WO2005106620A1 - 情報管理装置および情報管理方法 - Google Patents
情報管理装置および情報管理方法 Download PDFInfo
- Publication number
- WO2005106620A1 WO2005106620A1 PCT/JP2004/006268 JP2004006268W WO2005106620A1 WO 2005106620 A1 WO2005106620 A1 WO 2005106620A1 JP 2004006268 W JP2004006268 W JP 2004006268W WO 2005106620 A1 WO2005106620 A1 WO 2005106620A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- input
- hardware
- authentication
- program
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Definitions
- the present invention relates to an information management device and an information management method for managing information in an information processing device.
- IP Protocol 6 Internet Protocol Version D
- information processing devices connected to communication networks such as the Internet have become personal computers, server computers, and mobile phones.
- Home appliances such as microwave ovens, air conditioners, TVs and DVDs, copy machines, and even robots are connected to the communication network and can transmit and receive information.
- the security decreases.
- home electric appliances have low safety, and may be sent to the outside from a program that interferes with the normal operation of the appliance, or may be used as a stepping platform for DDoS (Distributed Denia1ofService). Therefore, in order to enhance the security of such an information processing device, an attempt has been made to mount a biometric authentication function using a fingerprint or the like on the information processing device (for example, see Japanese Patent Application Laid-Open No. H11-163,837).
- the information processing device 1 when conducting electronic commerce using these information processing devices, the information processing device 1 the power used by the proper owner ⁇ The power that is a transaction using the owner's own information processing device, the information processing Conduct business transactions after ensuring safety, such as if devices that impair security are connected to the device, or if software such as OS (operating system), browser, plug-in software, etc. is installed. That preferable.
- OS operating system
- plug-in software plug-in software
- biometric authentication using biometric information personal authentication (PKI (Public Key Infrastructure) authentication) using an electronic certificate using a certification authority, and environmental authentication for confidentially managing information about information processing devices are also performed. ing. Also, a storage medium drive device capable of performing various security without increasing the manufacturing cost has been proposed (for example, see Patent Document 2 below).
- PKI Public Key Infrastructure
- Patent Document 1
- Patent Document 2
- fingerprint information for authentication may leak out, and there has been a problem that it is difficult to secure a high level of security only with biometric authentication.
- the software being transmitted to a third party may be falsified. It was necessary to ensure sufficient safety between the two. On the other hand, if the level of security was too high, there was a problem that it was difficult to transmit and receive information smoothly.
- biometric authentication, personal authentication, and environmental authentication are authentication functions originally used for different purposes.Therefore, the update frequency, update amount, and the like of firmware and other programs and data for executing each authentication process are determined. Update method is different Therefore, when the authentication functions of biometric authentication, personal authentication, and environmental authentication described above are incorporated into a single chip, the entire chip is updated every time the program data for each authentication function is updated. Replacement, which is virtually impossible in terms of cost. In addition, it is inconvenient for the user if the rebuilding work occurs every time it is updated, because it cannot be used during that time.
- the present invention has been made in view of the above-mentioned problems, and provides a flexible and strict execution of programs and data in biometric authentication, personal authentication (PKI authentication), and environmental authentication, thereby ensuring safety. It is an object of the present invention to provide an information management device and an information management method capable of improving performance. Disclosure of the invention
- an information management device of the present invention is mounted in an information processing device, and communication authentication hardware that authenticates security of communication with the outside of the information processing device;
- An information management device comprising a single chip incorporating processing hardware for performing a predetermined process different from the communication authentication hardware, and a provider of an arbitrary execution program installed in the single chip.
- a correction program for correcting the execution program transmitted from the provider to the information processing device.
- An input means for receiving an input of an electronic signature generated using the correction program and the private key of the provider; and an input means for inputting the electronic signature by the input means.
- Program determining means for determining whether or not the communication authentication hardware or the processing hardware is an execution program installed on a displaced hardware; and Step Updating the execution program determined by the program determination unit based on the message digest of the program, the electronic signature input by the input unit, and the public key of the provider by the correction program;
- the validity verification means for verifying whether or not the program is valid; and the execution program determined by the program determination means based on the verification result verified by the validity verification means, by the correction program.
- And updating means for updating.
- the authentication of the security of the cryptographic path receiving the correction program and the authentication of the validity of the update by the received correction program can be performed by a single chip.
- FIG. 1 is an explanatory diagram showing a schematic configuration of an information management system according to an embodiment of the present invention.
- FIG. 2 is a block diagram showing a hardware configuration of an information processing apparatus.
- FIG. 4 is a block diagram showing a hardware configuration of a security chip,
- FIG. 4 is a block diagram showing a specific configuration of each hardware shown in FIG. 3, and
- FIG. 6 is an explanatory diagram showing a stored digital certificate.
- FIG. 6 is an explanatory diagram showing registration information stored in a memory / storage.
- FIG. 7 is a diagram showing device information stored in the memory / storage.
- FIG. 8 is a flowchart showing a communication authentication processing procedure of the information management apparatus according to the embodiment of the present invention.
- FIG. 9 is an explanatory diagram showing an example of update information.
- FIG. 10 shows that the identification information is FIG. 11 is an explanatory diagram showing update information when the information is any of A to C.
- FIG. 11 is an explanatory diagram showing update information when the identification information is information of D.
- the figure is a flowchart showing the security chip update procedure when communication security is authenticated by the communication authentication hardware.
- Fig. 13 shows a communication authentication program or a device information authentication program.
- FIG. 14 is a flowchart showing an update processing procedure of the biometric authentication program.
- FIG. 15 is a flowchart showing a procedure for updating a user's electronic certificate
- FIG. 16 is a flowchart showing a communication authentication procedure for writing registration information.
- FIG. 17 is an explanatory diagram showing input information.
- FIG. 18 is a flowchart showing a registration information writing process.
- FIG. 19 is an explanatory diagram showing registration instruction information.
- FIG. 20 is a flowchart showing a normal operation processing procedure by the security chip.
- FIG. 1 is an explanatory diagram illustrating a schematic configuration of an information management system according to an embodiment of the present invention.
- an information management system 100 includes an information processing device 101 of a user, an information providing device 102 for providing an execution program or data in the information processing device 101, and a certificate authority.
- the authentication device 103 is connected to the authentication device 103 via a network 104 such as the Internet.
- the information processing device 101 of the user includes, for example, a mobile phone, a personal computer, other home appliances such as a refrigerator, a microwave oven, an air conditioner, a TV and a DVD, a copying machine, a robot, and the like.
- the information processing apparatus 101 has a security chip mounted thereon.
- the information providing device 102 is managed by a vendor or a maker that develops or sells an execution program or various data, or a company that manufactures or sells the information processing device 101.
- the information providing device 102 stores a correction program such as a patch of an execution program and various data, and uploads the data to the network 104. It also generates digital signatures for executable programs and various data.
- the authentication device 103 issues and manages digital certificates of users, manufacturers, vendors, and distributors. It also generates a digital signature for the issued digital certificate. (Hardware configuration of information processing device 101)
- FIG. 2 is a block diagram showing a hardware configuration of the information processing apparatus 101.
- the information processing apparatus 101 is detachable with a CPU 201, a ROM 202, a RAM 203, an HDD (hard disk drive) 204, an HD (hard disk) 205, and an FDD (flexible disk drive) 206.
- Each component is connected to each other by a bus 2 • 0.
- the CPU 201 controls the entire information processing apparatus 101.
- the ROM 202 stores a program such as a boot program.
- the RAM 203 is used as a work area of the CPU 201.
- the HDD 204 controls read / write of data to / from the HD 205 under the control of the CPU 201.
- the HD 205 stores data written under the control of the HDD 204.
- the FDD 206 controls reading / writing of data from / to the FD 207 under the control of the CPU 201.
- the FD 207 stores the data written under the control of the FDD 206 or causes the information processing device 101 to read the data stored in the FD 207.
- the removable recording medium may be a FD 207, a CD-ROM (CD-R, CD-RW), an MO, a DVD (DigitalVa1satileD eIsk), a memory card, or the like.
- the display 208 displays data such as documents, images, and function information, including a cursor, icons, and / or tool boxes.
- a CRT, a TFT liquid crystal display, a plasma display, or the like can be employed as the display 208.
- the communication IZF 209 is connected to a network 104 such as the Internet via a communication line, and is connected to other devices via the network 104. And The communication IZF 209 manages an internal interface with the network 104 and controls input / output of data from / to an external device.
- a modem or a LAN adapter can be employed for the communication IZF 209.
- the input keys 210 are provided with keys for inputting letters, numbers, various instructions, and the like, and input data. Further, it may be a touch panel type input pad or a numeric keypad.
- the biometric sensor 211 includes, for example, a fingerprint sensor 212, a camera 213, and a microphone 214.
- the fingerprint sensor 212 is a device that detects unevenness of a finger print at an interval of about 50 ⁇ and converts it into an electric signal. Examples of the fingerprint reading method include a semiconductor type, an optical type, a pressure-sensitive type, and a thermal type. Is mentioned.
- the camera 213 is a biological sensor 211 for imaging the iris and retina of an eyeball.
- the microphone 214 is a living body sensor 211 for detecting a voiceprint representing a voice feature.
- the security chip 215 is referred to as a TPM (Truested PIAtform Module) and is mounted on the main port of the information processing device 101.
- the security chip 215 is a chip that provides only basic functions for realizing security and privacy. Further, this security chip 215 is defined by the specification of TCG (Trusted Computing Group Group).
- TCG Trusted Computing Group Group
- the TPM mounted on one information processing device 101 cannot be mounted on another information processing device 101, and when the TPM is removed from the information processing device 101, the information processing device 101 starts. You can't do that.
- the security chip 215 is an information management device according to the embodiment of the present invention. (Hardware configuration of security chip 215)
- FIG. 3 is a block diagram showing a hardware configuration of the security chip 215.
- the security chip 215 is connected to a communication I / F 209, a biological sensor 211, a CPU 201, and a memory storage 300 via a bus.
- various kinds of software 301 are installed in the information processing apparatus 101. It is installed, and information about these software 301 can be obtained. Further, information on the peripheral device 302 connected to the information processing apparatus 101 can be obtained.
- the memory Z storage 300 may be provided in any area inside the security chip 215 or outside the security chip 215 as long as it is inside the information processing device 101. When provided in the security chip 215, the removal of the memory Z storage 300 and falsification can be prevented.
- the security chip 215 includes communication authentication hardware 311, biometric authentication hardware 312, in-apparatus information authentication hardware 313, monitoring hardware 314, and verification hardware 315. ing.
- the communication authentication software 311 authenticates the security of communication with the outside of the information processing apparatus 101, for example, with the providing server and the authentication server shown in FIG.
- the communication authentication hardware 31 1 allows the person who communicates with the outside world to perform personal authentication (PKI (Public Key Infrastructure)) using an electronic certificate using a certificate authority. It is possible to determine whether or not the person is properly registered by the certificate authority.
- a communication authentication program 321 for executing a communication authentication process is installed in the communication authentication hardware 31 1.
- the biometric authentication hardware 312 authenticates whether the biometric information detected by the biometric sensor 211 matches the registered biometric information of the user registered in the information processing device 101.
- the biometric authentication hardware 312 can determine whether the person who operates the information processing apparatus 101 is a legitimate user.
- a biometric authentication program 322 for executing a biometric authentication process is installed in the biometric authentication hardware 312.
- the in-device information authentication hardware 313 authenticates information (in-device information) in the information processing device 101 or the single chip.
- This in-apparatus information is called environmental information, and the peripheral device acquired from the peripheral device 302 connected to the information processing device 101.
- Information about the device 302 for example, device name and version information
- information about the software 301 installed in the information processing device 101 for example, software name and version information
- memory Z storage 3 ⁇ Includes various information stored in 0 (for example, digital certificates).
- the in-device information authentication hardware 313 is also called environmental authentication hardware.
- the information recognition / certification hardware 3 13 in the device confidentially manages information stored in the memory / storage 300.
- the information acquired by the in-device information authentication hardware 3 13 is encrypted with a unique encryption key and stored in the memory / storage 3 00.
- the encrypted information is decrypted with the unique decryption key paired with the encryption key.
- the in-device information authentication hardware 3 13 has the in-device information authentication program 3 2 3 that executes the above-mentioned processing installed.
- the monitoring hardware 3 14 has the resident program 3 2 4 installed. Monitors the transfer of information in the information management device. Specific monitoring processing will be described later.
- a verification program 325 is installed in the verification hardware 315, and when the communication authentication hardware 331 verifies the safety of communication with the outside, the verification program 325 is installed. It verifies the validity and coincidence of the information input to the security chip 215 from the server. Specific verification processing will be described later. (Specific configuration of each hardware)
- FIG. 4 is a block diagram showing a specific configuration of each of the hardware 311 to 315 shown in FIG.
- each of the hardwares 31 1 to 31 5 includes a processor 401, a ROM 402, a RAM 403, an EEPROM 404, and an input IZF (interface) 400.
- a cryptographic processor 4 0 6 Has been.
- the components 401 to 406 are connected to each other by a bus 400.
- the processor 401 controls the entire hardware 311 to 315.
- ROM 402 stores a program such as a boot program.
- the RAM 403 is used as a work area of the processor 401.
- the EPROM 404 stores a program executed by each of the hardware 311 to 315.
- the cryptographic processor 406 performs asymmetric encryption key generation, encryption processing, decryption processing, generation of a message digest (generation of a hash value), generation of an electronic signature, and the like.
- FIG. 5 is an explanatory diagram showing the electronic certificate stored in the memory storage 300
- FIG. 6 is an explanatory diagram showing the registration information stored in the memory Z storage 300.
- the figure is an explanatory diagram showing the in-apparatus information stored in the memory Z storage 300.
- the digital certificates C a to C z are stored for each certifier.
- the “certified person name” is a person certified by the digital certificate C a to C z, for example, a user, a manufacturer, a vendor, a certificate authority, and the like.
- the digital certificates C a to C z include version information, signature algorithm, issuer name, expiration date, public key, and other related information.
- the digital certificates C a to C Z are stored by being encrypted by the in-apparatus information authentication / certification hardware 313 shown in FIG.
- the registration information 600 is composed of a registrant name 601, sensor type information 602, and biological information 603.
- FIG. 6 the registration information 600 is composed of a registrant name 601, sensor type information 602, and biological information 603.
- the image data “Xa” of the fingerprint of the registrant “X” detected by the registrant “X” and “fingerprint sensor” as the user is registered as biometric information 603.
- the registration information 600 is encrypted and stored by the in-device information authentication software 313 shown in FIG.
- the in-device information includes the peripheral device 302, software 301, and the execution program such as the communication authentication program 321, which are installed in each hardware, as shown in FIG.
- the name and version are stored (communication authentication processing procedure)
- FIG. 8 is a flowchart showing a communication authentication processing procedure of the information management device (security chip 2 15) according to the embodiment of the present invention.
- FIG. 8 first, in the communication I / F 209, it is determined whether or not the update information has been received (step S810).
- the update information will be described.
- FIG. 9 is an explanatory diagram showing an example of the update information.
- the update information 900 includes identification information 901, update data 902, a provider's digital signature 903, and a provider's electronic certificate (the provider is a certificate authority.
- the digital certificate of the certification authority) 904 and the digital signature of the certification authority 905 are comprised.
- the identification information 901 is information for specifying the content of the update data 902. For example, when the identification information 901 is “A”, the update data 902 is “the patch of the communication authentication program 32 1”. If the identification information 901 is “B”, the update data 902 is a “patch of the in-device information authentication program 323”. Further, in the case of the identification information 900 "S" "C”, the update data 902 is "patch of the biometric authentication program 3222". When the identification information 90 1 is “D”, the update data 902 is “new electronic certificate of the user”.
- the update data 902 is a patch or an electronic certificate specified by the identification information 901.
- the updated data 902 has an electronic signature 903 attached thereto.
- the provider's digital signature 903 is data obtained by encrypting the hash value 911 of the update data 902 with the provider's secret key at the provider.
- the provider's digital certificate 904 is a digital certificate issued by any certificate authority.
- the digital certificate 904 has a digital signature 905 of a certificate authority attached thereto.
- the certificate authority's digital signature 905 is data obtained by encrypting the hash value 912 of the digital certificate 904 with the private key of the certificate authority at the provider.
- FIG. 10 is an explanatory diagram showing update information when the identification information is any of the information A to C.
- the pre-update program 1001 and the patch 1002 are data created by a provider such as a manufacturer or a vendor. You.
- the post-update program 1003 is also a program created by a provider such as a manufacturer or a vendor, and is a program obtained by modifying the pre-update program 1001 with a patch 1002.
- the provider's digital signature 1004 is a digital signature obtained by encrypting the hash value of the patch 1002 with the provider's private key. Also, the electronic signature 1005 of the provider may be attached. The electronic signature 1005 is an electronic signature obtained by encrypting the hash value 1102 of the updated program 103 with the secret key of the provider.
- FIG. 11 is an explanatory diagram showing update information when the identification information 9101 is D information.
- This update information 1101 has a new digital certificate 1101 of the user issued by the certificate authority.
- the electronic certificate 1101 is, for example, update data that is issued promptly by the authentication device 103 of the certificate authority when the expiration date of the current user has elapsed. Alternatively, a digital certificate newly issued to the user may be used.
- the digital signature 1 102 of the certificate authority is a digital signature obtained by encrypting the hash value 111 of the new digital certificate 1101 of the user with the private key of the certificate authority.
- the certificate authority's digital certificate 111 is an electronic certificate issued by the certificate authority itself or another certificate authority.
- the digital signature 1105 of the certificate authority is obtained by encrypting the hash value 1112 of the digital certificate 1104 with the private key of the certificate authority that issued the digital certificate 1104. It is a certificate.
- the communication I / F 209 is transmitted via the communication I / F 209.
- the communication certification hardware 311 is provided with the provider's digital certificate 90.4 (or the certificate authority's digital certificate 1 10 4) and the certificate authority's digital signature 9 05 (or 1 10 5). Input (Step S802).
- the electronic certificate 900 (or the electronic certificate 110) is communicated. 4) It may be possible to verify whether or not the force is effective at the moment. As a result, communication security can be improved.
- the communication authentication hardware 311 extracts the certificate authority name included in the input digital certificate 9104 of the provider (or the digital certificate 1104 of the certificate authority).
- the certificate authority that has issued the electronic certificate 904 (or 1104) is specified (step S803).
- the communication authentication hardware 311 outputs the specified certificate authority to the in-device information ninja hardware 313.
- the in-device information authentication hardware 313 selects the certificate authority identified by the communication authentication hardware 311 from the digital certificates stored in the memory / storage 300 with the password. Extract the digital certificate. Then, the extracted electronic certificate is decrypted with the decryption key of the in-device information authentication hardware 313 to obtain the specified public key of the certificate authority (step S804).
- the fact that this public key has been obtained means that the information in the memory / storage 300 has not been tampered with, which means that the security has been certified.
- the obtained public chain of the certificate authority is output to the communication authentication hardware 311.
- the communication authentication hardware 311 1 decrypts the digital signature 9 05 (or 1 10 5) of the certificate authority with the obtained public key of the certificate authority and generates a hash value (step S 8 05).
- the communication authentication / certification hardware 311 sends the message digest (hash value) of the input provider's digital certificate 9104 (or the certificate of the certificate authority 1104). Generate (Step S806).
- the communication authentication hardware 311 is configured to use the hardware generated in step S805. It is determined whether the hash value matches the hash value generated in step S806 (step S807). If they match (Step S807: Yes), the security of the communication with the provider (or certificate authority) has been certified (Step S808), and a highly secure channel has been created. Will be. On the other hand, if they do not match (step S807: No), the security of communication with the provider (or certificate authority) is not certified, and communication cannot be performed.
- FIG. 12 is a flowchart showing a procedure for updating the security chip 215 when the communication security is authenticated by the communication authentication hardware 311.
- step S1201 when the security of the communication is authenticated (step S1201: Yes), the monitoring hardware 314 transmits the identification information 901 received from the communication IZF 209, the update data 902, and the update data.
- the user inputs the digital signature 903 of the data 902 (step S1202).
- the monitoring hardware 314 refers to the input identification information 901. If the identification information 901 is "A" (step S1203: A), the update data 901 is determined to be the patch 1002 of the communication authentication program 321 and the communication authentication program 321 is updated (step S1204). .
- step S 1203: B If the identification information 901 is “B” (step S 1203: B), the update data 901 is determined to be the patch 1002 of the in-device information authentication program 323, and the update processing of the in-device information authentication program 323 is performed. Is performed (step S1205).
- the update data 901 is determined to be the patch 1002 of the biometric authentication program 322, and the biometric authentication program 322 is updated (step S 1203).
- the identification information 901 is S “D” (step S 1203: D)
- the update data The data 901 is determined to be the user's new digital certificate 1101, and updates the user's digital certificate (step S1207).
- FIG. 13 is a flowchart showing an update processing procedure of the communication authentication program 3 21 (or the in-device information authentication program 3 2 3).
- the monitoring hardware 314 obtains the public key of the patch provider (step S1301). Specifically, the monitoring hardware 314 requests the in-device information authentication hardware 313 to obtain the public key of the patch provider.
- the device information authentication hardware 313 extracts the electronic certificate of the patch provider from the electronic certificate stored in the memory Z storage 300 in an encrypted form.
- the extracted electronic certificate is decrypted with the decryption key of the in-device information ⁇ E hardware 313, and the public key is extracted from the decrypted electronic certificate.
- the monitoring hardware 314 can acquire the public key of the patch provider.
- the monitoring hardware 314 decrypts the electronic signature of the providing source with the obtained public key of the providing source to generate a hash value (step S1302). Further, the monitoring hardware 314 generates a message digest (hash value) of the patch (step S1303). Then, the monitoring hardware 314 outputs the hash value generated in step S1302 and the hash value generated in step S1303 to the verification hardware 315.
- the verification hardware 3 15 determines whether the hash value generated in step S 13 0 2 matches the hash value generated in step S 13 03 (step S 13 0 4). If they do not match (step S1304: No), a series of processing is terminated without performing the update processing because the patch may have been tampered with. To do.
- step S1304 If they match (step S1304: Yes), it authenticates that the patch has not been tampered with and is legitimate (step S1305).
- the update of the communication authentication program 321 (or, in the case of the update processing procedure of the in-device information authentication program 323, the in-device information authentication program 323) is performed by the patch that has been authenticated (step S1306).
- the monitoring hardware 314 detects whether or not the input update information includes the electronic signature 1005 of the updated program 1003 (step S1307). If there is no electronic signature 1005 of the updated program 1003 (step S1307: No), a series of processing ends.
- step S1307 If there is an electronic signature 1005 of the updated program 1003 (step S1307: Yes), the monitoring hardware 314 decrypts the electronic signature 1005 with the public key obtained in step S1301, and generates a hash value. Yes (step S 13 08).
- the monitoring hardware 314 transmits the message digest of the communication authentication program 321 (in the case of the update processing procedure of the in-device information authentication program 323, the in-device information authentication program 323) updated by the update process in step S1307. (Hash value) is generated (step S1309). Then, the monitoring hardware 314 outputs the hash value generated in step S1308 and the hash value generated in step S1309 to the verification hardware 315.
- the verification hardware 315 determines whether the hash value generated in step S1308 matches the hash value generated in step S1309 (step S1310). If they do not match (step S1310: No), it means that normal update has not been performed, and a series of processing ends. On the other hand, if they match (step S1310: Yes), the updated communication authentication program 321 (in the case of the update processing procedure of the in-device information authentication program 323, the in-device information authentication program 323) After the update, the program becomes the same as the program 1003. It is possible to confirm that the appropriate update has been performed (step S1311). As a result, the update process of the entire updated program using only the notch and the electronic signature was normally performed without downloading the entire updated program 1003 having a large data amount from the provider. You can check. Therefore, secure and prompt authentication processing can be realized.
- FIG. 14 is a flowchart showing a procedure for updating the biometric authentication program 3 22.
- the in-device information authentication software 313 acquires sensor type information of the biometric sensor 211 designated by the user (step S1401).
- the in-apparatus information authentication software 313 notifies the obtained sensor type information to the monitoring hardware 314.
- step S1402 the sensor type information of the biometric authentication program 322 that corrects by the patch in the input update information and the sensor type information notified by the in-apparatus information authentication and identification nodeware 313 are included. It is determined whether or not there is a match (step S1402).
- step S1402 If they do not match (step S1402: No), a series of processing ends because the biometric authentication is not the one specified by the user.
- step S1402: Yes the monitoring hardware 314 acquires the public key of the patch supply source (step S1403). Specifically, the monitoring hardware 314 requests the in-device information authentication hardware 313 to obtain the public key of the patch provider.
- the in-apparatus information authentication hardware 313 extracts the electronic certificate of the patch supply source from the electronic certificates stored in the memory Z storage 300 in encrypted form.
- the extracted electronic certificate is decrypted with the decryption key of the in-device information authentication hardware 313, and the public key is extracted from the decrypted electronic certificate.
- the monitoring hardware 314 the monitoring hardware 314 The public key of the patch provider can be obtained.
- the monitoring hardware 314 decrypts the electronic signature of the provider using the acquired public key of the provider, and generates a hash value (step S1404). Further, the monitoring hardware 314 generates a message digest (hash value) of the patch (step S1405). Then, the monitoring hardware 314 outputs the hash value generated in step S1404 and the hash value generated in step S1405 to the verification hardware 315.
- the verification hardware 315 determines whether the hash value generated in step S1404 matches the hash value generated in step S1405 (step S1406). If they do not match (step S1406: No), there is a possibility that the patch has been tampered with, so that the update process is not performed and the series of processes ends.
- step S1406 If they match (step S1406: Yes), it authenticates that the patch has not been tampered with and is legitimate (step S1407). Then, the biometric authentication program 322 is updated with a patch that has been authenticated (step S1408).
- the monitoring hardware 314 detects whether or not the electronic signature 1005 of the updated program 1003 is included in the input update information (step S 140
- step S1409 No
- step S1409 If the electronic signature 1005 of the updated program 1003 is present (step S1409: Yes), the monitoring hardware 314 decrypts the electronic signature 1005 with the public key obtained in step S1403 and generates a hash value. Yes (Step S 14
- the monitoring hardware 314 generates a message digest (hash value) of the biometric authentication program 321 updated by the update processing in step S1409 (step S1411). And the monitoring hardware 314 The hash value generated in step S 1410 and the hash value generated in step S 1411 are output to the verification hardware 315.
- the verification hardware 315 determines whether the hash value generated in step S1410 matches the hash value generated in step S1411 (step S1412). If they match (Step S1412: Yes), the updated biometric authentication program 322 becomes the same program as the updated program 1003 of the provider, and it can be confirmed that the normal update has been performed. (Step S1413). On the other hand, if they do not match (step S1412: No), it means that normal update has not been performed, and a series of processing ends.
- FIG. 15 is a flowchart showing a procedure for updating a user's electronic certificate.
- the monitoring hardware 314 obtains the public key of the certificate authority that has provided the new digital certificate 1101 of the user (step S1501). Specifically, the monitoring hardware 314 extracts the name of the certificate authority that issued the electronic certificate 1101 from the electronic certificate 1101, and specifies the issuer CA. The monitoring hardware 314 requests the in-device information authentication hardware 313 to obtain the specified public key of the certificate authority. The in-apparatus information authentication software 313 extracts an electronic certificate of the specified certificate authority from the electronic certificates stored in the memory Z storage 300 by being encrypted.
- the extracted electronic certificate is decrypted by the decryption chain of the in-device information authentication hardware 313, and the public key is extracted from the decrypted electronic certificate.
- the monitoring hardware 314 can obtain the public key of the specified certificate authority.
- the monitoring hardware 314 decrypts the electronic signature 1102 of the certificate authority with the obtained public key of the certificate authority and generates a hash value (step S1502).
- the monitoring hardware 314 outputs the hash value generated in step S1502 and the hash value generated in step S1503 to the verification hardware 315.
- the verification hardware 315 determines whether the hash value generated in step S1502 and the hash value generated in step S1503 match (step S150). 0 4). If they do not match (step S1504: No), there is a possibility that the digital certificate 1101 has been tampered with, so the update process is not performed and the series of processes ends.
- step S1504 If they match (step S1504: Yes), it authenticates that the digital certificate 111 has not been tampered with and is legitimate (step S1505). Then, an update process is performed from the user's current electronic certificate to a digital certificate 1101 authenticated as valid (step S1506).
- the digital certificate of the user whose expiration date has expired can be securely and promptly updated.
- FIG. 16 is a flowchart showing a communication authentication processing procedure when writing registration information.
- the communication authentication hardware 311 includes, via the communication I / F 209, the electronic certificate of the provider that provides the electronic registration instruction, and the certificate authority of the electronic certificate.
- FIG. 17 is an explanatory diagram showing the input information input in step S1661.
- the input information 1700 is the electronic certificate 1701 of the provider that provides the electronic registration instruction, the certification of the electronic certificate 1701, and the electronic certificate by the certificate authority.
- the electronic signature 1702 is an electronic signature obtained by encrypting the hash value 1703 of the electronic certificate 1701 with the private key of the provider that provides the electronic registration instruction.
- the communication authentication hardware 3 1 1 Then, the name of the certificate authority that issued the digital certificate 1701 is extracted, and the certificate authority of the issuer is specified (step S1602).
- the communication authentication hardware 311 outputs the specified certificate authority to the in-device information authentication hardware 313.
- the device information authentication software 313 extracts the electronic certificate of the certificate authority specified by the communication authentication hardware 311 from the electronic certificates stored in the memory Z storage 300 after being encrypted. Extract. Then, the extracted electronic certificate is decrypted with the decryption key of the in-device information authentication hardware 313 to obtain the specified public key of the certificate authority (step S1603).
- the fact that this public key has been obtained means that the information in the memory Z storage 300 has not been tampered with, which means that the security has been certified.
- the obtained public key of the certificate authority is output to the communication authentication hardware 311.
- the communication authentication hardware 311 decrypts the digital signature 1702 of the certificate authority with the obtained public key of the certificate authority and generates a hash value (step S1604).
- the communication authentication hardware 311 generates the input message digest digest value of the electronic certificate 1701 of the provider (step S1605).
- the communication authentication hardware 311 determines whether the hash value generated in step S1604 matches the hash value generated in step S1605 (step S1606). If they match (step S1606: Yes), it means that the security of communication with the certificate authority has been certified (step S1607), and a highly secure communication channel has been generated. On the other hand, if they do not match (Step S16Q6: No), the security of communication with the certificate authority is not authenticated and communication cannot be performed.
- FIG. 18 is a flowchart showing a registration information write processing procedure.
- sensor type information of the biometric sensor 211 designated by the user is obtained (step S1801). Then, in the communication authentication processing procedure shown in FIG. If it has been certified (step S1802: Yes), the provider inputs registration instruction information via the communication I / F 209 (step S1803).
- FIG. 19 is an explanatory diagram showing registration instruction information.
- the registration instruction information 1900 includes an electronic registration instruction 1901, and a digital signature 1902 of a provider (provider of the electronic certificate 1701).
- the electronic registration instruction 1901 is data relating to an instruction to register biometric information detected by the biometric sensor 211 specified by the user, and includes a provider name and a biometric sensor 211 usable by the information processing apparatus 101 of the user. Sensor type information is described.
- the provider's electronic signature 19 ⁇ 2 is a digital signature obtained by encrypting the hash value 1903 of the electronic registration instruction 1901 with the provider's private key.
- the monitoring hardware 314 determines whether or not the electronic registration instruction 1901 includes the sensor type information acquired in step S1801 (step S1804). If the acquired sensor type information is not included (step S1804: No), a series of processing ends because the biosensor 211 desired by the user cannot be used.
- the monitoring hardware 314 acquires the public key of the provider of the electronic registration instruction 1901 (step S1805). Specifically, the monitoring hardware 314 requests the in-device information authentication hardware 313 to obtain the public key of the provider of the electronic registration instruction 1901. The in-device information authentication hardware 313 extracts the electronic certificate of the provider of the electronic registration instruction 1901 from among the electronic certificates stored in the memory / storage 300 after being encrypted.
- the extracted electronic certificate is decrypted with the decryption key of the in-device information authentication hardware 313, and the public key is extracted from the decrypted electronic certificate.
- the monitoring hardware 314 can obtain the public key of the provider of the electronic registration instruction 1901.
- the monitoring hardware 314 decrypts the electronic signature of the provider using the acquired public key of the provider, and generates a hash value (step S1806).
- the monitoring hardware 314 generates a message digest (hash value) of the electronic registration instruction 1901 (step S1807).
- the monitoring hardware 314 outputs the hash value generated in step S1806 and the hash value generated in step S1807 to the verification node 315.
- the verification hardware 315 determines whether the hash value generated in step S1806 matches the hash value generated in step S1807 (step S1808). If they do not match (step S1808: No), there is a possibility that the electronic registration instruction 1901 has been falsified, so the registration processing is not performed and the series of processing ends.
- step S1808 if they match (step S1808: Yes), the verification hardware 315 instructs the biometric authentication hardware 312 to perform a biometric information registration process (step S1809). At this time, the information processing apparatus 101 is waiting for input of biological information.
- biometric information is input from the biometric sensor 211 designated by the user (step S1810: Yes)
- the user name (registrant name), sensor type information (for example, fingerprint sensor, etc.)
- biometric information For example, the registration information including the user's fingerprint image data
- the in-device information authentication hardware 313 and the registration information are encrypted via the biometric authentication hardware 312 and stored in the memory / storage 300.
- user registration information can be securely and promptly performed.
- FIG. 20 is a flowchart showing a normal operation processing procedure by the security chip 215.
- the biosensor 211 detected When the biometric information is input (Step S 2001: Yes), the in-apparatus information authentication hardware 313 extracts the encrypted registration information from the memory Z storage 300 and decrypts it with the decryption key (Step S 2002). ).
- the biometric authentication software 312 collates the input biometric information with the decrypted biometric information. If the biometric information does not match (step S2003: No), the access is denied and a series of processing ends. On the other hand, if the biometric information matches (step S2003: Yes), the communication authentication hardware 311 performs communication authentication with the transmission destination that performs environment authentication (step S2004).
- Step S2005: No If the security of the communication is not certified (Step S2005: No), the series of processing ends because there is a risk of tampering. On the other hand, if the communication security is authenticated (step S 2005: Yes), the in-device information authentication hardware 313 collects the in-device information of the peripheral device 302, the software 301, and the execution program of each hardware ( In step S2006), an environmental report is generated (step S20007).
- the in-device information authentication hardware 313 encrypts the environment report (step S2008), attaches an electronic signature to the encrypted environment report, and transmits the encrypted environment report to the transmission destination (step S2009). ).
- the transmission destination can receive and decrypt this environmental report and use it for environmental authentication.
- the communication authentication hardware 311, the biometric authentication hardware 312, and the in-device information authentication hardware 313 are authentication functions originally used for different purposes, program data for executing the respective processes is used. Update frequency, update amount, and update method are different.
- the communication authentication hardware 311, the biometric authentication hardware 312, and the in-device information authentication hardware 313 are incorporated in a single security chip 215, and input of update information and registration instruction information is performed.
- One is connected to the secure network formed by the communication authentication hardware 311, and the hardware to be updated is separated by the monitoring hardware 314 (resident program 324). are doing.
- patches, digital certificates, electronic registration instructions, and digital signatures which are data used by the monitoring hardware 314 and verification hardware 315, are relatively small data volumes, and the processing contents are also electronic. Since it is a relatively simple process such as signature decryption and hash value matching verification, it can be realized at low cost.
- biometric authentication As described above, according to the present invention, biometric authentication, identification, and communication authentication (PK I)
- the present invention is applicable not only to personal computers, server computers, and mobile phones, but also to home appliances such as refrigerators, microwave ovens, air conditioners, TVs, DVDs, copy machines, and robots. Are suitable.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04730652A EP1742134A4 (en) | 2004-04-30 | 2004-04-30 | INFORMATION MANAGEMENT DEVICE AND INFORMATION MANAGEMENT METHOD |
PCT/JP2004/006268 WO2005106620A1 (ja) | 2004-04-30 | 2004-04-30 | 情報管理装置および情報管理方法 |
CN2004800416825A CN1918526B (zh) | 2004-04-30 | 2004-04-30 | 信息管理装置以及信息管理方法 |
JP2006512704A JP4724655B2 (ja) | 2004-04-30 | 2004-04-30 | セキュリティチップおよび情報管理方法 |
US11/500,419 US8272050B2 (en) | 2004-04-30 | 2006-08-08 | Data managing device equipped with various authentication functions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2004/006268 WO2005106620A1 (ja) | 2004-04-30 | 2004-04-30 | 情報管理装置および情報管理方法 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/500,419 Continuation US8272050B2 (en) | 2004-04-30 | 2006-08-08 | Data managing device equipped with various authentication functions |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2005106620A1 true WO2005106620A1 (ja) | 2005-11-10 |
WO2005106620A8 WO2005106620A8 (ja) | 2006-07-27 |
Family
ID=35241835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/006268 WO2005106620A1 (ja) | 2004-04-30 | 2004-04-30 | 情報管理装置および情報管理方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8272050B2 (ja) |
EP (1) | EP1742134A4 (ja) |
JP (1) | JP4724655B2 (ja) |
CN (1) | CN1918526B (ja) |
WO (1) | WO2005106620A1 (ja) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006331422A (ja) * | 2005-05-20 | 2006-12-07 | At & T Corp | インターネットのマルウェア問題への一解決策 |
JP2007220070A (ja) * | 2006-01-18 | 2007-08-30 | Pfu Ltd | 対象機器、機器管理システム、機器管理方法および外部装置 |
JP2007220072A (ja) * | 2006-01-18 | 2007-08-30 | Pfu Ltd | 画像読取装置、認証方法、評価システム、評価方法およびプログラム |
WO2008035412A1 (en) | 2006-09-20 | 2008-03-27 | Fujitsu Limited | Information processor and starting method |
WO2008035413A1 (fr) | 2006-09-20 | 2008-03-27 | Fujitsu Limited | Processeur d'informations et procédé de gestion d'informations |
JP2008158801A (ja) * | 2006-12-22 | 2008-07-10 | Matsushita Electric Works Ltd | 認証装置及び認証システム |
WO2008114390A1 (ja) | 2007-03-19 | 2008-09-25 | Fujitsu Limited | サービス制御システム、サービス制御方法およびサービス制御プログラム |
JP2009054064A (ja) * | 2007-08-29 | 2009-03-12 | Hitachi Ltd | ディジタル信号再生装置およびディジタル信号再生方法 |
JP2013008378A (ja) * | 2006-01-18 | 2013-01-10 | Pfu Ltd | 機器管理システム、機器管理方法および外部装置 |
US8438385B2 (en) | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
US8522045B2 (en) | 2010-02-08 | 2013-08-27 | Ricoh Company, Ltd. | Multi-functional system, security method, security program, and storage medium |
JP2018148341A (ja) * | 2017-03-03 | 2018-09-20 | 日本電信電話株式会社 | センサネットワークシステム、センサ接続端末、データ収集方法、およびセンサ接続方法 |
JP2020010144A (ja) * | 2018-07-05 | 2020-01-16 | 大日本印刷株式会社 | スマートスピーカ、セキュアエレメント、プログラム、情報処理方法及び配信方法 |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8125667B2 (en) | 2006-09-15 | 2012-02-28 | Avery Levy | System and method for enabling transactions by means of print media that incorporate electronic recording and transmission means |
US20090249079A1 (en) * | 2006-09-20 | 2009-10-01 | Fujitsu Limited | Information processing apparatus and start-up method |
US9165175B2 (en) * | 2007-09-07 | 2015-10-20 | Apple Inc. | Finger sensing apparatus performing secure software update and associated methods |
US20090067688A1 (en) * | 2007-09-07 | 2009-03-12 | Authentec, Inc. | Finger sensing apparatus with credential release and associated methods |
US8065517B2 (en) * | 2007-11-01 | 2011-11-22 | Infineon Technologies Ag | Method and system for transferring information to a device |
US8908870B2 (en) | 2007-11-01 | 2014-12-09 | Infineon Technologies Ag | Method and system for transferring information to a device |
US8627079B2 (en) | 2007-11-01 | 2014-01-07 | Infineon Technologies Ag | Method and system for controlling a device |
EP2151795A1 (en) * | 2008-08-08 | 2010-02-10 | France Telecom | Secure electronic coupon delivery to mobile device |
WO2010098379A1 (ja) * | 2009-02-26 | 2010-09-02 | オムロンヘルスケア株式会社 | 生体情報管理システムおよび生体情報管理方法 |
US8700893B2 (en) * | 2009-10-28 | 2014-04-15 | Microsoft Corporation | Key certification in one round trip |
US20110238402A1 (en) * | 2010-03-23 | 2011-09-29 | Fujitsu Limited | System and methods for remote maintenance in an electronic network with multiple clients |
US9286485B2 (en) * | 2010-03-23 | 2016-03-15 | Fujitsu Limited | Using trust points to provide services |
US8832461B2 (en) | 2010-06-25 | 2014-09-09 | Microsoft Corporation | Trusted sensors |
WO2012148426A1 (en) * | 2011-04-29 | 2012-11-01 | Hewlett-Packard Development Company, L.P. | Computer system firmware update |
US8996886B2 (en) | 2012-02-17 | 2015-03-31 | International Business Machines Corporation | Encrypted biometric data management and retrieval |
JP5999256B2 (ja) * | 2013-03-28 | 2016-09-28 | 富士通株式会社 | 情報管理装置、情報管理システム、情報管理方法、及び情報管理プログラム |
CN103684786A (zh) * | 2013-12-10 | 2014-03-26 | 北京天威诚信电子商务服务有限公司 | 数字证书的存储与硬件载体绑定的方法及系统 |
US9621547B2 (en) * | 2014-12-22 | 2017-04-11 | Mcafee, Inc. | Trust establishment between a trusted execution environment and peripheral devices |
WO2017142799A2 (en) * | 2016-02-15 | 2017-08-24 | Michael Wood | System and method for blocking persistent malware |
US10719593B2 (en) * | 2016-06-23 | 2020-07-21 | Hitachi, Ltd. | Biometric signature system and biometric certificate registration method |
US10747185B2 (en) * | 2017-07-24 | 2020-08-18 | Tyco Safety Products Canada Ltd. | System and method for performing encryption between alarm panel and monitoring station |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998015082A1 (en) | 1996-09-30 | 1998-04-09 | Intel Corporation | Secure bios |
JPH10145354A (ja) * | 1996-11-14 | 1998-05-29 | Nippon Telegr & Teleph Corp <Ntt> | 機能遠隔変更方法 |
JP2003058379A (ja) * | 2001-07-26 | 2003-02-28 | Hewlett Packard Co <Hp> | ソフトウェア・ドライバの自動インストール方法及び装置 |
JP2003122588A (ja) * | 2001-10-12 | 2003-04-25 | Toshiba Corp | ソフトウェア処理装置及びソフトウェア・インストール方法 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0358174A (ja) | 1989-07-26 | 1991-03-13 | Nec Software Kansai Ltd | 窓口端末利用者の個人識別方式 |
JPH10283190A (ja) | 1997-04-09 | 1998-10-23 | Fujitsu Ltd | 記憶媒体駆動装置、記憶媒体及びデータ保護方法 |
US6564232B1 (en) * | 1999-06-30 | 2003-05-13 | International Business Machines Corporation | Method and apparatus for managing distribution of change-controlled data items in a distributed data processing system |
US6826581B2 (en) * | 2000-12-06 | 2004-11-30 | Intel Corporation | Upgrading a device over a network by downloading results of command execution from script file |
EP1271875A1 (en) * | 2001-06-21 | 2003-01-02 | Koninklijke Philips Electronics N.V. | Device arranged for exchanging data, and method of manufacturing |
US7484105B2 (en) * | 2001-08-16 | 2009-01-27 | Lenovo (Singapore) Ptd. Ltd. | Flash update using a trusted platform module |
CN1403941A (zh) * | 2001-09-03 | 2003-03-19 | 王柏东 | 一种结合密码与生物辨识技术应用于安全认证的方法 |
US7174463B2 (en) * | 2001-10-04 | 2007-02-06 | Lenovo (Singapore) Pte. Ltd. | Method and system for preboot user authentication |
JP2003140761A (ja) | 2001-10-31 | 2003-05-16 | Nec Infrontia Corp | 情報端末及び決済端末 |
JP2003168006A (ja) * | 2001-11-29 | 2003-06-13 | Hitachi Ltd | 事故時の車両状態・運転状態の記録保持システム |
JP4350962B2 (ja) * | 2002-03-13 | 2009-10-28 | パナソニック株式会社 | セキュアデバイス |
CN100350343C (zh) | 2002-03-13 | 2007-11-21 | 松下电器产业株式会社 | 安全设备 |
JP4187451B2 (ja) | 2002-03-15 | 2008-11-26 | 松下電器産業株式会社 | 個人認証用デバイスと携帯端末装置 |
US7366906B2 (en) * | 2003-03-19 | 2008-04-29 | Ricoh Company, Ltd. | Digital certificate management system, digital certificate management apparatus, digital certificate management method, program and computer readable information recording medium |
GB2399906B (en) * | 2003-03-22 | 2006-10-04 | Hewlett Packard Development Co | Method and system for delegating authority and access control methods based on delegated authority |
JP2005010826A (ja) * | 2003-06-16 | 2005-01-13 | Fujitsu Ltd | 認証端末装置、生体情報認証システム、及び生体情報取得システム |
US7620179B2 (en) * | 2004-01-29 | 2009-11-17 | Comcast Cable Holdings, Llc | System and method for security processing media streams |
-
2004
- 2004-04-30 WO PCT/JP2004/006268 patent/WO2005106620A1/ja not_active Application Discontinuation
- 2004-04-30 CN CN2004800416825A patent/CN1918526B/zh not_active Expired - Fee Related
- 2004-04-30 JP JP2006512704A patent/JP4724655B2/ja not_active Expired - Fee Related
- 2004-04-30 EP EP04730652A patent/EP1742134A4/en not_active Withdrawn
-
2006
- 2006-08-08 US US11/500,419 patent/US8272050B2/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998015082A1 (en) | 1996-09-30 | 1998-04-09 | Intel Corporation | Secure bios |
JPH10145354A (ja) * | 1996-11-14 | 1998-05-29 | Nippon Telegr & Teleph Corp <Ntt> | 機能遠隔変更方法 |
JP2003058379A (ja) * | 2001-07-26 | 2003-02-28 | Hewlett Packard Co <Hp> | ソフトウェア・ドライバの自動インストール方法及び装置 |
JP2003122588A (ja) * | 2001-10-12 | 2003-04-25 | Toshiba Corp | ソフトウェア処理装置及びソフトウェア・インストール方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP1742134A4 |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006331422A (ja) * | 2005-05-20 | 2006-12-07 | At & T Corp | インターネットのマルウェア問題への一解決策 |
US8302181B2 (en) | 2006-01-18 | 2012-10-30 | Pfu Limited | Image reading apparatus, authentication method, evaluation system, method, and computer program product |
JP2007220070A (ja) * | 2006-01-18 | 2007-08-30 | Pfu Ltd | 対象機器、機器管理システム、機器管理方法および外部装置 |
JP2007220072A (ja) * | 2006-01-18 | 2007-08-30 | Pfu Ltd | 画像読取装置、認証方法、評価システム、評価方法およびプログラム |
US8412958B2 (en) | 2006-01-18 | 2013-04-02 | Pfu Limited | Target device, method and system for managing device, and external device |
JP2013008378A (ja) * | 2006-01-18 | 2013-01-10 | Pfu Ltd | 機器管理システム、機器管理方法および外部装置 |
WO2008035413A1 (fr) | 2006-09-20 | 2008-03-27 | Fujitsu Limited | Processeur d'informations et procédé de gestion d'informations |
US8386796B2 (en) | 2006-09-20 | 2013-02-26 | Fujitsu Limited | Information processing apparatus and information management method |
WO2008035412A1 (en) | 2006-09-20 | 2008-03-27 | Fujitsu Limited | Information processor and starting method |
JP2008158801A (ja) * | 2006-12-22 | 2008-07-10 | Matsushita Electric Works Ltd | 認証装置及び認証システム |
WO2008114390A1 (ja) | 2007-03-19 | 2008-09-25 | Fujitsu Limited | サービス制御システム、サービス制御方法およびサービス制御プログラム |
JP2009054064A (ja) * | 2007-08-29 | 2009-03-12 | Hitachi Ltd | ディジタル信号再生装置およびディジタル信号再生方法 |
US8438385B2 (en) | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
US8522045B2 (en) | 2010-02-08 | 2013-08-27 | Ricoh Company, Ltd. | Multi-functional system, security method, security program, and storage medium |
JP2018148341A (ja) * | 2017-03-03 | 2018-09-20 | 日本電信電話株式会社 | センサネットワークシステム、センサ接続端末、データ収集方法、およびセンサ接続方法 |
JP2020010144A (ja) * | 2018-07-05 | 2020-01-16 | 大日本印刷株式会社 | スマートスピーカ、セキュアエレメント、プログラム、情報処理方法及び配信方法 |
Also Published As
Publication number | Publication date |
---|---|
US8272050B2 (en) | 2012-09-18 |
EP1742134A1 (en) | 2007-01-10 |
EP1742134A4 (en) | 2008-12-24 |
JP4724655B2 (ja) | 2011-07-13 |
US20060277414A1 (en) | 2006-12-07 |
CN1918526A (zh) | 2007-02-21 |
JPWO2005106620A1 (ja) | 2008-03-21 |
WO2005106620A8 (ja) | 2006-07-27 |
CN1918526B (zh) | 2012-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4724655B2 (ja) | セキュリティチップおよび情報管理方法 | |
US10586229B2 (en) | Anytime validation tokens | |
TWI454111B (zh) | 用於確保通訊之鑑別及完備性的技術 | |
AU2006278422B2 (en) | System and method for user identification and authentication | |
JP4861423B2 (ja) | 情報処理装置および情報管理方法 | |
US8266684B2 (en) | Tokenized resource access | |
JP5136012B2 (ja) | データ送付方法 | |
JP4818664B2 (ja) | 機器情報送信方法、機器情報送信装置、機器情報送信プログラム | |
US9544299B2 (en) | Information processing apparatus, server, method for controlling the same and storage medium | |
WO2019239591A1 (ja) | 認証システム、認証方法、アプリケーション提供装置、認証装置、及び認証用プログラム | |
CN109076090A (zh) | 更新生物特征数据模板 | |
JP5278495B2 (ja) | 機器情報送信方法、機器情報送信装置、機器情報送信プログラム | |
TWM552152U (zh) | 交易授權系統及推播伺服器 | |
KR100917706B1 (ko) | 정보 관리 장치 및 정보 관리 방법 | |
JP4639698B2 (ja) | データ処理システム及びデータ処理方法 | |
JP5106211B2 (ja) | 通信システム及びクライアント装置 | |
JP2007249349A (ja) | カードレス・デビット決済システム及び方法並びにその制御プログラム | |
JP2008191851A (ja) | 電子機器、および情報処理方法 | |
AU2015200701A1 (en) | Anytime validation for verification tokens |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2006512704 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004730652 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11500419 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200480041682.5 Country of ref document: CN Ref document number: 1020067016367 Country of ref document: KR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 11500419 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1020067016367 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2004730652 Country of ref document: EP |