JP4290098B2 - COMMUNICATION DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, COMMUNICATION PROGRAM, AND RECORDING MEDIUM CONTAINING COMMUNICATION PROGRAM - Google Patents

Description

  The present invention relates to a communication device, a communication method, a communication system, a communication program, and a recording medium on which a communication program is recorded.

  In recent years, security devices such as an IC chip and an IC card having tamper resistance have been developed in order to make physical and electrical analysis difficult from the outside as semiconductor manufacturing technology and mounting technology advance. In addition, in order to provide compatibility between these security devices and devices that use them, standardization of communication specifications has been performed. This standardization is performed worldwide, for example, in ISO / IEC organizations.

  Some of these security devices include a nonvolatile memory and a cryptographic operation function in the security device. By providing these, authentication and cryptographic operations can be performed without taking out a private key or authentication verification data outside the security device. Therefore, it is possible to construct a system that realizes a safer security service. For example, login authentication to the device, encryption / decryption of electronic data, and the like can be given. Further, when such a security device is used in accordance with an instruction from a user, user authentication is required to prevent unauthorized use of the security device. In general, user authentication is designed to require biometric authentication in addition to plaintext passwords.

  In addition, these security devices have been connected to a network via a communication interface. When used in a network connection environment, the security device provides a more secure electronic payment service, electronic ticket service, copyright management service, and the like in cooperation with a PKI (Public Key Infrastructure) system using an authentication server.

  Further, the IC card is functioned as a node on the network (for example, see Patent Document 1). This document discloses an autonomous IC card capable of realizing secure data communication between IC cards. The IC card described in this document can communicate with a communication device via an IC card using terminal and a network, or can directly communicate between IC cards.

  In addition, in order to use one IC card for a plurality of security services, one managing a plurality of applications and data on one IC card has been developed.

JP 2004-13748 A (Claims, paragraph 0040, FIG. 3)

  However, conventionally, a single security device cannot be used simultaneously from a plurality of apparatuses. That is, at least one security device is required for an apparatus that provides one security service. For this reason, when one user receives one security service using a plurality of devices, there is a problem that a security device of each device is required. For example, after a user logs in to a first computer equipped with an IC card reader / writer on an office desk with an employee IC card issued by the company, a second user equipped with an IC card reader / writer is used. If you log in to the other computer and use a secure service to transfer encrypted data between the two computers, you will need another employee IC card to log in to the second computer. Therefore, the cost for additional issuance and the burden of managing the IC card by the user increase.

  Further, in the description of FIG. 3 in Patent Document 1, it is described that the communication partner of the autonomous IC card is not limited to the IC card but may be another communication device. In the above example, communication is possible between the autonomous IC card and another computer (other communication device). However, this document describes the same from both the IC card device body (first computer in the above example) and the other communication device (second computer in the above example). There is no description about executing a security service using an autonomous IC card (data backup in another computer in the above example).

  That is, the present invention has been made in view of the above problems, and an object of the present invention is to enable efficient and safe communication between one security device and a plurality of apparatuses using a conventional security device. A communication device, a communication method, a communication system, a communication program, and a recording medium on which the communication program is recorded are provided.

The present invention uses one security device from a plurality of communication devices including at least a first communication device and a second communication device, and uses the second communication device to connect to the first communication device using network communication. In the communication system capable of transmitting data, the first communication device is a network that communicates between the external communication means that communicates with the security device and the second communication device The communication means receives input of transmission data transmitted from the second communication device to the security device, extracts identification information from the transmission data, communicates with the security device, and responds with the communication response. Communication control means for outputting certain received data to the second communication device based on the identification information .

According to this configuration, the communication apparatus of the present invention controls transmission / reception to / from the security device with reference to the identification information included in the transmission data. As a result, one security device can be used simultaneously by network connection between a plurality of apparatuses.
In this specification, “identification information” means information for identifying an apparatus or an application that communicates with a security device. Specifically, the IP address or application ID of the device.

The communication control means, transmission control means and the special identification information identifying information included in the transmission data is predefined transmission data from said plurality of communication devices to the security device controls the transmission timing so as not to interfere Depending on whether or not the received data is received from the security device, the received data distributing means for distributing the received data to the first or second communication device may be provided.

According to this configuration, transmission data from a plurality of apparatuses to the security device is sequentially transmitted to the security device without overlapping in time. Also, the received data received from the security device is correctly distributed for each device. As a result, transmission data from a plurality of apparatuses and reception data from the security device can be processed without duplication.
In addition, transmission / reception data overlap refers to a phenomenon in which each device cannot obtain a transmission / reception result originally desired. Specifically, it means that transmission data is transmitted with time overlap, or transmission data and reception data overlap with each other on a transmission path.

The communication control means may include communication process management means for controlling the order of transmitting the transmission data based on a communication process execution rule set in advance. According to this configuration, when executing the communication sequence process, the security device can perform processing without contradiction. Here, the “process execution rule” means a predetermined communication command sequence or data transmission procedure that needs to be executed continuously.

The communication control means further includes security device state monitoring means for inquiring whether or not the security device is in a communicable state using the external communication means, and relates to the state of the security device from the second communication device. It is sufficient to respond to the inquiry request. According to this configuration, the security device status monitoring unit provided in the communication apparatus collectively detects the security device status. As a result, even if communication is performed with a plurality of devices, the communication amount can be the same as that of a single communication device.

When the communication control means detects that the security device is unusable or prohibited from being output by the output of the security device state monitoring means , the communication control means is supposed to erase the data being communicated. That's fine. According to this configuration, transmission data from a plurality of devices can be erased collectively when the security device is unavailable or prohibited. As a result, the same security function as in the case of a single communication device can be provided even in communication with a plurality of devices.

Said transmission control means, the between the first communication device and the second communication device, only when the mutual authentication is established, the transmission data to the security device received from the second communication device There may be further provided means for enabling transmission to the security device .

The communication method of the present invention uses one security device from a plurality of communication devices including at least a first communication device and a second communication device, and uses the network communication from the second communication device. A communication method performed by the first communication device in a communication system capable of transmitting data to one communication device, the external communication step for communicating with the security device, and the second communication A network communication step for communicating with a device; receiving input of transmission data transmitted from the second communication device to the security device; and extracting identification information from the transmission data; Communication is performed, and received data that is a response to the communication is output to the second communication device based on the identification information. Comprising a communication control step that, a.

In the communication system of the present invention, one security device is used from a plurality of communication devices including at least a first communication device and a second communication device, and the first communication device is connected to the first communication device using network communication. In the communication system capable of transmitting data to the communication device, the first communication device performs communication between the external communication means for communicating with the security device and the second communication device. Network communication means, receiving input of transmission data transmitted from the second communication device to the security device, extracting identification information from the transmission data, communicating with the security device, and responding to the communication Communication control means for outputting the received data to the second communication device based on the identification information. It is characterized by.

  The program of the present invention may be a program for causing a computer to function as each unit included in the communication device.

  The program of the present invention may be a program for causing a computer to function as each step of the communication method.

The recording medium of the present invention may be a recording medium recorded with the above program.

  The communication apparatus, the communication method, the communication system, the communication program, and the recording medium on which the communication program is recorded of the present invention includes a plurality of apparatuses and security devices, even when one security device is used simultaneously by a plurality of apparatuses. Can communicate without overlapping each other. This is because the communication control unit of the device according to the present invention controls the transmission data so that the transmission data of another device is not interrupted while the predetermined sequence processing is performed in the security device. It is because it transmits. As a result, in the communication device of the present invention, the security device can be used from a plurality of devices in the conventional communication procedure. On the other hand, the communication control unit distributes and transmits the received data from the security device for each apparatus with reference to the identification information. As a result, since the application of each device does not acquire the communication contents of other devices, a highly secure communication device, communication method, communication system, communication program, and a recording medium recording the communication program are provided. The

  In addition, the communication device, the communication method, the communication system, the communication program, and the recording medium on which the communication program of the present invention is recorded, the security device state monitoring unit of the first device collectively detects the state of the security device, Responds to inquiry requests from other devices regarding the status of the security device. As a result, a communication device, a communication method, a communication system, a communication program, and a communication program that can make the communication amount between the device and the security device the same as the communication amount between one device and the security device are recorded. A recording medium is provided.

  Further, in the communication device, communication method, communication system, communication program, and recording medium recording the communication program of the present invention, the security device state monitoring means is that the security device is unusable or prohibited. Can be notified to the temporary transmission data storage means, and the temporarily stored transmission data can be erased. As a result, there is provided a communication device, a communication method, a communication system, a communication program, and a recording medium on which the communication program is recorded, which can obtain the same security function as when communicating with a security device with a single device. The

  The best mode for carrying out the present invention will be described below with reference to the drawings. In addition, this invention is not limited by these.

[Communications system]
FIG. 1 is a diagram showing an overall configuration of a communication system in which a communication apparatus of the present invention is incorporated. In this drawing, for convenience of explanation, components realized by hardware and components realized by software are mixed. As shown in the example of this figure, in this embodiment, a description will be given focusing on a communication system between two devices and a security device. Actually, even if another device has a chain-type configuration that passes through the first device and the second device, another device passes through the first device in the same manner as the second device. It may be configured as follows.

  As shown in FIG. 1, the device 2 of the present invention is connected to the security device 1 via external communication units 11 and 21 and to the device 3 via network communication units 23 and 33, respectively.

(Security device)
Examples of the security device 1 of the present invention include an IC chip and an IC card. The security device 1 preferably has tamper resistance so as not to be physically and electrically analyzed from the outside.

  In the example of FIG. 1, the security device 1 of the present invention is separated from the communication device 2. However, the security device 1 of the present invention does not necessarily need to be separated from the communication device 2 and may be incorporated in a box of the communication device 2. Enabling or disabling the use of a security device by a simple operation such as a user putting an IC card in and out of an IC card reader / writer, or moving an IC card closer to or away from a communicable range. be able to. For this reason, when the security device 1 is incorporated in the box of the communication device 2, for example, by providing a power switch for the security device, the user can operate the security device from the outside. ,preferable.

  The security device 1 according to the present invention includes an external communication unit 11, a calculation unit 12, and a storage unit 13.

  The external communication unit 11 may perform contact type communication such as a wire or a terminal, or may perform wireless non-contact type communication. The external communication unit 11 is realized by a communication device having a communication function and / or communication software. As communication methods, there are internationally standardized communication methods such as ISO / IEC7816, ISO / IEC14443, and the like. These communication methods are all half-duplex communication. Therefore, when the communication apparatus transmits one transmission data to the security device, the communication apparatus must not transmit the next transmission data until reception of the reception data is completed.

  Further, the security device 1 may not be directly connected to the apparatus 2 by communication. For example, the security device 1 may be connected to the device 2 via a communication device such as an IC card reader / writer. In this case, the external communication unit 21 of the device 2 is constituted by an IC card reader / writer and its control program. The IC card reader / writer and the device 2 are connected by RS-232C, USB, wired LAN, wireless LAN, or the like.

  The external communication unit 11 may not be provided separately from the network communication units 23 and 33 of the devices 2 and 3, and may be shared with the network communication unit.

  The calculation unit 12 is configured by a relatively small CPU such as 16 bits or 32 bits, and performs user authentication, execution of encryption calculation in the security device, and the like. Only the user who can recognize the user by the calculation unit 12 can perform the encryption calculation, the file access to the storage unit, and the execution of the application according to the authority of the user.

  The storage unit 13 stores data and application programs necessary for processing in the calculation unit 12.

(apparatus)
The devices 2 and 3 are not limited to consumer devices such as personal computers, PDAs, mobile phones, car navigation devices, home servers, and home gateways, and are not particularly limited as long as they are devices connected to the network. Examples of devices connected to the network include multifunction printers, automatic ticket gates, and vending machines. In the example of FIG. 1, the devices 2 and 3 are described as different types of devices. However, the same type of device may be used. In the present invention, a device connected to the security device 1 by the external communication units 11 and 21 is referred to as a device 2. In the present specification, the device 2 may be referred to as a communication device.

  The devices 2 and 3 include network communication units 23 and 33 that perform communication with other devices via a network, protocol conversion units 24 and 34 that convert communication protocols, and programs stored in the storage units 26 and 36. CPUs 25 and 35 for performing various processes based on the above, storage units 26 and 36 including a nonvolatile memory and a hard disk, display units 27 and 37 such as a CRT and a liquid crystal panel, a keyboard, a pen, a mouse, a button, and the like Input units 28 and 38 and power source units 29 and 39 such as a battery and a stabilized power source. In the present invention, the display units 27 and 37 and the input units 28 and 38 are not essential components of the device 2 and the device 3.

  The network communication units 23 and 33 have a function for performing data communication between the device 2 and the device 3. The communication method may be wired or wireless, and can be selected as appropriate according to the usage method and location of the apparatus. In the case of a wired communication system, a wired LAN such as 100Base-T, RS-232C, or the like can be used. In the case of a wireless communication system, a wireless LAN, UWB (Ultra Wide Band), Bluetooth, or the like can be used. Regardless of which communication method is used, the device 2 or the device 3 may be network-connected to other devices. In addition, the network communication units 23 and 33 may introduce a communication packet filtering function such as a firewall as software, if necessary.

  The communication protocol P of the external communication units 11 and 21 may be different from the communication protocol Q of the network communication units 23 and 33. In this case, in order to transmit and receive data between the apparatus 3 and the security device 1, the protocol converters 24 and 34 perform bidirectional conversion so that the contents to be transmitted are equivalent. For example, when the communication protocol P is ISO7816 and the communication protocol Q is TCP / IP, the protocol conversion unit 34 of the device 3 wraps an APDU (Application Protocol Data Unit) in the data part of the IP packet and transmits it. To do. On the other hand, the protocol conversion unit 24 of the device 2 extracts APDU from the received IP packet. At this time, the device 2 assigns the IP address of the device 3 as identification information before the APDU. Thus, the transmission data can be identified as being transmitted from the device 3. The same processing is performed for data transmission from the device 2 to the device 3. However, it is not necessary to perform protocol conversion for complete communication between the device 2 and the device 3.

  The identification information given before the APDU refers to information that can identify a transmission source device or application in communication performed between network communication units. For example, an IP address or the like can be used as identification information for specifying a device.

  The device 2 includes an external communication unit 21 and a communication control unit 22. The external communication unit 21 is the same as the external communication unit 11 described in the security device section. The communication control unit 22 controls transmission / reception of data performed by the device 2 with the security device 1, performs timing processing so that communication to the security device 1 does not overlap, and distributes received data for each device. To do. Further, the communication control unit 22 monitors the state of the security device 1 and, when detecting that the security device 1 is unavailable or prohibited, notifies the transmission data temporary storage unit to that effect. Then, the temporarily stored transmission data is erased. The communication control unit 22 provided in the device 2 plays an important role for implementing the present invention. Hereinafter, the communication control unit 22 will be described in detail.

(Communication control unit)
FIG. 2 is a diagram illustrating the configuration of the communication control unit 22 of the device 2 in detail. The communication control unit 22 refers to the transmission control unit 220 that controls transmission so that transmission data from a plurality of devices do not overlap, and the identification information included in the transmission data, and receives the received data received from the security device for each device. The received data distribution unit 225 that distributes the security device, the security device state monitoring unit 227 that responds to an inquiry request regarding the state of the security device from the second device, and the security device state storage unit 228 that stores the security device state.

  The transmission control unit 220 includes a transmission data temporary storage unit 221, a communication process management unit 222, an identification information separation unit 223, and a transmission data transmission unit 224.

  Transmission data transmitted from the device 3 to the security device 1 is input from the protocol conversion unit 24 to the transmission data temporary storage unit 221, and transmission data transmitted from the device 2 to the security device 1 is transmitted from the CPU 25 to the transmission data temporary storage unit. 221 is input. The transmission data temporary storage unit 221 is composed of a volatile memory. The transmission data temporary storage unit 221 stores transmission data for each apparatus and for each processing unit. Here, “one processing unit” refers to a data unit that can be interpreted by the security device. Specifically, when transmission data to be transmitted to the security device 1 is divided into a plurality of packets and transmitted, when they are concatenated, one request command or one process data is obtained.

  Hereinafter, an example of storing “one processing unit” in the transmission data temporary storage unit 221 will be described with reference to the drawings. FIG. 3 is a diagram illustrating an example of storing “one processing unit” in the transmission data temporary storage unit. In the example of FIG. 3, each device is stored for each APDU. As shown in the upper diagram of FIG. 3, the transmission data from the device 2 and the transmission data from the device 3 are written in the transmission data temporary storage unit in the order of the device 2 and the device 3, and are read out in this order. Here, 221-1 is the entire memory area of the transmission data temporary storage unit 221. The transmission data temporary storage unit 221 stores the first transmission data 221-2 of the device 2, the identification information 221-3 of the device 3, and the transmission data 221-4 of the device 3 linked together. FIG. 3 is a bottom view of a state in which transmission data 221-2 indicating that the device 2 is transmitted to the IC card and the apparatus 2 transmits the next transmission command 221-5 in response to the response.

  The communication process management unit 222 reads the transmission data stored in the transmission data temporary storage unit 221 in units of processing and outputs it to the identification information separation unit 223. The order of reading the transmission data is usually the order stored in the transmission data temporary storage unit. However, when a plurality of transmission data is stored in the transmission data temporary storage unit 221, the communication process management unit 222 includes Transmission data is determined and read in accordance with a preset process execution rule (FIG. 4). As a specific determination method, when data including a command registered in the column 222-1 in FIG. 4 is transmitted, the order of data to be transmitted is changed so as to satisfy the conditions registered in the column 222-2. Whether the transmission data is the same device is determined with reference to the identification information included in the transmission data. For example, in the example of FIG. 3, after the first transmission data 221-2 (for example, Get Challenge) of the device 2 is executed by the security device, the second transmission data 221-5 (for example, External of the device 2) is always continued. When the communication sequence for executing (Authenticate) is executed, the transmission data 221-4 of the device 3 is transmitted between the transmission of the first transmission data 221-2 and the second transmission data 221-5. The result of processing in the security device may be different. Also in this case, the second transmission data 221-5 of the device 2 is transmitted before the transmission data 221-4 of the device 3 based on the process execution rule. As a result, the communication device 2 of the present invention can perform the same service as that of the conventional one-to-one connection.

  Next, the communication process management unit 222 transmits the transmission data to the identification information separation unit 223 at a predetermined timing. Here, the predetermined timing means that a reception completion notification indicating that a response to the previous transmission data has been received has been received from the reception data temporary storage unit 225, or a predetermined time has elapsed since the previous transmission data was transmitted. Even when the reception completion notification cannot be received, a time-out occurs. This timeout time is determined by the specification of the security device 1 and is, for example, 5 seconds.

  The identification information separation unit 223 separates the identification information 221-3 from the transmission data output from the communication process management unit 222. Identification information is not given to the transmission data related to the device 2. Therefore, identification information “Null” is assigned to transmission data to which no identification information is assigned. The separated identification information is output to the reception data distribution unit 226, and the transmission data from which the identification information is removed is output to the transmission data transmission unit 224.

  The transmission data transmission unit 224 transmits data from which the identification information such as 221-3 is removed to the external transmission unit 21, for example. The transmission data of each device transmitted from the transmission data transmission unit 224 to the external transmission unit 21 has the same data format as the conventional transmission data transmitted directly from the device 2 to the security device 1.

  The transmission control unit 220 may be configured to transmit the transmission data of the device 3 only when a transmission permission command is given from the CPU 25 of the device 2. The processing in the transmission control unit 220 when the transmission permission instruction is not given may be performed by any one of the configuration units 221 to 224 constituting the transmission control unit 220. For example, when the transmission permission command is not given, the transmission data temporary storage unit 221 does not store the transmission data from the device 3.

(received data)
The reception data temporary storage unit 225 stores the reception data from the security device 1 received from the external communication unit 21 until the end of the reception data. The end of the received data is detected by detecting the stop bit. When the reception data temporary storage unit 225 receives the reception data to the end, the reception data temporary storage unit 225 transmits the reception data to the reception data distribution unit 226 and outputs a reception end notification to the communication process management unit 222.

  The reception data sorting unit 226 gives the identification information separated by the identification information separation unit 223 before the reception data, and outputs it to the protocol conversion unit 24. However, when the identification information is “Null”, the reception data sorting unit 226 outputs the reception data as it is to the CPU 25 of the apparatus 2.

(Security device status)
The security device state monitoring unit 227 gives special identification information to the inquiry communication data for inquiring the state of the security device 1 and outputs it to the transmission data temporary storage unit 221. As the special identification information, for example, “INQ Status” is used. Here, the state of the security device 1 indicates whether the security device 1 is in a state where it can communicate with the device 2 using the external communication units 11 and 21. Specifically, it refers to a state such as whether or not the IC card is removed from the apparatus or whether or not the IC card is out of the wireless communication range. The inquiry communication data for inquiring the state of the security device 1 preferably uses a dedicated command for inquiring the internal state. On the other hand, the state of the security device 1 can also be determined based on the presence or absence of a response to the command instead of using a command that provides a known response.

  The monitoring of the security device state is desirably started / stopped only when an application using the security device is operating according to a monitoring start / stop command from the application of the device 2 or device 3. This is because when each device constantly monitors the security device state, there is a problem that power is consumed, communication volume increases, and performance deteriorates.

  It is necessary to detect early that the security device 1 cannot be used. Therefore, it is desirable to periodically poll the inquiry communication data, for example, every 5 seconds. Immediately after the inquiry communication data is transmitted to the transmission data temporary storage unit 221, even when the transmission data is input from the device 3 to the transmission data temporary storage unit 221, the communication to the security device 1 is performed as described above. Are processed so as not to overlap. Alternatively, the inquiry communication data is processed so as not to be interrupted during in-device processing requiring a predetermined sequence.

  Response data for the inquiry communication data is also processed in the same manner as other received data. Special identification information is given to the response data for the inquiry communication data. Therefore, the received data sorting unit 226 outputs this response data to the security device state monitoring unit 227.

  The security device state monitoring unit 227 stores response data for the output inquiry communication data in the security device state storage unit 228. When the response data is data indicating that the security device 1 cannot be used, such as data indicating a communication error, the security device state monitoring unit 228 notifies the transmission data temporary storage unit 221 to that effect. In this case, the transmission data temporary storage unit 221 erases all stored transmission data.

  It is desirable that the security device state storage unit 228 always holds only the latest state. As described above, the security device state monitoring unit 227 may perform periodic polling such as transmitting inquiry communication data every 5 seconds. With such a configuration, when an inquiry about the state of the security device 1 is received from the apparatus 3, the state of the security device 1 can be returned to the apparatus 3 without inquiring about the state of the security device 1. .

  As described above, the communication control unit 220 of the present invention includes a plurality of functional units 221 to 224. These functional units need not all be combined into a single functional unit. For example, the external communication unit 21 may include some of the plurality of functional units, and the CPU 25 and the storage unit 26 may include some of the plurality of functional units.

[processing]
FIG. 5 is a flowchart for explaining the flow of processing in the communication control unit in the communication apparatus of the present invention shown in FIG. First, transmission data to the security device 1 is input to the communication control unit 22 and processing starts.

  The input transmission data is stored in the transmission data temporary storage unit 221 in the order of input (step S001).

  The communication process management unit 222 determines data to be transmitted based on the identification information in the transmission data and the process execution rule, and identifies the determined transmission data from the transmission data stored in the transmission data temporary storage unit 221 with an identification number. At the same time, it is read (step S002).

  The identification information separation unit 223 separates the identification information from the transmission data. (Step S003). The separated identification information is sent to the reception data sorting unit 226. On the other hand, the transmission data from which the identification information is removed is sent to the transmission data transmission unit 224.

  The transmission data transmission unit 224 determines whether or not the device 2 and the security device 1 are communicating for the transmission timing process (step S004). If it is in communication, it loops and waits for data transmission, and if it is not in communication, it proceeds to step S005. If the device 2 and the security device 1 are not communicating, the transmission data transmission unit 224 outputs the transmission data to the external communication unit 21 (step S005). Whether or not the apparatus 2 and the security device 1 are communicating is determined by, for example, whether or not the reception of the received data with respect to the previously transmitted transmission data is completed, and a reception end notification sent to the communication process management unit 222 Or based on whether or not reception of received data for previously transmitted data has timed out without completion.

  The reception data temporary storage unit 225 determines whether or not reception of the reception data output from the external communication unit 21 has been completed (step S006). If the reception of received data has been completed, the process proceeds to step S008. If the reception of received data has not been completed, the process proceeds to step S007. In step S007, if reception of received data has not been completed, it is determined whether a timeout has occurred. If not timed out, the process returns to step S006, and it is determined again whether or not reception of received data is completed. If it is timed out, the process proceeds to step S009.

  In step S008, received data distribution processing is performed. Details of the received data distribution process will be described later. When the received data distribution process ends, the process proceeds to step S009.

  In step S009, it is determined whether or not transmission data remains in the transmission data temporary storage unit 221. If data to be transmitted remains, the process returns to step S002 to perform transmission processing for the next transmission data. If there is no data to be transmitted, the process is terminated.

  FIG. 6 is a diagram for explaining in detail the flow of received data distribution processing in step S008.

  The reception data sorting unit 226 determines whether the identification information of the reception data is “Null” (step S801). If the received data identification information is “Null”, the process proceeds to step S804. If the received data identification information is not “Null”, the process proceeds to step S802.

  The reception data sorting unit 226 determines whether the identification information of the reception data is “INQ Status” (step S801). If the received data identification information is “INQ Status”, the process proceeds to step S805. If the received data identification information is not “INQ Status”, the process proceeds to step S803.

If the identification information of the reception data is not “INQ Status”, the reception data sorting unit 226 gives the identification information of the transmission data transmission source to the reception data and outputs it to the protocol conversion unit 24 (step S803). As described above, since the communication between the security device 1 and the apparatus 2 is half-duplex communication, the transmission process and the reception process for the response always make a pair. For this reason, the received data sorting unit 226 only transmits to the device 2 when the identification information separated at the time of transmission is the predefined identification information (“Null” or “INQ Status”), and to the device 3 otherwise. Thus, it is possible to correctly sort the received data.

  When the identification information of the received data is “INQ Status”, the received data sorting unit 226 outputs the received data to the security device status monitoring unit 227 because it is received data for the transmission data inquiring about the status of the security device 1. (Step S805).

  If the identification information of the reception data is “Null”, the reception data sorting unit 226 outputs the reception data to the CPU 25 because it is reception data for the transmission data of the device 2 (step S804).

[Operation]
The operation of the communication system of the present invention will be specifically described below. FIG. 7 is a diagram showing a detailed operation sequence when the security device 1 is an IC card, the apparatus 2 is a desktop personal computer (hereinafter referred to as a PC), and the apparatus 3 is a PDA in the communication system of the present invention. In the example of this figure, an example will be described in which a file of a result of a business negotiation conducted outside the company is transferred to a PC using a LAN. FIG. 8 shows an example of a screen displayed on the display unit when the operation sequence of FIG. 7 is performed.

(IC card)
One IC card is issued to each employee by the company as an employee badge. Employees use this card for entrance / exit management, attendance / exit management, login to company-owned PCs and PDAs, and encryption / decryption of emails sent and received outside the company. In the non-volatile memory, which is the storage unit 13 of the IC card, the employee number of the IC card user, the fingerprint data for fingerprint authentication, the private key PRI-IC of the public key pair, and the private key of the device that has been applied for use are stored. A pair of public keys PUB-PC, PUB-PDA, and the like are stored. The external communication unit 11 of this IC card is assumed to be an ISO / IEC7186 contact type.

(PC)
The PC is installed on a company desk and is connected to a LAN in the company by a network communication unit 23. The IP address is fixed at 10.36.1.5. The PC is connected to a contact type IC card reader / writer of ISO / IEC7816 which is an external communication unit 21 by USB connection. Further, a fingerprint sensor is connected via USB for IC card user authentication. In the storage unit 26 of the PC, a public key PUB-IC that is a private key PRI-IC pair of the IC card and a public key PUB-PDA that is a pair of the private key PRI-PDA of the PDA are stored in advance.

(PDA)
The PDA has a wireless LAN function, and is connected to a corporate LAN by a network communication unit 33 as with a PC. The IP address is fixed at 10.36.1.6. The PDA also incorporates an ISO / IEC7816 contact IC card reader / writer, which is an external communication unit. Further, this PDA also includes a fingerprint sensor. The storage unit 36 of the PDA stores in advance a public key PUB-IC that is a private key PRI-IC pair of the IC card and a public key PUB-PC that is a private key PRI-PC pair of the PC.

(Operation sequence)
(1. Polling)
First, when the user sits at the desk and turns on the power of the PC and PDA, the login application is activated. On the display units 27 and 37 of the PC and PDA, screens for requesting the IC card reader / writer to insert an IC card are shown (FIG. 8: DA1, DB1). At this time, each login application starts polling for detecting the IC card (A1, A2). In the initial activation state, the PDA starts polling using the IC card directly connected to the PDA as the polling destination, as with the PC, but is not shown for simplicity. Further, although the number of times of polling is expressed only up to 2 times, it is repeated until an IC card is detected every 5 seconds, for example. Here, the user decides to insert the IC card into the IC card reader / writer connected via USB to the PC, and the polling destination of the PDA is set from the built-in IC card reader / writer to the IP address “10.36.1. 5 ”(B1, B2, FIG. 8: DB2). Polling in the PC in this state is executed by the security device state monitoring unit 227 provided in the communication control unit 22. When an IC card is inserted into the PC IC card reader / writer (I1), the PC security device status storage unit 228 stores a response that the security device is available as a result of polling (I2). On the other hand, for polling in the PDA, an instruction to execute processing in the security device state monitoring unit 227 is sent to the PC, and data in the security device state storage unit 228 of the PC is read. With this polling method, the amount of data communication necessary for detecting the security device state for the IC card becomes the same as that for a single device.

  Next, each of the PC and the PDA executes a procedure for performing user authentication in order to log in. On the display units 27 and 37 of the PC and PDA, a request screen for causing the fingerprint sensor to read the fingerprint registered in the IC card is displayed (FIG. 8: DA2, DB3). First, the user inputs a fingerprint from the fingerprint sensor of the PC. The PC transmits the read fingerprint data as authentication data to the IC card (A4). The IC card collates the transmitted fingerprint data with the fingerprint data stored in the IC card, and transmits the collation result to the PC (I3). When a verification result indicating that the user is an authorized user is obtained, login to the PC is completed. In addition, the user can use the key stored in the storage unit in the IC card and the cryptographic calculation function of the cryptographic calculation unit.

(2. Mutual authentication)
Next, mutual authentication is performed between the PC and the IC card in order to confirm that the relationship is recognized in advance. The PC sends a challenge A1, which is a random number, to the IC card (A5). On the other hand, the IC card sends the response A1 obtained by encrypting the challenge A1 with the PRI-IC and the challenge C from the IC card to the PC (I4). The PC compares the response A1 decrypted with the PUB-IC with the challenge A1. Further, the PC generates a response C obtained by encrypting the challenge C with the PRI-PC and sends it to the IC card (A6). The IC card compares the response C received by the PUB-PC with the challenge C. When a trust relationship is established between the PC and the IC card by the above procedure, the user accesses the data stored in the storage unit 13 in the IC card from the PC, and encrypts using the PRI-IC. / Decoding can be performed. However, this mutual authentication is not an essential operation because it depends on the security policy of the service. Although an example of mutual authentication based on a challenge-response method has been described here, mutual authentication based on an electronic certificate authentication method based on PKI using an authentication server may be used.

  The PDA performs mutual authentication with the PC designated as the relay destination in the same manner as described above (B3, A7, B4). When a trust relationship is established between the PC and the PDA by this mutual authentication, the CPU 25 of the PC transmits a command for permitting the transmission data of the PDA to be transmitted to the IC card to the transmission control unit 220. Transmission data from the PDA before receiving this command is discarded without being transmitted. Regarding the transmission of PDA transmission data to the IC card, a trust relationship is established between the PC and the IC card, and a trust relationship is also established between the PC and the PDA. Mutual authentication is not necessary between them. Also, mutual authentication between the PC and the PDA is not an essential operation depending on the security policy of the service.

(3. User authentication via relay)
Next, the user inputs a fingerprint from the fingerprint sensor of the PDA according to a screen (FIG. 8: DB3) displayed on the PDA in which mutual authentication with the PC is established. The PDA transmits the read fingerprint data as authentication data B to the PC (B5). The authentication data B is sent in the order of the PC network communication unit 23 and the PC protocol conversion unit 24 via the PDA protocol conversion unit 34 and the PDA network communication unit 33, and is transmitted from the PC communication control unit 22 to the external communication unit. 21 is sent to the IC card (A8). The IC card collates the transmitted fingerprint data with the fingerprint data stored in the IC card, and transmits the collation result to the PC (I5). The PC transmits the collation result to the PDA (A9).

  Here, one vulnerability exists from the viewpoint of security. In the state where the user authentication is successful in the PC by the above-described procedure, when viewed from the IC card, the subsequent access is regarded as an access from an already authenticated user. If the user authentication data B from the PDA is illegal data, the IC card is regarded as having been replaced by another user of the PC, and access is denied. As a result, the IC card is illegally used by an unintended third party, or an unauthorized attack that changes the IC card that is being used by a legitimate user into an unusable state is performed.

  As a countermeasure against such a vulnerability, the communication process management unit 222 of the PC checks the transmission data from the PDA, and discards the transmission data other than the user authentication request from the device that has not been successfully authenticated. This can be done by defining it in the process execution rules.

  With the above procedure, since the user can log in to both the PC and the PDA, the negotiation data stored in the PDA can be transmitted to the PC via the LAN. Furthermore, the user can use the key stored in the storage unit in the IC card and the cryptographic calculation function of the cryptographic calculation unit from the PDA. This is because the PC and the PDA are the same when viewed from the IC card.

(4. Cryptographic processing)
Next, a description will be given of a procedure for performing cryptographic operation processing on the separate data transmitted from the PC and the PDA almost simultaneously using the PRI-IC of the IC card.

  First, the PC transmits an encryption calculation request A to the IC card (A10). In the example of this figure, there is no other transmission data in the transmission data temporary storage unit 221 of the communication control unit 22 of the PC, and no other data is being transmitted. For this reason, the cryptographic operation request A is immediately transmitted to the IC card. Here, it is assumed that the PDA transmits the encryption calculation request B to the PC before the PC receives the encryption calculation result response A (B6). In this case, since the PC has not yet received the cryptographic calculation result response A, the communication process management unit 222 of the PC does not start reading the cryptographic calculation request B stored in the transmission data temporary storage unit 221.

  When the PC finishes receiving the encryption operation result response A (I5), the received data temporary storage unit 225 transmits a reception end notification to the communication process management unit 222. Upon receiving this notification, the communication process management unit 222 starts reading the encryption calculation request B. After the identification information is separated, the encryption calculation request B is transmitted to the IC card (A11). Thereafter, processing is performed in the same manner as in the case of the cryptographic calculation request A, and the cryptographic calculation result response B as the calculation result is transmitted from the IC card to the PC (I6), and is transmitted to the PDA via the PC (A12). ).

  Thus, according to the present invention, even when one IC card is used simultaneously by a plurality of devices, the respective communications do not collide.

(Destination determination method)
When it is desired to use the security device 1 from the device 3, the device 3 can first use the device 2 via the network communication unit, and between the device 2 and the security device 1, and between the device 2 and the device 3. It is necessary to know that mutual authentication is complete. The most primitive method for knowing this is that when the user knows identification information such as the IP address of the device 2 and the user manually inputs the identification information of the device 2 into the device 3, Displays whether network connection is possible. Furthermore, there is a method of displaying on the screen the result of mutual authentication between the device 2 and the security device 1 and between the device 2 and the device 3.

  As another method, there is a method in which the device 2 notifies a known management server on the network that the mutual authentication is completed between the security device 1 and the device 2. The management server updates the database on the server together with the completion of this authentication and the identification information of the security device 1 and the identification information of the device 2. The user of the device 3 can acquire the identification information of the device 2 that is currently using the security device 1 by inquiring this known management server for the identification information of the security device 1 that the user wants to use. According to this method, even when the identification information of the device 2 is not easily known or when the identification information of the device 2 is not fixed, the device 3 can be used easily.

(Other embodiments)
By the way, the function as the apparatus or the system in the embodiment is realized by an information processing program recorded in a program recording medium. The program recording medium in the embodiment is a program medium composed of a ROM (Read Only Memory) provided separately from a RAM (Random Accelerator Memory). Alternatively, it may be a program medium that is loaded into an external means auxiliary recording device and read. In any case, the program reading means for reading the information processing program from the program medium may have a configuration in which the program medium is directly accessed and read, or downloaded to a program storage area provided in the RAM. In addition, the program storage area may be accessed and read. It is assumed that a download program for downloading from the program medium to the program recording area of the RAM is stored in advance in the main unit.

  Here, the program medium is configured to be separable from the main body side, and is a magnetic tape such as a magnetic tape or a cassette tape, a magnetic disk such as a flexible disk or a hard disk, a CD (compact disk) -ROM, a MO (magneto-optical). ) Discs, optical discs such as discs, MD (mini discs), DVDs (digital versatile discs), card systems such as IC (integrated circuit) cards and optical cards, mask ROMs, EPROMs (ultraviolet erasable ROMs), EEPROMs ( It is a medium that carries a fixed program, including a semiconductor memory system such as an electrically erasable ROM) and a flash ROM.

In addition, the apparatus or system in the above-described embodiment includes an external communication unit and can be connected to a communication network including the Internet. In this case, the program medium may be a medium that dynamically carries the program by downloading from a communication network or the like. In this case, it is assumed that a download program for downloading from the communication network is stored in the main device in advance. Or it shall be installed from another recording medium.
It should be noted that what is recorded on the recording medium is not limited to a program, and data can also be recorded.

FIG. 1 is a diagram showing an overall configuration of a communication system in which a communication apparatus of the present invention is incorporated. FIG. 2 is a diagram illustrating the configuration of the communication control unit 22 of the device 2 in detail. FIG. 3 is a diagram illustrating an example of storing “one processing unit” in the transmission data temporary storage unit. FIG. 4 is a diagram illustrating an example of process execution rules. FIG. 5 is a flowchart for explaining the flow of processing in the communication control unit in the communication apparatus of the present invention shown in FIG. FIG. 6 is a diagram for explaining in detail the flow of received data distribution processing in step S008. FIG. 7 is a diagram showing a detailed operation sequence when the security device 1 is an IC card, the apparatus 2 is a desktop personal computer (hereinafter referred to as a PC), and the apparatus 3 is a PDA in the communication system of the present invention. FIG. 8 is a diagram illustrating an example of a screen displayed on the display unit when the operation sequence of FIG. 7 is performed.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Security device 2 Apparatus 3 Apparatus 11, 21 External communication part 12 Calculation part 13 Storage part 22 Communication control part 23, 33 Network communication part 24, 34 Protocol conversion part 25, 35 CPU
26, 36 Storage unit 27, 37 Display unit 28, 38 Input unit 29, 39 Power supply unit 220 Transmission control unit 221 Transmission data temporary storage unit 222 Communication process management unit 223 Identification information separation unit 224 Transmission data transmission unit 225 Reception data temporary storage Unit 226 received data distribution unit 227 security device state monitoring unit 228 security device state storage unit

Claims (10)

One security device is used from a plurality of communication devices including at least a first communication device and a second communication device, and data is transmitted from the second communication device to the first communication device using network communication. The first communication device in a communication system configured to be capable of:
And external communication means for communicating with the security device,
Network communication means for communicating with the second communication device ;
Receiving input of transmission data transmitted from the second communication device to the security device, extracting identification information from the transmission data, communicating with the security device, and receiving received data as a response to the communication Communication control means for outputting to the second communication device based on the identification information . The communication control means includes
And transmission control means for transmitting data to the security device from the plurality of communication devices to control transmission timing so as not to interfere,
Wherein depending on whether the identification information included in the transmission data is the special identification information specified in advance, the received data distributing means for distributing the received data received from the security device to the first or second communication device The communication apparatus according to claim 1, further comprising: The communication control means includes
The communication apparatus according to claim 2, further comprising a communication process management unit that controls an order in which transmission data is transmitted based on a communication process execution rule set in advance. The communication control means further includes security device status monitoring means for inquiring whether or not the security device is in a communicable state using the external communication means, and relates to the status of the security device from the second communication device. 4. The communication apparatus according to claim 1, wherein the communication apparatus responds to an inquiry request. The communication control means erases data during communication processing when it is detected from the output of the security device state monitoring means that the security device is unusable or prohibited. The communication device according to claim 4. Said transmission control means, between the first communication device and the second communication device, only when the mutual authentication is established, the transmission data to the security device received from the second communication device The communication apparatus according to claim 2, further comprising means for enabling transmission to a security device. One security device is used from a plurality of communication devices including at least a first communication device and a second communication device, and data is transmitted from the second communication device to the first communication device using network communication. A communication method performed by the first communication device in a communication system configured to be capable of:
An external communication step of communicating with the security device;
A network communication step of communicating with the second communication device;
Receiving input of transmission data transmitted from the second communication device to the security device, extracting identification information from the transmission data, communicating with the security device, and receiving received data as a response to the communication A communication control step of outputting to the second communication device based on the identification information . One security device is used from a plurality of communication devices including at least a first communication device and a second communication device, and data is transmitted from the second communication device to the first communication device using network communication. In a communication system that can
The first communication device is:
External communication means for communicating with the security device;
Network communication means for communicating with the second communication device;
Receiving input of transmission data transmitted from the second communication device to the security device, extracting identification information from the transmission data, communicating with the security device, and receiving received data as a response to the communication Communication control means for outputting to the second communication device based on the identification information . One security device is used from a plurality of communication devices including at least a first communication device and a second communication device, and data is transmitted from the second communication device to the first communication device using network communication. A program for causing a computer to execute a communication method performed by the first communication device in a communication system configured to be capable of:
An external communication step of communicating with the security device;
A network communication step of communicating with the second communication device;
Receiving input of transmission data transmitted from the second communication device to the security device, extracting identification information from the transmission data, communicating with the security device, and receiving received data as a response to the communication A security device communication program for causing a computer to execute a communication control step of outputting to the second communication device based on the identification information . A recording medium on which the program according to claim 9 is recorded.

Images