WO2013168446A1 - Terminal d'informations et terminal d'enregistrement d'informations individuelles - Google Patents

Terminal d'informations et terminal d'enregistrement d'informations individuelles Download PDF

Info

Publication number
WO2013168446A1
WO2013168446A1 PCT/JP2013/054046 JP2013054046W WO2013168446A1 WO 2013168446 A1 WO2013168446 A1 WO 2013168446A1 JP 2013054046 W JP2013054046 W JP 2013054046W WO 2013168446 A1 WO2013168446 A1 WO 2013168446A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
personal information
information storage
personal
Prior art date
Application number
PCT/JP2013/054046
Other languages
English (en)
Japanese (ja)
Inventor
裕紀 山▲崎▼
相川 慎
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Publication of WO2013168446A1 publication Critical patent/WO2013168446A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to an information terminal and a personal information storage terminal, and more particularly to an information terminal and a personal information storage terminal with improved security.
  • Patent Document 1 describes “providing a mobile phone including an IC tag in which personal authentication data is stored” as means for using the mobile phone for authentication.
  • an object of the present invention is to provide a personal information storage terminal and an information terminal with improved security.
  • the invention according to the present application includes a plurality of means for solving the above-described problems. For example, “an information server for storing information and authentication based on the user's personal information to the information server are performed.
  • the above-described information terminal in an information system having an information terminal for sending and receiving the information and a personal information storage terminal for storing the personal information of the user, wherein the personal information is stored and connected to the information terminal
  • a first communication unit for sending / receiving the personal information to / from a storage unit; and a storage unit for storing first identification information for the first communication unit to exchange personal information with the personal information storage unit
  • a second communication unit that communicates the personal information with the personal information storage terminal
  • a third communication unit that communicates with the information server via a network
  • a control unit that controls the operation of the information terminal.
  • the control unit acquires, from the personal information storage terminal, second identification information unique to a user of the information terminal stored in the personal information storage terminal via the second communication unit, and the first identification Information or second identification information is selected, and authentication information unique to the user of the information terminal is acquired from the personal information storage unit provided in the information terminal based on the first identification information. Alternatively, it is acquired from the personal information storage terminal based on the second identification information, and the acquired authentication information is controlled to be transmitted to the information server via the third communication unit ”.
  • the above-mentioned personal information means, for example, an encryption key that is secret information.
  • the personal information is information necessary when the information terminal logs into the information server.
  • FIG. 1 is a diagram illustrating an example of an authentication system using an information terminal and a personal information storage terminal.
  • the information terminal 1 and the personal information storage terminal 2 are connected by communication 90, and the information terminal 1 and the information server 3 are connected by a network 91.
  • these may be simply referred to as terminals.
  • terminals when it is necessary to distinguish one constituent element from another constituent element, one may be expressed as a and the other as b.
  • one information terminal 1 and another information terminal 1 there are cases where one is represented as an information terminal 1a and the other as an information terminal 1b.
  • the information terminal 1 is a terminal having a display means capable of displaying information, an input means capable of inputting information, a communication means capable of communicating with other devices and devices, a computing means capable of calculating information, and the like.
  • Authentication information and the like are acquired from the personal information storage terminal 2 through the communication 90 mainly when communicating with the information server 3 via the network 91.
  • the authentication information is information necessary for the information terminal 1 to log in to the information server 3 and is a typical example of the personal information described above.
  • the authentication system may include a plurality of information terminals 1.
  • the information terminal 1 may be a PC (Personal Computer), a thin client terminal (illustrated as the information terminal 1a in FIG. 1), a tablet terminal (illustrated as the information terminal 1b in FIG.
  • the personal information storage terminal 2 is a terminal having display means capable of displaying information, input means capable of inputting information, communication means capable of communicating with other apparatuses and devices, and arithmetic means capable of computing information. Yes, authentication information and the like are mainly transmitted to the information terminal 1 through the communication 90.
  • the personal information storage terminal 2 may be a smartphone or a mobile phone, but is not limited thereto.
  • the authentication system may include a plurality of personal information storage terminals 2. Although not shown in the figure, there is no problem even if the personal information storage terminal 2 is connected to the network 91.
  • the information server 3 is a server connected to the network 91 and communicates with the information terminal 1 via the network 91.
  • the information server 3 is operated by a system used by the user. For example, a system for using a thin client terminal or a business system used by a user for work in a company or the like may be operating.
  • the information server 3 obtains authentication information from the information terminal 1, verifies the authentication information, and determines that the information terminal 1 or the user of the information terminal 1 is valid. Allow access. Further, communication with the personal information storage terminal 2 may be performed via the network 91.
  • the communication 90 is communication performed by the information terminal 1 and the personal information storage terminal 2, and is an international standard communication of Bluetooth (registered trademark), USB (Universal Serial Bus), wired LAN (Local Area Network), wireless LAN, and contactless IC card. Communication using a communication system such as ISO14443, an international standard communication system for contact IC cards, ISO7816, NFC (Near Field Communication), FeliCa (registered trademark), TransferJET (registered trademark), or the like can be considered.
  • a communication system such as ISO14443, an international standard communication system for contact IC cards, ISO7816, NFC (Near Field Communication), FeliCa (registered trademark), TransferJET (registered trademark), or the like can be considered.
  • the network 91 is a WAN (Wide Area Network) such as a WAN (Wide Area Network) using an Internet protocol, a wired LAN, a wireless LAN, LTE (Long Term Evolution Access), HSPA (High Speed Packet Access), and the like. It is a network, and the information terminal 1, the information server 3, etc. are connected to each other to transmit and receive information. Alternatively, the personal information storage terminal 2 may be connected to each other. In FIG. 1, the communication 90 between the information terminal 1a and the personal information storage terminal 2 is illustrated as the communication 90a, and the communication 90 between the information terminal 1b and the personal information storage terminal 2 is illustrated as the communication 90b. It is not indispensable that 2 communicates with both the information terminal 1a and the information terminal 1b.
  • the personal information storage unit 1000 and the personal information storage unit 2000 store authentication information and the like necessary for the information terminal 1 to access the information server 3.
  • the personal information storage unit 1000 and the personal information storage unit 2000 may be a module independent of the information terminal 1 or the personal information storage terminal 2 such as a dongle, an IC card, an SD card, a SIM card, or the information terminal 1 Or as a part of the personal information storage terminal 2 and may be connected to other modules by connection or the like.
  • the module is an independent module, communication is performed by bringing the terminal into contact with, inserting, or approaching the information terminal 1 or the personal information storage terminal 2, and authentication information or the like is provided to the information terminal 1 or the personal information storage terminal 2. To do.
  • USB serial communication
  • Ethernet registered trademark
  • ISO7816 communication conforming to the SD card standard
  • ISO14443 registered trademark
  • NFC Universal Serial Bus
  • FeliCa FeliCa
  • software stored in the information terminal 1 or the personal information storage terminal 2 may be used.
  • the personal information storage unit 1000 and the personal information storage unit 2000 may be described with names such as the personal information storage unit 1000a and the personal information storage unit 1000b for convenience when there are a plurality of the personal information storage unit 2000 and the personal information storage unit 2000.
  • the personal information storage unit 1000a is an SD card and the personal information storage unit 1000b is a SIM card.
  • the personal information storage unit 2000 may be simply referred to as a personal information storage unit.
  • the information terminal 1 is a notebook PC or a desktop PC provided at home or at work, and may be shared by a plurality of people, but recently it is often assigned to each individual.
  • the personal information storage terminal 2 is a smartphone or a mobile phone that is carried in each individual's bag or clothing pocket, and is often assigned to each individual. Since the user carries the notebook PC as the information terminal 1 and the smartphone as the personal information storage terminal 2 together, the information terminal 1 and the personal information storage terminal 2 are located at a short distance from each other. Even when a user uses a desktop PC as the information terminal 1, for example, a smartphone that is the personal information storage terminal 2 is often placed in a pocket, so the information terminal 1 and the personal information storage terminal 2 are close to each other. Located in.
  • this embodiment uses a personal information storage terminal 2 which is a device different from the information terminal 1 as a device for storing personal information.
  • a personal information storage terminal 2 which is a device different from the information terminal 1 as a device for storing personal information.
  • this embodiment improves security. It has one feature.
  • the information terminal 1 and the personal information storage terminal 2 are used, the information terminal 1 and the personal information storage terminal 2 are often located at a short distance from each other.
  • One feature of the present embodiment is that the problem that personal information cannot be acquired when personal information for logging in is requested is solved.
  • the present embodiment can also have one feature of improving security by eliminating the event as will be described later.
  • FIG. 2 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
  • the information terminal 1 includes a personal information storage unit 1000, a display unit 1001, an input unit 1002, a power supply unit 1003, a short-range communication unit 1004, a network communication unit 1005, a storage unit 1006, a control unit 1007, a proximity communication unit 1008, and a wired connection.
  • a communication unit 1009 is provided, and these are connected by a bus line or the like.
  • the personal information storage unit 1000 has been described with reference to FIG.
  • FIG. 2 shows that the personal information storage unit 1000 is physically connected to other modules inside the information terminal 1, the configuration is not limited to this as described above.
  • other modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent.
  • one personal information storage unit 1000 exists, but two or more personal information storage units 1000 may exist, or the personal information storage unit 1000 does not exist in the information terminal 1 and the personal information storage terminal 2 exists.
  • the personal information storage unit 2000 may include one or more personal information storage units 2000.
  • the personal information storage unit 1000 does not exist in the information terminal 1, it is possible to reduce security problems when the user leaves the information terminal 1. That is, even if the information terminal 1 is logged out, the security is such that a third party who knows by stealing the password used by the user (for example, the PIN number described later) uses the information terminal 1 as the user. The above problem can be reduced.
  • the display unit 1001 includes a liquid crystal display, an organic EL (Electro-Luminescence) display, a panel such as electronic paper, a driver circuit, and the like. Under the control of the control unit 1007, arbitrary information (for example, characters, still images, And video). Note that the display unit 1001 may include a plurality of panels that can display different information.
  • the input unit 1002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 1007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 1007. Note that the display unit 1001 and the input unit 1002 may be integrated as in a touch panel.
  • the power supply unit 1003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the information terminal 1 and charges the battery. Whether the information terminal 1 is driven by a battery or an AC adapter is checked, and the remaining battery level is checked.
  • the short-range communication unit 1004 is an element for the information terminal 1 to communicate with the personal information storage terminal 2, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable.
  • the near field communication unit 1004 may be the same module as the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 described later depending on circumstances.
  • the network communication unit 1005 is a function for the information terminal 1 to communicate with the information server 3 via the network 91, and a module for performing communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. Can be considered.
  • the network communication unit 1005 may perform the role of the above-described short-range communication unit 1004 in an example of processing, although not taken up and illustrated.
  • the network communication unit 1005 is used not only for the information terminal 1 to communicate with the information server 3 but also for communicating with the personal information storage terminal 2.
  • the storage unit 1006 includes a memory built in the information terminal 1 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 1007 is stored.
  • the control unit 1007 is configured by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), and the like, and executes a predetermined operation control program and the like.
  • the proximity communication unit 1008 is a function for the information terminal 1 to perform wireless proximity communication with other terminals and the personal information storage unit 1000 as an external module, such as Bluetooth, ISO14443, NFC, FeliCa, and TransferJET. A module for performing communication can be considered.
  • the proximity communication unit 1008 may perform the role played by the short-range communication unit 1004 described above in an example of processing, although it is not taken up and illustrated.
  • the wired communication unit 1009 is a function for the information terminal 1 to communicate with other terminals and the personal information storage unit 1000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816, etc. A module for performing communication can be considered.
  • the wired communication unit 1009 may perform the role of the short-range communication unit 1004 described above in an example of processing.
  • the wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like.
  • the wired communication function includes a connector, a modulation / demodulation circuit, and the like.
  • the near field communication unit 1004, the network communication unit 1005, the near field communication unit 1008, and the wired communication unit 1009 may be configured to correspond to a plurality of communication methods.
  • the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
  • the personal information storage terminal 2 includes a personal information storage unit 2000, a display unit 2001, an input unit 2002, a power supply unit 2003, a near field communication unit 2004, a network communication unit 2005, a storage unit 2006, a control unit 2007, a proximity communication unit 2008, A wired communication unit 2009, a sensor unit 2010, and a position information acquisition unit 2011 are provided, and these are connected by a bus line or the like.
  • the personal information storage unit 2000 has been described with reference to FIG.
  • FIG. 2 shows that the personal information storage unit 2000 is physically connected to other modules within the personal information storage terminal 2, the configuration is not limited to this as described above. .
  • modules are not necessarily connected by a bus line, and may be electrically connected by other methods, or a configuration in which only necessary modules are connected to each other may be used. Absent.
  • FIG. 2 there are a plurality of personal information storage units 2000, each of which is personal information 2000a and personal information 2000b. However, there may be one personal information storage unit or three or more personal information storage units. It doesn't matter.
  • the display unit 2001 includes a panel such as a liquid crystal display, an organic EL display, and electronic paper, a driver circuit, and the like. Under the control of the control unit 2007, arbitrary information (for example, characters, still images, and moving images) is displayed. indicate. Note that the display unit 2001 may include a plurality of panels capable of displaying different information.
  • the input unit 2002 includes one or more of a keyboard, a mouse, a cursor key, and a numeric keypad, receives a user operation, and inputs an input signal based on the operation to the control unit 2007. Note that an input signal may be generated by voice recognition, image recognition, gesture recognition, or the like and input to the control unit 2007. Note that the display unit 2001 and the input unit 2002 may be integrated as in a touch panel.
  • the power supply unit 2003 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the personal information storage terminal 2 and charges the battery.
  • the personal information storage terminal 2 is checked whether the battery is driven or the AC adapter is driven, and the remaining battery level is checked.
  • the short-range communication unit 2004 is a function for the personal information storage terminal 2 to communicate with the information terminal 1, and a module that realizes a communication method such as Bluetooth, USB, wired LAN, wireless LAN, ISO14443, NFC, and FeliCa. Conceivable.
  • the near field communication unit 2004 may be the same module as the network communication unit 2005, the near field communication unit 2008, and the wire communication unit 2009, which will be described later.
  • the network communication unit 2005 is a function for the personal information storage terminal 2 to communicate with other components via the network 91, and performs communication such as WAN, wired LAN, wireless LAN, LTE, HSPA, and WiMAX. A module can be considered.
  • the network communication unit 2005 may be performed in place of the role played by the short-range communication unit 2004 described above in an example of processing, although not taken up and illustrated. In this case, the network communication unit 2005 may be used for communicating with the information terminal 1 via the network 91.
  • the storage unit 2006 includes a memory built in the personal information storage terminal 2 or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 2007 is stored.
  • the control unit 2007 includes a CPU, an MPU, a DSP, and the like, and controls the entire operation of the personal information storage terminal 2 by executing a predetermined operation control program.
  • the proximity communication unit 2008 is a function for the personal information storage terminal 2 to perform wireless proximity communication with other terminals and the personal information storage unit 2000 as an external module. Bluetooth, ISO14443, NFC, FeliCa, and TransferJET A module for performing such communication is conceivable.
  • the proximity communication unit 2008 may be performed in place of the role played by the above-described short-range communication unit 2004 in an example of processing, though not taken up and illustrated.
  • the wired communication unit 2009 is a function that allows the personal information storage terminal 2 to communicate with other terminals and the personal information storage unit 2000 as an external module in a wired or contact manner, such as USB, serial communication, Ethernet, ISO7816. A module for performing such communication is conceivable.
  • the wired communication unit 2009 may be performed in place of the role of the short-range communication unit 2004 described above in an example of processing.
  • the wireless communication function described above includes an antenna, a modulation / demodulation circuit, and the like.
  • the wired communication function includes a connector, a modulation / demodulation circuit, and the like.
  • the near field communication unit 2004, the network communication unit 2005, the near field communication unit 2008, and the wired communication unit 2009 may each be configured to support a plurality of communication methods.
  • the short-range communication unit 1004, the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 do not have to be provided if they perform roles as described above.
  • the sensor unit 2010 has a function of acquiring information related to acceleration of the personal information storage terminal 2 (hereinafter, acceleration information) and the like. From the acquired acceleration information, the state (rotation, drop, vibration, etc.) of the personal information storage terminal 2 can be detected.
  • the sensor unit 2010 has a function of capturing not only information relating to acceleration but also various environmental information in which the personal information storage terminal 2 is placed such as temperature, humidity, video, light quantity, air volume, smell, sound and the like as data. It may be.
  • the location information acquisition unit 2011 acquires information indicating the current location of the personal information storage terminal 2 (hereinafter, location information) by GPS (Global Positioning System), IMES (Indoor Messaging System), wireless LAN, or the like.
  • the sensor unit 2010 and the position information acquisition unit 2011 are provided for the following purposes, for example, as necessary.
  • the user of the information terminal 1 that is a PC logs in the information server 3 with the personal information storage terminal 2 that is a smartphone in a pocket, for example.
  • the user has left the information terminal 1 without logging out of the information server 3 due to the occurrence of a business.
  • a third party impersonates the user and operates the information terminal 1, which causes a security problem.
  • the sensor unit 2010 acquires the acceleration given to the personal information storage terminal 2 or the position information acquisition unit 2011 acquires the current position of the personal information storage terminal 2, the movement of the user described above is controlled.
  • the unit 2007 can detect the user's movement described above. Accordingly, the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the control unit 2007 can instruct the information server 3 to log out via the network communication unit 1005, and security can be improved.
  • the distance between the information terminal 1 and the personal information storage terminal 2 becomes long and communication between the short-range communication units 1004 and 2004 becomes impossible, the use of the third party is greatly limited. However, when communication is not interrupted, the present embodiment exerts a great effect. This is also an effect due to the fact that the information terminal 1 and the personal information storage terminal 2 are different devices.
  • FIG. 3 is a diagram illustrating an example of functional configurations of the information terminal 1 and the personal information storage terminal 2.
  • FIG. 3 illustrates a case where the personal information storage unit 1000 and the personal information storage unit 2000 are modules independent of the information terminal 1 and the personal information storage terminal 2, respectively.
  • the same components as those in FIG. 3 are identical to those in FIG. 3
  • the information terminal 1 includes a personal information storage unit communication unit 1020 and is connected to other modules by a bus line or the like.
  • the personal information storage unit 1000 communicates with other modules via the personal information storage unit communication unit 1020.
  • As the personal information storage unit communication unit 1020 a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, or the like can be considered.
  • the personal information storage unit communication unit 1020 may be the same module as the network communication unit 1005, the proximity communication unit 1008, and the wired communication unit 1009 depending on circumstances.
  • FIG. 3 shows an example in which there is one personal information storage unit 1000 and one personal information storage unit communication unit 1020 as in the example of FIG.
  • a personal information storage unit communication unit 1020 that does not have a corresponding personal information storage unit 1000 may be included in the configuration.
  • the personal information storage unit communication unit 1020 does not exist in the information terminal 1 and one or more personal information storage unit communication units 2020 exist in the personal information storage terminal 2.
  • the personal information storage terminal 2 includes a personal information storage unit communication unit 2020 and is connected to other modules by a bus line or the like.
  • the personal information storage unit 2000 communicates with other modules via the personal information storage unit communication unit 2020.
  • the personal information storage unit communication unit 2020 may be a module that performs communication such as USB, serial communication, Ethernet, ISO7816, communication according to the SD card standard, ISO14443, NFC, FeliCa, and the like.
  • the personal information storage unit communication unit 2020 may be the same module as the network communication unit 2005, the proximity communication unit 2008, and the wired communication unit 2009 depending on circumstances.
  • FIG. 3 similar to the example of FIG.
  • a plurality of personal information storage units 2000 are set as personal information 2000 a and personal information 2000 b, respectively, and the personal information storage unit communication unit 2020 a and the personal information storage unit communication unit 2020 b respectively.
  • the personal information storage unit communication unit 2020 may be included in the configuration.
  • the personal information storage terminal 2 is preferably provided with a plurality of personal information storage unit communication units 2020 to support many types of storage devices.
  • each of the personal information storage unit 1000 and the personal information storage unit 2000 is a module independent of the information terminal 1 and the personal information storage terminal 2, but only one of them is the example of FIG. As described above, it may be included as an internal configuration of the information terminal 1 or the personal information storage terminal 2. Further, for example, the personal information storage unit 2000a is included as an internal configuration of the personal information storage terminal 2, and the personal information storage unit 2000b communicates with the personal information storage terminal 2 via the personal information storage unit communication unit 2020 as an independent module. Any configuration may be used.
  • the processing flow and the like will be described based on the configuration of FIG. 2, but the portion that exchanges information with the personal information storage unit 1000 and the personal information storage unit 2000 in the processing flow is the configuration of FIG. If the information is exchanged with the personal information storage unit 1000 or the personal information storage unit 2000 via the personal information storage unit communication unit 1020 or the personal information storage unit communication unit 2020 based on the above, there will be no problem.
  • FIG. 4 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1.
  • the storage unit 1006 includes an application storage unit 1100, a personal information storage unit management code 1200, personal information storage unit identification information 1300, an inter-terminal communication control code 1400, and an inter-terminal communication selection information 1401.
  • the application storage unit 1100 includes a personal information storage unit utilization application 1101.
  • the application storage unit 1100 may include a plurality of personal information storage unit utilization applications 1101 or may include other applications.
  • the personal information storage unit use application 1101 is executed by the control unit 1007.
  • the control unit 1007 causes the personal information storage unit use application 1101 to execute processing related to personal authentication using information based on personal information stored in the personal information storage unit 1000 or the personal information storage unit 2000, for example.
  • a PIN number Personal Identification Number
  • a PIN number Personal Identification Number
  • authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are stored in the personal authentication storage unit 1000 or the personal authentication storage unit. It is conceivable that the authentication information is acquired by using 2000 and the authentication information is transmitted via the network communication unit 1005.
  • the personal information storage unit management code 1200 is personal information storage that is identification information necessary for the personal information storage unit utilization application 1101 to use the personal information storage unit 1000 and the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing the copy identification information 1300 and is executed by the control unit 1007.
  • the control unit 1007 transmits the personal information storage unit management code 1200 to the information related to the personal information storage unit 1000 and the personal information storage unit communication unit 1020 of the information terminal 1 or from the short-range communication unit 1004 to the personal information storage unit 2000 or the individual. Information related to the information storage unit communication unit 2020 is collected, and control is performed so as to create or update personal information storage unit identification information 1300 described later.
  • the personal information storage unit management code 1200 When the personal information storage unit use application 1101 uses the personal information storage unit 1000 or the personal information storage unit 2000, the personal information storage unit management code 1200 provides the necessary identification information, and the personal information storage unit A process for transmitting a request for use to the management code 1200 and receiving a result as appropriate is performed.
  • Examples of the personal information storage unit management code 1200 include services, daemons, applications, drivers, etc. that operate in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, combinations thereof, Alternatively, services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
  • Personal information storage unit identification information 1300 is an area for storing information of personal information storage unit 1000 and personal information storage unit 2000 collected by personal information storage unit management code 1200.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • the control unit 1007 may store each information in association with the management ID.
  • the personal information storage unit use application 1101 is stored in the personal information storage unit identification information 1300 and includes information including a management ID that can identify the personal information storage unit 1000 and the personal information storage unit 2000 or a character string of readable characters. It can be considered that the control unit 1007 performs control so as to obtain the personal information storage unit management code 1200.
  • the terminal-to-terminal communication control code 1400 acquires the identification information of the personal information storage unit 2000 from the personal information storage terminal 2 through the short-range communication unit 1004, and transmits and receives requests and responses to the personal information storage unit 2000. And is executed by the control unit 1007.
  • the inter-terminal communication control code 1400 may be, for example, a service, daemon, application, driver, or a combination thereof.
  • the control unit 1007 may control the inter-terminal communication control code 1400 so as to appropriately specify a communication unit to be used as the short-range communication unit 1004 with reference to the inter-terminal communication selection information 1401 described later as necessary. .
  • As information stored in the terminal-to-terminal communication selection information 1401 for example, information indicating the network communication unit 1005, the proximity communication unit 1008, the wired communication unit 1009, and the like can be stored.
  • FIG. 5 is a diagram illustrating an example of information stored in the storage unit 2006 of the personal information storage terminal 2.
  • the storage unit 2006 includes a personal information storage unit management code 2200, personal information storage unit identification information 2300, an inter-terminal communication control code 2400, an inter-terminal communication selection information 2401, and a virtual personal information storage unit 2500.
  • the personal information storage unit management code 2200 is personal information storage unit identification information that is necessary for the personal information storage unit use application 1101 of the information terminal 1 to use the personal information storage unit 2000 of the personal information storage terminal 2. This is an execution code for managing 2300, and is executed by the control unit 2007.
  • the control unit 2007 collects information related to the personal information storage unit management code 2200, information related to the personal information storage unit 2000 and the personal information storage unit communication unit 2020, and creates and updates personal information storage unit identification information 2300 described later. To control.
  • a service, daemon, application, driver, etc. operating in accordance with the PC / SC standard, which is a standard for communicating with an IC card reader / writer, a combination thereof.
  • services, daemons, applications, drivers, etc. that provide other interfaces for accessing the IC card reader / writer, and combinations thereof can be considered.
  • Personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • the control unit 2007 may store each information in association with the management ID.
  • the control unit 2007 uses the personal information storage unit use application 1101 of the information terminal 1, for example, a management ID or a character string of readable characters stored in the personal information storage unit identification information 2300 that can identify the personal information storage unit 2000 or the like. It is conceivable to perform control so as to acquire information including the information from the personal information storage unit management code 1200 via the short-range communication unit 2004, the short-range communication unit 1004, and the like.
  • the inter-terminal communication control code 2400 is an execution code for transmitting and receiving a request and response from the information terminal 1 to the personal information storage unit 2000 via the short-range communication unit 2004, and is executed by the control unit 2007.
  • the control unit 2007 also has a role of controlling the inter-terminal communication control code 2400 to transmit information stored in the personal information storage unit identification information 2300 to the information terminal 1 through the short-range communication unit 2004.
  • the inter-terminal communication control code 2400 may be, for example, a service, a daemon, an application, a driver, or a combination thereof.
  • the control unit 2007 may control the inter-terminal communication control code 2400 to refer to inter-terminal communication selection information 2401, which will be described later, as necessary, and to appropriately specify a communication unit used as the short-range communication unit 2004. .
  • information stored in the terminal-to-terminal communication selection information 2401 for example, information indicating the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, and the like may be stored.
  • the virtual personal information storage unit 2500 stores various information related to the personal information storage terminal 2.
  • the virtual personal information storage unit 2500 may be an execution code in which means for acquiring various types of information from the personal information storage terminal 2 are collected.
  • Various information of the personal information storage terminal 2 includes, for example, a terminal ID, position information acquired by the position information acquisition unit 2011, acceleration information acquired by the sensor unit 2010 and other environment information, or a login history and a storage file system.
  • General information stored in the unit 2006 can be considered. Therefore, the control unit 2007 uses the same software as the personal information storage unit 2000 for the virtual personal information storage unit 2500 for general information related to the personal information storage terminal 2 as well as personal information used for personal authentication. Can be accessed through the interface.
  • Various data may be managed in association with the data ID.
  • the virtual personal information storage unit 2500 may be inside the storage unit 2006, or may have an independent configuration as an external module.
  • the personal information storage terminal 2 selects and sends either the first identification information 2300 for the personal information storage unit or the second identification information for the information storage unit 2500 to the information terminal 1
  • the information terminal 1 requests to acquire the information stored in the personal information storage terminal 2 from the information storage unit 2500
  • the information stored in the personal information storage terminal 2 is acquired based on the second identification information.
  • an embodiment for sending to the information terminal 1 can be realized.
  • “virtual” in the virtual personal information storage unit 2500 does not necessarily provide a dedicated information storage unit as the virtual personal information storage unit 2500, but for example a software storage unit (for example, RAM) used by the control unit 2007 This means that an information storage unit may be designated and provided within a predetermined address range.
  • the information stored in the virtual personal information storage unit 2500 there are an embodiment in which the information is transmitted to the information terminal 1 and an embodiment in which the information is not transmitted. For example, in the embodiment in which the information terminal 1 determines when the information terminal 1 determines whether or not to log out of the information server 3 using the position information and acceleration information, the information is stored in the virtual personal information storage unit 2500. At least a part of the information is transmitted to the information terminal 1.
  • the storage unit 2006 may also include an application storage unit and an application using a personal information storage unit, similar to the storage unit 1006.
  • the application using the personal information storage unit in the storage unit 2006 executes processing related to personal authentication using information based on the personal information stored in the personal information storage unit 2000, for example, represented by an encryption key. .
  • the PIN number input by the user using the input unit 2002 is authenticated by using the personal information storage unit 2000 or the like.
  • authentication information for connecting to the network 91 when accessing the information server 3 and authentication information for logging in to a business system operating on the information server 3 are used. It is conceivable to acquire the authentication information and send the authentication information via the network communication unit 2005.
  • FIG. 6 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2000. Before connecting to the information server 3, the information terminal 1 acquires identification information for using the personal information storage unit 2000 from the personal information storage terminal 2 and performs necessary settings.
  • the control unit 1007 uses the personal information storage unit management code 1200 to store the personal information storage unit 1000 or the personal information storage unit communication unit built in or connected to the information terminal 1. Information is collected from 1020 and personal information storage unit identification information 1300 is updated (S101). At this time, if the personal information storage unit 1000 is not found, the personal information storage unit identification information 1300 may be empty.
  • the control unit 1007 confirms the existence of the personal information storage terminal 2 through the short-range communication unit 1004 using the inter-terminal communication control code 1400 (S102). If the personal information storage terminal 2 is not found, the process returns to S102 again, and loops and waits until the personal information storage terminal 2 is found.
  • the control unit 1007 sends a request for obtaining information stored in the personal information storage unit identification information 2300 to the personal information storage terminal 2 and receives a reply described later (S103).
  • the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 may operate in parallel by managing the operating system of the information terminal 1 or the like. Accordingly, when the execution order of S101 and S102 is reversed, the control unit 1007 may acquire the personal information storage unit identification information 2300 at that time in S102, or from S202 until the processing of S101 is completed. You may wait for a reply to the request.
  • the control unit 2007 uses the personal information storage unit management code 2200 to store the personal information storage unit 2000 built in or connected to the personal information storage terminal 2, the personal information Information is collected from the storage unit communication unit 2020 or the virtual personal information storage unit 2500, and the personal information storage unit identification information 2300 is updated (S201). At this time, if the personal information storage unit 2000, the virtual personal information storage unit 2500, etc. are not found, the personal information storage unit identification information 2300 may be empty.
  • the control unit 2007 acquires the request sent in S103 through the short-range communication unit 2004 using the inter-terminal communication control code 2400, and the personal information is stored in the personal information storage unit identification information 2300.
  • Acquire information such as the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal terminal information storage unit 2500 built in or connected to the storage terminal 2, and return to the information terminal 1 through the short-range communication unit 2004 Is transmitted (S202).
  • the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 may operate in parallel by managing the operating system of the personal information storage terminal 2 or the like.
  • the control unit 2007 may acquire the personal information storage unit identification information at that time in S202, or the request from S202 until the processing of S201 is completed. You may wait for a reply to.
  • the control unit 1007 When the response is acquired from the personal information storage terminal 2 in S103, the control unit 1007 notifies the personal information storage unit management code 1200 of the newly acquired identification information using the inter-terminal communication control code 1400, and the personal information storage terminal 2 while waiting for communication with 2.
  • the control unit 1007 uses the received personal information storage unit management code 1200 to update the personal information storage unit identification information 1300 based on the information acquired by the personal information storage unit management code 1200 (S104). Notification from the terminal-to-terminal communication control code 1400 to the personal information storage unit management code 1200 may be performed directly between them, or may be performed through other software such as an operating system.
  • personal information storage unit identification information 1300 includes personal information storage unit 1000 of information terminal 1, personal information storage unit 2000 of personal information storage terminal 2, virtual personal information storage unit 2500, and the like. In any case, the identification information is stored so that it can be used from the personal information storage unit use application 1101 in the same procedure.
  • the control unit 1007 uses the personal information storage unit use application 1101 as part of the startup process after turning on the information terminal 1 or triggered by the input of the PIN number by the user from the input unit 1002, for example. Start processing.
  • the control unit 1007 obtains the identification information stored in the personal information storage unit 1300 by inquiring the personal information storage unit management code 1200 after performing predetermined initial processing using the personal information storage unit utilization application 1101. (S105). If the desired personal information storage unit does not exist in the personal information storage unit identification information 1300 or cannot be used for some reason, the personal information storage unit utilization application 1101 may repeat the inquiry until it can be used.
  • the identification information returned from the personal information storage unit management code 1200 in S105 may include information including a management ID that can identify the personal information storage unit 2000 or the like or a character string of readable characters.
  • S105 may be a PC / SC standard SCardListReaders function.
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the acquired identification information ( S106).
  • the request is transmitted to the personal information storage unit 2000 of the personal information storage terminal 2.
  • the request received by the personal information storage unit management code 1200 is transferred to the terminal-to-terminal communication control code 1400, and further transmitted from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 passes the request to the personal information storage unit 2000 based on the personal information storage unit identification information 2300 using the personal information storage unit management code 2200, and obtains a response (S203).
  • the reply follows the reverse route, and is passed to the personal information storage application 1101 (S106).
  • the exchange between the personal information storage unit use application 1101 and the personal information storage unit management code 1200 may be, for example, a PC / SC standard SCardTransmit function.
  • FIG. 6 is an embodiment in which the information terminal 1 updates the personal information storage unit identification information 1300 of the information terminal 1 in S104 using the identification information acquired from the personal information terminal 2 in S103.
  • a method of selecting and using either the identification information acquired in S101 immediately after power-on or the identification information acquired from the personal information terminal 2 in S103, and the user inputs from the input unit 1002 A method for selecting any one of the above-described identification information based on the obtained information is also conceivable as an embodiment. Both are in the category of this embodiment.
  • FIG. 7 is a diagram illustrating an example of information stored in the storage unit 1006 of the information terminal 1 and the storage unit 2006 of the personal information storage terminal 2.
  • the storage unit 1006 includes personal information storage unit identification information 1300.
  • the personal information storage unit identification information 1300 stores information of the personal information storage unit 1000 collected by the personal information storage unit management code 1200 and identification information regarding the personal information storage terminal 2 as one personal information storage unit. It is an area.
  • a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • each may be stored in association with the management ID.
  • the control unit 1007 uses the personal information storage unit use application 1101, for example, a management ID or readable character stored in the personal information storage unit identification information 1300 that can identify the personal information storage unit 1000 or the personal information storage terminal 2. It is conceivable to acquire information including the character string from the personal information storage unit management code 1200.
  • FIG. 7 differs from FIG. 4 in that the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2.
  • Each of the personal information storage units 2000 included in the personal information storage terminal 2 is not managed individually.
  • the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1 but supplies only necessary identification information to improve security. Aiming to do.
  • the storage unit 2006 includes personal information storage unit identification information 2300.
  • the personal information storage unit identification information 2300 is an area for storing information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 in association with the switching information.
  • the switching information at least one of the personal information storage unit 2000, the personal information storage unit communication unit 2020, or the virtual personal information storage unit 2500 existing in the personal information storage terminal 2 is valid, and the others are invalid. This is information indicating this. The meaning of the validity and invalidity indicated by the information will be described later.
  • a storage method a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered. When information such as the personal information storage unit 2000 is stored, each may be stored in association with the management ID.
  • the identification information indicating the personal information storage terminal 2 in the personal information storage unit identification information 1300 may exist in the personal information storage unit identification information 1300 regardless of whether the personal information storage terminal 2 exists. . In this case, if the personal information storage terminal 2 is not communicable with the information terminal 1 or there is no personal information storage section that is valid in the personal information storage section identification information 2300 of the personal information storage terminal 2. In this case, for example, when the control unit 1007 attempts to use the personal information storage terminal 2 using the personal information storage unit use application 1101, the control unit 1007 has a desired personal information storage unit. It can be detected that it cannot be used.
  • FIG. 7 when there are two pieces of identification information, that is, the first identification information managed by the management ID 2101 and the second identification information managed by the management ID 2102, one of them is selected and the storage unit 2006 is selected. In particular, when switching information indicating whether it is valid or invalid is added as shown in FIG. 7, one of them is selected based on the switching information.
  • An embodiment in which the user of the information terminal 1 sets the switching information using the input unit 1002 can also be considered.
  • FIG. 8 to be described next an example of processing will be described on the assumption that the identification information of the personal information storage terminal 2 is always present in the personal information storage unit identification information 1300. By doing in this way, the information terminal 1 does not need to acquire the identification information of the personal information storage terminal 2 by communication, and the personal information storage unit 1000 is one individual who also has information stored in the personal information storage terminal 2 It can be handled uniformly as an information storage unit.
  • FIG. 8 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2.
  • the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the inter-terminal communication control code 2400 of the personal information storage terminal 2 does not execute S202. That is, in the example of FIG. 8, unlike FIG. 6, the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1.
  • the information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 in the same manner as in the example of FIG. Initially, all may be invalidated, or any personal information storage unit 2000 may be validated. Alternatively, the switching information immediately before turning off the power may be stored as it is.
  • the terminal-to-terminal communication control code 2400 of the personal information storage terminal 2 enables the personal information storage unit management code 2200 to validate at least one of the identification information of the personal information storage unit identification information 2300 and invalidate the other.
  • a request is made (S204).
  • that the personal information storage unit is valid means that the information terminal 1 can use the personal information storage unit via the short-range communication 1004, and that the personal information storage unit is invalid. Indicates that the information terminal 1 cannot use the personal information storage unit via the short-range communication unit 1004.
  • FIG. 8 shows an embodiment in which the personal information storage terminal 2 does not supply the personal information storage unit identification information 2300 itself to the information terminal 1, and the personal information storage terminal 2 is requested for identification information from the information terminal 1.
  • the personal information storage unit identification information 2300 only specific identification information is supplied from the personal information storage unit identification information 2300. Enabling at least one of the identification information means that the personal information storage terminal 2 determines which identification information is to be supplied to the information terminal 1. As a result, as shown in FIG. 6, the security can be improved and the processing time can be shortened as compared with the case where the personal information storage unit identification information 2300 itself is exchanged in S103 and S202.
  • the timing at which S204 is executed may be triggered by selection by the user using the display unit 2001 and the input unit 2002. Alternatively, it may be included in the startup process. Alternatively, an input from the network communication unit 2005, the proximity communication unit 2008, the wired communication unit 2009, acceleration information acquired from the sensor unit 2010, position information acquired from the position information acquisition unit 2011, or the like may be triggered.
  • the personal information storage unit management code is set so that all the switching information of the personal information storage unit identification information 2300 is invalidated when there is a change exceeding a predetermined threshold in acceleration information or position information. It can be requested.
  • the switching information of one specific personal information storage unit is switched between valid and invalid by the input from the proximity communication unit 2008, or the personal information storage unit to be valid is in a predetermined order. It is conceivable that a determination is made in step S204 such that the personal information storage unit management code 2200 is appropriately requested.
  • a specific operation when the user moves away from the information terminal 1, if the user supplies an instruction using the input unit 2002 to the information terminal 1 and sets all the switching information to be invalid, the information terminal The possibility of 1 being used by a third party can be reduced, and there is an effect of improving security.
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 8, transmission of a request to the personal information storage terminal 2 is illustrated.
  • the control unit 1007 passes the request received by the personal information storage unit management code 1200 to the inter-terminal communication control code 1400, and further sends the request from the inter-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 uses the personal information storage unit management code 2200 to pass the request to the personal information storage unit for which the switching information of the personal information storage unit identification information 2300 is valid, and obtains a response (S206).
  • the reply follows the reverse route, and is passed to the personal information storage application 1101 (S106). If there is no personal information storage unit in which the switching information is valid in S206, the personal information storage unit utilization application 1101 is notified as an error as a response in S106.
  • FIG. 9 is a diagram illustrating an example of the configuration of information stored in the storage unit of the information terminal and the storage unit of the personal information storage terminal and the personal information storage unit.
  • the configuration of the storage unit 1006 of the information terminal 1 is the same as that in FIG. That is, the information terminal 1 has only one piece of identification information managed by the management ID “1102” regarding the personal information storage terminal 2.
  • the storage unit 2006 includes personal information storage unit identification information 2300.
  • the personal information storage unit identification information 2300 includes information such as the personal information storage unit 2000 collected by the personal information storage unit management code 2200 and an application ID of a personal information storage application stored in the personal information storage unit 2000 described later. This is an area for storing in association with each other.
  • the control unit 2007 can know in which personal information storage unit 2000 the personal information storage application having a predetermined application ID is stored by referring to the personal information storage unit identification information 2300. This association may be given as a setting in advance, or may be appropriately collected by the control unit 2007 from the personal information storage unit 2000 using the personal information storage unit management code 2200.
  • As a storage method a registry, a configuration file, a data table, a database, or the like provided by the operating system can be considered.
  • each may be stored in association with the management ID.
  • the personal information storage unit 2000 has a personal information storage application.
  • the personal information storage unit 2000a includes a personal information storage application with an application ID “111111” and a personal information storage application with an application ID “222222”.
  • the personal information storage unit 2000b includes a personal information storage application with an application ID “333333” and a personal information storage application with an application ID “FFFFFF”.
  • the virtual personal information storage unit 2500 has an application ID “444444”.
  • the control unit 2007 refers to the personal information storage unit identification information 2300.
  • the control unit 2007 stores the personal information storage unit 2000a. You can see that you need to request.
  • the request is for the personal information storage application with the application ID “333333”, it is understood that the request may be made to the personal information storage unit 2000b.
  • an undefined application ID is associated with the personal information storage unit 2000b.
  • FIG. 9 shows the authentication identification information related to the first identification information acquired from the storage unit 2003 when the personal information storage terminal 2 is requested by the information terminal 1 for authentication information unique to the user of the information terminal 1.
  • the authentication information is acquired from the personal information storage unit based on (application ID) or authentication identification information (application ID) related to the second identification information. For example, when two information terminals 1a and 1b communicate with the personal information storage terminal 2, it is possible to determine which information is supplied to each information terminal based on the application ID.
  • FIG. 10 is a diagram illustrating an example of processing in which the information terminal 1 uses the personal information storage unit 2.
  • the control unit 1007 does not execute S103 and stands by while maintaining a state in which communication with the personal information storage terminal 2 is possible. Therefore, since S103 is not executed, the control unit 2007 of the personal information storage terminal 2 does not execute S202. This is the same as the example of FIG.
  • S201 information of the personal information storage unit 2000 and the virtual personal information storage unit 2500 is acquired from the personal information protection terminal 2 as in the example of FIG. Correlate with.
  • This association may be given as a setting in advance, or the personal information storage unit management code 2200 may be appropriately collected from the personal information storage unit 2000 or the like.
  • the association immediately before turning off the power may be stored as it is.
  • it may be triggered by the fact that the personal information storage unit 2000 of the independent module has become communicable from the personal information storage terminal 2.
  • a method of acquiring the application ID from the personal information storage unit a method of acquiring directory information or registry information possessed by the personal information storage unit, or a method of acquiring a partial selection of the application ID is stored inside the personal information storage unit. It is possible to examine all the applications that have been checked. In the example of FIG. 10, it is not necessary to explicitly select the personal information storage unit, so that it is not necessary to execute S204, but it may be executed in combination with the configuration examples shown in FIGS. .
  • the control unit 1007 uses the personal information storage application 1101 to transmit a request for using the desired personal information storage unit to the personal information storage unit management code 1200 based on the identification information acquired in S105 ( S106). In the example of FIG. 10, transmission of a request to the personal information storage terminal 2 is illustrated.
  • the control unit 1007 transfers the request received by the personal information storage unit management code 1200 to the terminal-to-terminal communication control code 1400, and further sends the request from the terminal-to-terminal communication code 1400 to the personal information storage terminal 2 through the short-range communication unit 1004.
  • the control unit 2007 of the personal information storage terminal 2 uses the inter-terminal communication control code 2400 to acquire a request from the short-range communication unit 2004 and passes it to the personal information storage unit management code 2200.
  • the control unit 2007 refers to the application ID included in the request using the personal information storage unit management code 2200, and selects a predetermined personal information storage unit based on the identification information of the personal information storage unit identification information 2300 ( (S207) After receiving the request, a response is obtained (S203). The reply follows the reverse route, and is passed to the personal information storage application 1101 (S106).
  • a request including an application ID comes at the top of a series of requests.
  • the first request including the application ID is transmitted to a specific personal information storage unit or the like and returns a result indicating success, a series of subsequent requests are transmitted continuously to the personal information storage unit that transmitted the request first.
  • the process of selecting the personal information storage unit that is the transmission destination of the request in S207 is performed by the top request including the application ID, and thereafter, it can be transmitted to the same personal information storage unit until a series of requests are completed. Conceivable.
  • a request including an application ID a SELECT FILE command defined in ISO7816 can be considered.
  • the personal information storage unit management code 1200 and the terminal-to-terminal communication control code 1400 mutually authenticate each other before exchanging information with each other. May be confirmed to be reliable executable code.
  • the personal information storage unit management code 2200 and the terminal-to-terminal communication control code 2400 are mutually authenticated in advance when exchanging information with each other, thereby confirming that they are mutually reliable execution codes. Also good.
  • the terminal-to-terminal communication control code 1400 and the terminal-to-terminal communication control code 2400 are mutually reliable terminals by performing mutual authentication in advance. You may confirm.
  • FIG. 11 is a diagram illustrating an example of an authentication process between the information terminal 1 and the information server 3. Portions showing the same processing contents as those in the examples of FIGS. 6, 8, and 10 may be given the same numbers and description thereof may be omitted.
  • the information terminal 1 transmits a request for authentication to the personal information storage terminal 2 using the personal information storage unit use application 1101 (S107).
  • the personal information storage terminal 2 that has received the request transmits the request to the personal information storage unit, and returns the obtained authentication information as a result to the information terminal 1 (S208).
  • the processing of S107 and S208 can be executed by the same route as S106 and S203 of FIGS. 6, 8, and 10, or S206 and S207, for example.
  • the information terminal 1 transmits the obtained authentication information to the information server 3 (S108), the information server 3 authenticates the received authentication information, and returns the result to the information terminal 1 (S301).
  • Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit.
  • Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor.
  • Information such as programs, tables, and files for realizing each function can be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
  • a program or the like for realizing each function is copied to a server or the like and provided to the information terminal 1, the personal information storage terminal 2 and other terminals, devices, equipment, etc.
  • control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
  • Information terminal 1: Information terminal
  • 90: Near field communication 91: Network
  • 1000: Personal information storage 2000: Personal information storage.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un terminal d'informations détenu par un individu à utiliser comme moyen d'identification individuel. Ce terminal d'informations comprend : une première unité de communication qui communique avec une première unité d'enregistrement d'informations individuelles enregistrant des informations individuelles ; une unité d'enregistrement permettant d'enregistrer des premières informations d'identification pour les communications avec la première unité d'enregistrement d'informations individuelles ; une seconde unité de communication qui communique avec un terminal d'enregistrement d'informations individuelles ; et une troisième unité de communication qui communique avec un serveur d'informations. Le terminal d'informations : obtient des secondes informations d'identification permettant d'identifier une seconde unité d'enregistrement d'informations individuelles connecté électriquement au terminal d'enregistrement d'informations individuelles à partir du second moyen de communication ; sélectionne soit les premières informations d'identification soit les secondes informations d'identification ; obtient les informations de vérification d'après les informations individuelles de la première ou de la seconde unité d'enregistrement d'informations individuelles, d'après les informations d'identification sélectionnées ; et les transmet à partir de la troisième unité de communication.
PCT/JP2013/054046 2012-05-11 2013-02-19 Terminal d'informations et terminal d'enregistrement d'informations individuelles WO2013168446A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012108969A JP5869953B2 (ja) 2012-05-11 2012-05-11 情報端末
JP2012-108969 2012-05-11

Publications (1)

Publication Number Publication Date
WO2013168446A1 true WO2013168446A1 (fr) 2013-11-14

Family

ID=49550508

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/054046 WO2013168446A1 (fr) 2012-05-11 2013-02-19 Terminal d'informations et terminal d'enregistrement d'informations individuelles

Country Status (2)

Country Link
JP (1) JP5869953B2 (fr)
WO (1) WO2013168446A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006107316A (ja) * 2004-10-08 2006-04-20 Kunihiko Kachi 認証システム及び認証方法
JP2008191942A (ja) * 2007-02-05 2008-08-21 Fujitsu Ltd 認証装置、認証方法及びそのプログラム
JP2010238090A (ja) * 2009-03-31 2010-10-21 West Japan Railway Co 認証システム及び認証方法
JP2011129040A (ja) * 2009-12-21 2011-06-30 Kddi Corp 認証システム、携帯無線通信端末、認証方法、認証プログラム、認証情報生成方法、認証情報生成プログラム

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005182139A (ja) * 2003-12-16 2005-07-07 Ntt Data Corp 識別情報及びパスワード管理装置
JP4689335B2 (ja) * 2005-04-25 2011-05-25 日立オムロンターミナルソリューションズ株式会社 不正取引防止システムおよび端末装置
JP2007019748A (ja) * 2005-07-06 2007-01-25 Matsushita Electric Ind Co Ltd 携帯端末装置、認証制御方法及び認証制御プログラム
JP2007180804A (ja) * 2005-12-27 2007-07-12 Matsushita Electric Ind Co Ltd 携帯端末装置及びその使用制限方法
JP2007304664A (ja) * 2006-05-08 2007-11-22 Hitachi Systems & Services Ltd ユーザー認証システム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006107316A (ja) * 2004-10-08 2006-04-20 Kunihiko Kachi 認証システム及び認証方法
JP2008191942A (ja) * 2007-02-05 2008-08-21 Fujitsu Ltd 認証装置、認証方法及びそのプログラム
JP2010238090A (ja) * 2009-03-31 2010-10-21 West Japan Railway Co 認証システム及び認証方法
JP2011129040A (ja) * 2009-12-21 2011-06-30 Kddi Corp 認証システム、携帯無線通信端末、認証方法、認証プログラム、認証情報生成方法、認証情報生成プログラム

Also Published As

Publication number Publication date
JP2013235522A (ja) 2013-11-21
JP5869953B2 (ja) 2016-02-24

Similar Documents

Publication Publication Date Title
KR102146388B1 (ko) 지능 설비를 조종하는 방법, 장치, 시스템과 기억 매체
CN101766038B (zh) 设备激活和访问
WO2019206201A1 (fr) Procédé de transmission de fichier de configuration, dispositif associé et support de stockage
EP3541098B1 (fr) Procédé de traitement pour lier des identifiants de communication et terminal
WO2015101273A1 (fr) Procédé de vérification de sécurité et dispositif et système associés
WO2016164194A1 (fr) Appariement de stylo numérique inter-dispositif en nuage
CN104995616A (zh) 基于云的虚拟移动设备
JP6356887B2 (ja) 情報処理装置、サーバ装置および情報処理システム
US9591434B1 (en) Virtual private network (VPN) tunneling in a user equipment (UE) brokered by a radio frequency identity (RFID) chip communicatively coupled to the user equipment
US10694381B1 (en) System and method for authentication and sharing of subscriber data
EP4262146A1 (fr) Dispositif iot et procédé d'intégration d'un dispositif iot dans un serveur
JP6287213B2 (ja) 代行ログイン装置、端末、制御方法およびプログラム
US20140156952A1 (en) Information processing apparatus, information processing method, and computer readable medium
CN109076428B (zh) 一种数据处理方法及相关装置
KR101344763B1 (ko) 근거리 무선통신을 이용한 휴대단말기 사이의 파일 공유 방법
JP5869953B2 (ja) 情報端末
JP6397200B2 (ja) 管理サーバ、およびデータ処理方法、並びにプログラム
WO2015120593A1 (fr) Terminal mobile et procédé de commande pour système de commande d'accès
JP5476820B2 (ja) クライアント端末及びプログラム
JP5915672B2 (ja) 端末装置、情報管理装置及びプログラム
JP6173268B2 (ja) マッチングシステム、マッチング方法及びWebサーバ
CN105354469A (zh) 一种解锁方法及装置
JP6911303B2 (ja) 認証システム及び認証方法
CN105939516A (zh) 用户认证方法及装置
JP2022071684A (ja) 情報処理装置、情報処理装置の制御方法およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13787709

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13787709

Country of ref document: EP

Kind code of ref document: A1