+

WO2013031115A1 - Terminal mobile, procédé d'authentification, programme d'authentification et système d'authentification - Google Patents

Terminal mobile, procédé d'authentification, programme d'authentification et système d'authentification Download PDF

Info

Publication number
WO2013031115A1
WO2013031115A1 PCT/JP2012/005157 JP2012005157W WO2013031115A1 WO 2013031115 A1 WO2013031115 A1 WO 2013031115A1 JP 2012005157 W JP2012005157 W JP 2012005157W WO 2013031115 A1 WO2013031115 A1 WO 2013031115A1
Authority
WO
WIPO (PCT)
Prior art keywords
unit
read
pseudo
tag
mobile terminal
Prior art date
Application number
PCT/JP2012/005157
Other languages
English (en)
Japanese (ja)
Inventor
安齋 潤
隆博 中西
Original Assignee
パナソニック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニック株式会社 filed Critical パナソニック株式会社
Publication of WO2013031115A1 publication Critical patent/WO2013031115A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/667Preventing unauthorised calls from a telephone set
    • H04M1/67Preventing unauthorised calls from a telephone set by electronic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2250/00Details of telephonic subscriber devices
    • H04M2250/04Details of telephonic subscriber devices including near field communication means, e.g. RFID

Definitions

  • the present invention relates to a portable terminal, an authentication method, an authentication program, and an authentication system for authenticating an ID (Identification) read using a non-contact IC (Integrated Circuit) reader function.
  • the IDs of the non-contact IC card and RFID tag read by the portable terminal are assumed to be used for, for example, authentication in the portable terminal.
  • Patent Documents 1 to 3 are known in relation to such an authentication method. It has been.
  • the portable electronic device of Patent Document 1 includes a non-contact IC reader / writer, receives an ID number stored in a non-contact IC card via the non-contact IC reader / writer, and receives the received ID number. It is stored in the lock related record of the storage unit.
  • the portable electronic device authenticates for unlocking, it receives the ID number stored in the non-contact IC card via the non-contact IC reader / writer and stores it in the received ID number and the lock related record. The ID number is verified. Thereby, the portable electronic device can perform authentication based on the ID number of the non-contact IC without burdening the user or the like.
  • the authentication system of Patent Document 2 uses an IC tag, a portable terminal device having a reader function and a writer function for reading and writing a card ID that specifies the IC tag, a plurality of service providing servers, and a portable terminal device. And an authentication server for authenticating an accessor to the service providing server.
  • the mobile terminal device reads the card ID from the IC tag, and transmits the card ID and the terminal ID of the mobile terminal device to the authentication server.
  • the authentication server associates and registers a user ID for identifying an accessor and a unique card ID and terminal ID for each service, and further associates a rewrite password different from the card ID with the user ID and registers them in the database. To do.
  • the authentication system further includes a card update unit that updates the card ID registered in the database every time the service is used, and rewrites the card ID with a new card ID through the writer function of the mobile terminal device.
  • the authentication server authenticates by using the card ID associated with the service related to the access request, and when the authentication is successful, permits the access to the service providing server that provides the permitted service, and the card ID is not acquired. In this case, a rewrite password is acquired, and the rewrite password is authenticated instead of the card ID.
  • the authentication system reduces burdens on the user, such as complicated operations, during authentication processing for receiving services provided by a portable information terminal such as a mobile phone or PDA (Personal Digital Assistant) through a communication network such as the Internet.
  • security can be improved effectively.
  • the mobile phone control system of Patent Document 3 has a built-in IC chip with a unique ID attached to a card that displays the function to be activated on the surface, reads the ID with a mobile phone, and has a function corresponding to a pre-registered ID. to start.
  • the mobile phone control system can allow a user who is restricted in fine operation with keys such as a visually impaired person and an elderly person to easily operate the mobile phone.
  • RFID tag is simply referred to as “tag” in the following description.
  • ID numbers, card IDs, and IDs in Patent Documents 1 to 3 described above are assumed to be always available when the authentication is successful. ing.
  • ID number”, “card ID”, and “ID” are collectively described as “ID”.
  • the ID of the contactless IC card and the tag can always be used according to the specification of the contactless IC card and the tag and the usage status of the user who uses the tag.
  • the specifications of the non-contact IC card and the tag are based on, for example, whether the ID is a fixed value or a random value, the number of digits of the ID, and a registration policy (eg, security level) when using the ID.
  • ID types determined by the The registration policy includes a case where a policy file in which the policy content is described is stored in the storage unit of the portable terminal and a case where the policy file is not present and the content of the registration policy is defined in a part of the program. is there.
  • the mobile terminal displays a list of operations that can be paired.
  • the policy file is read from the storage unit, and “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired.
  • the registration policy can be dynamically changed by rewriting the policy file.
  • types of ID include, for example, type A, type B, type F, ISO15693, and the like.
  • An object of the present invention is to provide a portable terminal, an authentication method, an authentication program, and an authentication system that guarantee the safe execution of the attached operation.
  • the present invention is a portable terminal that wirelessly communicates with a non-contact IC, a read / write unit that reads an ID and data stored in the non-contact IC, and a display unit that displays an operation selection screen in the portable terminal; Based on the ID and data read by the read / write unit, according to the registration policy of the ID, the information identifying the operation in the mobile terminal selected from the selection screen and the ID are associated with each other
  • An availability determination unit that determines whether or not the ID can be used, and if the ID is determined to be available, specifies the ID read by the read / write unit and an operation in the mobile terminal
  • the present invention is an authentication method in a portable terminal that wirelessly communicates with a non-contact IC, the step of reading the ID and data stored in the non-contact IC, and based on the read ID and data Determining whether or not the ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone And the step of writing the generated new pseudo ID in the non-contact IC, and in the storage unit, the information specifying the operation in the portable terminal according to the security level of the ID and the ID are stored in association with each other. Updating the pseudo ID to the new pseudo ID, and changing the pseudo ID stored in the storage unit to the pseudo ID After updating the Shii pseudo ID, and a step of performing an operation in the mobile terminal corresponding to the information for specifying the operation.
  • a portable terminal that is a computer that wirelessly communicates with a non-contact IC, the step of reading an ID and data stored in the non-contact IC, and the reading based on the read ID and data. Determining whether the read ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone. A step of writing the generated new pseudo ID into the non-contact IC, and in the storage unit, the information identifying the operation in the portable terminal according to the security level of the ID and the ID are associated with each other Updating the stored pseudo ID to the new pseudo ID; and the pseudo ID stored in the storage unit. After the ID has been updated the the new pseudo ID, to realize, and performing an operation in the portable terminal corresponding to the information for specifying the operation.
  • the present invention is also an authentication system including a non-contact IC and a portable terminal that wirelessly communicates with the non-contact IC, wherein the non-contact IC stores an ID and data of the non-contact IC.
  • the portable terminal transmits the read signal to the non-contact IC, and the non-contact IC
  • a read / write unit that receives the ID and data from the storage unit, and a storage unit that stores information that specifies an operation in the portable terminal according to the security level of the ID, and a pseudo-ID that is different from the ID and the ID
  • a clone detection unit that determines whether the read ID is a clone based on the ID and data read by the read / write unit, When it is determined that the ID read by the read / write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data, and the operation in the storage unit
  • An operation execution unit that executes an operation in the mobile terminal.
  • an ID of a contactless IC card or tag it is effectively determined whether or not an ID of a contactless IC card or tag can be used reliably, and secure execution of an operation associated with the ID when using the ID is ensured. Can do.
  • a portable terminal according to the present invention is an electronic device that can read an ID and data stored in a non-contact IC mounted on an IC card or a tag.
  • the portable terminal a smartphone, a PDA (Personal Digital Assistant) or an electronic It is a book terminal.
  • the portable terminal which concerns on this invention is demonstrated as a smart phone, the portable terminal which concerns on this invention is not limited to each electronic device mentioned above.
  • the present invention can also be expressed as an authentication program for operating a device that is a mobile terminal or a mobile terminal as a computer. Furthermore, the present invention can also be expressed as an authentication method including each process (step) for authentication executed by the mobile terminal. Furthermore, the present invention can be expressed as an authentication system including an IC card or tag and a mobile terminal. That is, the present invention can be expressed in any category of an apparatus, a method, a program, and a system.
  • FIG. 1 is a system configuration diagram of the authentication system 7 of the present embodiment.
  • An authentication system 7 shown in FIG. 1 includes a tag 2 or an IC card 3 and a mobile terminal 4.
  • the portable terminal 4 performs short-range wireless communication with the non-contact IC 2a of the tag 2 or the non-contact IC 3a of the IC card 3, and transmits a read signal to the tag 2 or the IC card 3. Read the ID and data from the card 3.
  • the tag 2 is configured to have a non-contact IC 2a.
  • the non-contact IC 2 a includes a non-contact IC storage unit 2 a 1 that stores the ID and data of the tag 2 and a communication unit 2 a 2 that transmits the ID and data to the portable terminal 4.
  • the IC card 3 has a non-contact IC 3a.
  • the non-contact IC 3 a includes a non-contact IC storage unit 3 a 1 that stores the ID and data of the IC card 3 and a communication unit 3 a 2 that transmits the ID and data to the portable terminal 4.
  • FIG. 5 is a diagram illustrating an example of a data structure in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a and 3a.
  • the data structure in the non-contact IC storage units 2a1 and 3a1 shown in FIG. 5 has a configuration having an ID area and a Data area.
  • the IDs of the tag 2 and the IC card 3 on which the non-contact IC storage units 2a1 and 3a1 are mounted are written in advance.
  • the ID “AA: 10: FF: FA” is written in the ID area of FIG.
  • Some IDs in the ID area are rewritable and others are not rewritable. For example, a random value is used for the former ID, and a fixed value is used for the latter ID.
  • Data “CC: AC: B1: 84: 12: 44” is written in the Data area of FIG.
  • the data written in the Data area includes, for example, a write flag indicating that the Data area of the non-contact ICs 2a1 and 3a1 can write data by the read / write unit 13 (see later), and a pseudo ID (see later). Is applicable.
  • the pseudo ID is different from the ID written in the ID area.
  • FIG. 2 is a block diagram showing in detail the internal configuration of the mobile terminal 4 of the present embodiment.
  • the mobile terminal 4 displays an operation selection screen in the mobile terminal 4 on the display unit 21, reads the ID and data of the tag 2, and is selected from the selection screen based on the read ID and data.
  • the ID of the tag 2 can be used in association with information (for example, operation ID) for specifying the operation in the portable terminal 4 and the ID according to the ID registration policy (for example, security level). judge.
  • the operation ID includes, for example, an application ID for identifying an application, a file path or URL (Uniform Resource Locator) of an application that is an access destination of an application execution file, and package / class information.
  • a security level will be exemplified and described as an example of a registration policy that is a criterion for storage (registration) of the portable terminal 4, but the example of the registration policy is not limited to the security level.
  • the portable terminal 4 associates the ID of the read tag 2 with the information for specifying the operation in the portable terminal 4, and the ID of the associated tag 2 And information specifying the operation of the portable terminal 4 are stored (registered) in the storage unit.
  • the portable terminal 4 determines whether or not the tag 2 satisfies a predetermined authentication condition (described later) based on the ID and data read when the tag 2 is held over the portable terminal 4. When it is determined that the predetermined authentication condition is satisfied, the mobile terminal 4 performs an operation according to information specifying the operation in the mobile terminal 4 associated with the read ID (see FIGS. 19 to 22). ).
  • an ID generated by a malicious third party by copying the ID of the tag 2 and the like that does not satisfy a specific authentication condition among the predetermined authentication conditions described above is defined as “clone”
  • the tag storing the clone (ID) is defined as “clone tag”.
  • associating the ID of the tag 2 (same for the IC card 3) with the information for specifying the operation in the mobile terminal 4 is defined as “pairing”.
  • the mobile terminal 4 shown in FIG. 2 includes a control unit 10, an operation unit 11, a read / write unit 13, a storage unit 17, a display unit 21, a RAM (Random Access Memory) 22, and a ROM (Read Only Memory) 23.
  • the control unit 10 is configured to include an operation information management unit 12, an availability determination unit 14, a pseudo ID generation unit 15, a registration unit 16, an ID validity verification unit 18, a clone detection unit 19, and an operation execution unit 20.
  • Each unit of the control unit 10 is configured using a CPU (Central Processing Unit) built in the mobile terminal 4 and controls the operation of each unit of the mobile terminal 4. That is, the operation of each unit of the control unit 10 in FIG. 2 is realized by a CPU built in the portable terminal 4.
  • a CPU Central Processing Unit
  • the operation unit 11 is a user interface for a user to input an operation on the mobile terminal 4, and outputs an operation signal corresponding to the operation content of the user to the operation information management unit 12.
  • the operation unit 11 is arranged on the display unit 21 and is configured with a touch panel that can accept an input operation with a user's finger or stylus pen.
  • the operation unit 11 can be configured with various keys such as a numeric keypad for inputting a telephone number and the like, a telephone key for performing on-hook or off-hook, and a function key.
  • the read / write unit 13 responds to any one of a plurality of types of modulation schemes to the tag 2 close to the mobile terminal 4 based on a reading instruction (see below) output from the operation information management unit 12. Send the read signal. Specifically, when the read / write unit 13 transmits a read signal of a modulation method according to the first communication standard and cannot receive the ID and data of the tag 2 according to the read signal, the second write communication 13 A read signal of a modulation method according to the standard is transmitted. When the read / write unit 13 cannot receive the ID and data of the tag 2 according to the read signal of the modulation method according to the second communication standard, the read / write unit 13 transmits the read signal of the modulation method according to another third communication standard. The same applies thereafter.
  • the read / write unit 13 receives the ID and data of the tag 2 sent back from the communication unit 2a2 of the tag 2 in response to the read signal. Thereby, the reading of the ID and data of the tag 2 of the read / write unit 13 is completed.
  • the read / write unit 13 reads the ID and data of the tag 2 by the number of times of reading (see later) included in the reading instruction. For example, when the number of times of reading is 4, the read / write unit 13 reads the ID and data of the tag 2 four times.
  • the read / write unit 13 outputs the communication standard information of the read signal when the ID and data of the tag 2 and the ID and data of the tag 2 are received to the availability determination unit 14. Furthermore, when the above-described write flag is included in the data received from the tag 2, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the write flag. Output to the availability determination unit 14.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 in accordance with the modulation method similar to the read signal to the tag 2, and the pseudo ID output from the pseudo ID generation unit 15 described later is used as the tag. 2 is written in the non-contact IC storage unit 2a1.
  • the read / write unit 13 outputs to the registration unit 16 whether or not the pseudo ID has been successfully written. In FIG. 2, an arrow between the read / write unit 13 and the registration unit 16 is not shown.
  • the read / write unit 13 outputs each ID and data of the tag 2 and communication standard information of the read signal to the ID validity verifying unit 18. Furthermore, when the above-described pseudo ID is included in the data of the tag 2, the read / write unit 13 verifies not only the ID and data of the tag 2, but also the pseudo ID as well as the communication standard information of the read signal. To the unit 18.
  • the operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation.
  • ID registration registration
  • the display unit 21 displays that the tag 2 is close to the mobile terminal 4.
  • the operation information management unit 12 causes the display unit 21 to display an ID security level selection screen after the display indicating that the tag 2 is close to the portable terminal 4 is confirmed by user operation.
  • FIG. 6A shows an example of a security level selection screen.
  • FIG. 6B is a diagram showing another example of the security level selection screen.
  • the operation of the mobile terminal 4 that is recommended for selection or the name of the application installed in the mobile terminal 4 is exemplarily displayed according to each security level. ing.
  • the information of the operation of the mobile terminal 4 that is recommended for selection according to the security level or the application installed in the mobile terminal 4 is stored in advance in the storage unit 17 described later. It should be noted that when an application is newly installed, which security level the application corresponds to may be temporarily stored in the storage unit 17 or may be changed secondarily by a user operation.
  • the operation information management unit 12 may automatically select the security level of the ID to be registered according to the operation or application of the mobile terminal 4 selected by the user operation. This eliminates the need for the mobile terminal 4 to cause the user to select the security level of the ID to be registered for ID, thereby simplifying the user operation.
  • the operation information management unit 12 can be used on the operation selection screen of the portable terminal 4 to be paired or the portable terminal 4 after the ID security level is selected by the user operation from the ID security level selection screen.
  • a menu screen including an ID registration item is displayed on the display unit 21.
  • the operation information management unit 12 outputs to the registration unit 16 information (for example, operation ID) that identifies the operation of the mobile terminal 4 to be paired or the operation selected as the operation according to the application menu.
  • FIG. 7A is a diagram illustrating an example of an operation selection screen of the mobile terminal 4 to be paired.
  • FIG. 7B is a diagram illustrating an example of an operation selection screen corresponding to a menu of an application to be paired.
  • FIG. 7C is a diagram illustrating an example of a selection screen for determining whether or not to disable the activation of an application from an icon after registering the ID of the tag 2.
  • an application to be paired is, for example, application Z.
  • the selection screen in FIG. 7A is a screen that is displayed when the above-described ID setting application is started in a state where the standby screen is displayed on the display unit 21, for example.
  • the terminal lock is a function for preventing the use of a third-party mobile terminal 4 that does not know a password such as a password, for example, in order to ensure the security of the mobile terminal 4.
  • the SafetyBox is an application that keeps important information or data of the user of the mobile terminal 4.
  • the selection screen shown in FIG. 7 (b) for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag ID exchange as the menu of application Z to be paired ,...It is shown.
  • the selection screen of FIG. 7B is different from the selection screen of FIG. 7A in that the application Z to be paired is activated in advance by a user operation, and the ID setting (registration, deletion) described above in the application Z is performed. ) This is the screen displayed when the function is activated.
  • the tag ID registration is selected, the mobile terminal 4 proceeds to a process of registering an ID for pairing with an operation ID indicating activation of the application Z to be paired.
  • the selection screen shown in FIG. 7C is displayed after ID registration performed as a result of (3) tag ID registration being selected in the selection screen shown in FIG. 7B, for example.
  • the user interface including the application Z icon is hidden on the display unit 21 or the user interface including the application Z icon is displayed. It is a screen for inquiring of the user whether or not to perform invalidation setting so as not to start the application Z based on a user operation.
  • the mobile terminal 4 sets the user interface including the icon for starting the application Z to be in a non-display state.
  • the instruction is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
  • the portable terminal 4 can easily hide the presence of the application Z from the user, and the tag 2 is held over the portable terminal 4.
  • the application Z can be activated only when a predetermined authentication condition described later is satisfied. Therefore, the portable terminal 4 can similarly hide the presence of the application Z from, for example, a malicious third party other than the user, and can prevent the third party's application Z from being activated.
  • the mobile terminal 4 selects the application Z based on the user operation of the user interface including the icon of the application Z.
  • the setting instruction for setting the non-operation setting state is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.
  • the portable terminal 4 cannot hide the presence of the application Z from the user, the activation of the application Z can be prevented from the user operation of the icon, and the tag 2 is held over the portable terminal 4 and will be described later.
  • the application Z can be activated only when a predetermined authentication condition is satisfied. Therefore, the mobile terminal 4 can prevent, for example, a malicious third party who does not have the tag 2 possessed by the user from starting the application Z.
  • the operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation.
  • “ID deletion” is selected (see FIG. 8A)
  • an ID already registered is read from the storage unit 17 and a selection screen of an ID to be deleted is displayed on the display unit 21.
  • FIG. 8A is a diagram illustrating an example of an ID selection screen to be deleted.
  • IDs to be deleted (1) tag A (ID: XX, photo A), (2) IC card B (ID: YY, photo B),.
  • the photograph A is image data representing a photograph of the tag A.
  • the image of the tag A is captured by an imaging unit (not shown in FIG. 2) according to a user operation.
  • a photograph is captured, and the captured image data is also stored (registered) in the storage unit 17 in association with the ID of the tag A.
  • the user when deleting the ID, the user can specifically recall which tag the name or ID of the tag A is by browsing the photo A, and can stop deleting the ID of the tag A. You can also. Since the same applies to the IC card B (ID: YY, photo B), description thereof is omitted.
  • the operation information management unit 12 uses the ID for pairing between the ID and the operation ID based on the security level of the selected ID and the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application.
  • the availability determination unit 14 is instructed to determine whether the availability is possible.
  • the operation information management unit 12 reads the ID and data of the tag 2 when the tag 2 is brought close to the portable terminal 4 by a user operation in response to a display indicating that the tag 2 is brought close to the portable terminal 4.
  • a reading instruction including the number of readings is output to the read / write unit 13.
  • the availability determination unit 14 acquires the ID and data of the tag 2 read by the read / write unit 13. Based on the ID and data of the tag 2 read by the read / write unit 13, the availability determination unit 14 performs an operation according to the operation of the mobile terminal 4 or the application menu selected by the user operation or the operation information management unit 12. It is determined whether the ID of the tag 2 can be used for the pairing of the operation ID and the ID of the tag 2 according to the user operation or the security level selected by the operation information management unit 12.
  • FIG. 3 is a block diagram showing in detail the internal configuration of the availability determination unit 14. 3 includes an ID fixing determination unit 31, an ID type determination unit 32, a write permission determination unit 33, an ID size determination unit 34, and a security level conformity determination unit 35. Here, the operation of each unit of the availability determination unit 14 will be described.
  • the ID fixing determination unit 31 determines whether or not the ID of the tag 2 read by the read / write unit 13 is a fixed value.
  • the read / write unit 13 reads the ID of the tag 2 by the number of times of reading included in the reading instruction output from the operation information management unit 12. When the number of readings is four, the ID fixing determination unit 31 determines whether or not all four IDs are fixed values, that is, the four IDs have the same value.
  • the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13.
  • the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. It is determined that Further, when the read / write unit 13 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
  • the ID size determination unit 34 determines the ID size of the tag 2 read by the read / write unit 13. For example, when the ID size of the tag 2 read by the read / write unit 13 is 6 digits, the ID size determination unit 34 sets the ID size of the tag 2 read by the read / write unit 13 to 6 digits. judge.
  • the security level conformity determination unit 35 is a read / write unit based on one or more determination results of the determination results of the ID type determination unit 32, the write permission / rejection determination unit 33, and the ID size determination unit 34. It is determined whether or not the ID of the tag 2 read by 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12.
  • the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34 are the ID type of the tag 2, the writability of data, and the ID size of the tag 2.
  • the security level conformity determination unit 35 The ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16 assuming that the ID can be used for pairing the ID and the ID of the tag 2.
  • the security level conformity determination unit 35 selects the ID of the tag 2 read by the read / write unit 13 by the user operation or operation information management unit 12 based on the security level table ST shown in FIG. It is determined whether the security level of the ID of the tag 2 is met.
  • the security level conformity determination unit 35 is based on the determination result of only the ID size determination unit 34, and the operation of the mobile terminal 4 selected by the user operation or the operation information management unit 12 or the operation according to the application menu Whether or not the ID of the tag 2 can be used for pairing between the ID and the ID of the tag 2 may be determined according to the security level selected by the user operation or the operation information management unit 12.
  • FIG. 9 is a diagram illustrating an example of a security level table stored in the storage unit 17.
  • three types of security levels “high”, “medium”, and “low” are defined.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “high”
  • the ID size is “8 to 16 digits”
  • the type is “type 1 ( Example: Type B) ”and the write permission / prohibition is“ permitted ”(that is, writable)
  • the security level of the tag 2 ID is suitable.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “medium”, the ID size is “5 to 7 digits” and the type is “type 2”. (Example: Type A) ”, and the write permission / prohibition is“ possible ”(that is, write is possible), it is determined that the security level of the tag 2 ID is suitable.
  • the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “low”, the ID size is “4 digits” and the type is “type 3 (example: ISO15693) ”and the write permission / prohibition is“ impossible ”(that is, writing is impossible), it is determined that the security level of the ID of the tag 2 is suitable.
  • the operation of the portable terminal 4 or the application installed in the portable terminal 4 that is recommended for selection according to the security level is exemplarily determined.
  • the operation information management unit 12 reads the content of “corresponding operation, corresponding application” recommended for selection according to each level of the security level table ST, and displays the selection screen shown in FIG. indicate.
  • the pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 or the clone detection unit 19 (the pseudo ID determination unit 41) described later.
  • the pseudo ID generation unit 15 outputs the generated pseudo ID to the registration unit 16.
  • the pseudo ID is a random value, and the pairing of the operation ID of the operation of the mobile terminal 4 according to the security level of the ID of the tag 2 or the operation according to the menu of the application and the ID of the tag 2 This is a value written in the Data area of the non-contact IC storage unit 2a1 of the tag 2 when the ID is usable and data can be written to the tag 2.
  • the registration unit 16 calculates a digest value of the predetermined data using a keyed hash function (Keyed Hashing Function) program for the predetermined data.
  • the program of the keyed hash function may be defined in advance in the operation of the registration unit 16, or may be stored in the storage unit 17.
  • the registration unit 16 operates the keyed hash function program stored in the storage unit 17 when calculating the digest value. Read and execute automatically.
  • the registration unit 16 uses a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 when the availability determination unit 14 determines that the ID of the tag 2 is usable.
  • the digest value of the tag 2 ID is calculated.
  • the case where the ID of the tag 2 is usable means that the operation in the portable terminal 4 according to the security level of the ID of the tag 2 selected by the user operation or the operation information management unit 12 or the operation according to the menu of the application This is a case where it is determined that the ID of the tag 2 can be used for pairing the ID and the ID of the tag 2.
  • the registration unit 16 pairs the calculated digest value of the ID of the tag 2 with the operation ID output from the operation information management unit 12, and sets the digest value of the ID of the paired tag 2 and the operation ID. Store (register) in the storage unit 17.
  • the registration unit 16 calculates a pseudo ID digest value using a keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15.
  • the registration unit 16 pairs the digest value of the ID of the tag 2 stored (registered) in the storage unit 17, the operation ID, and the digest value of the pseudo ID, and the digest value of the ID of the paired tag 2
  • the operation ID and the digest value of the pseudo ID are stored (registered) in the storage unit 17.
  • the registration unit 16 indicates that not only the operation ID, the digest value of the ID of the tag 2 and the digest value of the pseudo ID, but also that data can be written to the tag 2, that the ID of the tag 2 is a fixed value,
  • the ID size and the ID type of the tag 2 may be further paired.
  • the ID validity verification unit 18 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data.
  • the key hash function program may be defined in advance in the operation of the ID validity verification unit 18 or may be stored in the storage unit 17.
  • the ID validity verification unit 18 calculates the digest value of the keyed hash function stored in the storage unit 17. Load and execute the program dynamically.
  • the ID validity verification unit 18 acquires the ID read by the read / write unit 13, the pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), and the communication standard information of the read signal. .
  • the ID validity verifying unit 18 calculates a digest value of the ID using a keyed hash function program for the ID read by the read / write unit 13.
  • the ID validity verification unit 18 determines whether or not the digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (authentication condition 1). When it is determined that the digest value that is the same as the calculated digest value of the ID is not stored (registered) in the storage unit 17, the ID validity verification unit 18 sets the ID read by the read / write unit 13. Based on this, an authentication result indicating that the user cannot use the ID is output to the operation information management unit 12.
  • the ID validity verification unit 18 determines the ID, pseudo ID (non-contact IC storage unit of the tag 2). 2a1), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
  • the ID validity verifying unit 18 satisfies all the authentication conditions, and stores (registers) the digest value of the new pseudo ID generated by the pseudo ID generating unit 15 using the keyed hash function in the storage unit 17.
  • An operation execution instruction for executing the operation represented by the operation ID paired with the ID of the tag 2 read by the unit 13 is output to the operation execution unit 20.
  • the clone detection unit 19 includes an ID output from the ID validity verification unit 18, a pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), communication standard information of the read signal, and clone detection Based on the determination instruction, it is determined whether or not the ID read by the read / write unit 13 is a clone.
  • FIG. 4 is a block diagram showing the internal configuration of the clone detection unit 19 in detail.
  • the clone detection unit 19 illustrated in FIG. 4 includes a pseudo ID determination unit 41, an ID type determination unit 42, and a writability determination unit 43.
  • a pseudo ID determination unit 41 the ID type determination unit 42
  • a writability determination unit 43 the operation of each part of the clone detection unit 19 will be described.
  • the pseudo ID determination unit 41 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data.
  • the keyed hash function program may be specified in advance in the operation of the pseudo ID determination unit 41 or may be stored in the storage unit 17.
  • the pseudo ID determination unit 41 calculates the digest value and stores the keyed hash function program stored in the storage unit 17. Is dynamically loaded and executed.
  • the pseudo ID determination unit 41 When there is a pseudo ID paired with the ID registered in the storage unit 17, the pseudo ID determination unit 41 adds a keyed hash function program to the pseudo ID output from the ID validity verification unit 18. Use to calculate the digest value of the pseudo ID.
  • the pseudo ID determination unit 41 determines whether the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 (authentication condition 3), or is stored in the storage unit 17 It is determined whether or not it is the digest value of the latest pseudo ID among a plurality of pseudo IDs (authentication condition 4).
  • the pseudo ID determination unit 41 reads / writes the pseudo ID
  • the authentication result that the ID of the tag 2 read by 13 is a clone is output to the ID validity verification unit 18.
  • the pseudo ID determination unit 41 determines that the calculated pseudo ID digest value is the digest value of the latest pseudo ID among a plurality of pseudo IDs stored (registered) in the storage unit 17. Then, a generation instruction for generating a new pseudo ID is output to the pseudo ID generation unit 15.
  • the ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether or not the determined ID type of the tag 2 is the same as the ID type paired with the ID of the tag 2 stored (registered) in the storage unit 17. (Authentication condition 2).
  • the ID type determination unit 32 of the availability determination unit 14, the ID type determination unit 42 of the clone detection unit 19, and two ID type determination units are described.
  • two ID type determination units may be shared as one ID type determination unit.
  • the ID type determination unit 42 determines that the ID type of the determined tag 2 is not the same as the ID type of the same tag paired with the ID of the tag 2 stored (registered) in the storage unit 17. If the ID of the tag 2 read by the read / write unit 13 is a clone, the authentication result indicating that the ID is a clone is output to the ID validity verification unit 18.
  • the writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (authentication condition 5). Specifically, when the write flag is not output from the ID validity verification unit 18, that is, from the Data area of the non-contact IC storage unit 2 a 1 of the tag 2 by the read / write unit 13. When the write flag is not read, the authentication result that the ID of the tag 2 read by the read / write unit 13 is a clone is output to the ID validity verification unit 18.
  • the write permission determination unit 43 reads the write flag from the Data area of the non-contact IC storage unit 2a1 of the tag 2 by the read / write unit 13. If it is determined, it is determined that a new pseudo ID can be written in the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2.
  • the read / write determination unit 43 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.
  • the operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18.
  • the storage unit 17 is configured using a hard disk or a flash memory built in the mobile terminal 4, and includes, for example, a security level table ST (see FIG. 9), an application executed by the operation execution unit 20, and an availability determination unit. 14, the ID of the tag 2 determined to be usable and the selected operation ID are paired and stored.
  • the display unit 21 is configured using an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence) display, and based on the display instruction output from the operation information management unit 12, the display instruction output from the operation information management unit 12 The contents corresponding to the are displayed.
  • LCD Liquid Crystal Display
  • organic EL Electrode
  • the RAM 22 operates as a work memory in each operation of each unit of the control unit 10. In FIG. 2, an arrow from each part of the control unit 10 to the RAM 22 is not shown.
  • the ROM 23 stores a program in which each operation of each unit of the control unit 10 of the mobile terminal 4 is defined in advance.
  • Each unit of the control unit 10 can be configured by hardware or software.
  • the CPU built in the portable terminal 4 reads a program in which each operation of each unit of the control unit 10 is defined in advance from the ROM 23, so that the control unit 10 10 units can operate.
  • FIG. 2 the arrow to the ROM 23 is not shown.
  • FIG. 10 is a flowchart for explaining processing in the ID setting application or the ID setting function in the mobile terminal 4 of the present embodiment.
  • the ID setting application or the ID setting menu called in the application includes a menu (ID registration) for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4, and already At least a menu (ID deletion) for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed.
  • ID registration for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4
  • ID deletion for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed.
  • the master ID stored in the master tag or the master PIN Personal Identification Number
  • the master tag is a tag that stores a master ID that proves the identity of the user in identity confirmation in the ID setting application or ID setting menu of the mobile terminal 4, and is affixed to, for example, a drawer on the desk of the user's home. Yes.
  • the ID setting application or the ID setting menu is activated and the master tag input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user brings the mobile terminal 4 close to the master tag.
  • the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and the identity verification succeeds when the same ID as the master ID of the master tag stored (registered) in the storage unit 17 is read. It is determined that
  • the master PIN is a personal identification number (PIN) that proves the identity of the user in identity verification in the ID setting application of the mobile terminal 4.
  • PIN personal identification number
  • the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and when the same PIN as the master PIN stored (registered) in the storage unit 17 is input by a user operation, the identity confirmation is performed. Judge as successful.
  • the operation information management unit 12 confirms the identity of the user who uses the mobile terminal 4 (S11). The identity verification of the user is performed using the above-described master tag or master PIN.
  • the operation information management unit 12 determines that the user identification has not been successful (S12, NO)
  • the operation information management unit 12 does not allow the user to use the ID setting application or the ID setting menu. Thereby, the process of the flowchart of FIG. 10 is completed.
  • the ID registration or ID deletion process is selected from the ID setting application or the ID setting menu by the user operation. (S13).
  • the operation information management unit 12 When the ID deletion process is selected (S13, ID deletion), the operation information management unit 12 reads the ID stored (registered) from the storage unit 17 and selects the ID to be deleted. Is displayed on the display unit 21 (S14). When any ID is selected by a user operation on the selection screen displayed on the display unit 21 (S15, YES), the operation information management unit 12 selects the ID selected by the user operation in step S15 and the ID. The operation ID paired with is deleted. As a result, the ID deletion process of FIG. 10 ends.
  • the operation information management unit 12 displays on the display unit 21 that the tag 2 is brought close to the portable terminal 4 (S16).
  • the operation information management unit 12 displays an ID security level selection screen on the display unit 21 after confirming that the tag 2 is brought close to the portable terminal 4 by a user operation (S17).
  • the operation information management unit 12 When any security level is selected by a user operation on the selection screen displayed on the display unit 21 (S18, YES), the operation information management unit 12 performs the operation of the mobile terminal 4 to be paired.
  • a menu screen including an ID registration item is displayed on the display unit 21 (S19).
  • the operation information management unit 12 determines the security level of the selected ID and the operation of the mobile terminal 4 Alternatively, based on the operation ID of the operation according to the menu of the application, the availability determining unit 14 is instructed to determine whether or not the ID can be used for pairing the ID and the operation ID.
  • the availability determination unit 14 is selected by the user operation or the operation information management unit 12 based on the instruction for availability determination from the operation information management unit 12 and the ID and data of the tag 2 read by the read / write unit 13.
  • the ID of the tag 2 is set according to the security level selected by the user operation or the operation information management unit 12. It is determined whether or not it can be used (S21). The availability determination process in step S21 will be described later with reference to FIG.
  • step S21 If it is determined after step S21 that the ID of the tag 2 is not usable (S22, NO), the operation information management unit 12 indicates that the ID of the tag 2 is not usable by the availability determination unit 14. The availability determination processing result is acquired, and the display unit 21 displays that the ID of the tag 2 is not available. As a result, the ID registration process of FIG. 10 ends.
  • the operation information management unit 12 indicates that the ID of the tag 2 is usable by the availability determination unit 14. Is obtained, and it is determined whether or not the ID of the tag 2 is already paired and stored (registered) in the storage unit 17 (S23). When it is determined that the ID of the tag 2 can be used (S22, YES), the availability determination unit 14 outputs the ID of the tag 2 determined to be usable to the registration unit 16.
  • the operation information management unit 12 selects the operation selected as the pairing target The ID is output to the registration unit 16.
  • the registration unit 16 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 (S24). Furthermore, the registration unit 16 pairs the operation ID output from the operation information management unit 12 with the digest value of the ID of the tag 2 and stores (registers) it in the storage unit 17 (S24).
  • the registration unit 16 outputs a pseudo ID generation instruction to the pseudo ID generation unit 15.
  • the pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 (S25).
  • the pseudo ID generation unit 15 outputs the generated pseudo ID to the read / write unit 13 and the registration unit 16, respectively.
  • the read / write unit 13 and the registration unit 16 each acquire the pseudo ID output from the pseudo ID generation unit 15.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the pseudo ID output from the pseudo ID generation unit 15 as the non-tag of the tag 2. Write to the contact IC storage unit 2a1 (S26).
  • step S26 If writing of the pseudo ID to the tag 2 is not successful in step S26 (S27, NO), the tag 2 is selected in step S13 as a tag incapable of writing data to the non-contact IC storage unit 2a1.
  • the ID registration process is completed. As a result, the ID registration process of FIG. 10 ends.
  • the registration unit 16 uses the keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15 to generate the pseudo ID.
  • the digest value is calculated (S28).
  • the registration unit 16 stores the operation ID stored (registered) in the storage unit 17 in step S24, the digest value of the tag 2 ID, and the pseudo ID digest value calculated in step S28 in a paired manner. It is stored (registered) in the unit 17 (S28).
  • the registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
  • FIG. 8B is a diagram illustrating an example of the availability determination processing result indicating that the ID is usable.
  • the various information includes, for example, an operation ID, a pseudo ID, that data can be written to the tag 2, that the ID is fixed, the size of the ID, the type of ID, the name of the tag 2, and the like.
  • FIG. 11 is a flowchart illustrating ID availability determination processing in the mobile terminal 4 of the present embodiment.
  • the read / write unit 13 initializes the number N of read signal transmissions based on the read instruction output from the operation information management unit 12 (S31), and the number of read signal transmissions to be actually transmitted (read). The number of times M is determined (S32).
  • the read / write unit 13 starts transmitting the read signal after the number M of read signal transmissions is determined in step S32 (S33).
  • the read / write unit 13 reads when the number N of read signal transmissions reaches the parameter M (YES in S34), that is, when the ID and data are read M times from the tag 2 by transmitting the read signal M times.
  • the signal transmission is stopped (S36). If the read signal transmission count N has not reached the parameter M (S34, NO), the read / write unit 13 increments the parameter N (S35). After step S35, until the number N of read signal transmissions reaches the parameter M, reading of the ID and data of the tag 2 by the read / write unit 13 is repeated.
  • the ID fixing determination unit 31 determines whether or not all M IDs of the tag 2 read by the read / write unit 13 are fixed values (S37). When it is determined that all of the M IDs are not fixed values (S37, NO), the ID fixing determination unit 31 uses that the IDs of the tag 2 cannot be used because the M IDs are random numbers. The result of the availability determination process is output to the operation information management unit 12. Thereby, the availability determination process in FIG. 11 ends.
  • the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13 (S38). Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13 (S38).
  • the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S39). Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. (S39).
  • the ID size determination unit 34 determines the size of the ID of the tag 2 read by the read / write unit 13 (S40).
  • the security level conformity determination unit 35 determines the tag 2 read by the read / write unit 13 based on the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34. It is determined whether the ID matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41).
  • the security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41). YES), the availability determination processing result indicating that the ID of the tag 2 is usable is output to the operation information management unit 12, and the ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16. . Thereby, the availability determination process in FIG. 11 ends.
  • the security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 does not conform to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 ( (S41, NO), the operation information management unit 12 outputs the availability determination result of the reason information indicating that the ID of the tag 2 is unusable and why the ID of the tag 2 is unusable.
  • the operation information management unit 12 causes the display unit 21 to display reason information indicating why the ID of the tag 2 is unavailable in response to the output from the security level conformity determination unit 35. Thereby, the availability determination process in FIG. 11 ends.
  • FIG. 12 is an explanatory diagram showing a first pattern of clone detection in the mobile terminal of this embodiment.
  • FIG. 13 is an explanatory diagram showing a second pattern of clone detection in the mobile terminal of this embodiment.
  • FIG. 12 and FIG. 13 it is assumed that what is stored (registered) in the storage unit 17 is a pseudo ID and not a digest value of the pseudo ID.
  • the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a.
  • the portable terminal 4 authenticates the tag 2 when the tag 2 comes close to the portable terminal 4. That is, the portable terminal 4 determines whether the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2. The authentication process will be described later with reference to FIG.
  • the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 in the authentication process (Step 1) and authenticates the tag 2 (Step 2).
  • the mobile terminal 4 updates the pseudo ID stored in the tag 2 and the storage unit 17 (Step 3).
  • the updated pseudo ID is assumed to be pseudo ID2.
  • the portable terminal 4 writes the pseudo ID 2 in the tag 2 (Step 4).
  • a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 5).
  • a tag 2 ' is generated by unauthorized copying of the tag 2
  • the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2a'.
  • the portable terminal 4 authenticates the tag 2 'when the tag 2' is brought close to the portable terminal 4 by a malicious third party. However, since the pseudo ID has been updated to pseudo ID 2 by the mobile terminal 4 in Step 3, since the pseudo ID 1 of the tag 2 ′ and the pseudo ID 2 of the mobile terminal 4 are different from each other, the tag 2 is detected as having detected the existence of the clone. It is determined that authentication of 'failed.
  • the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. It is assumed that a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 1).
  • a tag 2 ′ is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2 a ′.
  • the portable terminal 4 authenticates the tag 2 ′ when the tag 2 ′ comes close to the portable terminal 4. That is, the mobile terminal 4 determines whether or not the ID of the tag 2 ′ has already been stored (registered) as an ID that can be used in the mobile terminal 4. The authentication process will be described later with reference to FIG.
  • the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 'in the authentication process (Step 2) and authenticates the tag 2' (Step 3). If the authentication of the tag 2 'is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2' and the storage unit 17 (Step 4). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 '(Step 5).
  • the portable terminal 4 When the tag 2 is brought close to the portable terminal 4 by a legitimate user, the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 (Step 6) and authenticates the tag 2 (Step 7). However, since the pseudo ID is updated to pseudo ID 2 by the mobile terminal 4 in Step 4, the pseudo ID 1 of the tag 2 and the pseudo ID 2 of the mobile terminal 4 are different from each other in the mobile terminal 4. It is determined that the authentication of the tag 2 has failed because the presence of the clone is detected (Step 8). In this case, it is preferable to invalidate the ID of the tag 2 stored (registered) in the storage unit 17 of the mobile terminal 4.
  • FIG. 14 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17 and the tag 2 when no clone is detected.
  • FIG. 15 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17, clone tag, and tag 2 when a clone is detected.
  • the tag 2 stores the ID of a fixed value (ID1) in the ID area of the non-contact IC storage unit 2a1, and enables the pseudo ID to be stored in the Data area of the non-contact IC storage unit 2a1.
  • ID1 a fixed value
  • ID2 a fixed value
  • FIG. 15 it is assumed that the clone tag is used between the first use and the second use of the tag 2.
  • the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent.
  • the ID (ID1) and the pseudo ID (PID1) are stored (registered) in the storage unit 17, and the data in the non-contact IC storage unit 2a1 of the tag 2 is stored.
  • a pseudo ID (PID1) is stored in the area.
  • the pseudo ID stored (registered) in the storage unit 17 is PID1.
  • the pseudo ID stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
  • the pseudo ID stored (registered) in the storage unit 17 is obtained from PID (n-2).
  • the pseudo ID updated to PID (n ⁇ 1) and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID (n ⁇ 2) to PID (n ⁇ 1).
  • the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent.
  • the ID (ID 1) and the pseudo ID (PID 1) are stored (registered) in the storage unit 17, and are stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2.
  • a pseudo ID (PID1) is stored.
  • the pseudo ID stored in the storage unit 17 is changed from PID1 to PID2.
  • the pseudo ID updated and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.
  • the pseudo stored in (registered) in the storage unit 17 The ID is updated from PID2 to PID3, and the pseudo ID stored in the Data area of the non-contact IC storage unit of the clone tag is updated from PID2 to PID3.
  • the mobile terminal 4 After the first use of the clone tag, when the tag 2 is used for the second time, the mobile terminal 4 stores the pseudo ID 3 stored (registered) in the storage unit 17 and the Data area of the non-contact IC storage unit 2a1 of the tag 2 It is determined that the pseudo ID 2 stored in the ID does not match. That is, the portable terminal 4 determines that the clone tag exists when the tag 2 is used for the second time and that the clone tag has been used before the second use of the tag 2.
  • FIG. 16 is a flowchart for explaining the authentication process of the tag 2 in the mobile terminal 4 of the present embodiment. The authentication process in FIG. 16 starts when the tag 2 to be authenticated is brought close to the mobile terminal 4.
  • the read / write unit 13 reads the ID and data of the tag 2 by transmitting a read signal to the tag 2 by the number of times set in advance (S51). Although detailed description of step S51 is omitted, the read / write unit 13 operates in step S51 in the same manner as the processes in steps S31 to S35 of FIG.
  • the read / write unit 13 outputs the ID and data of the tag 2 and the communication standard information of the read signal to the ID validity verification unit 18. Further, when the tag 2 data includes a pseudo ID, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the pseudo ID as an ID validity verification unit 18. Output to.
  • the ID validity verification unit 18 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the read / write unit 13 (S52). The ID validity verification unit 18 determines whether or not a digest value identical to the calculated digest value of the ID of the tag 2 is stored (registered) in the storage unit 17 (S53, authentication condition 1).
  • the ID validity verification unit 18 uses the read / write unit 13. Based on the ID of the read tag 2, an authentication result indicating that the user cannot use the ID of the tag 2 is output to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 17B is a diagram illustrating an example of an authentication result indicating that the authentication has failed.
  • the ID validity verification unit 18 determines the ID of the tag 2
  • the pseudo ID when stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.
  • the ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13 (S54). Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17. (S54, authentication condition 2).
  • the ID type determination unit 42 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag) to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 18A shows that a clone has been detected and the previous authentication success date and location.
  • the operation information management unit 12 adds the previous authentication to the authentication result indicating that the clone has been detected. It is preferable to display the date (including time) and location at the time of success on the display unit 21. Thereby, the portable terminal 4 can provide the user with a hint as to when and where the clone was generated.
  • GPS Global Positioning System
  • the pseudo ID determination unit 41 determines whether or not there is a pseudo ID associated with the ID and the action ID in the storage unit 17 (S55).
  • the pseudo ID determination unit 41 determines the ID of the tag 2 read by the read / write unit 13.
  • the fact that the authentication was successful is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an operation execution instruction to the operation execution unit 20 to execute the operation indicated by the operation ID associated with the ID of the tag 2 read by the read / write unit 13.
  • the operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ).
  • the pseudo ID determination unit 41 uses the pseudo ID output from the ID validity verification unit 18 as a key.
  • the digest value of the pseudo ID is calculated using the attached hash function program (S56).
  • the pseudo ID determination unit 41 determines whether the calculated digest ID of the pseudo ID is the same as the pseudo ID stored (registered) in the storage unit 17 (S57, authentication condition 3), or further stored in the storage unit 17. It is determined whether or not it is the digest value of the latest pseudo ID among the plurality of pseudo IDs that have been set (S58, authentication condition 4).
  • the pseudo ID determination unit 41 determines that the tag 2 read by the read / write unit 13 An authentication result indicating that the user cannot use the ID of the tag 2 based on the ID is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the user cannot use the ID of the tag 2 based on the ID of the tag 2 read by the read / write unit 13 to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B).
  • the pseudo ID determination unit 41 indicates the authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag). Output to.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17, and is the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17.
  • the pseudo ID determination unit 41 outputs a new pseudo ID generation instruction to the pseudo ID generation unit 15.
  • the pseudo ID generation unit 15 generates a new pseudo ID based on the new pseudo ID generation instruction output from the pseudo ID determination unit 41 (S59).
  • the pseudo ID generation unit 15 outputs the generated new pseudo ID to the read / write unit 13 and the registration unit 16, respectively.
  • the read / write unit 13 and the registration unit 16 obtain new pseudo IDs output from the pseudo ID generation unit 15, respectively.
  • the read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the new pseudo ID output from the pseudo ID generation unit 15 for the tag 2.
  • the writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S61, authentication condition 5 ).
  • the writability determination unit 43 indicates that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2
  • the authentication result indicating that the tag is a clone tag is output to the ID validity verification unit 18.
  • the ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12.
  • the operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.
  • the write permission / inhibition determination unit 43 can use the ID read by the read / write unit 13, that is, authentication that the authentication is successful. The result is output to the ID validity verification unit 18. Further, the registration unit 16 calculates a digest value of the new pseudo ID by using a keyed hash function program for the new pseudo ID output from the pseudo ID generation unit 15 (S62). Furthermore, the registration unit 16 pairs the operation ID stored (registered) in the storage unit 17, the digest value of the ID of the tag 2, and the digest value of the new pseudo ID calculated in step S ⁇ b> 62. Is stored (registered) (S62). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.
  • the ID validity verification unit 18 stores (registers) the digest value of the new pseudo-ID keyed hash function that satisfies all the authentication conditions and is generated (registered) in the storage unit 17, and then the read / write unit
  • the operation execution instruction to the effect that the operation represented by the operation ID paired with the ID of the tag 2 read by 13 is executed is output to the operation execution unit 20.
  • the operation execution unit 20 executes the operation represented by the operation ID paired with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ). Thereby, the authentication process of FIG. 16 is completed.
  • FIG. 17A is a diagram illustrating an example of an authentication result indicating that the authentication is successful.
  • the authentication result shown in FIG. 17A indicates that the ID of the tag 2 read by the read / write unit 13 has been successfully authenticated, for example, for canceling the use stop state (lock state) of the SafetyBox that is the application.
  • a confirmation notification icon IC11 is displayed. When the icon IC 11 is confirmed and pressed by a user operation, the locked state of the Safety Box that is the application is released and becomes usable.
  • FIG. 18B is a diagram illustrating an example of a selection screen for determining whether or not to invalidate the ID of the tag 2 detected as a clone.
  • the screen for identity verification shown in FIG. 18C is displayed.
  • the mobile terminal 4 stores (registers) in the storage unit 17 a setting instruction indicating that the authentication of the ID of the tag 2 is not successful in association with the ID.
  • FIG. 18C is a diagram illustrating an example of a screen when the identity is confirmed.
  • the portable terminal 4 may be configured not to execute an operation according to the operation ID associated with the ID of the tag 2. it can.
  • the portable terminal 4 of the authentication system 7 of the present embodiment can effectively determine whether or not the ID of the contactless IC card 3 and the tag 2 can be used reliably. Furthermore, when the portable terminal 4 authenticates using the ID and data of the non-contact IC card 3 and the tag 2 and satisfies all the authentication conditions, the portable terminal 4 executes the operation of the operation ID associated with the ID. Safety can be secured appropriately.
  • FIGS. 19 to 22 are explanatory diagrams showing an outline of a flow in which the mobile terminal according to the present embodiment authenticates the ID of the tag or the IC card and executes the first operation to the fourth operation of the mobile terminal, respectively.
  • the ID of the tag 2 or the IC card 3 is the security selected by the user operation in association with the ID of each operation of the mobile terminal 4 selected by the user operation. It is assumed that the availability determination unit 14 of the mobile terminal 4 determines that it can be used according to the level.
  • the mobile terminal 4 stores the ID and data of the tag 2
  • the ID of the tag 2 is authenticated based on the read ID and data. If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state. Thereby, the screen of the portable terminal 4 shifts from the locked screen to the standby screen, and the user can use the portable terminal 4 safely.
  • the mobile terminal 4 when the tag 2 is brought close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. Thereby, the screen of the portable terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used, and the user can safely use the Safety Box.
  • the mobile terminal 4 when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 confirms the unlocking of the SafetyBox before the operation of the operation ID associated with the ID of the tag 2, that is, the unlocking state of the SafetyBox. Displays an icon that represents the screen. Further, after this icon is confirmed and pressed by a user operation, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box.
  • the screen of the mobile terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used via a confirmation screen for unlocking the Safety Box to the user, and the user can safely use the Safe Box. Can be used.
  • the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. .
  • the portable terminal 4 starts the operation corresponding to the operation ID associated with the ID of the tag 2, that is, the browser as an application.
  • the screen of the portable terminal 4 shifts from the standby screen to a browser screen displayed when the browser is activated, and the user can safely use the browser as an application.
  • FIG. 23A is a diagram showing an example of an operation selection screen of the mobile terminal 4 to be paired.
  • FIG. 23B is a diagram showing an example of a message screen for approaching the tag 2 to be exchanged when the tag 2 is exchanged.
  • FIG. 23C is a diagram showing an example of a message screen for a tag 2 invalidation success notification and a new tag proximity instruction.
  • FIG. 23D is a diagram showing an example of a message screen for notification of success of new tag registration and tag exchange.
  • the selection screen in FIG. 23A for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag as operations of the mobile terminal 4 to be paired ID exchange,... Is shown.
  • the selection screen in FIG. 23A is similar to the selection screen in FIG. 7B, and an application to be paired (Z) is activated in advance by a user operation. It is a screen displayed when the setting (registration, deletion) application is activated.
  • the portable terminal 4 approaches the portable terminal 4 so that the tag 2 having the same ID as the ID already stored (registered) in the storage unit 17 in the application Z An instruction is displayed (see FIG. 23B).
  • the mobile terminal 4 After the tag 2 having the ID to be exchanged is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23B is confirmed by user operation, the mobile terminal 4 It is determined whether or not the tag 2 satisfying the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 to be exchanged satisfies the authentication condition.
  • the mobile terminal 4 invalidates the ID of the tag 2 and sets the ID of the tag 2 to be unusable. Furthermore, the portable terminal 4 brings the invalidation success notification that the invalidation of the tag 2 is successful and a new tag (V) to be registered instead of the invalidated tag 2 to the portable terminal 4.
  • a message screen with a proximity instruction to the effect is displayed on the display unit 21 (see FIG. 23C).
  • the mobile terminal 4 After the new tag V having the ID to be registered is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23C is confirmed and pressed by the user operation, the mobile terminal 4 It is determined whether the new target tag V satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the explanation, it is assumed that the new tag V to be registered satisfies the authentication condition.
  • the mobile terminal 4 pairs the ID of the new tag V with the operation ID paired with the ID of the tag 2 to be exchanged. To be stored (registered) in the storage unit 17. Further, the portable terminal 4 stores (registers) the ID of the new tag V in the storage unit 17 and causes the display unit 21 to display a success notification message screen indicating that the tag 2 has been successfully exchanged (FIG. 23 ( d)).
  • FIG. 24A is a diagram illustrating an example of a message screen for periodically updating the pseudo ID of the tag 2 and a proximity instruction for the tag 2 to be periodically updated.
  • FIG. 24B is a diagram illustrating an example of a message screen indicating a successful notification of periodic update of the pseudo ID of the tag 2.
  • tag 2 the tag for which the pseudo ID is periodically updated is referred to as tag 2.
  • the mobile terminal 4 periodically updates the pseudo ID paired with the ID of the tag 2 already stored (registered) in the storage unit 17 in a predetermined cycle (eg, once a week).
  • a message screen for approaching the tag 2 to be updated is displayed on the display unit 21 (see FIG. 24A).
  • the portable terminal 4 After the tag 2 having the pseudo ID to be periodically updated is brought close to the portable terminal 4 and the message screen of the proximity instruction shown in FIG. 24A is confirmed by user operation, the portable terminal 4 It is determined whether the tag 2 having the pseudo ID to be updated satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 having a pseudo ID that is a target of periodic update satisfies the authentication condition.
  • the mobile terminal 4 updates the pseudo ID of the tag 2 to a new pseudo ID different from the pseudo ID of the tag 2, and The ID is paired with the operation ID that has been paired with the ID of the tag 2 having the pseudo ID to be periodically updated, and stored (registered) in the storage unit 17. Further, the portable terminal 4 pairs the new pseudo ID with the ID and the operation ID of the tag 2 and stores (registers) the new pseudo ID in the storage unit 17 so that the periodic update of the tag 2 is successful. Is displayed on the display unit 21 (see FIG. 23D).
  • the authentication system according to the present invention has been described as a configuration including the tag 2 or the IC card 3 and the portable terminal 4 as shown in FIG. 1, but the tag 2 or the IC card 3 as shown in FIG. And it is good also as a structure which consists of the portable terminal 4 and the authentication server 5 which carries out radio
  • the authentication system 7 'shown in FIG. 25 will be described.
  • FIG. 25 is a system configuration diagram of an authentication system 7 'according to a modification of the present embodiment.
  • FIG. 26 is a block diagram showing the internal configuration of the mobile terminal 4 ′ and the authentication server 8 in the authentication system 7 ′ according to the modification of the present embodiment.
  • the portable terminal 4 ′ performs short-range wireless communication with the tag 2 on which the non-contact IC 2 a is mounted or the IC card 3 on which the non-contact IC 2 b is mounted, and wirelessly communicates with the authentication server 8 via the wireless base station BTS.
  • the mobile terminal 4 ′ includes at least the read / write unit 13, the display unit 21, the operation unit 11, and the operation execution unit 20 in the configuration illustrated in FIG. 2 (see FIG. 26).
  • the authentication server 8 includes the operation information management unit 12, the availability determination unit 14, the pseudo ID generation unit 15, the registration unit 16, the storage unit 17, the ID validity verification unit 18, the clone of the configuration of the mobile terminal 4 in FIG.
  • the configuration includes a detection unit 19, a RAM 22, and a ROM 23, and further includes a communication unit 25 for wireless communication with the mobile terminal 4 ′.
  • the operation of each part of the mobile terminal 4 ′ and the authentication server 8 is the same as that of each part of the mobile terminal 4 in FIG.
  • the ID server availability determination process and the authentication process shown in FIG. 2 are executed in the authentication server 8 and executed based on the authentication result from the authentication server 8. It is possible to simplify the circuit configuration of the portable terminal 4 ′.
  • the present invention effectively determines whether or not an ID of a contactless IC card or tag can be used reliably, and ensures a safe execution of an operation associated with the ID when using the ID, It is useful as an authentication method, an authentication program, and an authentication system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un terminal mobile qui comporte : une unité de lecture/écriture pour lire un identificateur (ID) et des données d'un circuit intégré (IC) sans contact; une unité d'affichage pour afficher un écran de sélection pour une opération dans le terminal mobile; une unité de détermination de facilité d'utilisation pour déterminer si l'ID peut être ou non utilisé, ladite détermination étant réalisée conformément à une politique d'enregistrement d'ID qui, sur la base de l'ID et des données, est associée à l'ID et à des informations spécifiant l'opération dans le terminal mobile qui est sélectionnée à partir de l'écran de sélection; une unité d'enregistrement qui associe l'ID, qui est lu s'il est déterminé que l'ID peut être utilisé, et les informations spécifiant l'opération dans le terminal mobile; et une unité de stockage pour stocker l'ID et les informations spécifiant l'opération associés.
PCT/JP2012/005157 2011-08-31 2012-08-14 Terminal mobile, procédé d'authentification, programme d'authentification et système d'authentification WO2013031115A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011189850A JP2013050930A (ja) 2011-08-31 2011-08-31 携帯端末、認証方法、認証プログラム及び認証システム
JP2011-189850 2011-08-31

Publications (1)

Publication Number Publication Date
WO2013031115A1 true WO2013031115A1 (fr) 2013-03-07

Family

ID=47755647

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/005157 WO2013031115A1 (fr) 2011-08-31 2012-08-14 Terminal mobile, procédé d'authentification, programme d'authentification et système d'authentification

Country Status (2)

Country Link
JP (1) JP2013050930A (fr)
WO (1) WO2013031115A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150039908A1 (en) * 2013-07-30 2015-02-05 Deutsche Telekom Ag System and Method for Securing A Credential Vault On A Trusted Computing Base
CN110602807B (zh) * 2013-09-26 2022-09-20 弗思特费斯有限公司 控制通信终端主界面的方法、通信终端及计算机可读存储介质
CN104601324B (zh) * 2013-10-30 2018-08-24 阿里巴巴集团控股有限公司 一种针对应用的验证方法、终端和系统
JP6662561B2 (ja) 2014-03-31 2020-03-11 フェリカネットワークス株式会社 情報処理方法、情報処理装置、認証サーバ装置及び確認サーバ装置
JP6668890B2 (ja) * 2016-03-31 2020-03-18 ブラザー工業株式会社 通信装置
JP2021128477A (ja) * 2020-02-12 2021-09-02 scheme verge株式会社 利用可否判断と利用料金計算用プログラムなど

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105231A1 (fr) * 2007-02-28 2008-09-04 Nec Corporation Processeur d'informations ayant une fonction de verrouillage, procédé de verrouillage (déverrouillage) pour le processeur d'informations et programme correspondant
JP2010057053A (ja) * 2008-08-29 2010-03-11 Nec Corp 携帯電話制御システムおよび携帯電話の制御方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105231A1 (fr) * 2007-02-28 2008-09-04 Nec Corporation Processeur d'informations ayant une fonction de verrouillage, procédé de verrouillage (déverrouillage) pour le processeur d'informations et programme correspondant
JP2010057053A (ja) * 2008-08-29 2010-03-11 Nec Corp 携帯電話制御システムおよび携帯電話の制御方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHINGO KINOSHITA: "Ubiquitous Kankyo no Security Mondai to Kaiketsu Gijutsu", COMPUTER & NETWORK LAN, vol. 22, no. 2, 1 February 2004 (2004-02-01), pages 18 - 28 *

Also Published As

Publication number Publication date
JP2013050930A (ja) 2013-03-14

Similar Documents

Publication Publication Date Title
KR100552984B1 (ko) 컨텐츠 액세스 및 저장을 제한하는 장치 및 방법
US8689002B2 (en) Peripheral device, network system, communication processing method
JP5494496B2 (ja) シンクライアント−サーバシステム、シンクライアント端末、データ管理方法及びコンピュータ読み取り可能な記録媒体
WO2013031115A1 (fr) Terminal mobile, procédé d'authentification, programme d'authentification et système d'authentification
KR100698563B1 (ko) Ic 카드, 단말 장치, 및 데이터 통신 방법
JP4142287B2 (ja) 通信端末、コンテンツの使用制限方法およびプログラムの実行制限方法
JP2013109695A (ja) アプリケーションのロック解除システムおよびロック解除用プログラム
JP5351953B2 (ja) 携帯端末、端末機能管理システム、端末機能管理方法、端末機能管理プログラム、及びそのプログラムを記録するコンピュータ読取可能な記録媒体
JP5928760B2 (ja) コンテンツ管理方法
KR20080112674A (ko) 보안 기능을 가진 휴대용 저장장치를 이용한 서버 및사용자를 인증하는 장치, 시스템, 방법 및 기록매체
JP2005050306A (ja) 情報処理装置と情報処理端末
JP5731883B2 (ja) 端末設置システム及び端末設置方法
JP2004348475A (ja) 携帯電話端末及びicカード及び管理装置及び決済端末及びicカード管理方法及びプログラム
JP6350659B2 (ja) 薬歴情報管理装置および方法、登録端末装置および方法、並びにプログラム
JP2006209433A (ja) 情報取得制御システム,携帯端末,情報取得制御方法およびプログラム
JP6065623B2 (ja) 情報管理装置、携帯端末装置及びプログラム
JP2016024475A (ja) 情報処理装置、管理装置、プログラム及びシステム
JP2017111667A (ja) 管理装置、端末装置、プログラム及び決済システム
JP2014011495A (ja) 携帯端末及び情報処理方法
JP2013152597A (ja) 携帯端末及びこれを用いたデータ管理システム
JP6237870B2 (ja) 情報処理装置、端末装置及びプログラム
JP2012063863A (ja) 情報処理装置、認証制御方法、及び認証制御プログラム
JP2010176352A (ja) 非接触通信装置、非接触通信システム、非接触通信方法およびプログラム
JP6716669B2 (ja) 情報処理装置及び情報処理方法
KR20110101271A (ko) 데이터 관리장치의 데이터 보안방법 및 그 보안장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12828444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12828444

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载