WO2023149124A1 - Système de traitement d'informations et procédé de traitement d'informations - Google Patents

Système de traitement d'informations et procédé de traitement d'informations Download PDF

Info

Publication number
WO2023149124A1
WO2023149124A1 PCT/JP2022/047605 JP2022047605W WO2023149124A1 WO 2023149124 A1 WO2023149124 A1 WO 2023149124A1 JP 2022047605 W JP2022047605 W JP 2022047605W WO 2023149124 A1 WO2023149124 A1 WO 2023149124A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
unit
public key
information processing
information
Prior art date
Application number
PCT/JP2022/047605
Other languages
English (en)
Japanese (ja)
Inventor
健治 藏前
正夫 秋元
Original Assignee
パナソニックIpマネジメント株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニックIpマネジメント株式会社 filed Critical パナソニックIpマネジメント株式会社
Publication of WO2023149124A1 publication Critical patent/WO2023149124A1/fr

Links

Images

Classifications

    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to an information processing system and an information processing method.
  • Patent Document 1 describes key data necessary for controlling objects to be controlled between a portable terminal possessed by a user and a reader connected to objects to be controlled (specific gates, locks provided at gates, elevators, etc.).
  • a key data communication system is disclosed for communicating a
  • the present invention provides an information processing system and the like that can relatively safely release restrictions on the entry and exit of goods or people using a two-dimensional code.
  • An information processing system is an information processing system used for canceling the restrictions on equipment that restricts the entry and exit of goods or people into and out of a space, comprising: a first information terminal; a management terminal; A control device, wherein the first information terminal includes a first storage unit storing a first secret key and a first public key, and a first communication unit transmitting the first public key to the management terminal.
  • the management terminal includes a terminal storage unit storing a second private key and a second public key, a terminal communication unit receiving the first public key from the first information terminal, generating a first signature for the received first public key using the second private key, a two-dimensional representation of the first public key and a first server certificate containing the first signature; a terminal control unit that issues a code; the first information terminal includes a reading unit that reads the two-dimensional code issued by the management terminal; a first information processing unit for acquiring a server certificate, the first communication unit transmitting the acquired first server certificate to the control device, and the control device performing the second publication a storage unit that stores a root certificate including a key; a communication unit that receives the first server certificate from the first information terminal; and the first signature included in the received first server certificate. a control unit that performs verification using the second public key included in the root certificate stored in the storage unit, and cancels the restriction on the device if the verification is successful.
  • An information processing method is an information processing method executed by an information processing system used for canceling the restriction of a device that restricts the entry and exit of goods or people into and out of a space, wherein the first secret a first information terminal having a first storage unit storing a key and a first public key; a management terminal having a terminal storage unit storing a second secret key and a second public key; and a control device having a storage unit storing a root certificate including a public key of the information processing method, wherein the first information terminal transmits the first public key to the management terminal, and the management a first communication step in which the terminal receives the first public key from the first information terminal; and a first signature on the received first public key by the management terminal using the second private key.
  • a program according to one aspect of the present invention is a program for causing a computer to execute the information processing method.
  • An information processing system and the like according to one aspect of the present invention can use two-dimensional codes to relatively safely release restrictions on the entry and exit of goods or people.
  • FIG. 1 is an external view of an information processing system according to an embodiment.
  • FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment.
  • FIG. 3 is a sequence diagram of the first half of operation example 1 of the information processing system according to the embodiment.
  • FIG. 4 is a sequence diagram of the second half of operation example 1 of the information processing system according to the embodiment.
  • FIG. 5 is a diagram showing an example of the format of a server certificate.
  • FIG. 6 is a sequence diagram of the first half of Operation Example 2 of the information processing system according to the embodiment.
  • FIG. 7 is a sequence diagram of the latter half of Operation Example 2 of the information processing system according to the embodiment.
  • each figure is a schematic diagram and is not necessarily strictly illustrated. Moreover, in each figure, the same code
  • FIG. 1 is an external view of an information processing system according to an embodiment.
  • FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment.
  • an information processing system 10 grants a visitor who visits a facility 80 temporary unlocking authority for an auto-locking door 70 provided at the common entrance of the facility 80.
  • the facility 80 is, for example, an apartment complex, but may be a facility other than a residence such as an office building.
  • the visitor is, for example, a person dispatched by a housekeeping service provider, or a parcel delivery person.
  • the information processing system 10 uses a two-dimensional code such as a QR code (registered trademark) to grant the temporary unlocking authority.
  • a two-dimensional code may also be called a two-dimensional bar code.
  • Two-dimensional codes have a larger amount of information than conventional bar codes (one-dimensional codes), and are used for cashless payment means, airplane boarding tickets, and unlocking keys for lockers.
  • the control device 60 of the auto-locking door 70 confirms that the two-dimensional code is a valid permit issued by the manager of the facility 80. need to verify. In order to implement such verification, it is generally necessary to pre-register in the control device 60 that a new unlocking permit has been issued.
  • the pre-registration with the control device 60 is omitted.
  • the information processing system 10 includes a communication terminal 20 , a management terminal 30 , a first information terminal 40 , a second information terminal 50 , a control device 60 and an auto-locking door 70 .
  • the communication terminal 20 is a terminal possessed by a visitor to the facility 80.
  • the communication terminal 20 displays the two-dimensional code on the display unit 25 when the visitor tries to unlock the auto-locking door 70 .
  • the communication terminal 20 is, for example, a mobile terminal such as a smart phone or a tablet terminal.
  • Communication terminal 20 includes operation reception unit 21 , communication unit 22 , information processing unit 23 , storage unit 24 , and display unit 25 .
  • the operation reception unit 21 receives a visitor's operation.
  • the operation reception unit 21 is implemented by, for example, a touch panel, but may be implemented by hardware keys or the like.
  • the communication unit 22 is a communication circuit for the communication terminal 20 to communicate with the management terminal 30.
  • the communication unit 22 performs wireless communication with, for example, the management terminal 30 through a wide area communication network such as the Internet.
  • the information processing unit 23 performs display processing of the two-dimensional code and the like.
  • the information processing section 23 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the information processing section 23 are realized by, for example, executing a computer program (software) stored in the storage section 24 by a microcomputer, a processor, or the like (hardware) constituting the information processing section 23 .
  • the storage unit 24 is a storage device that stores the information necessary for the display processing, the computer program, and the like.
  • the storage unit 24 is implemented by, for example, a semiconductor memory.
  • the display unit 25 is a display on which the two-dimensional code is displayed by the above display processing.
  • the display unit 25 is implemented by, for example, a display panel such as a liquid crystal panel or an organic EL (Electro-Luminescence) panel.
  • the management terminal 30 is a terminal used by the administrator of the facility 80 or the like.
  • the manager or the like is the owner of the facility 80 or an employee of the management company of the facility 80 or the like.
  • the management terminal 30 is used by an administrator to issue a two-dimensional code in response to a visitor's request.
  • the management terminal 30 is, for example, a portable terminal such as a smart phone or a tablet terminal, but may be a stationary terminal such as a personal computer or a server device.
  • the management terminal 30 includes a terminal communication section 31 , a terminal control section 32 and a terminal storage section 33 .
  • the terminal communication unit 31 is a communication circuit for the management terminal 30 to communicate with each of the communication terminal 20, the first information terminal 40, the second information terminal 50, and the control device 60.
  • the terminal communication unit 31 for example, communicates with each of the communication terminal 20, the first information terminal 40, the second information terminal 50, and the control device 60 through the wide area communication network.
  • the terminal communication unit 31 may perform wired communication or wireless communication.
  • the terminal control unit 32 performs information processing for issuing a two-dimensional code.
  • the terminal control unit 32 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the terminal control unit 32 are realized, for example, by executing a computer program (software) stored in the terminal storage unit 33 by a microcomputer, processor, or the like (hardware) constituting the terminal control unit 32 .
  • the terminal storage unit 33 is a storage device that stores the information necessary for the above information processing, the above computer programs, and the like.
  • the terminal storage unit 33 is implemented by, for example, a semiconductor memory, but may be implemented by an HDD (Hard Disk Drive).
  • the first information terminal 40 is a terminal operated by a visitor to the facility 80 to unlock the auto-locking door 70 .
  • the first information terminal 40 is fixedly installed on the outside (outdoor side) of the auto-locking door 70 in the common area 81 of the facility 80 .
  • the first information terminal 40 is, in other words, a reception terminal and reads the two-dimensional code.
  • the first information terminal 40 is, for example, a portable terminal such as a tablet terminal, but may be a dedicated terminal such as a lobby intercom.
  • the first information terminal 40 includes a first operation reception section 41 , a first communication section 42 , a first information processing section 43 , a first storage section 44 , a first display section 45 and a reading section 46 .
  • the first operation accepting unit 41 accepts the visitor's operation.
  • the first operation accepting unit 41 is implemented by, for example, a touch panel, but may be implemented by hardware keys or the like. Note that the first operation reception unit 41 may be implemented by an input device such as a keyboard externally attached to the first information terminal 40 .
  • the first communication unit 42 is a communication circuit for the first information terminal 40 to communicate with the management terminal 30 and the control device 60.
  • the first communication unit 42 performs wireless communication with the management terminal 30 through a wide area communication network such as the Internet, and wireless communication with the control device 60 through a local communication network.
  • the first information processing section 43 performs processing such as reading the two-dimensional code displayed on the display section 25 of the communication terminal 20 .
  • the first information processing unit 43 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the function of the first information processing unit 43 is achieved by, for example, executing a computer program (software) stored in the first storage unit 44 by a microcomputer or processor (hardware) constituting the first information processing unit 43. Realized.
  • the first storage unit 44 is a storage device that stores the information necessary for the reading process, the computer program, and the like.
  • the first storage unit 44 is implemented by, for example, a semiconductor memory.
  • the first display unit 45 is a display that displays information prompting the visitor to present the two-dimensional code near the reading unit 46.
  • the first display unit 45 is implemented by, for example, a display panel such as a liquid crystal panel or an organic EL panel.
  • the reading unit 46 reads the two-dimensional code displayed on the display unit 25 of the communication terminal 20.
  • the reading unit 46 is implemented by a camera.
  • the reading unit 46 is implemented by a camera externally attached to the first information terminal 40 or a two-dimensional code reader (a camera specialized for reading two-dimensional codes) externally attached to the first information terminal 40. may
  • the second information terminal 50 is a terminal possessed by a resident who lives in the exclusive area 82 of the facility 80 .
  • the second information terminal 50 is a terminal operated by the resident to unlock the auto-locking door 70 .
  • the second information terminal 50 is, for example, a portable terminal such as a smart phone or a tablet terminal.
  • the second information terminal 50 includes a second operation reception section 51 , a second communication section 52 , a second information processing section 53 , a second storage section 54 and a second display section 55 .
  • the second operation reception unit 51 receives operations by the resident.
  • the second operation accepting unit 51 is implemented by, for example, a touch panel, but may be implemented by hardware keys or the like.
  • the second communication unit 52 is a communication circuit for the second information terminal 50 to communicate with the management terminal 30 and the control device 60.
  • the second communication unit 52 for example, performs wireless communication with the management terminal 30 through a wide area communication network such as the Internet, and performs wireless communication with the control device 60 through a local communication network.
  • the second information processing unit 53 performs information processing for requesting the management terminal 30 to issue a second server certificate, processing for transmitting the second server certificate to the control device 60, and the like.
  • the second information processing section 53 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the function of the second information processing unit 53 is achieved by, for example, executing a computer program (software) stored in the second storage unit 54 by a microcomputer, processor, or the like (hardware) constituting the second information processing unit 53. Realized.
  • the second storage unit 54 is a storage device that stores the information necessary for the information processing and the computer programs.
  • the second storage unit 54 is implemented by, for example, a semiconductor memory.
  • the second display unit 55 is a display on which a display screen or the like is displayed when the second operation accepting unit 51 accepts an operation.
  • the second display unit 55 is implemented by, for example, a display panel such as a liquid crystal panel or an organic EL panel.
  • the control device 60 is a control device that controls unlocking and locking of the auto-locking door 70 .
  • the control device 60 is installed, for example, in the common area 81 of the facility 80 near the auto-locking door 70 .
  • the control device 60 may be a device integrated with the first information terminal 40 , but in the information processing system 10 , it is a device separate from the first information terminal 40 and is located close to the first information terminal 40 . Perform long-distance wireless communication. Therefore, it is also possible to install the first information terminal 40 as the reception terminal at a location distant from the installation location of the control device 60 .
  • the control device 60 includes a communication section 61 , a control section 62 and a storage section 63 .
  • the communication unit 61 is a communication circuit for the control device 60 to communicate with each of the management terminal 30, the first information terminal 40, and the second information terminal 50.
  • the communication unit 61 performs wireless communication with the first information terminal 40 and the second information terminal 50 through the local communication network, and wireless communication with the management terminal 30 through the wide area communication network.
  • the control unit 62 performs information processing for locking or unlocking the auto-locking door 70 . Specifically, the control unit 62 locks or unlocks the auto-locking door 70 by outputting a control signal to the auto-locking door 70 .
  • the control unit 62 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the control unit 62 are realized, for example, by executing a computer program (software) stored in the storage unit 63 by a microcomputer, a processor, or the like (hardware) constituting the control unit 62 .
  • the storage unit 63 is a storage device that stores the information necessary for the information processing, the computer programs, and the like.
  • the storage unit 63 is implemented by, for example, a semiconductor memory.
  • the auto-locking door 70 is a door device provided at the common entrance (entrance) of the facility 80.
  • the auto-locking door 70 is automatically locked (or closed) by the control device 60 after a certain period of time has passed since it was unlocked (or opened).
  • the door included in the auto-locking door 70 may be a sliding door or a hinged door.
  • Unlocking here means, for example, unlocking (unlocking) the lock mechanism (such as an electric lock) of the auto-locking door 70 .
  • Opening means, for example, opening the self-locking door 70 after the self-locking door 70 has been unlocked.
  • Unlocking the auto-locking door 70 in the following embodiments means that the auto-locking door 70 is at least unlocked, and that it may be opened after being unlocked. .
  • FIG. 1 is assumed that the communication terminal 20 is used by a visitor to the facility 80 and the management terminal 30 is used by the administrator of the facility 80 or the like.
  • the server certificate serves as a permit to unlock the auto-locking door 70 .
  • the first storage unit 44 of the first information terminal 40 stores a first public key and a first secret key.
  • the first public key and the first private key are generated, for example, when an application program (hereinafter simply referred to as an application) for the information processing system 10 is installed in the first information terminal 40, and stored in the first storage. Stored in unit 44 .
  • the terminal storage unit 33 of the management terminal 30 stores a second public key and a second secret key.
  • the second public key and the second private key are stored in the terminal storage unit 33 when an application for the information processing system 10 is installed in the management terminal 30, for example.
  • the first information terminal 40 transmits the first public key stored in the first storage unit 44 to the management terminal 30 (S11).
  • the first public key is obtained, for example, by an installer performing a predetermined operation on the first operation reception unit 41 during initial setting work performed when the first information terminal 40 is installed in a facility (communal entrance). By doing so, it is transmitted to the management terminal 30 .
  • the method of transmitting the first public key to the management terminal 30 and the timing of transmitting the first public key are not particularly limited.
  • the terminal communication unit 31 of the management terminal 30 receives the first public key.
  • the terminal control unit 32 stores the received first public key in the terminal storage unit 33 (S12).
  • the visitor After that, the visitor performs a predetermined operation on the operation reception unit 21 of the communication terminal 20 before actually visiting the facility 80 .
  • the prescribed operation includes a setting operation for setting a password.
  • the operation receiving unit 21 receives a predetermined operation ( S ⁇ b>13 )
  • the information processing unit 23 generates a two-dimensional code issue request and causes the communication unit 22 to transmit the generated issue request to the management terminal 30 . That is, the communication unit 22 transmits a two-dimensional code issue request to the management terminal 30 (S14).
  • the communication unit 22 transmits the issue request to the management terminal 30 by wireless communication through the wide area communication network.
  • the issuance request contains the password set by the visitor.
  • the terminal communication unit 31 of the management terminal 30 receives the issue request.
  • the terminal control unit 32 issues the first server certificate (S15).
  • the terminal control unit 32 converts the first public key received in step S11 (stored in the terminal storage unit 33 in step S12) and the first signature for the usage conditions using the second secret key.
  • the usage condition is, for example, information indicating a temporal condition (in other words, an expiration date), and is determined in advance by an administrator who uses the management terminal 30, for example.
  • the usage condition may be a condition related to the valid number of times.
  • the valid number of times means the maximum number of times that the auto-locking door 70 can be unlocked by the first server certificate.
  • the format of the first server certificate is, for example, X. 509 certificates are used.
  • FIG. 5 is a diagram showing an example of the format of the first server certificate.
  • the term of validity of the certificate in FIG. 5 corresponds to the usage conditions (term of validity)
  • the subject public key information corresponds to the first public key
  • the signatureValue corresponds to the first signature.
  • usage conditions other than the expiration date may be stored in the extended area of the format in FIG.
  • the terminal control unit 32 encrypts the first server certificate issued in step S15 with the password included in the issue request received in step S14 (S16). Any existing algorithm may be used as a method of encrypting the first server certificate with a password, and there is no particular limitation.
  • the terminal control unit 32 converts the encrypted first server certificate into a two-dimensional code (S17). That is, the terminal control unit 32 issues a two-dimensional code indicating the first server certificate including the first public key and the first signature, which is encrypted with a password.
  • the terminal control unit 32 also causes the terminal communication unit 31 to transmit two-dimensional code information for displaying the two-dimensional code to the communication terminal 20 (S18).
  • the two-dimensional code information is transmitted from the management terminal 30 to the communication terminal 20 by e-mail, for example.
  • the communication unit 22 of the communication terminal 20 receives the two-dimensional code information.
  • the information processing section 23 stores the received two-dimensional code information in the storage section 24 (S19).
  • the storage unit 63 of the control device 60 stores a root certificate.
  • a root certificate contains a second public key.
  • the root certificate is generated, for example, by the terminal control unit 32 of the management terminal 30 , transmitted to the control device 60 by the terminal communication unit 31 , and stored in the storage unit 63 .
  • the root certificate may be stored in the storage unit 63 by manufacturing equipment when the control device 60 is manufactured.
  • the information processing section 23 displays the two-dimensional code on the display section 25 based on the two-dimensional code information stored in the storage section 24 in step S19 (S20).
  • the visitor presents the two-dimensional code displayed on the display unit 25 to the reading unit 46 of the first information terminal 40 by holding the communication terminal 20 over the reading unit 46 .
  • the reading unit 46 reads the two-dimensional code (S21).
  • the visitor performs a password input operation to the first operation reception unit 41 of the first information terminal 40 .
  • the first operation accepting unit 41 accepts a password input operation (S22).
  • the password entered in step S22 is the password set by the visitor himself in step S13.
  • the first information processing unit 43 When the password input operation is accepted by the first operation accepting unit 41, the first information processing unit 43, based on the two-dimensional code read by the reading unit 46 in step S21 and the password entered in step S22, A first server certificate is obtained (S23). Specifically, the first information processing unit 43 converts the two-dimensional code into an encrypted first server certificate, and decrypts the encrypted first server certificate with a password to obtain the first server certificate. get the book. That is, the first information processing unit 43 acquires the first server certificate by reading the issued two-dimensional code and performing decryption processing using the input password.
  • the first information processing section 43 causes the first communication section 42 to transmit the acquired first server certificate to the control device 60 . That is, the first communication unit 42 transmits the server certificate to the control device 60 (S24). Note that the communication unit 22 transmits the server certificate to the control device 60 by wireless communication through the local communication network. This wireless communication is, for example, short-range wireless communication based on a communication standard such as Bluetooth (registered trademark).
  • the communication unit 61 of the control device 60 receives the first server certificate.
  • the control unit 62 verifies the first signature included in the received first server certificate using the second public key included in the root certificate stored in the storage unit 63 (S25). If the verification of the first signature is successful, the control unit 62 determines the terms of use included in the first server certificate (S26).
  • the usage condition is, for example, a temporal condition, and the control unit 62 determines whether or not the temporal condition is satisfied.
  • the control unit 62 When determining that the timing requirements are satisfied, the control unit 62 generates a session key using the first public key included in the first server certificate (S27). The control unit 62 encrypts the generated session key with the first public key, and causes the communication unit 61 to transmit the encrypted session key to the first information terminal 40 (S28).
  • the first communication unit 42 of the first information terminal 40 receives the encrypted session key.
  • the first information processing unit 43 decrypts the session key using the first secret key, and causes the first communication unit 42 to transmit an unlock command to the control device 60 through encrypted communication using the session key (S29 ).
  • the communication unit 61 of the control device 60 receives the unlock command.
  • the controller 62 unlocks the auto-locking door 70 based on the received unlock command (S30). Specifically, the control unit 62 unlocks the auto-locking door 70 by transmitting a control signal to the auto-locking door 70 .
  • the management terminal 30 can safely grant the unlocking authority of the auto-locking door 70 to the communication terminal 20 using the first server certificate and the root certificate.
  • the unlocking method as in Operation Example 1 can give the unlocking authority to the visitor without registering information on the visitor in the first information terminal 40 or the control device 60 in advance. Further, according to the unlocking method as in Operation Example 1, the visitor does not need to install an application (public key and private key) on the communication terminal 20, so there is an advantage that the burden on the visitor is small.
  • the first information terminal 40 and the control device 60 perform encrypted communication (wireless communication) using a session key, even if the first information terminal 40 and the control device 60 are arranged separately, eavesdropping, etc. Therefore, unauthorized unlocking of the auto-locking door 70 by another information terminal impersonating the first information terminal 40 is suppressed.
  • the existing system that can execute the later-described operation example 2 (unlocking the auto-locking door 70 by the resident)
  • operation example 1 unlocking of the auto-locking door 70 by the visitor
  • the processing performed by the control device 60 is also shared.
  • the information processing system 10 can easily implement the operation example 1 by newly introducing the first information terminal 40 into the existing system.
  • the two-dimensional code was displayed on the display unit 25 of the communication terminal 20, but the visitor brings a piece of paper on which the two-dimensional code is printed to the facility 80 and presents it to the reading unit 46. This also allows the auto-locking door 70 to be unlocked.
  • the use of the password prevents a third party other than the visitor from unlocking the auto-locking door 70 using the two-dimensional code. can be suppressed.
  • the password is set by the visitor in Operation Example 1, it may be set by the administrator and notified to the visitor.
  • FIG. 2 is assumed that the second information terminal 50 is used by the resident of the exclusive area 82 of the facility 80 and the management terminal 30 is used by the manager of the facility 80 or the like.
  • the second server certificate serves as a permit to unlock the auto-locking door 70 .
  • the second storage unit 54 of the second information terminal 50 stores a third public key and a third private key.
  • the third public key and the third private key are generated, for example, when an application for the information processing system 10 is installed in the second information terminal 50 and stored in the second storage unit 54 .
  • the terminal storage unit 33 of the management terminal 30 stores a second public key and a second secret key.
  • the resident performs a predetermined operation on the second operation reception unit 51 of the second information terminal 50 running the above application.
  • the predetermined operation is an operation for installing the second server certificate.
  • the second operation accepting unit 51 accepts a predetermined operation (S31).
  • the second information processing unit 53 When the second operation receiving unit 51 receives a predetermined operation, the second information processing unit 53 generates a second server certificate issuance request, and sends the generated issuance request to the second communication unit 52 to the management terminal 30. send.
  • the issuance request includes the third public key. That is, the second communication unit 52 transmits the third public key to the management terminal 30 (S32). The second communication unit 52 transmits the third public key to the management terminal 30 by wireless communication through the wide area communication network.
  • the terminal communication unit 31 of the management terminal 30 receives the issue request including the third public key.
  • the terminal control unit 32 sends the received third public key and the second signature for the usage conditions to the third public key. It is generated using the second secret key (S33).
  • the terminal control unit 32 causes the terminal communication unit 31 to transmit the second server certificate including the third public key, the terms of use, and the second signature to the second information terminal 50 (S34).
  • the usage condition is, for example, information indicating a temporal condition (in other words, an expiration date), and is determined in advance by an administrator who uses the management terminal 30, for example.
  • the usage condition may be a condition related to the valid number of times.
  • the valid number of times means the maximum number of times that the auto-locking door 70 can be unlocked by the second server certificate.
  • the format of the second server certificate is, for example, X.
  • An H.509 certificate (FIG. 5) is used.
  • the validity period of the certificate in FIG. 5 corresponds to the usage conditions
  • the subject public key information corresponds to the third public key
  • the signatureValue corresponds to the second signature.
  • usage conditions other than the expiration date may be stored in the extended area of the format in FIG.
  • the second communication unit 52 of the second information terminal 50 receives the second server certificate.
  • the second information processing unit 53 stores the received second server certificate in the second storage unit 54 (S35).
  • the storage unit 63 of the control device 60 stores a root certificate.
  • a root certificate contains a second public key.
  • the root certificate is generated, for example, by the terminal control unit 32 of the management terminal 30 , transmitted to the control device 60 by the terminal communication unit 31 , and stored in the storage unit 63 .
  • the root certificate may be stored in the storage unit 63 by manufacturing equipment when the control device 60 is manufactured.
  • the resident when the resident arrives at the facility 80, the resident moves near the auto-locking door 70, and unlocks the auto-locking door 70 to the second operation reception unit 51 of the second information terminal 50 running the above application. perform a predetermined unlocking operation for The second operation accepting unit 51 accepts an unlocking operation (S36).
  • the second information processing unit 53 causes the second communication unit 52 to transmit the second server certificate to the control device 60 . That is, the second communication unit 52 transmits the second server certificate to the control device 60 (S37).
  • the second communication unit 52 transmits the second server certificate to the control device 60 by wireless communication through the local communication network.
  • This wireless communication is, for example, short-range wireless communication based on a communication standard such as Bluetooth (registered trademark).
  • the communication unit 61 of the control device 60 receives the second server certificate.
  • the control unit 62 verifies the second signature included in the received second server certificate using the second public key included in the root certificate stored in the storage unit 63 (S38). If the verification of the second signature is successful, the control unit 62 determines the terms of use included in the second server certificate (S39). As described above, the usage condition is, for example, a temporal condition, and the control unit 62 determines whether or not the temporal condition is satisfied.
  • the control unit 62 generates a session key using the third public key included in the second server certificate when determining that the timing requirements are satisfied (S40).
  • the control unit 62 encrypts the generated session key with the third public key, and causes the communication unit 61 to transmit the encrypted session key to the second information terminal 50 (S41).
  • the second communication unit 52 of the second information terminal 50 receives the encrypted session key.
  • the second information processing unit 53 decrypts the session key using the third secret key, and causes the second communication unit 52 to transmit an unlock command to the control device 60 through encrypted communication using the session key (S42 ).
  • the communication unit 61 of the control device 60 receives the unlock command.
  • the control unit 62 unlocks the auto-locking door 70 based on the received unlocking command (S43). Specifically, the control unit 62 unlocks the auto-locking door 70 by transmitting a control signal to the auto-locking door 70 .
  • the second information terminal 50 can also lock the auto-locking door 70 based on the same operation sequence.
  • the management terminal 30 uses the second server certificate and the second root certificate to safely grant the second information terminal 50 the authority to unlock the auto-locking door 70. can do.
  • the terms of use are included in the server certificate (the first server certificate or the second server certificate), but the terms of use are controlled from the communication terminal 20 in a secure manner separately from the server certificate. It may be transmitted to device 60 .
  • the terms of use may be transmitted from the first information terminal 40 to the control device 60 together with the first signature of the management terminal 30 through encrypted communication using a session key.
  • the usage conditions may be transmitted from the second information terminal 50 to the control device 60 together with the second signature of the management terminal 30 by encrypted communication using the session key.
  • the control device 60 controls devices such as the auto-locking door 70 that restrict people from entering and exiting the space in the facility 80, but controls devices that restrict articles from entering and exiting. good too.
  • the control device 60 may control an electric lock that locks and unlocks the door of a delivery box, coin locker, safe deposit box, or the like.
  • the control device 60 may control a device that restricts the entry and exit of goods or people into and out of the space.
  • the information processing system 10 can be applied not only to equipment that restricts the entry and exit of goods or people into and out of a space, but also to the case of permitting only a specific person to control home appliances such as lighting equipment and air conditioning equipment.
  • the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space.
  • the information processing system 10 includes a first information terminal 40 , a management terminal 30 and a control device 60 .
  • the first information terminal 40 has a first storage section 44 storing a first secret key and a first public key, and a first communication section 42 for transmitting the first public key to the management terminal 30 .
  • the management terminal 30 includes a terminal storage unit 33 in which the second secret key and the second public key are stored, a terminal communication unit 31 that receives the first public key from the first information terminal 40, and the received first public key.
  • a terminal control unit 32 that generates a first signature for one public key using a second private key and issues a two-dimensional code indicating a first server certificate that includes the first public key and the first signature.
  • the first information terminal 40 has a reading unit 46 that reads the two-dimensional code issued by the management terminal 30, and a first information processing unit 43 that acquires the first server certificate from the two-dimensional code read by the reading unit 46. have.
  • the first communication unit 42 transmits the acquired first server certificate to the control device 60 .
  • the control device 60 includes a storage unit 63 storing a root certificate including the second public key, a communication unit 61 receiving the first server certificate from the first information terminal 40, and the received first server certificate.
  • control unit 62 that verifies the first signature contained in the certificate using the second public key contained in the root certificate stored in the storage unit 63, and cancels the restriction of the device if the verification is successful.
  • the space is, for example, any closed space within the facility 80 .
  • Such an information processing system 10 can release restrictions on the entry and exit of goods or people in a relatively safe manner on the condition that a two-dimensional code indicating the first server certificate is presented.
  • the two-dimensional code indicates the first server certificate encrypted with a password.
  • the first information terminal 40 includes a first operation reception unit 41 that receives a password input operation.
  • the first information processing unit 43 acquires the first server certificate by reading the issued two-dimensional code and performing decryption processing using the input password.
  • Such an information processing system 10 can relatively safely release restrictions on the entry and exit of goods or people on the condition that a two-dimensional code indicating an encrypted first server certificate is presented and a password is entered. can be done.
  • the terminal control unit 32 issues a two-dimensional code, and causes the terminal communication unit 31 to transmit the issued two-dimensional code to the communication terminal 20 .
  • Such an information processing system 10 can authorize the user of the communication terminal 20 (visitor in the above embodiment) to release restrictions on the entry and exit of goods or people.
  • the terminal control unit 32 issues the two-dimensional code, and transmits the issued two-dimensional code to the terminal communication unit. It causes the unit 31 to transmit to the communication terminal 20 .
  • the first information processing unit 43 reads the issued two-dimensional code displayed on the display unit 25 of the communication terminal 20 with the reading unit 46 , and receives input from the first operation accepting unit 41 .
  • the first server certificate is acquired by performing decryption processing using the password obtained.
  • the information processing system 10 further includes a second information terminal 50 .
  • the second information terminal 50 has a second storage section 54 storing a third private key and a third public key, and a second communication section 52 for transmitting the third public key to the management terminal 30 .
  • Terminal communication unit 31 of management terminal 30 receives the third public key from second information terminal 50 .
  • the terminal control unit 32 generates a second signature for the received third public key using the second private key, and generates a second server certificate including the third public key and the second signature,
  • the terminal communication unit 31 is caused to transmit to the second information terminal 50 .
  • the second communication unit 52 of the second information terminal 50 receives the second server certificate from the management terminal 30 and transmits the received second server certificate to the control device 60 .
  • the communication unit 61 of the control device 60 receives the second server certificate from the second information terminal 50 .
  • the control unit 62 verifies the second signature included in the received second server certificate using the second public key included in the root certificate stored in the storage unit 63, and if the verification is successful, Remove device restrictions.
  • Such an information processing system 10 can authorize the user of the second information terminal 50 (the resident in the above embodiment) to release restrictions on the entry and exit of goods or people.
  • the first information terminal 40 and the control device 60 are installed in the same facility 80.
  • the device is an auto-locking door 70 at the common entrance of facility 80 . Releasing the device restriction means unlocking the auto-locking door 70 .
  • Such an information processing system 10 can unlock the auto-locking door 70 on the condition that the two-dimensional code indicating the first server certificate is presented.
  • the information processing method is an information processing method executed by the information processing system 10 that is used to cancel restrictions on equipment that restricts the movement of goods or people into and out of the space.
  • the information processing method includes a first communication step S11 in which the first information terminal 40 transmits a first public key to the management terminal 30 and the management terminal 30 receives the first public key from the first information terminal 40; Terminal 30 generates a first signature for a first public key received using a second private key, and a two-dimensional representation of the first public key and a first server certificate containing the first signature.
  • Issuing steps S15 to S17 for issuing a code acquiring steps S21 to S23 for acquiring the first server certificate by reading the issued two-dimensional code by the first information terminal 40; a second communication step S24 in which the acquired first server certificate is transmitted to the control device 60 and the control device 60 receives the first server certificate from the first information terminal;
  • the first signature included in the server certificate is verified using the second public key included in the root certificate stored in the storage unit 63, and if the verification is successful, the control step S25 to release the restriction on the device. S30.
  • This information processing method requires the presentation of a two-dimensional code that indicates the first server certificate, and can relatively safely lift restrictions on the entry and exit of goods or people.
  • the information processing program is a program for causing a computer to execute the above information processing method.
  • Such an information processing program requires the presentation of a two-dimensional code that indicates the first server certificate, and can relatively safely lift restrictions on the entry and exit of goods or people.
  • the information processing system was realized by a plurality of devices.
  • the components (especially functional components) of the information processing system may be distributed among the plurality of devices in any way.
  • the information processing system may be implemented as a single device.
  • the information processing system may be implemented as a single device corresponding to any one of the communication terminal, management terminal, first information terminal, second information terminal, and control device.
  • processing executed by a specific processing unit may be executed by another processing unit.
  • order of multiple processes may be changed, and multiple processes may be executed in parallel.
  • each component may be realized by executing a software program suitable for each component.
  • Each component may be realized by reading and executing a software program recorded in a recording medium such as a hard disk or a semiconductor memory by a program execution unit such as a CPU or processor.
  • each component may be realized by hardware.
  • each component may be a circuit (or integrated circuit). These circuits may form one circuit as a whole, or may be separate circuits. These circuits may be general-purpose circuits or dedicated circuits.
  • general or specific aspects of the present invention may be implemented in a system, apparatus, method, integrated circuit, computer program, or recording medium such as a computer-readable CD-ROM. Also, general or specific aspects of the present invention may be implemented in any combination of systems, devices, methods, integrated circuits, computer programs and recording media.
  • the present invention may be implemented as the communication terminal, management terminal, first information terminal, second information terminal, or control device of the above embodiments.
  • the present invention may also be implemented as an information processing method executed by a computer such as the information processing system of the above embodiment. Further, the present invention may be implemented as a program for causing a computer to execute the information processing method. The present invention may be implemented as a computer-readable non-temporary recording medium on which such a program is recorded.
  • the present invention may also be implemented as an application program for causing a general-purpose information terminal to function as the management terminal, first information terminal, or second information terminal of the above embodiments.
  • the present invention may be implemented as a computer-readable non-temporary recording medium on which such an application program is recorded.
  • the present invention may be implemented as a method of constructing an information processing system by adding a first information terminal to an existing system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Un système de traitement d'informations (10) comprend un premier terminal d'informations (40), un terminal de gestion (30) et un dispositif de commande (60). Le terminal de gestion (30) émet un code bidimensionnel qui indique un premier certificat de serveur. Le premier terminal d'informations (40) lit le code bidimensionnel émis afin d'acquérir le premier certificat de serveur et transmet le premier certificat de serveur acquis au dispositif de commande (60). Le dispositif de commande (60) reçoit le premier certificat de serveur en provenance du premier terminal d'informations (40), vérifie une première signature incluse dans le premier certificat de serveur acquis à l'aide d'une seconde clé publique incluse dans un certificat racine stocké au niveau d'une unité de stockage, et publie une restriction sur un appareil lorsque la vérification a réussi.
PCT/JP2022/047605 2022-02-07 2022-12-23 Système de traitement d'informations et procédé de traitement d'informations WO2023149124A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2022-016839 2022-02-07
JP2022016839 2022-02-07

Publications (1)

Publication Number Publication Date
WO2023149124A1 true WO2023149124A1 (fr) 2023-08-10

Family

ID=87552251

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/047605 WO2023149124A1 (fr) 2022-02-07 2022-12-23 Système de traitement d'informations et procédé de traitement d'informations

Country Status (1)

Country Link
WO (1) WO2023149124A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016148920A (ja) * 2015-02-10 2016-08-18 大日本印刷株式会社 施設利用管理システム
JP2019176441A (ja) * 2018-03-29 2019-10-10 セコム株式会社 電気錠
JP2019173523A (ja) * 2018-03-29 2019-10-10 セコム株式会社 電気錠システムおよび錠制御端末

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016148920A (ja) * 2015-02-10 2016-08-18 大日本印刷株式会社 施設利用管理システム
JP2019176441A (ja) * 2018-03-29 2019-10-10 セコム株式会社 電気錠
JP2019173523A (ja) * 2018-03-29 2019-10-10 セコム株式会社 電気錠システムおよび錠制御端末

Similar Documents

Publication Publication Date Title
US11164413B2 (en) Access control system with secure pass-through
US7325132B2 (en) Authentication method, system and apparatus of an electronic value
CN109155088B (zh) 动态密钥访问控制系统、方法和装置
JP5292862B2 (ja) セキュリティシステム、サーバ装置、セキュリティ方法、電子鍵管理方法及びプログラム
KR101233527B1 (ko) 입퇴장 관리 시스템 및 방법
JP5127429B2 (ja) 入場制限システム及び中継装置
EP3452994B1 (fr) Panneau virtuel pour un système de contrôle d'accès
CN103248484A (zh) 门禁控制系统及方法
TWI569230B (zh) 配合行動裝置的管制系統
US8176550B2 (en) Authentication-capable apparatus and security system
KR101637516B1 (ko) 출입 제어 방법 및 장치
JP2007241368A (ja) セキュリティ管理装置、セキュリティ管理方法およびプログラム
KR20180125729A (ko) 코드표시를 통한 차량 출입통제 시스템 및 방법
JP5404822B2 (ja) 認証システム
WO2023149124A1 (fr) Système de traitement d'informations et procédé de traitement d'informations
JP5106264B2 (ja) エレベータセキュリティ制御システム及びエレベータセキュリティ制御方法
JP6120434B2 (ja) ゲートの電子鍵管理システム及びその電子鍵管理方法
JP7398685B2 (ja) 情報処理システム、及び、情報処理方法
JP5465593B2 (ja) 入退室管理システム
WO2023021968A1 (fr) Système et procédé de traitement d'informations, premier et second dispositifs de gestion
WO2024042928A1 (fr) Système de traitement d'informations, dispositif de commande et procédé de traitement d'informations
JP6763681B2 (ja) 鍵データ配信システム
JP6934441B2 (ja) 管理サーバ、認証方法、コンピュータプログラム及びサービス連携システム
JP2022014824A (ja) 入場チェックシステム、開錠システム、利用管理システム、入場チェック方法、開錠方法および利用管理方法
JP2023066608A (ja) 建物のゲート管理システム、ゲート管理方法及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22925027

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023578419

Country of ref document: JP