JP2013050930A - Portable terminal, authentication method, authentication program, and authentication system - Google Patents

Abstract

The present invention effectively determines whether or not an ID of a non-contact IC card or tag can be used reliably, and ensures safe execution of an operation associated with the ID when the ID is used.
A portable terminal wirelessly communicates with a non-contact IC, reads a read / write unit that reads the ID and data of the non-contact IC, a display unit that displays an operation selection screen on the portable terminal, and the read ID and data An availability determination unit that determines whether or not an ID is usable according to an ID registration policy, in association with an ID and information for specifying an operation in a mobile terminal selected from the selection screen When it is determined that the ID is usable, the registration unit that associates the ID read by the read / write unit with the information that specifies the operation in the mobile terminal, and the ID and the operation that are associated with each other by the registration unit A storage unit for storing information.
[Selection] Figure 2

Description

  The present invention relates to a portable terminal, an authentication method, an authentication program, and an authentication system for authenticating an ID (Identification) read using a non-contact IC (Integrated Circuit) reader function.

  In recent years, portable terminals having a reader function for reading IDs of non-contact ICs used for non-contact IC cards and RFID (Radio Frequency Identification) tags when using services such as Edy (registered trademark) have become widespread. . Development of such a portable terminal is underway, and it is considered that not only a reader function for reading ID but also a portable terminal having a writer function for rewriting ID will appear in the future.

  The IDs of the non-contact IC card and RFID tag read by the portable terminal are assumed to be used for authentication in the portable terminal, for example, and for example, Patent Documents 1 to 3 are known in relation to such an authentication method. It has been.

  For example, the portable electronic device of Patent Document 1 includes a non-contact IC reader / writer, receives an ID number stored in a non-contact IC card via the non-contact IC reader / writer, and receives the received ID number. It is stored in the lock related record of the storage unit. When the portable electronic device authenticates for unlocking, it receives the ID number stored in the non-contact IC card via the non-contact IC reader / writer and stores it in the received ID number and the lock related record. The ID number is verified. Thereby, the portable electronic device can perform authentication based on the ID number of the non-contact IC without burdening the user or the like.

  The authentication system of Patent Document 2 uses an IC tag, a portable terminal device having a reader function and a writer function for reading and writing a card ID that specifies the IC tag, a plurality of service providing servers, and a portable terminal device. And an authentication server for authenticating an accessor to the service providing server. In this authentication system, the mobile terminal device reads the card ID from the IC tag, and transmits the card ID and the terminal ID of the mobile terminal device to the authentication server. The authentication server associates and registers a user ID for identifying an accessor and a unique card ID and terminal ID for each service, and further associates a rewrite password different from the card ID with the user ID and registers them in the database. To do.

  The authentication system further includes a card update unit that updates the card ID registered in the database every time the service is used, and rewrites the card ID with a new card ID through the writer function of the mobile terminal device. The authentication server authenticates by using the card ID associated with the service related to the access request, and when the authentication is successful, permits the access to the service providing server that provides the permitted service, and the card ID is not acquired. In this case, a rewrite password is acquired, and the rewrite password is authenticated instead of the card ID. As a result, the authentication system reduces the burden on the user, such as complicated operations, during authentication processing for receiving services provided by a portable information terminal such as a mobile phone or PDA (Personal Digital Assistant) through a communication network such as the Internet. However, security can be improved effectively.

  The mobile phone control system of Patent Document 3 has a built-in IC chip with a unique ID attached to a card that displays the function to be activated on the surface, reads the ID with a mobile phone, and has a function corresponding to a pre-registered ID. to start. As a result, the mobile phone control system can allow a user who is restricted in fine operation with keys such as a visually impaired person and an elderly person to easily operate the mobile phone.

  In order to simplify the description, “RFID tag” is simply referred to as “tag” in the following description.

JP 2006-113719 A Japanese Patent No. 4716704 JP 2010-57053 A

  The ID numbers, card IDs, and IDs in Patent Documents 1 to 3 described above are based on the premise that each ID number, card ID, and ID can always be used when these authentications are successful. ing. Here, in order to simplify the description, “ID number”, “card ID”, and “ID” are collectively described as “ID”.

  However, even when the ID authentication is successful, the ID of the contactless IC card and the tag can always be used according to the specification of the contactless IC card and the tag and the usage status of the user who uses the tag. However, there is a problem that it is difficult to say that it is safe to use the user's ID.

  Here, the specifications of the non-contact IC card and the tag are based on, for example, whether the ID is a fixed value or a random value, the number of digits of the ID, and a registration policy (eg, security level) when using the ID. ID types determined by the The registration policy includes a case where a policy file in which the policy content is described is stored in the storage unit of the portable terminal and a case where the policy file is not present and the content of the registration policy is defined in a part of the program. is there.

  For example, in the former case, if the content of the registration policy is “operation A, operation B, and operation C that can be paired (see later)”, the mobile terminal displays a list of operations that can be paired. The policy file is read from the storage unit, and “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired. In this case, the registration policy can be dynamically changed by rewriting the policy file.

  For example, in the latter case, if the content of the registration policy is “operations that can be paired (see later) are operation A, operation B, and operation C”, when the mobile terminal displays a list of operations that can be paired By executing a program in which the contents of the registration policy are defined, “operation A, operation B, and operation C” are explicitly displayed as operations that can be paired. In this case, since there is no policy file, in order to change the registration policy, it is necessary to change the program in which the contents of the registration policy are defined.

  Further, it is generally known that types of ID include, for example, type A, type B, type F, ISO15693, and the like.

  The present invention has been made in view of the above-described conventional circumstances, and effectively determines whether or not the ID of a contactless IC card or tag can be used reliably, and corresponds to the ID when using the ID. An object of the present invention is to provide a portable terminal, an authentication method, an authentication program, and an authentication system that guarantee the safe execution of the attached operation.

  The present invention is a portable terminal that wirelessly communicates with a non-contact IC, a read / write unit that reads an ID and data stored in the non-contact IC, and a display unit that displays an operation selection screen in the portable terminal; Based on the ID and data read by the read / write unit, according to the registration policy of the ID, the information identifying the operation in the mobile terminal selected from the selection screen and the ID are associated with each other An availability determination unit that determines whether or not the ID can be used, and if the ID is determined to be available, specifies the ID read by the read / write unit and an operation in the mobile terminal A registration unit for associating information to be performed, and a storage unit for storing information identifying the ID and the operation associated with each other by the registration unit.

  Further, the present invention is an authentication method in a portable terminal that wirelessly communicates with a non-contact IC, the step of reading the ID and data stored in the non-contact IC, and based on the read ID and data Determining whether or not the ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone And the step of writing the generated new pseudo ID in the non-contact IC, and in the storage unit, the information specifying the operation in the portable terminal according to the security level of the ID and the ID are stored in association with each other. Updating the pseudo ID being updated to the new pseudo ID, and changing the pseudo ID stored in the storage unit to the new pseudo ID. After updating the stomach pseudo ID, and a step of performing an operation in the mobile terminal corresponding to the information for specifying the operation.

  According to another aspect of the present invention, there is provided a portable terminal that is a computer that wirelessly communicates with a non-contact IC, the step of reading an ID and data stored in the non-contact IC, and the reading based on the read ID and data. Determining whether the read ID is a clone, and generating a new pseudo ID different from the pseudo ID included in the read data when the read ID is determined not to be a clone A step of writing the generated new pseudo ID into the non-contact IC, and in the storage unit, the information identifying the operation in the portable terminal according to the security level of the ID and the ID are associated with each other Updating the stored pseudo ID to the new pseudo ID; and the pseudo ID stored in the storage unit. After updating the on new pseudo ID to D, to realize, and performing an operation in the portable terminal corresponding to the information for specifying the operation.

  The present invention is also an authentication system including a non-contact IC and a portable terminal that wirelessly communicates with the non-contact IC, wherein the non-contact IC stores an ID and data of the non-contact IC. A storage unit; and a communication unit that receives a read signal from the portable terminal and transmits the ID and data. The portable terminal transmits the read signal to the non-contact IC, and the non-contact IC A read / write unit that receives the ID and data from the storage unit, and a storage unit that stores information that specifies an operation in the portable terminal according to the security level of the ID, and a pseudo-ID that is different from the ID and the ID And a clone detection unit that determines whether the read ID is a clone based on the ID and data read by the read / write unit; and When it is determined that the ID read by the read-write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data, and the operation is specified in the storage unit The registration unit that updates the pseudo ID stored in association with the information to be performed and the ID to the new pseudo ID generated by the pseudo ID generation unit, and the mobile that corresponds to the information that specifies the operation An operation execution unit that executes an operation in the terminal.

  According to the configuration described above, it is effectively determined whether or not the ID of the contactless IC card and the tag can be reliably used, and the safe execution of the operation associated with the ID is ensured when the ID is used. be able to.

  According to the present invention, it is effectively determined whether or not an ID of a contactless IC card or tag can be used reliably, and secure execution of an operation associated with the ID when using the ID is ensured. Can do.

System configuration diagram of the authentication system of the present embodiment The block diagram which shows the internal structure of the portable terminal of this embodiment in detail Block diagram showing in detail the internal configuration of the availability determination unit Block diagram showing the internal configuration of the clone detector in detail The figure which shows an example of the data structure in the non-contact IC memory | storage part of non-contact IC (A) The figure which shows an example of the selection screen of a security level, (b) The figure which shows another example of the selection screen of a security level (A) The figure which shows an example of the operation selection screen of the portable terminal used as the object of pairing, (b) The figure which shows an example of the operation selection screen according to the menu of the application used as the object of pairing, (c) The figure which shows an example of the selection screen of whether the starting of the application from an icon is invalidated after registration of tag ID (A) The figure which shows an example of the selection screen of ID used as the object of deletion, (b) The figure which shows an example of the availability determination processing result showing that it is usable ID The figure which shows an example of a security level table The flowchart explaining the process in the ID setting application or ID setting function in the portable terminal of this embodiment Flowchart for explaining ID availability determination processing in the portable terminal of this embodiment Explanatory drawing which shows the 1st pattern of the detection of the clone in the portable terminal of this embodiment Explanatory drawing which shows the 2nd pattern of the detection of the clone in the portable terminal of this embodiment Explanatory drawing which shows each ID and pseudo | simulation ID of a memory | storage part when a clone is not detected, and a tag Explanatory drawing which shows each ID and pseudo | simulation ID of a memory | storage part, a clone tag, and a tag when a clone is detected The flowchart explaining the tag authentication process in the portable terminal of this embodiment (A) The figure which shows an example of the authentication result which shows that authentication was successful, (b) The figure which shows an example of the authentication result which shows that authentication failed (A) A diagram showing that a clone has been detected and the previous authentication success date and location, (b) a diagram showing an example of a selection screen for determining whether or not to invalidate an ID of a tag detected as a clone, (c) ) Diagram showing an example of the screen when verifying identity Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 1st operation | movement of a portable terminal Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 2nd operation | movement of a portable terminal Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 3rd operation | movement of a portable terminal Explanatory drawing which shows the outline | summary of the flow which the portable terminal of this embodiment authenticates ID of a tag or an IC card, and performs 4th operation | movement of a portable terminal (A) A figure showing an example of a selection screen of operation of a portable terminal which is a pairing target, (b) a figure showing an example of a message screen for approaching a tag to be exchanged at the time of tag exchange, (c) ) A diagram showing an example of a message screen with a tag invalidation success notification and a new tag proximity instruction, (d) a diagram showing an example of a success notification message screen with a new tag registration and tag exchange (A) The figure which shows an example of the message screen of the fact that the pseudo ID of the tag is periodically updated and the proximity instruction of the tag to be periodically updated, (b) The message screen which shows the successful notification of the periodic update of the pseudo ID of the tag Figure showing an example System configuration diagram of an authentication system according to a modification of the present embodiment The block diagram which shows the internal structure of the portable terminal and authentication server in the authentication system of the modification of this embodiment.

  Hereinafter, embodiments of a mobile terminal, an authentication method, an authentication program, and an authentication system according to the present invention will be described with reference to the drawings. A portable terminal according to the present invention is an electronic device that can read an ID and data stored in a contactless IC mounted on an IC card or a tag. For example, the portable terminal, smartphone, PDA (personal digital assistant) or electronic It is a book terminal. Hereinafter, although the portable terminal which concerns on this invention is demonstrated as a smart phone, the portable terminal which concerns on this invention is not limited to each electronic device mentioned above.

  Note that the present invention can also be expressed as an authentication program for operating a device as a mobile terminal or a mobile terminal as a computer. Furthermore, the present invention can also be expressed as an authentication method including each process (step) for authentication executed by the mobile terminal. Furthermore, the present invention can be expressed as an authentication system including an IC card or tag and a mobile terminal. That is, the present invention can be expressed in any category of an apparatus, a method, a program, and a system.

(Authentication system)
FIG. 1 is a system configuration diagram of the authentication system 7 of the present embodiment. An authentication system 7 shown in FIG. 1 includes a tag 2 or an IC card 3 and a mobile terminal 4. In FIG. 1, the portable terminal 4 performs short-range wireless communication with the non-contact IC 2a of the tag 2 or the non-contact IC 3a of the IC card 3, and transmits a read signal to the tag 2 or the IC card 3. Read the ID and data from the card 3.

(Tag, IC card)
The tag 2 is configured to have a non-contact IC 2a. The non-contact IC 2 a includes a non-contact IC storage unit 2 a 1 that stores the ID and data of the tag 2 and a communication unit 2 a 2 that transmits the ID and data to the portable terminal 4.

  The IC card 3 is configured to have a non-contact IC 3a. The non-contact IC 3 a includes a non-contact IC storage unit 3 a 1 that stores the ID and data of the IC card 3 and a communication unit 3 a 2 that transmits the ID and data to the portable terminal 4.

  FIG. 5 is a diagram illustrating an example of a data structure in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a and 3a. The data structure in the non-contact IC storage units 2a1 and 3a1 shown in FIG. 5 has a configuration having an ID area and a Data area.

  In the ID area, the IDs of the tag 2 and the IC card 3 on which the non-contact IC storage units 2a1 and 3a1 are mounted are written in advance. The ID “AA: 10: FF: FA” is written in the ID area of FIG. Some IDs in the ID area are rewritable and others are not rewritable. For example, a random value is used for the former ID, and a fixed value is used for the latter ID.

  In the Data area, data specifically stored in the non-contact IC storage units 2a1 and 3a1 of the non-contact ICs 2a1 and 3a1 is written. Data “CC: AC: B1: 84: 12: 44” is written in the Data area of FIG. The data written in the Data area includes, for example, a write flag indicating that the Data area of the non-contact ICs 2a1 and 3a1 can write data by the read / write unit 13 (see later), and a pseudo ID (see later). Is applicable. The pseudo ID is different from the ID written in the ID area.

  Hereinafter, in order to simplify the description, an example in which the mobile terminal 4 performs short-distance wireless communication with the tag 2 will be described, but the description also applies to short-range wireless communication between the mobile terminal 4 and the IC card 3. Applicable.

(Mobile device)
The configuration of the mobile terminal 4 and the operation of each unit of the present embodiment will be described with reference to FIG. FIG. 2 is a block diagram showing in detail the internal configuration of the mobile terminal 4 of the present embodiment.

  In the present embodiment, the mobile terminal 4 displays an operation selection screen in the mobile terminal 4 on the display unit 21, reads the ID and data of the tag 2, and is selected from the selection screen based on the read ID and data. Whether or not the ID of the tag 2 can be used in association with information (for example, operation ID) for specifying the operation in the portable terminal 4 and the ID according to the ID registration policy (for example, security level). judge. The operation ID includes, for example, an application ID for identifying an application, a file path or URL (Uniform Resource Locator) of an application that is an access destination of an application execution file, and package / class information. Hereinafter, a security level will be exemplified and described as an example of a registration policy that is a criterion for storage (registration) of the portable terminal 4, but the example of the registration policy is not limited to the security level.

  When it is determined that the ID of the tag 2 can be used, the portable terminal 4 associates the ID of the read tag 2 with the information for specifying the operation in the portable terminal 4, and the ID of the associated tag 2 And information specifying the operation of the portable terminal 4 are stored (registered) in the storage unit.

  Furthermore, the mobile terminal 4 determines whether the tag 2 satisfies a predetermined authentication condition (see later) based on the ID and data read when the tag 2 is held over the mobile terminal 4. When it is determined that the predetermined authentication condition is satisfied, the mobile terminal 4 performs an operation according to information specifying the operation in the mobile terminal 4 associated with the read ID (see FIGS. 19 to 22). ).

  In the following description, an ID generated by a malicious third party by copying the ID of the tag 2 and the like that does not satisfy a specific authentication condition among the predetermined authentication conditions described above is defined as “clone” The tag storing the clone (ID) is defined as “clone tag”.

  In the following description, associating the ID of the tag 2 (same for the IC card 3) with the information (eg, operation ID) for specifying the operation in the portable terminal 4 is defined as “pairing”.

  The mobile terminal 4 shown in FIG. 2 includes a control unit 10, an operation unit 11, a read / write unit 13, a storage unit 17, a display unit 21, a RAM (Random Access Memory) 22, and a ROM (Read Only Memory) 23. . The control unit 10 is configured to include an operation information management unit 12, an availability determination unit 14, a pseudo ID generation unit 15, a registration unit 16, an ID validity verification unit 18, a clone detection unit 19, and an operation execution unit 20.

  Each unit of the control unit 10 is configured using a CPU (Central Processing Unit) built in the mobile terminal 4 and controls the operation of each unit of the mobile terminal 4. That is, the operation of each unit of the control unit 10 in FIG. 2 is realized by a CPU built in the portable terminal 4. Here, for convenience of explanation, each operation of the operation unit 11 and the read / write unit 13 will be described before describing the operation of each unit of the control unit 10.

  The operation unit 11 is a user interface for the user to input an operation on the mobile terminal 4, and outputs an operation signal corresponding to the user operation content to the operation information management unit 12. For example, when the mobile terminal 4 is a smartphone, the operation unit 11 is arranged on the display unit 21 and is configured with a touch panel that can accept an input operation with a user's finger or stylus pen. Further, when the mobile terminal 4 is a mobile phone, the operation unit 11 can be configured with various keys such as a numeric keypad for inputting a telephone number and the like, a telephone key for performing on-hook or off-hook, and a function key.

  The read / write unit 13 responds to any one of a plurality of types of modulation schemes to the tag 2 close to the mobile terminal 4 based on a reading instruction (see below) output from the operation information management unit 12. Send the read signal. Specifically, when the read / write unit 13 transmits a read signal of a modulation method according to the first communication standard and cannot receive the ID and data of the tag 2 according to the read signal, the second write communication 13 A read signal of a modulation method according to the standard is transmitted. When the read / write unit 13 cannot receive the ID and data of the tag 2 according to the read signal of the modulation method according to the second communication standard, the read / write unit 13 transmits the read signal of the modulation method according to another third communication standard. The same applies thereafter.

  The read / write unit 13 receives the ID and data of the tag 2 transmitted from the communication unit 2a2 of the tag 2 in response to the read signal. Thereby, the reading of the ID and data of the tag 2 of the read / write unit 13 is completed. The read / write unit 13 reads the ID and data of the tag 2 by the number of times of reading (see later) included in the reading instruction. For example, when the number of times of reading is 4, the read / write unit 13 reads the ID and data of the tag 2 four times.

  The read / write unit 13 outputs the communication standard information of the read signal when the ID and data of the tag 2 and the ID and data of the tag 2 are received to the availability determination unit 14. Furthermore, when the above-described write flag is included in the data received from the tag 2, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the write flag. Output to the availability determination unit 14.

  The read / write unit 13 transmits a write signal for writing data to the tag 2 in accordance with the modulation method similar to the read signal to the tag 2, and the pseudo ID output from the pseudo ID generation unit 15 described later is used as the tag. 2 is written in the non-contact IC storage unit 2a1. The read / write unit 13 outputs to the registration unit 16 whether or not the pseudo ID has been successfully written. In FIG. 2, an arrow between the read / write unit 13 and the registration unit 16 is not shown.

  The read / write unit 13 outputs each ID and data of the tag 2 and communication standard information of the read signal to the ID validity verification unit 18. Furthermore, when the above-described pseudo ID is included in the data of the tag 2, the read / write unit 13 verifies not only the ID and data of the tag 2, but also the pseudo ID as well as the communication standard information of the read signal. To the unit 18.

  The operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation. When “ID registration” is selected, the display unit 21 displays that the tag 2 is close to the mobile terminal 4.

  The operation information management unit 12 causes the display unit 21 to display an ID security level selection screen after the display to the effect that the tag 2 is close to the mobile terminal 4 is confirmed by user operation. In this embodiment, there are three types of security levels: “high”, “medium”, and “low”.

  FIG. 6A is a diagram illustrating an example of a security level selection screen. FIG. 6B is a diagram showing another example of the security level selection screen. In the security level selection screen shown in FIG. 6A, the operation of the mobile terminal 4 that is recommended for selection or the name of the application installed in the mobile terminal 4 is exemplarily displayed according to each security level. ing.

  The operation of the mobile terminal 4 that is recommended for selection according to the security level or the information of the application installed in the mobile terminal 4 is stored in advance in the storage unit 17 described later. It should be noted that when an application is newly installed, which security level the application corresponds to may be temporarily stored in the storage unit 17 or may be changed secondarily by a user operation.

  In the security level selection screen shown in FIG. 6B, “high”, “medium”, and “low”, which are security levels, are simply displayed on the display unit 21.

  Note that the operation information management unit 12 may automatically select the security level of the ID to be registered in accordance with the operation or application of the mobile terminal 4 selected by the user operation. This eliminates the need for the mobile terminal 4 to cause the user to select the security level of the ID to be registered for ID, thereby simplifying the user operation.

  The operation information management unit 12 can be used on the operation selection screen of the portable terminal 4 to be paired or the portable terminal 4 after the ID security level is selected by the user operation from the ID security level selection screen. In the application, a menu screen including an ID registration item is displayed on the display unit 21. The operation information management unit 12 outputs to the registration unit 16 information (for example, operation ID) that identifies the operation of the mobile terminal 4 to be paired or the operation selected as the operation according to the application menu.

  FIG. 7A is a diagram illustrating an example of an operation selection screen of the mobile terminal 4 to be paired. FIG. 7B is a diagram illustrating an example of an operation selection screen corresponding to a menu of an application to be paired. FIG. 7C is a diagram illustrating an example of a selection screen for determining whether or not to disable the activation of an application from an icon after registering the ID of the tag 2. In the description of FIG. 7, an application to be paired is, for example, application Z.

  In the selection screen shown in FIG. 7A, for example, (1) browser activation, (2) terminal lock, (3) SafetyBox,... Are shown as operations of the portable terminal 4 to be paired. . The selection screen in FIG. 7A is a screen that is displayed when the above-described ID setting application is started in a state where the standby screen is displayed on the display unit 21, for example. The terminal lock is a function for preventing the use of a third-party mobile terminal 4 that does not know a password such as a password, for example, in order to ensure the security of the mobile terminal 4. The SafetyBox is an application that keeps important information or data of the user of the mobile terminal 4.

  In the selection screen shown in FIG. 7 (b), for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag ID exchange as the menu of application Z to be paired ,…It is shown. The selection screen of FIG. 7B is different from the selection screen of FIG. 7A in that the application Z to be paired is activated in advance by a user operation, and the ID setting (registration, deletion) described above in the application Z is performed. ) This is the screen displayed when the function is activated. (3) When the tag ID registration is selected, the mobile terminal 4 proceeds to a process of registering an ID for pairing with an operation ID indicating activation of the application Z to be paired.

  Note that the selection screen illustrated in FIG. 7C is displayed after ID registration performed as a result of (3) tag ID registration being selected in the selection screen illustrated in FIG. 7B, for example. In the selection screen of FIG. 7C, when the ID of the tag 2 has been registered, the user interface including the application Z icon is hidden on the display unit 21 or the user interface including the application Z icon is displayed. It is a screen for inquiring of the user whether or not to perform invalidation setting so as not to start the application Z based on a user operation.

  When “YES” is selected on the selection screen of FIG. 7C, the mobile terminal 4 (the registration unit 16) sets the user interface including the icon for starting the application Z to be in a non-display state. The instruction is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.

  Thereby, since the user interface including the icon of the application Z is not displayed on the display unit 21, the portable terminal 4 can easily hide the presence of the application Z from the user, and the tag 2 is held over the portable terminal 4. Thus, the application Z can be activated only when a predetermined authentication condition described later is satisfied. Therefore, the portable terminal 4 can similarly hide the presence of the application Z from, for example, a malicious third party other than the user, and can prevent the third party's application Z from being activated.

  When “YES” is selected on the selection screen of FIG. 7C, the mobile terminal 4 (the registration unit 16) selects the application Z based on the user operation of the user interface including the icon of the application Z. The setting instruction for setting the non-operation setting state is paired with the ID of the tag 2 to be paired and the operation ID indicating the activation of the application Z and stored (registered) in the storage unit 17.

  Thereby, although the portable terminal 4 cannot hide the presence of the application Z from the user, the activation of the application Z can be prevented from the user operation of the icon, and the tag 2 is held over the portable terminal 4 and will be described later. The application Z can be activated only when a predetermined authentication condition is satisfied. Therefore, the mobile terminal 4 can prevent, for example, a malicious third party who does not have the tag 2 possessed by the user from starting the application Z.

  The operation information management unit 12 uses a menu operation “ID” (registration / deletion) that has been installed in advance in the portable terminal 4 or an ID setting (registration / deletion) function called in an application that has been activated by a user operation. When “ID deletion” is selected (see FIG. 8A), an ID already registered is read from the storage unit 17 and a selection screen of an ID to be deleted is displayed on the display unit 21.

  FIG. 8A is a diagram illustrating an example of an ID selection screen to be deleted. In the selection screen shown in FIG. 8A, as IDs to be deleted, (1) tag A (ID: XX, photo A), (2) IC card B (ID: YY, photo B),. It is shown. The photograph A is image data representing a photograph of the tag A. For example, when the ID of the tag A is stored (registered) in the storage unit 17, the image of the tag A is captured by an imaging unit (not shown in FIG. 2) according to a user operation. A photograph is captured, and the captured image data is also stored (registered) in the storage unit 17 in association with the ID of the tag A. Thus, when deleting the ID, the user can specifically recall which tag the name or ID of the tag A is by browsing the photo A, and can stop deleting the ID of the tag A. You can also. Since the same applies to the IC card B (ID: YY, photo B), description thereof is omitted.

  In addition, the operation information management unit 12 uses the ID for pairing between the ID and the operation ID based on the security level of the selected ID and the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application. The availability determination unit 14 is instructed to determine whether the availability is possible.

  In addition, the operation information management unit 12 reads the ID and data of the tag 2 when the tag 2 is brought close to the portable terminal 4 by a user operation in response to a display indicating that the tag 2 is brought close to the portable terminal 4. In addition, a reading instruction including the number of readings is output to the read / write unit 13.

  The availability determination unit 14 acquires the ID and data of the tag 2 read by the read / write unit 13. Based on the ID and data of the tag 2 read by the read / write unit 13, the availability determination unit 14 performs an operation according to the operation of the mobile terminal 4 or the application menu selected by the user operation or the operation information management unit 12. It is determined whether the ID of the tag 2 can be used for the pairing of the operation ID and the ID of the tag 2 according to the user operation or the security level selected by the operation information management unit 12.

  FIG. 3 is a block diagram showing in detail the internal configuration of the availability determination unit 14. 3 includes an ID fixing determination unit 31, an ID type determination unit 32, a write permission determination unit 33, an ID size determination unit 34, and a security level conformity determination unit 35. Here, the operation of each unit of the availability determination unit 14 will be described.

  The ID fixing determination unit 31 determines whether or not the ID of the tag 2 read by the read / write unit 13 is a fixed value. The read / write unit 13 reads the ID of the tag 2 by the number of times of reading included in the reading instruction output from the operation information management unit 12. When the number of readings is four, the ID fixing determination unit 31 determines whether or not all four IDs are fixed values, that is, the four IDs have the same value.

  The ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13.

  The writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. It is determined that Further, when the read / write unit 13 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.

  The ID size determination unit 34 determines the ID size of the tag 2 read by the read / write unit 13. For example, when the ID size of the tag 2 read by the read / write unit 13 is 6 digits, the ID size determination unit 34 sets the ID size of the tag 2 read by the read / write unit 13 to 6 digits. judge.

  The security level conformity determination unit 35 is a read / write unit based on one or more determination results of the determination results of the ID type determination unit 32, the write permission / rejection determination unit 33, and the ID size determination unit 34. It is determined whether or not the ID of the tag 2 read by 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12. The determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34 are the ID type of the tag 2, the writability of data, and the ID size of the tag 2.

  When it is determined that the ID of the tag 2 read by the read / write unit 13 matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12, the security level conformity determination unit 35 The ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16 assuming that the ID can be used for pairing the ID and the ID of the tag 2.

  Specifically, the security level conformity determination unit 35 selects the ID of the tag 2 read by the read / write unit 13 by the user operation or operation information management unit 12 based on the security level table ST shown in FIG. It is determined whether the security level of the ID of the tag 2 is met.

  The security level conformity determination unit 35 is based on the determination result of only the ID size determination unit 34, and the operation of the mobile terminal 4 selected by the user operation or the operation information management unit 12 or the operation according to the application menu Whether or not the ID of the tag 2 can be used for pairing between the ID and the ID of the tag 2 may be determined according to the security level selected by the user operation or the operation information management unit 12.

  FIG. 9 is a diagram illustrating an example of a security level table stored in the storage unit 17. In FIG. 9, three types of security levels “high”, “medium”, and “low” are defined. For example, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “high”, the ID size is “8 to 16 digits” and the type is “type 1 ( Example: Type B) ”and the write permission / prohibition is“ permitted ”(that is, writable), it is determined that the security level of the tag 2 ID is suitable.

  Similarly, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “medium”, the ID size is “5 to 7 digits” and the type is “type 2”. (Example: Type A) ”, and the write permission / prohibition is“ possible ”(that is, write is possible), it is determined that the security level of the tag 2 ID is suitable.

  Similarly, when the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 is “low”, the ID size is “4 digits” and the type is “type 3 (example: ISO 15693) ”and the write permission / prohibition is“ impossible ”(that is, writing is impossible), it is determined that the security level of the ID of the tag 2 is suitable.

  Further, in the security level table ST illustrated in FIG. 9, the operation of the mobile terminal 4 that is recommended for selection or the application installed in the mobile terminal 4 is exemplarily determined according to the security level. The operation information management unit 12 reads the content of “corresponding operation, corresponding application” recommended for selection according to each level of the security level table ST, and displays the selection screen shown in FIG. indicate.

  The pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 or the clone detection unit 19 (the pseudo ID determination unit 41) described later. The pseudo ID generation unit 15 outputs the generated pseudo ID to the registration unit 16. The pseudo ID is a random value, and the pairing of the operation ID of the operation of the mobile terminal 4 according to the security level of the ID of the tag 2 or the operation according to the menu of the application and the ID of the tag 2 This is a value written in the Data area of the non-contact IC storage unit 2a1 of the tag 2 when the ID is usable and data can be written to the tag 2.

  The registration unit 16 calculates a digest value of the predetermined data using a keyed hash function program for the predetermined data. The program of the keyed hash function may be defined in advance in the operation of the registration unit 16, or may be stored in the storage unit 17. When the keyed hash function program is stored in the storage unit 17, the registration unit 16 operates the keyed hash function program stored in the storage unit 17 when calculating the digest value. Read and execute automatically.

  The registration unit 16 uses a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 when the availability determination unit 14 determines that the ID of the tag 2 is usable. The digest value of the tag 2 ID is calculated. The case where the ID of the tag 2 is usable means that the operation in the portable terminal 4 according to the security level of the ID of the tag 2 selected by the user operation or the operation information management unit 12 or the operation according to the menu of the application This is a case where it is determined that the ID of the tag 2 can be used for pairing the ID and the ID of the tag 2.

  The registration unit 16 pairs the calculated digest value of the ID of the tag 2 with the operation ID output from the operation information management unit 12, and sets the digest value of the ID of the paired tag 2 and the operation ID. Store (register) in the storage unit 17.

  When the data can be written to the tag 2, the registration unit 16 calculates a digest value of the pseudo ID by using a keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15. The registration unit 16 pairs the digest value of the ID of the tag 2 stored (registered) in the storage unit 17, the operation ID, and the digest value of the pseudo ID, and the digest value of the ID of the paired tag 2 The operation ID and the digest value of the pseudo ID are stored (registered) in the storage unit 17.

  The registration unit 16 indicates that not only the operation ID, the digest value of the ID of the tag 2 and the digest value of the pseudo ID, but also that data can be written to the tag 2, that the ID of the tag 2 is a fixed value, The ID size and the ID type of the tag 2 may be further paired.

  Similar to the registration unit 16, the ID validity verification unit 18 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data. The key hash function program may be defined in advance in the operation of the ID validity verification unit 18 or may be stored in the storage unit 17. When a keyed hash function program is stored in the storage unit 17, the ID validity verification unit 18 calculates the digest value of the keyed hash function stored in the storage unit 17. Load and execute the program dynamically.

  The ID validity verification unit 18 acquires the ID read by the read / write unit 13, the pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), and the communication standard information of the read signal. . The ID validity verifying unit 18 calculates a digest value of the ID using a keyed hash function program for the ID read by the read / write unit 13.

  The ID validity verification unit 18 determines whether or not a digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (authentication condition 1). When it is determined that the digest value that is the same as the calculated digest value of the ID is not stored (registered) in the storage unit 17, the ID validity verification unit 18 sets the ID read by the read / write unit 13. Based on this, an authentication result indicating that the user cannot use the ID is output to the operation information management unit 12.

  If it is determined that the same digest value as the calculated digest value of the ID is registered in the storage unit 17, the ID validity verification unit 18 determines the ID, pseudo ID (non-contact IC storage unit of the tag 2). 2a1), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.

  The ID validity verifying unit 18 satisfies all the authentication conditions, and stores (registers) the digest value of the new pseudo ID generated by the pseudo ID generating unit 15 using the keyed hash function in the storage unit 17. An operation execution instruction for executing the operation represented by the operation ID paired with the ID of the tag 2 read by the unit 13 is output to the operation execution unit 20.

  The clone detection unit 19 includes an ID output from the ID validity verification unit 18, a pseudo ID (when stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2), communication standard information of the read signal, and clone detection Based on the determination instruction, it is determined whether or not the ID read by the read / write unit 13 is a clone.

  FIG. 4 is a block diagram showing the internal configuration of the clone detection unit 19 in detail. The clone detection unit 19 illustrated in FIG. 4 includes a pseudo ID determination unit 41, an ID type determination unit 42, and a writability determination unit 43. Here, the operation of each part of the clone detection unit 19 will be described.

  Similar to the registration unit 16, the pseudo ID determination unit 41 calculates a digest value of predetermined data using a keyed hash function program for the predetermined data. The keyed hash function program may be specified in advance in the operation of the pseudo ID determination unit 41 or may be stored in the storage unit 17. When the keyed hash function program is stored in the storage unit 17, the pseudo ID determination unit 41 calculates the digest value and stores the keyed hash function program stored in the storage unit 17. Is dynamically loaded and executed.

  When there is a pseudo ID paired with the ID registered in the storage unit 17, the pseudo ID determination unit 41 adds a keyed hash function program to the pseudo ID output from the ID validity verification unit 18. Use to calculate the digest value of the pseudo ID. The pseudo ID determination unit 41 determines whether the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 (authentication condition 3), or is stored in the storage unit 17 It is determined whether or not it is the digest value of the latest pseudo ID among a plurality of pseudo IDs (authentication condition 4).

  When it is determined that the calculated pseudo ID digest value is not the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17, the pseudo ID determination unit 41 reads / writes the pseudo ID The authentication result that the ID of the tag 2 read by 13 is a clone is output to the ID validity verification unit 18.

  When the pseudo ID determination unit 41 determines that the calculated pseudo ID digest value is the digest value of the latest pseudo ID among a plurality of pseudo IDs stored (registered) in the storage unit 17. Then, a generation instruction for generating a new pseudo ID is output to the pseudo ID generation unit 15.

  The ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13. Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether or not the determined ID type of the tag 2 is the same as the ID type paired with the ID of the tag 2 stored (registered) in the storage unit 17. (Authentication condition 2).

  In the portable terminal 4 according to the present embodiment, the ID type determination unit 32 of the availability determination unit 14, the ID type determination unit 42 of the clone detection unit 19, and two ID type determination units are described. However, two ID type determination units may be shared as one ID type determination unit. Further, the same applies to the writability determination unit 33 of the use permission determination unit 14 and the writability determination unit 43 of the clone detection unit 19. Thereby, the circuit configuration of the portable terminal 4 can be reduced.

  The ID type determination unit 42 determines that the ID type of the determined tag 2 is not the same as the ID type of the same tag paired with the ID of the tag 2 stored (registered) in the storage unit 17. If the ID of the tag 2 read by the read / write unit 13 is a clone, the authentication result indicating that the ID is a clone is output to the ID validity verification unit 18.

  The writability determination unit 43 determines whether the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (authentication condition 5). Specifically, when the write flag is not output from the ID validity verification unit 18, that is, from the Data area of the non-contact IC storage unit 2 a 1 of the tag 2 by the read / write unit 13. When the write flag is not read, the authentication result that the ID of the tag 2 read by the read / write unit 13 is a clone is output to the ID validity verification unit 18.

  When the write flag is output from the ID validity verification unit 18, that is, the write permission determination unit 43 reads the write flag from the Data area of the non-contact IC storage unit 2a1 of the tag 2 by the read / write unit 13. If it is determined, it is determined that a new pseudo ID can be written in the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2.

  Further, when the read / write determination unit 43 obtains a write success notification from the read / write unit 13 that the read / write unit 13 has actually written data to the tag 2, the non-contact IC 2a of the tag 2 does not contact the non-contact IC 2a. It may be determined that data can be written to the IC storage unit 2a1.

  The operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18.

  The storage unit 17 is configured using a hard disk or a flash memory built in the mobile terminal 4, and includes, for example, a security level table ST (see FIG. 9), an application executed by the operation execution unit 20, and an availability determination unit. 14, the ID of the tag 2 determined to be usable and the selected operation ID are paired and stored.

  The display unit 21 is configured by using an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence), and based on the display instruction output from the operation information management unit 12, the display instruction is output from the operation information management unit 12. Display the corresponding contents.

  The RAM 22 operates as a work memory in each operation of each unit of the control unit 10. In FIG. 2, an arrow from each part of the control unit 10 to the RAM 22 is not shown.

  The ROM 23 stores a program in which each operation of each unit of the control unit 10 of the mobile terminal 4 is defined in advance. Each unit of the control unit 10 can be configured by hardware or software. In particular, when each unit of the control unit 10 is configured by software, the CPU built in the portable terminal 4 reads a program in which each operation of each unit of the control unit 10 is defined in advance from the ROM 23, so that the control unit 10 10 units can operate. In FIG. 2, the arrow to the ROM 23 is not shown.

(Operation of portable terminal: ID setting (ID registration, ID deletion) application or processing in ID setting menu)
Next, the operation of the portable terminal 4 in the ID setting menu called in the ID setting application installed in the portable terminal 4 or an application already activated will be described with reference to FIG. FIG. 10 is a flowchart for explaining processing in the ID setting application or the ID setting function in the mobile terminal 4 of the present embodiment.

  The ID setting application or the ID setting menu called in the application includes a menu (ID registration) for storing (registering) the ID of the tag or IC card read by the read / write unit 13 in the portable terminal 4, and already At least a menu (ID deletion) for deleting the ID of the tag or IC card stored (registered) in the portable terminal 4 can be executed. When the ID setting application or the ID setting menu called up in the application is activated for the first time, the master ID stored in the master tag or the master PIN (Personal Identification Number) must be registered for user identification. Is preferred.

  The master tag is a tag that stores a master ID that proves the identity of the user in identity confirmation in the ID setting application or ID setting menu of the mobile terminal 4, and is affixed to, for example, a drawer on the desk of the user's home. Yes. When the ID setting application or the ID setting menu is activated and the master tag input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user brings the mobile terminal 4 close to the master tag. As a result, the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and the identity verification succeeds when the same ID as the master ID of the master tag stored (registered) in the storage unit 17 is read. It is determined that

  The master PIN is a personal identification number (PIN) that proves the identity of the user in identity verification in the ID setting application of the mobile terminal 4. When the ID setting application or the ID setting menu is activated and the master PIN input screen for identity verification is displayed on the display unit 21 by the operation information management unit 12, the user enters the master PIN in the input field of the input screen. input. As a result, the operation information management unit 12 of the mobile terminal 4 confirms the identity of the user, and when the same PIN as the master PIN stored (registered) in the storage unit 17 is input by a user operation, the identity confirmation is performed. Judge as successful.

  In FIG. 10, the operation information management unit 12 confirms the identity of the user who uses the mobile terminal 4 (S11). The identity verification of the user is performed using the above-described master tag or master PIN. When the operation information management unit 12 determines that the user identification has not been successful (S12, NO), the operation information management unit 12 does not allow the user to use the ID setting application or the ID setting menu. Thereby, the process of the flowchart of FIG. 10 is completed.

  When the operation information management unit 12 determines that the user identity has been successfully confirmed (S12, YES), the ID registration or ID deletion process is selected from the ID setting application or the ID setting menu by the user operation. (S13).

  When the ID deletion process is selected (S13, ID deletion), the operation information management unit 12 reads the ID stored (registered) from the storage unit 17 and selects the ID to be deleted. Is displayed on the display unit 21 (S14). When any ID is selected by a user operation on the selection screen displayed on the display unit 21 (S15, YES), the operation information management unit 12 selects the ID selected by the user operation in step S15 and the ID. The operation ID paired with is deleted. As a result, the ID deletion process of FIG. 10 ends.

  When the ID registration process is selected (S13, ID registration), the operation information management unit 12 displays on the display unit 21 that the tag 2 is brought close to the portable terminal 4 (S16). The operation information management unit 12 displays an ID security level selection screen on the display unit 21 after confirming that the tag 2 is brought close to the portable terminal 4 by a user operation (S17).

  When any security level is selected by a user operation on the selection screen displayed on the display unit 21 (S18, YES), the operation information management unit 12 performs the operation of the mobile terminal 4 to be paired. In the selection screen or an application that can be used on the mobile terminal 4, a menu screen including an ID registration item is displayed on the display unit 21 (S19).

  When any operation is selected by a user operation on the selection screen displayed on the display unit 21 (S20, YES), the operation information management unit 12 determines the security level of the selected ID and the operation of the mobile terminal 4 Alternatively, based on the operation ID of the operation according to the menu of the application, the availability determining unit 14 is instructed to determine whether or not the ID can be used for pairing the ID and the operation ID.

  The availability determination unit 14 is selected by the user operation or the operation information management unit 12 based on the instruction for availability determination from the operation information management unit 12 and the ID and data of the tag 2 read by the read / write unit 13. In the pairing of the operation ID of the operation according to the operation of the mobile terminal 4 or the menu of the application and the ID of the tag 2, the ID of the tag 2 is set according to the security level selected by the user operation or the operation information management unit 12. It is determined whether or not it can be used (S21). The availability determination process in step S21 will be described later with reference to FIG.

  If it is determined after step S21 that the ID of the tag 2 is not usable (S22, NO), the operation information management unit 12 indicates that the ID of the tag 2 is not usable by the availability determination unit 14. The availability determination processing result is acquired, and the display unit 21 displays that the ID of the tag 2 is not available. As a result, the ID registration process of FIG. 10 ends.

  If it is determined that the ID of the tag 2 is usable after step S21 (S22, YES), the operation information management unit 12 indicates that the ID of the tag 2 is usable by the availability determination unit 14. Is obtained, and it is determined whether or not the ID of the tag 2 is already paired and stored (registered) in the storage unit 17 (S23). When it is determined that the ID of the tag 2 can be used (S22, YES), the availability determination unit 14 outputs the ID of the tag 2 determined to be usable to the registration unit 16.

  If it is determined that the ID of the tag 2 has already been paired and stored (registered) in the storage unit 17 (S23, YES), the ID registration process has already been performed and the ID of FIG. The registration process ends.

  When it is determined that the ID of the tag 2 has not been paired and stored (registered) in the storage unit 17 (S23, NO), the operation information management unit 12 selects the operation selected as the pairing target The ID is output to the registration unit 16.

  The registration unit 16 calculates a digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the availability determination unit 14 (S24). Furthermore, the registration unit 16 pairs the operation ID output from the operation information management unit 12 with the digest value of the ID of the tag 2 and stores (registers) it in the storage unit 17 (S24).

  The registration unit 16 outputs a pseudo ID generation instruction to the pseudo ID generation unit 15. The pseudo ID generation unit 15 generates a pseudo ID based on the pseudo ID generation instruction output from the registration unit 16 (S25). The pseudo ID generation unit 15 outputs the generated pseudo ID to the read / write unit 13 and the registration unit 16, respectively. The read / write unit 13 and the registration unit 16 each acquire the pseudo ID output from the pseudo ID generation unit 15.

  The read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the pseudo ID output from the pseudo ID generation unit 15 as the non-tag of the tag 2. Write to the contact IC storage unit 2a1 (S26).

  If writing of the pseudo ID to the tag 2 is not successful in step S26 (S27, NO), the tag 2 is selected in step S13 as a tag incapable of writing data to the non-contact IC storage unit 2a1. The ID registration process is completed. As a result, the ID registration process of FIG. 10 ends.

  If the pseudo ID is successfully written to the tag 2 in step S26 (S27, YES), the registration unit 16 uses the keyed hash function program for the pseudo ID output from the pseudo ID generation unit 15 to generate the pseudo ID. The digest value is calculated (S28). Furthermore, the registration unit 16 stores the operation ID stored (registered) in the storage unit 17 in step S24, the digest value of the tag 2 ID, and the pseudo ID digest value calculated in step S28 in a paired manner. It is stored (registered) in the unit 17 (S28). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.

  Based on the storage (registration) end notification from the registration unit 16, the operation information management unit 12 displays the ID and operation ID stored in the storage unit 17 on the display unit 21 (FIG. 8B). reference). FIG. 8B is a diagram illustrating an example of the availability determination processing result indicating that the ID is usable. In the availability determination process result shown in FIG. 8B, available IDs and various information paired with the IDs are displayed. The various information includes, for example, an operation ID, a pseudo ID, that data can be written to the tag 2, that the ID is fixed, the size of the ID, the type of ID, the name of the tag 2, and the like. As a result, the ID registration process of FIG. 10 ends.

(Operation of portable terminal: availability determination process in availability determination unit 14)
Next, the availability determination process in the availability determination unit 14 in step S21 of FIG. 10 will be described with reference to FIG. FIG. 11 is a flowchart illustrating ID availability determination processing in the mobile terminal 4 of the present embodiment.

  In FIG. 11, the read / write unit 13 initializes the number N of read signal transmissions based on the read instruction output from the operation information management unit 12 (S31), and the number of read signal transmissions to be actually transmitted (read). The number of times M is determined (S32).

  In step S32, the number M of read signal transmissions may be determined according to the security level selected in step S17 in FIG. 10, or may be determined as a constant value (eg, M = 5) regardless of the security level. May be. For example, when the selected security level is “high”, the read signal transmission count M is “5”, and when the selected security level is “medium”, the read signal transmission count M is When “3” is selected and the selected security level is “low”, the read signal transmission count M is “2”. Note that even when the ID of the tag 2 is read in the authentication process described later, the determination of the number of transmissions M may be applied.

  After the read signal transmission count M is determined in step S32, the read / write unit 13 starts transmitting the read signal (S33). The read / write unit 13 reads when the number N of read signal transmissions reaches the parameter M (YES in S34), that is, when the ID and data are read M times from the tag 2 by transmitting the read signal M times. The signal transmission is stopped (S36). If the read signal transmission count N has not reached the parameter M (S34, NO), the read / write unit 13 increments the parameter N (S35). After step S35, until the number N of read signal transmissions reaches the parameter M, reading of the ID and data of the tag 2 by the read / write unit 13 is repeated.

  The ID fixing determination unit 31 determines whether or not all the M IDs of the tag 2 read by the read / write unit 13 are fixed values (S37). When it is determined that all of the M IDs are not fixed values (S37, NO), the ID fixing determination unit 31 uses that the IDs of the tag 2 cannot be used because the M IDs are random numbers. The result of the availability determination process is output to the operation information management unit 12. Thereby, the availability determination process in FIG. 11 ends.

  When it is determined that all the M IDs are fixed values (S37, YES), the ID type determination unit 32 determines the ID type of the tag 2 read by the read / write unit 13 (S38). Specifically, the ID type determination unit 32 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13 (S38).

  After step S38, the writability determination unit 33 determines whether data can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S39). Specifically, when the write flag is output from the read / write unit 13, the writability determination unit 33 can write data to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2. (S39).

  After step S39, the ID size determination unit 34 determines the size of the ID of the tag 2 read by the read / write unit 13 (S40).

  After step S40, the security level conformity determination unit 35 determines the tag 2 read by the read / write unit 13 based on the determination results of the ID type determination unit 32, the writability determination unit 33, and the ID size determination unit 34. It is determined whether the ID matches the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41).

  The security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 conforms to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 (S41). YES), the availability determination processing result indicating that the ID of the tag 2 is usable is output to the operation information management unit 12, and the ID of the tag 2 read by the read / write unit 13 is output to the registration unit 16. . Thereby, the availability determination process in FIG. 11 ends.

  The security level conformity determination unit 35 determines that the ID of the tag 2 read by the read / write unit 13 does not conform to the security level of the ID of the tag 2 selected by the user operation or operation information management unit 12 ( (S41, NO), the operation information management unit 12 outputs the availability determination result of the reason information indicating that the ID of the tag 2 is unusable and why the ID of the tag 2 is unusable. The operation information management unit 12 causes the display unit 21 to display reason information indicating why the ID of the tag 2 is unavailable in response to the output from the security level conformity determination unit 35. Thereby, the availability determination process in FIG. 11 ends.

(Overview of clone detection operation)
Next, an outline of clone detection operation in the mobile terminal 4 will be described with reference to FIGS. 12 and 13. FIG. 12 is an explanatory diagram showing a first pattern of clone detection in the mobile terminal of this embodiment. FIG. 13 is an explanatory diagram showing a second pattern of clone detection in the mobile terminal of this embodiment. In order to simplify the description, in FIG. 12 and FIG. 13, it is assumed that what is stored (registered) in the storage unit 17 is a pseudo ID and not a digest value of the pseudo ID.

  In the authentication system shown in FIG. 12, the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. The portable terminal 4 authenticates the tag 2 when the tag 2 comes close to the portable terminal 4. That is, the portable terminal 4 determines whether the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2. The authentication process will be described later with reference to FIG.

  The portable terminal 4 reads the pseudo ID 1 stored in the tag 2 in the authentication process (Step 1) and authenticates the tag 2 (Step 2). When the authentication of the tag 2 is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2 and the storage unit 17 (Step 3). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 (Step 4).

  Assume that after authentication of the tag 2 succeeds in the mobile terminal 4, a malicious third party illegally copies the tag 2 to generate the tag 2 '(Step 5). In FIG. 12, a tag 2 'is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2a'.

  The portable terminal 4 authenticates the tag 2 ′ when the tag 2 ′ is brought close to the portable terminal 4 by a malicious third party. However, since the pseudo ID has been updated to pseudo ID 2 by the mobile terminal 4 in Step 3, since the pseudo ID 1 of the tag 2 ′ and the pseudo ID 2 of the mobile terminal 4 are different from each other, the tag 2 is detected as having detected the existence of the clone. It is determined that authentication of 'failed.

  In the authentication system shown in FIG. 13, the tag 2 is a legitimate first generation tag that is an original and not a clone tag, and stores the pseudo ID 1 in the non-contact IC 2a. It is assumed that a malicious third party illegally copies the tag 2 and generates the tag 2 '(Step 1). In FIG. 13, a tag 2 ′ is generated by unauthorized copying of the tag 2, and the first generation clone (ID) and pseudo ID 1 are stored in the non-contact IC 2 a ′.

  The portable terminal 4 authenticates the tag 2 ′ when the tag 2 ′ comes close to the portable terminal 4. That is, the mobile terminal 4 determines whether or not the ID of the tag 2 ′ has already been stored (registered) as an ID that can be used in the mobile terminal 4. The authentication process will be described later with reference to FIG.

  The portable terminal 4 reads the pseudo ID 1 stored in the tag 2 'in the authentication process (Step 2), and authenticates the tag 2' (Step 3). If the authentication of the tag 2 'is successful, the mobile terminal 4 updates the pseudo ID stored in the tag 2' and the storage unit 17 (Step 4). The updated pseudo ID is assumed to be pseudo ID2. The portable terminal 4 writes the pseudo ID 2 in the tag 2 '(Step 5).

  When the tag 2 is brought close to the portable terminal 4 by a legitimate user, the portable terminal 4 reads the pseudo ID 1 stored in the tag 2 (Step 6) and authenticates the tag 2 (Step 7). However, since the pseudo ID is updated to pseudo ID 2 by the mobile terminal 4 in Step 4, the pseudo ID 1 of the tag 2 and the pseudo ID 2 of the mobile terminal 4 are different from each other in the mobile terminal 4. It is determined that the authentication of the tag 2 has failed because the presence of the clone is detected (Step 8). In this case, it is preferable to invalidate the ID of the tag 2 stored (registered) in the storage unit 17 of the mobile terminal 4.

  Next, the state of each ID and pseudo ID of the storage unit 17, the clone tag and the tag 2 when no clone is detected and when a clone is detected will be described with reference to FIGS. FIG. 14 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17 and the tag 2 when no clone is detected. FIG. 15 is an explanatory diagram showing IDs and pseudo IDs of the storage unit 17, clone tag, and tag 2 when a clone is detected.

  The tag 2 stores the ID of a fixed value (ID1) in the ID area of the non-contact IC storage unit 2a1, and enables the pseudo ID to be stored in the Data area of the non-contact IC storage unit 2a1. In the description of FIG. 15, it is assumed that the clone tag is used between the first use and the second use of the tag 2.

  In FIG. 14, in the initial state, the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent. When the tag 2 is newly stored (registered) in the portable terminal 4, the ID (ID1) and the pseudo ID (PID1) are stored (registered) in the storage unit 17, and the data in the non-contact IC storage unit 2a1 of the tag 2 is stored. A pseudo ID (PID1) is stored in the area.

  After the tag 2 is stored (registered), when the tag 2 is used for the first time, that is, when the tag 2 succeeds in the first authentication in the portable terminal 4, the pseudo ID stored (registered) in the storage unit 17 is PID1. The pseudo ID stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.

  Similarly, when the tag 2 is used for the nth time, that is, when the tag 2 succeeds in the nth authentication in the portable terminal 4, the pseudo ID stored (registered) in the storage unit 17 is obtained from PID (n-2). The pseudo ID updated to PID (n−1) and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID (n−2) to PID (n−1).

  In FIG. 15, in the initial state, the ID and pseudo ID of the tag 2 are not stored (registered) in the storage unit 17, and the pseudo ID is also stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2. Absent. When the tag 2 is stored (registered) in the portable terminal 4, the ID (ID 1) and the pseudo ID (PID 1) are stored (registered) in the storage unit 17, and are stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2. A pseudo ID (PID1) is stored.

  After the tag 2 is stored (registered), when the tag 2 is used for the first time, that is, when the tag 2 succeeds in the first authentication in the portable terminal 4, the pseudo ID stored in the storage unit 17 is changed from PID1 to PID2. The pseudo ID updated and stored in the Data area of the non-contact IC storage unit 2a1 of the tag 2 is updated from PID1 to PID2.

  When the clone tag is used for the first time after the first use of the tag 2, that is, when the clone tag succeeds in the first authentication in the mobile terminal 4, the pseudo stored in (registered) in the storage unit 17 The ID is updated from PID2 to PID3, and the pseudo ID stored in the Data area of the non-contact IC storage unit of the clone tag is updated from PID2 to PID3.

  After the first use of the clone tag, when the tag 2 is used for the second time, the mobile terminal 4 stores the pseudo ID 3 stored (registered) in the storage unit 17 and the Data area of the non-contact IC storage unit 2a1 of the tag 2 It is determined that the pseudo ID 2 stored in the ID does not match. That is, the portable terminal 4 determines that the clone tag exists when the tag 2 is used for the second time and that the clone tag has been used before the second use of the tag 2.

(Mobile device operation: Authentication process)
Next, an authentication process for the ID of the tag 2 in the portable terminal 4, that is, a process for determining whether or not the tag 2 satisfies a predetermined authentication condition based on the ID and data of the tag 2 will be described with reference to FIG. To do. FIG. 16 is a flowchart for explaining the authentication process of the tag 2 in the mobile terminal 4 of the present embodiment. The authentication process in FIG. 16 starts when the tag 2 to be authenticated is brought close to the mobile terminal 4.

  In FIG. 16, the read / write unit 13 reads the ID and data of the tag 2 by transmitting a read signal to the tag 2 by the number of times set in advance (S51). Although detailed description of step S51 is omitted, the read / write unit 13 operates in step S51 in the same manner as the processes in steps S31 to S35 of FIG. The read / write unit 13 outputs the ID and data of the tag 2 and the communication standard information of the read signal to the ID validity verification unit 18. Further, when the tag 2 data includes a pseudo ID, the read / write unit 13 includes not only the ID and data of the tag 2 and the communication standard information of the read signal but also the pseudo ID as an ID validity verification unit 18. Output to.

  The ID validity verifying unit 18 calculates the digest value of the ID of the tag 2 by using a keyed hash function program for the ID of the tag 2 output from the read / write unit 13 (S52). The ID validity verification unit 18 determines whether or not a digest value identical to the calculated digest value of the ID of the tag 2 is stored (registered) in the storage unit 17 (S53, authentication condition 1).

  When it is determined that the digest value identical to the calculated digest value of the ID is not stored (registered) in the storage unit 17 (S53, NO), the ID validity verification unit 18 uses the read / write unit 13. Based on the ID of the read tag 2, an authentication result indicating that the user cannot use the ID of the tag 2 is output to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B). Thereby, the authentication process of FIG. 16 is completed. FIG. 17B is a diagram illustrating an example of an authentication result indicating that the authentication has failed.

  When it is determined that the digest value identical to the calculated digest value of the ID is stored (registered) in the storage unit 17 (S53, YES), the ID validity verification unit 18 determines the ID of the tag 2, The pseudo ID (when stored in the Data area of the non-contact IC storage unit 2 a 1 of the tag 2), the communication standard information of the read signal and the clone detection determination instruction are output to the clone detection unit 19.

  The ID type determination unit 42 determines the ID type of the tag 2 read by the read / write unit 13 (S54). Specifically, the ID type determination unit 42 determines the ID type of the tag 2 based on the communication standard information of the read signal output from the read / write unit 13. The ID type determination unit 42 determines whether the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17. (S54, authentication condition 2).

  When it is determined that the ID type of the determined tag 2 is not the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17 (NO in S54). The ID type determination unit 42 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 is a clone tag) to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed. FIG. 18A shows that a clone has been detected and the previous authentication success date and location.

  When the mobile terminal 4 includes a timer and a GPS (Global Positioning System) receiver (not shown in FIG. 2), the operation information management unit 12 uses the previous authentication result as an authentication result indicating that a clone has been detected. It is preferable to display the date (including time) and location at the time of success on the display unit 21. Thereby, the portable terminal 4 can provide the user with a hint as to when and where the clone was generated.

  When it is determined that the ID type of the determined tag 2 is the same as the ID type associated with the ID of the tag 2 stored (registered) in the storage unit 17 (YES in S54) ), The pseudo ID determination unit 41 determines whether or not there is a pseudo ID associated with the ID and the action ID in the storage unit 17 (S55).

  When it is determined in the storage unit 17 that there is no pseudo ID associated with the ID and the operation ID (S55, NO), the pseudo ID determination unit 41 determines the ID of the tag 2 read by the read / write unit 13. The fact that the authentication was successful is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an operation execution instruction to the operation execution unit 20 to execute the operation indicated by the operation ID associated with the ID of the tag 2 read by the read / write unit 13. The operation execution unit 20 executes the operation represented by the operation ID associated with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ).

  When it is determined in the storage unit 17 that there is a pseudo ID associated with the ID and the action ID (S55, YES), the pseudo ID determination unit 41 uses the pseudo ID output from the ID validity verification unit 18 as a key. The digest value of the pseudo ID is calculated using the attached hash function program (S56).

  The pseudo ID determination unit 41 determines whether the calculated digest ID of the pseudo ID is the same as the pseudo ID stored (registered) in the storage unit 17 (S57, authentication condition 3), or further stored in the storage unit 17. It is determined whether or not it is the digest value of the latest pseudo ID among the plurality of pseudo IDs that have been set (S58, authentication condition 4).

  When the calculated digest ID of the pseudo ID is not the same as the pseudo ID stored (registered) in the storage unit 17 (S57, NO), the pseudo ID determination unit 41 determines that the tag 2 read by the read / write unit 13 An authentication result indicating that the user cannot use the ID of the tag 2 based on the ID is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the user cannot use the ID of the tag 2 based on the ID of the tag 2 read by the read / write unit 13 to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 cannot be used, in order to explicitly indicate to the user (see FIG. 17B).

  When the calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17 but is not the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17 (S58-NO), the pseudo ID determination unit 41 indicates the authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (the tag 2 is a clone tag). Output to. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.

  The calculated pseudo ID digest value is the same as the pseudo ID stored (registered) in the storage unit 17, and is the digest value of the latest pseudo ID among the plurality of pseudo IDs stored in the storage unit 17. In the case (S58-YES), the pseudo ID determination unit 41 outputs a new pseudo ID generation instruction to the pseudo ID generation unit 15. The pseudo ID generation unit 15 generates a new pseudo ID based on the new pseudo ID generation instruction output from the pseudo ID determination unit 41 (S59). The pseudo ID generation unit 15 outputs the generated new pseudo ID to the read / write unit 13 and the registration unit 16, respectively. The read / write unit 13 and the registration unit 16 obtain new pseudo IDs output from the pseudo ID generation unit 15, respectively.

  The read / write unit 13 transmits a write signal for writing data to the tag 2 according to the same modulation method as the read signal to the tag 2, and uses the new pseudo ID output from the pseudo ID generation unit 15 for the tag 2. Write to the non-contact IC storage unit 2a1 (S60). The writability determination unit 43 determines whether or not the new pseudo ID generated by the pseudo ID generation unit 15 can be written to the non-contact IC storage unit 2a1 of the non-contact IC 2a of the tag 2 (S61, authentication condition 5 ).

  When the writing of the new pseudo ID to the tag 2 is not successful (S61, NO), the writability determination unit 43 indicates that the ID of the tag 2 read by the read / write unit 13 is a clone (tag 2 The authentication result indicating that the tag is a clone tag is output to the ID validity verification unit 18. The ID validity verification unit 18 outputs an authentication result indicating that the ID of the tag 2 read by the read / write unit 13 is a clone (that the tag 2 is a clone tag) to the operation information management unit 12. The operation information management unit 12 causes the display unit 21 to display an authentication result indicating that the ID of the tag 2 is a clone (that the tag 2 is a clone tag) (FIG. 18 (a) )reference). Thereby, the authentication process of FIG. 16 is completed.

  When the writing of the new pseudo ID into the tag 2 is successful (S61, YES), the write permission / inhibition determination unit 43 can use the ID read by the read / write unit 13, that is, authentication that the authentication is successful. The result is output to the ID validity verification unit 18. Further, the registration unit 16 calculates a digest value of the new pseudo ID by using a keyed hash function program for the new pseudo ID output from the pseudo ID generation unit 15 (S62). Furthermore, the registration unit 16 pairs the operation ID stored (registered) in the storage unit 17, the digest value of the ID of the tag 2, and the digest value of the new pseudo ID calculated in step S <b> 62. Is stored (registered) (S62). The registration unit 16 outputs to the operation information management unit 12 that storage (registration) in the storage unit 17 has been completed.

  The ID validity verification unit 18 stores (registers) the digest value of the new pseudo-ID keyed hash function that satisfies all the authentication conditions and is generated (registered) in the storage unit 17, and then the read / write unit The operation execution instruction to the effect that the operation represented by the operation ID paired with the ID of the tag 2 read by 13 is executed is output to the operation execution unit 20. The operation execution unit 20 executes the operation represented by the operation ID paired with the ID of the tag 2 read by the read / write unit 13 based on the operation execution instruction output from the ID validity verification unit 18 (S63). ). Thereby, the authentication process of FIG. 16 is completed.

  FIG. 17A is a diagram illustrating an example of an authentication result indicating that the authentication is successful. The authentication result shown in FIG. 17A indicates that the ID of the tag 2 read by the read / write unit 13 has been successfully authenticated, for example, for canceling the use stop state (lock state) of the SafetyBox that is the application. A confirmation notification icon IC11 is displayed. When the icon IC 11 is confirmed and pressed by a user operation, the locked state of the Safety Box that is the application is released and becomes usable.

  FIG. 18B is a diagram illustrating an example of a selection screen for determining whether or not to invalidate the ID of the tag 2 detected as a clone. When “YES” is selected on the selection screen shown in FIG. 18B, the screen for identity verification shown in FIG. 18C is displayed. As a result of proper identity verification, the mobile terminal 4 ( The registration unit 16) stores (registers) in the storage unit 17 a setting instruction indicating that the authentication of the ID of the tag 2 is not successful in association with the ID. FIG. 18C is a diagram illustrating an example of a screen when the identity is confirmed. Thereby, since the ID of the tag 2 once detected as a clone can be invalidated, the portable terminal 4 may be configured not to execute an operation according to the operation ID associated with the ID of the tag 2. it can.

  As described above, the mobile terminal 4 of the authentication system 7 of the present embodiment can effectively determine whether or not the ID of the non-contact IC card 3 and the tag 2 can be used reliably. Furthermore, when the portable terminal 4 authenticates using the ID and data of the non-contact IC card 3 and the tag 2 and satisfies all the authentication conditions, the portable terminal 4 executes the operation of the operation ID associated with the ID. Safety can be secured appropriately.

  19 to 22 are explanatory diagrams showing an outline of a flow in which the mobile terminal according to the present embodiment authenticates the ID of the tag or the IC card and executes the first operation to the fourth operation of the mobile terminal, respectively. 19 to 22, the ID of the tag 2 or the IC card 3 is the security selected by the user operation in association with the ID and the operation ID of each operation of the mobile terminal 4 selected by the user operation. It is assumed that the availability determination unit 14 of the mobile terminal 4 determines that it can be used according to the level.

  In the example illustrated in FIG. 19, for example, when the tag 2 (same for the IC card 3, and also in FIGS. 20 to 22) is brought close to the mobile terminal 4, the mobile terminal 4 stores the ID and data of the tag 2. The ID of the tag 2 is authenticated based on the read ID and data. If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state. Thereby, the screen of the portable terminal 4 shifts from the locked screen to the standby screen, and the user can use the portable terminal 4 safely.

  In the example illustrated in FIG. 20, for example, when the tag 2 is brought close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. Thereby, the screen of the portable terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used, and the user can safely use the Safety Box.

  In the example illustrated in FIG. 21, for example, when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . If the authentication is successful, the mobile terminal 4 confirms the unlocking of the SafetyBox before the operation of the operation ID associated with the ID of the tag 2, that is, the unlocking state of the SafetyBox. Displays an icon that represents the screen. Further, after this icon is confirmed and pressed by a user operation, the mobile terminal 4 releases the operation of the operation ID associated with the ID of the tag 2, that is, the locked state of the Safety Box. As a result, the screen of the mobile terminal 4 shifts from the screen in which the Safety Box is locked to a screen in which the Safety Box can be used via a confirmation screen for unlocking the Safety Box to the user, and the user can safely use the Safe Box. Can be used.

  In the example illustrated in FIG. 22, for example, when the tag 2 comes close to the mobile terminal 4, the mobile terminal 4 reads the ID and data of the tag 2 and authenticates the ID of the tag 2 based on the ID and data. . When the authentication is successful, the portable terminal 4 starts the operation corresponding to the operation ID associated with the ID of the tag 2, that is, the browser as an application. Thereby, the screen of the portable terminal 4 shifts from the standby screen to a browser screen displayed when the browser is activated, and the user can safely use the browser as an application.

  While various embodiments have been described above with reference to the drawings, it goes without saying that the present invention is not limited to such examples. It is obvious for those skilled in the art that variations and modifications of various embodiments, and combinations of various embodiments can be conceived within the scope of the claims. Of course, it is understood that it belongs to the technical scope of the present invention.

  In the above-described embodiment, the ID of the tag 2 is newly registered. However, in the authentication system 7, it is possible to exchange the ID once registered. The exchange of the ID of the tag 2 will be described with reference to FIGS. 23 (a) to 23 (d).

  FIG. 23A is a diagram illustrating an example of an operation selection screen of the mobile terminal 4 to be paired. FIG. 23B is a diagram showing an example of a message screen for approaching the tag 2 to be exchanged when the tag 2 is exchanged. FIG. 23C is a diagram showing an example of a message screen for a tag 2 invalidation success notification and a new tag proximity instruction. FIG. 23D is a diagram showing an example of a message screen for notification of success of new tag registration and tag exchange.

  In the selection screen shown in FIG. 23A, for example, (1) browser stop, (2) browser deletion, (3) tag ID registration, (4) tag as operations of the mobile terminal 4 to be paired ID exchange,... Is shown. The selection screen in FIG. 23A is similar to the selection screen in FIG. 7B, and an application to be paired (Z) is activated in advance by a user operation. It is a screen displayed when the setting (registration, deletion) application is activated. (4) When tag ID exchange is selected, the portable terminal 4 approaches the portable terminal 4 so that the tag 2 having the same ID as the ID already stored (registered) in the storage unit 17 in the application Z An instruction is displayed (see FIG. 23B).

  After the tag 2 having the ID to be exchanged is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23B is confirmed by user operation, the mobile terminal 4 It is determined whether or not the tag 2 satisfying the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 to be exchanged satisfies the authentication condition.

  When the tag 2 to be exchanged satisfies the authentication condition, the mobile terminal 4 invalidates the ID of the tag 2 and sets the ID of the tag 2 to be unusable. Furthermore, the portable terminal 4 brings the invalidation success notification that the invalidation of the tag 2 is successful and a new tag (V) to be registered instead of the invalidated tag 2 to the portable terminal 4. A message screen with a proximity instruction to the effect is displayed on the display unit 21 (see FIG. 23C).

  After the new tag V having the ID to be registered is brought close to the mobile terminal 4 and the proximity instruction message screen shown in FIG. 23C is confirmed and pressed by the user operation, the mobile terminal 4 It is determined whether the new target tag V satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the explanation, it is assumed that the new tag V to be registered satisfies the authentication condition.

  When the new tag V to be registered satisfies the authentication condition, the mobile terminal 4 pairs the ID of the new tag V with the operation ID paired with the ID of the tag 2 to be exchanged. To be stored (registered) in the storage unit 17. Further, the portable terminal 4 stores (registers) the ID of the new tag V in the storage unit 17 and causes the display unit 21 to display a success notification message screen indicating that the tag 2 has been successfully exchanged (FIG. 23 ( d)).

  In the above-described embodiment, the description has been given of newly registering the ID of the tag 2. However, in the authentication system 7, the pseudo ID of the same tag 2 once registered can be periodically updated. . The periodic update of the pseudo ID of the tag 2 will be described with reference to FIGS. 24 (a) and 24 (b). FIG. 24A is a diagram illustrating an example of a message screen for periodically updating the pseudo ID of the tag 2 and a proximity instruction for the tag 2 to be periodically updated. FIG. 24B is a diagram illustrating an example of a message screen indicating a successful notification of periodic update of the pseudo ID of the tag 2. In the description of FIG. 24A and FIG. 24B, the tag for which the pseudo ID is periodically updated is referred to as tag 2.

  The mobile terminal 4 periodically updates the pseudo ID paired with the ID of the tag 2 already stored (registered) in the storage unit 17 in a predetermined cycle (eg, once a week). A message screen for approaching the tag 2 to be updated is displayed on the display unit 21 (see FIG. 24A).

  After the tag 2 having the pseudo ID to be periodically updated is brought close to the portable terminal 4 and the message screen of the proximity instruction shown in FIG. 24A is confirmed by user operation, the portable terminal 4 It is determined whether the tag 2 having the pseudo ID to be updated satisfies the authentication condition described in the flowchart of FIG. Here, in order to simplify the description, it is assumed that the tag 2 having a pseudo ID that is a target of periodic update satisfies the authentication condition.

  When the tag 2 having the pseudo ID to be periodically updated satisfies the authentication condition, the mobile terminal 4 updates the pseudo ID of the tag 2 to a new pseudo ID different from the pseudo ID of the tag 2, and The ID is paired with the operation ID that has been paired with the ID of the tag 2 having the pseudo ID to be periodically updated, and stored (registered) in the storage unit 17. Further, the portable terminal 4 pairs the new pseudo ID with the ID and the operation ID of the tag 2 and stores (registers) the new pseudo ID in the storage unit 17 so that the periodic update of the tag 2 is successful. Is displayed on the display unit 21 (see FIG. 23D).

  The authentication system according to the present invention has been described as a configuration including the tag 2 or the IC card 3 and the mobile terminal 4 as shown in FIG. 1, but the tag 2 or the IC card 3 as shown in FIG. And it is good also as a structure which consists of the portable terminal 4 and the authentication server 5 which carries out radio | wireless communication with the portable terminal 4 via the wireless base station BTS. The authentication system 7 'shown in FIG. 25 will be described. FIG. 25 is a system configuration diagram of an authentication system 7 'according to a modification of the present embodiment. FIG. 26 is a block diagram showing an internal configuration of the portable terminal 4 ′ and the authentication server 8 in the authentication system 7 ′ according to the modification of the present embodiment.

  The portable terminal 4 'performs short-range wireless communication with the tag 2 on which the non-contact IC 2a is mounted or the IC card 3 on which the non-contact IC 2b is mounted, and wirelessly communicates with the authentication server 8 via the wireless base station BTS. The mobile terminal 4 ′ includes at least the read / write unit 13, the display unit 21, the operation unit 11, and the operation execution unit 20 in the configuration illustrated in FIG. 2 (see FIG. 26). The authentication server 8 includes the operation information management unit 12, the availability determination unit 14, the pseudo ID generation unit 15, the registration unit 16, the storage unit 17, the ID validity verification unit 18, the clone of the configuration of the mobile terminal 4 in FIG. The configuration includes a detection unit 19, a RAM 22, and a ROM 23, and further includes a communication unit 25 for wirelessly communicating with the mobile terminal 4 ′. The operation of each part of the portable terminal 4 ′ and the authentication server 8 is the same as that of each part of the portable terminal 4 of FIG.

  According to the authentication system shown in FIG. 25, the ID server availability determination process and the authentication process shown in FIG. 2 are executed in the authentication server 8 and the operation is executed based on the authentication result from the authentication server 8. It is possible to simplify the circuit configuration of the mobile terminal 4 ′.

  The present invention effectively determines whether or not an ID of a contactless IC card or tag can be reliably used, and ensures a safe execution of an operation associated with the ID when using the ID, It is useful as an authentication method, an authentication program, and an authentication system.

2 RFID tags (tags)
2a, 3a Non-contact IC
3 IC card 4, 4 ′ mobile terminal 7, 7 ′ authentication system 10 control unit 11 operation unit 12 operation information management unit 13 read / write unit 14 availability determination unit 15 pseudo ID generation unit 16 registration unit 17 storage unit 18 ID validity Verification unit 19 Clone detection unit 20 Operation execution unit 21 Display unit 22 RAM
23 ROM
31 ID fixation determination unit 32, 42 ID type determination unit 33, 43 Writability determination unit 34 ID size determination unit 35 Security level conformity determination unit 41 Pseudo ID determination unit

Claims (20)

A portable terminal that wirelessly communicates with a non-contact IC,
A read / write unit for reading the ID and data stored in the non-contact IC;
A display unit for displaying an operation selection screen in the mobile terminal;
Based on the ID and data read by the read / write unit, the information that specifies the operation in the mobile terminal selected from the selection screen and the ID are associated with the ID according to the registration policy of the ID. An availability determination unit that determines whether an ID is available;
If it is determined that the ID is usable, a registration unit that associates the ID read by the read / write unit with information for specifying an operation in the mobile terminal;
A storage unit that stores the ID associated with the registration unit and information that specifies the operation. The mobile terminal according to claim 1,
An operation information management unit that displays a selection screen of a security level as a registration policy of the ID on the display unit;
The operation information management unit
Based on the security level of the selected ID, instruct the availability determination unit to determine whether the ID can be used for associating the information specifying the operation with the ID. Mobile terminal. The mobile terminal according to claim 1,
An operation information management unit for causing the display unit to display an operation selection screen in the mobile terminal according to the ID registration policy;
The operation information management unit is configured to associate the information specifying the operation with the ID based on the information specifying the operation in the mobile terminal selected from the selection screen and the registration policy of the ID. The portable terminal which instruct | indicates the availability determination process of whether it is usable to the said availability determination part. The mobile terminal according to claim 2,
The operation information management unit displays an operation selection screen in the mobile terminal according to the registration policy of the ID on the display unit, and specifies the operation in the mobile terminal selected from the selection screen and the ID A portable terminal that instructs the availability judging unit to determine whether or not the ID can be used for associating the information specifying the operation with the ID based on the registered policy. The mobile terminal according to claim 1,
In the application of the portable terminal according to the registration policy of the ID, further comprising an operation information management unit that displays a menu screen including the registration item of the ID on the display unit,
The operation information management unit, based on information specifying the operation of the application corresponding to the registration item of the ID selected from the menu screen and the registration policy of the ID, information specifying the operation, and the ID A portable terminal that instructs the availability judgment unit to determine whether or not the ID can be used for the association. The mobile terminal according to claim 2,
The operation information management unit causes the display unit to display a menu screen including the registration item of the ID in the application of the mobile terminal according to the registration policy of the ID, and the registration item of the ID selected from the menu screen Use of whether or not the ID can be used for associating the information specifying the operation with the ID based on the information specifying the operation of the application of the mobile terminal according to the ID and the registration policy of the ID A portable terminal for instructing availability determination to the availability determination unit. It is a portable terminal as described in any one of Claims 1-6,
The availability determination unit
An ID fixing determination unit that determines whether or not the ID read by the read / write unit is a fixed value;
The availability determination unit determines that the ID is unusable for associating the information specifying the operation with the ID when the ID fixing determination unit determines that the ID is not a fixed value. Terminal. The mobile terminal according to claim 7,
The availability determination unit
An ID size determination unit that determines the size of the ID read by the read / write unit;
A security level conformity determination unit that determines whether the ID read by the read / write unit conforms to the security level of the selected ID based on the determined size of the ID; In addition,
When it is determined that the ID read by the read / write unit conforms to the security level of the selected ID, the availability determination unit is configured to associate the information specifying the operation with the ID. A mobile terminal that determines that an ID is available. It is a portable terminal as described in any one of Claims 1-8,
A pseudo ID generation unit that generates a pseudo ID different from the ID read by the read / write unit;
The read / write unit writes the pseudo ID generated by the pseudo ID generation unit to the non-contact IC,
The registration unit is a mobile terminal that registers the pseudo ID generated by the pseudo ID generation unit in the storage unit in association with the ID and information specifying the operation. The mobile terminal according to claim 9,
The registration unit sets a user interface including an icon for starting an operation in the mobile terminal corresponding to the information specifying the operation to be hidden, and sets the user interface to a non-display state on the display unit. This is registered in the storage unit in association with the ID and the information specifying the operation. The mobile terminal according to claim 9,
The registration unit is configured not to activate the operation based on an operation of a user interface including an icon for activating an operation in the mobile terminal corresponding to the information specifying the operation, and for the operation of the user interface. A mobile terminal that registers in the storage unit that the operation in the mobile terminal is set to a non-operation setting state in association with the ID and the information specifying the operation. It is a portable terminal as described in any one of Claims 2-11,
When it is determined that the ID is usable, the operation information management unit displays on the display unit registration result information of the ID associated with the information specifying the operation in the storage unit . It is a portable terminal of Claim 10, Comprising:
The said operation information management part is a portable terminal which displays the name of the tag or IC card containing the contactless IC which memorize | stores the said ID at least as the said registration result information on the said display part. It is a portable terminal as described in any one of Claims 2-9,
When it is determined that the ID is not usable, the operation information management unit displays the ID and reason information that the ID is not usable on the display unit. It is a portable terminal as described in any one of Claims 1-14,
An ID validity verification unit that determines whether or not the ID read by the read / write unit matches the ID registered in the storage unit by the registration unit;
A clone detection unit that determines whether the ID read by the read / write unit is a clone based on the ID and data read by the read / write unit;
When it is determined that the ID does not match the ID registered in the storage unit, the operation information management unit displays on the display unit that the authentication of the ID read by the read / write unit has failed. Mobile terminal. The mobile terminal according to claim 15, wherein
A clone detection unit that determines whether the ID read by the read / write unit is a clone based on the ID and data read by the read / write unit;
The clone detection unit is
The pseudo ID included in the data read by the read / write unit is the latest pseudo ID among the plurality of pseudo IDs stored in association with the ID registered in the storage unit by the registration unit. A pseudo ID determination unit that determines whether or not
Clone detection determination for determining that the ID read by the read / write unit is a clone when it is determined that the pseudo ID included in the data matches the pseudo ID other than the latest one among the plurality of pseudo IDs A portable terminal. The mobile terminal according to claim 16, wherein
The clone detection unit is
The pseudo ID included in the data read by the read / write unit is the latest pseudo ID among the plurality of pseudo IDs stored in association with the ID registered in the storage unit by the registration unit. A pseudo ID determination unit that determines whether or not
The pseudo ID generation unit, when the pseudo ID determination unit determines that the pseudo ID included in the data is the latest pseudo ID among the plurality of pseudo IDs, the pseudo ID included in the data Generate a new pseudo ID different from
The read / write unit is a portable terminal that writes the new pseudo ID generated by the pseudo ID generation unit to the non-contact IC. An authentication method in a portable terminal that wirelessly communicates with a non-contact IC,
Reading the ID and data stored in the non-contact IC;
Determining whether the ID is a clone based on the read ID and data; and
If it is determined that the read ID is not a clone, generating a new pseudo ID different from the pseudo ID included in the read data;
Writing the generated new pseudo ID to the contactless IC;
In the storage unit, updating the pseudo ID stored in association with the ID and the information specifying the operation in the portable terminal according to the security level of the ID to the new pseudo ID;
And performing an operation in the portable terminal corresponding to the information specifying the operation after updating the pseudo ID stored in the storage unit to the new pseudo ID. To mobile terminals that are computers that communicate wirelessly with non-contact IC
Reading the ID and data stored in the non-contact IC;
Determining whether the read ID is a clone based on the read ID and data;
If it is determined that the read ID is not a clone, generating a new pseudo ID different from the pseudo ID included in the read data;
Writing the generated new pseudo ID to the contactless IC;
In the storage unit, updating the pseudo ID stored in association with the ID and the information specifying the operation in the portable terminal according to the security level of the ID to the new pseudo ID;
An authentication program for realizing, after updating the pseudo ID stored in the storage unit to the new pseudo ID, executing an operation in the portable terminal corresponding to the information specifying the operation. An authentication system including a non-contact IC and a portable terminal that communicates wirelessly with the non-contact IC,
The non-contact IC is:
A non-contact IC storage unit for storing the ID and data of the non-contact IC;
A communication unit that receives a read signal from the mobile terminal and transmits the ID and data,
The portable terminal is
A read / write unit that transmits the read signal to the non-contact IC and receives the ID and data from the non-contact IC;
A storage unit that associates and stores information for specifying an operation in the mobile terminal according to the security level of the ID, the ID, and a pseudo-ID different from the ID;
Based on the ID and data read by the read / write unit, a clone detection unit that determines whether the read ID is a clone,
When it is determined that the ID read by the read / write unit is not a clone, a pseudo ID generation unit that generates a new pseudo ID different from the pseudo ID included in the read data;
A registration unit for updating the pseudo ID stored in association with the information specifying the operation and the ID in the storage unit to the new pseudo ID generated by the pseudo ID generation unit;
An operation execution unit that executes an operation in the portable terminal corresponding to the information specifying the operation.

Images