acquired from the personal information storage unit via the first communication unit or the second communication unit, and the authentication information is transmitted to the information terminal via the third communication unit. Personal information storage terminal characterized by that.
  7.  請求項6に記載の個人情報格納端末において、前記第1の識別情報は前記第1の通信部に、前記第2の識別情報は前記第2の通信部に基づく名称を表す文字列を含むことを特徴とする個人情報格納端末。 7. The personal information storage terminal according to claim 6, wherein the first identification information includes a character string representing a name based on the first communication unit, and the second identification information represents a name based on the second communication unit. Personal information storage terminal characterized by.
  8.  請求項6に記載の個人情報格納端末において、
     前記情報端末は、前記ユーザが前記第1の識別情報と前記第2の識別情報からいずれかを選択するための入力部を有し、
     前記個人情報格納端末の制御部は、
     前記ユーザが前記第1の識別情報を選択した場合には、前記第1の識別情報を用いて前記第1の通信部を介し前記個人情報格納端末の個人情報格納部に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報端末へ送出し、
     前記ユーザが前記第2の識別情報を選択した場合には、前記第2の識別情報を用いて前記第2の通信部を介し前記個人情報格納端末に個人情報格納部に格納された前記情報端末のユーザに固有な認証情報を取得し、当該認証情報を前記第3の通信部を介し前記情報端末へ送出するように制御する
     ことを特徴とする個人情報格納端末。     The personal information storage terminal according to claim 6,
    The information terminal has an input unit for the user to select one of the first identification information and the second identification information,
    The control unit of the personal information storage terminal is
    When the user selects the first identification information, the information terminal stored in the personal information storage unit of the personal information storage terminal via the first communication unit using the first identification information Obtaining authentication information unique to the user of the user, and sending the authentication information to the information terminal via the third communication unit,
    When the user selects the second identification information, the information terminal stored in the personal information storage unit in the personal information storage terminal via the second communication unit using the second identification information The personal information storage terminal is characterized in that authentication information unique to the user is acquired and the authentication information is sent to the information terminal via the third communication unit.
  9.  ユーザの個人情報に基づく認証を行って情報を授受する情報端末と、ユーザの前記個人情報を格納する個人情報格納端末とを有する情報システムにおける前記した個人情報格納端末であって、
     前記個人情報格納端末に備えられた個人情報格納部に対し前記個人情報を授受する第1の通信部と、
     前記個人情報格納端末に備えられた他の個人情報格納部に対し前記個人情報を授受する前記第1の通信部とは異なる第2の通信部と、
     前記第1の通信部が前記個人情報格納部と通信するための第1の識別情報を記憶し、前記第2の通信部が前記他の個人情報格納部と通信するための第2の識別情報を記憶し、さらに個人情報格納部に格納された前記情報端末のユーザに固有な認証情報を識別するための、前記第1および第2の識別情報の各々に係る認証識別情報を記憶する記憶部と、
     前記情報端末と前記個人情報を通信する第3の通信部と、
     前記個人情報格納端末の動作を制御する制御部を有し、
     当該制御部は、
     前記情報端末から前記第3の通信部を介して前記情報端末のユーザに固有な認証情報を要求された場合には、前記記憶部から取得した前記第1の識別情報に係る認証識別情報または第2の識別情報に係る認証識別情報に基づき、前記認証情報を前記第1の通信部または第2の通信部を介して前記個人情報格納部から取得し、前記認証情報を前記第3の通信部を介し前記情報端末へ送出するように制御する
     ことを特徴とする個人情報格納端末。     The above-mentioned personal information storage terminal in an information system having an information terminal that performs authentication based on personal information of a user and exchanges information, and a personal information storage terminal that stores the personal information of the user,
    A first communication unit for sending and receiving the personal information to a personal information storage unit provided in the personal information storage terminal;
    A second communication unit different from the first communication unit for transferring the personal information to another personal information storage unit provided in the personal information storage terminal;
    The first communication unit stores first identification information for communication with the personal information storage unit, and the second communication unit stores second identification information for communication with the other personal information storage unit. And further storing authentication identification information related to each of the first and second identification information for identifying authentication information unique to the user of the information terminal stored in the personal information storage unit When,
    A third communication unit for communicating the personal information with the information terminal;
    A control unit for controlling the operation of the personal information storage terminal;
    The control unit
    When authentication information unique to the user of the information terminal is requested from the information terminal via the third communication unit, the authentication identification information or the first identification information related to the first identification information acquired from the storage unit The authentication information is acquired from the personal information storage unit via the first communication unit or the second communication unit based on the authentication identification information related to the second identification information, and the authentication information is acquired from the third communication unit. The personal information storage terminal is controlled so as to be transmitted to the information terminal via the terminal.
  10.  ユーザの個人情報に基づく認証を行って情報を授受する情報端末と、ユーザの前記個人情報を格納する個人情報格納端末とを有する情報システムにおける前記した個人情報格納端末であって、
     前記個人情報を格納する個人情報格納部と、
     前記個人情報格納端末に係る情報を格納する情報格納部と、
     前記情報端末と情報を通信する通信部と、
     前記個人情報格納端末の動作を制御する制御部を有し、
     当該制御部は、
     前記ユーザに係る前記個人情報格納部に対する第1の識別情報と、前記ユーザに係る前記情報格納部に対する第2の識別情報とのいずれかを選択して前記通信部から前記情報端末へ送出し、前記個人情報格納端末に格納された情報を前記情報格納部から取得するよう前記情報端末が前記通信部を介して要求した場合には、前記第2の識別情報に基づき前記個人情報格納端末に格納された情報を取得して前記通信部から前記情報端末へ送出するように制御する
     ことを特徴とする個人情報格納端末。     The above-mentioned personal information storage terminal in an information system having an information terminal that performs authentication based on personal information of a user and exchanges information, and a personal information storage terminal that stores the personal information of the user,
    A personal information storage unit for storing the personal information;
    An information storage unit for storing information relating to the personal information storage terminal;
    A communication unit for communicating information with the information terminal;
    A control unit for controlling the operation of the personal information storage terminal;
    The control unit
    Select one of the first identification information for the personal information storage unit related to the user and the second identification information for the information storage unit related to the user, and send it to the information terminal from the communication unit, When the information terminal requests through the communication unit to acquire the information stored in the personal information storage terminal from the information storage unit, the information is stored in the personal information storage terminal based on the second identification information The personal information storage terminal is characterized in that control is performed such that the received information is acquired and transmitted from the communication unit to the information terminal.
PCT/JP2013/054046 2012-05-11 2013-02-19 Information terminal and individual information storage terminal WO2013168446A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012-108969 2012-05-11
JP2012108969A JP5869953B2 (en) 2012-05-11 2012-05-11 Information terminal

Publications (1)

Publication Number Publication Date
WO2013168446A1 true WO2013168446A1 (en) 2013-11-14

Family

ID=49550508

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/054046 WO2013168446A1 (en) 2012-05-11 2013-02-19 Information terminal and individual information storage terminal

Country Status (2)

Country Link
JP (1) JP5869953B2 (en)
WO (1) WO2013168446A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006107316A (en) * 2004-10-08 2006-04-20 Kunihiko Kachi Authentication system and authentication method
JP2008191942A (en) * 2007-02-05 2008-08-21 Fujitsu Ltd Authentication device, authentication method and program
JP2010238090A (en) * 2009-03-31 2010-10-21 West Japan Railway Co Authentication system and authentication method
JP2011129040A (en) * 2009-12-21 2011-06-30 Kddi Corp Authentication system, portable radio communication terminal, authentication method, authentication program, method and program for generating authentication information

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005182139A (en) * 2003-12-16 2005-07-07 Ntt Data Corp Identification information and password management device
JP4689335B2 (en) * 2005-04-25 2011-05-25 日立オムロンターミナルソリューションズ株式会社 Unauthorized transaction prevention system and terminal device
JP2007019748A (en) * 2005-07-06 2007-01-25 Matsushita Electric Ind Co Ltd Mobile terminal, and authentication control method and authentication control program
JP2007180804A (en) * 2005-12-27 2007-07-12 Matsushita Electric Ind Co Ltd Portable terminal device and method for limiting its use
JP2007304664A (en) * 2006-05-08 2007-11-22 Hitachi Systems & Services Ltd User authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006107316A (en) * 2004-10-08 2006-04-20 Kunihiko Kachi Authentication system and authentication method
JP2008191942A (en) * 2007-02-05 2008-08-21 Fujitsu Ltd Authentication device, authentication method and program
JP2010238090A (en) * 2009-03-31 2010-10-21 West Japan Railway Co Authentication system and authentication method
JP2011129040A (en) * 2009-12-21 2011-06-30 Kddi Corp Authentication system, portable radio communication terminal, authentication method, authentication program, method and program for generating authentication information

Also Published As

Publication number Publication date
JP5869953B2 (en) 2016-02-24
JP2013235522A (en) 2013-11-21

Similar Documents

Publication Publication Date Title
KR102146388B1 (en) Methods, devices, systems and storage media for controlling intelligent equipment
CN101766038B (en) Device activation and access
WO2019206201A1 (en) Method for transmitting configuration file, related device and storage medium
WO2015101273A1 (en) Security verification method, and related device and system
EP3541098B1 (en) Processing method for communication identifier binding and terminal
EP3281141A1 (en) Cloud-based cross-device digital pen pairing
CN104995616A (en) Cloud based virtual mobile device
JP6356887B2 (en) Information processing apparatus, server apparatus, and information processing system
US9591434B1 (en) Virtual private network (VPN) tunneling in a user equipment (UE) brokered by a radio frequency identity (RFID) chip communicatively coupled to the user equipment
US10694381B1 (en) System and method for authentication and sharing of subscriber data
EP4262146A1 (en) Iot device and method for onboarding iot device to server
JP6287213B2 (en) Proxy login device, terminal, control method, and program
US20140156952A1 (en) Information processing apparatus, information processing method, and computer readable medium
CN109076428B (en) Data processing method and related device
JP6071109B2 (en) Portable terminal device and program
KR101344763B1 (en) File sharing method between mobile terminals using near field communication
JP5869953B2 (en) Information terminal
JP6397200B2 (en) Management server, data processing method, and program
WO2015120593A1 (en) Mobile terminal and control method for access control system
JP5476820B2 (en) Client terminal and program
JP2016009461A (en) Terminal device and program
JP5915672B2 (en) Terminal device, information management device, and program
JP6173268B2 (en) MATCHING SYSTEM, MATCHING METHOD, AND WEB SERVER
CN105354469A (en) Unlocking method and apparatus
JP6911303B2 (en) Authentication system and authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13787709

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13787709

Country of ref document: EP

Kind code of ref document: A1