JP2011239123A - Information processing device and encryption key management method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow a portable terminal device to use an encryption key without communicating with an authentication server, and prevent the encryption key from leaking when a terminal is lost or stolen.SOLUTION: An encryption key 102 is stored in a non-volatile memory 404 before a portable terminal device 101 is switched on. The encryption key 102 is moved from the non-volatile memory 404 to a volatile memory 405 by an encryption key protection unit 401 when the portable terminal device 101 power supply is turned on. A user authentication unit 403 performs user authentication. If the user authentication is failed, the encryption key protection unit 401 erases the encryption key 102 from the volatile memory 405.

Description

The present invention relates to a technique for managing a key used for cryptographic communication.
In particular, the present invention relates to a technique for managing keys used for cryptographic communication in a mobile terminal device.

A plurality of communication devices share encryption algorithm keys, and perform electronic signatures and encryption of communication contents between communication devices, thereby preventing tapping of communication contents and detecting tampering.
At this time, if a common key encryption algorithm is used as the encryption algorithm, all communication devices need to share the same common key.
When using a public key encryption algorithm as an encryption algorithm, all communication devices need to have their own private key and the public key of another device.
That is, it is necessary to share a secret key or a public key associated with a secret key between communication devices.
At this time, if the communication device is lost or stolen and the encryption key is taken out from the communication device, the encrypted communication may be decrypted and the content may be decrypted.
Therefore, it is necessary to prevent leakage of confidential information for communication devices such as encryption keys.

As techniques for preventing leakage of confidential information such as encryption keys in conventional communication devices, there are the following techniques.
Patent Document 1 describes a system that prevents leakage of internal personal information and confidential information from a communicable terminal such as a mobile phone.
In this information leakage prevention system, when confidential information in the terminal is divided into two and one and PIN (Personal Identification Number) information are registered in the authentication server, authentication using the PIN information in the authentication server is successful. Only half of the confidential information is transferred from the authentication server to the terminal.
The confidential information in the terminal is deleted when the user authentication using the PIN information has failed more than the specified number of times.
Half of the confidential information acquired from the authentication server is held in the volatile memory and is erased when the power is turned off and reset.
The other divided confidential information is held in the terminal, and the entire confidential information can be restored when both pieces of information are gathered.
As a result, since only half of the confidential information is present in the terminal before power-on, leakage of confidential information due to loss or theft of the terminal in this state is prevented.
Further, confidential information cannot be accessed in an operating terminal unless the PIN information is known.

Patent Document 2 describes a system that prevents unauthorized use of personal data in a mobile terminal device.
In this personal data unauthorized use prevention system, each time the power is turned on, the terminal authentication information stored in the ROM in the terminal is sent to the authentication server via the network for authentication, and if the authentication is successful, the RAM (volatile memory in the terminal) ) Is written in the personal data availability information, and when the user's access to the personal data occurs, the access is permitted based on the personal data availability information.
When the terminal is lost, the registration information of the authentication server is temporarily deleted or changed to prevent authentication failure and prevent access to personal data.
Also, when a predetermined time elapses after the terminal is turned on, the personal data availability information is deleted, and the terminal authentication using the authentication server is requested again.
This prevents unauthorized use of personal data by contacting the administrator of the authentication server when the terminal is lost.
Even if the terminal is lost while the power is turned on, unauthorized use of personal data is prevented after a predetermined time has elapsed.

Patent Document 3 describes a cryptographic key update system in mobile communication.
In this encryption key update system, an encryption key used for encryption of a wireless communication section is generated and updated between a mobile unit and each wireless base station device.
The mobile station identification information is pre-distributed to the wireless base station apparatus that may communicate, and the base station apparatus and mobile body that have received the random number transmitted from the traveling mobile body are identified by the identification information and the random number. Generate an encryption key.
The mobile unit measures the elapsed time since the last communication with the last detected radio base station apparatus, and if it has passed a certain period of time, it has left the communicable area with the radio base station apparatus. All the encryption keys for communication with the radio base station apparatus are deleted.
This eliminates the management of encryption keys that are no longer used in the mobile unit.

JP 2007-249507 A JP 2008-5042 A JP 2006-129432 A

Conventional technology for preventing leakage of confidential information in communication devices has the following problems.
First, in the confidential information leakage prevention system of Patent Document 1, since half of the confidential information is placed in the authentication server, it is necessary to communicate with the authentication server for authentication and download the confidential information after turning on the power. There is a problem that confidential information cannot be used when the authentication server is not operating or when communication with the authentication server is not possible.
In addition, when the PIN information is broken, there is a problem that confidential information leaks from the operating terminal.

Further, in the personal data unauthorized use prevention system of Patent Document 2, since the personal data use availability information is controlled by authentication by communication between the terminal and the authentication server, the authentication server is not operating or the authentication server There is a problem that personal data, which is confidential information, cannot be used in a state where it is impossible to communicate.
When erasing personal data availability information after a predetermined time has elapsed after power-on, there is a possibility that personal data may be illegally used within a predetermined time, and it is necessary to communicate with the authentication server every predetermined time There are challenges.

In the encryption key update system of Patent Document 3, the encryption key is deleted when a predetermined time has elapsed after the use of the encryption key, and if the encryption key is between the mobile unit and the wireless base station device, the wireless By moving out of the range of the base station apparatus, it can be considered that the use of the encryption key has ended.
However, in the case of an encryption key used for communication between portable terminal devices, moving out of the range of the wireless base station device cannot be regarded as the end of use of the encryption key, so the encryption key cannot be deleted. There is a problem that the encryption key remaining in the mobile terminal device may be leaked when lost or stolen.
Alternatively, when the encryption key is erased every time it moves out of the range of the wireless base station device, there is a problem that the encryption key must be shared again between the mobile terminal devices every time the wireless base station device is crossed.

  The main object of the present invention is to solve the above-described problems, and an information processing device such as a portable terminal device can use an encryption key that is confidential information without communicating with an authentication server, and the terminal is lost. The purpose is to prevent leakage of the encryption key in the information processing apparatus when theft occurs.

An information processing apparatus according to the present invention includes:
An information processing apparatus using an encryption key,
A non-volatile memory for storing the encryption key before powering on the information processing apparatus;
Volatile memory,
A user authentication unit that performs user authentication when the information processing apparatus is powered on;
When the information processing apparatus is powered on, the encryption key is moved from the nonvolatile memory to the volatile memory prior to user authentication by the user authentication unit, and the user authentication by the user authentication unit fails when the user authentication fails. And an encryption key protection unit for erasing the encryption key.

According to the present invention, since the encryption key is stored in the non-volatile memory when the power is not turned on, the encryption key can be used without communication with the server after the power is turned on. A situation in which the function of the device cannot be used can be avoided.
In addition, user authentication is performed when the power is turned on, and the encryption key is deleted if the authentication fails. Therefore, when the information processing device is lost or stolen, the information processing device is activated illegally and the encryption key is used. Attempts to try can be blocked.
Also, since the encryption key is stored in the volatile memory while the power is turned on, the information processing device can be disassembled and encrypted with the power turned on when the information processing device is turned on or lost. Attempts to retrieve the key can be blocked.

FIG. 3 is a diagram illustrating an example of a system configuration according to the first embodiment. FIG. 3 shows a configuration example of a mobile terminal device according to Embodiment 1; FIG. 4 is a flowchart showing an example of processing when the mobile terminal device according to Embodiment 1 is turned on. FIG. 3 is a flowchart showing an example of processing when the mobile terminal device according to Embodiment 1 is turned off. The figure which shows the system configuration example which concerns on Embodiment 2-4. The figure which shows the internal format of the encryption key which concerns on Embodiment 2. FIG. FIG. 5 shows a configuration example of a mobile terminal device according to a second embodiment. FIG. 9 is a flowchart showing a process example of the mobile terminal device according to the second embodiment. FIG. 6 shows a configuration example of a mobile terminal device according to Embodiment 3. FIG. 10 is a flowchart showing a processing example of the mobile terminal device according to the third embodiment. FIG. 6 shows a configuration example of a mobile terminal device according to Embodiment 4; FIG. 9 is a flowchart showing a process example of the mobile terminal device according to the fourth embodiment. FIG. 10 is a diagram showing a system configuration example according to a fifth embodiment. FIG. 6 shows a configuration example of a mobile terminal device according to a fifth embodiment. FIG. 6 is a flowchart showing a processing example of a mobile terminal device according to a fifth embodiment. FIG. 9 shows a configuration example of a mobile terminal device according to a sixth embodiment. FIG. 10 is a flowchart showing a process example of the mobile terminal device according to the sixth embodiment. FIG. 4 is a flowchart showing an example of processing when the mobile terminal device according to Embodiment 1 is turned on. The figure which shows the hardware structural example of the portable terminal device which concerns on Embodiment 1-6.

Embodiment 1 FIG.
FIG. 1 is a system configuration diagram according to the first embodiment.
In FIG. 1, a mobile terminal device 101 is a terminal device that communicates with another mobile terminal device 101 via a network 103.
The mobile terminal device 101 is an example of an information processing device.
The encryption key 102 is a key for encrypting communication contents between the mobile terminal devices 101.
A network 103 is a network used as a communication path between the mobile terminal devices 101.

Next, based on FIG. 2, the function of the portable terminal device 101 in Embodiment 1 is demonstrated.
FIG. 2 is an internal block diagram of portable terminal device 101 in the first embodiment.
In FIG. 2, the encryption key protection unit 401 stores the encryption key 102 using the nonvolatile memory 404 and the volatile memory 405, performs user authentication using the user authentication unit 403, and the portable terminal device 101 is lost or stolen. If it is determined that there is, the encryption key 102 is erased.
The power switch 402 is a switch that is pressed when the portable terminal device 101 is activated or terminated.
The user authentication unit 403 performs user authentication using a password, fingerprint, glow, and the like.
The non-volatile memory 404 is a memory capable of holding data regardless of whether the mobile terminal device 101 is powered on.
The volatile memory 405 is a memory that can hold data only while the mobile terminal device 101 is powered on.

Next, the operation will be described.
First, an operation when the mobile terminal device 101 is turned on will be described.
FIG. 3 is a flowchart showing an operation when the portable terminal device 101 according to the first embodiment is turned on.

Before the power is turned on, the encryption key 102 is stored in the nonvolatile memory 404 of the mobile terminal device 101.
When the user presses the power switch 402 to turn on the portable terminal device 101, the encryption key protection unit 401 moves the encryption key 102 from the nonvolatile memory 404 to the volatile memory 405 (S101) (encryption key protection step).
Next, the encryption key protection unit 401 authenticates the user using the user authentication unit 403 (S102) (user authentication step).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S103), and if successful, the portable terminal device 101 is activated as it is.
In the case of failure, the encryption key protection unit 401 deletes the encryption key 102 from the volatile memory 405 (S104) (encryption key protection step).
Note that the authentication information may be re-input a predetermined number of times, and if an error occurs beyond that number, it may be determined that the authentication has failed.

Next, an operation when the mobile terminal device 101 is turned off will be described.
FIG. 4 is a flowchart illustrating an operation when the mobile terminal device 101 according to the first embodiment is turned off.

During power-on, the encryption key 102 is stored on the volatile memory 405 of the mobile terminal device 101.
When the user presses the power switch 402 to turn off the mobile terminal device 101, the encryption key protection unit 401 authenticates the user using the user authentication unit 403 (S201).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S202). If successful, the encryption key 102 is moved from the volatile memory 405 to the nonvolatile memory 404. Then, the mobile terminal device 101 is turned off (S203).
In the case of failure, the encryption key 102 is erased from the volatile memory 405, and the portable terminal device 101 is turned off (S204).

As described above, since the portable terminal device 101 stores the encryption key 102 in the nonvolatile memory 404 when the power is not turned on, the encryption key 102 that is confidential information is used without communication with the server after the power is turned on. it can.
Also, user authentication is performed when the mobile terminal device 101 is turned on. If the authentication fails, the mobile terminal device 101 is considered lost or stolen and the encryption key 102 is deleted. When the device is lost or stolen, attempts to illegally activate the mobile terminal device 101 to use the encryption key 102 can be prevented.
Since the portable terminal device 101 stores the encryption key 102 on the volatile memory 405 while the power is turned on, the portable terminal device 101 is kept powered on when the portable terminal device 101 is turned on and lost or stolen. An attempt to extract the encryption key 102 by disassembling the mobile terminal device 101 can be prevented.
In addition, user authentication is performed when the mobile terminal device 101 is turned off, and if the authentication fails, the mobile terminal device 101 is considered lost or stolen and the encryption key 102 is deleted. When the device is lost or stolen, it is possible to prevent an attempt to disassemble the portable terminal device 101 and take out the encryption key 102 after turning off the power.
In a series of procedures from power-on to power-off of the mobile terminal device 101, the mobile terminal device 101 does not need to communicate with the server, so the function of the mobile terminal device 101 cannot be used because the server is stopped. Therefore, the availability of the entire system can be increased.

Note that the system shown in FIG. 18 can be used instead of the system shown in FIG.
In the method of FIG. 18, first, user authentication is performed (S801), and when user authentication is successful (YES in S802), the encryption key protection unit 401 moves the encryption key 102 from the nonvolatile memory 404 to the volatile memory 405. (S803).
On the other hand, if the user authentication is successful (YES in S802), the encryption key protection unit 401 deletes the encryption key 102 from the nonvolatile memory 404 (S804).

As described above, since the method of FIG. 3 moves the encryption key 102 to the volatile memory 405 prior to user authentication, an attempt to disassemble the mobile terminal device 101 and extract the encryption key 102 during user authentication. Can be blocked.
In this respect, the method of FIG. 18 has a lower security strength than the method of FIG.
However, since the time between S801 and S803 in FIG. 18 is about 1 or 2 seconds, the security strength does not drop extremely, and the method shown in FIG. 18 can be adopted depending on the application.

As described above, in the present embodiment,
In portable terminal devices that can communicate with other terminals via a network, the encryption key is stored in the nonvolatile memory before power-on, and the user moves the encryption key from the nonvolatile memory to the volatile memory before power-on. User authentication is performed using the authentication unit. If authentication fails, the encryption key is erased from the volatile memory. When the power is turned off, user authentication is performed using the user authentication unit. If authentication is successful, the encryption key is volatilized. The portable terminal device including the encryption key protection unit that moves from the volatile memory to the nonvolatile memory and erases the encryption key from the volatile memory when the authentication fails is described.

In the present embodiment,
In a communication system including a plurality of portable terminal devices, the portable terminal device performs user authentication using a user authentication unit after moving an encryption key from a nonvolatile memory to a volatile memory when power is turned on, and the authentication fails. In this case, the encryption key is deleted from the volatile memory, and when the power is turned off, user authentication is performed using the user authentication unit. If the authentication is successful, the encryption key is moved from the volatile memory to the nonvolatile memory, and the authentication fails. In this case, the communication system including the encryption key protection unit for deleting the encryption key from the volatile memory has been described.

In the present embodiment,
The portable terminal device is an encryption key protector that stores the encryption key on the nonvolatile memory. When the power is turned on, the key moving step for moving the encryption key from the nonvolatile memory to the volatile memory, and the terminal is lost or stolen. When a threat level that is unlikely to have been detected is detected, a key update step that uses the encryption key update unit to update the encryption key in the volatile memory and erase the encryption key before the update, and the terminal was lost or stolen User authentication is performed using the user authentication unit when a threat with a high possibility is detected. If authentication fails, the user authentication / key deletion step is performed to delete the encryption key from the volatile memory. If the authentication is successful, the encryption key is moved from the volatile memory to the non-volatile memory. If the authentication fails, the key is stored to delete the encryption key from the volatile memory. It described the encryption key protecting method comprising the steps removed by.

In the present embodiment,
An encryption key protector that stores encryption keys on non-volatile memory. When power is turned on, key move processing to move encryption keys from non-volatile memory to volatile memory and the terminal may have been lost or stolen. When a low threat level is detected, the key update process that uses the encryption key update unit to update the encryption key in the volatile memory and erase the encryption key before the update, and the level at which the terminal is likely to have been lost or stolen User authentication using the user authentication unit when a threat is detected, and user authentication / key deletion processing to delete the encryption key from the volatile memory if authentication fails, and user authentication using the user authentication unit when the power is turned off If authentication is successful, the encryption key is transferred from the volatile memory to the non-volatile memory, and if authentication fails, the key storage / deletion process is executed to delete the encryption key from the volatile memory. The That described the encryption key protection program.

Embodiment 2. FIG.
In the second embodiment, the mobile terminal device 201 measures the out-of-service stay time from the base station device 203, and if it exceeds a certain time, it is assumed that the mobile terminal device 201 may have been lost or stolen. The prevention of leakage of the encryption key 202 by updating or deleting the key 202 will be described.

FIG. 5 is a system configuration diagram of the second embodiment.
In FIG. 5, a mobile terminal device 201 is a terminal that communicates with another mobile terminal device 201 via a base station device 203 and a core network 204.
The encryption key 202 is a key for encrypting communication contents between the mobile terminal devices 201.
The base station device 203 is an access point that performs wireless communication with the mobile terminal device 201 and connects to the core network 204.
The core network 204 is a backbone network used as a communication path between the portable terminal devices 201 via the base station device 203.

Next, the encryption key 202 in the second embodiment will be described with reference to FIG.
FIG. 6 is a diagram showing the internal format of the encryption key 202.
In FIG. 6, key data 221 is a key itself used for encrypted communication between the mobile terminal devices 201, and includes a type of encryption algorithm, a parameter, a key value, and the like.
The key generation number 222 is a number representing the current generation of the key data 221 and is incremented by 1 each time it is updated.
The attribute 223 stores these values when there are values attached to the key data 221 (key expiration date, judgment criteria for performing key update or key erasure on the assumption that the mobile terminal device 201 has been lost or stolen). .

Next, based on FIG. 7, the function of the portable terminal device 201 in Embodiment 2 is demonstrated.
FIG. 7 is an internal block diagram of portable terminal device 201 according to the second embodiment.

In FIG. 7, the encryption key protection unit 501 stores the encryption key 202 using the nonvolatile memory 504 and the volatile memory 505, and the mobile terminal device 201 may be lost or stolen from the base station radio wave reception unit 507 and the clock 508. Is detected, the encryption key 202 is updated using the encryption key update unit 506, and when the possibility that the portable terminal device 201 is lost or stolen is high, user authentication is performed using the user authentication unit 503, and the portable terminal device 201 is detected. If it is assumed that the key has been lost or stolen, the encryption key 202 is deleted.
The power switch 502 is a switch that is pressed when the mobile terminal device 201 is activated or terminated.
A user authentication unit 503 authenticates the user using a password, fingerprint, glow, or the like.
The nonvolatile memory 504 is a memory capable of holding data regardless of whether the mobile terminal device 201 is powered on.
The volatile memory 505 is a memory that can hold data only while the mobile terminal device 201 is powered on.
The encryption key update unit 506 receives the encryption key 202 and generates a next-generation encryption key 202 by performing a one-way operation such as a hash function.
The base station radio wave receiving unit 507 receives radio waves from any of the base station devices 203, and acquires information on areas currently in the area.
The clock 508 holds the current date and time, and corrects the value when the time information is included in the radio wave from the base station apparatus 203.

Next, the operation will be described.
The operation when the mobile terminal device 201 is turned on is the same as the operation of the mobile terminal device 101 in the first embodiment.

Next, an operation during power-on of the mobile terminal device 201 will be described.
FIG. 8 is a flowchart illustrating an operation during power-on of the mobile terminal device 201 according to the second embodiment.

During power-on, the encryption key 202 is stored on the volatile memory 505 of the mobile terminal device 201.
When the base station radio wave receiving unit 507 detects that the mobile terminal device 201 has moved out of the base station device range (ie, it has not received radio waves from any base station device), the encryption key protection unit 501 The measurement of the stay time t outside the base station device area is started (S301).
No operation is performed until the base station apparatus out-of-range residence time t exceeds a predetermined value t ₁ (first threshold), that is, during t ≦ t ₁ (S302).
If the portable terminal device 201 returns to the base station device range during this time (when the radio wave from the base station device is received again), the process returns to the top of the flowchart.
When the base station apparatus out-of-range stay time t exceeds a predetermined value t _1, that is, when t> t ₁ , the encryption key protection unit 501 uses the encryption key update unit 506 to encrypt the volatile memory 505. The key 202 is updated (a new encryption key 202 is generated), and the encryption key 202 before the update is deleted from the volatile memory 505 (S303).
When staying outside the base station device area continues, measurement of the base station device out-of-range stay time t is continued, and the base station device out-of-range stay time t is a predetermined value t ₂ (where t ₁ <t ₂ ) (second No operation is performed until the threshold value of () is exceeded, that is, during t ≦ t ₂ (S304).
If the mobile terminal device 201 returns to the base station device range during this time, the process returns to the top of the flowchart.
When the base station apparatus out-of-service area stay time t exceeds a predetermined value t _2, that is, when t> t ₂ , the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S 305).
When authentication information such as a password, fingerprint, or glow is input by the user, the user authentication result is determined (S306). If the authentication information is unsuccessful, the encryption key 202 is deleted from the volatile memory 505 (S307).
The predetermined values t ₁ and t ₂ are used when the attribute 223 of the encryption key 202 is set, and the values specified by the encryption key protection unit 501 are used otherwise.

  The operation when the mobile terminal device 201 is turned off is the same as the operation of the mobile terminal device 101 in the first embodiment.

As described above, it is considered that the mobile terminal device 201 may have been lost or stolen when the out-of-service stay time t during which radio waves from the base station device 203 do not reach exceeds t _1. Since the previous encryption key 202 is updated and the previous key is deleted, when the mobile terminal device 201 is lost or stolen, the mobile terminal device 201 is taken out of the base station device area to be remotely operated. Thus, it is possible to prevent an attempt to disassemble the portable terminal device 201 and take out the encryption key 202 while the power is turned on while avoiding erasure of the password.
In addition, performs user authentication when the out-of-range dwell time t the radio wave does not reach from the base station apparatus 203 has exceeded the t _2, the encryption key is regarded as a mobile terminal device 201 is lost or stolen when the authentication fails Since 202 is deleted, when the mobile terminal device 201 is lost or stolen, attempts to illegally use the mobile terminal device 201 and its encryption key 202 can be prevented.
In addition to these effects, it goes without saying that the effects shown in the first embodiment can be obtained.

In FIG. 8, when t> t ₂ (YES in S304), the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S305). and so as to erase the key 202 (S307) is immediately may be deleted the encryption key 202 without user authentication at the time when a t> t ₂ depending on the application.

As described above, in the present embodiment,
In a mobile terminal device capable of communicating with other terminals via the core network and each base station device connected to the core network, when the radio wave from the base station device is not received, the base station device out-of-range residence time t is measured. the start, residence time t is erased encryption key before being updated by updating the encryption key in the volatile memory using the encryption key update unit when exceeding the predetermined time t _1, the residence time t is given A mobile terminal provided with an encryption key protection unit that performs user authentication using the user authentication unit when time t ₂ (where t ₁ <t ₂ ) is exceeded, and erases the encryption key from the volatile memory when authentication fails The apparatus has been described.

In the present embodiment,
In a communication system including a plurality of base station devices and a plurality of portable terminal devices, the portable terminal device moves a cryptographic key from a nonvolatile memory to a volatile memory when power is turned on, and then uses a user authentication unit to perform user authentication. If the authentication fails, the encryption key is deleted from the volatile memory, and when the radio wave from the base station device is not received, the measurement of the stay time t outside the base station device area is started, and the stay time t is predetermined. When the time t ₁ is exceeded, the encryption key update unit is used to update the encryption key in the volatile memory to erase the encryption key before the update, and the stay time t is a predetermined time t ₂ (where t ₁ < When t ₂ ) is exceeded, user authentication is performed using the user authentication unit. When authentication fails, the encryption key is deleted from the volatile memory. When the power is turned off, user authentication is performed using the user authentication unit. If successful A communication system including an encryption key protection unit that moves an encryption key from a volatile memory to a nonvolatile memory and erases the encryption key from the volatile memory when authentication fails has been described.

Embodiment 3 FIG.
In Embodiment 3, when the mobile terminal device 201 measures the current area using radio waves from the base station device 203 and detects movement of a certain area, the mobile terminal device 201 may have been lost or stolen. A description will be given of prevention of leakage of the encryption key 202 by updating or erasing the encryption key 202 on the assumption that there is a possibility.

  The system configuration diagram of the third embodiment is the same as the system configuration diagram (FIG. 5) of the second embodiment.

  The encryption key 202 is the same as the encryption key 202 (FIG. 6) in the second embodiment.

Next, based on FIG. 9, the function of the portable terminal device 201 in Embodiment 3 is demonstrated.
FIG. 9 is an internal block diagram of the mobile terminal device 201 according to the third embodiment.

In FIG. 9, the encryption key protection unit 501 stores the encryption key 202 using the nonvolatile memory 504 and the volatile memory 505, and the mobile terminal device 201 is lost or stolen from the base station radio wave reception unit 507 and the movement distance calculation unit 509. Is detected, the encryption key 202 is updated using the encryption key update unit 506, and when the possibility of loss or theft of the mobile terminal device 201 is high, user authentication is performed using the user authentication unit 503, When it is determined that the terminal device 201 has been lost or stolen, the encryption key 202 is deleted.
The power switch 502 is a switch that is pressed when the mobile terminal device 201 is activated or terminated.
A user authentication unit 503 authenticates the user using a password, fingerprint, glow, or the like.
The nonvolatile memory 504 is a memory capable of holding data regardless of whether the mobile terminal device 201 is powered on.
The volatile memory 505 is a memory that can hold data only while the mobile terminal device 201 is powered on.
The encryption key update unit 506 receives the encryption key 202 and generates a next-generation encryption key 202 by performing a one-way operation such as a hash function.
The base station radio wave receiving unit 507 receives radio waves from the base station device 203 and acquires information and the like of the area currently in the area.
The movement distance calculation unit 509 records the approximate movement distance of the mobile terminal device 201 from the area information received by the base station radio wave reception unit 507.

Next, the operation will be described.
The operation when the mobile terminal device 201 is turned on is the same as the operation of the mobile terminal device 101 in the first embodiment.

Next, an operation during power-on of the mobile terminal device 201 will be described.
FIG. 10 is a flowchart illustrating an operation during power-on of the mobile terminal device 201 according to the third embodiment.

During power-on, the encryption key 202 is stored on the volatile memory 505 of the mobile terminal device 201.
When the base station radio wave receiving unit 507 detects the establishment of communication between the mobile terminal device 201 and the base station device 203 and then detects that the mobile station device 203 has moved to the base station device area of the different base station device 203 (the base station radio wave receiving unit 507 When the base station apparatus receiving the radio wave changes), the encryption key protection unit 501 updates the encryption key 202 on the volatile memory 505 using the encryption key update unit 506 (generates a new encryption key 202). Then, the encryption key 202 before update is erased from the volatile memory 505 (S401).
Then, the encryption key protection unit 501 uses the movement distance calculation unit 509 to calculate the approximate movement distance d after moving to the base station apparatus area of the different base station apparatus 203 from the base station apparatus information (S402).
Based on the radio wave received by the base station radio wave receiver 507, the movement distance calculator 509 determines the location of the base station device 203 that is the source of the radio wave received by the base station radio wave receiver 507, and the mobile terminal device 201 The approximate movement distance d is calculated.

If approximate moving distance d does not exceed the predetermined threshold value _{d 0,} that is, when the d ≦ _{d 0,} the flow returns to the beginning of the flow chart (S403).
When the approximate movement distance d exceeds the predetermined value d _0, that is, when d> d ₀ , the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S 404).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S405), and if successful, the process returns to the top of the flowchart.
In the case of failure, the encryption key 202 is deleted from the volatile memory 505 (S406).
As the predetermined value d ₀ , if the attribute 223 of the encryption key 202 is set, that value is used, and if not, the value defined by the encryption key protection unit 501 is used.

  The operation when the mobile terminal device 201 is turned off is the same as the operation of the mobile terminal device 101 in the first embodiment.

As described above, it is assumed that the mobile terminal device 201 may have been lost or stolen when moving from within the base station device 203 to another base station device 203, and the encryption key of the mobile terminal device 201 202 is updated so that the previous key is erased. Therefore, when the portable terminal device 201 is lost or stolen, the portable terminal device 201 is disassembled while the power is on and the encryption key 202 is taken out. Attempts to do so can be prevented.
Further, when the approximate moving distance d calculated from the location information of the base station device 203 exceeds d ₀ , user authentication is performed, and if the authentication fails, the mobile terminal device 201 is considered lost or stolen and the encryption key Since 202 is deleted, when the mobile terminal device 201 is lost or stolen, attempts to illegally use the mobile terminal device 201 and its encryption key 202 can be prevented.
In addition to these effects, it goes without saying that the effects shown in the first embodiment can be obtained.

In the flow of FIG. 10, it is also conceivable to detect that the mobile terminal device 201 has moved to a base station device area of a different base station device 203 during encrypted communication using the encryption key 202.
In this case, if the mobile terminal device 201 is configured to continue the encryption communication even if the encryption key 202 is deleted, the encryption key protection unit 501 deletes the encryption key before the update in S401.
On the other hand, if the configuration is such that if the encryption key 202 is deleted, the encryption communication cannot be continued, the encryption key protection unit 501 deletes the encryption key before the update after the encryption communication is completed.

In FIG. 10, when d> d ₀ (YES in S403), the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S404). and so as to erase the key 202 (S406) may be deleted the encryption key 202 immediately without the user authentication at the time when a d> d ₀ for some applications.

As described above, in the present embodiment,
In a mobile terminal device that can communicate with other terminals via each base station device connected to the core network and the core network, when detecting movement to a different base station device area, a volatile memory is used by using an encryption key update unit after erasing the encryption key before being updated by updating the encryption key top, the approximate moving distance d from the current and previous base station apparatus information is calculated, the user authentication section when d exceeds a predetermined upper limit value d ₀ A mobile terminal device including an encryption key protection unit that performs user authentication using, and erases the encryption key from the volatile memory when the authentication fails is described.

In the present embodiment,
In a communication system including a plurality of base station devices and a plurality of portable terminal devices, the portable terminal device moves a cryptographic key from a nonvolatile memory to a volatile memory when power is turned on, and then uses a user authentication unit to perform user authentication. If the authentication fails, the encryption key is deleted from the volatile memory, and when movement to a different base station device area is detected, the encryption key update unit is used to update and update the encryption key on the volatile memory. after erasing the previous encryption key, the approximate moving distance d from the current and previous base station apparatus information calculated, d performs user authentication using the user authentication section when exceeding the predetermined upper limit value d _0, authentication If the authentication fails, the encryption key is deleted from the volatile memory, and when the power is turned off, user authentication is performed using the user authentication unit.If the authentication is successful, the encryption key is moved from the volatile memory to the nonvolatile memory. A communication system including an encryption key protection unit that erases an encryption key from a volatile memory when authentication fails has been described.

Embodiment 4 FIG.
In the fourth embodiment, when the mobile terminal device 201 uses the radio wave from the base station device 203 to measure the current area and calculates the moving speed, and the mobile terminal device 201 detects that the moving speed exceeds a certain speed, A description will be given of prevention of leakage of the encryption key 202 by updating or erasing the encryption key 202 on the assumption that it may have been lost or stolen.

  The system configuration diagram of the fourth embodiment is the same as the system configuration diagram (FIG. 5) of the second embodiment.

  The encryption key 202 is the same as the encryption key 202 (FIG. 6) in the second embodiment.

Next, based on FIG. 11, the function of the portable terminal device 201 in Embodiment 4 is demonstrated.
FIG. 11 is an internal block diagram of the portable terminal device 201 according to the third embodiment.

In FIG. 11, the encryption key protection unit 501 stores the encryption key 202 using the nonvolatile memory 504 and the volatile memory 505, and from the base station radio wave reception unit 507, the clock 508, and the movement distance calculation unit 509, When the possibility of loss / theft is detected, the encryption key 202 is updated using the encryption key update unit 506. When the possibility of loss / theft of the mobile terminal device 201 is high, user authentication is performed using the user authentication unit 503. If the mobile terminal device 201 is deemed lost or stolen, the encryption key 202 is deleted.
The power switch 502 is a switch that is pressed when the mobile terminal device 201 is activated or terminated.
A user authentication unit 503 authenticates the user using a password, fingerprint, glow, or the like.
The nonvolatile memory 504 is a memory capable of holding data regardless of whether the mobile terminal device 201 is powered on.
The volatile memory 505 is a memory that can hold data only while the mobile terminal device 201 is powered on.
The encryption key update unit 506 receives the encryption key 202 and generates a next-generation encryption key 202 by performing a one-way operation such as a hash function.
The base station radio wave receiving unit 507 receives radio waves from the base station device 203 and acquires information and the like of the area currently in the area.
The clock 508 holds the current date and time, and corrects the value when the time information is included in the radio wave from the base station apparatus 203.
The movement distance calculation unit 509 records the approximate movement distance of the mobile terminal device 201 from the area information received by the base station radio wave reception unit 507.
In the present embodiment, the movement distance calculation unit 509 is also an example of a movement speed calculation unit.

Next, the operation will be described.
The operation when the mobile terminal device 201 is turned on is the same as the operation of the mobile terminal device 101 in the first embodiment.

Next, an operation during power-on of the mobile terminal device 201 will be described.
FIG. 12 is a flowchart illustrating an operation during power-on of the mobile terminal device 201 according to the fourth embodiment.

During power-on, the encryption key 202 is stored on the volatile memory 505 of the mobile terminal device 201.
When the base station radio wave receiving unit 507 detects establishment of communication between the mobile terminal device 201 and the base station device 203, the encryption key protection unit 501 starts measuring the stay time t within the base station device using the clock 508 (S501). ).
When the base station radio wave receiving unit 507 detects that the base station device 203 has moved to a different base station device area, the encryption key protection unit 501 uses the encryption key update unit 506 to obtain the encryption key 202 on the volatile memory 505. Update (generate a new encryption key 202), and delete the encryption key 202 before the update from the volatile memory 505 (S502).
Then, the encryption key protection unit 501 uses the movement distance calculation unit 509 to calculate the approximate movement distance d after moving to the base station apparatus area of the different base station apparatus 203 from the base station apparatus information (S503).
If the movement distance (movement speed) S = d / t per unit time does not exceed the predetermined threshold value S _0, that is, if S ≦ S ₀ , the process returns to the top of the flowchart (S 504).
When the moving distance S per unit time exceeds the predetermined value S _0, that is, when S> S ₀ , the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S 505).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S506), and if successful, the process returns to the top of the flowchart.
In the case of failure, the encryption key 202 is deleted from the volatile memory 505 (S507).
As the predetermined value S ₀ , if the attribute 223 of the encryption key 202 is set, that value is used. Otherwise, the value defined by the encryption key protection unit 501 is used.

  The operation when the mobile terminal device 201 is turned off is the same as the operation of the mobile terminal device 101 in the first embodiment.

As described above, it is assumed that the mobile terminal device 201 may have been lost or stolen when moving from within the base station device 203 to another base station device 203, and the encryption key of the mobile terminal device 201 202 is updated so that the previous key is erased. Therefore, when the portable terminal device 201 is lost or stolen, the portable terminal device 201 is disassembled while the power is on and the encryption key 202 is taken out. Attempts to do so can be prevented.
Further, user authentication is performed when the moving speed S calculated from the position information of the base station device 203 and the clock 508 inside the mobile terminal device 201 exceeds S ₀ , and if the authentication fails, the mobile terminal device 201 is lost / Since the encryption key 202 is erased on the assumption that the device has been stolen, attempts to illegally use the mobile terminal device 201 and its encryption key 202 should be prevented when the mobile terminal device 201 is lost or stolen. Can do.
In addition to these effects, it goes without saying that the effects shown in the first embodiment can be obtained.

As in the third embodiment, in the flow of FIG. 12, it is detected that the mobile terminal device 201 has moved to a base station device area of a different base station device 203 during encrypted communication using the encryption key 202. Is also possible.
In this case, if the mobile terminal device 201 is configured so that encrypted communication can be continued even if the encryption key 202 is deleted, the encryption key protection unit 501 deletes the encryption key before update in S502.
On the other hand, if the configuration is such that if the encryption key 202 is deleted, the encryption communication cannot be continued, the encryption key protection unit 501 deletes the encryption key before the update after the encryption communication is completed.

In FIG. 12, when S> S ₀ (YES in S504), the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S505). and so as to erase the key 202 (S507) may be deleted the encryption key 202 immediately without the user authentication at the time when a S> S ₀ for some applications.

As described above, in the present embodiment,
In a mobile terminal device that can communicate with other terminals via the core network and each base station device connected to the core network, when the radio wave from a certain base station device is received, When measurement is started and movement to a different base station device area is detected, the encryption key update unit is used to update the encryption key on the volatile memory and erase the encryption key before the update. The approximate travel distance d is calculated from the station device information, and when the travel speed (the travel distance per unit time) S = d / t exceeds the predetermined upper limit value S ₀ , user authentication is performed using the user authentication unit. A portable terminal device provided with an encryption key protector that erases an encryption key from a volatile memory when it fails has been described.

As described above, in the present embodiment,
In a communication system including a plurality of base station devices and a plurality of portable terminal devices, the portable terminal device moves a cryptographic key from a nonvolatile memory to a volatile memory when power is turned on, and then uses a user authentication unit to perform user authentication. If the authentication is unsuccessful, the encryption key is erased from the volatile memory, and when the radio wave from a certain base station device is received, measurement of the stay time t in the base station device is started, and a different base station device When the movement to the service area is detected, the encryption key update unit is used to update the encryption key in the volatile memory and delete the encryption key before the update, and then the approximate movement distance d is determined from the current and previous base station apparatus information. calculated, performs user authentication using the user authentication section when S = d / t (moving distance per unit time) moving speed exceeds a predetermined upper limit value S _0, volatile encryption key if authentication fails Memory When the power is turned off, user authentication is performed using the user authentication unit. If the authentication is successful, the encryption key is transferred from the volatile memory to the nonvolatile memory. If the authentication fails, the encryption key is transferred to the volatile memory. A communication system including an encryption key protector for erasing from the above has been described.

Embodiment 5 FIG.
In the fifth embodiment, in the mobile terminal device 301, when the current position is measured using a GPS signal 306 from a GPS (Global Positioning System) satellite 305 and movement of a certain distance is detected, the mobile terminal device 302 is lost / A description will be given of prevention of leakage of the encryption key 202 by updating or deleting the encryption key 202 on the assumption that the theft may have occurred.

  FIG. 13 is a system configuration diagram of the fifth embodiment.

In FIG. 13, a mobile terminal device 301 is a terminal that communicates with other mobile terminal devices 301 via a base station device 303 and a core network 304 and receives a GPS signal 306 transmitted from a GPS satellite 305.
The encryption key 202 is a key for encrypting communication contents between the mobile terminal devices 301.
The base station device 303 is an access point that performs wireless communication with the mobile terminal device 301 and connects to the core network 304.
The core network 304 is a backbone network used as a communication path between the mobile terminal devices 301 via the base station device 303.
The GPS satellite 305 is a GPS system artificial satellite that transmits a GPS signal 306.
The GPS signal 306 is a signal including time information and orbit information transmitted by the GPS satellite 305.
The GPS satellite 305 is an example of a positioning satellite, and the GPS signal 306 is an example of position information.

  The encryption key 202 is the same as the encryption key 202 (FIG. 6) in the second embodiment.

Next, based on FIG. 14, the function of the portable terminal device 301 in Embodiment 5 is demonstrated.
FIG. 14 is an internal block diagram of portable terminal device 301 in the fifth embodiment.

In FIG. 14, the encryption key protection unit 601 stores the encryption key 202 using the nonvolatile memory 604 and the volatile memory 605, and the mobile terminal device 301 is lost or stolen from the movement distance calculation unit 609 and the GPS signal reception unit 610. When the possibility is detected, the encryption key 202 is updated using the encryption key update unit 606. When the possibility of loss or theft of the mobile terminal device 301 is high, user authentication is performed using the user authentication unit 603, and the mobile terminal When it is assumed that the device 301 has been lost or stolen, the encryption key 202 is deleted.
The power switch 602 is a switch that is pressed when the mobile terminal device 301 is activated or terminated.
A user authentication unit 603 authenticates the user using a password, fingerprint, glow, or the like.
The nonvolatile memory 604 is a memory capable of holding data regardless of whether the mobile terminal device 301 is powered on.
The volatile memory 605 is a memory that can hold data only while the mobile terminal device 301 is powered on.
The encryption key update unit 606 receives the encryption key 202 and generates a next-generation encryption key 202 by performing a one-way operation such as a hash function.
The base station radio wave receiving unit 607 receives radio waves from the base station device 303 and acquires information and the like of the area that is currently in the area.
The movement distance calculation unit 609 records the movement distance of the mobile terminal device 301 using the current position calculated by the GPS signal reception unit 610.
The GPS signal receiving unit 610 receives the GPS signal 306 transmitted from the GPS satellite 305 and calculates an accurate three-dimensional position of the reception point.
The GPS signal receiving unit 610 is an example of a position information receiving unit.

Next, the operation will be described.
The operation when the mobile terminal device 301 is turned on is the same as the operation of the mobile terminal device 101 in the first embodiment.

Next, an operation during power-on of the mobile terminal device 301 will be described.
FIG. 15 is a flowchart illustrating an operation during power-on of the mobile terminal device 301 according to the fifth embodiment.

During power-on, the encryption key 202 is stored on the volatile memory 605 of the mobile terminal device 301.
The encryption key protection unit 501 acquires the current position information of the portable terminal device 301 by the GPS signal reception unit 610, and uses the movement distance calculation unit 609 to move the distance d after the power is turned on (the position where the power is turned on is the starting position). The moving distance d) is measured (S601).
The measurement of the movement distance d is continued until the movement distance d exceeds a predetermined value d ₁ (first threshold), that is, while d ≦ d ₁ (S602).
When the moving distance d exceeds the predetermined value d _1, that is, when d> d ₁ , the encryption key protection unit 601 updates the encryption key 202 on the volatile memory 605 using the encryption key update unit 606. (Create a new encryption key 202), and erase the encryption key 202 before the update from the volatile memory 605 (S603).
Thereafter, the encryption key protection unit 501 acquires the current position information of the mobile terminal device 301 by the GPS signal reception unit 610, and continues to measure the movement distance d after power-on using the movement distance calculation unit 609 (S604).
The measurement of the movement distance d is continued until the movement distance d exceeds a predetermined value d ₂ (where d ₁ <d ₂ ) (second threshold), that is, d ≦ d ₂ (S605).
When the moving distance d exceeds the predetermined value d _2, that is, when d> d ₂ , the encryption key protection unit 601 performs user authentication using the user authentication unit 603 (S 606).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S607). If successful, the moving distance d after power-on is reset (d = 0), Return to the top of the flowchart (S608).
In the case of failure, the encryption key 202 is deleted from the volatile memory 605 (S609).
As the predetermined values d ₁ and d ₂ , when the attribute 223 of the encryption key 202 is set, the value is used. Otherwise, the value defined by the encryption key protection unit 601 is used.

  The operation when the mobile terminal device 301 is turned off is the same as the operation of the mobile terminal device 101 in the first embodiment.

As described above, are regarded as the movement distance d after power is likely to portable terminal device 301 at the time of exceeding the d ₁ are lost or stolen, and updates the encryption key 202 of the portable terminal device 301 Since the previous key is erased, when the mobile terminal device 301 is lost or stolen, an attempt to disassemble the mobile terminal device 301 with the power on and take out the encryption key 202 is prevented. can do.
Furthermore, performs user authentication each time the movement distance d after power exceeds d _2, and so as to erase the encryption key 202 is regarded as a portable terminal device 301 is lost or stolen when the authentication fails Therefore, when the mobile terminal device 301 is lost or stolen, an attempt to illegally use the mobile terminal device 301 and its encryption key 202 can be prevented.
In addition to these effects, it goes without saying that the effects shown in the first embodiment can be obtained.

In the flow of FIG. 15, it is also conceivable that the moving distance d of the mobile terminal device 301 exceeds d ₁ during the encrypted communication using the encryption key 202 (YES in S602).
In this case, if the mobile terminal device 301 is configured so that encrypted communication can be continued even if the encryption key 202 is deleted, the encryption key protection unit 601 deletes the encryption key before update in S603.
On the other hand, if the encryption key 202 is deleted, the encryption key protection unit 601 deletes the pre-update encryption key after the encryption communication is completed.

In FIG. 15, when d> d ₂ (YES in S605), the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S606). and so as to erase the key 202 (S609) may be deleted the encryption key 202 immediately without the user authentication at the time when a d> d ₂ depending on the application.

As described above, in the present embodiment,
In a portable terminal device that can communicate with other terminals via the core network and each base station device connected to the core network and can receive a GPS signal from a GPS satellite, a moving distance calculation unit from the received GPS signal was used to calculate the travel distance d after power, d is an encryption key before being updated by updating the encryption key in the volatile memory using the encryption key update unit when exceeding the predetermined upper limit value d ₁ An encryption key that erases and performs user authentication using the user authentication unit when d exceeds a predetermined distance d ₂ (where d ₁ <d ₂ ), and erases the encryption key from the volatile memory when authentication fails A portable terminal device including a protection unit has been described.

In the present embodiment,
In a communication system including a plurality of base station devices, a plurality of mobile terminal devices, and a plurality of GPS satellites, the mobile terminal device moves an encryption key from a non-volatile memory to a volatile memory at power-on, and then a user authentication unit If the authentication fails, the encryption key is erased from the volatile memory, and the movement distance d after the power is turned on is calculated from the received GPS signal using the movement distance calculation unit. upper limit value d ₁ to update the encryption key in the volatile memory using the encryption key update unit erases the encryption key before being updated when it exceeds, d is a predetermined distance d _{2 (where} d _{1 <d 2} ), User authentication is performed using the user authentication unit. If authentication fails, the encryption key is deleted from the volatile memory. When the power is turned off, user authentication is performed using the user authentication unit. If cipher A communication system including an encryption key protection unit that moves a key from a volatile memory to a nonvolatile memory and erases the encryption key from the volatile memory when authentication fails has been described.

Embodiment 6 FIG.
In the sixth embodiment, when the mobile terminal device 301 uses the GPS signal 306 from the GPS satellite 305 to measure the current position and calculates the moving speed, and detects movement above a certain speed, the mobile terminal apparatus 301 A description will be given of prevention of leakage of the encryption key 202 by updating or erasing the encryption key 202 on the assumption that it may have been lost or stolen.

  The system configuration diagram of the sixth embodiment is the same as the system configuration diagram (FIG. 13) of the fifth embodiment.

  The encryption key 202 is the same as the encryption key 202 (FIG. 6) in the second embodiment.

Next, based on FIG. 16, the function of the portable terminal device 301 in Embodiment 6 is demonstrated.
FIG. 16 is an internal block diagram of portable terminal device 301 in the sixth embodiment.

In FIG. 16, the encryption key protection unit 601 stores the encryption key 202 using the nonvolatile memory 604 and the volatile memory 605, and the portable terminal device 301 is lost from the clock 608, the movement distance calculation unit 609, and the GPS signal reception unit 610. When the possibility of theft is detected, the encryption key 202 is updated using the encryption key update unit 606, and if the possibility of loss or theft of the mobile terminal device 301 is high, the user authentication unit 603 is used to perform user authentication. If the mobile terminal device 301 is deemed lost or stolen, the encryption key 202 is deleted.
The power switch 602 is a switch that is pressed when the mobile terminal device 301 is activated or terminated.
A user authentication unit 603 authenticates the user using a password, fingerprint, glow, or the like.
The nonvolatile memory 604 is a memory capable of holding data regardless of whether the mobile terminal device 301 is powered on.
The volatile memory 605 is a memory that can hold data only while the mobile terminal device 301 is powered on.
The encryption key update unit 606 receives the encryption key 202 and generates a next-generation encryption key 202 by performing a one-way operation such as a hash function.
The base station radio wave receiving unit 607 receives radio waves from the base station device 303 and acquires information and the like of the area that is currently in the area.
The clock 608 holds the current date and time, and corrects the value using the time information included in the GPS signal 306 received by the GPS signal receiving unit 610.
The movement distance calculation unit 609 records the movement distance of the mobile terminal device 301 using the current position calculated by the GPS signal reception unit 610.
The movement distance calculation unit 609 is also an example of a movement speed calculation unit.
The GPS signal receiving unit 610 receives the GPS signal 306 transmitted from the GPS satellite 305 and calculates an accurate three-dimensional position of the reception point.
The GPS signal receiving unit 610 is an example of a position information receiving unit.

Next, the operation will be described.
The operation when the mobile terminal device 301 is turned on is the same as the operation of the mobile terminal device 101 in the first embodiment.

Next, an operation during power-on of the mobile terminal device 301 will be described.
FIG. 17 is a flowchart showing an operation during power-on of the mobile terminal device 301 according to the sixth embodiment.

During power-on, the encryption key 202 is stored on the volatile memory 605 of the mobile terminal device 301.
The encryption key protection unit 501 acquires the current position information of the mobile terminal device 301 by the GPS signal reception unit 610, and measures the movement speed (movement distance per unit time) s using the clock 608 and the movement distance calculation unit 609 ( S701).
If the moving speed s does not exceed the predetermined value s ₁ (first threshold), that is, if s ≦ s ₁ , the process returns to the top of the flowchart (S702).
When the moving speed s exceeds the predetermined value s ₁ , that is, when s> s ₁ , the encryption key protection unit 601 updates the encryption key 202 on the volatile memory 605 using the encryption key update unit 606 ( A new encryption key 202 is generated), and the encryption key 202 before update is deleted from the volatile memory 605 (S703).
If the moving speed s does not exceed the predetermined value s ₂ (where s ₁ <s ₂ ) (second threshold), that is, if s ≦ s ₂ , the process returns to the top of the flowchart (S704).
When the moving speed s exceeds the predetermined value s ₂ , that is, when s> s ₂ , the encryption key protection unit 601 authenticates the user using the user authentication unit 603 (S 705).
When authentication information such as a password, fingerprint, and glow is input by the user, the user authentication result is determined (S706), and if successful, the process returns to the top of the flowchart.
In the case of failure, the encryption key 202 is deleted from the volatile memory 605 (S707).
As the predetermined values s ₁ and s ₂ , when the attribute 223 of the encryption key 202 is set, the value is used. Otherwise, the value defined by the encryption key protection unit 601 is used.

  The operation when the mobile terminal device 301 is turned off is the same as the operation of the mobile terminal device 101 in the first embodiment.

As described above, assuming that the mobile terminal device 301 may have been lost or stolen when the moving speed s exceeds s ₁ , the encryption key 202 of the mobile terminal device 301 is updated and the previous key is updated. Therefore, when the mobile terminal device 301 is lost or stolen, it is possible to prevent an attempt to disassemble the mobile terminal device 301 with the power on and take out the encryption key 202. .
If the moving speed s exceeds s ₂ , user authentication is performed in addition to updating the encryption key 202, and if the authentication fails, the mobile terminal device 301 is considered lost or stolen, and the encryption key 202 Therefore, when the mobile terminal device 301 is lost or stolen, an attempt to illegally use the mobile terminal device 301 and the updated encryption key 202 can be prevented.
In addition to these effects, it goes without saying that the effects shown in the first embodiment can be obtained.

In the flow of FIG. 17, it is also conceivable that the moving speed s of the mobile terminal device 301 exceeds s1 during the encrypted communication using the encryption key 202 (YES in S702).
In this case, if the mobile terminal device 301 is configured to continue the encrypted communication even if the encryption key 202 is deleted, the encryption key protection unit 601 deletes the encryption key before the update in S703.
On the other hand, if the encryption key 202 is deleted, the encryption key protection unit 601 deletes the pre-update encryption key after the encryption communication is completed.

In FIG. 17, when s> s ₂ (YES in S704), the encryption key protection unit 501 authenticates the user using the user authentication unit 503 (S705), and if the user authentication fails, the encryption is performed. and so as to erase the key 202 (S707) may also be immediately clear the encryption key 202 without user authentication at the time when a s> s _2.

As described above, in the present embodiment,
In a portable terminal device that can communicate with other terminals via the core network and each base station device connected to the core network, and can receive GPS signals from GPS satellites, the clock and travel distance from the received GPS signals calculator calculates the s (travel distance per unit time) moving speed using, s is to update the encryption key in the volatile memory using the encryption key update unit when exceeding the predetermined upper limit value s ₁ The encryption key before update is deleted, and when s exceeds a predetermined distance s ₂ (where s ₁ <s ₂ ), user authentication is performed using the user authentication unit, and if the authentication fails, the encryption key is volatile. A portable terminal device including an encryption key protection unit that is erased from the memory has been described.

In the present embodiment,
In a communication system including a plurality of base station devices, a plurality of mobile terminal devices, and a plurality of GPS satellites, the mobile terminal device moves an encryption key from a non-volatile memory to a volatile memory at power-on, and then a user authentication unit If the authentication fails, the encryption key is deleted from the volatile memory, and the movement speed (movement distance per unit time) s is determined from the received GPS signal using a clock and a movement distance calculation unit. calculated, s is deleted the encryption key before being updated by updating the encryption key in the volatile memory using the encryption key update unit when exceeding the predetermined upper limit value s _1, s distance is predetermined s ₂ ( However, if s ₁ <s ₂ ) is exceeded, user authentication is performed using the user authentication unit. If authentication fails, the encryption key is erased from the volatile memory. When the power is turned off, user authentication is performed using the user authentication unit. To authenticate A communication system has been described that includes an encryption key protector that moves an encryption key from a volatile memory to a nonvolatile memory if successful and erases the encryption key from the volatile memory if authentication fails.

  In the first to sixth embodiments, the portable terminal device is described as an example of the information processing device. However, as an example of the information processing device, the portable terminal device is installed in a small wireless device (transceiver) possessed by a police officer or a railway vehicle. “Radio communication devices” such as emergency radio devices are also included, and the present invention can also be applied to these “wireless communication devices”.

Finally, a hardware configuration example of the mobile terminal devices 101, 201, and 301 shown in the first to sixth embodiments will be described.
FIG. 19 is a diagram illustrating an example of hardware resources of the mobile terminal devices 101, 201, and 301 described in the first to sixth embodiments.
Note that the configuration in FIG. 19 is merely an example of the hardware configuration of the mobile terminal devices 101, 201, and 301, and the hardware configuration of the mobile terminal devices 101, 201, and 301 is limited to the configuration shown in FIG. Alternatively, other configurations may be used.

In FIG. 19, the mobile terminal devices 101, 201, and 301 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, and a processor) that executes a program.
The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, and a magnetic disk device 920 via a bus 912. Control the device.
Further, the CPU 911 may be connected to a mouse 903, an FDD 904 (Flexible Disk Drive), and a compact disk device 905 (CDD).
Further, instead of the magnetic disk device 920, a storage device such as an SSD (Solid State Drive), an optical disk device, or a memory card (registered trademark) read / write device may be used.
The “nonvolatile memory 404” described in the first to sixth embodiments is realized by the magnetic disk device 920, SSD, and the like, and the “volatile memory 405” is realized by the RAM 914.
The communication board 915, the keyboard 902, the mouse 903, the FDD 904, and the like are examples of input devices.
The communication board 915, the display device 901, and the like are examples of output devices.

As shown in FIG. 1, the communication board 915 is connected to a network.
For example, the communication board 915 may be connected to a LAN (Local Area Network), the Internet, a WAN (Wide Area Network), a SAN (Storage Area Network), etc. via a wireless communication network.

The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924.
The programs in the program group 923 are executed by the CPU 911 using the operating system 921 and the window system 922.

The RAM 914 temporarily stores at least part of the operating system 921 program and application programs to be executed by the CPU 911.
The RAM 914 stores various data necessary for processing by the CPU 911.

The ROM 913 stores a BIOS (Basic Input Output System) program, and the magnetic disk device 920 stores a boot program.
When the portable terminal devices 101, 201, and 301 are activated, the BIOS program in the ROM 913 and the boot program in the magnetic disk device 920 are executed, and the operating system 921 is activated by the BIOS program and the boot program.

  The program group 923 stores a program for executing the function described as “˜unit” in the description of the first to sixth embodiments. The program is read and executed by the CPU 911.

In the file group 924, in the description of the first to sixth embodiments, “determination of”, “calculation of”, “authentication of”, “comparison of”, “generation of”, “update of” ”,“ Setting of ”,“ registration of ”,“ selection of ”, etc., information, data, signal values, variable values, and parameters indicating the results of the processing are represented by“ ˜file ”or“ ˜ It is stored as each item of “Database”.
The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory.
Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit.
The read information, data, signal value, variable value, and parameter are used for CPU operations such as extraction, search, reference, comparison, calculation, calculation, processing, editing, output, printing, and display.
Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.
In addition, the arrows in the flowcharts described in the first to sixth embodiments mainly indicate input / output of data and signals.
Data and signal values are recorded on a recording medium such as a memory of the RAM 914, a flexible disk of the FDD 904, a compact disk of the CDD 905, a magnetic disk of the magnetic disk device 920, other optical disks, a mini disk, and a DVD.
Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

In addition, what is described as “˜unit” in the description of the first to sixth embodiments may be “˜circuit”, “˜device”, “˜device”, and “˜step”, It may be “˜procedure” or “˜processing”.
That is, the encryption key management method according to the present invention can be realized by the steps, procedures, and processes shown in the flowcharts described in the first to sixth embodiments.
Further, what is described as “˜unit” may be realized by firmware stored in the ROM 913.
Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware.
Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD.
The program is read by the CPU 911 and executed by the CPU 911.
That is, the program causes the computer to function as “to part” in the first to sixth embodiments. Alternatively, the computer executes the procedure and method of “to unit” in the first to sixth embodiments.

As described above, the portable terminal devices 101, 201, and 301 shown in the first to sixth embodiments are output devices such as a CPU as a processing device, a memory as a storage device, a magnetic disk, and a keyboard, a mouse, and a communication board as input devices. A computer including a display device, a communication board, and the like.
Then, as described above, the functions indicated as “˜units” are realized using these processing devices, storage devices, input devices, and output devices.

  101 mobile terminal device, 102 encryption key, 103 network, 201 mobile terminal device, 202 encryption key, 203 base station device, 204 network, 301 mobile terminal device, 303 base station device, 304 network, 305 GPS satellite, 306 GPS signal, 401 Encryption key protection unit 402 Power switch 403 User authentication unit 404 Non-volatile memory 405 Volatile memory 501 Encryption key protection unit 502 Power switch 503 User authentication unit 504 Non-volatile memory 505 Volatile memory 506 Encryption key update unit, 507 Base station radio wave reception unit, 508 Clock, 509 Travel distance calculation unit, 601 Encryption key protection unit, 602 Power switch, 603 User authentication unit, 604 Non-volatile memory, 605 Volatile memory, 606 Encryption key Update department, 607 Base station radio wave receiver, 608 clock, 609 travel distance calculator, 610 GPS signal receiver.

Claims (21)

An information processing apparatus using an encryption key,
A non-volatile memory for storing the encryption key before powering on the information processing apparatus;
Volatile memory,
A user authentication unit that performs user authentication when the information processing apparatus is powered on;
When the information processing apparatus is powered on, the encryption key is moved from the nonvolatile memory to the volatile memory prior to user authentication by the user authentication unit, and the user authentication by the user authentication unit fails when the user authentication fails. And an encryption key protection unit for deleting the encryption key from the information processing apparatus. An information processing apparatus using an encryption key,
A non-volatile memory for storing the encryption key before powering on the information processing apparatus;
Volatile memory,
A user authentication unit that performs user authentication when the information processing apparatus is powered on;
When the user authentication by the user authentication unit is successful, the encryption key is moved from the nonvolatile memory to the volatile memory, and when the user authentication by the user authentication unit fails, the encryption key is transferred from the nonvolatile memory. An information processing apparatus comprising: an encryption key protection unit to be erased. The user authentication unit includes:
User authentication is performed when the information processing apparatus is powered off,
The encryption key protector
When the user authentication by the user authentication unit is successful, the encryption key is moved from the volatile memory to the nonvolatile memory, and when the user authentication by the user authentication unit is unsuccessful, the encryption key is transferred from the volatile memory. The information processing apparatus according to claim 1, wherein the information processing apparatus is erased. The information processing apparatus further includes:
A base station radio wave receiver that receives radio waves from any of a plurality of base station devices used for wireless communication;
An encryption key update unit that generates a new encryption key other than the encryption key,
The encryption key protector
When the time during which the base station radio wave receiver does not receive radio waves from any base station device exceeds a predetermined first threshold, the encryption key update unit generates a new encryption key, and The information processing according to claim 1, wherein an encryption key is erased from the volatile memory, and a new encryption key generated by the encryption key update unit is stored in the volatile memory. apparatus. The encryption key protector
When the time during which the base station radio wave receiver does not receive radio waves from any base station device exceeds a predetermined second threshold (first threshold <second threshold), the encryption key update unit The information processing apparatus according to claim 4, wherein the new encryption key generated by the step is erased from the volatile memory. The encryption key protector
When the time during which the base station radio wave reception unit does not receive radio waves from any base station device exceeds the second threshold, the user authentication unit performs user authentication, and the user by the user authentication unit 6. The information processing apparatus according to claim 5, wherein when the authentication fails, the new encryption key generated by the encryption key update unit is deleted from the volatile memory. The information processing apparatus further includes:
A base station radio wave receiver that receives radio waves from any of a plurality of base station devices used for wireless communication;
An encryption key update unit that generates a new encryption key other than the encryption key,
The encryption key protector
When the base station apparatus from which the base station radio wave receiving unit is receiving radio waves changes due to the movement of the information processing apparatus, the encryption key update unit generates a new encryption key, and the encryption key is The information processing apparatus according to claim 1, wherein the information processing apparatus stores the new encryption key generated by the encryption key update unit and stored in the volatile memory. The information processing apparatus further includes:
A movement distance calculation unit for calculating a movement distance of the information processing apparatus;
The encryption key protector
When the base station apparatus from which the base station radio wave receiving unit is receiving radio waves has changed due to the movement of the information processing apparatus, the base station apparatus from which the base station radio wave receiving unit is receiving radio waves has changed. When the calculated moving distance exceeds a predetermined threshold, the new encryption key generated by the encryption key update unit is deleted from the volatile memory. The information processing apparatus according to claim 7. The encryption key protector
When the movement distance calculated by the movement distance calculation unit exceeds the threshold, the user authentication unit performs user authentication, and when the user authentication by the user authentication unit fails, the encryption key update unit 9. The information processing apparatus according to claim 8, wherein the new encryption key generated by the step is erased from the volatile memory. The movement distance calculation unit
Based on the radio wave received by the base station radio wave receiver, the location of the base station apparatus that is the transmission source of the radio wave received by the base station radio wave receiver is determined, and the movement distance of the information processing apparatus is calculated. The information processing apparatus according to claim 8 or 9, characterized in that The information processing apparatus further includes:
A movement speed calculation unit for calculating a movement speed of the information processing apparatus;
The encryption key protector
When the base station apparatus from which the base station radio wave receiving unit is receiving radio waves has changed due to the movement of the information processing apparatus, the base station apparatus from which the base station radio wave receiving unit is receiving radio waves has changed. The moving speed calculation unit calculates the moving speed of the information processing apparatus, and when the calculated moving speed exceeds a predetermined threshold, the new encryption key generated by the encryption key update unit is 11. The information processing apparatus according to claim 7, wherein the information processing apparatus is erased from the volatile memory. The encryption key protector
When the movement speed calculated by the movement speed calculation unit exceeds the threshold, the user authentication unit performs user authentication, and when the user authentication by the user authentication unit fails, the encryption key update unit The information processing apparatus according to claim 11, wherein the new encryption key generated by the step is erased from the volatile memory. The movement distance calculation unit
Based on the radio wave received by the base station radio wave receiver, the base station radio wave receiver receives the radio wave by determining the location of the base station device that is the source of the radio wave received by the base station radio wave receiver. The movement distance of the information processing apparatus after the base station apparatus being changed is calculated, and the calculated movement distance and the time since the base station apparatus receiving the radio wave by the base station radio wave reception section has changed The information processing apparatus according to claim 11, wherein a moving speed of the information processing apparatus is calculated using The information processing apparatus further includes:
A position information receiving unit that receives position information from which a location of the information processing apparatus can be derived from a predetermined positioning satellite, and derives a location of the information processing apparatus based on the received position information;
The movement distance calculation unit that calculates the movement distance of the information processing device from a predetermined starting position based on the location position derived by the position information reception unit;
An encryption key update unit that generates a new encryption key other than the encryption key,
The encryption key protector
When the movement distance calculated by the movement distance calculation unit exceeds a predetermined first threshold, the encryption key update unit generates a new encryption key and deletes the encryption key from the volatile memory. The information processing apparatus according to claim 1, wherein a new encryption key generated by the encryption key update unit is stored in the volatile memory. The encryption key protector
When the movement distance calculated by the movement distance calculation unit exceeds a predetermined second threshold value (first threshold value <second threshold value), the new encryption key generated by the encryption key update unit is The information processing apparatus according to claim 14, wherein the information processing apparatus is erased from a volatile memory. The encryption key protector
When the movement distance calculated by the movement distance calculation unit exceeds the second threshold, the user authentication unit is allowed to perform user authentication, and when the user authentication by the user authentication unit fails, the encryption key The information processing apparatus according to claim 15, wherein the new encryption key generated by the update unit is deleted from the volatile memory. The information processing apparatus further includes:
A position information receiving unit that receives position information from which a location of the information processing apparatus can be derived from a predetermined positioning satellite, and derives a location of the information processing apparatus based on the received position information;
The movement speed calculation unit that calculates the movement speed of the information processing device based on the location position derived by the position information reception unit;
An encryption key update unit that generates a new encryption key other than the encryption key,
The encryption key protector
When the movement speed calculated by the movement speed calculation unit exceeds a predetermined first threshold, the encryption key update unit generates a new encryption key and deletes the encryption key from the volatile memory. The information processing apparatus according to claim 1, wherein a new encryption key generated by the encryption key update unit is stored in the volatile memory. The encryption key protector
When the movement speed calculated by the movement speed calculation unit exceeds a predetermined second threshold (first threshold <second threshold), the new encryption key generated by the encryption key update unit is The information processing apparatus according to claim 17, wherein the information processing apparatus is erased from a volatile memory. The encryption key protector
When the movement speed calculated by the movement speed calculation unit exceeds the second threshold, the user authentication unit is allowed to perform user authentication, and when the user authentication by the user authentication unit fails, the encryption key The information processing apparatus according to claim 18, wherein the new encryption key generated by the update unit is deleted from the volatile memory. Non-volatile memory that stores the encryption key before power-on,
An encryption key management method performed by a computer having a volatile memory,
A user authentication step in which the computer performs user authentication when the computer is turned on;
An encryption in which the computer moves the encryption key from the nonvolatile memory to the volatile memory prior to user authentication when the computer is turned on, and erases the encryption key from the volatile memory when user authentication fails A cryptographic key management method comprising: a key protection step. Non-volatile memory that stores the encryption key before power-on,
For computers with volatile memory,
User authentication processing for performing user authentication when the computer is turned on;
An encryption key protection process for moving the encryption key from the nonvolatile memory to the volatile memory prior to user authentication when the computer is turned on, and erasing the encryption key from the volatile memory when user authentication fails; A program characterized by having executed.

Images