[go: up one dir, main page]

HK1099878A - Data communication system, alternate system server, computer program, and data communication method - Google Patents

Data communication system, alternate system server, computer program, and data communication method Download PDF

Info

Publication number
HK1099878A
HK1099878A HK07107077.4A HK07107077A HK1099878A HK 1099878 A HK1099878 A HK 1099878A HK 07107077 A HK07107077 A HK 07107077A HK 1099878 A HK1099878 A HK 1099878A
Authority
HK
Hong Kong
Prior art keywords
authentication
communication terminal
portable communication
information
service providing
Prior art date
Application number
HK07107077.4A
Other languages
Chinese (zh)
Inventor
行太 德野
智治 疋田
Original Assignee
飞力凯网路股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 飞力凯网路股份有限公司 filed Critical 飞力凯网路股份有限公司
Publication of HK1099878A publication Critical patent/HK1099878A/en

Links

Description

Data communication system, proxy system server, computer program, and data communication method
Technical Field
The present invention relates to a data communication system, a proxy system server, a computer program, and a data communication method.
Background
Recent advances in information processing technology and communication network technology have enabled information processing devices, such as personal computers, to easily access various types of information stored in servers and the like through communication networks.
Unlike the old-fashioned portable telephone whose function is limited to voice communication, the portable telephone of the current art is capable of accessing various types of information through a communication network such as the internet by means of protocol conversion, and has many other functions similar to those of an information processing apparatus.
On the other hand, a non-contact IC card is known that is capable of communicating with an information processing apparatus such as a server by a reader/writer. Further, there is disclosed a technique (for example, in patent document 1 (japanese unexamined patent publication No.2002-133373)) in which a non-contact IC card or a device functionally capable of functioning as a non-contact IC card (hereinafter referred to as a non-contact IC card module) is mounted in a small-sized portable communication terminal such as a portable telephone so that the non-contact IC card can communicate with an external system.
In the non-contact IC card module disclosed in japanese unexamined patent publication No.2002-133373, registration of a plurality of applications generated by the service provision management system at the service provider site is allowed.
In this technology, a user is allowed to register one or more applications as needed, thereby enabling information processing by a non-contact IC card module while keeping a portable terminal in a position close to a reader/writer so as to receive a service provided by a service providing system.
Note that information processing such as reading or writing of data from or to the contactless IC card module is performed by communication between the contactless IC card and a management system or the like of a company that issues and/or manages the contactless IC card. The communication process, such as the related information processing with the non-contact IC card module, is hereinafter referred to as a communication process for short.
When the management system receives a request to perform a communication process to the contactless IC card module of the portable communication terminal, the management system must authenticate the requested portable terminal for security purposes. However, the authentication method differs depending on the carrier of the portable terminal, and some carriers do not provide an authentication means.
In this way, the user can receive the service only from the service providing system that provides the same authentication method as that for the user's portable communication terminal, and thus the authentication method that can be used for the management system of the provider is limited. This makes it difficult for the contactless IC card module to perform information processing in an efficient manner.
Disclosure of Invention
In view of the above, it is an object of the present invention to provide a data communication system, a proxy system server, a computer program, and a data communication method capable of authenticating a portable communication terminal according to a combination of one or more of a plurality of authentications/devices and performing a communication process on a contactless IC card module mounted on the portable communication terminal if the authentication is successfully passed.
In order to achieve the above object, according to a first aspect of the present invention, there is provided a data communication system including one or more portable communication terminals each including a noncontact IC card module adapted to perform information processing in response to a request from the outside, a service providing system adapted to provide a service through the information processing performed by the noncontact IC card module, and a proxy system adapted to perform a communication process with the noncontact IC card module with respect to the service providing system. The portable communication terminal in the data communication system includes a request unit adapted to request the service providing system to provide granted permission information possessed by the service providing system, the granted permission information indicating permission relating to a communication procedure granted to the portable communication terminal, the permission information being necessary for the communication procedure between the contactless IC card module and the proxy system. The service providing system includes an acquisition unit adapted to acquire granted permission information relating to the portable communication terminal that has issued the request, if the request is received from one of the portable communication terminals. The acquired granted permission information is encrypted by the service providing server using a system authentication key, which is owned by both the proxy system and the service providing system and used to encrypt/decrypt information, the granted permission information is further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system and used to encrypt/decrypt information, and the resultant granted permission information is transmitted to the proxy system. The agent system comprises an authentication unit, a decision unit and a communication unit. The authentication unit is adapted to perform, based on the granted permission information received from the portable communication terminal, a combination of one or more of a plurality of authentication processes including (1) a system authentication process of authenticating the service providing system based on a system authentication key, (2) a first client authentication process of authenticating the portable communication terminal based on a client authentication key, and (3) a second client authentication process of authenticating the portable communication terminal based on identification information identifying the portable communication terminal. The decision unit is adapted to determine whether or not to permit communication based on the permission described in the granted permission information after completion of authentication by the authentication unit, and the communication unit is adapted to perform a communication process with the contactless IC card module if communication is permitted by the decision unit. Note that although it is assumed here by way of example that the identification information identifies the portable communication terminal, the identification information does not necessarily identify the portable communication terminal, but the identification information may identify, for example, a client application stored in the portable communication terminal. The system authentication key or the client authentication key may be updated at predetermined time intervals.
In this data communication system, each portable communication terminal receives granted permission information from the service providing system and transfers the received granted permission information to the proxy system. If the proxy system receives the granted permission information from the portable communication terminal, the proxy system performs a combination of one or more of a plurality of authentication processes in order to verify the validity of the service providing system and the portable communication terminal based on the granted permission information. If the authentication is successfully passed and the communication permission is granted, the communication unit and the noncontact IC card module included in the portable communication terminal perform a communication process. In the above authentication by the proxy system, it is allowed to select a combination of one or more of a plurality of authentication processes depending on the security level required by the service providing system. This enables authentication to be performed in a highly flexible manner regardless of the type of the portable communication terminal, which allows control of execution of information processing by the contactless IC card module, and thus enables implementation of the data communication system in a highly flexible manner.
The authentication unit may receive a selection command specifying a combination of one or more of the plurality of authentication processes, and may perform the combination of authentication processes specified by the received selection command. By performing authentication according to a selection command received from the service providing system or the agent system, authentication is enabled in a flexible and diverse manner.
The communication process by the communication unit may be a process of causing the noncontact IC card module to perform a write process or a read process.
The authentication unit may receive a selection command specifying one or both of two processes, including a process of encrypting data to be read in a reading process and a process of adding an electronic signature generated based on the data to the data, the authentication unit being operable on the basis of the received selection command.
The authentication unit may receive a selection command specifying one or both of two processes, including a process of decrypting the data to be written during the writing process, and a process of verifying the validity of the data based on the electronic signature added to the data, the authentication unit being operable upon receipt of the selection command.
The communication between the service providing system and the agent system may be performed through a portable communication terminal.
The first client authentication process may be a challenge response process in which a challenge code is transmitted to the portable communication terminal, which in turn generates a response based on the challenge code and granted permission information, and returns the resultant response, and performs authentication based on the received response. Note that the first client authentication process may be performed in another manner. For example, the first client authentication process may be performed based on a received response generated by the challenge code, the granted permission information, and the client authentication key.
The portable communication terminal may be a portable telephone. This enables the agency system to authenticate and control information processes performed by the contactless IC card module regardless of the type of the portable telephone carrier.
According to another aspect of the present invention, there is provided a proxy system server adapted to perform a communication process for a service providing server adapted to provide a service through information processing performed by a contactless IC card module included in a portable communication terminal with the contactless IC card module. The proxy system server comprises a receiving unit, an authentication unit, a decision unit and a communication unit. The receiving unit is adapted to receive, in an encrypted form, granted permission information from the portable communication terminal, the granted permission information indicating permission related to a communication procedure between the contactless IC card module and the proxy system server, the granted permission information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted permission information being further encrypted by the portable communication terminal using a client authentication key. The key is owned by both the portable communication terminal and the proxy system server and is used to encrypt/decrypt information. The authentication unit is adapted to perform a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes including a system authentication process for authenticating the service providing system based on a system authentication key, a first client authentication process for authenticating the portable communication terminal based on a client authentication key, and a second client authentication process for authenticating the portable communication terminal based on identification information identifying the portable communication terminal. The decision unit is adapted to determine whether or not to permit the communication based on the permission described in the granted permission information after the authentication performed by the authentication unit is completed, and the communication unit is adapted to perform a communication process with the contactless IC card module if the communication is permitted by the decision unit.
In this proxy system server, a receiving unit receives granted permission information transmitted from the portable communication terminal, and an authenticating unit performs a combination of one or more of a plurality of authentication processes based on the granted permission information in order to verify the validity of the service providing system and the portable communication terminal. If the authentication is successfully passed and permission is granted in terms of communication, the communication unit and the noncontact IC card module included in the portable communication terminal perform a communication process. In the above authentication performed by the proxy system server, it is allowed to select a combination of one or more of a plurality of authentication processes depending on a security level required in the service providing server. This enables authentication to be performed in a highly flexible manner, which allows control of execution of information processing by the contactless IC card module regardless of the type of portable communication terminal.
The authentication unit may receive a selection command specifying one or more combinations of the plurality of authentication processes, and may perform the one or the combinations of the authentication processes specified by the received selection command.
According to another aspect of the present invention, there is provided a computer program that allows a computer to function as a proxy system server adapted to execute a communication process with a contactless IC card module for a service providing server adapted to provide a service through information processing by the contactless IC card module included in a portable communication terminal. The computer program includes a receiving module, an authentication module, a decision module, and a communication module. The receiving module is adapted to receive, from the portable communication terminal, granted permission information in an encrypted form, the granted permission information indicating permission related to a communication process between the contactless IC card module and the proxy system server, the granted permission information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted permission information being further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system server and used to encrypt/decrypt information. The authentication module is adapted to perform a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes including a system authentication process for authenticating the service providing server based on a system authentication key, a first client authentication process for authenticating the portable communication terminal based on a client authentication key, and a second client authentication process for authenticating the portable communication terminal based on identification information identifying the portable communication terminal. The decision module is adapted to determine whether or not to permit the communication based on the permission described in the granted permission information after the authentication is completed, and the communication module is adapted to perform a communication process with the contactless IC card module if the communication is permitted by the decision module.
According to another aspect of the present invention, there is provided a data communication method for a proxy system server to perform a communication procedure with a contactless IC card module for a service providing server adapted to provide a service through information processing performed by the contactless IC card module included in a portable communication terminal. The data communication includes a step of receiving granted permission information in an encrypted form from the portable communication terminal, the granted permission information indicating permission related to a communication process between the contactless IC card module and the proxy system server, the granted permission information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted permission information being further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system server and used to encrypt/decrypt information, and the data communication method further includes a step of performing a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes include a system authentication process of authenticating the service providing server based on a system authentication key, a first client authentication process of authenticating the portable communication terminal based on a client authentication key, and a second client authentication process of authenticating the portable communication terminal based on identification information identifying the portable communication terminal, determining whether or not to permit communication based on permission described in the granted permission information after the authentication step is completed, and performing a communication process with the contactless IC card module if communication is permitted in the determination step.
Drawings
Fig. 1 is a schematic diagram illustrating in a simplified manner a data communication system according to an embodiment of the present invention;
fig. 2 is a block diagram showing in a simplified manner a service providing system included in a data communication system according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating in a simplified manner a process performed by a license acquisition unit to generate granted license information in accordance with one embodiment of the present invention;
fig. 4 is a block diagram showing in a simplified manner the structure of a portable communication terminal according to an embodiment of the present invention;
FIG. 5 is a schematic diagram illustrating, in a simplified manner, an example of an encryption process performed by the response generation module in accordance with one embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating, in a simplified manner, a selection screen for selecting one or more authentication processes in accordance with one embodiment of the present invention;
fig. 7 is a sequence diagram showing an authentication process performed by the system authentication unit, the portable communication terminal authentication unit, and the ID authentication unit according to an embodiment of the present invention, and also showing a communication process with the noncontact IC card module;
fig. 8 is a sequence diagram showing, in a simplified manner, an authentication process by the challenge-response authentication unit and the ID authentication unit according to an embodiment of the present invention, and also showing a communication process with the noncontact IC card module;
fig. 9 is a sequence diagram showing, in a simplified manner, a write process for writing data to the contactless IC card module according to an embodiment of the present invention; and
fig. 10 is a sequence diagram showing, in a simplified manner, a read process of reading data from the contactless IC card module according to an embodiment of the present invention.
Detailed Description
The present invention is described in further detail below with reference to preferred embodiments in conjunction with the accompanying drawings. In the following description and drawings, components that are substantially identical in function or structure will be given the same reference numerals. These marks will be described only once without repeated description.
Data communication system
Referring initially to fig. 1, a data communication system 100 in accordance with one embodiment of the present invention is illustrated. Fig. 1 is a schematic diagram showing an example of a configuration of a data communication system 100 according to an embodiment of the present invention in a simplified manner.
As shown in fig. 1, the data communication system 100 includes a service providing system 101, a proxy system 105, a portable communication terminal 103(103a, 103 b.. 103n), a communication network 104, a communication network 106, a communication network 108, an information processing device 109(109a, 109 b.. 109n), a read/write unit (R/W)111(111a, 111 b.. 111n), a base station 113, a packet communication network 115, and a gateway 117.
The service providing system 101 is adapted to generate granted permission information in response to a request from the portable communication terminal 103. The service providing system 101 is also adapted to generate a client application to be executed by the portable communication terminal 103.
The service providing system 101 provides a service to the user of the portable communication terminal 103 by controlling the processing of information, such as writing or reading of data performed by the contactless IC card module.
For example, in the case where the service provided by the service providing system 101 is to give points by the amount of payment of an item purchased by the user, if purchase information is transmitted from the client application installed in the portable communication terminal 103 in order to purchase the item through online network commerce, the client application requests the agent system 105 to store information indicating the points given by price in the contactless IC card module.
When the proxy system 105 receives a request from the portable communication terminal 103, the proxy system 105 must authenticate the portable communication terminal 103 before the proxy system 105 performs the requested process. In the preparatory authentication, the client application obtains a part (for example, judicious license information) or all of the granted license information from the service providing system 101. If the authentication is successfully passed, the agent system 105 allows the contactless IC card module to store the data.
Specific examples of the data stored by the non-contact IC card module include point data, and electronic money data. Various types of such data indicating valuable information related to electronic commerce, such as data indicating a monetary value, stored in the non-contact IC card module are hereinafter generally referred to as electronic value information.
The service provider operates the service providing system 101, and generally generates and provides a client application installed on the portable communication terminal 103.
The agent system 105 is a system that performs various processes for the service providing system, which includes issuing or managing a contactless IC card module (contactless IC card), registering or deleting configuration information related to a client application or the like in or from the contactless IC card module in a memory area, reading electronic value information stored in the memory area in the contactless IC card module, and/or writing electronic value information in the contactless IC card module.
The agent system 105 performs information processing for the service providing system 101, such as reading/writing data to/from the contactless IC card module. That is, since the service providing system 101 cannot directly control the noncontact IC card module to perform such information processing, control of any process performed by the noncontact IC card module is performed by the proxy system 105.
As described above, although it is assumed in this embodiment that the noncontact IC card module is included in the portable communication terminal 103 by way of example, the noncontact IC card module is not limited to such a module, but the present invention is applicable to any device whose function can be a noncontact IC card, such as a separation-type noncontact IC card.
The brokering system 105 generates a system authentication key for each service providing system 101 so that information can be transferred between each service providing system and the brokering system 105 in a secure manner. The generated system authentication key is stored in both the proxy system 105 and the service providing system 101. Note that the system authentication key may be generated not by the proxy system 105 but by the service providing system 101.
Although it is assumed in this embodiment that one system authentication key is generated for each service providing system 101 by way of example, the system authentication key may be generated in other manners. For example, one system authentication key may be generated for each client application provided by each service providing system 101.
Since the system authentication key is confidential information whose confidentiality should be securely maintained, it is desirable to store the system authentication key in a highly secure storage unit that can prevent tampering. The system authentication key is used for mutual authentication between the proxy system 105 and the service providing system 101.
As for the system authentication key, a key according to an asymmetric key encryption system such as RSA, or according to a symmetric key encryption system such as DES or AES, or according to any other encryption system may be employed. In the case of symmetric keys, it is required that the provision of the key should be done in a very secure way. For this reason, the key is not transmitted through the communication network, but is transmitted through an authentication mail or the like that allows the key to be transmitted in a very secure manner.
In a state where the proxy system 105 has information on the service providing system 101 and the system authentication key, when the portable communication terminal 103 executes a client application, if the proxy system 105 positively authenticates the portable communication terminal 103, the proxy system 105 accesses the non-contact IC card module included in the portable communication terminal 103 for the service providing system 101.
Herein, the term "access" is used to describe various processes performed through a communication network, such as using a system, connecting to a system or server, reading a file, saving a file, deleting a file, and modifying a file.
Each of the one or more portable communication terminals 103(103a, 103 b.. 103n) is capable of communicating with each other through the base station 113, and is capable of accessing the service providing system 101, the packet communication network 115, and the gateway 117 through the base station 113.
For example, each portable communication terminal 103 is capable of executing a client application having a browsing function, receiving network data in HTML form or the like from a site with a URL address specified by the user, and displaying the received network data on a display screen.
In addition to the communication capability and the browsing capability, the portable communication terminal 103 has a noncontact IC card module (noncontact IC card) capable of transmitting/receiving data through the R/W111 and through a wireless communication channel.
When the portable communication terminal 103 is located near the reader/writer 111 or the like, the non-contact IC card module can wirelessly transmit data stored in the non-contact IC card module through the reader/writer 111 to the agent system 105, for example.
The portable communication terminal 103 has an authentication key (client authentication key) for authenticating with the proxy system 105 when the portable communication terminal 103 accesses the proxy system 105. Since the client authentication key is confidential information whose confidentiality should be securely maintained, it is desirable to be able to store the client authentication key in a highly secure tamper-resistant storage unit.
As for the client authentication key, a key according to an asymmetric key encryption system such as RSA or according to a symmetric key encryption system such as DES or AES, or a key according to any other encryption system may be employed. In the case of symmetric keys, it is required that the provision of the key should be done in a very secure way. For this reason, the key is not transmitted through the communication network, but is transmitted through mail or the like that allows the key to be transmitted in a very secure manner.
The key portable communication terminal 103 has client application identification information identifying a client application stored in the portable communication terminal 103 (details of which will be described later). The agent system 105 can authenticate the portable communication terminal 103 based on the client application identification information. Note that the portable communication terminal 103 does not necessarily have such client application information.
In the data communication system 100 according to the embodiment of the present invention, as shown in fig. 1, the connection between the service providing system 101 and the portable communication terminal 103 is formed through the communication network 108, and the connection between the portable communication terminal 103 and the agent system 105 is formed through the communication network 106. That is, there is no network directly connecting the proxy system 105 and the service providing system 101, so that the proxy system 105 and the service providing system 101 cannot directly communicate with each other. In other words, the agent system 105 and the service providing system 101 can communicate with each other only through one of the portable communication terminals 103.
More specifically, the service providing system 101 is capable of indirectly transmitting information to the agent system 105 through a communication procedure by the client application of the portable communication terminal 103.
Note that, in the present embodiment, the communication method between the portable communication terminal 103 and the service providing system 101 through the communication network 104 is not limited to communication using a TCP/IP protocol such as HTTP or HTTPs, but the present invention is also applicable to any communication method/apparatus available to the portable communication terminal 103, such as communication using a noncontact IC card, a contact IC card, infrared rays, a two-dimensional barcode such as QR code, or electronic mail (SMTP). Such a communication device is particularly useful when granted license information or the like is transmitted from the service providing system 101 to the client application of the portable communication terminal 103.
In the present embodiment, communication between each portable communication terminal 103 and the proxy system 105 via the network 106 can be performed using, for example, TCP/IP such as HTTP or HTTPs.
Service providing system 101
Referring now to fig. 2, a service providing system 101 according to an embodiment of the present invention is explained below. Fig. 2 illustrates in a simplified manner a service providing system included in a data communication system according to an embodiment of the present invention.
As shown in fig. 2, the service providing system 101 includes a service providing server 201. As described above, the service providing server 201 is capable of transmitting and receiving data to and from the portable communication terminal 103 via the communication network 108.
As shown in fig. 2, the service providing server 201 further includes a license acquiring unit 211, a communication unit 231, and a license authenticating unit 241.
If the license acquisition unit 211 receives the request information from one of the portable communication terminals 103, the license acquisition unit 211 acquires information indicating the license granted to the portable communication terminal 103 from a license database (not shown) based on the request information, and generates granted license information.
As described above, the license acquiring unit 211 has the system authentication key 220b corresponding to the system authentication key 220a possessed by the proxy system 105.
The request information includes information identifying the portable communication terminal 103. Details of the identification information will be described later. The license acquiring unit 211 acquires information indicating a license based on the identification information contained in the request information, and generates granted license information using the system authentication key 220 b.
The communication unit 231 can communicate with the portable communication terminal 103 through the communication network 108, the gateway 117, the packet communication network 115, and the base station 113. This allows the communication unit 231 to receive data, such as request information, from the portable communication terminal 103 and transmit data, such as granted permission information, to the portable communication terminal 103.
License acquisition unit 211
Referring now to fig. 3, the following describes a process of generating granted license information by the license acquiring unit according to the present embodiment. Fig. 3 is a diagram showing in a simplified manner a process of generating granted license information by the license acquiring unit according to the present embodiment.
As shown in fig. 3, if the license acquisition unit 211 receives the input information of the usage license and the personal information, the license acquisition unit 211 generates granted license information including a set of the usage license information and the personal information. Further, the license acquiring unit 211 encrypts the granted license information using the system authentication key 220b generated in advance between the proxy system 105 and the service providing system 101.
Instead of encrypting the granted license information using the system authentication key 220b, the license acquiring unit 211 may append an electronic signature to the used license information, the electronic signature being generated by, for example, calculating a hash value of the generated granted license information and encrypting the calculated hash value using the system authentication key 220 b.
The personal information described above is included in the request information transmitted from the portable communication terminal 103. The personal information includes, for example, an IC card ID identifying the noncontact IC card module, and a client application ID identifying the client application stored in the portable communication terminal 103.
The use permission information is information combined with personal information contained in the request information received from the portable communication terminal 103, and a determination is made as to whether or not the provision of the service should be permitted based on this use permission information.
For example, if a client application is stored in the portable communication terminal 103 and the client application is registered in the proxy system 105, use permission information indicating conditions/restrictions regarding service provision is generated by the service providing system 101.
More specifically, the use license information includes information indicating an expiration date/time and a validity period start date/time, which define the period of service provision. The usage permission information also includes information indicating a maximum number of times the user is allowed to receive services during the valid usage period.
Note that the use permission information is not necessarily different for each piece of personal information. For example, when the personal information ID "×" for a specific user group is specified as the IC card ID, the expiration date/time and the expiration date/time may be set equally for the user group. In this case, all users can receive the service through their own contactless IC card modules in the same manner.
Note that the write data (which is data to be written to the contactless IC card module) and the read data (which is data read out from the contactless IC card module) contained in the personal information are not necessary in the authentication process, in which a determination is made as to whether the portable communication terminal 103 is authorized to receive the service, although the write data or the read data are necessary in the write process or the read process, in which the system 105 through which the write data or the read data pass writes to or reads from the contactless IC card module.
Although in the present embodiment, it is assumed by way of example that the license acquisition unit 211 generates the granted license information based on the input use license information and personal information, the granted license information may be generated in a different manner. For example, the license acquisition unit 211 may generate granted license information containing only the use license information. That is, the granted license information may contain a part or all of the items of the use license information and the personal information. In the following description, unless otherwise explicitly stated, there is no particular limitation on the entry contained in the granted license information (that is, it may contain a part or all of the entries of the use license information and the personal information).
Portable communication terminal 103
Referring now to fig. 4, a portable communication terminal 103 according to an embodiment of the present invention is explained below. Fig. 4 is a block diagram showing an example of the structure of the portable communication terminal 103 according to the embodiment of the present invention.
As shown in fig. 4, the portable communication terminal 103 includes application software 203 stored in a memory or an HDD, an execution section 213 that performs processing according to a command from the application software 203, and a contactless IC card module 223.
The application software 203 includes one or more client applications (such as described above) generated by the service providing system 101. If the portable communication terminal 103 receives a client application from the service providing server 201 through a communication network or the like, the portable communication terminal 103 stores the received client application in a memory, such as an EEPROM memory or an HDD, in an executable manner.
Although in the present embodiment it is assumed by way of example that the application software is software comprising one or more program modules of the component, the application software need not be software and the application software may be implemented in hardware, such as in the form of a circuit comprising one or more circuit elements. In the case where the application software is in the form of hardware, the service providing system 101 delivers the application software 203 to the user by means other than the communication network, and the user installs the received application software 203 into his/her portable communication terminal 103.
When the client application is stored, a client application ID provided by the service providing server 201 and identifying the client application may also be stored in the memory or HDD. When the portable communication terminal 103 accesses the handy agent system 101, the client application ID is used in the authentication process.
The execution section 213 is software containing one or more modules installed in advance in the portable communication terminal 103. If the execution section 213 receives a request from the application software 203, such as a communication process request, the execution section 213 accesses the server through the communication network and transfers data received from the server to the application software 203.
As the noncontact IC card module 223, a noncontact IC card, or a device such as a semiconductor device capable of functioning as a noncontact IC card, can be employed. The contactless IC card has an antenna, and is capable of performing short-range wireless communication via the antenna to read or write data from or to a memory unit provided in the contactless IC card.
In the case of performing communication between the portable communication terminal 103 and a server (the access providing server 201 or the proxy server 205), the application software 203 of the portable communication terminal 103 first issues a communication request to the execution section 213.
In the data communication system 100 according to the present embodiment, although it is assumed by way of example that, as described above, communication is started in response to a trigger generated by the portable communication terminal 103 when communication is performed between the portable communication terminal 103 and the server, communication may be started in another manner.
If the execution section 213 receives a request for communication with the server from the application software 203, the execution section 213 attempts to access the server through the communication network. In the access, data encryption or addition of an electronic signature is performed for security purposes, so that the server can authenticate the portable communication terminal 103 based on the encryption or electronic signature, which will be described in further detail below.
If the authentication of the portable communication terminal 103 by the server is successfully passed, a connection is established between the execution section 213 and the server. In the case where the issued communication request is to execute an information process (communication process) on the contactless IC card, mutual authentication is performed between the server (proxy system server 105) and the contactless IC card module 223, and the communication process is started after the mutual authentication is successfully passed.
Referring now to fig. 2, the application software 203 installed in the portable communication terminal 103 is explained in further detail below.
As shown in fig. 2, the application software 203 includes a request module 204, an encryption module 206, a response generation module 207, and an ID acquisition module 208.
The request module 204 generates request information to communicate with the proxy system server 205 or the service providing server 201, and transmits the generated request information to the execution section 213.
When the request information is generated, the request module 204 acquires the personal information from a storage unit (not shown) such as an HDD and describes it in the request information.
The encryption module 206 encrypts data using the client authentication key 221a, which corresponds to the client authentication key 221b owned by the proxy system server 205. If the encrypted data can be decrypted by the portable communication terminal authentication unit 217 at the site of the proxy system server 205 using the client authentication key 221a corresponding to the client authentication key 221b, it is determined in the authentication process that the portable communication terminal 103 is an authorized terminal.
The response generation module 207 has a capability of generating a response according to at least the challenge response method. The response generation module 207 acquires a challenge code from the proxy system server 205, and generates a response based on the acquired challenge code (or seed, etc.). The response is generated by computing a hash value of the challenge code. Note that the response may be generated in another manner. For example, the response may be generated by first adding a secret word given by the user to the challenge code, and then calculating a hash value of the result.
The response generation module 207 encrypts a set of granted license information and a response using the client authentication key 221b owned by the encryption module 206, which will be described in further detail below.
The ID acquisition section 208 acquires a client application ID identifying the application software 203 from the storage unit. In the case where the client application ID is not stored in the storage unit, the ID acquisition section 208 may generate a message indicating that there is no client application ID, which will be displayed on the display screen.
Response generation module 207
Referring now to fig. 5, the encryption process performed by the response generation module 207 according to an embodiment of the present invention is described below. The schematic diagram of fig. 5 shows, in a simplified manner, the encryption process performed by the response generation module 207 according to the present embodiment.
As shown in fig. 5, if the response generation module 207 acquires the input challenge (challenge code), the granted permission information, and the client authentication key 221b, the response generation module 207 calculates its hash value (HMAC (hash for message authentication code)) using a hash function.
The resulting hash value (response) is sent by the challenge section 213 to the agent system 105 through the communication network 106 together with the use permission information (such as shown in fig. 5) contained in the granted permission message. In this case, of various information included in the granted license information, only the use license information is transmitted through the communication network 106. Note that the personal information stored in a storage unit (not shown) of the portable communication terminal 103 is transmitted from the portable communication terminal 103 to the agent system 105 in advance or separately. Among various items of personal information received from the portable communication terminal 103, part or all of the personal information (such as a client application ID) may be held in the agent system 105.
Although the response generation module 207 calculates the hash value in the above-described manner in the data communication system 100 according to the embodiment of the present invention, the hash value may be calculated in other manners. For example, the response generation module 207 may calculate a hash value based on the challenge and the permission information. The calculated hash value is then encrypted by the response generation module 207 using the client authentication key 221b, and thus a response in the final form is obtained. The generated response is transmitted by the execution section 213 to the agent system 105 through the communication network 106 together with the use permission information (such as shown in fig. 5) included in the granted permission message. The agent system 105 determines a hash value (response) from the challenge contained in the granted license information and personal information, using the license information, decrypts the received response using the client authentication key 221a of the sender, and verifies whether the two responses are identical to each other in a similar manner.
The input challenge information is a challenge code generated by the proxy system server 105 according to the challenge response method described above.
Among the granted permission information input to the response generation module 207, a part thereof (use permission information shown in fig. 5) is sent by the execution section 213 to the agent system 105 through the communication network 106 together with or separately from the response for use in the authentication process.
Agent system 105
Referring now to FIG. 2, a brokering system 105 providing an embodiment of the present invention is described below. The schematic diagram of fig. 2 shows, in a simplified manner, a data communication system that is provided for an embodiment of the present invention.
As shown in fig. 2, the proxy system 105 includes a proxy system server 205. As described above, the proxy system server 205 is capable of transmitting and receiving data to and from the portable communication terminals 103 via the communication network 106, and is also capable of communicating with the contactless IC card module included in each portable communication terminal 103 via the communication network 104 and the R/W111.
As shown in fig. 2, the proxy system server 205 includes a receiving unit 214, an authenticating unit 215, a deciding unit 225, a communicating unit 235, and an authentication procedure manager 245. If the communication unit 235 receives a command from the decision unit 225, the communication unit 235 communicates with the non-contact IC card module 223 through the execution section 213 of the portable communication terminal 103.
Information indicating details of the communication process, such as a process of writing data at a specific address in the memory area of the memory unit arranged in the contactless IC card module 223 or a process of reading data from a specific address in the memory area of the memory unit arranged in the contactless IC card module 223, is transmitted from the portable communication terminal 103.
The authentication unit 215 includes: a system authentication unit 216 that authenticates the service providing system 101 based on the system authentication key 220a, a portable communication terminal authentication unit 217 that authenticates the client (portable communication terminal 103), a challenge response authentication unit 218 that authenticates the portable communication terminal 103 by a challenge response method, and an ID authentication unit 219 that authenticates the portable communication terminal 103 based on the client application ID.
When the system authentication unit 216 can successfully decrypt the data encrypted by the service providing server 201 using the system authentication key 220a, the validity of the service providing server 201 can be verified.
Similarly, when the portable communication terminal authentication unit 217 can successfully decrypt the data encrypted by the portable communication terminal 103 using the client authentication key 221a, it is determined that the portable communication terminal 103 is an authorized terminal.
If the challenge-response authentication unit 218 receives a request for a challenge from the portable communication terminal 103, the challenge-response authentication unit 218 generates a challenge and transmits the generated challenge to the portable communication terminal 103. Further, the challenge response authentication unit 218 generates a response for comparison by determining the hash value from the challenge and the granted permission information received separately. If the challenge response authentication unit 218 receives a response from the portable communication terminal 103, the challenge response authentication unit 218 verifies whether the received response is equivalent to the generated comparison response. If they are equal to each other, it is determined that the received response is valid, and thus it is determined that the portable communication terminal 103 is an authorized terminal.
If the ID authentication unit 219 receives the client application ID from the portable communication terminal 103, the ID authentication unit 219 checks whether the client application ID is registered in a client application ID database (not shown).
If an applicable client application ID is detected in the client application ID database, it is determined that the portable communication terminal 103 as a client application ID transmitter is valid. Note that all registered client application IDs are stored in the client application ID database. The client application ID may be encrypted and transmitted from the service providing system 101 to the broker system 105 through the portable communication terminal 103.
The decision unit 225 determines whether or not to permit provision of the service based on the result of the authentication by the authentication unit 215 and also based on the usage count, the validity period start date/time described in the granted permission information, and the validity period expiration date/time.
If the authentication process manager 245 receives selection information specifying a selected one or more of the plurality of authentication processes, for example, from a console internally connected to the proxy system server 205 or from an information processing apparatus used by the manager of the service providing system, the authentication process manager 245 transmits a command (authentication process selection command) indicating the selected one or more of the plurality of authentication processes specified by the selection information to the authentication unit 216.
More specifically, before the authentication unit 215 performs authentication, the authentication unit 215 issues a challenge command to the authentication process manager 245. In response to the challenge command, the authentication procedure manager 245 sends the authentication procedure selection command to the authentication unit 215. According to this authentication procedure selection command, the authentication unit 215 performs authentication.
That is, if a challenge is received from the authentication unit 215, the authentication process manager 245 instructs the authentication unit 215 to perform a combination of authentication processes specified in the selection command. Note that the selection information is transmitted from a console connected to the service providing system 101 or the agent system 105.
Authentication is performed by at least one of the system authentication unit 216, the portable communication terminal authentication unit 217, the challenge response authentication unit 218, and the ID authentication unit 219 included in the authentication unit 215, in accordance with a command issued by the authentication procedure manager 245.
In order to issue a command related to authentication to the authentication unit 215, the authentication process manager 245 has an authentication process manager (not shown) in which a service providing system ID that identifies the service providing system 101 and selection information corresponding to the service providing system 101 are recorded.
If the authentication disclosure manager 245 receives the selection information from the console, the authentication management manager 245 detects the service providing system ID described in the selection information and updates the corresponding selection information stored in the authentication procedure database.
Although it is assumed in this embodiment by way of example that the various types of authentication units (216, 217, and 218) included in the authentication unit 215 perform authentication by checking whether encrypted data can be decrypted, authentication may be performed in a different manner. For example, in the case where an electronic signature is appended to the data, each authentication unit (216, 217, and 218) may generate an electronic signature based on the data and may authenticate by verifying that the generated electronic signature is equivalent to the electronic signature appended to the data.
Combination of authentication procedures
The combination of authentication procedures specified by the selection information may be modified as needed. There are a variety of combinations of authentication processes that may be performed and any combination of one or more of the variety of authentication processes that may be performed by the brokering system 105 can be selected.
Referring now to fig. 6, a selection screen for selecting one or more of a plurality of authentication processes and inputting information indicating the selected one or more of the plurality of authentication processes to the authentication process manager 245 through a console or the like is illustrated. Fig. 6 illustrates, in a simplified manner, a selection screen for selecting one or more from a variety of authentication processes in accordance with an embodiment of the present invention.
Fig. 6 shows a selection screen for selecting one or more from a plurality of authentication procedures, and is displayed on a console or the like connected to the proxy system server 205 via a LAN or the like. In addition, the selection screen may be displayed on the information processing apparatus used by the manager of the service providing system 101. In this case, the login secret or the like is input to the information processing apparatus used by the manager, and the proxy system server 205 authenticates the information processing apparatus based on the input login secret.
As shown in fig. 6, on the selection screen, various checkboxes, such as a checkbox 601a for selecting an authentication process by the portable communication terminal authentication unit 217 to authenticate the portable communication terminal 103, and a checkbox 601b for selecting authentication by the execution response authentication unit 218 are displayed. Any combination of one or more of the various authentication processes selected by checking the corresponding checkbox 601 can be specified depending on the desired level of security.
By clicking on one or more checkboxes 601, the authentication process performed by the agent system 105 is specified. In the particular example shown in FIG. 6, check field 601a, check field 601b, check field 601d, and check field 601e are selected.
If the update button is clicked, selection information is generated and transmitted from the console to the authentication process manager 245. By specifying the appropriate authentication procedure in the manner described above, the broker system 105 can correctly perform authentication in the manner specified by the service providing system 101. Using a combination of a plurality of authentication processes, the service providing system 101 can arbitrarily set the security level as needed.
When the addition of the electronic signature in the reading process is selected by the check checkbox 601d, the agent system 105 adds the electronic signature to the data read from the contactless IC card module 223 to prevent the data from being falsified. Note that each authentication unit 215 has this capability.
When the addition of the electronic signature in the write process is selected by the check checkbox 601e, the service providing system 101 adds the electronic signature to the data written to the contactless IC card module 223 to prevent the data from being falsified. When this authentication process is selected, the brokering system 105 generates an electronic signature from the received data and verifies whether the generated electronic signature is identical to the received electronic signature. Note that each authentication unit 215 has the capability of verifying the validity of data written to the noncontact IC card module 223.
When the encryption in the reading process is selected by the check checkbox 601f, the agent system 105 encrypts the data read from the contactless IC card module 223 to prevent data theft. Note that each authentication unit 215 has this capability. When this authentication process is selected, the service providing system 101 must decrypt the data encrypted by the proxy system 105.
When the encryption in the write process is selected by the check field 601g, the service providing system 101 encrypts the data written to the contactless IC card module 223 to prevent data theft. When this authentication process is selected, the proxy system 105 must decrypt the received data using a particular system authentication key. Each authentication unit 215 has the capability of decrypting data written to the contactless IC card module 223.
Procedure for communicating with contactless IC card module
Referring now to fig. 7, a procedure of communicating with a contactless IC card module, which includes an authentication procedure by the authentication unit 215, according to an embodiment of the present invention is explained. Fig. 7 is a sequence diagram showing in a simplified manner the authentication process performed by the system authentication unit 216, the portable communication terminal authentication unit 217, and the ID authentication unit 219, and also showing the communication process with the contactless IC card module.
As shown in fig. 7, when authentication related to the portable communication terminal 103 is performed, the application software 203 first accesses the service providing server 201 (step S701). Note that when the application software 203 already has license information indicating the granted license, and if the granted license information is valid, the application software 203 does not access the service providing server 201.
When the application software 203 accesses the service providing server 201 through the execution section 213, the address of the service providing server 201 is indicated with a URL or the like.
If the service providing server 201 receives the personal information from the application software 203, the service providing server 201 generates the granted license information as described above (step S702), and transmits the license information granted as a result to the application software 203 of the portable communication terminal 103 that issued the request (step S703). The application software 203 transmits the received granted license information to the proxy system server 205 through the execution section 213 (step S705). Since the granted permission information is not directly transmitted from the service providing system 101 to the proxy system server 205, a high degree of independence in terms of security of the two servers can be achieved.
Although the client application ID acquired by the ID acquisition module 208 is also transmitted in the transmission process (step S705) in the present embodiment, it is not necessary to transmit the client application ID. For example, in the case where an ID authentication process using the client application ID is not selected, the client application ID does not have to be transmitted.
If the proxy system server 205 receives the granted permission information and the client application ID from the portable communication terminal 103, first, an ID authentication process is performed by the ID authentication unit 219 based on the received client application ID (step S707).
More specifically, in the ID authentication process by the ID authentication unit 119, it is checked whether the received client application ID is equivalent to the client application ID stored in the database (client application database) of the proxy system server 205 when the client application is recorded as the application software 203 in advance.
After the ID authentication process (step S707) is completed, an authentication process related to the portable communication terminal 103 is performed by the portable communication terminal authentication unit 217 (step S709). More specifically, authentication is performed by checking whether decryption can be successfully performed using a client authentication key 221a, which key 221a corresponds to a client authentication key 221b used by the portable communication terminal 103 to encrypt granted license information. If the portable communication terminal authentication unit 217 succeeds in correctly performing decryption, the portable communication terminal 103 is regarded as an authorized terminal.
Although it is assumed by way of example in the data communication system 100 according to the embodiment of the present invention that the authentication related to the portable communication terminal 103 is performed in the above-described manner (in step S709), the authentication of the portable communication terminal 103 may be performed in a different manner. For example, when authentication according to the challenge response method is not performed, authentication of the portable communication terminal 103 may be performed (in step S709). In this case, the authentication process can be simplified and can be performed in a more efficient manner.
Although it is assumed by way of example that authentication related to the portable communication terminal 103 is performed in the data communication system 100 according to the embodiment of the present invention (in step S709), it is not necessary to perform authentication related to the portable communication terminal 103 (in step S709).
If the authentication process related to the portable communication terminal 103 by the portable communication terminal authentication unit 217 is completed (step S709), the authentication process related to the service providing system 101 is performed by the system authentication unit 216 based on the license information granted by the decryption (step S711).
The system authentication unit 216 performs authentication by verifying whether the granted permission information decrypted by the portable communication terminal authentication unit 217 in the authentication process (step S709) can be successfully decrypted using a system authentication key 220a, the key 220a corresponding to the system authentication key 220b used in the encryption performed by the service providing system 101. If the system authentication unit 216 succeeds in correctly performing decryption, it is determined that the service providing server 201 is valid.
Although it is assumed by way of example in the present embodiment that the system authentication unit 216 and the portable communication terminal authentication unit 217 included in the authentication unit 215 perform authentication by checking whether or not encrypted data can be successfully decrypted, authentication may be performed in a different manner. For example, in the case where the data contains an additional electronic signature, the system authentication unit 216 and the portable communication terminal authentication unit 217 can generate an electronic signature based on the data and can perform authentication by checking whether the generated electronic signature is equivalent to the electronic signature attached to the data.
After the authentication process by the ID authentication unit 219, the portable communication terminal authentication unit 217, and the system authentication unit 216 is completed, the decision unit 225 determines whether or not to permit execution of the communication process with the contactless IC card module 223 of the portable communication terminal 103 that has issued the request, based on the authentication result by the authentication unit 215 and on the use permission information described in the granted permission information (step S713).
If the decision unit 225 grants permission to execute the communication process with the non-contact IC card module 223 (step S713), mutual authentication between the communication unit 235 and the non-contact IC card module 223 is performed through the communication network 106, the gateway 117, the packet communication network 115, the base station 113, and the execution section 213 of the portable communication terminal 103 (step S715). More specifically, in the mutual authentication, the communication unit 235 checks whether the IC card ID of the portable communication terminal 103 is equivalent to the IC card ID contained in the granted permission information.
Although it is assumed in the present embodiment that mutual authentication between the communication unit 235 and the contactless IC card module 223 is performed through the communication network 106, the gateway 117, the packet communication network 115, the base station 113, and the execution section 213 of the portable communication terminal 103, mutual authentication may be performed in a different manner. For example, mutual authentication between the communication unit 235 and the non-contact IC card module 223 may be performed by the reader/writer 111 (step S715).
If the mutual authentication between the communication unit 235 and the contactless IC card module 223 is successfully completed (step S715), the communication unit 235 transmits information indicating the details of the communication process specified by the request, which is received in the authentication process related to the portable communication terminal 103, to the contactless IC card module 223 (step S705), or separately received after the authentication process is completed, thereby performing the communication process with the contactless IC card module 223 (step S717). Although in the present embodiment, communication is performed in a secure manner using an encryption/decryption key (step S717), it is not essential to perform communication in such a manner.
If the non-contact IC card module 223 receives communication process information from the communication unit 235, for example, indicating that the point information "80" should be written in the storage area (for example, address "a") of the storage unit, the non-contact IC card module 223 writes the point information "80" in the address "a" according to the communication process information. When the write process is completed, response information indicating that the write process is completed is transmitted to the communication unit 235. In case a further procedure is specified as a communication procedure, the specified procedure is then performed.
Referring now to fig. 8, a communication process with a contactless IC card module, which includes an authentication process by the authentication unit 215, according to an embodiment of the present invention is explained. Fig. 8 is a sequence diagram showing, in a simplified manner, the authentication process performed by the challenge response authentication unit 218 and the ID authentication unit 219, and also showing the communication process with the noncontact IC card module.
As shown in fig. 8, in order to authenticate the portable communication terminal 103, the application software 203 first accesses the service providing server 201 (step S801). Note that when the application software 203 already has license information indicating the granted license, and if the granted license information is valid, the application software 203 does not access the service providing server 201.
If the service providing server 201 receives the personal information from the application software 203, the service providing server 201 generates the granted license information as described above (step S802), and transmits the resultant granted license information to the application software 203 of the portable communication terminal 103 that issued the request (step S803).
The application software 203 then accesses the proxy system server 205 through the execution section 213 and requests the proxy system server 205 to perform an authentication process (step S805). Although the client application ID acquired by the ID acquisition module 208 is also transmitted in this request process (step S805) in the present embodiment, the client application ID is not necessarily transmitted. For example, in the case where an ID authentication process using the client application ID is not selected, the client application ID does not have to be transmitted.
If the ID authentication unit 219 receives the client application ID from the portable communication terminal 103, the ID authentication unit 219 performs an ID authentication process based on the received client application ID (step S807).
If the ID authentication process by the ID authentication unit 219 is successfully completed, the challenge response authentication unit 218 generates a challenge code and transmits it to the portable communication terminal 103 via the communication network (step S809).
If the application software 203 receives the challenge code from the proxy system server 205, the application software 203 generates a response based on the challenge code and the granted license information (step S811). This response has been described above and so a description thereof will be omitted here.
The application software 203 transmits a response to the proxy system server 205 through the execution section 213 (step S813). When the response is transmitted to the proxy system server 205, the granted permission information is also transmitted (step S813). Note that the granted permission information may be sent separately.
If the challenge-response authenticating unit 218 receives the response, the challenge-response authenticating unit 218 generates a response from the generated challenge code and the granted permission information received from the portable communication terminal 103 in a manner similar to the response generating process performed by the response generating module 207.
In the case where the granted permission information received from the portable communication terminal 103 has been encrypted by the portable communication terminal 103, the challenge response authentication unit 218 first decrypts the received granted permission information using the client authentication key 221a, and then generates a response.
On the other hand, in the case where the granted permission information received from the portable communication terminal 103 has been encrypted by the service providing server 201, the challenge response authentication unit 218 first decrypts the received granted permission information using the system authentication key 220a, and then generates a response.
After the challenge-response authentication unit 218 generates a response, the challenge-response authentication unit 218 verifies whether the response received from the portable communication terminal 103 is equivalent to the granted response. If the challenge-response authentication unit 218 determines that the two responses are equal to each other, the challenge-response authentication unit 218 determines that both the portable communication terminal 103 as a transmitter and the service-providing server 201 are valid, and completes authentication.
If the authentication process by the challenge response authentication unit 218 and the ID authentication unit 219 is completed, the decision unit 225 determines whether or not to permit execution of the communication process with the contactless IC card module 223 based on the authentication result by the authentication unit 215 and the granted permission information contained in the granted permission information (step S817).
The decision unit 225 can request the portable communication terminal 103 to provide personal information contained in the granted permission information through the communication unit 235. If the execution section 213 of the portable communication terminal 103 receives the request for the personal information, the execution section 213 acquires the personal information and transmits it to the proxy system server 205.
Note that the decision process performed by the decision unit 225 is not limited to the above-described example. For example, the decision unit 225 may also check whether the portable communication terminal hardware ID identifying the portable communication terminal 103 described in the granted permission information is equivalent to the portable communication terminal hardware ID recorded in the client application ID database, as needed. The data recorded in the client application ID database has a data structure containing entries of "client application ID", "portable device hardware ID", an "own ID" identifying the portable device itself, and an "IC card ID" identifying the noncontact IC card module.
If the decision unit 225 grants permission to execute the communication procedure with the contactless IC card module 223 (step S817), mutual authentication between the communication unit 235 and the contactless IC card module 223 is performed through the communication network 106, the gateway 117, the packet communication network 115, the base station 113, and the execution section 213 of the portable communication terminal 103 (step S819). More specifically, in the mutual authentication, the communication unit 235 checks whether the IC card ID of the portable communication terminal 103 is equivalent to the IC card ID contained in the granted permission information.
Although it is assumed in the present embodiment that mutual authentication between the communication unit 235 and the contactless IC card module 223 is performed through the communication network 106, the gateway 117, the packet communication network 115, the base station 113, and the execution section 213 of the portable communication terminal 103, the mutual authentication may be performed in a different manner. For example, mutual authentication between the communication unit 235 and the non-contact IC card module 223 may be performed by the reader/writer 111 (step S819).
If the mutual authentication between the communication unit 235 and the contactless IC card module 223 is successfully completed (step S819), the communication unit 235 transmits information of the details of the communication process indicated by the request, which is received during the authentication process related to the portable communication terminal 103, to the contactless IC card module 223 or separately received after the authentication process is completed, thereby performing the communication process with the contactless IC card module 223 (step S821). The communication process performed in step S821 is similar to the communication process performed in step S717 described above, and thus further description thereof will be omitted here.
The authentication process described above with reference to fig. 7 or 8 may be modified, for example, only the ID authentication process by the ID authentication unit 219 is performed. In the following discussion, a description of a process similar to that described above with reference to fig. 7 or 8 will be omitted.
As understood from fig. 7 or 8, when only the ID authentication process by the ID authentication unit 219 is performed, the portable communication terminal 103 may transmit only the client application ID to the proxy system server 205 without transmitting the granted permission information. Thus, it is not necessary to access the access providing system 101, although this results in a reduction in the security level, which may cause an increase in the risk of unauthorized reception of services by the portable communication terminal.
After the portable communication terminal 103 transmits the client application ID to the proxy system server 205, the authentication process is performed in a manner basically similar to that described above with reference to fig. 7 or 8, and thus the description thereof will be omitted here.
Writing process
A writing process of writing data to the noncontact IC card module 223 according to the present embodiment will now be described below with reference to fig. 9. Fig. 9 is a sequence diagram showing, in a simplified manner, a write process of writing data to the noncontact IC card module 223 according to an embodiment of the present invention.
Although in the write process shown in fig. 9, the authentication process is not shown, it is assumed here that the authentication process has been performed in a similar manner as described with reference to fig. 7 or 8.
As shown in fig. 9, in the writing process of writing data to the contactless IC card module 223, the application software 203 first accesses the access providing system 201 and transmits request information containing personal information (step S901).
If the service providing system 201 receives the personal information from the application software 203, the service providing system 201 generates the granted license information for use in the writing process as described above (step S902), and transmits the resultant granted license information to the application software 203 of the portable communication terminal 103 that has issued the request (step S903).
Next, the application software 203 sends a request to the proxy system server 205 through the execution section 213 to perform a writing process (step S905). The proxy system server 205 performs authentication related to the portable communication terminal 103, although a detailed description thereof will be omitted here.
If the decision unit 225 in the proxy system server 205 determines that the communication process should be permitted, the communication unit 235 and the contactless IC card module 223 perform mutual authentication (step S907). The mutual authentication process is not described here since this is done in a similar manner as described above.
If the mutual authentication is successfully completed (step S907), the communication unit 235 in the proxy system server 205 requests the application software 203 to provide data to be written to the storage device in the contactless IC card module 223 (step S909).
The application software 203 transmits the received granted permission information related to the writing process and the data to be written to the proxy system server 205 through the execution section 213 (step S911).
The data written during the communication (step S911) may be generated by the application software 203 or may be directly provided from the service providing server 201. In addition, other data may be written during the communication.
In the communication process (step S911), as shown in fig. 3, the data to be written and the granted permission information for use in the writing process are encrypted using the client authentication key 221 b.
If the authentication unit 215 receives the data to be written and the granted permission information related to the writing process, the system authentication unit 216 or the portable communication terminal authentication unit 217 decrypts the encrypted data to be written and the granted permission information related to the writing process. The authentication unit 215 verifies the validity of the service providing server 201 or the portable communication terminal 103 as a data transmitter by checking whether decryption can be successfully performed (step S913).
The decision unit 225 determines whether each entry of the use permission, such as the use count described in the received granted permission information, is valid (step S915). If it is determined that the use permission is valid, the decision unit 225 instructs the communication unit 235 to perform a write process. As for the entry of the use permission, the decision unit 225 may check other entries such as a portable terminal hardware ID in addition to the use count.
The communication unit 235 transmits a write command to the noncontact IC card module 223 together with data to be written. According to the write command, the noncontact IC card module 223 writes data to a storage area designated by the storage unit (step S917). Thus, the writing process according to the present embodiment is completed.
Although in the write process shown in fig. 9, the data to be written and the license information related to the write process are encrypted, the data and the license information may be handled differently. For example, no encryption may be performed during writing, or an electronic signature may be appended to the data. Additionally, after the electronic signature is appended to the data, the data with the appended electronic signature can be encrypted. That is, a combination of one or more security procedures may be employed.
Read process
A reading process of reading data from the contactless IC card module 223 according to an embodiment of the present invention will now be described below with reference to fig. 10. Fig. 10 is a sequence diagram showing, in a simplified manner, a reading process of reading data from a contactless IC card module according to an embodiment of the present invention.
Although the read process shown in fig. 10 does not show an authentication process, it is assumed here that the authentication process has been performed in a similar manner as described above with reference to fig. 7 or 8.
As shown in fig. 10, the application software 203 transmits a request to the proxy system server 205 through the execution section 213 to perform a reading process (step S1005). The proxy system server 205 performs authentication related to the portable communication specification 103, but a detailed description thereof is omitted here.
If the decision unit 225 in the proxy system server 205 determines that the communication process should be permitted, the communication unit 235 and the contactless IC card module 223 perform mutual authentication (step S1007). The mutual authentication process is not described in detail here, since this is done in a similar manner to that described above.
If the mutual authentication is successfully performed (step S1007), the communication unit 235 in the proxy system server 205 transmits a read command to the contactless IC card module 223. Upon receiving the read command, the non-contact IC card module 223 reads data from the storage area of the specified storage unit (step S1009). If the contactless IC card module 223 reads data, the contactless IC card module 223 transmits the read data to the communication unit 235 as a reply. It is assumed that the memory area (address) of the memory unit from which data is read is specified when a request is issued by the application software 203 (step S1005).
If the proxy system server 205 receives the data from the contactless IC card module 223, the system authentication unit 216 or other authentication unit of the proxy system server 205 encrypts the data using the system authentication key 220a (step S1011).
The proxy system server 205 transmits the encrypted read data to the portable communication terminal 103 via the communication network 106 (step S1013).
If the application software 203 receives the encrypted read data, the application software 203 transmits read request information containing the encrypted data and personal information to the service providing server 201 (step S1015).
If the license authentication unit 241 receives the request information, the license authentication unit 241 decrypts the received data using the system authentication key 220b, the key 220b corresponding to the system authentication key 220a used in the data encryption process by the service providing server 201. By performing the decryption, the license authentication unit 241 verifies the validity of the service providing server 201 as the data transmitter (step S1017).
The license authentication unit 241 retrieves the license corresponding to the client application ID described in the received request information from a license database (not shown), and verifies whether each entry of the use license, such as the use count, is valid based on the license database (step S1017). As for the entry of the use permission, the decision unit 225 may check other entries such as a portable terminal hardware ID in addition to the use count.
If the authentication by the license authentication unit 241 is successfully passed (step S1017), the data read from the contactless IC card module 223 is transmitted to the portable communication terminal 103 (step S1019). Upon receipt of the data, the data is displayed on the display screen by the application software 203.
For example, in the case where the service provided by the service providing system 101 is to give points, information indicating the current total points or the like is read from the non-contact IC card module 223 and displayed on the display screen to notify the user of the points. This completes the read process according to the present embodiment.
Although the read process shown in fig. 10 is illustrated in which the read data is encrypted, the read data may be processed in a different manner. For example, no encryption may be performed during reading, or an electronic signature may be appended to the read data. Additionally, after the electronic signature is appended to the data, the data with the appended electronic signature can be encrypted. That is, any combination of one or more security procedures may be employed.
The sequence of process steps described above with reference to fig. 7 to 10 may be performed by means of hardware or software. When these processes are performed by software, the software program is installed to an information processing apparatus, such as a general-purpose computer or a microcomputer, so that the information processing apparatus functions as the proxy system server 205, the service providing server 201, or the portable communication terminal 103.
The program may be stored in advance in a storage medium such as a hard disk or ROM installed in the computer. In addition, the program may be temporarily or permanently stored (recorded) on a flexible disk, a CD-ROM (compact disc read only memory), an MO (magneto optical) disk, or a DVD (digital versatile disc).
The program may be transferred to the computer through a wireless transmission channel such as a satellite communication channel, or through a wired communication channel such as a LAN (local area network) or the internet.
In the present invention, the processing steps described in the program executed by the computer to perform various types of processing are not necessarily performed in chronological order according to the order described in the sequence chart. The processing steps may be performed in parallel or separately (by means of parallel processing or object processing).
The program may be executed by a single computer or may be executed in a distributed manner by a plurality of computers.
The data communication system 100 has been described above with reference to specific embodiments. As can be understood from the above description, the data communication system 100 has the following advantages.
(1) A plurality of authentication processes are provided and any combination of the plurality of authentication processes may be selected depending on the security level required for the service providing system 101. The service provider can easily set/change the combination of authentication procedures depending on the required level of security and/or other factors such as cost. For example, when the security level required by the service providing system 101 is high, one-time approval is adopted. On the other hand, the security level required by the service providing system 101 is not so high, and authentication can be performed using only the client application ID.
(2) When using the license authentication capability, the service provider is allowed to arbitrarily define the validity period of the license depending on the security policy. For example, with an indefinite or one-time grant.
(3) Since the device to which the permission to receive the service is given is limited to the portable communication terminal 103, it is difficult for an unauthorized person to illegally receive the service.
(4) Since the application software 203 has the ability to manage the state in terms of communication with a server or the like, when the connection through the communication network fails, the connection can be easily retried.
(5) The traffic of the application software 203 can be reduced.
(6) The agent system 105 is provided with customizable authentication capabilities, making it easy to build an overall system including the agent system and the service providing system.
(7) Mutual authentication between the contactless IC card module 223 and the agent system 105 makes it unnecessary for the service providing system 101 to perform a further authentication process to authenticate the agent system 105.
(8) In this data communication system, since each portable communication terminal 103 can be authenticated using a system authentication key or the like without requiring identification information identifying each portable communication terminal 103, the data communication system can be easily implemented in a highly flexible and versatile manner, so that a communication process can be performed and services can be provided regardless of the carrier or the type of portable communication terminal 103.
The invention has been described above with reference to specific embodiments. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations and substitutions are possible, depending on design requirements and other factors, and are within the scope of the appended claims or their equivalents.
For example, in the above embodiment, the data communication system 100 includes one service providing system 101 and one agent system 105. However, there is no particular limitation on the number of service providing systems or agent systems. For example, the data communication system 100 may include a plurality of service providing systems 101 managed by respective service providers. Similarly, the data communication system 100 may also include a plurality of broker systems 105.
In the above-described embodiment, each part of the service providing system 101 is implemented by hardware. Each portion may be implemented in other ways. For example, each part of the service providing system 101 may be implemented by software including one or more program modules or components.
In the above-described embodiment, each part of the agent system 105 is implemented by hardware. However, each portion may be implemented in other ways. For example, each part of the service providing server 101 may be implemented by software including one or more program modules or components.
In the above-described embodiments, the application software 203 and the execution section 213 included in each portable communication terminal 103 are respectively implemented by software including one or more program modules or components. However, they may be implemented in other ways. For example, they may each be implemented by one or more hard components.
In the above-described embodiment, a portable telephone having a noncontact IC card module is used as each portable communication terminal 103. However, another kind of device may be employed as long as the device has the noncontact IC card module 223 and is capable of communicating with an external device through a communication network. For example, a notebook type personal computer, a PDA (personal digital assistant) device, or the like can be adopted as the portable communication terminal 103.
In the above-described embodiment, the communication for mutual authentication or other purposes between the communication unit 235 and the contactless IC card module 223 is performed through the communication network 106, the gateway 117, the packet communication network 15, the base station 113, the execution section 213 of the portable communication terminal 103, but the communication may be performed in other manners. For example, the communication unit 235 can communicate with the non-contact IC card module 223 through the communication network 104, the reader/writer 111 provided in the information processing apparatus 109, and the execution portion 213 of the portable communication terminal 103.
As described above, the present invention provides an advantage that, in a data communication system, a communication terminal/device can be authenticated according to a combination of one or more of a plurality of authentication methods selected at a desired security level, and thus a service provider can provide a service to a portable communication terminal regardless of its type.
Industrial applications
The present invention is applicable to a data communication system, a proxy system server, a computer program, and a data communication method.

Claims (15)

1. A data communication system includes one or more portable communication terminals each including a noncontact IC card module adapted to perform information processing in response to a request from the outside, a service providing system adapted to provide a service through the information processing performed by the noncontact IC card module, and a proxy system adapted to perform a communication process with the noncontact IC card module for the service providing system,
the portable communication terminal includes a request unit adapted to request the service providing system to provide granted permission information possessed by the service providing system, the granted permission information indicating permission relating to a communication procedure granted to the portable communication terminal, the permission information being necessary for the communication procedure between the contactless IC card module and the proxy system,
the service providing system includes an acquisition unit adapted to acquire granted permission information relating to the portable communication terminal that has issued a request, if the request is received from one of the portable communication terminals,
the acquired granted permission information is encrypted by the service providing server using a system authentication key, which is possessed by both the proxy system and the service providing system and used to encrypt/decrypt information, the granted permission information is further encrypted by the portable communication terminal using a client authentication key, which is possessed by both the portable communication terminal and the proxy system and used to encrypt/decrypt information, and the resultant granted permission information is transmitted to the proxy system,
the agent system comprises
An authentication unit adapted to perform at least one of a plurality of authentication processes including a system authentication process for authenticating a service providing system based on a system authentication key, a first client authentication process for authenticating the portable communication terminal based on a client authentication key, and a second client authentication process for authenticating the portable communication terminal based on identification information identifying the portable communication terminal, based on granted permission information received from the portable communication terminal,
a decision unit adapted to determine whether to permit communication based on the license described in the granted license information after completion of authentication by the authentication unit, and
a communication unit adapted to perform a communication process with the non-contact IC card module if the communication is permitted by the decision unit.
2. The data communication system according to claim 1, wherein the authentication unit receives a selection command specifying a combination of one or more of the plurality of authentication processes, and executes the combination of one or more of the plurality of authentication processes according to the received selection command.
3. The data communication system according to claim 1, wherein the communication process performed by the communication unit is a process of causing the non-contact IC card module to perform a writing process or a reading process.
4. A data communication system according to claim 3, wherein the authentication unit receives a selection command specifying one or both of two processes, including a process of encrypting data to be read in the reading process and a process of adding an electronic signature generated based on the data to the data, and the authentication unit performs the one or both processes in accordance with the selection command.
5. A data communication system according to claim 3, wherein the authentication unit receives a selection command specifying one or both of two processes, including a process of decrypting the encrypted data to be written during the writing process and a process of verifying the validity of the data based on the electronic signature added to the data, and the authentication unit performs the one or both processes in accordance with the received selection command.
6. The data communication system according to claim 1, wherein the communication between the service providing system and the agent system is performed through a portable communication terminal.
7. The data communication system according to claim 1, wherein the first client authentication process is a challenge response authentication process in which a challenge code is transmitted to the portable communication terminal, which in turn generates a response based on the challenge code and granted permission information and returns a response of the result, and performs authentication based on the received response.
8. The data communication system of claim 1, wherein the portable communication terminal is a portable telephone.
9. A proxy system server adapted to perform a communication process with a contactless IC card module for a service providing server adapted to provide a service through information processing performed by the contactless IC card module included in a portable communication terminal, the proxy system server comprising:
a receiving unit adapted to receive, from the portable communication terminal, granted permission information in an encrypted form, the granted permission information indicating permission related to a communication process between the contactless IC card module and the proxy system server, the granted permission information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted permission information being further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system server and used to encrypt/decrypt information;
an authentication unit adapted to perform a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes including a system authentication process of authenticating the service providing system based on a system authentication key, a first client authentication process of authenticating the portable communication terminal based on a client authentication key, and a second client authentication process of authenticating the portable communication terminal based on identification information identifying the portable communication terminal;
a decision unit adapted to determine whether to permit communication based on the license described in the granted license information after completion of authentication by the authentication unit; and
a communication unit adapted to perform a communication process with the non-contact IC card module if the communication is permitted by the decision unit.
10. The proxy system server according to claim 9, wherein the authentication unit receives a selection command specifying a combination of one or more of the plurality of authentication processes, and executes the combination of one or more of the plurality of authentication processes according to the received selection command.
11. The proxy system server according to claim 9, wherein the communication process performed by the communication unit is a process of causing the contactless IC card module to perform a write process or a read process.
12. The proxy system server according to claim 11, wherein the authentication unit receives a selection command that specifies one or both of two processes, which includes a process of encrypting data to be read in the reading process and a process of adding an electronic signature generated based on the data to the data, and the authentication unit performs the one or both processes in accordance with the selection command.
13. The proxy system server according to claim 11, wherein the authentication unit receives a selection command specifying one or both of two processes, which includes a process of decrypting the encrypted data to be written in the writing process and a process of verifying the validity of the data based on the electronic signature added to the data, and the authentication unit executes the one or both processes in accordance with the received selection command.
14. A computer program for allowing a computer to function as a proxy system server adapted to execute a communication procedure with a contactless IC card module for a service providing server adapted to provide a service through information processing performed by the contactless IC card module included in a portable communication terminal, the computer program comprising:
a receiving module adapted to receive granted license information in an encrypted form from the portable communication terminal, the granted license information indicating a license related to a communication process between the contactless IC card module and the proxy system server, the granted license information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted license information being further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system server and used to encrypt/decrypt information;
an authentication module adapted to perform a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes including a system authentication process of authenticating the service providing server based on a system authentication key, a first client authentication process of authenticating the portable communication terminal based on a client authentication key, and a second client authentication process of authenticating the portable communication terminal based on identification information identifying the portable communication terminal;
a decision module adapted to determine whether to permit communication based on the permission described in the granted permission information after the authentication is completed, and
a communication module adapted to perform a communication process with the non-contact IC card module if the communication is permitted by the decision module.
15. A data communication method for a proxy system server to perform a communication process with a contactless IC card module for a service providing server adapted to provide a service through information processing performed by the contactless IC card module included in a portable communication terminal, the method comprising the steps of:
receiving granted permission information in an encrypted form from the portable communication terminal, the granted permission information indicating permission related to a communication process between the contactless IC card module and the proxy system server, the granted permission information being encrypted by the service providing server using a system authentication key, which is owned by both the proxy system server and the service providing server and used to encrypt/decrypt information, and the granted permission information being further encrypted by the portable communication terminal using a client authentication key, which is owned by both the portable communication terminal and the proxy system server and used to encrypt/decrypt information;
performing a combination of one or more of a plurality of authentication processes based on the granted permission information received from the portable communication terminal, the plurality of authentication processes including a system authentication process of authenticating the service providing server based on a system authentication key, a first client authentication process of authenticating the portable communication terminal based on a client authentication key, and a second client authentication process of authenticating the portable communication terminal based on identification information identifying the portable communication terminal;
determining whether to permit communication based on the permission described in the granted permission information after the authentication step is completed; and
if the communication is permitted at the determination step, a communication process with the non-contact IC card module is performed.
HK07107077.4A 2005-03-03 2006-02-28 Data communication system, alternate system server, computer program, and data communication method HK1099878A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2005-058868 2005-03-03

Publications (1)

Publication Number Publication Date
HK1099878A true HK1099878A (en) 2007-08-24

Family

ID=

Similar Documents

Publication Publication Date Title
EP1863308A1 (en) Data communication system, alternate system server, computer program, and data communication method
EP3632034B1 (en) Methods and systems for ownership verification using blockchain
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
JP5529775B2 (en) Network authentication method and network authentication device for executing the network authentication method
JP5802137B2 (en) Centralized authentication system and method with secure private data storage
US8713661B2 (en) Authentication service
US8752153B2 (en) Accessing data based on authenticated user, provider and system
US8751829B2 (en) Dispersed secure data storage and retrieval
EP3642998B1 (en) Verification and encryption scheme in data storage
US8839391B2 (en) Single token authentication
KR101863953B1 (en) System and method for providing electronic signature service
US20140298027A1 (en) Integrated contactless mpos implementation
EP2469374A1 (en) Facilitating and authenticating transactions
JP2009510644A (en) Method and configuration for secure authentication
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
JP2009526321A (en) System for executing a transaction in a point-of-sale information management terminal using a changing identifier
CN101373528A (en) Electronic payment system, device and method based on position authentication
CN103077460A (en) System and method for financial certificate transaction by mobile device
US20170154329A1 (en) Secure transaction system and virtual wallet
US10108937B2 (en) Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof
JP2004007350A (en) Information processing system and information processing method
EP3428865A1 (en) Authentication method and related method for executing a payment
KR102468511B1 (en) Method for paying with contactless payment card based on decentralized identifier of blockchain network, and mobile device using them
HK1099878A (en) Data communication system, alternate system server, computer program, and data communication method
KR101471000B1 (en) Method for Operating Certificate