JP2009017294A - Information processing system and information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing apparatus which reduces risk of information leakage. <P>SOLUTION: An information processing system comprises: a portable terminal including a terminal wireless part for communicating with an external information processing apparatus, a storage part for storing data encrypted by using a public key and a terminal control part for transmitting a secret key request signal for requesting a secret key corresponding to the public key to the external through the terminal wireless part, and when receiving the secret key from the outside, decrypting the encrypted data by the secret key and displaying the decrypted data on a display part; and a portable information processing apparatus including a wireless part for communicating with the portable terminal, a storage part for storing the secret key and a control part for transmitting the secret key to the portable terminal through the wireless part when receiving the secret key request signal. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing system and an information processing method for data concealment.

  Portable personal computers have become widespread, and work using computers can be performed when going out. In addition to data communication services for modems connected to telephones, ISDN terminal adapters, PHSs, and cellular phones, the use of IEEE 802.11 standard wireless LAN (Local Area Network) has become common. Accordingly, an increasing number of models are equipped with a wireless LAN function in a commercially available portable personal computer (hereinafter referred to as a notebook personal computer).

  On the other hand, some mobile phones have a PDA function called a smartphone (a portable information terminal equipped with an application program used in a business field such as schedule management) while maintaining the size (see Patent Document 1). . In addition, a wireless LAN function has been announced in addition to a normal mobile phone function, and the functions of notebook personal computers are being incorporated.

  As such portable devices become widespread, it has been reported that these devices contain confidential information and personal information, and damage to organizations and individuals due to device loss and theft.

  Although a notebook personal computer has many functions, a desk or the like is required as a place for installing the notebook personal computer, and a certain posture is required for the operator to sit down. On the other hand, the mobile phone of the smartphone has an advantage that the degree of freedom of the installation location and the operator's posture is high. On the other hand, due to the structure, there is a disadvantage that the input time and time are generally larger than those of a notebook computer.

In addition, although passwords and fingerprint authentication methods have been adopted as countermeasures against information leakage problems due to device loss and theft, they are not sufficient as malicious means such as snooping and fingerprint collection. .
Japanese translation of PCT publication No. 2002-535897

  As a device for using business applications (schedule management, e-mail, document viewing, editing, electronic payment, etc.) by a computer outside using high-speed communication using a location called a hot spot where a public wireless LAN can be used A device in which a PDA function is mounted on a mobile phone called a smartphone having a wireless LAN function has problems with screen visibility, ease of input, and speed.

  A notebook personal computer requires furniture such as a table and a chair on which it is installed, and a location where a public wireless LAN such as a station can be used is not sufficient in terms of facilities. In addition, when information to be protected is converted into data and stored in one device, the problem of information leakage cannot be sufficiently solved when lost or stolen.

  The present invention has been made to solve the problems of the conventional techniques as described above, and an object thereof is to provide an information processing apparatus and an information processing method that reduce the risk of information leakage.

In order to achieve the above object, an information processing system of the present invention comprises:
When a terminal wireless unit for communicating with an external information processing device, a storage unit storing data encrypted using a public key, and a browsing request for the data are input, the public key corresponds to the public key When a secret key request signal for requesting a secret key is transmitted to the outside via the terminal radio unit and the secret key is received from the outside, the encrypted data is decrypted with the secret key and displayed on the display unit A mobile terminal including a terminal control unit,
A wireless unit for communicating with the portable terminal, a storage unit storing the secret key, and a control unit that transmits the secret key to the portable terminal via the wireless unit when the secret key request signal is received A portable information processing device;
It is the structure which has.

  According to the present invention, since data stored in the mobile terminal is encrypted with the public key, the data cannot be browsed unless decrypted with the secret key stored in the mobile information processing apparatus.

  In the present invention, in order to read data from a portable terminal, both the portable terminal and the portable information processing apparatus are required, so that the risk of information leakage due to theft or loss can be reduced.

  The configuration of the information processing system of this embodiment will be described. FIG. 1 is a diagram illustrating a usage example of the information processing system of the present embodiment.

  As illustrated in FIG. 1, the information processing system according to the present exemplary embodiment includes a mobile terminal 101 and a notebook personal computer (hereinafter referred to as a notebook PC) 102. The portable terminal 101 and the node PC 102 are connected wirelessly. The portable terminal 101 is wirelessly connected to a public wireless LAN provider network 104 via a public wireless LAN access point 103. The access point 103 corresponds to a base station for wireless communication. The notebook PC 102 corresponds to the portable information processing apparatus of the present invention.

  The operator network 104 is connected to a network (hereinafter referred to as an intranet) 107 of an organization to which an operator of the information processing system of the present embodiment belongs via a communication network such as the Internet 105.

  The operator network 104 is provided with a server 109 having an authentication function. Various servers 106 such as a WWW (World Wide Web) server, a file server, and a mail server are connected to the Internet 105. Various servers 108 such as a WWW server, a file server, a mail server, and an application server are connected to the intranet 107.

  Each server includes a storage unit for storing data such as authentication information for authenticating a terminal requesting connection or access, a file, and a web page, and a communication unit for transmitting and receiving data to and from an external terminal via a network. And a control unit that controls the storage unit and the communication unit. Since the configuration of the server is the same as that of the prior art, detailed description is omitted.

  Next, the configuration of the mobile terminal 101 will be described in detail. FIG. 2 is a block diagram showing an example of the configuration of the mobile terminal shown in FIG.

  As shown in FIG. 2, the portable terminal 101 includes a storage unit including a tamper-resistant storage unit 204 and a data storage unit 205, a wireless LAN transmission / reception unit 203, a control unit 206 that controls each unit, and an operator inputs instructions. An operation input unit 201 for displaying information and a display unit 202 for displaying information in the storage unit.

  The tamper resistant storage unit 204 and the data storage unit 205 are any one of a semiconductor memory such as a nonvolatile flash memory and a ferroelectric memory, and a hard disk. Although the storage area of the tamper resistant storage unit 204 is the same as that of the data storage unit 205, a defensive measure is provided so that stored information cannot be easily read by hardware or software. The tamper resistant storage unit 204 stores confidential data that is data that the operator has determined to be confidential.

  Information stored in the tamper resistant storage unit 204 includes authentication information for connecting to the operator network 104, authentication information for connecting to the intranet 107, and authentication information for accessing the server 108 in the intranet 107. . In addition, information for mutual authentication for authenticating the other party when communicating with the notebook PC 102 is stored in the tamper resistant storage unit 204. The data storage unit 205 stores normal data.

  The wireless LAN transmission / reception unit 203 communicates with various servers of the operator network 104, the Internet 105, and the intranet 107 through the public wireless LAN access point 103. In addition, the wireless LAN function provided in the notebook PC 102 has the same standard function.

  The operation input unit 201 is one of a keyboard for inputting characters, a pointing device for inputting position data and coordinate data on the display unit, a touch panel and a handwriting input device, or a combination of two or more of these. It is a configuration. The display unit 202 is an image display device such as an organic EL (Electroluminescence) display and a liquid crystal display.

  The control unit 206 is provided with a CPU (Central Processing Unit) (not shown) for executing processing according to a program and a memory (not shown) for storing the program. When the control unit 206 makes an access request to the server 108 of the intranet 107, the control unit 206 transmits authentication information to each of the server 109 of the operator network 104 and the server 108 of the intranet 107. Therefore, data is downloaded from the server 108. The downloaded data is stored in the tamper resistant storage unit 204.

  In addition, when storing the downloaded data in the data storage unit 205, the control unit 206 does not store the data in the data storage unit 205 as it is, but uses key information stored in the tamper resistant storage unit 204 in advance. Encrypted and stored. There are two types of encryption methods: a method using common key encryption and a method using a public key.

  A method using common key encryption will be described. The common key is stored in advance in the tamper resistant storage unit 204, and the control unit 206 reads the common key when necessary for processing of the portable terminal 101. The control unit 206 encrypts the data downloaded from the server with the common key and stores it in the data storage unit 205. When the operator performs a browsing operation, the file in the data storage unit 205 is decrypted and displayed on the display unit 202.

  A method using public key cryptography will be described. The tamper resistant storage unit 204 stores in advance the public key of the notebook PC 102 owned by the operator. The control unit 206 encrypts the data downloaded from the file server with this public key and stores it in the data storage unit 205. Thereby, since the private key of the notebook PC 102 is not stored in the portable terminal 101, the browsing operation cannot be performed on the portable terminal 101, and the data cannot be viewed unless the file operation is performed on the notebook PC 102.

  Next, the configuration of the notebook PC 102 will be described in detail. FIG. 3 is a block diagram showing an example of the configuration of the notebook PC shown in FIG.

  As illustrated in FIG. 3, the notebook PC 102 includes a storage device including a tamper-resistant storage device 304 and a data storage device 305, a wireless LAN function unit 303, a central processing unit (CPU) 306 that controls each unit, and an operator Has an operation input unit 301 for inputting instructions and a display unit 302 for displaying information in the storage device.

  The tamper resistant storage device 304 and the data storage unit 305 are any one of a semiconductor memory such as a nonvolatile flash memory and a ferroelectric memory, and a hard disk. The tamper resistant storage device 304 stores confidential data that is data that the operator has determined to be confidential. Similar to the tamper resistant storage unit 204, the tamper resistant storage device 304 is provided with means for concealing data by hardware or software.

  Data stored in the tamper resistant storage device 304 includes a public key and a corresponding private key. In addition, information for mutual authentication for authenticating the other party when communicating with the mobile terminal 101 is stored in the tamper resistant storage device 304. The data storage device 205 stores normal data.

  The wireless LAN function unit 203 communicates with the mobile terminal 101 wirelessly to transmit / receive data. The configuration of each of the operation input unit 301 and the display unit 302 is the same as that of each of the operation input unit 201 and the display unit 202 except that the size is different from that of the mobile terminal 101, and thus detailed description thereof is omitted.

  The CPU 305 is provided with a memory (not shown) for storing a program, and the CPU 305 controls the storage device, the wireless LAN function unit 303, and the display unit 302 according to the program. When communication with the mobile terminal 101 is established via the wireless LAN function unit 303 and the wireless LAN transmission / reception unit 203 and an instruction to request acquisition of data stored in the mobile terminal 101 is input, the CPU 305 The target data is read from the storage unit of the mobile terminal 101. When the data is encrypted with the public key, the data is decrypted with the secret key stored in the tamper resistant storage device 304.

  Next, a usage example of the information processing system of this embodiment will be described. FIG. 4 is a diagram for explaining a typical method of using the information processing system of the present embodiment.

  In a wireless area such as a station where the operator is located, which is within the communication range of the access point 103 of the public wireless LAN, the operator operates the portable terminal 101 to the Internet server or intranet server shown in FIG. The mobile terminal 101 is connected. And the data stored in the recording part in a portable terminal are uploaded to a server as follows, or data is downloaded from a server to a portable terminal.

  Authentication information (e.g., login id, password) necessary for connecting to the public wireless LAN and the server is concealed and stored in the tamper-resistant storage unit 204 of the mobile terminal 101. At the time of connection, it is taken out from the tamper resistant storage unit 204 by the operation of the operator. The operator operates the operation input unit 201 to select data to be uploaded or downloaded, and causes the portable terminal 101 to upload or download the target data. As these data transmission / reception methods, conventionally known methods such as a menu selection format and a keyword search method can be used. Furthermore, a series of procedures can be described so that it can be performed with few operations.

  There are cases where the public wireless LAN cannot be used due to reasons such as where the operator is not in the wireless area of the public wireless LAN or when the operator is moving at high speed. In this case, if the notebook PC 102 is in a place where the notebook PC 102 can be spread (such as when sitting in a train), the portable terminal 101 and the notebook PC 102 perform communication by operating the wireless LAN function, and the storage unit of the portable terminal 101 It functions as an external storage device of the notebook PC 102. If the application program of the notebook PC 102 is executed on the data stored in the storage unit of the portable terminal 101 in this way, the application program of the notebook PC 102 can handle data at the end of the network.

  Concerning data stored in the storage unit of the mobile terminal 101, data to be concealed is leaked outside by restricting data movement only to the notebook PC 102 combined with the mobile terminal 101 and devices connected via the network. Can be avoided.

  Next, an operation procedure when the mobile terminal 101 connects to the server of the intranet 107 and downloads a file will be described. FIG. 5 is a flowchart showing a procedure when the mobile terminal downloads a file from the server.

  The operator network 104 is provided with a server 109 that authenticates the access request source terminal. The server 109 stores authentication information of the contractor's mobile terminal in advance. In addition, the servers 108a and 108b provided in the intranet 107 store authentication information of mobile terminals of persons belonging to the organization in advance, and determine whether or not to accept the request to the terminal that requests access. Authenticate. The server 108a is an authentication server that authenticates the access request source of the intranet 107, and the server 108b is a file server.

  When the operator operates the operation input unit 201 and inputs an instruction to request connection to the server 108b, the control unit 206 reads three types of authentication information from the tamper resistant storage unit 204 (step 1001). The first of the three types of authentication information is authentication information for connecting to the wireless LAN operator network 104 (hereinafter referred to as authentication information 1). The second is authentication information for connecting to the intranet 107 (hereinafter referred to as authentication information 2). The third is authentication information for accessing the server 108b (hereinafter referred to as authentication information 3).

  The authentication information 1 includes an account and a password provided from a public wireless LAN service provider. The authentication information 2 includes an account and a password necessary for remote access of the intranet. The authentication information 3 includes an account and a password necessary for accessing the server 108b.

  In response to the input of the access request from the operator, the control unit 206 transmits the authentication information 1 to the server 109 of the operator network 104 via the wireless LAN transmission / reception unit 203 (step 1002). When the server 109 authenticates the connection request source using the authentication information received from the mobile terminal 101, the server 109 transmits a connection permission signal indicating that the authentication has been accepted to the mobile terminal 101 (step 1003).

  When the portable terminal 101 receives the connection permission signal from the server 109, the control unit 206 transmits the authentication information 2 to the server 108a of the intranet 107 via the operator network 104 and the Internet 105 (step 1004). When the server 108a authenticates the connection request source with the authentication information received from the portable terminal 101, the server 108a transmits a connection permission signal to the portable terminal 101 (step 1005).

  When the portable terminal 101 receives the connection permission signal from the server 108a, the control unit 206 transmits the authentication information 3 to the server 108b of the intranet 107 via the operator network 104 and the Internet 105 (step 1006). When the server 108b authenticates the access request source with the authentication information received from the mobile terminal 101, the server 108b transmits an access permission signal indicating that the authentication is permitted to the mobile terminal 101 (step 1007).

  When the portable terminal 101 receives the access permission signal from the server 108b, the control unit 206 transmits a list request signal for requesting a list of files to the server 108b (step 1008). When the server 108b receives the list request signal from the mobile terminal 101, the server 108b transmits file list information listing file items to the mobile terminal 101 so that the contents of the file can be understood (step 1009).

  When the portable terminal 101 receives the file list information from the server 108b, the control unit 206 displays the file list information on the display unit 202 (step 1010). When the operator operates the operation input unit 201 to select a file from the file list information and inputs that download is requested, the control unit 206 displays information indicating that transmission of the selected file is requested. The download request signal shown is transmitted to the server 108b (step 1011).

  When the server 108b receives the download request signal from the portable terminal 101, the server 108b reads out the requested file data from the storage unit and transmits the file data to the portable terminal 101 (step 1012). When the portable terminal 101 receives file data from the server 108b, the control unit 206 stores the file data in the tamper resistant storage unit 204 (step 1013). Thereafter, the mobile terminal 101 waits for an operation from the operator, and in the case of a browsing operation, reads the file data from the tamper resistant storage unit 204 and causes the display unit 202 to display the read file data.

  Next, an operation when the mobile terminal 101 stores data downloaded from the server of the intranet 107 in the data storage unit 205 will be described. FIG. 6 is a flowchart illustrating a procedure when the data downloaded from the server by the mobile terminal is stored in the data storage unit.

  As described in FIG. 5, the mobile terminal 101 is connected to the server 108b. Then, when the operator operates the operation input unit 201 to input that download is requested for a predetermined file, the control unit 206 transmits a download request signal indicating information requesting transmission of the file to the server 108b. (Step 2001).

  When the server 108b receives the download request signal from the mobile terminal 101, the server 108b reads out the requested file data from the storage unit and transmits the file data to the mobile terminal 101 (step 2002). The control unit 206 does not store the data received from the server 108 b as it is in the data storage unit 205, but encrypts and stores it using the key information stored in the tamper resistant storage unit 204. As described above, there are two types of encryption methods: a method using common key encryption (referred to as method 1) and a method using a public key (referred to as method 2). First, the case where Method 1 is used will be described.

  The control unit 206 reads the common key from the tamper resistant storage unit 204 (step 2003). Subsequently, the data received from the server 108b is encrypted with the common key (step 2004), and the encrypted file data is stored in the data storage unit 205 (step 2005). When there is a browsing request by the browsing operation by the operator, the control unit 206 reads the encrypted file data from the data storage unit 205 (step 2006). Then, the encrypted file data is decrypted (step 2007), and the decrypted file data is displayed on the display unit 202 (step 2008).

  FIG. 7 is a flowchart showing another procedure when the mobile terminal stores data downloaded from the server in the data storage unit. A case where the encryption method 2 is used will be described. Since the processing from step 2001 to step 2006 is the same as that described in FIG. 6, the description thereof is omitted here.

  The control unit 206 reads the public key from the tamper resistant storage unit 204 in step 2003, encrypts the data downloaded from the server 108b with the public key, and stores it in the data storage unit 205 (step 2005). When there is a browsing request by the browsing operation by the operator, the control unit 206 reads the encrypted file data from the data storage unit 205 (step 2006).

  Subsequently, the control unit 206 performs mutual authentication with the notebook PC 102 by a method described later, and then transmits a secret key request signal for requesting a secret key to the notebook PC 102 (step 2011). When the private key information is received from the notebook PC 102 (step 2012), the encrypted file data is decrypted using the private key (step 2013). Then, the decrypted file data is displayed on the display unit 202 (step 2014).

  Since the capacity of the data storage unit 205 is lower than the capacity of the tamper-resistant storage unit 204, the data to be concealed is stored in the data storage unit 205 as in this embodiment, so that the mobile terminal 101 The apparatus cost can be reduced. Furthermore, if the data storage unit 205 is detachable, the storage capacity is not limited and can be made unlimited.

  In addition, since the method using the common key cryptography can check the file contents only with the mobile terminal 101, there is a risk that information may leak when the mobile terminal 101 is lost or stolen. However, the portable terminal 101 can access only the operator's notebook PC 102 and the access destination file server by electronic means. Therefore, even if another device is connected to the portable terminal 101, the electronically stored file cannot be taken out. Therefore, the method using the common key encryption can be browsed only by the small display unit 202 of the portable terminal 101, and is suitable for storing information published on a server on the Internet that has little influence even if there is an information leak. ing.

  On the other hand, the method using public key cryptography is suitable for storing information from an in-house file server that has a high risk of information leakage at the time of theft because the file contents cannot be viewed on the portable terminal 101.

  Next, a case where data stored in the tamper resistant storage unit 204 of the portable terminal 101 from the notebook PC 102 is operated on the notebook PC 102 will be described.

  FIG. 8 is a flowchart showing an operation method from the notebook PC for the file stored in the tamper resistant storage unit of the portable terminal.

  As an initial setting, after establishing communication by wireless LAN between the notebook PC 102 and the portable terminal 101 (step 3001), mutual authentication is performed (step 3002). After mutual confirmation is obtained as a result of mutual authentication, when the operator operates the notebook PC 102 and inputs a request to read file data in the portable terminal 101, the notebook PC 102 transmits a predetermined file. Is transmitted to the portable terminal 101 (step 3003). When receiving the file operation request signal from the notebook PC 102, the portable terminal 101 reads out the requested file data from the tamper resistant storage unit 204 (step 3004) and transmits the file data to the notebook PC 102 (step 3005).

  In this way, it is possible to operate a file stored in the tamper resistant storage unit 204 of the portable terminal 101 from the notebook PC 102.

  At this time, there is a method of moving the file directly to the storage device of the notebook PC 102. However, network file access using the mobile terminal 101 as a remote computer (a method using a network file system, a method using a Microsoft shared file, a file transfer protocol using ftp (file transfer protocol) A method based on a well-known method such as a pseudo-shared file using) may be used. In the network file access method, since no file remains in the storage device of the notebook PC 102, it is possible to prevent the leakage of information when the notebook PC is stolen or lost.

  Next, a case where data stored in the data storage unit 205 of the portable terminal 101 from the notebook PC 102 is operated on the notebook PC 102 will be described.

  FIG. 9 is a flowchart showing an operation method from the notebook PC for the file stored in the data storage unit of the portable terminal. The procedure is the same as that in FIG. 8 except for the processing for the file to be acquired being encrypted with the common key or the public key. Here, it is assumed that the file is encrypted with the public key.

  After establishing communication by wireless LAN between the notebook PC 102 and the portable terminal 101 (step 4001), mutual authentication is performed (step 4002). After mutual confirmation is obtained as a result of mutual authentication, when the operator operates the notebook PC 102 and inputs a request to read file data in the portable terminal 101, the notebook PC 102 displays a file operation request signal. It transmits to the portable terminal 101 (step 4003). When receiving the file operation request signal from the notebook PC 102, the portable terminal 101 reads the requested file data from the data storage unit 205 and transmits the file data to the notebook PC 102 (step 4004).

  When the notebook PC 102 receives the file data encrypted with the public key from the portable terminal 101, the notebook PC 102 decrypts the file data using the secret key stored in the tamper resistant storage device 304 (step 4005).

  When the file is encrypted by the public key cryptosystem as in this embodiment, the file can be handled by the application program of the notebook PC 102 by decrypting the file with the secret key stored in the notebook PC 102. It becomes.

  According to the present invention, when data is stored in the data storage unit 205 of the mobile terminal 101, if the data is encrypted with the public key, the data can be browsed unless the data is decrypted with the secret key stored in the notebook PC 102. Can not. In order to read data stored in the portable terminal 101, both the portable terminal 101 and the notebook PC 102 are required, so that the risk of information leakage due to theft or loss can be reduced.

  Further, when the user goes out on a business trip or the like, the portable terminal 101 and the notebook PC 102 are carried, so that the data downloaded from the various servers 106 and 108 via the portable terminal 101 can be used for work outside the office.

  In the above-described embodiment, the case of downloading a file has been described. However, a file can be uploaded by a similar procedure. In addition, it is also possible to receive and transmit an e-mail and browse a web page that can be performed by an operation accompanying data movement.

  In addition, the mobile terminal 101 of this embodiment can be manufactured and used as a single unit, but the display unit 202 and the operation input unit 201 may be shared with the mobile phone to form a mobile phone. In that case, the VoIP telephone may be performed via the wireless LAN using the wireless LAN transmission / reception unit 203.

  Further, if the mobile terminal 101 is provided with a biometric authentication function to perform biometric authentication, data can be handled more safely.

  Furthermore, when a biometric authentication function is added to the notebook PC 102, data cannot be transferred to the notebook PC even if there is leakage of data that can be browsed by the portable terminal alone. It is possible to prevent leakage.

It is a figure which shows the usage example of the information processing system of a present Example. It is a block diagram which shows the example of 1 structure of the portable terminal shown in FIG. It is a block diagram which shows the example of 1 structure of the notebook PC shown in FIG. It is a figure for demonstrating the typical usage method of the information processing system of a present Example. It is a flowchart which shows the procedure in case a portable terminal downloads a file from a server. It is a flowchart which shows the procedure in the case of storing the data which the portable terminal downloaded from the server in a data storage part. It is a flowchart which shows another procedure in the case of storing the data which the portable terminal downloaded from the server in a data storage part. It is a flowchart which shows the operation method from a notebook PC with respect to the file stored in the tamper-proof memory | storage part of a portable terminal. It is a flowchart which shows the operation method from a notebook PC with respect to the file stored in the data storage part of a portable terminal.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 Mobile terminal 102 Notebook computer 203 Wireless LAN transmission / reception part 204 Tamper-resistant storage part 205 Data storage part 206 Control part 303 Wireless LAN function part 304 Tamper-proof storage apparatus 305 Data storage apparatus 306 Central processing unit

Claims (6)

When a terminal wireless unit for communicating with an external information processing device, a storage unit storing data encrypted using a public key, and a browsing request for the data are input, the public key corresponds to the public key When a secret key request signal for requesting a secret key is transmitted to the outside via the terminal radio unit and the secret key is received from the outside, the encrypted data is decrypted with the secret key and displayed on the display unit A mobile terminal including a terminal control unit,
A wireless unit for communicating with the portable terminal, a storage unit storing the secret key, and a control unit that transmits the secret key to the portable terminal via the wireless unit when the secret key request signal is received A portable information processing device;
An information processing system. The terminal radio unit has a function of communicating with a server connected to a communication network via a base station,
When an instruction to request data stored in the server is input, the terminal control unit obtains the data from the server via the terminal radio unit, and encrypts the data with the public key. The information processing system according to claim 1, wherein the information processing system is stored in the storage unit. Communication between these two devices is established via the terminal wireless unit of the portable terminal and the wireless unit of the portable information processing device,
The control unit of the portable information processing device acquires encrypted data from the portable terminal and decrypts it with the secret key when an instruction to request reading of the data is input. Or the information processing system of 2. An information processing method using a portable terminal and a portable information processing device including a wireless unit for wireless communication,
The portable terminal stores data encrypted using a public key,
The portable information processing apparatus stores a secret key corresponding to the public key;
When the data browsing request is input, the portable terminal transmits a secret key request signal for requesting a secret key corresponding to the public key to the portable information processing apparatus via the wireless unit,
When the portable information processing device receives the secret key request signal from the portable terminal, the portable information processing device reads the secret key and transmits the secret key to the portable terminal via the wireless unit,
When the portable terminal receives the secret key from the portable information processing apparatus, the portable terminal decrypts the encrypted data with the secret key and displays the decrypted data on a display unit. When an instruction to acquire data stored in a server connected to an external communication network is input, the mobile terminal receives the data from the server via the wireless unit and the base station of the communication network. Acquired,
The information processing method according to claim 4, wherein the portable terminal encrypts and stores data acquired from the server with the public key. Each of the portable terminal and the portable information processing device establishes communication via the wireless unit,
The said portable information processing apparatus acquires the data encrypted from the said portable terminal, and decrypts with the said private key, if the instruction | indication which requests | requires reading of the said data is input. Information processing method.

Images