JP4644900B2 - Service providing system, service providing method, service mediating apparatus, and program providing medium via communication means - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a service providing system, a service providing method, and a service mediating apparatus via communication means. More specifically, various types of electronic devices, such as televisions, video decks, air conditioners, refrigerators, microwave ovens, etc., are subjected to various controls via communication means such as communication networks, maintenance, etc. It is possible to make each device small and low-cost, and to transfer control information, maintenance information, billing information, etc. at the time of service provision with sufficient security. The present invention relates to a service providing system, a service providing method, and a service mediating apparatus via the communication means.
[0002]
[Prior art]
In recent years, with the development of digital technology, many electronic devices have become controllable by a microcomputer or the like. In addition, a digital network covering a wide area has been constructed by a communication network such as the Internet connecting a plurality of computers. An information transmission form through the network, such as controlling the electronic device from a remote location via the network, performing maintenance, or providing maintenance information to the electronic device user by connecting the electronic device to the communication network Is becoming popular.
[0003]
Specifically, a service center that provides services such as control and maintenance for various electronic devices is installed, and the service center and the user's electronic devices are connected by telephone line, cable TV line, Internet, wireless line, satellite line, etc. Thus, various services are provided. In addition, in these service providing systems, a configuration in which billing processing is performed for services provided by registering various payment information such as user information and account information is becoming widespread.
[0004]
[Problems to be solved by the invention]
However, in such a service providing configuration via a communication line such as a network for an electronic device, data is often transmitted and received as it is between a service organization and a user device via a communication means such as the Internet. For example, personal information may be leaked or tampered with. For example, information such as a user's bank account and credit card number for billing for service charges may cause serious damage if handled improperly, and a model in which multiple users share the same line as in the Internet The transmission / reception of data including personal information is problematic from the viewpoint of information protection.
[0005]
In addition, in the service providing system through the current communication means, in order to receive the service through the network or the like, it is necessary to have a configuration in which all the devices that receive the service can be directly connected to the service center through the external network or the like. there were. That is, it is necessary that a user's device has a modem, an interface, etc. as service communication means. However, it is not preferable to provide a communication module for all devices in order to receive such a service from the viewpoint of cost and downsizing of the devices. This problem is particularly noticeable in devices where downsizing is important. Furthermore, for the same reason, it is not realistic to configure advanced security function modules in all devices, and these problems are one of the factors that hinder the spread of service providing systems via networks.
[0006]
The present invention makes it unnecessary to provide a module for communication in all the above-described problems, that is, all electronic devices that receive services, and eliminates the need to configure a high-level security function module in the device. An object is to provide a data communication system and a data communication method.
[0007]
[Means for Solving the Problems]
  The first aspect of the present invention is:
  A control target device having at least one of a local network interface unit and an information recording medium interface unit;
  An interface means for an external network, and an encryption processing means for executing encryption processing of transfer data using the external network, and either via a local network interface means or an information recording medium interface means of the control target device A host device having a configuration capable of transferring data to the device to be controlled;
  The host device has a configuration in which control information for the control target device is received from a service center via the external network, and the reception control information is transferred to the control target device via a local network or an information recording medium.And
The service center has a device information database in which device identifiers of the higher-level device and control target device are registered, and a user information database in which user identifiers of the higher-level device and control target device are registered,
By executing a verification process between the device identifier registered in the device information database and the device identifier received from the higher-level device or the control target device, a device validity verification process is performed,
A user legitimacy verification process is executed by executing a collation process between the user identification data registered in the user information database and the user identification data received from the host device or control target device.This is in a service providing system via communication means.
[0008]
Furthermore, in an embodiment of the service providing system via the communication means of the present invention, the service center and the higher-level device have authentication processing means, and data transmission / reception between the service center and the higher-level device is performed by authentication processing. The configuration is such that it is executed only when authentication is established.
[0009]
Furthermore, in an embodiment of the service providing system via the communication means of the present invention, the host device and the control target device have authentication processing means, and data transmission / reception between the host device and the control target device is performed by authentication. The configuration is such that it is executed only when authentication by processing is established.
[0010]
Furthermore, in one embodiment of the service providing system via the communication means of the present invention, the upper device and the control target device have authentication processing means, and the information recording medium between the upper device and the control target device The data transfer via is performed only when authentication by the authentication processing of the information recording medium by the host device and the control target device is established.
[0013]
Furthermore, in an embodiment of the service providing system via the communication means of the present invention, data transmitted and received between the service center and the higher-level device is encrypted using a session key that is valid only in the communication session. It is characterized by being made data.
[0014]
Furthermore, in an embodiment of the service providing system via the communication means of the present invention, the data transferred between the higher-level device and the control target device is encrypted using a session key that is valid only in the communication session. It is the data which was made.
[0015]
Furthermore, in one embodiment of the service providing system via the communication means of the present invention, the service center performs device diagnosis processing, device repair processing, data backup processing, data restoration processing, data distribution processing on the control target device. The service data providing process and the operation information providing process are provided.
[0016]
Further, in an embodiment of the service providing system via the communication means of the present invention, the authentication process between the service center and the higher-level device is executed by a public key cryptosystem, and between the higher-level device and the control target device. The authentication process is characterized in that it is configured to be executed by either a public key cryptosystem or a common key cryptosystem.
[0017]
Furthermore, in one embodiment of the service providing system via the communication means of the present invention, data communication between the service center and the higher-level device is executed by a common key cryptosystem, and between the higher-level device and the control target device. The data communication is configured to be executed by a common key encryption method.
[0033]
The program providing medium according to the fourth aspect of the present invention is a medium that provides a computer program in a computer-readable format to, for example, a general-purpose computer system capable of executing various program codes. The form of the medium is not particularly limited, such as a storage medium such as a CD, FD, or MO, or a transmission medium such as a network.
[0034]
Such a program providing medium defines a structural or functional cooperative relationship between a computer program and a providing medium for realizing a function of a predetermined computer program on a computer system. . In other words, by installing a computer program in the computer system via the provided medium, a cooperative action is exhibited on the computer system, and the same effects as the other aspects of the present invention are obtained. Can do it.
[0035]
[Action]
Since the device and the service center of the present invention mutually perform authentication processing, check communication partners, and perform encryption of transmission data, secure data transmission / reception becomes possible. Furthermore, a device that does not have a communication means for an external network and cannot be directly connected to the service center can safely communicate with the service center via a host device that can be directly connected to the external network.
[0036]
Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings.
[0037]
DETAILED DESCRIPTION OF THE INVENTION
[System Overview]
FIG. 1 is a block diagram illustrating an overview of a service providing system, a service providing method, and a service mediating apparatus via a communication unit of the present invention. The system of the present invention includes a service center 10 that provides services to user devices, a host device 20 as a service mediating device that executes data transmission / reception with the service center 10, and controls from the service center 10 via the host device 20. Control target device (subordinate device) 30, the telephone line connecting the service center 10 and the upper device 20, external network communication means such as CATV line, satellite, wireless, Internet, etc., the upper device 20 and the control target device (lower device) 30, for example, a local network that can communicate with a communication interface such as IEEE1394 or USB. Note that the host device 20 itself can be a control target device that receives control, maintenance, and the like from the service center 10, and the host device 20 shown in the lower side of FIG. 1 shows this mode.
[0038]
Each component shown in FIG. 1 will be described. The device on the user side of the present invention is roughly classified into two types, that is, the upper device 20 and the control target device (lower device) 30. The configuration of each device and service center will be described below.
[0039]
<Host device>
The host device 20 as a service mediating device has a modem capable of communicating with the service center 10 via a telephone line, or a device having a communication means capable of transmitting and receiving data via a CATV line, a satellite, other wireless lines, etc. It is. Further, as shown in the upper part of FIG. 1, data from the service center 10 is transferred to the control target device (lower device) 30, and transmission data from the control target device (lower device) 30 to the service center 10. Means for transferring.
[0040]
FIG. 2 shows the configuration of the host device 20. The host device 20 is a local interface as an interface unit such as IEEE1394 (connection standard by the Institute of Electrical and Electronics Engineers) or USB (Universal Serial Bus) used to configure a local network for connection with the control target device 30 receiving the service. 208, and data communication with other devices is possible. The communication between the host device 20 and the service center 10 may be executed by a telephone line, a cable TV line, a wireless line, a satellite line, an Internet connection, etc., and has an external interface 206 according to each of these communication methods.
[0041]
The host device 20 includes an encryption communication IC 205 as a dedicated IC for performing encryption / authentication and communication control. The encrypted communication IC 205 can perform operations necessary for using the public key cryptosystem and the common key cryptosystem. Further, the IC includes a storage unit that stores an identifier (device ID) unique to the host device 20, and this ID is used when the device is authenticated. The encryption / authentication communication IC 205 is preferably configured as a SAM (Secure Application Module) so that an ID cannot be rewritten from the outside.
[0042]
The device ID stored in the encrypted communication IC 205 is issued by the service center 10, and the issued ID is registered in the service center database. In order to improve security, verification is performed using the verification bit of the device ID when a service is performed by the service center 10 by providing a data structure with redundancy such as adding a verification bit to the device ID. It is good also as a structure which does. With such a configuration, it is possible to exclude a device having an unauthorized ID other than the regular ID issued by the service center 10 from the service target.
[0043]
The set of the public key and private key of the host device 20 and the public key certificate corresponding to the public key necessary for using the public key cryptosystem are recorded in advance in the storage unit of the encryption communication IC 205 of the device. ing. The public key certificate is issued by a trusted certificate issuing organization, a so-called certificate authority (CA).
[0044]
In the service providing system via the communication means of the present invention, after confirming that the data transmission side and the data reception side are regular data transmission / reception targets, necessary information is transferred, that is, security is taken into consideration. Take the data transfer configuration. One technique for realizing a security configuration at the time of data transfer is transfer data encryption processing.
[0045]
The encrypted data can be returned to the decrypted data that can be used by the decrypting process according to a predetermined procedure. There are various types of data encryption / decryption methods using an encryption key and a decryption key, but a typical example is a so-called common key encryption method using a common key for encryption and decryption. There are public key cryptosystems that use different keys for encryption and decryption. In the public key cryptosystem, a sender and a receiver have different keys, one key is a public key that can be used by an unspecified user, and the other is a secret key that keeps the secret secret. For example, the data encryption key is a public key and the decryption key is a secret key.
[0046]
Unlike the so-called common key cryptosystem that uses a common key for encryption and decryption, the public key cryptosystem is advantageous in key management because it requires a specific person to hold a secret key that must be kept secret. . However, the public key cryptosystem has a slower data processing speed than the common key cryptosystem, and is often used for objects with a small amount of data such as secret key distribution and digital signature. A typical public key cryptosystem is RSA (Rivest-Shamir-Adleman) cryptography. This uses a product of two very large prime numbers (for example, 150 digits), and utilizes the difficulty of the process of factoring the product of two large prime numbers (for example, 150 digits).
[0047]
In the public key cryptosystem, a public key can be used by an unspecified number of people, and there is a method of using a certificate that certifies whether or not a public key to be distributed is valid, a so-called public key certificate. Many are used. For example, the user A generates a public key / private key pair, sends the generated public key to the certificate authority, and obtains a public key certificate from the certificate authority. User A makes the public key certificate public. An unspecified user obtains a public key from a public key certificate through a predetermined procedure, encrypts a document or the like, and sends it to user A. User A is a system for decrypting an encrypted document or the like using a secret key.
[0048]
A public key certificate is a certificate issued by a CA (Certificate Authority) in public key cryptography. When a user submits his / her ID, public key, etc. to the certificate authority, the certificate authority side The certificate is created by adding information such as the ID and expiration date of the certificate, and further adding a signature by a certificate authority.
[0049]
The public key certificate includes the certificate version number, the certificate serial number assigned to the certificate user by the certificate authority (IA), the algorithm and parameters used for the electronic signature, the name of the certificate authority, the certificate expiration date, It includes the certificate user's name (user ID), the certificate user's public key, and an electronic signature.
[0050]
The electronic signature consists of the certificate version number, the certificate serial number assigned to the certificate user by the certificate authority, the algorithm and parameters used for the electronic signature, the name of the certificate authority, the certificate expiration date, the certificate user This is data generated by applying a hash function to the entire data such as the name and the public key of the certificate user to generate a hash value, and using the secret key of the certificate authority for the hash value.
[0051]
The certificate authority issues a public key certificate, updates the public key certificate that has expired, and creates, manages, and distributes an unauthorized person list for rejecting the unauthorized users. Revocation: Called Revocation).
[0052]
On the other hand, when using this public key certificate, the user verifies the electronic signature of the public key certificate using the public key of the certificate authority that he / she holds, and publishes it after successfully verifying the electronic signature. The public key is extracted from the key certificate and the public key is used. Therefore, all users who use the public key certificate need to hold a common certificate authority public key. In the host device 20 shown in FIG. 2 of the present invention, the public key of the certificate authority is stored in the internal memory of the encrypted communication IC 205.
[0053]
The public key and private key of the host device are newly generated by the host device when device registration is performed with respect to the service center 10, or the service center generates and receives this and stores it in the host device. In this case, if a public key certificate is necessary, it is obtained separately from a certificate authority.
[0054]
The host device 20 can store a plurality of key sets, and can change the key set for each service center or service to which the device is connected. The host device 20 can be locally connected to the control target device 30 as various subordinate devices. For example, if the control target device 30 is a TV of A manufacturer, the control device 30 can be controlled using a key for connecting the service center of the A manufacturer. If the target device 30 is an air conditioner of manufacturer B, a configuration such as using a key for connecting the service center of manufacturer B is possible.
[0055]
The host device 20 further includes a CPU 201 for controlling various processes such as processing control of the encrypted communication IC 205, communication control via each interface, data access control of the storage device 210, temporary storage of communication data, processing program RAM 202 functioning as a storage unit, a memory 202 configured by a ROM, a display unit 203 that displays instruction data and the like for a user who operates the device, an operation unit 209 that enables an instruction to start communication by the user, a hard disk, A storage device 210 composed of a CD, a DVD, or the like is provided.
[0056]
Furthermore, the host device 20 has a device specific unit 204 that provides the original functions of the device. The device specific unit 204 is a received data processing circuit, a modulation / demodulation circuit, a magnetic drum, a tape drive unit, or the like if the device is a video deck, for example. Further, the host device 20 may be configured to record data on an information recording medium 211 such as a memory stick, FD, CD, or DVD. In that case, an interface 207 with the information recording medium 211 is provided.
[0057]
<Controlled device (subordinate device)>
The control target device (lower device) 30 is a device that does not have a direct connection means with an external network, is connected to the upper device 20 via a local network, and receives various services such as control and maintenance from the service center 10. It is.
[0058]
3 and 4 show two configuration examples of the control target device (lower device) 30. FIG. 3 shows a configuration in which the control target device (lower device) 30 has a local network interface 307 for connecting to the host device, and is connected to the host device 20 via the local network interface 307. Control of the service center 10 is received through the service center 10. This mode is called an online subordinate device.
[0059]
On the other hand, the control target device (lower device) 30 shown in FIG. 4 does not have a local network interface for connecting to the upper device, and is stored in an information recording medium 310 such as a memory card, CD, or FD. Control based on information and maintenance information. Control information received from the service center 10 is stored in the information recording medium 211 of the host device shown in FIG. 2 and attached to the control target device (subordinate device) 30 to execute control from the service center 10 as offline control. It is possible to do.
[0060]
The configuration of the control target device (lower device) 30 will be described. In the case of the online type in FIG. 3, the control target device (lower device) 30 that receives the service has a local interface as an interface unit such as IEEE1394 or USB (Universal Serial Bus) in order to form a local network for connection with the upper device 20. 307 and data communication with the host device 20 is possible.
[0061]
The control target device (lower device) 30 includes an encryption communication IC 305 as a dedicated IC that performs encryption / authentication and communication control. The encrypted communication IC 305 can perform operations necessary for using the public key cryptosystem and the common key cryptosystem. The encrypted communication IC 305 can perform operations necessary for using the public key cryptosystem and the common key cryptosystem. However, since high computing power is required to use the public key cryptosystem, a configuration in which only the common key cryptosystem can be used in a resource-constrained device.
[0062]
A set of a public key and a private key and a public key certificate corresponding to the public key necessary for using the public key cryptosystem are stored in advance in the internal memory of the encryption communication IC 305 of the control target device (lower device) 30. It is recorded. The public key certificate is issued by a trusted certificate issuing organization, so-called certificate authority (CA), as in the case of the host device 20 described above. The public key and private key of the control target device (lower device) 30 are newly generated when device registration is executed with respect to the service center 10, or generated by the service center and received and stored in the device. In this case, if a public key certificate is required, it is obtained separately from a certificate authority. The control target device (lower device) 30 may be configured to be capable of storing a plurality of key sets, and may be configured to change the key set for each service center or service connected to the device. It is good. The public key of the service center 10 is recorded in advance in the internal memory of the encryption communication IC 305 of the device. If the configuration uses only the common key cryptosystem, the common key is issued by the service center 10 and stored in the internal memory of the encryption communication IC 305 of the control target device (lower device) 30. The common key may be held by the service center corresponding to the identifier (ID) of the control target device (lower device) 30.
[0063]
The control target device (lower device) 30 further includes a CPU 301 for controlling various processing such as processing control of the encrypted communication IC 305, communication control via each interface, and data access control of the storage device 309, and temporary communication data. Memory 302 configured as a storage unit for storing and processing programs, a memory 302 including a ROM, a display unit 303 for displaying instruction data and the like for a user who operates the device, and an operation for enabling an instruction to start communication by the user A storage device 309 including a unit 308, a hard disk, a CD, a DVD, and the like.
[0064]
Furthermore, the control target device (lower device) 30 includes a device specific unit 304 that provides a function inherent to the device. Furthermore, the control target device (lower device) 30 may be configured to record data on an information recording medium 310 such as a memory stick, FD, CD, or DVD. In that case, an interface 306 with the information recording medium 310 is provided. In the case of the offline type shown in FIG. 4, control information from the service center 10 is received via the information recording medium 310. In the online configuration of FIG. 3, either a local network or an information recording medium 310 can be used.
[0065]
That is, in the online type of FIG. 3, the control target device (lower device) 30 uses the local network interface 307 to connect to the upper device 20 and receives the service, and uses the connection capability of the external interface 206 of the upper device 20. To connect to the service center 10. At this time, communication control is independently performed by the control target device (lower device) 30. In the offline type of FIG. 4, the host device 20 connects to the center on behalf of the control target device (lower device) 30 to transmit / receive data, and the control target device (lower device) 30 transmits the data to the host device 20. Recording is performed on the information recording medium, the information recording medium is moved to the control target device (lower device) 30, and the control target device (lower device) 30 reads data from the information recording medium.
[0066]
The above-described online-type control target device (lower device) 30 in FIG. 3 and offline type in FIG. 4 has the encryption communication IC 305 and has been described as a configuration capable of encryption processing. However, in this case, it is possible to provide only an IC for controlling communication without encryption. In this case, the host device connected online via the communication line or offline connected via the storage medium encrypts the communication contents. Can be substituted. In this case, authentication by the device identifier (ID) is performed for authentication between the control target device (lower device) 30 and the upper device 20.
[0067]
<Service Center>
A configuration example of the service center 10 is shown in FIG. The service center 10 includes an external network interface 105, an encryption communication IC 104, a service providing database 103, a device information database 106, a user information database 107, a CPU 101, a memory 102, and a data bus connecting them.
[0068]
The encrypted communication IC 104 performs processing such as communication with the host device 20, data encryption, and authentication of the service provision target device. A center identifier (ID) unique to the service center is recorded in the encrypted communication IC 104, and this is used for mutual authentication with each device as a communication partner.
[0069]
The encrypted communication IC 104 of the service center 10 can perform calculations necessary for using the public key cryptosystem and the common key cryptosystem. The device information database 106 stores information such as an identifier (ID) and a public key of each communication target or service target device. In the case of a device that uses a common key cryptosystem in data communication, a device ID and a common key corresponding to the device ID are stored in advance in the device information database 106.
[0070]
The user information database 107 manages devices that receive service provided from the service center 10 and performs payment processing such as service consideration, that is, service user identifiers (IDs) and payment information of each user. Etc. are stored. The service providing database 103 stores data necessary for providing a service. The CPU 101 controls various processes such as processing control of the encrypted communication IC 104, communication control via each interface, and data access control of each storage device. The memory 102 temporarily stores communication data and stores a processing program. It is comprised by RAM, ROM, etc. which function as.
[0071]
[Encryption / Authentication Level]
The public key cryptosystem used in the service providing system via the communication means of the present invention can be RSA or the like, and the common key cryptosystem can be a cryptosystem such as DES. You can use an appropriate method.
[0072]
FIG. 6 summarizes the connection form and the encryption / authentication level between the service center 10 and the upper device 20 and the control target device (lower device) 30 in the present invention.
[0073]
The service center 10 and the host device 20 are connected via an external network. Encryption / authentication uses a public key cryptosystem. There are six types of connection forms between the upper device 20 and the control target device (lower device) 30. That is, (1) When the control target device (lower device) 30 can be connected to the local network and the public key cryptosystem can be used, (2) The control target device (lower device) 30 can be connected to the local network and the common key encryption When only the method can be used, (3) When the control target device (lower device) 30 can be connected to the local network and encryption cannot be used, (4) The control target device (lower device) 30 exchanges data by moving the recording medium When the public key cryptosystem can be used, (5) When the control target device (lower device) 30 can exchange data by moving the recording medium and only the common key cryptosystem can be used, (6) Control target device (subordinate device) (Device) 30 is a case where data can be exchanged by moving the recording medium and encryption cannot be used. A plurality of lower-level devices can be connected to one upper-level device, and the higher-level device 20 is configured to be compatible with a plurality of encryption schemes, so that various types of control target devices (lower-level devices) can be connected. Communication becomes possible. By referring to the device ID of the control target device (lower device), the upper device can identify the subordinate device under control.
[0074]
[Overall flow]
A remote service providing process using the service center 10 of the upper device 20 and the control target device (lower device) 30 in the service providing system via the communication means of the present invention will be described below.
[0075]
FIGS. 7 to 10 are flowcharts showing the overall processing flow from the start to the end of the service. Details of the processes included in these flows will be described later. First, the outline of the processing flow of the service providing system of the present invention will be described with reference to FIGS.
[0076]
First, as shown in the flow of FIG. 7, when the host device 20 is connected to the service center 10 through the network for the first time, device registration in the service center 10 shown in step S701 is performed. If the process at the time of the initial connection has been completed, or if the process does not require device registration, such as providing free maintenance, the process proceeds to the device authentication step shown in step S702. A device authentication process flow is shown in FIG. This is a procedure in which the host device 20 and the service center 10 mutually confirm the validity of the communication partner. The device registration protocol and device authentication protocol shown in the figure will be described in detail later.
[0077]
By executing the authentication protocol shown in FIG. 7, it is possible to prevent an unauthorized device from receiving a service or performing an erroneous communication with the service center 10. If the device authentication in step S702 fails, the error processing is performed, and then the processing is stopped. If device authentication is successful, user registration is performed if necessary.
[0078]
In the user registration procedure shown in FIG. 8, the user information database (107 shown in FIG. 5) of the service center 10 stores the user information of the device, such as name, credit card number for service charge settlement, or bank account number. Is registered (step S801). Thereafter, information necessary for user authentication such as a password is registered (step S802).
[0079]
FIG. 9 shows a process for changing user information such as a user name, for example, a name and a credit number, and a procedure for changing information necessary for user authentication such as a password. In the user information change procedure, user authentication (step S901) is first performed. This is to prevent a person other than a legitimate user from changing the user information of another person illegally. If user authentication fails, the error processing is performed and then the processing is stopped. If the user authentication is successful, user information registration (step S902) is subsequently performed.
[0080]
When registration of user information is completed, a procedure for changing user authentication information for information necessary for user authentication, for example, a password, is performed only when necessary. In the user authentication information change procedure, user authentication is first performed. This is to prevent a person other than a legitimate user from illegally changing user authentication information such as a password of another person. If user authentication fails, the error processing is performed and then the processing is stopped. If the user authentication is successful, the user authentication information is subsequently changed (step S903). When the above procedure is completed and the service is performed, the service execution procedure is performed.
[0081]
FIG. 10 shows an execution process of a service such as control and maintenance of a control target device, that is, a service execution procedure flow. In the service implementation procedure, user authentication is performed first if necessary. This is to prevent unauthorized persons from receiving services illegally. Whether or not to perform user authentication differs depending on the service. If user authentication fails, the error processing is performed and then the processing is stopped. If user authentication is successful, the service is subsequently performed. If the connection is not terminated after the service is completed, repeat the procedure after the end of device authentication.
[0082]
[About each protocol]
(1) Device registration protocol
a. Host device
First, a protocol for registering the upper device 20 with the service center 10 will be described. This protocol is a protocol for registering a device ID, a model name, and a device public key in the center device information database.
[0083]
As described above with reference to FIG. 6, mutual authentication and data communication are performed between the host device 20 and the service center 10 by the public key cryptosystem. A pair of a public key and a private key of the higher-level device itself necessary for using the public key cryptosystem is stored in the internal memory of the encryption communication IC 205 of the higher-level device 20, and these keys are encrypted. There are two configurations that are not stored in the internal memory of the integrated communication IC 205 in advance, and device registration is performed in the service center 10 when connection to the service center 10 becomes necessary, and each key is generated at that time. . FIG. 11 shows the protocol when the former key is already stored, and FIG. 12 shows the protocol when the key is generated.
[0084]
The processing of FIGS. 11 and 12 will be described. When performing device registration, the host device 20 transmits a device registration start request to the service center 10. If the service center 10 can respond to the request, the service center 10 notifies the device that device registration can be started. At the same time, the service center 10 transmits its own center identifier (ID).
[0085]
The host device 20 confirms the center based on the service center identifier (ID) sent from the service center 10 and transmits its host device identifier (ID), model name, and public key certificate to the service center 10. The public key of the service center 10 is stored in the encryption communication IC 205 of the host device 20, and when transmitting to the service center 10, transmission data is encrypted using this public key.
[0086]
Note that, as in the example shown in FIG. 12, when the host device 20 itself generates a key set, the public key generated by the host device 20 is transmitted to the center instead of the public key certificate.
[0087]
Since transmission data from the host device 20 to the service center 10 is encrypted with the public key of the service center 10, data such as a host device identifier (ID) and model name included in the transmission data is leaked to a third party. Or the possibility of tampering.
[0088]
The center that has received the data such as the upper device identifier (ID) decrypts the data sent from the upper device with the secret key of the service center 10 itself. The upper device identifier (ID) in the decrypted data is verified, and if it is a valid identifier (ID), the upper device identifier (ID), model name, and public key certificate or public key in the transmission data are obtained as device information. Register in the database 106. When the registration in the database is normally completed, the service center 10 returns a device registration process completion notification to the higher-level device 20. If the data decryption or the validity verification of the upper device identifier (ID) and the registration in the database have failed, the service center 10 returns an error notification to the upper device 20.
[0089]
b. Control target device (subordinate device)
Next, a protocol for registering the control target device (lower device) 30 in the service center 10 will be described.
[0090]
When the control target device (subordinate device) 30 performs device registration, the procedure differs between the online subordinate device and the offline subordinate device. Furthermore, there are differences between devices that can use public key cryptography and devices that cannot. Note that the host device 20 to which the control target device (lower device) 30 is connected performs a device authentication protocol between the host device 20 and the service center 10 before performing this procedure, and authentication is performed with the center. Shall be made.
[0091]
b-1. Public-key cryptography online subordinate device
FIG. 13 shows a procedure in the case of using an on-line type subordinate device for the first time. When a public key can be used in an online subordinate device, a set of the public key and secret key of the control target device (subordinate device) 30 itself, which is necessary for using the public key cryptosystem, is controlled in advance. ) When the service center 10 is stored in the internal memory of the 30 encrypted communication IC 305, or when these keys are not stored in the internal memory of the encrypted communication IC 305 and connection to the service center 10 becomes necessary. There are two configurations: device registration in which each key is generated. FIG. 13 shows the protocol when the former key has been stored, and FIG. 14 shows the protocol when the key is generated.
[0092]
The processing of FIGS. 13 and 14 will be described. When performing device registration, the control target device (lower device) 30 first issues a device registration start request to the higher device 20. The host device 20 that has received this relays a device registration start request to the service center 10. If the service center 10 is ready to respond to the request, it notifies the host device 20 that device registration can be started. Then, the upper device 20 notifies the control target device (lower device) 30 that device registration can be started.
[0093]
Upon receiving this device registration start confirmation notification, the control target device (lower device) 30 encrypts the device ID, model name, and public key certificate of the control target device (lower device) with the center's public key, and sends it to the upper device. Send. As shown in FIG. 14, when the lower device generates a key set, it transmits its own public key to the upper device 20 instead of the public key certificate. The host device 20 that has received this relays the received data as it is to the service center.
[0094]
Since the data transmitted from the control target device (lower device) 30 to the upper device 20 and the service center 10 is encrypted with the public key of the service center 10, the control target device (lower device) identifier included in the transmission data The possibility that data such as (ID) and model name is leaked to a third party or tampered with can be eliminated.
[0095]
The center that has received the data such as the control target device (lower device) identifier (ID) decrypts the data sent from the upper device with the secret key of the service center 10 itself. The control target device (lower device) identifier (ID) in the decrypted data is verified, and if it is a valid identifier (ID), the control target device (lower device) identifier (ID), model name, and A public key certificate or public key is registered in the device information database 106. When the registration in the database is normally completed, the service center 10 returns a device registration process completion notification to the higher-level device 20. If the data decryption or the validity verification of the higher-level device identifier (ID) and the registration in the database have failed, the service center 10 returns an error notification to the higher-level device 20.
[0096]
The upper device 20 relays the processing completion notification or error notification received from the service center 10 to the control target device (lower device) 30.
[0097]
b-2. Online subordinate device of common key cryptosystem
A device registration procedure for an online subordinate device that cannot use the public key encryption method, can use the common key method, or has no encryption function will be described.
[0098]
The protocol in this case is shown in FIG. In this case as well, the process up to notifying the control target device (lower device) 30 that the device 20 can start device registration is the same. When the control target device (lower device) 30 receives the device registration start confirmation notification, the control target device (lower device) 30 transmits its own device ID and model name to the upper device 20.
[0099]
In this case, the device ID and model name information transmitted to the higher-level device 20 are not encrypted, but since they are on the local network, it is considered that there are relatively few security problems compared to the external network. The upper device 20 encrypts the information received from the control target device (lower device) 30 with the public key of the service center 10. That is, the host device 20 performs data encryption. The subsequent processing is the same as the procedure in the case of a lower-level device that can use the public key cryptosystem, and the description thereof is omitted.
[0100]
b-3. Public key cryptography offline subordinate device
Next, a device registration procedure in the offline subordinate device will be described. When the public key cryptosystem can be used in the offline lower-level device, the combination of the public key and the secret key of the control target device (lower device) 30 necessary for using the public key cryptosystem is previously set in the control target device ( Service when the key is stored in the internal memory of the encryption communication IC 305 of the lower-level device 30 and when these keys are not stored in the internal memory of the encryption communication IC 305 and connection to the service center 10 becomes necessary. There are two configurations in which device registration is performed in the center 10 and each key is generated at that time. FIG. 16 shows the protocol when the former key is already stored, and FIG. 17 shows the protocol when the key is generated.
[0101]
The processing of FIGS. 16 and 17 will be described. The control target device (lower device) 30 first authenticates the information recording medium. The information recording medium 310 is a memory card, for example, and an authentication process using the memory card identifier or the like is executed. When the authentication is established, the control target device (subordinate device) 30 transmits its own control target device (subordinate device) identifier (ID), model name and public key certificate (FIG. 16) or public key (FIG. 17) to the service center. It is encrypted with the public key and transferred to the information recording medium 310.
[0102]
After the data transfer is completed, the information recording medium 310 is removed from the control target device (lower device) 30 and the lower device, and attached to the higher device 20. When the information recording medium 211 (same as the information recording medium 310) is loaded, the host device 20 starts authentication of the information recording medium. After the information recording medium authentication is completed, the upper device 20 transfers (reads out) data from the information recording medium. After the transfer is completed, the upper device 20 makes a device registration start request to the service center 10 on behalf of the control target device (lower device) 30.
[0103]
If the service center 10 is ready to respond to the request, it notifies the host device 20 that device registration can be started. The host device 20 transmits the data transferred from the information recording medium 211 to the center as it is. The center that has received the data such as the control target device (lower device) identifier (ID) read from the information recording medium 211 decrypts the data relayed by the higher device 20 with its own secret key. Thereafter, the control target device (lower device) identifier (ID) in the decrypted data is verified, and if it is a valid ID, the received control target device (lower device) identifier (ID), model name, and public key certificate (FIG. 16) or the public key (FIG. 17) is registered in the device information database 106. When the registration in the database is normally completed, the service center 10 returns a processing completion notification to the higher-level device 20. If the data decryption or the validity verification of the control target device (lower device) identifier (ID) and registration in the database have failed, the service center 10 returns an error notification to the upper device 20. The host device 20 transfers a processing completion notification or an error notification to the information recording medium 211. Thereafter, the information recording medium 211 is moved from the higher level device 20 to the control target device (lower level device) 30. The control target device (lower device) 30 performs authentication of the information recording medium, and then transfers a notification from the service center 10 from the information recording medium. If the notification content is an error notification, device registration is attempted again.
[0104]
b-4. Offline subordinate device of common key cryptosystem
A device registration procedure for an offline subordinate device that cannot use the public key encryption method, can use the common key method, or has no encryption function will be described. The protocol in this case is shown in FIG. The control target device (lower device) 30 first authenticates the information recording medium 310. Thereafter, the control target device (lower device) 30 transfers its own device ID and model name to the information recording medium 310. After the transfer is completed, the information recording medium 310 is removed from the control target device (lower device) 30 and mounted on the higher device 20.
[0105]
When the information recording medium 211 (= information recording medium 310) is loaded, the host device 20 starts authentication of the information recording medium 211. After the authentication of the information recording medium 211 is completed, the upper device 20 transfers data from the information recording medium 211. After the transfer is completed, the host device 20 transmits a device registration start request to the service center 10. If the service center 10 is ready to respond to the request, it notifies the host device 20 that device registration can be started. The host device 20 encrypts the data transferred from the information recording medium 211 with the public key of the service center 10 and transmits it to the center. The center that has received the data such as the control target device (lower device) identifier (ID) read from the information recording medium 211 decrypts the data relayed by the higher device 20 with its own secret key. Thereafter, the control target device (lower device) identifier (ID) in the decrypted data is verified, and if it is a valid ID, the received control target device (lower device) identifier (ID) and model name are stored in the device information database 106. Register with. Subsequent processing completion notifications and the like are the same as when an offline subordinate device that can use the public key cryptosystem is used.
[0106]
[Device Authentication Protocol]
Next, the details of the device authentication protocol executed between the service center 10, the upper device 20, and the control target device (lower device) 30 will be described. The device authentication protocol is a process executed to confirm the validity of a communication partner between two parties performing data communication. One preferred data transfer method is a configuration in which session key generation is performed during mutual authentication processing, and data transmission is performed by executing encryption processing using the generated session key as a shared key. Hereinafter, a device authentication protocol performed mainly with the host device 20 and a device authentication protocol performed mainly with the control target device (lower device) 30 will be described.
[0107]
a. Host device
First, a device authentication protocol that is executed between the host device 20 and the service center 10 to confirm each other's validity will be described.
[0108]
FIG. 19 shows a protocol used when the service center 10 and the host device 20 perform device authentication. First, the host device 20 transmits a device authentication start request to the service center 10. If the service center 10 can respond to the request, the service center 10 notifies the device that device authentication can be started. At this time, the service center 10 transmits its own center ID.
[0109]
When the host device 20 receives a response indicating that authentication can be started from the service center 10, the host device 20 transmits the device ID of the host device 20 itself. Thereafter, mutual authentication is performed between the service center 10 and the host device 20. As a procedure for mutual authentication, for example, a procedure shown in ISO 9798 can be used.
[0110]
As a mutual authentication procedure of ISO 9798, a mutual authentication method using a 160-bit long elliptic curve encryption which is a public key encryption method will be described with reference to FIG. In FIG. 20, ECC is used as the public key cryptosystem, but any public key cryptosystem may be used. Also, the key size need not be 160 bits. In FIG. 20, one of A and B corresponds to the service center 10 and the other corresponds to the host device 20.
[0111]
First, B generates a 64-bit random number Rb and transmits it to A. Upon receiving this, A newly generates a 64-bit random number Ra and a random number Ak smaller than the characteristic p. Then, a point Av = Ak × G obtained by multiplying the base point G by Ak is obtained, and an electronic signature A.R. Sig is generated and returned to B along with A's public key certificate. Here, Ra and Rb are 64 bits each, and the X coordinate and Y coordinate of Av are 160 bits each, so that an electronic signature for a total of 448 bits is generated.
[0112]
When using a public key certificate, the user uses the public key of the public key certificate authority (CA) held by the user, verifies the electronic signature of the public key certificate, and verifies the electronic signature. Extract the public key from the public key certificate after success.
[0113]
A's public key certificate, Ra, Rb, Av, electronic signature B that receives Sig verifies whether Rb transmitted by A matches that generated by B. As a result, if they match, the electronic signature in A's public key certificate is verified with the public key of the certificate authority, and A's public key is extracted. Then, the electronic signature A.A. Verify Sig. After successfully verifying the electronic signature, B authenticates A as legitimate.
[0114]
Next, B generates a random number Bk smaller than the characteristic p. Then, a point Bv = Bk × G obtained by multiplying the base point G by Bk is obtained, and an electronic signature B.Rb, Ra, Bv (X coordinate and Y coordinate) is obtained. Sig is generated and returned to A along with B's public key certificate.
[0115]
B's public key certificate, Rb, Ra, Av, digital signature A who receives Sig verifies whether Ra transmitted by B matches the one generated by A. As a result, if they match, the electronic signature in B's public key certificate is verified with the public key of the certificate authority, and B's public key is extracted. Then, using the B public key extracted, the electronic signature B.B. Verify Sig. After successfully verifying the electronic signature, A authenticates B as legitimate.
[0116]
If both are successfully authenticated, B is calculated as Bk × Av (Bk is a random number, but Av is a point on the elliptic curve, so a scalar multiplication of the points on the elliptic curve is required) and A is Ak × Bv is calculated, and the lower 64 bits of the X coordinate of these points are used as a session key for subsequent communications (when the common key encryption is a 64-bit key length common key encryption). Of course, the session key may be generated from the Y coordinate, or may not be the lower 64 bits. In secret communication after mutual authentication, transmission data is not only encrypted with a session key, but an electronic signature may be attached.
[0117]
If an illegality or a mismatch is found during the verification of the electronic signature or the received data, the processing is interrupted assuming that the mutual authentication has failed.
[0118]
Using the session key generated in such mutual authentication processing, the transmission data is encrypted.
By executing the mutual data communication, leakage of communication data to a third party is prevented. Note that either the service center 10 or the host device 20 may generate a session key necessary for data encryption. If mutual authentication or session key exchange fails, the service center 10 returns an error to the higher-level device 20. When all the processes are completed, the center notifies the upper apparatus of the process completion.
[0119]
b-1. Online subordinate equipment
Next, the case where the service center 10 and the online type control target device (lower device) 30 perform device authentication will be described. The protocol in this case is shown in FIG.
[0120]
First, the online-type control target device (lower device) 30 transmits a device authentication start request to the upper device 20. If the host device 20 is in a state that can respond to the request, it notifies the control target device (lower device) 30 that device authentication can be started. The control target device (lower device) 30 transmits its own device ID to the upper device 20. Then, mutual authentication is performed between the upper device 20 and the control target device (lower device) 30.
[0121]
Note that the mutual authentication between the upper device 20 and the control target device (lower device) 30 is based on the public key encryption method of FIG. 20 described as the mutual authentication process between the service center 10 and the upper device 20 described above. You may perform as an authentication process and may perform the mutual authentication by a common key encryption system.
[0122]
A mutual authentication method using the common key cryptosystem will be described with reference to FIG. FIG. 22 shows an example in which DES is used as the common key encryption method, but other methods can be applied as long as they are similar common key encryption methods. In FIG. 22, one of A and B corresponds to the upper device 20, and the other corresponds to the control target device (lower device) 30.
[0123]
First, B generates a 64-bit random number Rb, and sends Rb and its own ID (b) to A. Upon receiving this, A newly generates a 64-bit random number Ra, encrypts the data using the key Kab in the DES CBC mode in the order of Ra, Rb, and ID (b), and returns it to B.
[0124]
Upon receiving this, B decrypts the received data with the key Kab. As a method for decrypting received data, first, the ciphertext E1 is decrypted with the key Kab to obtain the random number Ra. Next, the ciphertext E2 is decrypted with the key Kab, and the result is exclusive-ORed with E1 to obtain Rb. Finally, the ciphertext E3 is decrypted with the key Kab, and the result and E2 are exclusive ORed to obtain ID (b). It is verified whether Rb and ID (b) of Ra, Rb, and ID (b) obtained in this way match those transmitted by B. If this verification is passed, B authenticates A as valid.
[0125]
Next, B generates a session key (Session Key (hereinafter referred to as Kses)) to be used after authentication (the generation method uses a random number). Then, encryption is performed using the key Kab in the DES CBC mode in the order of Rb, Ra, and Kses, and returned to A.
[0126]
Upon receiving this, A decrypts the received data with the key Kab. The method for decoding the received data is the same as the decoding process for B, so the details are omitted here. Of Rb, Ra, and Kses obtained in this way, it is verified whether Rb and Ra match those transmitted by A. If this verification is passed, A authenticates B as valid. After authenticating each other, the session key Kses is used as a common key for secret communication after authentication.
[0127]
In addition, when an illegality or a mismatch is found during the verification of the received data, the processing is interrupted on the assumption that mutual authentication has failed.
[0128]
If the mutual authentication is successful, the upper device 20 requests the service center 10 to start device authentication as a proxy for the control target device (lower device) 30. If the service center 10 can respond to the request, the service center 10 notifies the host device 20 that device authentication can be started. The upper device 20 transmits the device ID of the control target device (lower device) 30 to the service center 10. Here, the service center 10 verifies the validity of the device ID of the lower device. The validity verification is executed as a process of checking whether or not the device ID included in the transmission data is registered in the device information database 106 of the service center 10. When the validity verification of the device ID ends normally, the upper device 20 grants the control target device (lower device) 30 permission for direct communication with the service center 10. Thereafter, the host device 20 is not involved in the communication content between the service center 10 and the control target device (lower device) 30.
[0129]
Upon receiving direct communication permission with the service center 10, the control target device (lower device) 30 communicates directly with the center and performs mutual authentication. The mutual authentication is performed using, for example, either the above-described example of FIG. 20 or FIG. When the mutual authentication is completed, data is encrypted and transmitted / received using a session key (common key) generated during the subsequent mutual authentication. Either the service center 10 or the control target device (lower device) 30 may generate the session key. Here, since mutual authentication is completed between the service center 10 and the host device 20 and between the host device 20 and the control target device (lower device) 30, respectively, the service center 10 and the control target device (lower device). ) Direct mutual authentication with 30 can be omitted. If mutual authentication or session key exchange fails, the center returns an error to the lower device. If all the processes are completed, the service center 10 notifies the control target device (lower device) 30 of the completion of the processing. If the session key can be shared between the control target device (lower device) 30 and the service center 10, the online lower device can be handled in the same manner as the upper device 20 in each procedure described below.
[0130]
In the case of a control target device (lower device) 30 that does not have an encryption function, authentication of the control target device (lower device) 30 is executed by, for example, authentication processing using a one-time password. In this case, the service center 10 or the host device 20 generates and holds a session key, and data communication between the service center 10 and the host device 20 via the external network is data communication using the session key. The protocol in this case is shown in FIG.
[0131]
b-2. Offline subordinate equipment
Next, the device authentication protocol of the offline type lower device will be described. The protocol in this case is shown in FIG. The offline control target device (lower device) 30 is configured to receive control information via an information recording medium such as a memory card as described above.
[0132]
The offline type control target device (lower device) 30 is mounted if the information recording medium is not first mounted on the lower device. In that case, the recording medium is authenticated. This authentication process is executed by the above-described method using the symmetric key, asymmetric key, password, etc. according to the configuration of the control target device (lower device) 30 and the information recording medium (encryption processing function, key storage configuration). . When the recording medium authentication is successful, the control target device (lower device) 30 transfers data necessary for device authentication, such as a device ID, to the information recording medium. When the transfer is completed, the information recording medium is moved to the host device 20.
[0133]
When the information recording medium is set, the host device 20 authenticates the information recording medium and then transfers data necessary for device authentication from the medium. The authentication process of the information recording medium is executed by the above-described method using the symmetric key, asymmetric key, password, and the like, similar to the authentication process between the control target device (lower device) 30 and the information recording medium. When the transfer is completed, mutual authentication between the upper device 20 and the control target device (lower device) 30 is executed based on the stored data of the information recording medium. During this time, if the information recording medium needs to be moved between the higher level device 20 and the control target device (lower level device) 30, it is performed. If the mutual authentication is successful, the upper device 20 requests the service center 10 to start device authentication on behalf of the control target device (lower device) 30. If the service center 10 can respond to the request, the service center 10 notifies the host device 20 that device authentication can be started.
[0134]
Next, the upper device 20 transmits the device ID of the control target device (lower device) 30 to the service center 10. Here, the service center 10 verifies the validity of the device ID of the control target device (lower device) 30. If the validity verification of the device ID ends normally, the control target device (lower device) 30 performs mutual authentication processing and session key exchange with the service center 20. However, since the control target device (lower device) 30 and the service center 10 cannot directly communicate with each other, the upper device 20 and the information recording medium are interposed. During this time, the information recording medium is moved between the upper device 20 and the control target device (lower device) 30 as necessary. When mutual authentication is completed, a session key (common key) necessary for subsequent data encryption is generated. Either the service center 10 or the control target device (lower device) 30 may generate the session key. In the case of a control target device (lower device) 30 that does not have an encryption function, authentication of the control target device (lower device) 30 is executed by, for example, authentication processing using a one-time password. In this case, the service center 10 or the host device 20 generates and holds a session key, and data communication between the service center 10 and the host device 20 via the external network is data communication using the session key. If mutual authentication or session key exchange fails, the service center 10 returns an error to the higher-level device 20. If all the processes are completed, the service center 10 notifies the host device 20 of the process completion. The host device 20 transfers a processing completion notification or an error notification to the information recording medium. When the information recording medium is moved to the control target device (lower device) 30, the control target device (lower device) 30 authenticates the information recording medium and transfers (reads out) a processing completion notification or an error notification from the recording medium. .
[0135]
[User registration, information change protocol]
Next, a user registration and information change protocol for registering user information such as a user name and payment information in the user information database 107 (see FIG. 5) of the service center 10 will be described.
[0136]
a. Host device, online subordinate device
First, processing in the case of the host device 20 and the online-type control target device (lower device) 30 will be described. The protocol in this case is shown in FIG. The host device 20 and the online-type control target device (lower device) 30 are collectively referred to as “device”. The device requests the service center 10 to start user registration. If the service center 10 is ready for user information registration, the service center 10 notifies the device of the start confirmation. The device encrypts the user information input by the user with the session key and transmits it together with the device ID. User information includes a name, an address, payment information, and the like. The settlement information is information necessary for settlement of the paid service, such as a bank account, a credit card number, and a prepaid card number. The service center 10 decrypts the encrypted user information with a session key corresponding to the device ID.
[0137]
Subsequently, the service center 10 issues a user ID to the user, and the service center 10 registers the user ID, user information, and device ID in the user information database 107 therein. After registering the user information in the database, the service center 10 encrypts the user ID with the session key and transmits it to the device. Upon receiving this, the device decrypts the encrypted user ID with the session key. Then, the user ID is notified to the user. The notification is executed on, for example, the display unit 303 (see FIG. 3) of the control target device (lower device) 30. It is also possible to display on the host device. Here, in order to save the trouble of inputting the user ID each time the user uses the device, the user ID may be stored in the device, and the user may select his / her ID. Finally, the service center 10 sends a process completion notification or error notification to the device.
[0138]
When the control target device (lower device) 30 does not have an encryption function, data is transmitted and received without being encrypted between the lower device and the higher device, and after the higher device 20 encrypts the data with a session key. To the service center 10. Data from the service center 10 is transmitted to the lower device after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0139]
Note that user information has already been registered in the user information database 107 in the service center 10, and when the information is changed, a user ID is issued in the registration procedure, and the user ID is changed. The process of notifying the host device is not necessary. Further, instead of inputting a name or the like for specifying a user, an issued user ID may be input. At this time, if the device ID of the device used by the user is not associated with the user ID, the service center 10 executes a process of adding the device ID to the user information database 107. The other parts are the same as in the case of user information registration. The protocol in this case is shown in FIG.
[0140]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0141]
b. Offline subordinate equipment
Next, the case of an offline type subordinate device will be described. The protocol in this case is shown in FIG. If the recording medium is not attached to the offline control target device (lower device) 30, it is attached. In that case, authentication of the recording medium is required. The control target device (lower device) 30 encrypts the user information input by the user with the session key, and transfers it to the information recording medium together with the device ID. After the transfer is completed, the information recording medium is removed from the control target device (lower device) 30 and mounted on the higher device 20.
[0142]
The host device 20 starts authentication of the information recording medium when the information recording medium is loaded. After the authentication of the information recording medium is completed, the upper device 20 transfers (reads) data from the information recording medium. After the transfer is completed, the upper device 20 sends a user registration start request to the service center 10 as a proxy for the lower device. If the service center 10 is ready for user information registration, the service center 10 notifies the host device 20 of the start confirmation.
[0143]
The host device 20 transmits the data from the control target device (lower device) 30 to the service center 10 as it is. The service center 10 decrypts the encrypted user information with a session key corresponding to the device ID. Subsequently, a user ID is issued to the user, and the user ID, user information, and device ID are registered in the user information database 107.
[0144]
After registering the user information in the database, the service center 10 encrypts the user ID with the session key with the control target device (lower device) 30 and transmits it to the upper device 20. Then, the service center 10 sends a processing completion notification or an error notification to the higher-level device 20. When the host device 20 receives the processing completion notification from the service center 10, the host device 20 transfers the encrypted user ID to the information recording medium. Thereafter, the information recording medium is moved from the higher level device 20 to the control target device (lower level device) 30. When the information recording medium is mounted on the control target device (lower device) 30, the control target device (lower device) 30 authenticates the information recording medium. If the authentication is successful, the control target device (lower device) 30 transfers (reads data) data in the information recording medium.
[0145]
Next, the control target device (lower device) 30 decrypts the encrypted user ID read from the information recording medium with the session key. Then, the user ID is notified to the user. The notification is executed on, for example, the display unit 303 (see FIG. 4) of the control target device (lower device) 30. Here, in order to save the trouble of inputting the user ID every time the user uses the device, the user ID may be stored in the device, and the user may select his / her ID. .
[0146]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0147]
Note that user information has already been registered in the user information database 107 in the service center 10, and when the information is changed, a user ID is issued in the registration procedure, and the user ID is changed. The process of notifying the host device is not necessary. Further, instead of inputting a name or the like for specifying a user, an issued user ID may be input. At this time, if the device ID of the device used by the user is not associated with the user ID, the service center 10 executes a process of adding the device ID to the user information database 107. The other parts are the same as in the case of user information registration. The protocol in this case is shown in FIG.
[0148]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0149]
[User Authentication Information Registration Protocol]
Several methods can be considered to identify the user. Here, a method using a password and a case using an ID card will be described. When using an ID card, a card in which an individual ID is embedded, a card having a mechanism capable of recognizing biometric information such as a fingerprint, or a card storing a user's private / private key pair Can be used. As the ID card, either a contact type card having a magnetic tape or a non-contact type card that performs wireless communication may be used. Further, as a place where the user authentication information for identifying the user is stored and collated, a device (higher device / control target device (lower device)) or a service center can be considered. When storing in a device, it is easy to individually manage the user restrictions on the device. When registering at the service center, even when using a plurality of devices, there is no need to perform registration work for each device. First, a procedure for registering authentication information such as a password in a device or center will be described.
[0150]
a. Save to device
This is a method in which user authentication information such as a user password is stored inside the device and collated with the user authentication information input by the user when the service is provided. Password registration in this case will be described. The protocol in this case is shown in FIG. When the device receives the user ID entered by the user, the device prompts the user to enter a password.
[0151]
When the user inputs a password from the operation unit (the operation unit 209 in the case of a higher-level device, the operation unit 308 in the case of a lower-level device), the device stores a set of passwords corresponding to the user ID in a memory inside the device. At this time, the password may be encrypted instead of being stored in plain text. Next, the service center 10 notifies the device of processing completion or an error.
[0152]
Next, user authentication information registration processing using an ID card will be described. The protocol in this case is shown in FIG. When the user sets the ID card, the device transfers the user ID and user authentication information from the ID card. The device stores user authentication information corresponding to the user ID in a memory inside the device. Next, the service center 10 notifies the device of processing completion or an error.
[0153]
b. Save to the center
In this method, user authentication information is stored in the service center 10 and collated with the user authentication information input by the user at the time of service provision or the like. Password registration in this case will be described. The protocol in this case is shown in FIG.
[0154]
First, when using a host device and an online type control target device (subordinate device), it is as follows. The device requests the service center 10 to start registration of user authentication information. If the service center 10 can respond to the request, the service center 10 notifies the device that registration can be started. When the device receives the user ID entered by the user, the device prompts the user to enter a password. When the user inputs a password, the device encrypts a pair of passwords corresponding to the user ID with a session key, and transmits the encrypted information together with the device ID to the service center 10. The service center 10 decrypts the encrypted user ID and password with a session key corresponding to the device ID. Subsequently, the password is registered in the user information database 107. If decryption with the session key or registration in the database fails, the service center 10 returns an error to the device. When all the processes are completed, the service center 10 notifies the apparatus of the completion of the processes.
[0155]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0156]
Next, a method using an ID card will be described. The protocol in this case is shown in FIG. When the user sets the ID card, the device transfers the user ID and user authentication information from the ID card. The device requests the service center 10 to start registration of user authentication information. If the service center 10 can respond to the request, the service center 10 notifies the device that registration can be started. Thereafter, the device encrypts a set of user authentication information corresponding to the user ID with the session key, and transmits the encrypted information together with the device ID to the service center 10. The following processing is the same as when a password is used.
[0157]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0158]
c. Offline subordinate equipment
Next, a user authentication information registration protocol in the case of an offline type control target device (lower device) will be described. First, password registration in this case will be described. The protocol in this case is shown in FIG.
[0159]
The offline type control target device (lower device) 30 prompts the user to input a user ID and a password. When the user ID and password are input, the control target device (lower device) 30 encrypts it with the session key and transfers it to the information recording medium together with the device ID. When the information recording medium is moved from the lower apparatus to the upper apparatus, the upper apparatus 20 authenticates the information recording medium. If the authentication of the information recording medium is successful, the host device 20 transfers data from the information recording medium. Thereafter, the host device 20 requests the service center 10 to start registration of user authentication information. If the service center 10 can respond to the request, the service center 10 notifies the host device 20 that registration can be started. The host device 20 transmits the data transferred (read) from the information recording medium to the center as it is. The service center 10 decrypts the encrypted user ID and password with a session key corresponding to the device ID. Subsequently, the password is registered in the user information database 107. If the decryption with the session key or the registration in the database fails, the service center 10 returns an error to the higher-level device 20. If all the processes are completed, the service center 10 notifies the host device 20 of the process completion. An error notification and a processing completion notification from the service center 10 to the higher-level device 20 are transferred to the offline type control target device (lower-level device) 30 via the information recording medium.
[0160]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0161]
Next, a user authentication information registration protocol using an ID card will be described. The protocol in this case is shown in FIG. When the user sets an ID card, the control target device (lower device) 30 transfers the user ID and user authentication information from the ID card. The following processing is the same as when a password is used.
[0162]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0163]
[User Authentication Protocol]
Next, a procedure for authenticating a user using the user authentication information registered by the user authentication information registration protocol will be described.
[0164]
a. Store user authentication information on the device
A user authentication method in the case where the user authentication information of the user is stored in the device and compared with the user authentication information input by the user at the time of service provision or the like will be described.
[0165]
FIG. 43 shows a protocol when a password is used as user authentication information. When the device receives the user ID entered by the user, the device prompts the user to enter a password. When the user inputs a password, the device selects a password corresponding to the user ID from a set of user IDs and passwords stored in the memory, and collates this with the input password. If the verification is successful, it can be said that the user has a legitimate authority and can receive a service or the like. If verification fails, error processing is performed.
[0166]
Next, a method using an ID card will be described. The protocol in this case is shown in FIG. When the user sets the ID card, the device transfers the user ID and user authentication information from the ID card. Thereafter, the device selects user authentication information corresponding to the user ID from the set of user ID and user authentication information stored in the internal memory, and stores the user authentication information transferred from the ID card. Match. If the verification is successful, it can be said that the user has a legitimate authority and can receive a service or the like. If verification fails, error processing is performed.
[0167]
b. Store user authentication information in the center
A user authentication method in the case where the user password is stored in the service center 10 and collated with the password input by the user at the time of service provision or the like will be described. FIG. 45 shows a protocol when using a password. The device requests the service center 10 to start user authentication. If the service center 10 can respond to the request, the service center 10 notifies the device that authentication can be started. When the device receives the user ID entered by the user, the device prompts the user to enter a password. When the user inputs a password, the device encrypts a pair of passwords corresponding to the user ID with a session key, and transmits the encrypted information together with the device ID to the center. The center decrypts the encrypted user ID and password with a session key corresponding to the device ID. The service center 10 collates the password registered in the device / user information database 107 with the password transmitted from the device. The service center 10 transmits the verification result to the device. If the verification is successful, it can be said that the user has a legitimate authority and can receive a service or the like. If the transmitted device ID is not included in the user ID entry of the user information database 107, it is added. Accordingly, even when the user uses a plurality of devices, the user ID and the device ID can be associated with each other. If verification fails, error processing is performed.
[0168]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0169]
Next, a user authentication method using an ID card will be described. The protocol in this case is shown in FIG. When the user sets the ID card, the device transfers the user ID and user authentication information from the ID card. The device requests the service center 10 to start user authentication. If the service center 10 can respond to the request, the service center 10 notifies the device that authentication can be started. The device encrypts a set of user authentication information corresponding to the user ID with the session key, and transmits the encrypted information together with the device ID to the service center 10. The service center 10 decrypts the encrypted user ID and user authentication information with a session key corresponding to the device ID. The service center 10 collates the user authentication information registered in the user information database 107 with the user authentication information transmitted from the device. Furthermore, the service center 10 transmits the verification result to the device. If the verification is successful, it can be said that the user has a legitimate authority and can receive a service or the like. If the transmitted device ID is not included in the user ID entry of the user information database 107, it is added. If verification fails, error processing is performed.
[0170]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0171]
c. For offline subordinate devices
Next, a user authentication method in the case of the offline type control target device (lower device) 30 will be described. A protocol in the case of using a password is shown in FIG. The offline type control target device (lower device) 30 prompts the user to input a user ID and a password. When the user ID and password are input, the control target device (lower device) 30 encrypts it with the session key and transfers it to the information recording medium together with the device ID.
[0172]
When the information recording medium is moved from the control target device (lower device) 30 to the upper device 20, the upper device 20 authenticates the information recording medium. If the authentication of the information recording medium is successful, the upper device 20 transfers (reads) data from the information recording medium. Then, the host device 20 requests the service center 10 to start user authentication. If the service center 10 can respond to the request, the service center 10 notifies the host device 20 that authentication can be started. When receiving the notification, the host device 20 transmits the data transferred from the information recording medium to the service center 10 as it is. The service center 10 decrypts the encrypted user ID and password with a session key corresponding to the device ID. The service center 10 collates the user authentication information registered in the user information database 107 with the user authentication information transmitted from the device. The service center 10 transmits the verification result to the higher-level device 20. If the verification is successful, it can be said that the user has a legitimate authority and can receive a service or the like. If the transmitted device ID is not included in the entry of the user ID in the user information database, it is added. If verification fails, error processing is performed. The host device 20 that has received the authentication result transfers the result to the information recording medium. When the information recording medium is transferred from the higher level device 20 to the control target device (lower level device) 30, the control target device (lower level device) 30 authenticates the information recording medium. If the recording medium authentication is successful, the lower device transfers (reads) data from the information recording medium. The device to be controlled (lower device) 30 notifies the user of the authentication result via the display unit 303, for example.
[0173]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. The data from the service center 10 is transmitted to the control target device (lower device) 30 via the information recording medium after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0174]
Next, a user authentication method using an ID card in the case of the offline type control target device (lower device) 30 will be described. The protocol in this case is shown in FIG. When the user sets an ID card, the offline control target device (lower device) 30 transfers the user ID and the user authentication information from the ID card. The following processing is the same as when a password is used.
[0175]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. The data from the service center 10 is transmitted to the control target device (lower device) 30 via the information recording medium after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0176]
[Service Protocol]
Next, a remote service providing process using the host device 20 from the service center 10 will be described.
[0177]
a. Center-host device, center-host device-subordinate device (online)
First, FIG. 53 shows a protocol in the case of using the service center 10, the upper device 20, and the online type control target device (lower device) 30. Here, the term “device” is a generic term including the upper device 20 and the online-type control target device (lower device) 30.
[0178]
First, the device requests the service center 10 to start a service. If the service center 10 can respond to the request, the service center 10 notifies the device that the service can be started. The service is implemented by communicating data between the service center 10 and the device. A case where data for service provision is transmitted from the service center 10 will be described.
[0179]
First, service data such as maintenance information is sent from the service providing database 103 to the encrypted communication IC 104 under the control of the CPU 101 of the service center. The encrypted communication IC 104 encrypts the data with a session key exchanged between the service center and the device at the time of device authentication, and then transmits the data to the external network via the external network interface 105.
[0180]
On the host device 20 side, the encrypted communication IC 205 decrypts the data received via the external network interface 208 using the session key. The decrypted data is transferred to a recording device 210 such as a memory 202 or a disk through a data bus. The CPU 201 reads data from the recording device 210 such as the memory 202 or a disk, and controls the device specific unit 204. Note that when the online type control target device (lower level device) 30 is controlled, data is transferred between the higher level device 20 and the control target device (lower level device) 30.
[0181]
Next, a case where data is transmitted from the online-type control target device (lower device) 30 to the service center 10 will be described. First, data is sent to the encrypted communication IC 305 under the control of the CPU 301 of the online control target device (lower device) 30. The encrypted communication IC 305 encrypts the data with the session key, and then transmits the data to the host device 20 via the local interface 307. The host device 20 transmits data received from the control target device (lower device) 30 via the local interface 208 to the external network via the external network interface 208.
[0182]
On the service center 10 side, the encrypted communication IC 104 decrypts the data received via the external network interface 105 using the session key. The decrypted data is transferred to the memory 102, the service providing database 103, the device information database 106, and the user information database 107 through the data bus. While providing the service, the CPU 101 of the service center 10 records the billing information in the memory 102 or the user information database 107 if necessary. The billing information is the number of times the paid service is used, the time, the amount of data transmitted and received, and the like.
[0183]
As described above, the communication of data performed between the service center 10 and the device during the provision of the service is encrypted using the session key, so that the communication content can be protected. When the provision of the service is completed, the CPU 101 of the service center 10 acquires the payment information of the user from the user database using the user ID as a search key, and performs a payment process. When the service provision ends, a termination process is performed.
[0184]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. Data from the service center 10 is transmitted to the control target device (lower device) 30 after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0185]
2. Center-Host device-Subordinate device (offline)
Next, a remote service providing process for an offline subordinate device will be described. In this case, the service communicates between the service center 10 and the host device 20, and the host device 20 receives the data instead of the offline control target device (subordinate device) 30, stores it once, and stores the data. This is implemented by using an information recording medium and transferring the information to lower-order devices collectively. The protocol in this case is shown in FIG.
[0186]
First, if the information recording medium is not attached to the control target device (lower device) 30, it is attached. In that case, authentication of the information recording medium is required. When the authentication of the information recording medium is successful, the control target device (lower device) 30 transfers data necessary for starting the service, such as a service name and parameters, to the medium. After the transfer is completed, the information recording medium is moved to the host device 20.
[0187]
When the information recording medium is set, the host device 20 authenticates the information recording medium and then transfers data necessary for starting the service from the information recording medium. When the transfer is completed, the host device 20 requests the service center 10 to start the service. If the service center 10 can respond to the request, the service center 10 notifies the host device 20 that the service can be started.
[0188]
A case will be described in which data is exchanged between the host device 20 and the control target device (lower device) 30 during service provision. When the host device 20 transfers data to the information recording medium, if the recording medium authentication has not been completed, the encrypted communication IC 205 of the host device 20 starts authentication of the information recording medium. If the information recording medium can be authenticated, the CPU 201 of the higher level device 20 reads the data received from the service center 10 for the control target device (lower level device) 30 from the recording device 210 inside the higher level device 20 and transfers it to the encrypted communication IC 205. . The data transferred to the encryption communication IC 205 is transferred (written) to the information recording medium 211 via the recording medium interface 207 as it is.
[0189]
When the control target device (lower device) 30 transfers data to the information recording medium, if the recording medium authentication has not been completed, the encryption communication IC 305 of the control target device (lower device) 30 starts authentication of the information recording medium. To do. If the information recording medium can be authenticated, the CPU 301 of the control target device (lower device) 30 reads the data from the memory 302 or the recording device 309 and transfers it to the encrypted communication IC 305. The encrypted communication IC 305 encrypts the transferred data with the session key and transfers it to the information recording medium 310 via the recording medium interface 306.
[0190]
A case will be described in which data is exchanged between the service center 10 and the host device 20 during service provision. A case where data for service provision is transmitted from the service center 10 will be described. First, data is sent from the service providing database 103 to the encrypted communication IC 104 under the control of the CPU 101 of the service center 10. The encrypted communication IC 104 encrypts the data with a session key exchanged between the service center 10 and the control target device (lower device) 30 at the time of device authentication, and then passes through the external network interface 105. Send to external network.
[0191]
On the host device 20 side, the encrypted communication IC 205 receives the data via the external network interface 208 and transfers the data to the recording device 210 such as the memory 202 or disk via the data bus.
[0192]
Next, a case where data is transmitted from the host device 20 to the service center 10 will be described.
First, data encrypted with a session key exchanged between the control target device (lower device) 30 and the service center 10 under the control of the CPU 201 of the upper device 20 is read from the memory 202 or the recording device 210. It is sent to the encrypted communication IC 205. The encrypted communication IC 205 transmits the data to the external network via the external network interface 206. On the service center 10 side, the encrypted communication IC 104 decrypts the data received via the external network interface 105 using the session key. The decrypted data is transferred to the memory 102, the service providing database 103, the device information database 106, and the user information database 107 through the data bus. While providing the service, the CPU 101 of the service center 10 records the billing information in the memory 102 or the user information database 107 if necessary. The billing information is the number of times the paid service is used, the time, the amount of data transmitted and received, and the like.
[0193]
As described above, the data communication performed between the service center and the device during the provision of the service can be encrypted using the session key to protect the communication content. When the provision of the service is completed, the CPU 101 of the service center 10 acquires the payment information of the user from the user database 107 using the user ID as a search key, and performs a payment process. When the service provision ends, a termination process is performed.
[0194]
If the control target device (lower device) 30 does not have an encryption function, the service center 10 does not encrypt data between the lower device and the higher device, and the higher device 20 encrypts with the session key. Execute data transmission. The data from the service center 10 is transmitted to the control target device (lower device) 30 via the information recording medium after the upper device 20 decrypts it with the session key. The protocol in this case is shown in FIG.
[0195]
[Specific processing example]
Hereinafter, a specific service providing example of the service providing system and the service providing method via the communication means of the present invention will be described.
[0196]
<Remote maintenance>
First, a remote diagnosis / repair system will be described as a specific service provision example. The protocol in this case is shown in FIG. This system is an example in which a failure location is diagnosed and repaired by an operation from the service center 10 when a failure occurs in a device.
[0197]
First, a diagnosis is performed to check the status of the device. This diagnosis is performed by the CPU of the device (CPU 201 in the case of a host device and CPU 301 in the case of a lower device) issuing commands to various parts inside the device and analyzing the responses. A diagnostic program is recorded in advance in a memory or a disk in the device. When the diagnosis is completed, the result is transmitted to the service center 10. Or it is good also as a structure which diagnoses with the help of a center. In this case, the device transmits a diagnosis request message to the service center 10. Upon receiving the diagnosis request message, the service center 10 issues a diagnosis command and transmits it to the device if the corresponding device can be diagnosed. When the device receives the diagnosis command from the service center 10, the device executes the command and transmits the result to the service center 10.
[0198]
The service center 10 analyzes the result transmitted from the device, thereby issuing a diagnostic command again if necessary and transmitting it to the device. Until the service center 10 can determine that the diagnosis has been completed, the analysis procedure is repeated from the issue of the diagnosis command. As described above, remote diagnosis can be performed to identify the fault location and state, and if remote repair is possible, the repair procedure is started. The remote repair is performed based on the diagnosis result by the service center 10 transmitting a repair command necessary for recovering the failure of the device to the device.
[0199]
The CPU 101 of the service center 10 analyzes the diagnosis result and issues a repair command. At this time, an optimum command is selected by referring to the past failure history of the corresponding device or the same model stored in the service providing database 103. The service center 10 transmits this repair command to the device. The device executes the received repair command under the control of the CPU in the device and transmits the result to the center. The service center that has received the result analyzes based on the result and past history, issues a repair command again if necessary, and transmits it to the device. If necessary, display a message to the user on the display of the device. It then asks for input, such as continuing the repair run.
The analysis procedure is repeated from the issuance of the repair instruction until the center determines that the repair has been completed or until the user finishes the repair. When the repair is finished, the diagnosis result and the repair contents so far are registered in the device information database 106. The diagnosis results and repair contents registered in the database can be used for billing, or the data of a plurality of devices can be collected and fed back to the device manufacturer to help improve the device. The center then notifies the device of the end of remote repair.
[0200]
<Backup / Restore>
As another service provision example of the present invention, a processing configuration in which the service center 10 executes backup and restore processing of data stored in a device will be described.
[0201]
This is because data such as setting information stored in a device is backed up in advance in the storage means of the service center 10 and restored even if the data is lost, so that the device can be used in its previous state. It is for making it possible. First, backup will be described. The protocol in this case is shown in FIG.
[0202]
The device makes a backup start request to the service center 10. Upon receiving this request, the service center 10 secures an area for backup on the service providing database 103. If the area is successfully secured and the backup is ready, the service center 10 transmits a backup start confirmation notification to the device. The device that has received the start confirmation notification transmits the data to be backed up to the service center 10. The service center 10 stores the received backup data in the reserved area. When the storage is completed, the backup information such as the backup date and time and the storage area is registered in the device information database 106. Then, the service center 10 notifies the device of the end of backup.
[0203]
Next, the restoration procedure will be described. The protocol in this case is shown in FIG. The device makes a restore start request to the service center 10. Upon receiving this request, the service center 10 acquires backup information from the device information database 106 using the device ID as a search key. If acquisition of backup information is successful and restoration is possible, the service center 10 transmits a restore start confirmation notification to the device. Then, the service center 10 extracts area information on the service providing database 103 in which the backup data is stored from the backup information. Based on this information, the backup data is read from the area on the service providing database 103 and transmitted to the device.
[0204]
After checking the received backup data, the device executes restoration. When the restoration is completed, the device notifies the service center 10 of the completion of the restoration. The service center 10 that has received the restore end notification registers the restore history in the device information database 106. Then, the service center 10 notifies the device of the end of processing related to restoration.
[0205]
<Data distribution (music, video, text information, etc.)>
As another service providing example of the present invention, data distribution will be described.
[0206]
In this case, data such as music, video, and character information is stored in the service center 10 and can be used by being taken in from the service center 10 according to a user's request. The protocol in this case is shown in FIG. When using the data distribution function, first, the user performs an operation of starting data distribution using an operation unit provided in the device (the operation unit 209 in the case of a higher-level device and the operation unit 308 in the case of a lower-level device). The device that has received the input from the user makes a data distribution start request to the service center 10. If the service center 10 is ready for data distribution, the service center 10 transmits a data distribution start confirmation notification to the device. The device that has received the start confirmation notification displays a data distribution start message on the display unit (the display unit 203 in the case of a higher-level device and the display unit 303 in the case of a lower-level device). Further, the service center 10 transmits a menu including options relating to available data to the device. When the device receives this menu, it outputs it to the display unit.
[0207]
When the user selects necessary data from the menu and inputs it to the operation unit, the device transmits information indicating what the selected data is, such as a data number, to the service center 10. The service center 10 acquires necessary data from the service providing database and transmits it to the device. The device outputs that the data has been received to the display unit. Then, the user performs an operation such as reproducing data. When the user continues to use the data distribution function, necessary input may be performed from the operation unit. When the data distribution is completed, the service center 10 registers the data distribution history in the device information database 106 if necessary. The data distribution history registered in the database can be used for billing, or can be used for marketing such as reviewing data to be provided later by collecting data of a plurality of devices. Then, the service center 10 notifies the device of the end of data distribution.
[0208]
<Help tutorial>
Furthermore, as another service providing example of the present invention, an example of providing a help function for explaining a method of operating a device will be described. In this method, help data explaining the operation method of the device is stored in the service center 10, and necessary portions are taken into the device in response to a user's request and presented to the user. The protocol in this case is shown in FIG.
[0209]
With regard to this help function, it is possible to save all help data on the device, but the device may have less storage space and it is difficult to always keep new help data. Therefore, this is an example in which all or part of the help data is placed in the service center 10. When using the help function, first, the user performs an operation for starting help with the operation unit (the operation unit 209 in the case of a higher-level device and the operation unit 308 in the case of a lower-level device). The device that has received the input from the user makes a help start request to the service center 10. If it is in a state where help data can be provided, the service center 10 transmits a help start confirmation notification to the device.
[0210]
The device that has received the start confirmation notification transmits data designating a necessary part of the help to the service center 10. Upon receiving this, the service center 10 acquires necessary help data from the service providing database 103 and transmits it to the device. The device displays the received help data on the display unit (the display unit 203 for the higher-level device and the display unit 303 for the lower-level device). When the user continues to use the help function, the necessary input may be performed from the operation unit.
When the provision of help data is completed, the help provision history is registered in the device information database.
The center notifies the end of help to the device.
[0211]
Further, not only simple help but also a tutorial can be provided, that is, operation information can be provided. This is a function for the user to learn how to use the device. When each part of the device is operated, the display and operation mode change depending on the situation. The protocol in this case is shown in FIG. When using the tutorial function, the user first performs an operation for starting the tutorial in the operation unit. The device that has received the input from the user makes a tutorial start request to the center. If the tutorial is ready, the center sends a tutorial start confirmation notification to the device. The device that has received the start confirmation notification displays a tutorial start message on the display unit. When the user operates the device, the device transmits the operation content and the internal state of the device to the service center 10. Based on these pieces of information, the service center 10 determines data to be provided next. Then, necessary tutorial data is acquired from the service providing database and transmitted to the device.
[0212]
The device displays the received tutorial data on the display unit. When the user continues to use the tutorial function, the necessary input may be performed from the operation unit. When the provision of tutorial data ends, the tutorial provision history is registered in the device information database. The center notifies the device of the end of the tutorial.
[0213]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0214]
【The invention's effect】
As described above, according to the service providing system, the service providing method, the service mediating apparatus, and the program providing medium via the communication means of the present invention, even when the device cannot be directly connected to the service center. , It is possible to receive information from the service center via a local network or information recording medium from a higher-level device having communication means, and connect to an external network for all control target devices (lower-level devices) required for control, maintenance, etc. Therefore, it is not necessary to configure communication means such as a communication interface.
[0215]
Furthermore, according to the service providing system, the service providing method, the service mediating apparatus, and the program providing medium via the communication means of the present invention, the control target device (lower device) required for control, maintenance, etc. has an encryption function. Even if the configuration is not provided, the host device that can communicate with the controlled device (lower device) via the local network or information recording medium encrypts the data and then executes communication processing with the service center. Even through a public network where the safety of data is not guaranteed, leakage of important information such as control information or personal information necessary for providing the control information can be prevented.
[Brief description of the drawings]
FIG. 1 is a diagram showing a system overview of a service providing system via communication means of the present invention.
FIG. 2 is a diagram showing a configuration of a host device constituting a service providing system via communication means of the present invention.
FIG. 3 is a diagram showing a configuration of a lower-level device (online type) constituting a service providing system via a communication unit of the present invention.
FIG. 4 is a diagram showing a configuration of a lower level device (offline type) constituting a service providing system via a communication unit of the present invention.
FIG. 5 is a diagram showing a configuration of a service center configuring a service providing system via a communication unit of the present invention.
FIG. 6 is a diagram showing an encryption / authentication level of data communication in the service providing system via the communication means of the present invention.
FIG. 7 is a flowchart (part 1) for explaining the entire processing in the service providing system via the communication means of the present invention.
FIG. 8 is a flowchart (part 2) for explaining the entire processing in the service providing system via the communication means of the present invention.
FIG. 9 is a flowchart (part 3) for explaining the entire processing in the service providing system via the communication means of the present invention.
FIG. 10 is a flowchart (part 4) for explaining the entire process in the service providing system via the communication means of the present invention.
FIG. 11 is a diagram (part 1) illustrating a device registration protocol in the service providing system via the communication unit of the present invention.
FIG. 12 is a diagram (part 2) for explaining the device registration protocol in the service providing system via the communication means of the present invention.
FIG. 13 is a diagram (No. 3) for explaining the device registration protocol in the service providing system via the communication means of the present invention.
FIG. 14 is a diagram (No. 4) for explaining the device registration protocol in the service providing system via the communication means of the present invention.
FIG. 15 is a diagram (No. 5) for explaining the device registration protocol in the service providing system via the communication means of the invention.
FIG. 16 is a diagram (No. 6) for explaining the device registration protocol in the service providing system via the communication means of the invention.
FIG. 17 is a diagram (No. 7) for explaining the device registration protocol in the service providing system via the communication means of the present invention.
FIG. 18 is a diagram (No. 8) for explaining the device registration protocol in the service providing system via the communication means of the invention.
FIG. 19 is a diagram (part 1) for explaining a device authentication protocol in a service providing system via a communication unit of the present invention.
FIG. 20 is a diagram for explaining mutual authentication processing applicable in the service providing system via the communication means of the present invention.
FIG. 21 is a diagram (part 2) illustrating the device authentication protocol in the service providing system via the communication unit of the present invention.
FIG. 22 is a diagram illustrating a mutual authentication process applicable in a service providing system via a communication unit of the present invention.
FIG. 23 is a diagram (No. 3) explaining the device authentication protocol in the service providing system via the communication means of the invention.
FIG. 24 is a diagram (No. 4) explaining the device authentication protocol in the service providing system via the communication means of the invention.
FIG. 25 is a diagram (part 1) illustrating a user registration protocol in the service providing system via the communication unit of the present invention.
FIG. 26 is a diagram (part 2) illustrating a user registration protocol in the service providing system via the communication unit of the present invention.
FIG. 27 is a diagram (part 1) illustrating a user information change protocol in a service providing system via a communication unit of the present invention.
FIG. 28 is a diagram (part 2) for explaining the user information change protocol in the service providing system via the communication means of the present invention;
FIG. 29 is a diagram (No. 3) for explaining the user registration protocol in the service providing system via the communication means of the invention.
FIG. 30 is a diagram (No. 4) explaining the user registration protocol in the service providing system via the communication means of the present invention.
FIG. 31 is a diagram (No. 3) explaining the user information change protocol in the service providing system via the communication unit of the invention.
FIG. 32 is a diagram (No. 4) explaining the user information change protocol in the service providing system via the communication means of the invention.
FIG. 33 is a diagram (part 1) illustrating a user authentication information registration protocol in a service providing system via a communication unit of the present invention.
FIG. 34 is a diagram (part 2) for explaining the user authentication information registration protocol in the service providing system via the communication means of the present invention.
FIG. 35 is a diagram (No. 3) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 36 is a diagram (No. 4) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 37 is a diagram (No. 5) for explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 38 is a diagram (No. 6) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 39 is a view (No. 7) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 40 is a view (No. 8) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 41 is a diagram (No. 9) explaining the user authentication information registration protocol in the service providing system via the communication unit of the invention.
FIG. 42 is a view (No. 10) explaining the user authentication information registration protocol in the service providing system via the communication means of the invention.
FIG. 43 is a diagram (part 1) illustrating a user authentication protocol in the service providing system via the communication unit of the present invention.
FIG. 44 is a diagram (part 2) illustrating a user authentication protocol in the service providing system via the communication unit of the present invention.
FIG. 45 is a diagram (No. 3) explaining the user authentication protocol in the service providing system via the communication means of the invention.
FIG. 46 is a diagram (No. 4) explaining the user authentication protocol in the service providing system via the communication means of the invention.
FIG. 47 is a diagram (No. 5) explaining the user authentication protocol in the service providing system via the communication means of the invention.
FIG. 48 is a diagram (No. 6) explaining the user authentication protocol in the service providing system via the communication means of the invention.
FIG. 49 is a view (No. 7) explaining the user authentication protocol in the service providing system via the communication means of the present invention.
FIG. 50 is a view (No. 8) explaining the user authentication protocol in the service providing system via the communication means of the present invention.
FIG. 51 is a diagram (No. 9) explaining the user authentication protocol in the service providing system via the communication unit of the invention.
FIG. 52 is a diagram (No. 10) explaining the user authentication protocol in the service providing system via the communication unit of the invention.
FIG. 53 is a diagram (part 1) illustrating a service protocol in a service providing system via a communication unit of the present invention.
FIG. 54 is a diagram (part 2) illustrating the service protocol in the service providing system via the communication unit of the present invention.
FIG. 55 is a diagram (No. 3) explaining the service protocol in the service providing system via the communication means of the present invention.
FIG. 56 is a diagram (No. 4) explaining the service protocol in the service providing system via the communication means of the present invention.
FIG. 57 is a diagram for explaining remote diagnosis and repair processing as an example of service provision in the service provision system via the communication means of the present invention.
FIG. 58 is a diagram for explaining backup processing as an example of service provision in the service provision system via the communication means of the present invention.
FIG. 59 is a diagram for explaining a restore process as an example of service provision in the service provision system via the communication means of the present invention.
FIG. 60 is a diagram for explaining data distribution processing as an example of service provision in the service provision system via the communication means of the present invention.
FIG. 61 is a diagram for explaining help data provision processing as a service provision example in the service provision system via the communication means of the present invention;
FIG. 62 is a diagram illustrating tutorial processing as an example of service provision in a service provision system via communication means of the present invention.
[Explanation of symbols]
10 Service Center
20 Host device
30 Controlled equipment (subordinate equipment)
101 CPU
102 memory
103 Service Providing Database
104 Encrypted communication IC
105 External interface
106 Device information database
107 User information database
201 CPU
202 memory
203 display
204 Equipment specific part
205 Encrypted communication IC
206 External interface
207 Recording medium interface
208 Local interface
209 Operation part
210 Recording device
211 Information recording medium
301 CPU
302 memory
303 Display
304 Device specific part
305 Encrypted communication IC
306 Recording medium interface
307 Local interface
308 Operation unit
309 recording device
310 Information recording medium

Claims (9)

A control target device having at least one of a local network interface unit and an information recording medium interface unit;
An interface means for an external network, and an encryption processing means for executing encryption processing of transfer data using the external network, and either via a local network interface means or an information recording medium interface means of the control target device A host device having a configuration capable of transferring data to the device to be controlled;
The host device can connect a plurality of devices to be controlled, has a configuration capable of executing encryption processing according to a plurality of encryption methods, and sends control information for the devices to be controlled to the service center via the external network. The reception control information is transferred to the control target device by applying an executable encryption method and data transfer method of the control target device connected via a local network or an information recording medium,
The service center has a device information database in which device identifiers of the higher-level device and control target device are registered, and a user information database in which user identifiers of the higher-level device and control target device are registered,
By executing a verification process between the device identifier registered in the device information database and the device identifier received from the higher-level device or the control target device, a device validity verification process is performed,
A configuration in which a user legitimacy verification process is executed by executing a collation process between the user identification data registered in the user information database and the user identification data received from the host device or control target device. Yes,
The host device, upon execution of device validity verification processing by the service center,
If the control target device is an online device that can communicate, the device ID is received from the control target device, and mutual authentication is performed by communication processing between the host device and the control target device. Executing a proxy request for device authentication processing of the control target device to the service center on the condition that it is established, and executing processing for transmitting the device ID of the control target device to the service center;
When the control target device is an off-line device that cannot communicate, the device ID is input from the control target device via the information recording medium, and the information recording medium is connected between the host device and the control target device. Execute mutual authentication, execute a proxy request for device authentication processing of the control target device to the service center on the condition that mutual authentication is established, and execute processing to transmit the device ID of the control target device to the service center service providing system through the communication means, characterized by.   The service center and the host device have authentication processing means, and data transmission / reception between the service center and the host device is performed only when authentication by the authentication process is established. A service providing system via the communication means according to 1.   The host device and the control target device have authentication processing means, and data transmission / reception between the host device and the control target device is executed only when authentication by the authentication process is established. A service providing system via the communication means according to claim 1.   The host device and the control target device have authentication processing means, and data transfer between the host device and the control target device via the information recording medium is performed by the information recording medium by the host device and the control target device. The service providing system via communication means according to claim 1, wherein the system is executed only when authentication by the authentication process is established.   The communication means according to claim 1, wherein the data transmitted / received between the service center and the higher-level device is data that has been encrypted using a session key that is valid only in the communication session. Service provision system through.   The communication unit according to claim 1, wherein the data transferred between the higher-level device and the control target device is data that has been encrypted using a session key that is valid only in the communication session. Service provision system via   The service center is configured to provide any of the services of device diagnosis processing, device repair processing, data backup processing, data restoration processing, data distribution processing, help data provision processing, and operation information provision processing to the device to be controlled The service providing system via communication means according to claim 1.   Authentication processing between the service center and the higher-level device is executed by a public key encryption method, and authentication processing between the higher-level device and the control target device is performed by either a public key encryption method or a common key encryption method. The service providing system via communication means according to claim 1, wherein the service providing system is configured to execute.   Data communication between the service center and the host device is executed by a common key encryption method, and data communication between the host device and the control target device is executed by a common key encryption method. A service providing system via the communication means according to claim 1.

Images