[go: up one dir, main page]

WO2023021968A1 - Information processing system, first management device, second management device, and information processing method - Google Patents

Information processing system, first management device, second management device, and information processing method Download PDF

Info

Publication number
WO2023021968A1
WO2023021968A1 PCT/JP2022/029402 JP2022029402W WO2023021968A1 WO 2023021968 A1 WO2023021968 A1 WO 2023021968A1 JP 2022029402 W JP2022029402 W JP 2022029402W WO 2023021968 A1 WO2023021968 A1 WO 2023021968A1
Authority
WO
WIPO (PCT)
Prior art keywords
new
public key
certificate
storage unit
management device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/029402
Other languages
French (fr)
Japanese (ja)
Inventor
健治 藏前
正夫 秋元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Intellectual Property Management Co Ltd
Original Assignee
Panasonic Intellectual Property Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Intellectual Property Management Co Ltd filed Critical Panasonic Intellectual Property Management Co Ltd
Priority to JP2023542309A priority Critical patent/JP7561359B2/en
Publication of WO2023021968A1 publication Critical patent/WO2023021968A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • EFIXED CONSTRUCTIONS
    • E05LOCKS; KEYS; WINDOW OR DOOR FITTINGS; SAFES
    • E05BLOCKS; ACCESSORIES THEREFOR; HANDCUFFS
    • E05B49/00Electric permutation locks; Circuits therefor ; Mechanical aspects of electronic locks; Mechanical keys therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to an information processing system, a first management device, a second management device, and an information processing method.
  • Japanese Unexamined Patent Application Publication No. 2002-201002 discloses a security system that can safely remotely control the locking and unlocking of a house without the need for other equipment such as a fingerprint authentication device.
  • An electric lock is known as a device for locking or unlocking the doors of facilities.
  • An electric lock can be said to be a device that restricts the entry and exit of goods or persons.
  • key information may be stored in a security chip provided in the management device. In such a case, when the old management device is changed to a new management device, it is difficult to hand over the key information stored in the old management device to the new management device.
  • the present invention provides an information processing system and the like that can continue to operate even when it is difficult to hand over key information.
  • An information processing system is an information processing system used for canceling the restrictions on equipment that restricts the entry and exit of goods or people into and out of a space, comprising: an information terminal; a first management device; a control device, wherein the information terminal is configured to generate the first public key using the first secret key, the first public key, the first public key, and the second secret key; a terminal storage unit that stores a server certificate including a signature; and a terminal communication unit that transmits the server certificate to the control device.
  • a storage unit storing a root certificate including two public keys, a communication unit receiving the server certificate from the information terminal, and storing the signature included in the received server certificate in the storage unit a control unit that performs verification using the second public key included in the root certificate that has been obtained, and releases the restriction on the device if the verification is successful;
  • a first secure storage unit storing a second private key and a new second public key, wherein the new second private key and the new second public key are stored in the first secure storage acquires the server certificate and the root certificate stored in the external storage device from a first secure storage unit having a function to prevent it from being taken out to the outside of the unit, a first storage unit, and an external storage device;
  • a first information processing unit for storing the obtained server certificate and the root certificate in the first storage unit; and a new root certificate including the new second public key, the first information a first communication unit configured to transmit a new root certificate generated by the processing unit to the control device, wherein the first information processing unit is included in the server certificate stored in
  • An information processing system is an information processing system used for canceling the restriction of a device that restricts the entry and exit of goods or people into and out of a space, comprising an information terminal, a first management device, a second A management device and a control device, wherein the second management device stores a third secret key and a third public key, and the information terminal stores the first secret key and the first public key and an intermediate certificate containing a first signature for the third public key generated using the third public key and the second private key, the first public key, and the a terminal storage unit storing a server certificate including a second signature for the first public key generated using a third private key; and storing the server certificate and the intermediate certificate in the control device.
  • control device includes a storage unit storing a root certificate including a second public key corresponding to the second private key, the server certificate and the intermediate a communication unit that receives a certificate from the information terminal; verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate verifying the second signature included in the server certificate obtained by using the third public key included in the intermediate certificate, and releasing the restriction on the device if each verification is successful.
  • the first management device is a first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and a first secure storage unit having a function to prevent the new second public key from being taken out of the first secure storage unit; a first storage unit; and stored from an external storage device to the external storage device.
  • a first information processing unit that acquires the intermediate certificate and the root certificate that have been obtained and stores the acquired intermediate certificate and the root certificate in the first storage unit; and the new second disclosure.
  • a first communication unit configured to transmit a new root certificate including a key and generated by the first information processing unit to the control device, wherein the first information processing unit comprises: generating a new first signature for the third public key included in the intermediate certificate stored in the first storage unit using the new second private key, and generating the third public key; and causing the first communication unit to transmit a new intermediate certificate including the new first signature to the second management device, and the second management device transmits the new intermediate certificate to the first one tube a second communication unit that receives the new intermediate certificate from the management device and transmits the received new intermediate certificate to the information terminal.
  • An information processing system is an information processing system used for canceling the restriction of a device that restricts the entry and exit of goods or people into and out of a space, comprising an information terminal, a first management device, a second A management device and a control device, wherein the first management device stores a second secret key and a second public key, and the information terminal stores the first secret key and the first public key a third public key, an intermediate certificate containing a first signature for the third public key generated using the second private key, the first public key, and the a terminal storage unit storing a server certificate including a second signature for the first public key generated using a third private key corresponding to the third public key; the server certificate; a terminal communication unit configured to transmit the intermediate certificate to the control device, the control device comprising: a storage unit storing a root certificate including the second public key; a communication unit that receives a certificate from the information terminal; verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate verifying the second
  • the second management device is a second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and a second secure storage unit having a function to prevent the new third public key from being taken out of the second secure storage unit; a second storage unit; and stored from an external storage device to the external storage device.
  • a second information processing unit that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit; and a third information processing unit that transmits the new third public key to the first management device.
  • the second information processing unit adds a new second signature for the first public key included in the server certificate stored in the second storage unit to the new first Generated using three private keys and sending the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device to the second communication unit Send to the information terminal.
  • a first management device is a first management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space
  • the information terminal has a first private key, a first public key, and a server certificate including a signature for the first public key generated using the first public key and the second private key.
  • the server certificate is transmitted to a control device that controls the device in order to cancel the restriction, and the control device transmits a second public key corresponding to the second private key.
  • the server certificate is received from the information terminal, the signature included in the received server certificate is stored using the second public key included in the root certificate.
  • the first management device stores a first secure storage unit in which a new second secret key and a new second public key are stored.
  • a first secure storage unit having a function of preventing the new second private key and the new second public key from being taken out of the first secure storage unit; a first storage unit that acquires the server certificate and the root certificate stored in the external storage device from an external storage device and stores the acquired server certificate and the root certificate in the first storage unit; an information processing unit; and a first communication unit that transmits to the control device a new root certificate that includes the new second public key and is generated by the first information processing unit.
  • the first information processing unit creates a new signature for the first public key included in the server certificate stored in the first storage unit using the new second private key and cause the first communication unit to transmit the first public key and a new server certificate including the new signature to the information terminal.
  • a first management device is a first management device and a second management device that are used to grant an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space.
  • the second management device stores a third private key and a third public key
  • the information terminal stores the first private key and the first public key an intermediate certificate containing a first signature for said third public key generated using a key, said third public key and a second private key, said first public key, and and a server certificate including a second signature for the first public key generated using the third private key, the server certificate and the intermediate certificate for removing the restriction.
  • the management device is a first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are a first secure storage unit having a function of preventing it from being taken out to the outside of the first secure storage unit; a first storage unit; a first information processing unit that obtains a root certificate and stores the obtained intermediate certificate and the root certificate in the first storage unit; and a new root certificate that includes the new second public key.
  • a first communication unit configured to transmit a new root certificate generated by the first information processing unit to the control device, wherein the first information processing unit is stored in the first storage unit; generating a new first signature for the third public key included in the intermediate certificate using the new second private key, and generating the third public key and the new first signature;
  • the first communication unit is caused to transmit a new intermediate certificate including a signature to the second management device.
  • a second management device is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space.
  • the first management device stores a second private key and a second public key
  • the information terminal stores the first private key and the first public key a key, a third public key, an intermediate certificate containing a first signature for said third public key generated using said second private key, said first public key, and and a server certificate containing a second signature for said first public key generated using a third private key corresponding to said third public key, said server certificate and said intermediate transmitting the certificate to a control device that controls the device, the control device storing a root certificate including the second public key, and transmitting the server certificate and the intermediate certificate from the information terminal; receiving, verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate, and verifying the first signature included in the received server certificate; The second signature is verified using the
  • An information processing method is an information processing method executed by a first management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space.
  • the information terminal signs a signature on the first public key generated using the first private key and the first public key, and the first public key and the second private key and a server certificate containing the second private key, and transmits the server certificate to a control device that controls the device in order to remove the restriction, and the control device stores the second private key corresponding to the second private key
  • a root certificate containing two public keys is stored, and when the server certificate is received from the information terminal, the signature contained in the received server certificate is transmitted to the second certificate contained in the root certificate.
  • a first secure storage unit having a function of preventing the new second private key and the new second public key from being taken out of the first secure storage unit and a first storage unit, wherein the information processing method acquires the server certificate and the root certificate stored in the external storage device from an external storage device, and stores the acquired server certificate and the storing a root certificate in the first storage unit; generating a new root certificate including the new second public key; and transmitting the generated new root certificate to the control device. and generating a new signature for the first public key included in the server certificate stored in the first storage unit using the new second private key; sending a key and a new server certificate containing the new signature to the information terminal.
  • An information processing method is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space.
  • An information processing method executed by a first management device wherein the second management device stores a third secret key and a third public key, and the information terminal stores the first secret key and an intermediate certificate containing a first signature for the third public key generated using the first public key, the third public key, and the second private key, and the first a public key and a server certificate including a second signature for the first public key generated using the third private key; certificate and the intermediate certificate to a control device that controls the device, the control device stores a root certificate containing a second public key corresponding to the second private key, and the server upon receiving the certificate and the intermediate certificate from the information terminal, verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate; verifying the second signature included in the received server certificate using the third public key included
  • An information processing method is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space.
  • An information processing method executed by a second management device wherein the first management device stores a second secret key and a second public key, and the information terminal stores the first secret key and a first public key, a third public key, and an intermediate certificate containing a first signature for the third public key generated using the second private key; storing a public key and a server certificate including a second signature for the first public key generated using a third private key corresponding to the third public key; transmitting the certificate and the intermediate certificate to a control device that controls the device, the control device storing a root certificate including the second public key, and transmitting the server certificate and the intermediate certificate; is received from the information terminal, the first signature included in the received intermediate certificate is verified using the second public key included in the root certificate, and the received server certificate verifies the second signature included
  • the server certificate storing the acquired server certificate in the second storage unit; transmitting the new third public key to the first management device; generating a new second signature for the first public key included in the server certificate stored in the unit using the new third private key; the first public key; , sending a new server certificate containing the new second signature and a new intermediate certificate received from the first management device to the information terminal, wherein the new intermediate certificate is , the new third public key, and a new first signature for the new third public key generated using the second private key.
  • a program according to one aspect of the present invention is a program for causing a computer to execute the information processing method.
  • the information processing system, etc. can continue to operate even if it is difficult to hand over the key information.
  • FIG. 1 is an external view of an information processing system according to an embodiment.
  • FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment.
  • FIG. 3 is a sequence diagram of the first half of operation example 1 of the information processing system according to the embodiment.
  • FIG. 4 is a sequence diagram of the second half of operation example 1 of the information processing system according to the embodiment.
  • FIG. 5 is a diagram showing an example of the format of a server certificate.
  • FIG. 6 is a sequence diagram of the first half of Operation Example 2 of the information processing system according to the embodiment.
  • FIG. 7 is a sequence diagram of the latter half of Operation Example 2 of the information processing system according to the embodiment.
  • FIG. 8 is a sequence diagram of operation example 3 of the information processing system according to the embodiment.
  • FIG. 9 is a sequence diagram of operation example 4 of the information processing system according to the embodiment.
  • FIG. 10 is a sequence diagram of operation example 5 of such an information processing system.
  • each figure is a schematic diagram and is not necessarily strictly illustrated. Moreover, in each figure, the same code
  • FIG. 1 is an external view of an information processing system according to an embodiment.
  • FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment.
  • information processing system 10 provides information terminal 20 with information terminal 20 to unlock electric lock 60 so that a visitor to facility 80 can unlock electric lock 60 with information terminal 20 .
  • the information processing system 10 includes an information terminal 20, a first management device 30, a second management device 40, a control device 50, an electric lock 60, a first external storage device 71, and a second external storage device 72.
  • the control device 50 and the electric lock 60 are installed as an electric lock system on the door 81 (or door frame) in the facility 80, for example.
  • the facility 80 is, for example, an apartment complex, but may be a facility other than a residence such as an office building.
  • the information terminal 20 is an information terminal that a visitor to the facility 80 uses to unlock the electric lock 60 .
  • the information terminal 20 is, for example, a mobile information terminal such as a smart phone or a tablet terminal.
  • the information terminal 20 includes an operation reception section 21 , a terminal communication section 22 , a terminal control section 23 and a terminal storage section 24 .
  • the operation reception unit 21 receives user operations.
  • the operation reception unit 21 is implemented by, for example, a touch panel, but may be implemented by hardware keys or the like.
  • the terminal communication unit 22 is a communication circuit for the information terminal 20 to communicate with each of the first management device 30, the second management device 40, and the control device 50.
  • the terminal communication unit 22 performs wireless communication with the first management device 30 and the second management device 40 through a wide area communication network such as the Internet, and performs wireless communication with the control device 50 through a local communication network.
  • the terminal control unit 23 performs information processing and the like for unlocking the electric lock 60 .
  • the terminal control unit 23 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the terminal control unit 23 are realized by, for example, executing a computer program stored in the terminal storage unit 24 by a microcomputer, processor, or the like that constitutes the terminal control unit 23 .
  • the terminal storage unit 24 is a storage device that stores the information necessary for the above information processing, the above computer programs, and the like.
  • the terminal storage unit 24 is implemented by, for example, a semiconductor memory.
  • the first management device 30 is an information terminal used by the administrator of the facility 80 or the like.
  • the manager or the like is the owner of the facility 80 or an employee of the management company of the facility 80 or the like.
  • the first management device 30 is, for example, a portable information terminal such as a smart phone or a tablet terminal, but may be a stationary information terminal such as a personal computer or a server device.
  • the first management device 30 includes a first communication section 31 , a first information processing section 32 , a first storage section 33 and a first secure storage section 34 .
  • the first communication unit 31 is a communication circuit for the first management device 30 to communicate with each of the information terminal 20, the second management device 40, and the control device 50.
  • the first communication unit 31 for example, communicates with each of the information terminal 20, the second management device 40, and the control device 50 through the wide area communication network.
  • the first communication unit 31 may perform wired communication or wireless communication.
  • the first information processing section 32 performs information processing for giving the information terminal 20 the authority to unlock the electric lock 60 .
  • the first information processing unit 32 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the first information processing section 32 are realized, for example, by executing a computer program stored in the first storage section 33 by a microcomputer, processor, or the like that constitutes the first information processing section 32 .
  • the first storage unit 33 is a storage device that stores the information necessary for the information processing and the computer programs.
  • the first storage unit 33 is implemented by, for example, an HDD (Hard Disk Drive), but may be implemented by a semiconductor memory.
  • the first secure storage unit 34 is a storage device that stores information that requires confidentiality, such as key information, among the information necessary for the above information processing. Specifically, the first secure storage unit 34 stores a second public key and a second secret key (described later).
  • the first secure storage unit 34 is realized, for example, by a dedicated IC (hardware) having a security function called SE (Secure Element) used in smartphones and the like.
  • SE can obtain the processing result based on the information stored in the SE using an API (Application Programming Interface), but cannot directly refer to the information itself stored in the SE.
  • the first information processing unit 32 uses an API to obtain the processing result based on the second private key and the second information necessary for generating a certificate (server certificate, root certificate, intermediate certificate, etc.).
  • the first secure storage unit 34 has a function of preventing the second secret key from being taken out to the outside of the first management device 30 .
  • the first secure storage unit 34 is a storage device with higher security than the first storage unit 33 .
  • the second management device 40 is an information terminal used by residents of the facility 80.
  • the second management device 40 is, for example, a portable information terminal, but may be a stationary information terminal such as a personal computer or a server device.
  • the second management device 40 includes a second communication section 41 , a second information processing section 42 , a second storage section 43 and a second secure storage section 44 .
  • the second communication unit 41 is a communication circuit for the second management device 40 to communicate with each of the information terminal 20, the first management device 30, and the control device 50.
  • the second communication unit 41 for example, communicates with each of the information terminal 20, the first management device 30, and the control device 50 through the wide area communication network.
  • the second communication unit 41 may perform wired communication or wireless communication.
  • the second information processing unit 42 performs information processing to give the information terminal 20 the authority to unlock the electric lock 60 .
  • the second information processing unit 42 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the second information processing section 42 are realized by, for example, executing a computer program stored in the second storage section 43 by a microcomputer, processor, or the like that constitutes the second information processing section 42 .
  • the second storage unit 43 is a storage device that stores the information necessary for the information processing, the computer programs, and the like.
  • the second storage unit 43 is implemented by, for example, a semiconductor memory.
  • the second secure storage unit 44 is a storage device that stores information that requires confidentiality, such as key information, among the information necessary for the above information processing. Specifically, the second secure storage unit 44 stores a third public key and a third private key (described later).
  • the second secure storage unit 44 is implemented by, for example, a dedicated IC (hardware) having a security function called SE used in smartphones and the like.
  • SE security function
  • the second information processing unit 42 obtains the processing result based on the third private key and the third public key necessary for generating the certificate (server certificate, intermediate certificate, etc.) using API. However, it is not possible to refer to the third private key itself. In other words, the second secure storage unit 44 has a function of preventing the third secret key from being taken out of the second management device 40 .
  • the second secure storage unit 44 is a storage device with higher security than the second storage unit 43 .
  • the control device 50 is a control device that controls locking and unlocking of the electric lock 60 .
  • the control device 50 is built into the door 81 or door frame, for example.
  • the control device 50 includes a communication section 51 , a control section 52 and a storage section 53 .
  • the communication unit 51 is a communication circuit for the control device 50 to communicate with each of the information terminal 20, the first management device 30, and the second management device 40.
  • the communication unit 51 performs wireless communication with the information terminal 20 through the local communication network, and wireless communication with the first management apparatus 30 and the second management apparatus 40 through the wide area communication network.
  • the control unit 52 performs information processing for locking or unlocking the electric lock 60 . Specifically, the control unit 52 locks or unlocks the electric lock 60 by outputting a control signal to the electric lock 60 .
  • the control unit 52 is implemented by, for example, a microcomputer, but may be implemented by a processor.
  • the functions of the control unit 52 are realized by, for example, executing a computer program stored in the storage unit 53 by a microcomputer, processor, or the like that constitutes the control unit 52 .
  • the storage unit 53 is a storage device that stores the information necessary for the information processing, the computer programs, and the like.
  • the storage unit 53 is implemented by, for example, a semiconductor memory.
  • the electric lock 60 locks or unlocks the door 81 based on the control signal output from the control section 52.
  • the electric lock 60 has an electric motor and a transmission mechanism that transmits the driving force of the electric motor to the deadbolt.
  • the deadbolt moves to the locked position or the unlocked position by transmitting the driving force of the electric motor to the deadbolt via the transmission mechanism.
  • the first external storage device 71 is a storage device for backing up information stored in the first storage section 33 of the first management device 30 .
  • the first external storage device 71 stores a server certificate, a root certificate, an intermediate certificate, and the like generated by the first information processing section 32 .
  • the first external storage device 71 is, for example, a cloud server, and the first information processing unit 32 uploads information to the first external storage device 71 via the first communication unit 31, information can be downloaded from the first external storage device 71 using the
  • the first external storage device 71 is not limited to a cloud server, and may be a recording medium directly connected to the first management device 30 such as an SD (Secure Digital) card.
  • SD Secure Digital
  • the second external storage device 72 is a storage device for backing up information stored in the second storage section 43 of the second management device 40 .
  • the server certificate generated by the second information processing unit 42 and the like are stored in the second external storage device 72 .
  • the second external storage device 72 is, for example, a cloud server, and the second information processing unit 42 uploads information to the second external storage device 72 via the second communication unit 41, information can be downloaded from the second external storage device 72 by pressing the
  • the second external storage device 72 is not limited to a cloud server, and may be a recording medium directly connected to the second management device 40 such as an SD card.
  • FIG. 1 is assumed that the information terminal 20 is used by a visitor to the facility 80 and the first management device 30 is used by a manager of the facility 80 or the like.
  • the visitor is, for example, a person dispatched by a housekeeping service provider, or a parcel delivery person.
  • the server certificate serves as an unlocking permit for the electric lock 60 .
  • the terminal storage unit 24 of the information terminal 20 stores a first public key and a first secret key.
  • the first public key and the first private key are generated, for example, when an application program (hereinafter simply referred to as an application) for using the information processing system 10 is installed in the information terminal 20, and stored in the terminal memory. Stored in unit 24 .
  • the first secure storage unit 34 of the first management device 30 stores a second public key and a second secret key.
  • the second public key and the second private key are stored in the first secure storage unit 34, for example, when an application for using the information processing system 10 is installed in the first management device 30.
  • the visitor performs a predetermined operation on the operation reception unit 21 of the information terminal 20 running the application.
  • the prescribed operation is an operation for installing the server certificate.
  • the operation reception unit 21 receives a predetermined operation (S11).
  • the terminal control unit 23 When the operation reception unit 21 receives a predetermined operation, the terminal control unit 23 generates a server certificate issuance request and causes the terminal communication unit 22 to transmit the generated issuance request to the first management device 30 .
  • the issuance request includes the first public key. That is, the terminal communication unit 22 transmits the first public key to the first management device 30 (S12). Note that the terminal communication unit 22 transmits the first public key to the first management device 30 by wireless communication through the wide area communication network.
  • the first communication unit 31 of the first management device 30 receives the issue request including the first public key.
  • the first information processing unit 32 sends the received first public key and the signature for the usage conditions to the second It is generated using a private key (S13).
  • the first information processing unit 32 causes the first communication unit 31 to transmit the server certificate including the first public key, the terms of use, and the signature to the information terminal 20 (S14).
  • the usage condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by, for example, an administrator who uses the first management device 30 or the like.
  • the server certificate is stored in the first storage unit 33 .
  • the format of the server certificate is X. 509 certificates are used.
  • FIG. 5 is a diagram showing an example of the format of a server certificate.
  • the validity period of the certificate in FIG. 5 corresponds to the usage conditions
  • the subject public key information corresponds to the first public key
  • the signatureValue corresponds to the signature. Note that usage conditions other than the expiration date may be stored in the extended area of the format in FIG.
  • the terminal communication unit 22 of the information terminal 20 receives the server certificate.
  • the terminal control unit 23 stores the received server certificate in the terminal storage unit 24 (S15).
  • the storage unit 53 of the control device 50 stores a root certificate.
  • a root certificate contains a second public key.
  • the root certificate is generated, for example, by the first information processing unit 32 of the first management device 30 , transmitted to the control device 50 by the first communication unit 31 , and stored in the storage unit 53 .
  • the root certificate may be stored in the storage unit 53 by manufacturing equipment when the control device 50 is manufactured. Note that the root certificate is also stored in the first storage unit 33 of the first management device 30 .
  • the door 81 is, for example, a door provided in a private portion of the facility 80 (see FIG. 1), but it may be a door provided in the entrance of the facility 80, or a door provided in a common portion other than the entrance. It may be a door that has been installed.
  • the terminal control unit 23 causes the terminal communication unit 22 to transmit the server certificate to the control device 50 . That is, the terminal communication unit 22 transmits the server certificate to the control device 50 (S17). Note that the terminal communication unit 22 transmits the server certificate to the control device 50 by wireless communication through the local communication network.
  • This wireless communication is, for example, short-range wireless communication based on a communication standard such as Bluetooth (registered trademark).
  • the communication unit 51 of the control device 50 receives the server certificate.
  • the control unit 52 verifies the signature included in the received server certificate using the second public key included in the root certificate stored in the storage unit 53 (S18). If the signature verification is successful, the control unit 52 determines the usage conditions included in the server certificate (S19). As described above, the usage condition is, for example, a temporal condition, and the control unit 52 determines whether the temporal condition is satisfied. When determining that the timing requirements are satisfied, the control unit 52 generates a session key using the first public key included in the server certificate (S20). The control unit 52 encrypts the generated session key with the first public key, and causes the communication unit 51 to transmit the encrypted session key to the information terminal 20 (S21).
  • the terminal communication unit 22 of the information terminal 20 receives the encrypted session key.
  • the terminal control unit 23 decrypts the session key using the first secret key, and causes the terminal communication unit 22 to transmit an unlock command to the control device 50 through encrypted communication using the session key (S22).
  • the communication unit 51 of the control device 50 receives the unlock command.
  • the control unit 52 unlocks the electric lock 60 based on the received unlocking command (S23). Specifically, the control unit 52 unlocks the electric lock 60 by transmitting a control signal to the electric lock 60 .
  • the information terminal 20 can also lock the electric lock 60 based on the same operation sequence.
  • the first management device 30 can safely grant the unlocking authority of the electric lock 60 to the information terminal 20 using the server certificate and the root certificate.
  • the second control device 40 can safely authorize the information terminal 20 to unlock the electric lock 60 by using the server certificate and the root certificate in the same manner as the first control device 30. . That is, in the sequence diagram of FIG. 3, the first management device 30 and its components may be read as the second management device 40 and its components. For example, if the first management device 30 is used by an administrator of the facility 80 and the second management device 40 is used by a resident of the facility 80, each of the administrator and the occupants may ask the visitor to enter the facility 80. Permissions can be granted.
  • a root certificate (second public key) corresponding to the first management device 30 and a root certificate (third public key) corresponding to the second management device 40 are stored in the storage unit 53 of the control device 50. is stored, both the visitor granted entry authority by the administrator and the visitor granted entry authority by the resident unlock the electric lock 60 using their own information terminal 20. can do.
  • control target of the control device 50 is not limited to the electric lock 60.
  • the control device 50 may control a device that restricts entry to or exit from the space within the facility 80.
  • the control device 50 controls the opening and closing of an automatic door provided at the entrance of the facility 80. You may
  • FIG. 2 is an operation example in which the first management device 30 functions as a root CA (Certification Authority) and the second management device 40 functions as an intermediate CA.
  • the information terminal 20 is used by a visitor to the facility 80
  • the first management device 30 is used by the administrator of the facility 80 (the owner of the facility 80 or the employee of the management company of the facility 80).
  • the second management device 40 is described as being used by residents of the facility 80 or the like.
  • the description of the items described in the operation example 1 will be omitted as appropriate.
  • the first secure storage unit 34 of the first management device 30 stores a second public key and a second private key.
  • a third public key and a third private key are stored in the second secure storage unit 44 of the second management device 40 .
  • the terminal storage unit 24 of the information terminal 20 stores a first public key and a first secret key.
  • the second information processing unit 42 of the second management device 40 generates an intermediate certificate issuance request based on the operation of the resident, etc., and sends the generated issuance request to the second communication unit 41 of the first management device. 30.
  • the issuance request includes the third public key. That is, the second communication unit 41 transmits the third public key to the first management device 30 (S31). In addition, the second communication unit 41 transmits the third public key to the first management device 30 by communication through the wide area communication network.
  • the first communication unit 31 of the first management device 30 receives the issue request including the third public key.
  • the first information processing unit 32 receives the third public key and the first signature for the first usage conditions. is generated using the second secret key (S32).
  • the first information processing unit 32 causes the first communication unit 31 to transmit the intermediate certificate including the third public key, the first usage conditions, and the first signature to the second management device 40 (S33 ).
  • the first use condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by, for example, an administrator who uses the first management device 30 or the like.
  • the intermediate certificate is stored in the first storage unit 33 .
  • the format of the intermediate certificate for example, the X. 509 certificates are used.
  • the second communication unit 41 of the second management device 40 receives the intermediate certificate.
  • the second information processing unit 42 stores the received intermediate certificate in the second storage unit 43 (S34).
  • the visitor After that, the visitor performs a predetermined operation on the operation reception unit 21 of the information terminal 20 that is running the application.
  • the prescribed operation is an operation for installing the server certificate and the intermediate certificate.
  • the operation reception unit 21 receives a predetermined operation (S35).
  • the terminal control unit 23 When the unlocking operation is accepted by the operation accepting unit 21, the terminal control unit 23 generates an issue request for the server certificate and the intermediate certificate, and transmits the created issue request to the terminal communication unit 22 to the second management device 40.
  • the issuance request includes the first public key. That is, the terminal communication unit 22 transmits the first public key to the second management device 40 (S36). Note that the terminal communication unit 22 transmits the first public key to the second management device 40 by wireless communication through the wide area communication network.
  • the second communication unit 41 of the second management device 40 receives the issue request including the first public key.
  • the second information processing unit 42 receives the first public key and the second usage condition for the second usage condition.
  • a signature is generated using the third private key (S37).
  • the second information processing unit 42 stores the server certificate including the first public key, the second terms of use, and the second signature received in step S33 (in other words, stored in the second storage unit 43). stored) to the information terminal 20 (S38).
  • the second usage condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by the resident who uses the second management device 40, for example.
  • the server certificate is stored in the second storage unit 43 .
  • the format of the server certificate is, for example, X. 509 certificates are used.
  • the terminal communication unit 22 of the information terminal 20 receives the server certificate and the intermediate certificate.
  • the terminal control unit 23 stores the received server certificate and intermediate certificate in the terminal storage unit 24 (S39).
  • the storage unit 53 of the control device 50 stores a root certificate.
  • the root certificate includes the second public key.
  • the root certificate is generated, for example, by the first information processing unit 32 of the first management device 30 , transmitted to the control device 50 by the first communication unit 31 , and stored in the storage unit 53 .
  • the root certificate may be stored in the storage unit 53 by manufacturing equipment when the control device 50 is manufactured. Note that the root certificate is also stored in the first storage unit 33 of the first management device 30 .
  • the visitor moves near the door 81 and performs a predetermined unlocking operation for unlocking the electric lock 60 on the operation reception unit 21 of the information terminal 20 running the above application.
  • the operation accepting unit 21 accepts an unlocking operation (S40).
  • the terminal control unit 23 causes the terminal communication unit 22 to transmit the server certificate and the intermediate certificate to the control device 50 . That is, the terminal communication unit 22 transmits the server certificate and the intermediate certificate to the control device 50 (S41). Note that the terminal communication unit 22 transmits the server certificate and the intermediate certificate to the control device 50 by wireless communication through the local communication network.
  • the communication unit 51 of the control device 50 receives the server certificate and the intermediate certificate.
  • Control unit 52 verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate stored in storage unit 53 (S42). If the verification of the first signature is successful, the control unit 52 determines the first use condition included in the intermediate certificate (S43).
  • the control unit 52 verifies the second signature included in the received server certificate using the third public key included in the intermediate certificate (S44 ). If the verification of the second signature is successful, the control unit 52 determines the second usage conditions included in the server certificate (S45). Subsequent steps S46 to S49 are the same as steps S20 to S23 in Operation Example 1, and the electric lock 60 is finally unlocked.
  • the information terminal 20 can also lock the electric lock 60 based on the same operation sequence.
  • the second control device 40 can grant the unlocking authority of the electric lock 60 to the information terminal 20.
  • the first management device 30 may issue a server certificate to the second management device 40 in the second operation example.
  • the second control device 40 can unlock the electric lock 60 by acquiring the server certificate issued by the first control device 30 and transmitting it to the control device 50 . That is, in the operation example 2, the first management device 30 gives the second management device 40 the authority to unlock the electric lock 60 and the authority to issue the server certificate (the authority to unlock the electric lock for the information terminal 20). authorization) can be granted.
  • the resident can unlock the electric lock 60 of the private area contracted by the resident while staying in the facility 80, Also, while staying in the facility 80, the visitor can be permitted to unlock the electric lock 60 of the private portion.
  • the server certificate issued by the second management device 40 can be invalidated by the first management device 30 .
  • the first secure storage section 34 is used to prevent leakage of key information stored in the first management device 30 .
  • the first management device 30 is a smartphone
  • the use of a smartphone-standard SE as the first secure storage unit 34 has the advantage of enabling protection of key information while suppressing cost increases.
  • the key information stored in the first secure storage unit 34 cannot be retrieved outside the first management device 30. In other words, the key information stored in the first secure storage section 34 cannot be backed up. Then, when the first management device 30 is changed to a new first management device 30 due to model change or failure, the problem is that the key information cannot be handed over to the new first management device 30 .
  • FIG. 8 is a sequence diagram of operation example 3 of the information processing system 10 .
  • the new first management device 30 is simply referred to as the first management device 30, and the first management device 30 that has been used until then is referred to as the old first management device 30, etc. do.
  • the administrator installs an application for using the information processing system 10 on the first management device 30 .
  • a new second public key and a new second secret key are stored in the first secure storage unit 34 of the first management device 30 (S51).
  • the first information processing unit 32 of the first management device 30 acquires the server certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and acquires the acquired server certificate. And the root certificate is stored in the first storage unit 33 (S52).
  • the server certificate and root certificate acquired in step S52 are the server certificate and root certificate generated by the old first management device 30 and backed up in the first external storage device 71 .
  • the first information processing section 32 acquires the server certificate and the root certificate from the first external storage device 71 via the first communication section 31 .
  • the first information processing section 32 generates a new signature (S53).
  • the first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 in step S52 using the new second private key.
  • the first information processing unit 32 also causes the first communication unit 31 to transmit the first public key and a new server certificate including the new signature to the information terminal 20 (S54).
  • the server certificate may include usage conditions.
  • the terminal communication unit 22 of the information terminal 20 receives the new server certificate.
  • the terminal control unit 23 stores the received new server certificate in the terminal storage unit 24 (S55).
  • the first information processing unit 32 generates a new root certificate including the new second public key (S56), and sends the generated new root certificate to the control device 50 via the first communication unit 31.
  • Send (S57) In other words, the first communication unit 31 transmits the new root certificate generated by the first information processing unit 32 to the control device 50 .
  • the communication unit 51 of the control device 50 receives the new root certificate.
  • the control unit 52 stores the received new root certificate in the storage unit 53 (S58).
  • the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a deletion command for deleting the old root certificate stored in the storage unit 53 to the control device 50 ( S59). In other words, the first communication unit 31 transmits a deletion command to the control device 50 .
  • the communication unit 51 of the control device 50 receives the deletion command.
  • the control unit 52 cancels (deletes) the old root certificate from the storage unit 53 based on the received deletion command (S60). As a result, even if the control device 50 receives an old server certificate from the information terminal 20, the electric lock 60 will not be unlocked.
  • the information processing system 10 even if the key information stored in the first secure storage unit 34 of the old first management device 30 cannot be retrieved, the information processing system 10 A new root certificate and server certificate corresponding to the new key information stored in the first secure storage unit 34 of the can be generated. That is, the information processing system 10 can be continuously operated even if a new first management apparatus 30 is introduced.
  • the order of the processing of steps S51 to S60 may be arbitrarily changed within a possible range.
  • the deletion command is sent to the control device 50 . That is, after the new root certificate is stored in the storage unit 53, the old root certificate is deleted. As a result, both the old root certificate and the new root certificate are stored in the storage unit 53 of the control device 50 during the period T1 from step S58 to step S60.
  • the information processing system 10 can provide a root certificate migration period.
  • the electric lock 60 can be unlocked by the information terminal 20 in which the old server certificate is stored, and in the period after the period T1, the new server certificate It is possible to unlock the electric lock 60 by the information terminal 20 in which is stored.
  • a deletion command is sent to the control device 50 before the new root certificate is sent to the control device 50. Just do it. In other words, the old root certificate should be deleted before the new root certificate is stored in the storage unit 53 .
  • FIG. 9 is a sequence diagram of operation example 4 of such an information processing system 10 .
  • the new first management device 30 is simply referred to as the first management device 30, and the first management device 30 that has been used is referred to as the old first management device 30, etc. do.
  • the administrator installs an application for using the information processing system 10 on the first management device 30 .
  • a new second public key and a new second secret key are stored in the first secure storage unit 34 of the first management device 30 (S61).
  • the first information processing unit 32 of the first management device 30 acquires the intermediate certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and acquires the acquired intermediate certificate. And the root certificate is stored in the first storage unit 33 (S62).
  • the intermediate certificate and root certificate acquired in step S62 are the intermediate certificate and root certificate generated by the old first management device 30 and backed up in the first external storage device 71 .
  • the first information processing unit 32 specifically acquires the intermediate certificate and the root certificate from the first external storage device 71 via the first communication unit 31 .
  • the first information processing section 32 generates a new first signature (S63).
  • the first information processing unit 32 creates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 in step S62 using the new second private key. Generate.
  • the first information processing unit 32 causes the first communication unit 31 to transmit the third public key and the new intermediate certificate including the new first signature to the second management device 40 (S64).
  • the intermediate certificate may include the first terms of use, as in Operation Example 2.
  • the second communication unit 41 of the second management device 40 receives the new intermediate certificate.
  • the second information processing unit 42 stores the new intermediate certificate received by the second communication unit 41 in the second storage unit 43 (S65). At this time, the old intermediate certificate stored in the second storage unit 43 may be deleted. That is, intermediate certificates may be replaced.
  • the second information processing unit 42 transfers the new intermediate certificate stored in step S65 and the server certificate originally stored in the second storage unit 43 to the information terminal 20 via the second communication unit 41.
  • Send (S66) It should be noted that at least the intermediate certificate should be transmitted in step S66. In other words, the second communication unit 41 should just transmit the intermediate certificate to the information terminal 20 .
  • the terminal communication unit 22 of the information terminal 20 receives the new intermediate certificate and server certificate.
  • the terminal control unit 23 stores the received new intermediate certificate in the terminal storage unit 24 (S67). Note that the terminal storage unit 24 also stores a server certificate.
  • the first information processing unit 32 generates a new root certificate including the new second public key (S68), and transmits the generated new root certificate to the first communication unit 31 to the control device 50.
  • Send (S69) In other words, the first communication unit 31 transmits the new root certificate generated by the first information processing unit 32 to the control device 50 .
  • the communication unit 51 of the control device 50 receives the new root certificate.
  • Control unit 52 stores the received new root certificate in storage unit 53 (S70).
  • the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a deletion command for deleting the old root certificate stored in the storage unit 53 to the control device 50 ( S71). In other words, the first communication unit 31 transmits a deletion command to the control device 50 .
  • the communication unit 51 of the control device 50 receives the deletion command.
  • the control unit 52 cancels (deletes) the old root certificate from the storage unit 53 based on the received deletion command (S72). As a result, even if the control device 50 receives an old server certificate from the information terminal 20, the electric lock 60 will not be unlocked.
  • the first secure storage unit of the new first management device 30 New root and intermediate certificates corresponding to the new key information stored in 34 can be generated. That is, the information processing system 10 can be continuously operated even if a new first management apparatus 30 is introduced.
  • the order of the processing of steps S61 to S72, particularly the order of the processing of steps S63 to S72 may be arbitrarily changed within a possible range.
  • the deletion command is sent to the control device 50 . That is, after the new root certificate is stored in the storage unit 53, the old root certificate is deleted. As a result, both the old root certificate and the new root certificate are stored in the storage unit 53 of the control device 50 during the period T2 from step S70 to step S72.
  • the information processing system 10 can provide a root certificate migration period.
  • the electric lock 60 can be unlocked by the information terminal 20 in which the old intermediate certificate is stored, and in the period after the period T2, the new intermediate certificate It is possible to unlock the electric lock 60 by the information terminal 20 in which is stored.
  • a deletion command is sent to the control device 50 before the new root certificate is sent to the control device 50. Just do it. In other words, the old root certificate should be deleted before the new root certificate is stored in the storage unit 53 .
  • the second secure storage unit 44 is used to prevent leakage of key information stored in the second management device 40 .
  • the second management device 40 is a smartphone
  • the use of a smartphone standard SE as the second secure storage unit 44 has the advantage of enabling protection of key information while suppressing cost increases.
  • the key information stored in the second secure storage unit 44 cannot be retrieved outside the second management device 40. In other words, the key information stored in the second secure storage section 44 cannot be backed up. Then, when the second management device 40 is changed to a new second management device 40 due to model change or failure, the problem is that the key information cannot be handed over to the new second management device 40 .
  • FIG. 10 is a sequence diagram of operation example 4 of such an information processing system 10 .
  • the new second management device 40 is simply referred to as the second management device 40, and the second management device 40 that has been used until then is referred to as the old second management device 40, etc. do.
  • a resident installs an application for using the information processing system 10 on the second management device 40 .
  • a new third public key and a new third private key are stored in the second secure storage unit 44 of the second management device 40 (S81).
  • the second information processing unit 42 of the second management device 40 generates an intermediate certificate issuance request based on the operation of the resident, etc., and sends the generated issuance request to the second communication unit 41 for the first management. It is transmitted to the device 30 (S82).
  • the issuance request includes a new third public key.
  • the first communication unit 31 of the first management device 30 receives the issue request including the new third public key.
  • the first information processing unit 32 adds a new first signature to the received new third public key. It is generated using the second secret key (S83).
  • the first information processing unit 32 also causes the first communication unit 31 to transmit the third public key and the new intermediate certificate including the first signature to the second management device 40 (S84).
  • the new intermediate certificate may include the first terms of use.
  • the second communication unit 41 of the second management device 40 receives the new intermediate certificate.
  • the second information processing unit 42 stores the received intermediate certificate in the second storage unit 43 (S85).
  • the second information processing unit 42 of the second management device 40 acquires the server certificate stored in the second external storage device 72 from the second external storage device 72, and stores the acquired server certificate in the second storage.
  • the data is stored in the unit 43 (S86).
  • the server certificate acquired in step S86 is the server certificate generated by the old second management device 40 and backed up in the second external storage device 72 .
  • the second information processing unit 42 specifically acquires the server certificate from the second external storage device 72 via the second communication unit 41 .
  • the second information processing unit 42 generates a new second signature (S87).
  • the second information processing unit 42 creates a new second signature for the first public key included in the server certificate stored in the second storage unit 43 in step S86 using the new third private key. Generate.
  • the second information processing unit 42 receives the first public key and the new server certificate including the new second signature in step S84 (stored in the second storage unit 43 in step S85).
  • b) causes the second communication unit 41 to transmit the new intermediate certificate to the information terminal 20 (S88).
  • the new server certificate may include the second terms of use, as in the second operation example.
  • the terminal communication unit 22 of the information terminal 20 receives the new server certificate and the new intermediate certificate.
  • the terminal control unit 23 stores the received new server certificate and new intermediate certificate in the terminal storage unit 24 (S89).
  • the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a revocation command for revoking the old intermediate certificate to the control device 50 (S90).
  • the first communication unit 31 transmits an invalidation command to the control device 50 .
  • the revocation command is, for example, information indicating a list of intermediate certificates to be revoked, and more specifically, a CRL (Certificate Revocation List) or the like is used.
  • the communication unit 51 of the control device 50 receives the invalidation command.
  • the control unit 52 revokes the old intermediate certificate after receiving the revocation command (S91). More specifically, the control device 50 will not unlock the electric lock 60 even if the old intermediate certificate is received from the information terminal 20 .
  • the information processing system 10 can A new server certificate and intermediate certificate corresponding to the new key information stored in the second secure storage unit 44 of the can be generated. That is, the information processing system 10 can be continuously operated even if a new second management device 40 is introduced.
  • the order of the processing of steps S81 to S91, particularly the order of the processing of steps S83 to S91 may be arbitrarily changed within a possible range.
  • a new certificate new server certificate and new intermediate certificate
  • a revocation command is sent to control device 50 . That is, after the new certificate is stored in the terminal storage unit 24, the old intermediate certificate is revoked.
  • the electric lock 60 can be unlocked by both the information terminal 20 storing the new certificate and the information terminal 20 storing the old certificate. becomes possible.
  • the information processing system 10 can provide a certificate transition period. In the period after period T3, the electric lock 60 can be unlocked by the information terminal 20 in which the new certificate is stored.
  • the revocation command may be sent to the control device 50 before the new certificate is sent to the information terminal 20.
  • the old intermediate certificate should be revoked before the new certificate is stored in the terminal storage unit 24 .
  • the usage conditions were included in the server certificate, but the usage conditions may be transmitted from the information terminal 20 to the control device 50 by a secure method separately from the server certificate.
  • the usage conditions may be transmitted from the information terminal 20 to the control device 50 together with the signature of the first management device 30 through encrypted communication using a session key.
  • the control device 50 uses the electric lock 60 or the automatic door to prevent people from entering and exiting the space in the facility 80.
  • the device for restricting is controlled, the device for restricting entry and exit of articles may be controlled.
  • the control device 50 may control an electric lock that locks and unlocks the door of a delivery box, coin locker, safe deposit box, or the like.
  • the control device 50 may control equipment that restricts the entry and exit of goods or people into and out of the space.
  • the information processing system 10 and the information processing system 10a can be used not only for equipment that restricts the entry and exit of goods or people from the space, but also for the case where only a specific person is permitted to control home appliances such as lighting equipment and air conditioners. Applicable.
  • the control device 50 after transmitting the server certificate in step S17 and step S41, transmits pseudo information including random numbers to the information terminal 20, and the information terminal 20 receives The pseudo information obtained may be signed with the first secret key and transmitted to the control device 50 .
  • the control device 50 verifies the signature received from the information terminal 20 using the first public key included in the server certificate, thereby preventing certificate theft. is.
  • the information terminal 20 does not include a secure storage unit, but may include a secure storage unit (hereinafter also referred to as a terminal secure storage unit).
  • the terminal secure storage unit specifically stores a first public key and a first secret key.
  • the terminal secure storage unit is realized, for example, by a dedicated IC having a security function called SE used in smartphones and the like.
  • SE security function
  • the terminal control unit 23 can use the API to obtain the processing result based on the first private key and the first public key necessary for generating the server certificate. You can't refer to it.
  • the terminal secure storage unit has a function of preventing the first secret key from being taken out of the information terminal 20 .
  • the terminal secure storage unit is a storage device with higher security than the terminal storage unit 24 .
  • the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space.
  • the information processing system 10 includes an information terminal 20 , a first management device 30 and a control device 50 .
  • the information terminal 20 has a first private key, a first public key, and a server certificate containing a signature for the first public key generated using the first public key and the second private key. and a terminal communication unit 22 that transmits the server certificate to the control device 50 .
  • the control device 50 includes a storage unit 53 storing a root certificate including a second public key corresponding to the second private key, a communication unit 51 receiving the server certificate from the information terminal 20, and a a control unit 52 for verifying the signature included in the server certificate using the second public key included in the root certificate stored in the storage unit 53, and canceling the restriction of the device when the verification is successful.
  • the first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key.
  • a first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71.
  • a first information processing unit 32 that acquires the server certificate and the root certificate that have been acquired and stores the acquired server certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a root certificate generated by the first information processing unit 32 , to the control device 50 .
  • the first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 using the new second private key, and publishes the first public key. It causes the first communication unit 31 to transmit the key and the new server certificate including the new signature to the information terminal 20 .
  • the first communication unit 31 transmits to the control device 50 a deletion command for deleting the root certificate stored in the storage unit 53 .
  • Such an information processing system 10 can provide a root certificate migration period.
  • the first communication unit 31 transmits a deletion command for deleting the root certificate stored in the storage unit 53 to the control device 50 before transmitting the new root certificate to the control device 50.
  • Such an information processing system 10 can quickly prohibit the use of old root certificates.
  • the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space.
  • the information processing system 10 includes an information terminal 20 , a first management device 30 , a second management device 40 and a control device 50 .
  • the second management device 40 stores a third secret key and a third public key.
  • the information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key.
  • the control device 50 includes a storage unit 53 storing a root certificate including a second public key corresponding to the second private key, and a communication unit 51 receiving a server certificate and an intermediate certificate from the information terminal 20. , verifying the first signature contained in the received intermediate certificate using the second public key contained in the root certificate, and applying the second signature contained in the received server certificate to the intermediate certificate and a control unit 52 that verifies using the included third public key and cancels the restriction of the device when each verification is successful.
  • the first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key.
  • a first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71.
  • a first information processing unit 32 that acquires the obtained intermediate certificate and root certificate and stores the acquired intermediate certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a new root certificate generated by the first information processing unit 32 , to the control device 50 .
  • the first information processing unit 32 generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 using the new second private key,
  • the third public key and a new intermediate certificate containing the new first signature are transmitted to the second management device 40 by the first communication unit 31, and the second management device 40 transmits the new intermediate certificate.
  • It has a second communication unit 41 that receives from the first management device and transmits the received new intermediate certificate to the information terminal 20 .
  • the first communication unit 31 transmits a deletion command for deleting the root certificate stored in the storage unit 53 to the control device 50. do.
  • Such an information processing system 10 can provide a root certificate migration period.
  • the first communication unit 31 sends a deletion command to the control device 50 to delete the root certificate stored in the storage unit 53 before transmitting the new intermediate certificate to the second management device 40. Send.
  • Such an information processing system 10 can quickly prohibit the use of old root certificates.
  • the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space.
  • the information processing system 10 includes an information terminal 20 , a first management device 30 , a second management device 40 and a control device 50 .
  • the first management device 30 stores a second secret key and a second public key.
  • the information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key.
  • a certificate and a server certificate including a second signature for the first public key generated using a first public key and a third private key corresponding to the third public key are stored.
  • the control device 50 includes a storage unit 53 that stores a root certificate including a second public key, a communication unit 51 that receives a server certificate and an intermediate certificate from the information terminal 20, and a verifying the contained first signature using the second public key contained in the root certificate, and verifying the second signature contained in the received server certificate with the third public key contained in the intermediate certificate; and a control unit 52 that verifies using the device, and cancels the restriction on the device if each verification succeeds.
  • the second management device 40 is a second secure storage unit 44 in which a new third private key and a new third public key are stored.
  • a second secure storage unit 44 having a function to prevent the key from being taken out to the outside of the second secure storage unit 44, a second storage unit 43, and stored from the second external storage device 72 to the second external storage device 72.
  • a second information processing unit 42 that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit 43; and a second communication that transmits a new third public key to the first management device 30. a portion 41;
  • the first management device 30 receives the third public key from the second management device 40, and converts the new first signature for the received new third public key into the second secret key.
  • the unit 42 generates a new second signature for the first public key included in the server certificate stored in the second storage unit 43 using the new third private key, and generates the first public key , and the new server certificate including the new second signature and the new intermediate certificate received from the first management device 30 are transmitted to the information terminal 20 by the second communication unit 41 .
  • Such an information processing system 10 can grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people. can.
  • the first communication unit 31 transmits to the control device 50 a revocation command for revoking the intermediate certificate.
  • Such an information processing system 10 can provide a transition period for intermediate certificates.
  • the first communication unit 31 transmits a revocation command for revoking the intermediate certificate to the control device 50 before transmitting the new intermediate certificate to the second management device 40 .
  • Such an information processing system 10 can quickly prohibit the use of old intermediate certificates.
  • the first management device 30 is used to grant the information terminal 20 the authority to release restrictions on devices that restrict the entry and exit of goods or people into and out of the space.
  • the information terminal 20 has a first private key, a first public key, and a server certificate containing a signature for the first public key generated using the first public key and the second private key. is stored, and the server certificate is transmitted to the control device 50 that controls the device in order to release the restriction.
  • the control device 50 stores a root certificate including the second public key corresponding to the second private key, and when receiving the server certificate from the information terminal 20, the signature included in the received server certificate is verified using the second public key included in the root certificate, and if the verification succeeds, the restrictions on the device are lifted.
  • the first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key.
  • a first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71.
  • a first information processing unit 32 that acquires the server certificate and the root certificate that have been acquired and stores the acquired server certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a root certificate generated by the first information processing unit 32 , to the control device 50 .
  • the first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 using the new second private key, and publishes the first public key. It causes the first communication unit 31 to transmit the key and the new server certificate including the new signature to the information terminal 20 .
  • the first management device 30 is one of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction on the equipment that restricts the entry and exit of goods or people into and out of the space.
  • the second management device 40 stores a third private key and a third public key
  • the information terminal 20 stores the first private key, the first public key, the third public key, and an intermediate certificate containing a first signature to a third public key generated using a second private key; a first public key; and a first certificate generated using the third private key
  • It stores a server certificate containing a second signature on the public key, and transmits the server certificate and the intermediate certificate to the control device 50 that controls the device in order to remove the restriction.
  • the control device 50 stores a root certificate including a second public key corresponding to the second private key, and when receiving the server certificate and the intermediate certificate from the information terminal 20, the received intermediate certificate verifies the first signature contained in using the second public key contained in the root certificate, and verifies the second signature contained in the received server certificate with the third public key contained in the intermediate certificate , and if each verification succeeds, the device restriction is lifted.
  • the first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key.
  • a first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71.
  • a first information processing unit 32 that acquires the obtained intermediate certificate and root certificate and stores the acquired intermediate certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a new root certificate generated by the first information processing unit 32 , to the control device 50 .
  • the first information processing unit 32 generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 using the new second private key, It causes the first communication unit 31 to transmit the third public key and a new intermediate certificate containing the new first signature to the second management device 40 .
  • the second management device 40 is one of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction on the equipment that restricts the entry and exit of goods or people into and out of the space.
  • the first management device 30 stores a second secret key and a second public key.
  • the information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key. store a certificate and a server certificate including a second signature for the first public key generated using the first public key and a third private key corresponding to the third public key; and transmits the server certificate and the intermediate certificate to the control device 50 that controls the device.
  • the control device 50 stores a root certificate including a second public key, receives a server certificate and an intermediate certificate from the information terminal 20, and adds a first signature included in the received intermediate certificate. Verifying using the second public key contained in the root certificate, verifying the second signature contained in the received server certificate using the third public key contained in the intermediate certificate, and verifying each Remove device restrictions if verification succeeds.
  • the second management device 40 is a second secure storage unit 44 in which a new third private key and a new third public key are stored. A second secure storage unit 44 having a function to prevent the key from being taken out to the outside of the second secure storage unit 44, a second storage unit 43, and stored from the second external storage device 72 to the second external storage device 72.
  • a second information processing unit 42 that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit 43; and a second communication that transmits a new third public key to the first management device 30.
  • a second information processing unit 42 converts a new second signature for the first public key included in the server certificate stored in the second storage unit 43 into a new third private key. and send the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device 30 to the second communication unit 41 Send it to the information terminal 20 .
  • the new intermediate certificate includes a new third public key and a new first signature for the new third public key generated using the second private key.
  • Such a second management device 40 can give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people when it is newly introduced into the information processing system 10 .
  • the information processing method executed by the first management device 30, which is used for granting the information terminal 20 the authority to release the restriction on equipment that restricts the entry and exit of goods or people from the space is performed by the first external storage device 71.
  • Such an information processing method can use the newly introduced first management device 30 to give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.
  • the information processing method to be executed is to acquire the intermediate certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and store the acquired intermediate certificate and root certificate in the first storage unit. 33; generating a new root certificate containing the new second public key; transmitting the generated new root certificate to the control device 50; a step of generating a new first signature for a third public key included in the obtained intermediate certificate using the new second private key; and generating the third public key and the new first signature. and sending the new intermediate certificate containing the certificate to the second management device 40 .
  • Such an information processing method can use the newly introduced first management device 30 to give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.
  • the information processing method to be executed includes the steps of acquiring the server certificate stored in the second external storage device 72 from the second external storage device 72, storing the acquired server certificate in the second storage unit 43, a step of transmitting the third public key to the first management device 30; a step of generating using a private key; a first public key; a new server certificate including a new second signature; 20.
  • the new intermediate certificate includes a new third public key and a new first signature for the new third public key generated using the second private key.
  • Such an information processing method can use the newly introduced second management device 40 to grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.
  • the information processing system was implemented by a plurality of devices, but it may be implemented as a single device.
  • the information processing system may be implemented as a single device corresponding to any one of the information terminal, first management device, second management device, and control device.
  • the components (especially functional components) included in the information processing system may be distributed to the plurality of devices in any way.
  • processing executed by a specific processing unit may be executed by another processing unit.
  • order of multiple processes may be changed, and multiple processes may be executed in parallel.
  • each component may be realized by executing a software program suitable for each component.
  • Each component may be realized by reading and executing a software program recorded in a recording medium such as a hard disk or a semiconductor memory by a program execution unit such as a CPU or processor.
  • each component may be realized by hardware.
  • each component may be a circuit (or integrated circuit). These circuits may form one circuit as a whole, or may be separate circuits. These circuits may be general-purpose circuits or dedicated circuits.
  • general or specific aspects of the present invention may be implemented in a system, apparatus, method, integrated circuit, computer program, or recording medium such as a computer-readable CD-ROM. Also, general or specific aspects of the present invention may be implemented in any combination of systems, devices, methods, integrated circuits, computer programs and recording media.
  • the present invention may be implemented as the information terminal, first management device, second management device, control device, or electric lock system (control device and electric lock) of the above embodiments.
  • the present invention may also be implemented as an information processing method executed by a computer such as the information processing system of the above embodiment. Further, the present invention may be implemented as a program for causing a computer to execute the information processing method. The present invention may be implemented as a computer-readable non-temporary recording medium in which such a program is recorded.
  • the present invention may also be implemented as an application program for causing a general-purpose information terminal to function as the information terminal, first management device, or second management device of the above embodiments.
  • the present invention may be implemented as a computer-readable non-temporary recording medium in which such an application program is recorded.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

This information processing system (10) comprises an information terminal (20), a first management device (30), and a control device (50). The first management device (30) includes a first secure storage unit (34) in which a new second private key and a new second public key are stored, and a first storage unit (33). The first management device (30) acquires a server certificate and a root certificate from a first external storage device (71) and stores the acquired server certificate and root certificate in the first storage unit (33). The first management device (30) transmits, to the control device (50), a new root certificate that includes the new second public key. The first management device (30) generates a new signature for a first public key that is included in the server certificate stored in the first storage unit (33) by using the new second private key and transmits a new server certificate that includes the first public key and the new signature to the information terminal (20).

Description

情報処理システム、第一管理装置、第二管理装置、及び、情報処理方法Information processing system, first management device, second management device, and information processing method

 本発明は、情報処理システム、第一管理装置、第二管理装置、及び、情報処理方法に関する。 The present invention relates to an information processing system, a first management device, a second management device, and an information processing method.

 従来、施設のドアを施錠または解錠するためのセキュリティシステムが知られている。特許文献1には、指紋認証装置等の他の機器を要さずに住宅の施錠及び解錠を安全に遠隔操作することができるセキュリティシステムが開示されている。 Conventionally, security systems for locking or unlocking the doors of facilities are known. Japanese Unexamined Patent Application Publication No. 2002-201002 discloses a security system that can safely remotely control the locking and unlocking of a house without the need for other equipment such as a fingerprint authentication device.

特開2014-159692号公報JP 2014-159692 A

 施設のドアを施錠または解錠するための機器として電気錠が知られている。電気錠は、物品または人の出入りを制限する機器であるといえる。ここで、物品または人の出入りの制限を解除する権限を情報端末に付与するための情報処理システムにおいては、管理装置が備えるセキュリティチップに鍵情報が記憶される場合がある。このような場合、古い管理装置が新たな管理装置に変更されると、古い管理装置に記憶されていた鍵情報を新たな管理装置に引き継ぐことは難しい。 An electric lock is known as a device for locking or unlocking the doors of facilities. An electric lock can be said to be a device that restricts the entry and exit of goods or persons. Here, in an information processing system for granting an information terminal the authority to release restrictions on the entry and exit of goods or people, key information may be stored in a security chip provided in the management device. In such a case, when the old management device is changed to a new management device, it is difficult to hand over the key information stored in the old management device to the new management device.

 本発明は、鍵情報の引継ぎが困難な場合であっても運用の継続が可能な情報処理システム等を提供する。 The present invention provides an information processing system and the like that can continue to operate even when it is difficult to hand over key information.

 本発明の一態様に係る情報処理システムは、空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、情報端末、第一管理装置、及び、制御装置を備え、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とが記憶された端末記憶部と、前記サーバ証明書を前記制御装置へ送信する端末通信部とを有し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部と、前記情報端末から前記サーバ証明書を受信する通信部と、受信された前記サーバ証明書に含まれる前記署名を前記記憶部に記憶された前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部と、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、前記第一情報処理部は、前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を、前記第一通信部に前記情報端末へ送信させる。 An information processing system according to an aspect of the present invention is an information processing system used for canceling the restrictions on equipment that restricts the entry and exit of goods or people into and out of a space, comprising: an information terminal; a first management device; a control device, wherein the information terminal is configured to generate the first public key using the first secret key, the first public key, the first public key, and the second secret key; a terminal storage unit that stores a server certificate including a signature; and a terminal communication unit that transmits the server certificate to the control device. a storage unit storing a root certificate including two public keys, a communication unit receiving the server certificate from the information terminal, and storing the signature included in the received server certificate in the storage unit a control unit that performs verification using the second public key included in the root certificate that has been obtained, and releases the restriction on the device if the verification is successful; a first secure storage unit storing a second private key and a new second public key, wherein the new second private key and the new second public key are stored in the first secure storage acquires the server certificate and the root certificate stored in the external storage device from a first secure storage unit having a function to prevent it from being taken out to the outside of the unit, a first storage unit, and an external storage device; a first information processing unit for storing the obtained server certificate and the root certificate in the first storage unit; and a new root certificate including the new second public key, the first information a first communication unit configured to transmit a new root certificate generated by the processing unit to the control device, wherein the first information processing unit is included in the server certificate stored in the first storage unit; generating a new signature for said first public key using said new second private key, and generating said first public key and a new server certificate including said new signature, said first A communication unit is caused to transmit to the information terminal.

 本発明の一態様に係る情報処理システムは、空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、情報端末、第一管理装置、第二管理装置、及び、制御装置を備え、前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部と、前記サーバ証明書及び前記中間証明書を前記制御装置へ送信する端末通信部とを有し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部と、前記サーバ証明書及び前記中間証明書を前記情報端末から受信する通信部と、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部と、外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、前記第一情報処理部は、前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成し、前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させ、前記第二管理装置は、前記新たな中間証明書を前記第一管理装置から受信し、受信した前記新たな中間証明書を前記情報端末へ送信する第二通信部を有する。 An information processing system according to an aspect of the present invention is an information processing system used for canceling the restriction of a device that restricts the entry and exit of goods or people into and out of a space, comprising an information terminal, a first management device, a second A management device and a control device, wherein the second management device stores a third secret key and a third public key, and the information terminal stores the first secret key and the first public key and an intermediate certificate containing a first signature for the third public key generated using the third public key and the second private key, the first public key, and the a terminal storage unit storing a server certificate including a second signature for the first public key generated using a third private key; and storing the server certificate and the intermediate certificate in the control device. a terminal communication unit for transmitting data to a terminal communication unit, wherein the control device includes a storage unit storing a root certificate including a second public key corresponding to the second private key, the server certificate and the intermediate a communication unit that receives a certificate from the information terminal; verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate verifying the second signature included in the server certificate obtained by using the third public key included in the intermediate certificate, and releasing the restriction on the device if each verification is successful. wherein the first management device is a first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and a first secure storage unit having a function to prevent the new second public key from being taken out of the first secure storage unit; a first storage unit; and stored from an external storage device to the external storage device. a first information processing unit that acquires the intermediate certificate and the root certificate that have been obtained and stores the acquired intermediate certificate and the root certificate in the first storage unit; and the new second disclosure. a first communication unit configured to transmit a new root certificate including a key and generated by the first information processing unit to the control device, wherein the first information processing unit comprises: generating a new first signature for the third public key included in the intermediate certificate stored in the first storage unit using the new second private key, and generating the third public key; and causing the first communication unit to transmit a new intermediate certificate including the new first signature to the second management device, and the second management device transmits the new intermediate certificate to the first one tube a second communication unit that receives the new intermediate certificate from the management device and transmits the received new intermediate certificate to the information terminal.

 本発明の一態様に係る情報処理システムは、空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、情報端末、第一管理装置、第二管理装置、及び、制御装置を備え、前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部と、前記サーバ証明書及び前記中間証明書を前記制御装置へ送信する端末通信部とを有し、前記制御装置は、前記第二の公開鍵を含むルート証明書が記憶された記憶部と、前記サーバ証明書及び前記中間証明書を前記情報端末から受信する通信部と、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、前記第二管理装置は、新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、第二記憶部と、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶する第二情報処理部と、前記新たな第三の公開鍵を前記第一管理装置へ送信する第二通信部とを有し、前記第一管理装置は、前記第二管理装置から前記第三の公開鍵を受信する第一通信部と、受信した前記新たな第三の公開鍵に対する新たな第一の署名を前記第二の秘密鍵を用いて生成し、前記新たな第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させ、前記第二情報処理部は、前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した前記新たな中間証明書とを前記第二通信部に前記情報端末へ送信させる。 An information processing system according to an aspect of the present invention is an information processing system used for canceling the restriction of a device that restricts the entry and exit of goods or people into and out of a space, comprising an information terminal, a first management device, a second A management device and a control device, wherein the first management device stores a second secret key and a second public key, and the information terminal stores the first secret key and the first public key a third public key, an intermediate certificate containing a first signature for the third public key generated using the second private key, the first public key, and the a terminal storage unit storing a server certificate including a second signature for the first public key generated using a third private key corresponding to the third public key; the server certificate; a terminal communication unit configured to transmit the intermediate certificate to the control device, the control device comprising: a storage unit storing a root certificate including the second public key; a communication unit that receives a certificate from the information terminal; verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate verifying the second signature included in the server certificate obtained by using the third public key included in the intermediate certificate, and releasing the restriction on the device if each verification is successful. and the second management device is a second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and a second secure storage unit having a function to prevent the new third public key from being taken out of the second secure storage unit; a second storage unit; and stored from an external storage device to the external storage device. a second information processing unit that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit; and a third information processing unit that transmits the new third public key to the first management device. a first communication unit for receiving the third public key from the second management device; and a new first communication unit for the received new third public key. generate one signature using the second private key, and send a new intermediate certificate including the new third public key and the new first signature to the first communication unit; to the second management device, and the second information processing unit adds a new second signature for the first public key included in the server certificate stored in the second storage unit to the new first Generated using three private keys and sending the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device to the second communication unit Send to the information terminal.

 本発明の一態様に係る第一管理装置は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置であって、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記情報端末から前記サーバ証明書を受信すると、受信された前記サーバ証明書に含まれる前記署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部と、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、前記第一情報処理部は、前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を、前記第一通信部に前記情報端末へ送信させる。 A first management device according to an aspect of the present invention is a first management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space, The information terminal has a first private key, a first public key, and a server certificate including a signature for the first public key generated using the first public key and the second private key. and the server certificate is transmitted to a control device that controls the device in order to cancel the restriction, and the control device transmits a second public key corresponding to the second private key. When the server certificate is received from the information terminal, the signature included in the received server certificate is stored using the second public key included in the root certificate. If the verification is successful, the restriction on the device is released, and the first management device stores a first secure storage unit in which a new second secret key and a new second public key are stored. a first secure storage unit having a function of preventing the new second private key and the new second public key from being taken out of the first secure storage unit; a first storage unit that acquires the server certificate and the root certificate stored in the external storage device from an external storage device and stores the acquired server certificate and the root certificate in the first storage unit; an information processing unit; and a first communication unit that transmits to the control device a new root certificate that includes the new second public key and is generated by the first information processing unit. and the first information processing unit creates a new signature for the first public key included in the server certificate stored in the first storage unit using the new second private key and cause the first communication unit to transmit the first public key and a new server certificate including the new signature to the information terminal.

 本発明の一態様に係る第一管理装置は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第一管理装置であって、前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信すると、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部と、外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、前記第一情報処理部は、前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成し、前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させる。 A first management device according to an aspect of the present invention is a first management device and a second management device that are used to grant an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space. wherein the second management device stores a third private key and a third public key, and the information terminal stores the first private key and the first public key an intermediate certificate containing a first signature for said third public key generated using a key, said third public key and a second private key, said first public key, and and a server certificate including a second signature for the first public key generated using the third private key, the server certificate and the intermediate certificate for removing the restriction. to a control device that controls the device, the control device storing a root certificate containing a second public key corresponding to the second private key, and transmitting the server certificate and the intermediate When a certificate is received from the information terminal, the first signature included in the received intermediate certificate is verified using the second public key included in the root certificate, and the received server The second signature included in the certificate is verified using the third public key included in the intermediate certificate, and if each verification is successful, the restriction on the device is lifted, and the first The management device is a first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are a first secure storage unit having a function of preventing it from being taken out to the outside of the first secure storage unit; a first storage unit; a first information processing unit that obtains a root certificate and stores the obtained intermediate certificate and the root certificate in the first storage unit; and a new root certificate that includes the new second public key. a first communication unit configured to transmit a new root certificate generated by the first information processing unit to the control device, wherein the first information processing unit is stored in the first storage unit; generating a new first signature for the third public key included in the intermediate certificate using the new second private key, and generating the third public key and the new first signature; The first communication unit is caused to transmit a new intermediate certificate including a signature to the second management device.

 本発明の一態様に係る第二管理装置は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第二管理装置であって、前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信し、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、前記第二管理装置は、新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、第二記憶部と、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶する第二情報処理部と、前記新たな第三の公開鍵を前記第一管理装置へ送信する第二通信部とを有し、前記第二情報処理部は、前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した新たな中間証明書とを前記第二通信部に前記情報端末へ送信させ、前記新たな中間証明書は、前記新たな第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記新たな第三の公開鍵に対する新たな第一の署名を含む。 A second management device according to an aspect of the present invention is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space. wherein the first management device stores a second private key and a second public key, and the information terminal stores the first private key and the first public key a key, a third public key, an intermediate certificate containing a first signature for said third public key generated using said second private key, said first public key, and and a server certificate containing a second signature for said first public key generated using a third private key corresponding to said third public key, said server certificate and said intermediate transmitting the certificate to a control device that controls the device, the control device storing a root certificate including the second public key, and transmitting the server certificate and the intermediate certificate from the information terminal; receiving, verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate, and verifying the first signature included in the received server certificate; The second signature is verified using the third public key included in the intermediate certificate, and if each verification is successful, the restriction on the device is lifted, and the second management device creates a new third a second secure storage unit storing three private keys and a new third public key, wherein the new third private key and the new third public key are stored in the second secure storage unit; a second secure storage unit having a function of preventing it from being taken out to the outside, a second storage unit, and an external storage device to acquire the server certificate stored in the external storage device, and the acquired server certificate in the second storage unit, and a second communication unit for transmitting the new third public key to the first management device, the second information processing unit comprising: generating a new second signature for the first public key included in the server certificate stored in the second storage unit using the new third private key, and generating the first public key; and causing the second communication unit to transmit the new server certificate including the new second signature and the new intermediate certificate received from the first management device to the information terminal, and The intermediate certificate includes the new third public key and a new first signature for the new third public key generated using the second private key.

 本発明の一態様に係る情報処理方法は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置が実行する情報処理方法であって、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記情報端末から前記サーバ証明書を受信すると、受信された前記サーバ証明書に含まれる前記署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部とを有し、前記情報処理方法は、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶するステップと、前記新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した前記新たなルート証明書を前記制御装置へ送信するステップと、前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成するステップと、前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を前記情報端末へ送信するステップとを含む。 An information processing method according to an aspect of the present invention is an information processing method executed by a first management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space. wherein the information terminal signs a signature on the first public key generated using the first private key and the first public key, and the first public key and the second private key and a server certificate containing the second private key, and transmits the server certificate to a control device that controls the device in order to remove the restriction, and the control device stores the second private key corresponding to the second private key A root certificate containing two public keys is stored, and when the server certificate is received from the information terminal, the signature contained in the received server certificate is transmitted to the second certificate contained in the root certificate. and if the verification is successful, the restriction on the device is released, and the first management device stores a new second secret key and a new second public key. A first secure storage unit having a function of preventing the new second private key and the new second public key from being taken out of the first secure storage unit and a first storage unit, wherein the information processing method acquires the server certificate and the root certificate stored in the external storage device from an external storage device, and stores the acquired server certificate and the storing a root certificate in the first storage unit; generating a new root certificate including the new second public key; and transmitting the generated new root certificate to the control device. and generating a new signature for the first public key included in the server certificate stored in the first storage unit using the new second private key; sending a key and a new server certificate containing the new signature to the information terminal.

 本発明の一態様に係る情報処理方法は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第一管理装置が実行する情報処理方法であって、前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信すると、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、前記第一管理装置は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、第一記憶部とを有し、前記情報処理方法は、外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶するステップと、前記新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した前記新たなルート証明書を前記制御装置へ送信するステップと、前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成するステップと、前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を前記第二管理装置へ送信するステップとを含む。 An information processing method according to an aspect of the present invention is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space. An information processing method executed by a first management device, wherein the second management device stores a third secret key and a third public key, and the information terminal stores the first secret key and an intermediate certificate containing a first signature for the third public key generated using the first public key, the third public key, and the second private key, and the first a public key and a server certificate including a second signature for the first public key generated using the third private key; certificate and the intermediate certificate to a control device that controls the device, the control device stores a root certificate containing a second public key corresponding to the second private key, and the server upon receiving the certificate and the intermediate certificate from the information terminal, verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate; verifying the second signature included in the received server certificate using the third public key included in the intermediate certificate, and canceling the restriction of the device if each verification succeeds; and the first management device is a first secure storage unit in which a new second private key and a new second public key are stored, wherein the new second private key and the new first a first secure storage unit having a function of preventing the second public key from being taken out of the first secure storage unit; acquiring the intermediate certificate and the root certificate stored in an external storage device, storing the acquired intermediate certificate and the root certificate in the first storage unit; generating a new root certificate including a public key and transmitting the generated new root certificate to the control device; generating a new first signature for the public key of using the new second private key; and a new intermediate certificate containing the third public key and the new first signature to the second management device.

 本発明の一態様に係る情報処理方法は、空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第二管理装置が実行する情報処理方法であって、前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、前記情報端末は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、前記制御装置は、前記第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信し、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、前記第二管理装置は、新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、第二記憶部とを有し、前記情報処理方法は、外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶するステップと、前記新たな第三の公開鍵を前記第一管理装置へ送信するステップと、前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成するステップと、前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した新たな中間証明書とを前記情報端末へ送信するステップとを含み、前記新たな中間証明書は、前記新たな第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記新たな第三の公開鍵に対する新たな第一の署名を含む。 An information processing method according to an aspect of the present invention is a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space. An information processing method executed by a second management device, wherein the first management device stores a second secret key and a second public key, and the information terminal stores the first secret key and a first public key, a third public key, and an intermediate certificate containing a first signature for the third public key generated using the second private key; storing a public key and a server certificate including a second signature for the first public key generated using a third private key corresponding to the third public key; transmitting the certificate and the intermediate certificate to a control device that controls the device, the control device storing a root certificate including the second public key, and transmitting the server certificate and the intermediate certificate; is received from the information terminal, the first signature included in the received intermediate certificate is verified using the second public key included in the root certificate, and the received server certificate verifies the second signature included in the intermediate certificate using the third public key included in the intermediate certificate, and if each verification is successful, the restriction on the device is canceled, and the second management device is a second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and the new third public key are the third a second secure storage unit having a function of preventing it from being taken out of the second secure storage unit; and a second storage unit, wherein the information processing method is stored in the external storage device from the external storage device. acquiring the server certificate, storing the acquired server certificate in the second storage unit; transmitting the new third public key to the first management device; generating a new second signature for the first public key included in the server certificate stored in the unit using the new third private key; the first public key; , sending a new server certificate containing the new second signature and a new intermediate certificate received from the first management device to the information terminal, wherein the new intermediate certificate is , the new third public key, and a new first signature for the new third public key generated using the second private key.

 本発明の一態様に係るプログラムは、前記情報処理方法をコンピュータに実行させるためのプログラムである。 A program according to one aspect of the present invention is a program for causing a computer to execute the information processing method.

 本発明の一態様に係る情報処理システム等は、鍵情報の引継ぎが困難な場合であっても運用の継続が可能である。 The information processing system, etc. according to one aspect of the present invention can continue to operate even if it is difficult to hand over the key information.

図1は、実施の形態に係る情報処理システムの外観図である。FIG. 1 is an external view of an information processing system according to an embodiment. 図2は、実施の形態に係る情報処理システムの機能構成を示すブロック図である。FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment. 図3は、実施の形態に係る情報処理システムの動作例1の前半のシーケンス図である。FIG. 3 is a sequence diagram of the first half of operation example 1 of the information processing system according to the embodiment. 図4は、実施の形態に係る情報処理システムの動作例1の後半のシーケンス図である。FIG. 4 is a sequence diagram of the second half of operation example 1 of the information processing system according to the embodiment. 図5は、サーバ証明書のフォーマットの一例を示す図である。FIG. 5 is a diagram showing an example of the format of a server certificate. 図6は、実施の形態に係る情報処理システムの動作例2の前半のシーケンス図である。FIG. 6 is a sequence diagram of the first half of Operation Example 2 of the information processing system according to the embodiment. 図7は、実施の形態に係る情報処理システムの動作例2の後半のシーケンス図である。FIG. 7 is a sequence diagram of the latter half of Operation Example 2 of the information processing system according to the embodiment. 図8は、実施の形態に係る情報処理システムの動作例3のシーケンス図である。FIG. 8 is a sequence diagram of operation example 3 of the information processing system according to the embodiment. 図9は、実施の形態に係る情報処理システムの動作例4のシーケンス図である。FIG. 9 is a sequence diagram of operation example 4 of the information processing system according to the embodiment. 図10は、このような情報処理システムの動作例5のシーケンス図である。FIG. 10 is a sequence diagram of operation example 5 of such an information processing system.

 以下、実施の形態について、図面を参照しながら具体的に説明する。なお、以下で説明する実施の形態は、いずれも包括的または具体的な例を示すものである。以下の実施の形態で示される数値、形状、材料、構成要素、構成要素の配置位置及び接続形態、ステップ、ステップの順序などは、一例であり、本発明を限定する主旨ではない。また、以下の実施の形態における構成要素のうち、独立請求項に記載されていない構成要素については、任意の構成要素として説明される。 Hereinafter, embodiments will be specifically described with reference to the drawings. It should be noted that the embodiments described below are all comprehensive or specific examples. Numerical values, shapes, materials, components, arrangement positions and connection forms of components, steps, order of steps, and the like shown in the following embodiments are examples and are not intended to limit the present invention. Further, among the constituent elements in the following embodiments, constituent elements not described in independent claims will be described as optional constituent elements.

 なお、各図は模式図であり、必ずしも厳密に図示されたものではない。また、各図において、実質的に同一の構成に対しては同一の符号を付し、重複する説明は省略または簡略化される場合がある。 It should be noted that each figure is a schematic diagram and is not necessarily strictly illustrated. Moreover, in each figure, the same code|symbol is attached|subjected with respect to substantially the same structure, and the overlapping description may be abbreviate|omitted or simplified.

 (実施の形態)
 [構成]
 まず、実施の形態に係る情報処理システムの構成について説明する。図1は、実施の形態に係る情報処理システムの外観図である。図2は、実施の形態に係る情報処理システムの機能構成を示すブロック図である。 (Embodiment)
[composition]
First, the configuration of the information processing system according to the embodiment will be described. FIG. 1 is an external view of an information processing system according to an embodiment. FIG. 2 is a block diagram of the functional configuration of the information processing system according to the embodiment.

 図1に示されるように、実施の形態に係る情報処理システム10は、施設80への訪問者が電気錠60を情報端末20で解錠するために、情報端末20に電気錠60の解錠権限(または施錠権限)を付与するためのシステムである。情報処理システム10は、情報端末20と、第一管理装置30と、第二管理装置40と、制御装置50と、電気錠60と、第一外部記憶装置71と、第二外部記憶装置72とを備える。制御装置50、及び、電気錠60は、例えば、施設80内のドア81(またはドア枠)に電気錠システムとして設置される。施設80は、例えば、集合住宅であるが、オフィスビルなどの住宅以外の施設であってもよい。 As shown in FIG. 1 , information processing system 10 according to the embodiment provides information terminal 20 with information terminal 20 to unlock electric lock 60 so that a visitor to facility 80 can unlock electric lock 60 with information terminal 20 . It is a system for granting authority (or locking authority). The information processing system 10 includes an information terminal 20, a first management device 30, a second management device 40, a control device 50, an electric lock 60, a first external storage device 71, and a second external storage device 72. Prepare. The control device 50 and the electric lock 60 are installed as an electric lock system on the door 81 (or door frame) in the facility 80, for example. The facility 80 is, for example, an apartment complex, but may be a facility other than a residence such as an office building.

 情報端末20は、施設80への訪問者が電気錠60を解錠するために使用する情報端末である。情報端末20は、例えば、スマートフォンまたはタブレット端末などの携帯型の情報端末である。情報端末20は、操作受付部21と、端末通信部22と、端末制御部23と、端末記憶部24とを備える。 The information terminal 20 is an information terminal that a visitor to the facility 80 uses to unlock the electric lock 60 . The information terminal 20 is, for example, a mobile information terminal such as a smart phone or a tablet terminal. The information terminal 20 includes an operation reception section 21 , a terminal communication section 22 , a terminal control section 23 and a terminal storage section 24 .

 操作受付部21は、ユーザの操作を受け付ける。操作受付部21は、例えば、タッチパネルによって実現されるが、ハードウェアキーなどによって実現されてもよい。 The operation reception unit 21 receives user operations. The operation reception unit 21 is implemented by, for example, a touch panel, but may be implemented by hardware keys or the like.

 端末通信部22は、情報端末20が第一管理装置30、第二管理装置40、及び、制御装置50のそれぞれと通信を行うための通信回路である。端末通信部22は、例えば、第一管理装置30及び第二管理装置40とは、インターネットなどの広域通信ネットワークを通じた無線通信を行い、制御装置50とは局所通信ネットワークを通じた無線通信を行う。 The terminal communication unit 22 is a communication circuit for the information terminal 20 to communicate with each of the first management device 30, the second management device 40, and the control device 50. For example, the terminal communication unit 22 performs wireless communication with the first management device 30 and the second management device 40 through a wide area communication network such as the Internet, and performs wireless communication with the control device 50 through a local communication network.

 端末制御部23は、電気錠60を解錠するための情報処理などを行う。端末制御部23は、例えば、マイクロコンピュータによって実現されるが、プロセッサによって実現されてもよい。端末制御部23の機能は、例えば、端末制御部23を構成するマイクロコンピュータまたはプロセッサ等が端末記憶部24に記憶されたコンピュータプログラムを実行することによって実現される。 The terminal control unit 23 performs information processing and the like for unlocking the electric lock 60 . The terminal control unit 23 is implemented by, for example, a microcomputer, but may be implemented by a processor. The functions of the terminal control unit 23 are realized by, for example, executing a computer program stored in the terminal storage unit 24 by a microcomputer, processor, or the like that constitutes the terminal control unit 23 .

 端末記憶部24は、上記情報処理に必要な情報、及び、上記コンピュータプログラムなどが記憶される記憶装置である。端末記憶部24は、例えば、半導体メモリによって実現される。 The terminal storage unit 24 is a storage device that stores the information necessary for the above information processing, the above computer programs, and the like. The terminal storage unit 24 is implemented by, for example, a semiconductor memory.

 第一管理装置30は、施設80の管理者等が使用する情報端末である。管理者等とは、施設80のオーナまたは施設80の管理事業者の従業員などである。第一管理装置30は、例えば、スマートフォンまたはタブレット端末などの携帯型の情報端末であるが、パーソナルコンピュータまたはサーバ装置などの据え置き型の情報端末であってもよい。第一管理装置30は、第一通信部31と、第一情報処理部32と、第一記憶部33と、第一セキュア記憶部34とを備える。 The first management device 30 is an information terminal used by the administrator of the facility 80 or the like. The manager or the like is the owner of the facility 80 or an employee of the management company of the facility 80 or the like. The first management device 30 is, for example, a portable information terminal such as a smart phone or a tablet terminal, but may be a stationary information terminal such as a personal computer or a server device. The first management device 30 includes a first communication section 31 , a first information processing section 32 , a first storage section 33 and a first secure storage section 34 .

 第一通信部31は、第一管理装置30が、情報端末20、第二管理装置40、及び、制御装置50のそれぞれと通信を行うための通信回路である。第一通信部31は、例えば、情報端末20、第二管理装置40、及び、制御装置50のそれぞれと広域通信ネットワークを通じた通信を行う。第一通信部31は、有線通信を行ってもよいし、無線通信を行ってもよい。 The first communication unit 31 is a communication circuit for the first management device 30 to communicate with each of the information terminal 20, the second management device 40, and the control device 50. The first communication unit 31, for example, communicates with each of the information terminal 20, the second management device 40, and the control device 50 through the wide area communication network. The first communication unit 31 may perform wired communication or wireless communication.

 第一情報処理部32は、情報端末20に電気錠60の解錠権限を与えるための情報処理を行う。第一情報処理部32は、例えば、マイクロコンピュータによって実現されるが、プロセッサによって実現されてもよい。第一情報処理部32の機能は、例えば、第一情報処理部32を構成するマイクロコンピュータまたはプロセッサ等が第一記憶部33に記憶されたコンピュータプログラムを実行することによって実現される。 The first information processing section 32 performs information processing for giving the information terminal 20 the authority to unlock the electric lock 60 . The first information processing unit 32 is implemented by, for example, a microcomputer, but may be implemented by a processor. The functions of the first information processing section 32 are realized, for example, by executing a computer program stored in the first storage section 33 by a microcomputer, processor, or the like that constitutes the first information processing section 32 .

 第一記憶部33は、上記情報処理に必要な情報、及び、上記コンピュータプログラムなどが記憶される記憶装置である。第一記憶部33は、例えば、HDD(Hard Disk Drive)によって実現されるが、半導体メモリによって実現されてもよい。 The first storage unit 33 is a storage device that stores the information necessary for the information processing and the computer programs. The first storage unit 33 is implemented by, for example, an HDD (Hard Disk Drive), but may be implemented by a semiconductor memory.

 第一セキュア記憶部34は、上記情報処理に必要な情報のうち、鍵情報のような機密性が求められる情報が記憶される記憶装置である。第一セキュア記憶部34には、具体的には、第二の公開鍵及び第二の秘密鍵(後述)が記憶される。第一セキュア記憶部34は、例えば、スマートフォンなどで使用されるSE(Secure Element)と呼ばれるセキュリティ機能を有する専用IC(ハードウェア)によって実現される。SEは、SEに格納された情報に基づく処理結果をAPI(Application Programming Interface)を用いて取得することは可能であるが、SEに格納された情報そのものを直接参照することはできない。第一情報処理部32は、APIを用いて、第二の秘密鍵に基づく処理結果、及び、証明書(サーバ証明書、ルート証明書、及び、中間証明書など)生成に必要な第二の公開鍵を取得することは可能であるが、第二の秘密鍵そのものを参照することはできない。つまり、第一セキュア記憶部34は、第二の秘密鍵が第一管理装置30の外部に取り出されることを抑制する機能を有している。第一セキュア記憶部34は、第一記憶部33よりもセキュリティ性が高い記憶装置である。 The first secure storage unit 34 is a storage device that stores information that requires confidentiality, such as key information, among the information necessary for the above information processing. Specifically, the first secure storage unit 34 stores a second public key and a second secret key (described later). The first secure storage unit 34 is realized, for example, by a dedicated IC (hardware) having a security function called SE (Secure Element) used in smartphones and the like. The SE can obtain the processing result based on the information stored in the SE using an API (Application Programming Interface), but cannot directly refer to the information itself stored in the SE. The first information processing unit 32 uses an API to obtain the processing result based on the second private key and the second information necessary for generating a certificate (server certificate, root certificate, intermediate certificate, etc.). It is possible to obtain the public key, but it is not possible to refer to the second private key itself. In other words, the first secure storage unit 34 has a function of preventing the second secret key from being taken out to the outside of the first management device 30 . The first secure storage unit 34 is a storage device with higher security than the first storage unit 33 .

 第二管理装置40は、施設80の入居者等が使用する情報端末である。第二管理装置40は、例えば、携帯型の情報端末であるが、パーソナルコンピュータまたはサーバ装置などの据え置き型の情報端末であってもよい。第二管理装置40は、第二通信部41と、第二情報処理部42と、第二記憶部43と、第二セキュア記憶部44とを備える。 The second management device 40 is an information terminal used by residents of the facility 80. The second management device 40 is, for example, a portable information terminal, but may be a stationary information terminal such as a personal computer or a server device. The second management device 40 includes a second communication section 41 , a second information processing section 42 , a second storage section 43 and a second secure storage section 44 .

 第二通信部41は、第二管理装置40が、情報端末20、第一管理装置30、及び、制御装置50のそれぞれと通信を行うための通信回路である。第二通信部41は、例えば、情報端末20、第一管理装置30、及び、制御装置50のそれぞれと広域通信ネットワークを通じた通信を行う。第二通信部41は、有線通信を行ってもよいし、無線通信を行ってもよい。 The second communication unit 41 is a communication circuit for the second management device 40 to communicate with each of the information terminal 20, the first management device 30, and the control device 50. The second communication unit 41, for example, communicates with each of the information terminal 20, the first management device 30, and the control device 50 through the wide area communication network. The second communication unit 41 may perform wired communication or wireless communication.

 第二情報処理部42は、情報端末20に電気錠60の解錠権限を与えるための情報処理を行う。第二情報処理部42は、例えば、マイクロコンピュータによって実現されるが、プロセッサによって実現されてもよい。第二情報処理部42の機能は、例えば、第二情報処理部42を構成するマイクロコンピュータまたはプロセッサ等が第二記憶部43に記憶されたコンピュータプログラムを実行することによって実現される。 The second information processing unit 42 performs information processing to give the information terminal 20 the authority to unlock the electric lock 60 . The second information processing unit 42 is implemented by, for example, a microcomputer, but may be implemented by a processor. The functions of the second information processing section 42 are realized by, for example, executing a computer program stored in the second storage section 43 by a microcomputer, processor, or the like that constitutes the second information processing section 42 .

 第二記憶部43は、上記情報処理に必要な情報、及び、上記コンピュータプログラムなどが記憶される記憶装置である。第二記憶部43は、例えば、半導体メモリによって実現される。 The second storage unit 43 is a storage device that stores the information necessary for the information processing, the computer programs, and the like. The second storage unit 43 is implemented by, for example, a semiconductor memory.

 第二セキュア記憶部44は、上記情報処理に必要な情報のうち、鍵情報のような機密性が求められる情報が記憶される記憶装置である。第二セキュア記憶部44には、具体的には、第三の公開鍵及び第三の秘密鍵(後述)が記憶される。第二セキュア記憶部44は、例えば、スマートフォンなどで使用されるSEと呼ばれるセキュリティ機能を有する専用IC(ハードウェア)によって実現される。第二情報処理部42は、APIを用いて、第三の秘密鍵に基づく処理結果、及び、証明書(サーバ証明書、及び、中間証明書など)生成に必要な第三の公開鍵を取得することは可能であるが、第三の秘密鍵そのものを参照することはできない。つまり、第二セキュア記憶部44は、第三の秘密鍵が第二管理装置40の外部に取り出されることを抑制する機能を有している。第二セキュア記憶部44は、第二記憶部43よりもセキュリティ性が高い記憶装置である。 The second secure storage unit 44 is a storage device that stores information that requires confidentiality, such as key information, among the information necessary for the above information processing. Specifically, the second secure storage unit 44 stores a third public key and a third private key (described later). The second secure storage unit 44 is implemented by, for example, a dedicated IC (hardware) having a security function called SE used in smartphones and the like. The second information processing unit 42 obtains the processing result based on the third private key and the third public key necessary for generating the certificate (server certificate, intermediate certificate, etc.) using API. However, it is not possible to refer to the third private key itself. In other words, the second secure storage unit 44 has a function of preventing the third secret key from being taken out of the second management device 40 . The second secure storage unit 44 is a storage device with higher security than the second storage unit 43 .

 制御装置50は、電気錠60の施錠及び解錠を制御する制御装置である。制御装置50は、例えば、ドア81またはドア枠に内蔵される。制御装置50は、通信部51と、制御部52と、記憶部53とを備える。 The control device 50 is a control device that controls locking and unlocking of the electric lock 60 . The control device 50 is built into the door 81 or door frame, for example. The control device 50 includes a communication section 51 , a control section 52 and a storage section 53 .

 通信部51は、制御装置50が、情報端末20、第一管理装置30、及び、第二管理装置40のそれぞれと通信を行うための通信回路である。通信部51は、例えば、情報端末20とは局所通信ネットワークを通じた無線通信を行い、第一管理装置30及び第二管理装置40とは広域通信ネットワークを通じた無線通信を行う。 The communication unit 51 is a communication circuit for the control device 50 to communicate with each of the information terminal 20, the first management device 30, and the second management device 40. For example, the communication unit 51 performs wireless communication with the information terminal 20 through the local communication network, and wireless communication with the first management apparatus 30 and the second management apparatus 40 through the wide area communication network.

 制御部52は、電気錠60を施錠または解錠するための情報処理を行う。制御部52は、具体的には、電気錠60に制御信号を出力することにより、電気錠60を施錠または解錠する。制御部52は、例えば、マイクロコンピュータによって実現されるが、プロセッサによって実現されてもよい。制御部52の機能は、例えば、制御部52を構成するマイクロコンピュータまたはプロセッサ等が記憶部53に記憶されたコンピュータプログラムを実行することによって実現される。 The control unit 52 performs information processing for locking or unlocking the electric lock 60 . Specifically, the control unit 52 locks or unlocks the electric lock 60 by outputting a control signal to the electric lock 60 . The control unit 52 is implemented by, for example, a microcomputer, but may be implemented by a processor. The functions of the control unit 52 are realized by, for example, executing a computer program stored in the storage unit 53 by a microcomputer, processor, or the like that constitutes the control unit 52 .

 記憶部53は、上記情報処理に必要な情報、及び、上記コンピュータプログラムなどが記憶される記憶装置である。記憶部53は、例えば、半導体メモリによって実現される。 The storage unit 53 is a storage device that stores the information necessary for the information processing, the computer programs, and the like. The storage unit 53 is implemented by, for example, a semiconductor memory.

 電気錠60は、制御部52から出力される制御信号に基づいてドア81を施錠または解錠する。電気錠60は、具体的には、電動モータと、電動モータの駆動力をデッドボルトに伝達する伝達機構とを有する。電動モータの駆動力が伝達機構を介してデッドボルトに伝達されることによって、デッドボルトが施錠位置または解錠位置に移動する。 The electric lock 60 locks or unlocks the door 81 based on the control signal output from the control section 52. Specifically, the electric lock 60 has an electric motor and a transmission mechanism that transmits the driving force of the electric motor to the deadbolt. The deadbolt moves to the locked position or the unlocked position by transmitting the driving force of the electric motor to the deadbolt via the transmission mechanism.

 第一外部記憶装置71は、第一管理装置30の第一記憶部33に記憶された情報をバックアップするための記憶装置である。第一外部記憶装置71には、第一情報処理部32によって生成された、サーバ証明書、ルート証明書、及び、中間証明書などが記憶される。第一外部記憶装置71は、例えば、クラウドサーバであり、第一情報処理部32は、第一通信部31を介して情報を第一外部記憶装置71へアップロードし、第一通信部31を介して第一外部記憶装置71から情報をダウンロードすることができる。第一外部記憶装置71は、クラウドサーバに限定されず、SD(Secure Digital)カードなどの第一管理装置30に直接的に接続される記録媒体であってもよい。 The first external storage device 71 is a storage device for backing up information stored in the first storage section 33 of the first management device 30 . The first external storage device 71 stores a server certificate, a root certificate, an intermediate certificate, and the like generated by the first information processing section 32 . The first external storage device 71 is, for example, a cloud server, and the first information processing unit 32 uploads information to the first external storage device 71 via the first communication unit 31, information can be downloaded from the first external storage device 71 using the The first external storage device 71 is not limited to a cloud server, and may be a recording medium directly connected to the first management device 30 such as an SD (Secure Digital) card.

 第二外部記憶装置72は、第二管理装置40の第二記憶部43に記憶された情報をバックアップするための記憶装置である。第二外部記憶装置72には、第二情報処理部42によって生成されたサーバ証明書などが記憶される。第二外部記憶装置72は、例えば、クラウドサーバであり、第二情報処理部42は、第二通信部41を介して情報を第二外部記憶装置72へアップロードし、第二通信部41を介して第二外部記憶装置72から情報をダウンロードすることができる。第二外部記憶装置72は、クラウドサーバに限定されず、SDカードなどの第二管理装置40に直接的に接続される記録媒体であってもよい。 The second external storage device 72 is a storage device for backing up information stored in the second storage section 43 of the second management device 40 . The server certificate generated by the second information processing unit 42 and the like are stored in the second external storage device 72 . The second external storage device 72 is, for example, a cloud server, and the second information processing unit 42 uploads information to the second external storage device 72 via the second communication unit 41, information can be downloaded from the second external storage device 72 by pressing the The second external storage device 72 is not limited to a cloud server, and may be a recording medium directly connected to the second management device 40 such as an SD card.

 [動作例1]
 次に、情報処理システム10の動作例1について説明する。図3及び図4は、情報処理システム10の動作例1のシーケンス図である。以下の動作例1においては、情報端末20は、施設80への訪問者によって使用され、第一管理装置30は、施設80の管理者等によって使用されるものとして説明が行われる。訪問者は、例えば、家事代行サービスの提供事業者から派遣される者、または、荷物の配達員などである。 [Operation example 1]
Next, an operation example 1 of the information processing system 10 will be described. 3 and 4 are sequence diagrams of operation example 1 of the information processing system 10. FIG. In the following operation example 1, it is assumed that the information terminal 20 is used by a visitor to the facility 80 and the first management device 30 is used by a manager of the facility 80 or the like. The visitor is, for example, a person dispatched by a housekeeping service provider, or a parcel delivery person.

 まず、図3を参照しながら、情報端末20の端末記憶部24にサーバ証明書が記憶されるまでの動作について説明する。サーバ証明書は、電気錠60の解錠許可証の役割を果たすものである。図3に示されるように、情報端末20の端末記憶部24には、第一の公開鍵及び第一の秘密鍵が記憶される。第一の公開鍵及び第一の秘密鍵は、例えば、情報端末20に情報処理システム10を利用するためのアプリケーションプログラム(以下、単にアプリとも記載される)をインストールしたときに生成され、端末記憶部24に記憶される。 First, the operation until the server certificate is stored in the terminal storage unit 24 of the information terminal 20 will be described with reference to FIG. The server certificate serves as an unlocking permit for the electric lock 60 . As shown in FIG. 3, the terminal storage unit 24 of the information terminal 20 stores a first public key and a first secret key. The first public key and the first private key are generated, for example, when an application program (hereinafter simply referred to as an application) for using the information processing system 10 is installed in the information terminal 20, and stored in the terminal memory. Stored in unit 24 .

 また、第一管理装置30の第一セキュア記憶部34には、第二の公開鍵及び第二の秘密鍵が記憶される。第二の公開鍵及び第二の秘密鍵は、例えば、第一管理装置30に情報処理システム10を利用するためのアプリをインストールしたときに第一セキュア記憶部34に記憶される。 Also, the first secure storage unit 34 of the first management device 30 stores a second public key and a second secret key. The second public key and the second private key are stored in the first secure storage unit 34, for example, when an application for using the information processing system 10 is installed in the first management device 30. FIG.

 まず、訪問者は、上記アプリを実行中の情報端末20の操作受付部21へ所定の操作を行う。所定の操作は、サーバ証明書をインストールするための操作である。操作受付部21は、所定の操作を受け付ける(S11)。 First, the visitor performs a predetermined operation on the operation reception unit 21 of the information terminal 20 running the application. The prescribed operation is an operation for installing the server certificate. The operation reception unit 21 receives a predetermined operation (S11).

 操作受付部21によって所定の操作が受け付けられると、端末制御部23は、サーバ証明書の発行要求を生成し、生成した発行要求を端末通信部22に第一管理装置30へ送信させる。発行要求には、第一の公開鍵が含まれる。つまり、端末通信部22は、第一の公開鍵を第一管理装置30へ送信する(S12)。なお、端末通信部22は、広域通信ネットワークを通じた無線通信により第一の公開鍵を第一管理装置30へ送信する。 When the operation reception unit 21 receives a predetermined operation, the terminal control unit 23 generates a server certificate issuance request and causes the terminal communication unit 22 to transmit the generated issuance request to the first management device 30 . The issuance request includes the first public key. That is, the terminal communication unit 22 transmits the first public key to the first management device 30 (S12). Note that the terminal communication unit 22 transmits the first public key to the first management device 30 by wireless communication through the wide area communication network.

 第一管理装置30の第一通信部31は、第一の公開鍵を含む発行要求を受信する。管理者が訪問者の発行要求を確認し、訪問者による電気錠60の解錠を許可する場合、第一情報処理部32は、受信した第一の公開鍵及び利用条件に対する署名を第二の秘密鍵を用いて生成する(S13)。また、第一情報処理部32は、第一の公開鍵、利用条件、及び、署名を含むサーバ証明書を、第一通信部31に情報端末20へ送信させる(S14)。利用条件は、例えば、時期的な条件(言い換えれば、有効期限)を示す情報であり、例えば、第一管理装置30を使用する管理者などによってあらかじめ定められる。図示されないが、サーバ証明書は、第一記憶部33に記憶される。 The first communication unit 31 of the first management device 30 receives the issue request including the first public key. When the administrator confirms the visitor's issuance request and permits the visitor to unlock the electric lock 60, the first information processing unit 32 sends the received first public key and the signature for the usage conditions to the second It is generated using a private key (S13). Also, the first information processing unit 32 causes the first communication unit 31 to transmit the server certificate including the first public key, the terms of use, and the signature to the information terminal 20 (S14). The usage condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by, for example, an administrator who uses the first management device 30 or the like. Although not shown, the server certificate is stored in the first storage unit 33 .

 なお、サーバ証明書のフォーマットとしては、例えば、X.509証明書が用いられる。図5は、サーバ証明書のフォーマットの一例を示す図である。図5における証明書の有効期間は、上記利用条件に相当し、主体者公開鍵情報は、第一の公開鍵に相当し、signatureValueは、署名に相当する。なお、図5のフォーマットの拡張領域に、有効期限以外の利用条件が格納されてもよい。  For example, the format of the server certificate is X. 509 certificates are used. FIG. 5 is a diagram showing an example of the format of a server certificate. The validity period of the certificate in FIG. 5 corresponds to the usage conditions, the subject public key information corresponds to the first public key, and the signatureValue corresponds to the signature. Note that usage conditions other than the expiration date may be stored in the extended area of the format in FIG.

 情報端末20の端末通信部22は、サーバ証明書を受信する。端末制御部23は、受信されたサーバ証明書を端末記憶部24に記憶する(S15)。 The terminal communication unit 22 of the information terminal 20 receives the server certificate. The terminal control unit 23 stores the received server certificate in the terminal storage unit 24 (S15).

 次に、図4を参照しながら、サーバ証明書を用いて電気錠60が解錠されるまでの動作について説明する。図4に示されるように、制御装置50の記憶部53には、ルート証明書が記憶される。ルート証明書には第二の公開鍵が含まれる。ルート証明書は、例えば、第一管理装置30の第一情報処理部32によって生成され、第一通信部31によって制御装置50に送信されることで記憶部53に記憶される。ルート証明書は、制御装置50の製造時に製造設備により記憶部53に記憶されてもよい。なお、ルート証明書は、第一管理装置30の第一記憶部33にも記憶されている。 Next, the operation until the electric lock 60 is unlocked using the server certificate will be described with reference to FIG. As shown in FIG. 4, the storage unit 53 of the control device 50 stores a root certificate. A root certificate contains a second public key. The root certificate is generated, for example, by the first information processing unit 32 of the first management device 30 , transmitted to the control device 50 by the first communication unit 31 , and stored in the storage unit 53 . The root certificate may be stored in the storage unit 53 by manufacturing equipment when the control device 50 is manufactured. Note that the root certificate is also stored in the first storage unit 33 of the first management device 30 .

 まず、訪問者は、ドア81の近くへ移動し、上記アプリを実行中の情報端末20の操作受付部21へ電気錠60を解錠するための所定の解錠操作を行う。操作受付部21は、解錠操作を受け付ける(S16)。なお、ドア81は、例えば、施設80の専有部に設けられたドア(図1参照)であるが、施設80のエントランスに設けられたドアであってもよいし、エントランス以外の共用部に設けられたドアであってもよい。 First, the visitor moves near the door 81 and performs a predetermined unlocking operation for unlocking the electric lock 60 on the operation reception unit 21 of the information terminal 20 running the application. The operation reception unit 21 receives an unlocking operation (S16). The door 81 is, for example, a door provided in a private portion of the facility 80 (see FIG. 1), but it may be a door provided in the entrance of the facility 80, or a door provided in a common portion other than the entrance. It may be a door that has been installed.

 操作受付部21によって解錠操作が受け付けられると、端末制御部23は、サーバ証明書を端末通信部22に制御装置50へ送信させる。つまり、端末通信部22は、サーバ証明書を制御装置50へ送信する(S17)。なお、端末通信部22は、局所通信ネットワークを通じた無線通信により、サーバ証明書を制御装置50へ送信する。この無線通信は、例えば、Bluetooth(登録商標)などの通信規格に基づく近距離無線通信である。 When the operation accepting unit 21 accepts the unlocking operation, the terminal control unit 23 causes the terminal communication unit 22 to transmit the server certificate to the control device 50 . That is, the terminal communication unit 22 transmits the server certificate to the control device 50 (S17). Note that the terminal communication unit 22 transmits the server certificate to the control device 50 by wireless communication through the local communication network. This wireless communication is, for example, short-range wireless communication based on a communication standard such as Bluetooth (registered trademark).

 制御装置50の通信部51は、サーバ証明書を受信する。制御部52は、受信されたサーバ証明書に含まれる署名を、記憶部53に記憶されたルート証明書に含まれる第二の公開鍵を用いて検証する(S18)。制御部52は、署名の検証に成功した場合に、サーバ証明書に含まれている利用条件の判定を行う(S19)。上述のように利用条件は、例えば、時期的な条件であり、制御部52は、時期的な条件が満たされるか否かを判定する。制御部52は、時期的な要件が満たされると判定した場合に、サーバ証明書に含まれる第一の公開鍵を用いてセッション鍵を生成する(S20)。制御部52は、生成したセッション鍵を第一の公開鍵で暗号化し、暗号化されたセッション鍵を通信部51に情報端末20へ送信させる(S21)。 The communication unit 51 of the control device 50 receives the server certificate. The control unit 52 verifies the signature included in the received server certificate using the second public key included in the root certificate stored in the storage unit 53 (S18). If the signature verification is successful, the control unit 52 determines the usage conditions included in the server certificate (S19). As described above, the usage condition is, for example, a temporal condition, and the control unit 52 determines whether the temporal condition is satisfied. When determining that the timing requirements are satisfied, the control unit 52 generates a session key using the first public key included in the server certificate (S20). The control unit 52 encrypts the generated session key with the first public key, and causes the communication unit 51 to transmit the encrypted session key to the information terminal 20 (S21).

 情報端末20の端末通信部22は、暗号化されたセッション鍵を受信する。端末制御部23は、第一の秘密鍵を用いてセッション鍵を復号し、セッション鍵を用いた暗号化通信により、解錠指令を端末通信部22に制御装置50へ送信させる(S22)。 The terminal communication unit 22 of the information terminal 20 receives the encrypted session key. The terminal control unit 23 decrypts the session key using the first secret key, and causes the terminal communication unit 22 to transmit an unlock command to the control device 50 through encrypted communication using the session key (S22).

 制御装置50の通信部51は、解錠指令を受信する。制御部52は、受信された解錠指令に基づいて電気錠60を解錠する(S23)。制御部52は、具体的には、電気錠60に制御信号を送信することにより電気錠60を解錠する。なお、情報端末20は、同様の動作シーケンスに基づいて、電気錠60の施錠を行うこともできる。 The communication unit 51 of the control device 50 receives the unlock command. The control unit 52 unlocks the electric lock 60 based on the received unlocking command (S23). Specifically, the control unit 52 unlocks the electric lock 60 by transmitting a control signal to the electric lock 60 . The information terminal 20 can also lock the electric lock 60 based on the same operation sequence.

 このように、情報処理システム10においては、第一管理装置30は、サーバ証明書及びルート証明書を用いて、安全に情報端末20に電気錠60の解錠権限を付与することができる。 Thus, in the information processing system 10, the first management device 30 can safely grant the unlocking authority of the electric lock 60 to the information terminal 20 using the server certificate and the root certificate.

 なお、図示されないが、第二管理装置40も第一管理装置30と同様に、サーバ証明書及びルート証明書を用いて、安全に情報端末20に電気錠60の解錠権限を与えることができる。つまり、図3のシーケンス図において、第一管理装置30及びその構成要素は、第二管理装置40及びその構成要素に読み替えられてもよい。例えば、第一管理装置30が施設80の管理者によって使用され、第二管理装置40が施設80の入居者によって使用される場合、管理者と入居者のそれぞれが訪問者に施設80への入場権限を付与することができる。 Although not shown, the second control device 40 can safely authorize the information terminal 20 to unlock the electric lock 60 by using the server certificate and the root certificate in the same manner as the first control device 30. . That is, in the sequence diagram of FIG. 3, the first management device 30 and its components may be read as the second management device 40 and its components. For example, if the first management device 30 is used by an administrator of the facility 80 and the second management device 40 is used by a resident of the facility 80, each of the administrator and the occupants may ask the visitor to enter the facility 80. Permissions can be granted.

 また、制御装置50の記憶部53に、第一管理装置30に対応するルート証明書(第二の公開鍵)、及び、第二管理装置40に対応するルート証明書(第三の公開鍵)が記憶されていれば、管理者に入場権限を付与された訪問者、及び、入居者に入場権限を付与された訪問者の両方が、自身の情報端末20を用いて電気錠60を解錠することができる。 In addition, a root certificate (second public key) corresponding to the first management device 30 and a root certificate (third public key) corresponding to the second management device 40 are stored in the storage unit 53 of the control device 50. is stored, both the visitor granted entry authority by the administrator and the visitor granted entry authority by the resident unlock the electric lock 60 using their own information terminal 20. can do.

 なお、制御装置50の制御対象は、電気錠60に限定されない。制御装置50は、施設80内の空間への入場または当該空間への退場を制限する機器を制御すればよい、例えば、制御装置50は、施設80のエントランスに設けられた自動ドアの開閉を制御してもよい。 It should be noted that the control target of the control device 50 is not limited to the electric lock 60. The control device 50 may control a device that restricts entry to or exit from the space within the facility 80. For example, the control device 50 controls the opening and closing of an automatic door provided at the entrance of the facility 80. You may

 [動作例2]
 次に、情報処理システム10の動作例2について説明する。図6及び図7は、情報処理システム10の動作例2のシーケンス図である。以下の動作例2においては、第一管理装置30がルートCA(Certification Authority)として機能し、第二管理装置40が中間CAとして機能する動作例である。動作例2においては、情報端末20は、施設80への訪問者によって使用され、第一管理装置30は、施設80の管理者(施設80のオーナまたは施設80の管理事業者の従業員など)によって使用されるものとして説明が行われる。第二管理装置40は、施設80の入居者などによって使用される者として説明が行われる。なお、動作例2の説明では、動作例1で説明した事項の説明については適宜省略される。 [Operation example 2]
Next, an operation example 2 of the information processing system 10 will be described. 6 and 7 are sequence diagrams of operation example 2 of the information processing system 10. FIG. The following operation example 2 is an operation example in which the first management device 30 functions as a root CA (Certification Authority) and the second management device 40 functions as an intermediate CA. In operation example 2, the information terminal 20 is used by a visitor to the facility 80, and the first management device 30 is used by the administrator of the facility 80 (the owner of the facility 80 or the employee of the management company of the facility 80). is described as being used by The second management device 40 is described as being used by residents of the facility 80 or the like. In addition, in the description of the operation example 2, the description of the items described in the operation example 1 will be omitted as appropriate.

 まず、図6を参照しながら、第二管理装置40の第二記憶部43に中間証明書が記憶されるまでの動作について説明する。図6に示されるように、第一管理装置30の第一セキュア記憶部34には、第二の公開鍵及び第二の秘密鍵が記憶される。第二管理装置40の第二セキュア記憶部44には、第三の公開鍵及び第三の秘密鍵が記憶される。情報端末20の端末記憶部24には、第一の公開鍵及び第一の秘密鍵が記憶される。 First, the operation until the intermediate certificate is stored in the second storage unit 43 of the second management device 40 will be described with reference to FIG. As shown in FIG. 6, the first secure storage unit 34 of the first management device 30 stores a second public key and a second private key. A third public key and a third private key are stored in the second secure storage unit 44 of the second management device 40 . The terminal storage unit 24 of the information terminal 20 stores a first public key and a first secret key.

 まず、第二管理装置40の第二情報処理部42は、入居者の操作等に基づいて、中間証明書の発行要求を生成し、生成した発行要求を第二通信部41に第一管理装置30へ送信させる。発行要求には、第三の公開鍵が含まれる。つまり、第二通信部41は、第三の公開鍵を第一管理装置30へ送信する(S31)。なお、第二通信部41は、広域通信ネットワークを通じた通信により第三の公開鍵を第一管理装置30へ送信する。 First, the second information processing unit 42 of the second management device 40 generates an intermediate certificate issuance request based on the operation of the resident, etc., and sends the generated issuance request to the second communication unit 41 of the first management device. 30. The issuance request includes the third public key. That is, the second communication unit 41 transmits the third public key to the first management device 30 (S31). In addition, the second communication unit 41 transmits the third public key to the first management device 30 by communication through the wide area communication network.

 第一管理装置30の第一通信部31は、第三の公開鍵を含む発行要求を受信する。管理者が入居者の発行要求を確認し、入居者によるサーバ証明書の発行を許可する場合、第一情報処理部32は、受信した第三の公開鍵及び第一利用条件に対する第一の署名を第二の秘密鍵を用いて生成する(S32)。また、第一情報処理部32は、第三の公開鍵、第一利用条件、及び、第一の署名を含む中間証明書を、第一通信部31に第二管理装置40へ送信させる(S33)。第一利用条件は、例えば、時期的な条件(言い換えれば、有効期限)を示す情報であり、例えば、第一管理装置30を使用する管理者などによってあらかじめ定められる。図示されないが、中間証明書は、第一記憶部33に記憶される。 The first communication unit 31 of the first management device 30 receives the issue request including the third public key. When the administrator confirms the resident's request for issuance and permits the resident to issue the server certificate, the first information processing unit 32 receives the third public key and the first signature for the first usage conditions. is generated using the second secret key (S32). In addition, the first information processing unit 32 causes the first communication unit 31 to transmit the intermediate certificate including the third public key, the first usage conditions, and the first signature to the second management device 40 (S33 ). The first use condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by, for example, an administrator who uses the first management device 30 or the like. Although not shown, the intermediate certificate is stored in the first storage unit 33 .

 なお、中間証明書のフォーマットとしては、例えば、上記図5に示されるようなX.509証明書が用いられる。 As for the format of the intermediate certificate, for example, the X. 509 certificates are used.

 第二管理装置40の第二通信部41は、中間証明書を受信する。第二情報処理部42は、受信された中間証明書を第二記憶部43に記憶する(S34)。 The second communication unit 41 of the second management device 40 receives the intermediate certificate. The second information processing unit 42 stores the received intermediate certificate in the second storage unit 43 (S34).

 その後、訪問者は、上記アプリを実行中の情報端末20の操作受付部21へ所定の操作を行う。所定の操作は、サーバ証明書及び中間証明書をインストールするための操作である。操作受付部21は、所定の操作を受け付ける(S35)。 After that, the visitor performs a predetermined operation on the operation reception unit 21 of the information terminal 20 that is running the application. The prescribed operation is an operation for installing the server certificate and the intermediate certificate. The operation reception unit 21 receives a predetermined operation (S35).

 操作受付部21によって解錠操作が受け付けられると、端末制御部23は、サーバ証明書及び中間証明書の発行要求を生成し、生成した発行要求を端末通信部22に第二管理装置40へ送信させる。発行要求には、第一の公開鍵が含まれる。つまり、端末通信部22は、第一の公開鍵を第二管理装置40へ送信する(S36)。なお、端末通信部22は、広域通信ネットワークを通じた無線通信により第一の公開鍵を第二管理装置40へ送信する。 When the unlocking operation is accepted by the operation accepting unit 21, the terminal control unit 23 generates an issue request for the server certificate and the intermediate certificate, and transmits the created issue request to the terminal communication unit 22 to the second management device 40. Let The issuance request includes the first public key. That is, the terminal communication unit 22 transmits the first public key to the second management device 40 (S36). Note that the terminal communication unit 22 transmits the first public key to the second management device 40 by wireless communication through the wide area communication network.

 第二管理装置40の第二通信部41は、第一の公開鍵を含む発行要求を受信する。入居者が訪問者の発行要求を確認し、訪問者による電気錠60の解錠を許可する場合、第二情報処理部42は、受信した第一の公開鍵及び第二利用条件に対する第二の署名を第三の秘密鍵を用いて生成する(S37)。また、第二情報処理部42は、第一の公開鍵、第二利用条件、及び、第二の署名を含むサーバ証明書と、ステップS33において受信された(言い換えれば、第二記憶部43に記憶された)中間証明書とを、第二通信部41に情報端末20へ送信させる(S38)。第二利用条件は、例えば、時期的な条件(言い換えれば、有効期限)を示す情報であり、例えば、第二管理装置40を使用する入居者などによってあらかじめ定められる。図示されないが、サーバ証明書は、第二記憶部43に記憶される。なお、サーバ証明書のフォーマットとしては、例えば、X.509証明書が用いられる。 The second communication unit 41 of the second management device 40 receives the issue request including the first public key. When the resident confirms the visitor's issuance request and permits the visitor to unlock the electric lock 60, the second information processing unit 42 receives the first public key and the second usage condition for the second usage condition. A signature is generated using the third private key (S37). In addition, the second information processing unit 42 stores the server certificate including the first public key, the second terms of use, and the second signature received in step S33 (in other words, stored in the second storage unit 43). stored) to the information terminal 20 (S38). The second usage condition is, for example, information indicating a temporal condition (in other words, expiration date), and is predetermined by the resident who uses the second management device 40, for example. Although not shown, the server certificate is stored in the second storage unit 43 . Note that the format of the server certificate is, for example, X. 509 certificates are used.

 情報端末20の端末通信部22は、サーバ証明書及び中間証明書を受信する。端末制御部23は、受信されたサーバ証明書及び中間証明書を端末記憶部24に記憶する(S39)。 The terminal communication unit 22 of the information terminal 20 receives the server certificate and the intermediate certificate. The terminal control unit 23 stores the received server certificate and intermediate certificate in the terminal storage unit 24 (S39).

 次に、図7を参照しながらサーバ証明書及び中間証明書を用いて電気錠60が解錠されるまでの動作について説明する。図7に示されるように、制御装置50の記憶部53には、ルート証明書が記憶される。動作例2では、ルート証明書には第二の公開鍵が含まれる。ルート証明書は、例えば、第一管理装置30の第一情報処理部32によって生成され、第一通信部31によって制御装置50に送信されることで記憶部53に記憶される。ルート証明書は、制御装置50の製造時に製造設備により記憶部53に記憶されてもよい。なお、ルート証明書は、第一管理装置30の第一記憶部33にも記憶されている。 Next, the operation until the electric lock 60 is unlocked using the server certificate and the intermediate certificate will be described with reference to FIG. As shown in FIG. 7, the storage unit 53 of the control device 50 stores a root certificate. In operation example 2, the root certificate includes the second public key. The root certificate is generated, for example, by the first information processing unit 32 of the first management device 30 , transmitted to the control device 50 by the first communication unit 31 , and stored in the storage unit 53 . The root certificate may be stored in the storage unit 53 by manufacturing equipment when the control device 50 is manufactured. Note that the root certificate is also stored in the first storage unit 33 of the first management device 30 .

 訪問者は、ドア81の近くへ移動し、上記アプリを実行中の情報端末20の操作受付部21へ電気錠60を解錠するための所定の解錠操作を行う。操作受付部21は、解錠操作を受け付ける(S40)。端末制御部23は、操作受付部21によって解錠操作が受け付けられると、サーバ証明書及び中間証明書を端末通信部22に制御装置50へ送信させる。つまり、端末通信部22は、サーバ証明書及び中間証明書を制御装置50へ送信する(S41)。なお、端末通信部22は、局所通信ネットワークを通じた無線通信により、サーバ証明書及び中間証明書を制御装置50へ送信する。 The visitor moves near the door 81 and performs a predetermined unlocking operation for unlocking the electric lock 60 on the operation reception unit 21 of the information terminal 20 running the above application. The operation accepting unit 21 accepts an unlocking operation (S40). When the operation accepting unit 21 accepts the unlocking operation, the terminal control unit 23 causes the terminal communication unit 22 to transmit the server certificate and the intermediate certificate to the control device 50 . That is, the terminal communication unit 22 transmits the server certificate and the intermediate certificate to the control device 50 (S41). Note that the terminal communication unit 22 transmits the server certificate and the intermediate certificate to the control device 50 by wireless communication through the local communication network.

 制御装置50の通信部51は、サーバ証明書及び中間証明書を受信する。制御部52は、受信された中間証明書に含まれる第一の署名を、記憶部53に記憶されたルート証明書に含まれる第二の公開鍵を用いて検証する(S42)。制御部52は、第一の署名の検証に成功した場合に、中間証明書に含まれている第一利用条件の判定を行う(S43)。 The communication unit 51 of the control device 50 receives the server certificate and the intermediate certificate. Control unit 52 verifies the first signature included in the received intermediate certificate using the second public key included in the root certificate stored in storage unit 53 (S42). If the verification of the first signature is successful, the control unit 52 determines the first use condition included in the intermediate certificate (S43).

 制御部52は、第一利用条件の判定に成功した場合に、受信されたサーバ証明書に含まれる第二の署名を、中間証明書に含まれる第三の公開鍵を用いて検証する(S44)。制御部52は、第二の署名の検証に成功した場合に、サーバ証明書に含まれている第二利用条件の判定を行う(S45)。以降のステップS46~ステップS49の処理は、動作例1のステップS20~S23と同様であり、最終的に電気錠60が解錠される。なお、情報端末20は、同様の動作シーケンスに基づいて、電気錠60の施錠を行うこともできる。 If the determination of the first usage condition is successful, the control unit 52 verifies the second signature included in the received server certificate using the third public key included in the intermediate certificate (S44 ). If the verification of the second signature is successful, the control unit 52 determines the second usage conditions included in the server certificate (S45). Subsequent steps S46 to S49 are the same as steps S20 to S23 in Operation Example 1, and the electric lock 60 is finally unlocked. The information terminal 20 can also lock the electric lock 60 based on the same operation sequence.

 このように、情報処理システム10においては、第二管理装置40は、情報端末20に電気錠60の解錠権限を付与することができる。なお、図示されないが、動作例2において第一管理装置30が第二管理装置40に対してサーバ証明書を発行してもよい。この場合、第二管理装置40は、第一管理装置30によって発行されたサーバ証明書を取得し、制御装置50へ送信することで、電気錠60を解錠することができる。つまり、動作例2においては、第一管理装置30は、第二管理装置40に、電気錠60の解錠権限と、サーバ証明書の発行権限(情報端末20への電気錠の解錠権限を付与する権限)とを付与することができる。 Thus, in the information processing system 10, the second control device 40 can grant the unlocking authority of the electric lock 60 to the information terminal 20. Although not shown, the first management device 30 may issue a server certificate to the second management device 40 in the second operation example. In this case, the second control device 40 can unlock the electric lock 60 by acquiring the server certificate issued by the first control device 30 and transmitting it to the control device 50 . That is, in the operation example 2, the first management device 30 gives the second management device 40 the authority to unlock the electric lock 60 and the authority to issue the server certificate (the authority to unlock the electric lock for the information terminal 20). authorization) can be granted.

 上述のように、第二管理装置40の使用者が入居者である場合、入居者は、施設80に入居している間、自身が契約している専有部の電気錠60の解錠でき、また、施設80に入居している間、訪問者に当該専有部の電気錠60の解錠を許可することができる。なお、第二管理装置40が発行したサーバ証明書は、第一管理装置30によって無効化することが可能である。 As described above, when the user of the second management device 40 is a resident, the resident can unlock the electric lock 60 of the private area contracted by the resident while staying in the facility 80, Also, while staying in the facility 80, the visitor can be permitted to unlock the electric lock 60 of the private portion. Note that the server certificate issued by the second management device 40 can be invalidated by the first management device 30 .

 [動作例3]
 情報処理システム10においては、第一管理装置30に記憶された鍵情報の漏洩を抑制するために第一セキュア記憶部34が利用されている。第一管理装置30がスマートフォンである場合、スマートフォン標準のSEが第一セキュア記憶部34として使用されることにより、コストアップを抑制しつつ鍵情報の保護が可能になるメリットがある。 [Operation Example 3]
In the information processing system 10 , the first secure storage section 34 is used to prevent leakage of key information stored in the first management device 30 . When the first management device 30 is a smartphone, the use of a smartphone-standard SE as the first secure storage unit 34 has the advantage of enabling protection of key information while suppressing cost increases.

 ところが、第一セキュア記憶部34に記憶された鍵情報は第一管理装置30外へ取り出すことができない。つまり、第一セキュア記憶部34に記憶された鍵情報はバックアップすることができない。そうすると、機種変更または故障などによって第一管理装置30が新たな第一管理装置30に変更されたときに、鍵情報を新たな第一管理装置30に引き継ぐことができないことが課題である。 However, the key information stored in the first secure storage unit 34 cannot be retrieved outside the first management device 30. In other words, the key information stored in the first secure storage section 34 cannot be backed up. Then, when the first management device 30 is changed to a new first management device 30 due to model change or failure, the problem is that the key information cannot be handed over to the new first management device 30 .

 そこで、以下の動作例3では、情報処理システム10が動作例1を実行する構成において、第一管理装置30が新たな第一管理装置30に変更された場合の動作について説明する。図8は、情報処理システム10の動作例3のシーケンス図である。なお、以下の図8の説明においては、新たな第一管理装置30を単に第一管理装置30を表現し、それまで使用されていた第一管理装置30を古い第一管理装置30などと表現する。 Therefore, in the following operation example 3, the operation when the first management apparatus 30 is changed to a new first management apparatus 30 in the configuration in which the information processing system 10 executes the operation example 1 will be described. FIG. 8 is a sequence diagram of operation example 3 of the information processing system 10 . In the following description of FIG. 8, the new first management device 30 is simply referred to as the first management device 30, and the first management device 30 that has been used until then is referred to as the old first management device 30, etc. do.

 管理者は、第一管理装置30に情報処理システム10を利用するためのアプリをインストールする。これにより、第一管理装置30の第一セキュア記憶部34には、新たな第二の公開鍵及び新たな第二の秘密鍵が記憶される(S51)。 The administrator installs an application for using the information processing system 10 on the first management device 30 . As a result, a new second public key and a new second secret key are stored in the first secure storage unit 34 of the first management device 30 (S51).

 次に、第一管理装置30の第一情報処理部32は、第一外部記憶装置71から第一外部記憶装置71に記憶されたサーバ証明書及びルート証明書を取得し、取得したサーバ証明書及びルート証明書を第一記憶部33に記憶する(S52)。ステップS52において取得されるサーバ証明書及びルート証明書は、古い第一管理装置30によって生成され、第一外部記憶装置71にバックアップされていたサーバ証明書及びルート証明書である。なお、第一情報処理部32は、具体的には、第一外部記憶装置71から第一通信部31を介してサーバ証明書及びルート証明書を取得する。 Next, the first information processing unit 32 of the first management device 30 acquires the server certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and acquires the acquired server certificate. And the root certificate is stored in the first storage unit 33 (S52). The server certificate and root certificate acquired in step S52 are the server certificate and root certificate generated by the old first management device 30 and backed up in the first external storage device 71 . Specifically, the first information processing section 32 acquires the server certificate and the root certificate from the first external storage device 71 via the first communication section 31 .

 次に、第一情報処理部32は、新たな署名を生成する(S53)。第一情報処理部32は、ステップS52において第一記憶部33に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな署名を、新たな第二の秘密鍵を用いて生成する。また、第一情報処理部32は、第一の公開鍵、及び、新たな署名を含む新たなサーバ証明書を、第一通信部31に情報端末20へ送信させる(S54)。なお、動作例1と同様に、サーバ証明書には利用条件が含まれてもよい。 Next, the first information processing section 32 generates a new signature (S53). The first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 in step S52 using the new second private key. The first information processing unit 32 also causes the first communication unit 31 to transmit the first public key and a new server certificate including the new signature to the information terminal 20 (S54). It should be noted that, as in the first operation example, the server certificate may include usage conditions.

 情報端末20の端末通信部22は、新たなサーバ証明書を受信する。端末制御部23は、受信された新たなサーバ証明書を端末記憶部24に記憶する(S55)。 The terminal communication unit 22 of the information terminal 20 receives the new server certificate. The terminal control unit 23 stores the received new server certificate in the terminal storage unit 24 (S55).

 また、第一情報処理部32は、新たな第二の公開鍵を含む新たなルート証明書を生成し(S56)、生成した新たなルート証明書を、第一通信部31に制御装置50へ送信させる(S57)。言い換えれば、第一通信部31は、第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する。 Further, the first information processing unit 32 generates a new root certificate including the new second public key (S56), and sends the generated new root certificate to the control device 50 via the first communication unit 31. Send (S57). In other words, the first communication unit 31 transmits the new root certificate generated by the first information processing unit 32 to the control device 50 .

 制御装置50の通信部51は、新たなルート証明書を受信する。制御部52は、受信された新たなルート証明書を記憶部53に記憶する(S58)。 The communication unit 51 of the control device 50 receives the new root certificate. The control unit 52 stores the received new root certificate in the storage unit 53 (S58).

 次に、第一管理装置30の第一情報処理部32は、記憶部53に記憶された古いルート証明書を抹消するための抹消指令を、第一通信部31に制御装置50へ送信させる(S59)。言い換えれば、第一通信部31は、抹消指令を制御装置50へ送信する。 Next, the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a deletion command for deleting the old root certificate stored in the storage unit 53 to the control device 50 ( S59). In other words, the first communication unit 31 transmits a deletion command to the control device 50 .

 制御装置50の通信部51は、抹消指令を受信する。制御部52は、受信された抹消指令に基づいて古いルート証明書を記憶部53から抹消(削除)する(S60)。この結果、制御装置50は、情報端末20から古いサーバ証明書を受信したとしても電気錠60を解錠しない状態となる。 The communication unit 51 of the control device 50 receives the deletion command. The control unit 52 cancels (deletes) the old root certificate from the storage unit 53 based on the received deletion command (S60). As a result, even if the control device 50 receives an old server certificate from the information terminal 20, the electric lock 60 will not be unlocked.

 以上説明したような動作例3によれば、情報処理システム10は、古い第一管理装置30の第一セキュア記憶部34に記憶された鍵情報が取り出せなくても、新たな第一管理装置30の第一セキュア記憶部34に記憶された新たな鍵情報に対応する新たなルート証明書及びサーバ証明書を生成することができる。つまり、情報処理システム10は、新たな第一管理装置30が導入されても、継続的に運用されることが可能となる。 According to the operation example 3 described above, even if the key information stored in the first secure storage unit 34 of the old first management device 30 cannot be retrieved, the information processing system 10 A new root certificate and server certificate corresponding to the new key information stored in the first secure storage unit 34 of the can be generated. That is, the information processing system 10 can be continuously operated even if a new first management apparatus 30 is introduced.

 なお、ステップS51~ステップS60の処理の順序、特に、ステップS53~ステップS60の処理の順序は、可能な範囲で任意に入れ替えられてもよい。ここで、図8の例では、新たなルート証明書が制御装置50へ送信された後、抹消指令が制御装置50へ送信される。つまり、新たなルート証明書が記憶部53に記憶された後、古いルート証明書が抹消される。これにより、ステップS58以降ステップS60以前の期間T1においては、制御装置50の記憶部53には、古いルート証明書、及び、新たなルート証明書の両方が記憶されていることとなる。 The order of the processing of steps S51 to S60, particularly the order of the processing of steps S53 to S60, may be arbitrarily changed within a possible range. Here, in the example of FIG. 8 , after the new root certificate is sent to the control device 50 , the deletion command is sent to the control device 50 . That is, after the new root certificate is stored in the storage unit 53, the old root certificate is deleted. As a result, both the old root certificate and the new root certificate are stored in the storage unit 53 of the control device 50 during the period T1 from step S58 to step S60.

 そうすると、期間T1においては、新たなサーバ証明書が記憶された情報端末20、及び、古いサーバ証明書が記憶された情報端末20の両方で電気錠60を解錠することが可能となる。つまり、情報処理システム10は、ルート証明書の移行期間を設けることができる。なお、期間T1よりも前の期間においては、古いサーバ証明書が記憶された情報端末20による電気錠60の解錠が可能であり、期間T1よりも後の期間においては、新たなサーバ証明書が記憶された情報端末20による電気錠60の解錠が可能である。 Then, during the period T1, it is possible to unlock the electric lock 60 with both the information terminal 20 in which the new server certificate is stored and the information terminal 20 in which the old server certificate is stored. In other words, the information processing system 10 can provide a root certificate migration period. In the period before the period T1, the electric lock 60 can be unlocked by the information terminal 20 in which the old server certificate is stored, and in the period after the period T1, the new server certificate It is possible to unlock the electric lock 60 by the information terminal 20 in which is stored.

 なお、多数の情報端末20(多数の訪問者)のサーバ証明書を新たなサーバ証明書に更新するために時間がかかる場合、上記のように移行期間を設けた上で、古いルート証明書を有効期限が短くなるように更新する、といった運用も可能である。 Note that if it takes time to update the server certificates of many information terminals 20 (many visitors) to new server certificates, the old root certificate will be replaced after a transition period is provided as described above. It is also possible to operate such as updating so that the expiration date is shortened.

 また、古いサーバ証明書による電気錠60の解錠を速やかに禁止したいような場合には、新たなルート証明書が制御装置50へ送信される前に、抹消指令が制御装置50へ送信されればよい。つまり、新たなルート証明書が記憶部53に記憶される前に、古いルート証明書が抹消されればよい。 Further, when it is desired to immediately prohibit the unlocking of the electric lock 60 by the old server certificate, a deletion command is sent to the control device 50 before the new root certificate is sent to the control device 50. Just do it. In other words, the old root certificate should be deleted before the new root certificate is stored in the storage unit 53 .

 [動作例4]
 次に、情報処理システム10が動作例2を実行する構成において、第一管理装置30が新たな第一管理装置30に変更された場合の動作について説明する。図9は、このような情報処理システム10の動作例4のシーケンス図である。なお、以下の図9の説明においては、新たな第一管理装置30を単に第一管理装置30を表現し、それまで使用されていた第一管理装置30を古い第一管理装置30などと表現する。 [Operation example 4]
Next, the operation when the first management apparatus 30 is changed to a new first management apparatus 30 in the configuration in which the information processing system 10 executes Operation Example 2 will be described. FIG. 9 is a sequence diagram of operation example 4 of such an information processing system 10 . In the following description of FIG. 9, the new first management device 30 is simply referred to as the first management device 30, and the first management device 30 that has been used is referred to as the old first management device 30, etc. do.

 管理者は、第一管理装置30に情報処理システム10を利用するためのアプリをインストールする。これにより、第一管理装置30の第一セキュア記憶部34には、新たな第二の公開鍵及び新たな第二の秘密鍵が記憶される(S61)。 The administrator installs an application for using the information processing system 10 on the first management device 30 . As a result, a new second public key and a new second secret key are stored in the first secure storage unit 34 of the first management device 30 (S61).

 次に、第一管理装置30の第一情報処理部32は、第一外部記憶装置71から第一外部記憶装置71に記憶された中間証明書及びルート証明書を取得し、取得した中間証明書及びルート証明書を第一記憶部33に記憶する(S62)。ステップS62において取得される中間証明書及びルート証明書は、古い第一管理装置30によって生成され、第一外部記憶装置71にバックアップされていた中間証明書及びルート証明書である。なお、第一情報処理部32は、具体的には、第一外部記憶装置71から第一通信部31を介して中間証明書及びルート証明書を取得する。 Next, the first information processing unit 32 of the first management device 30 acquires the intermediate certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and acquires the acquired intermediate certificate. And the root certificate is stored in the first storage unit 33 (S62). The intermediate certificate and root certificate acquired in step S62 are the intermediate certificate and root certificate generated by the old first management device 30 and backed up in the first external storage device 71 . Note that the first information processing unit 32 specifically acquires the intermediate certificate and the root certificate from the first external storage device 71 via the first communication unit 31 .

 次に、第一情報処理部32は、新たな第一の署名を生成する(S63)。第一情報処理部32は、ステップS62において第一記憶部33に記憶された中間証明書に含まれる第三の公開鍵に対する新たな第一の署名を、新たな第二の秘密鍵を用いて生成する。また、第一情報処理部32は、第三の公開鍵、及び、新たな第一の署名を含む新たな中間証明書を、第一通信部31に第二管理装置40へ送信させる(S64)。なお、動作例2と同様に、中間証明書には第一利用条件が含まれてもよい。 Next, the first information processing section 32 generates a new first signature (S63). The first information processing unit 32 creates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 in step S62 using the new second private key. Generate. Also, the first information processing unit 32 causes the first communication unit 31 to transmit the third public key and the new intermediate certificate including the new first signature to the second management device 40 (S64). . It should be noted that the intermediate certificate may include the first terms of use, as in Operation Example 2.

 第二管理装置40の第二通信部41は、新たな中間証明書を受信する。第二情報処理部42は、第二通信部41によって受信された新たな中間証明書を第二記憶部43に記憶する(S65)。このとき第二記憶部43に記憶されている古い中間証明書は削除されてもよい。つまり、中間証明書は差し替えられてもよい。 The second communication unit 41 of the second management device 40 receives the new intermediate certificate. The second information processing unit 42 stores the new intermediate certificate received by the second communication unit 41 in the second storage unit 43 (S65). At this time, the old intermediate certificate stored in the second storage unit 43 may be deleted. That is, intermediate certificates may be replaced.

 また、第二情報処理部42は、ステップS65において記憶された新たな中間証明書、及び、元々第二記憶部43に記憶されているサーバ証明書を、第二通信部41に情報端末20へ送信させる(S66)。なお、ステップS66においては、少なくとも中間証明書が送信されればよい。つまり、第二通信部41は、中間証明書を情報端末20へ送信すればよい。 In addition, the second information processing unit 42 transfers the new intermediate certificate stored in step S65 and the server certificate originally stored in the second storage unit 43 to the information terminal 20 via the second communication unit 41. Send (S66). It should be noted that at least the intermediate certificate should be transmitted in step S66. In other words, the second communication unit 41 should just transmit the intermediate certificate to the information terminal 20 .

 情報端末20の端末通信部22は、新たな中間証明書、及び、サーバ証明書を受信する。端末制御部23は、受信された新たな中間証明書を端末記憶部24に記憶する(S67)。なお、端末記憶部24には、サーバ証明書も記憶されている。 The terminal communication unit 22 of the information terminal 20 receives the new intermediate certificate and server certificate. The terminal control unit 23 stores the received new intermediate certificate in the terminal storage unit 24 (S67). Note that the terminal storage unit 24 also stores a server certificate.

 また、第一情報処理部32は、新たな第二の公開鍵を含む新たなルート証明書を生成し(S68)、生成した新たなルート証明書を、第一通信部31に制御装置50へ送信させる(S69)。言い換えれば、第一通信部31は、第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する。 Further, the first information processing unit 32 generates a new root certificate including the new second public key (S68), and transmits the generated new root certificate to the first communication unit 31 to the control device 50. Send (S69). In other words, the first communication unit 31 transmits the new root certificate generated by the first information processing unit 32 to the control device 50 .

 制御装置50の通信部51は、新たなルート証明書を受信する。制御部52は、受信された新たなルート証明書を記憶部53に記憶する(S70)。 The communication unit 51 of the control device 50 receives the new root certificate. Control unit 52 stores the received new root certificate in storage unit 53 (S70).

 次に、第一管理装置30の第一情報処理部32は、記憶部53に記憶された古いルート証明書を抹消するための抹消指令を、第一通信部31に制御装置50へ送信させる(S71)。言い換えれば、第一通信部31は、抹消指令を制御装置50へ送信する。 Next, the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a deletion command for deleting the old root certificate stored in the storage unit 53 to the control device 50 ( S71). In other words, the first communication unit 31 transmits a deletion command to the control device 50 .

 制御装置50の通信部51は、抹消指令を受信する。制御部52は、受信された抹消指令に基づいて古いルート証明書を記憶部53から抹消(削除)する(S72)。この結果、制御装置50は、情報端末20から古いサーバ証明書を受信したとしても電気錠60を解錠しない状態となる。 The communication unit 51 of the control device 50 receives the deletion command. The control unit 52 cancels (deletes) the old root certificate from the storage unit 53 based on the received deletion command (S72). As a result, even if the control device 50 receives an old server certificate from the information terminal 20, the electric lock 60 will not be unlocked.

 以上説明したような動作例4によれば、古い第一管理装置30の第一セキュア記憶部34に記憶された鍵情報が取り出せなくても、新たな第一管理装置30の第一セキュア記憶部34に記憶された新たな鍵情報に対応する新たなルート証明書及び中間証明書を生成することができる。つまり、情報処理システム10は、新たな第一管理装置30が導入されても、継続的に運用されることが可能となる。 According to the operation example 4 described above, even if the key information stored in the first secure storage unit 34 of the old first management device 30 cannot be retrieved, the first secure storage unit of the new first management device 30 New root and intermediate certificates corresponding to the new key information stored in 34 can be generated. That is, the information processing system 10 can be continuously operated even if a new first management apparatus 30 is introduced.

 なお、ステップS61~ステップS72の処理の順序、特に、ステップS63~ステップS72の処理の順序は、可能な範囲で任意に入れ替えられてもよい。ここで、図9の例では、新たなルート証明書が制御装置50へ送信された後、抹消指令が制御装置50へ送信される。つまり、新たなルート証明書が記憶部53に記憶された後、古いルート証明書が抹消される。これにより、ステップS70以降ステップS72以前の期間T2においては、制御装置50の記憶部53には、古いルート証明書、及び、新たなルート証明書の両方が記憶されていることとなる。 The order of the processing of steps S61 to S72, particularly the order of the processing of steps S63 to S72 may be arbitrarily changed within a possible range. Here, in the example of FIG. 9 , after the new root certificate is sent to the control device 50 , the deletion command is sent to the control device 50 . That is, after the new root certificate is stored in the storage unit 53, the old root certificate is deleted. As a result, both the old root certificate and the new root certificate are stored in the storage unit 53 of the control device 50 during the period T2 from step S70 to step S72.

 そうすると、期間T2においては、新たな中間証明書が記憶された情報端末20、及び、古い中間証明書が記憶された情報端末20の両方で電気錠60を解錠することが可能となる。つまり、情報処理システム10は、ルート証明書の移行期間を設けることができる。なお、期間T2よりも前の期間においては、古い中間証明書が記憶された情報端末20による電気錠60の解錠が可能であり、期間T2よりも後の期間においては、新たな中間証明書が記憶された情報端末20による電気錠60の解錠が可能である。 Then, during period T2, it is possible to unlock the electric lock 60 with both the information terminal 20 storing the new intermediate certificate and the information terminal 20 storing the old intermediate certificate. In other words, the information processing system 10 can provide a root certificate migration period. In the period before the period T2, the electric lock 60 can be unlocked by the information terminal 20 in which the old intermediate certificate is stored, and in the period after the period T2, the new intermediate certificate It is possible to unlock the electric lock 60 by the information terminal 20 in which is stored.

 なお、古い中間証明書による電気錠60の解錠を速やかに禁止したいような場合には、新たなルート証明書が制御装置50へ送信される前に、抹消指令が制御装置50へ送信されればよい。つまり、新たなルート証明書が記憶部53に記憶される前に、古いルート証明書が抹消されればよい。 If it is desired to immediately prohibit the unlocking of the electric lock 60 by the old intermediate certificate, a deletion command is sent to the control device 50 before the new root certificate is sent to the control device 50. Just do it. In other words, the old root certificate should be deleted before the new root certificate is stored in the storage unit 53 .

 [動作例5]
 情報処理システム10においては、第二管理装置40に記憶された鍵情報の漏洩を抑制するために第二セキュア記憶部44が利用されている。第二管理装置40がスマートフォンである場合、スマートフォン標準のSEが第二セキュア記憶部44として使用されることにより、コストアップを抑制しつつ鍵情報の保護が可能になるメリットがある。 [Operation Example 5]
In the information processing system 10 , the second secure storage unit 44 is used to prevent leakage of key information stored in the second management device 40 . When the second management device 40 is a smartphone, the use of a smartphone standard SE as the second secure storage unit 44 has the advantage of enabling protection of key information while suppressing cost increases.

 ところが、第二セキュア記憶部44に記憶された鍵情報は第二管理装置40外へ取り出すことができない。つまり、第二セキュア記憶部44に記憶された鍵情報はバックアップすることができない。そうすると、機種変更または故障などによって第二管理装置40が新たな第二管理装置40に変更されたときに、鍵情報を新たな第二管理装置40に引き継ぐことができないことが課題である。 However, the key information stored in the second secure storage unit 44 cannot be retrieved outside the second management device 40. In other words, the key information stored in the second secure storage section 44 cannot be backed up. Then, when the second management device 40 is changed to a new second management device 40 due to model change or failure, the problem is that the key information cannot be handed over to the new second management device 40 .

 そこで、以下の動作例5では、情報処理システム10が動作例2を実行する構成において、第二管理装置40が新たな第二管理装置40に変更された場合の動作について説明する。図10は、このような情報処理システム10の動作例4のシーケンス図である。なお、以下の図10の説明においては、新たな第二管理装置40を単に第二管理装置40を表現し、それまで使用されていた第二管理装置40を古い第二管理装置40などと表現する。 Therefore, in the following operation example 5, the operation when the second management apparatus 40 is changed to a new second management apparatus 40 in the configuration in which the information processing system 10 executes the operation example 2 will be described. FIG. 10 is a sequence diagram of operation example 4 of such an information processing system 10 . In the following description of FIG. 10, the new second management device 40 is simply referred to as the second management device 40, and the second management device 40 that has been used until then is referred to as the old second management device 40, etc. do.

 入居者は、第二管理装置40に情報処理システム10を利用するためのアプリをインストールする。これにより、第二管理装置40の第二セキュア記憶部44には、新たな第三の公開鍵及び新たな第三の秘密鍵が記憶される(S81)。 A resident installs an application for using the information processing system 10 on the second management device 40 . As a result, a new third public key and a new third private key are stored in the second secure storage unit 44 of the second management device 40 (S81).

 次に、第二管理装置40の第二情報処理部42は、入居者の操作等に基づいて、中間証明書の発行要求を生成し、生成した発行要求を第二通信部41に第一管理装置30へ送信させる(S82)。発行要求には、新たな第三の公開鍵が含まれる。 Next, the second information processing unit 42 of the second management device 40 generates an intermediate certificate issuance request based on the operation of the resident, etc., and sends the generated issuance request to the second communication unit 41 for the first management. It is transmitted to the device 30 (S82). The issuance request includes a new third public key.

 第一管理装置30の第一通信部31は、新たな第三の公開鍵を含む発行要求を受信する。管理者が入居者の発行要求を確認し、入居者によるサーバ証明書の発行を許可する場合、第一情報処理部32は、受信した新たな第三の公開鍵に対する新たな第一の署名を第二の秘密鍵を用いて生成する(S83)。また、第一情報処理部32は、第三の公開鍵、及び、第一の署名を含む新たな中間証明書を、第一通信部31に第二管理装置40へ送信させる(S84)。なお、動作例2と同様に、新たな中間証明書には、第一利用条件が含まれてもよい。 The first communication unit 31 of the first management device 30 receives the issue request including the new third public key. When the manager confirms the resident's request for issuance and permits the resident to issue the server certificate, the first information processing unit 32 adds a new first signature to the received new third public key. It is generated using the second secret key (S83). The first information processing unit 32 also causes the first communication unit 31 to transmit the third public key and the new intermediate certificate including the first signature to the second management device 40 (S84). As in Operation Example 2, the new intermediate certificate may include the first terms of use.

 第二管理装置40の第二通信部41は、新たな中間証明書を受信する。第二情報処理部42は、受信された中間証明書を第二記憶部43に記憶する(S85)。 The second communication unit 41 of the second management device 40 receives the new intermediate certificate. The second information processing unit 42 stores the received intermediate certificate in the second storage unit 43 (S85).

 次に、第二管理装置40の第二情報処理部42は、第二外部記憶装置72から第二外部記憶装置72に記憶されたサーバ証明書を取得し、取得したサーバ証明書を第二記憶部43に記憶する(S86)。ステップS86において取得されるサーバ証明書は、古い第二管理装置40によって生成され、第二外部記憶装置72にバックアップされていたサーバ証明書である。なお、第二情報処理部42は、具体的には、第二外部記憶装置72から第二通信部41を介してサーバ証明書を取得する。 Next, the second information processing unit 42 of the second management device 40 acquires the server certificate stored in the second external storage device 72 from the second external storage device 72, and stores the acquired server certificate in the second storage. The data is stored in the unit 43 (S86). The server certificate acquired in step S86 is the server certificate generated by the old second management device 40 and backed up in the second external storage device 72 . Note that the second information processing unit 42 specifically acquires the server certificate from the second external storage device 72 via the second communication unit 41 .

 次に、第二情報処理部42は、新たな第二の署名を生成する(S87)。第二情報処理部42は、ステップS86において第二記憶部43に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな第二の署名を、新たな第三の秘密鍵を用いて生成する。また、第二情報処理部42は、第一の公開鍵、及び、新たな第二の署名を含む新たなサーバ証明書と、ステップS84において受信した(ステップS85において第二記憶部43に記憶された)新たな中間証明書とを第二通信部41に情報端末20へ送信させる(S88)。なお、動作例2と同様に、新たなサーバ証明書には第二利用条件が含まれてもよい。 Next, the second information processing unit 42 generates a new second signature (S87). The second information processing unit 42 creates a new second signature for the first public key included in the server certificate stored in the second storage unit 43 in step S86 using the new third private key. Generate. Also, the second information processing unit 42 receives the first public key and the new server certificate including the new second signature in step S84 (stored in the second storage unit 43 in step S85). b) causes the second communication unit 41 to transmit the new intermediate certificate to the information terminal 20 (S88). It should be noted that the new server certificate may include the second terms of use, as in the second operation example.

 情報端末20の端末通信部22は、新たなサーバ証明書、及び、新たな中間証明書を受信する。端末制御部23は、受信された新たなサーバ証明書、及び、新たな中間証明書を端末記憶部24に記憶する(S89)。 The terminal communication unit 22 of the information terminal 20 receives the new server certificate and the new intermediate certificate. The terminal control unit 23 stores the received new server certificate and new intermediate certificate in the terminal storage unit 24 (S89).

 また、第一管理装置30の第一情報処理部32は、古い中間証明書を失効させるための失効指令を、第一通信部31に制御装置50へ送信させる(S90)。言い換えれば、第一通信部31は、失効指令を制御装置50へ送信する。失効指令は、例えば、失効の対象となる中間証明書のリストを示す情報であり、具体的には、CRL(Certificate Revocation List)などが用いられる。 Also, the first information processing unit 32 of the first management device 30 causes the first communication unit 31 to transmit a revocation command for revoking the old intermediate certificate to the control device 50 (S90). In other words, the first communication unit 31 transmits an invalidation command to the control device 50 . The revocation command is, for example, information indicating a list of intermediate certificates to be revoked, and more specifically, a CRL (Certificate Revocation List) or the like is used.

 制御装置50の通信部51は、失効指令を受信する。制御部52は、失効指令が受信された後古い中間証明書を失効させる(S91)。制御装置50は、具体的には、情報端末20から古い中間証明書を受信したとしても電気錠60を解錠しない状態となる。 The communication unit 51 of the control device 50 receives the invalidation command. The control unit 52 revokes the old intermediate certificate after receiving the revocation command (S91). More specifically, the control device 50 will not unlock the electric lock 60 even if the old intermediate certificate is received from the information terminal 20 .

 以上説明したような動作例5によれば、情報処理システム10は、古い第二管理装置40の第二セキュア記憶部44に記憶された鍵情報が取り出せなくても、新たな第二管理装置40の第二セキュア記憶部44に記憶された新たな鍵情報に対応する新たなサーバ証明書及び中間証明書を生成することができる。つまり、情報処理システム10は、新たな第二管理装置40が導入されても、継続的に運用されることが可能となる。 According to Operation Example 5 as described above, even if the key information stored in the second secure storage unit 44 of the old second management device 40 cannot be extracted, the information processing system 10 can A new server certificate and intermediate certificate corresponding to the new key information stored in the second secure storage unit 44 of the can be generated. That is, the information processing system 10 can be continuously operated even if a new second management device 40 is introduced.

 なお、ステップS81~ステップS91の処理の順序、特に、ステップS83~ステップS91の処理の順序は、可能な範囲で任意に入れ替えられてもよい。ここで、図10の例では、新たな証明書(新たなサーバ証明書及び新たな中間証明書)が情報端末20へ送信された後、失効指令が制御装置50へ送信される。つまり、新たな証明書が端末記憶部24に記憶された後、古い中間証明書が失効される。これにより、ステップS89以降ステップS91以前の期間T3においては、新たな証明書が記憶された情報端末20、及び、古い証明書が記憶された情報端末20の両方で電気錠60を解錠することが可能となる。つまり、情報処理システム10は、証明書の移行期間を設けることができる。なお、期間T3よりも後の期間においては、新しい証明書が記憶された情報端末20による電気錠60の解錠が可能である。 The order of the processing of steps S81 to S91, particularly the order of the processing of steps S83 to S91 may be arbitrarily changed within a possible range. Here, in the example of FIG. 10 , after a new certificate (new server certificate and new intermediate certificate) is sent to information terminal 20 , a revocation command is sent to control device 50 . That is, after the new certificate is stored in the terminal storage unit 24, the old intermediate certificate is revoked. As a result, in the period T3 from step S89 to step S91, the electric lock 60 can be unlocked by both the information terminal 20 storing the new certificate and the information terminal 20 storing the old certificate. becomes possible. In other words, the information processing system 10 can provide a certificate transition period. In the period after period T3, the electric lock 60 can be unlocked by the information terminal 20 in which the new certificate is stored.

 なお、古い証明書による電気錠60の解錠を速やかに禁止したいような場合には、新たな証明書が情報端末20へ送信される前に、失効指令が制御装置50へ送信されればよい。つまり、新たな証明書が端末記憶部24に記憶される前に、古い中間証明書が失効されればよい。 If it is desired to immediately prohibit the unlocking of the electric lock 60 using the old certificate, the revocation command may be sent to the control device 50 before the new certificate is sent to the information terminal 20. . In other words, the old intermediate certificate should be revoked before the new certificate is stored in the terminal storage unit 24 .

 (変形例)
 上記実施の形態では、利用条件がサーバ証明書に含まれたが、利用条件は、サーバ証明書とは別に安全な方法で情報端末20から制御装置50へ送信されてもよい。例えば、図4でステップS21よりも後にセッション鍵を用いた暗号化通信によって利用条件が第一管理装置30の署名と共に情報端末20から制御装置50へ送信されてもよい。サーバ証明書と利用条件を分けることにより、サーバ証明書の再発行をしなくても利用条件を柔軟に追加または変更することが可能となる。 (Modification)
In the above embodiment, the usage conditions were included in the server certificate, but the usage conditions may be transmitted from the information terminal 20 to the control device 50 by a secure method separately from the server certificate. For example, after step S21 in FIG. 4, the usage conditions may be transmitted from the information terminal 20 to the control device 50 together with the signature of the first management device 30 through encrypted communication using a session key. By separating the server certificate and the terms of use, it is possible to flexibly add or change the terms of use without reissuing the server certificate.

 また、上記実施の形態では、制御装置50(情報処理システム10aにおいては、第二管理装置40及び制御装置50)は、電気錠60または自動ドアなどの施設80内の空間への人の出入りを制限する機器を制御したが、物品の出入りを制限する機器を制御してもよい。例えば、制御装置50は、宅配ボックス、コインロッカー、または、貸金庫などの扉を施錠及び解錠する電気錠を制御してもよい。つまり、制御装置50は、空間に対する物品または人の出入りを制限する機器を制御すればよい。 Further, in the above embodiment, the control device 50 (the second management device 40 and the control device 50 in the information processing system 10a) uses the electric lock 60 or the automatic door to prevent people from entering and exiting the space in the facility 80. Although the device for restricting is controlled, the device for restricting entry and exit of articles may be controlled. For example, the control device 50 may control an electric lock that locks and unlocks the door of a delivery box, coin locker, safe deposit box, or the like. In other words, the control device 50 may control equipment that restricts the entry and exit of goods or people into and out of the space.

 また、情報処理システム10及び情報処理システム10aは、空間に対する物品または人の出入りを制限する機器だけでなく、照明機器及び空調機器などの家電機器の制御を特定の人にのみ許可する場合にも適用できる。 In addition, the information processing system 10 and the information processing system 10a can be used not only for equipment that restricts the entry and exit of goods or people from the space, but also for the case where only a specific person is permitted to control home appliances such as lighting equipment and air conditioners. Applicable.

 また、上記実施例では図示しないが、ステップS17、及び、ステップS41のサーバ証明書の送信後に、制御装置50は、乱数を含めた疑似情報を情報端末20に送信し、情報端末20は、受信した疑似情報に対する第一の秘密鍵による署名を行い制御装置50に送信してもよい。制御装置50は、ステップS18、及び、ステップS42において、情報端末20から受信した署名をサーバ証明書に含まれる第一の公開鍵を用いて検証することにより、証明書の盗用を防ぐことが可能である。 Further, although not shown in the above embodiment, after transmitting the server certificate in step S17 and step S41, the control device 50 transmits pseudo information including random numbers to the information terminal 20, and the information terminal 20 receives The pseudo information obtained may be signed with the first secret key and transmitted to the control device 50 . In steps S18 and S42, the control device 50 verifies the signature received from the information terminal 20 using the first public key included in the server certificate, thereby preventing certificate theft. is.

 また、ステップS19、及び、ステップS43において、サーバ証明書に含まれる制御装置50のIDを検証することで、別の制御装置用の証明書の流用を防ぐことが可能である。 Also, by verifying the ID of the control device 50 included in the server certificate in steps S19 and S43, it is possible to prevent diversion of certificates for other control devices.

 また、上記実施の形態では、情報端末20は、セキュア記憶部を備えていないが、セキュア記憶部(以下、端末セキュア記憶部とも記載される)を備えてもよい。例えば、端末セキュア記憶部には、具体的には、第一の公開鍵及び第一の秘密鍵が記憶される。端末セキュア記憶部は、例えば、スマートフォンなどで使用されるSEと呼ばれるセキュリティ機能を有する専用ICによって実現される。端末制御部23は、APIを用いて、第一の秘密鍵に基づく処理結果、及び、サーバ証明書生成に必要な第一の公開鍵を取得することは可能であるが、第一の秘密鍵そのものを参照することはできない。つまり、端末セキュア記憶部は、第一の秘密鍵が情報端末20の外部に取り出されることを抑制する機能を有している。端末セキュア記憶部は、端末記憶部24よりもセキュリティ性が高い記憶装置である。 Also, in the above embodiment, the information terminal 20 does not include a secure storage unit, but may include a secure storage unit (hereinafter also referred to as a terminal secure storage unit). For example, the terminal secure storage unit specifically stores a first public key and a first secret key. The terminal secure storage unit is realized, for example, by a dedicated IC having a security function called SE used in smartphones and the like. The terminal control unit 23 can use the API to obtain the processing result based on the first private key and the first public key necessary for generating the server certificate. You can't refer to it. In other words, the terminal secure storage unit has a function of preventing the first secret key from being taken out of the information terminal 20 . The terminal secure storage unit is a storage device with higher security than the terminal storage unit 24 .

 [効果等]
 以上説明したように、情報処理システム10は、空間に対する物品または人の出入りを制限する機器の制限を解除するために用いられる。情報処理システム10は、情報端末20、第一管理装置30、及び、制御装置50を備える。情報端末20は、第一の秘密鍵及び第一の公開鍵と、第一の公開鍵、及び、第二の秘密鍵を用いて生成された第一の公開鍵に対する署名を含むサーバ証明書とが記憶された端末記憶部24と、サーバ証明書を制御装置50へ送信する端末通信部22とを有する。制御装置50は、第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部53と、情報端末20からサーバ証明書を受信する通信部51と、受信されたサーバ証明書に含まれる署名を記憶部53に記憶されたルート証明書に含まれる第二の公開鍵を用いて検証し、検証に成功した場合に機器の制限を解除する制御部52とを有する。第一管理装置30は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部34であって、新たな第二の秘密鍵及び新たな第二の公開鍵が第一セキュア記憶部34の外部に取り出されることを抑制する機能を有する第一セキュア記憶部34と、第一記憶部33と、第一外部記憶装置71から第一外部記憶装置71に記憶されたサーバ証明書及びルート証明書を取得し、取得したサーバ証明書及びルート証明書を第一記憶部33に記憶する第一情報処理部32と、新たな第二の公開鍵を含む新たなルート証明書であって第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する第一通信部31とを有する。第一情報処理部32は、第一記憶部33に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな署名を新たな第二の秘密鍵を用いて生成し、第一の公開鍵、及び、新たな署名を含む新たなサーバ証明書を、第一通信部31に情報端末20へ送信させる。 [Effects, etc.]
As described above, the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space. The information processing system 10 includes an information terminal 20 , a first management device 30 and a control device 50 . The information terminal 20 has a first private key, a first public key, and a server certificate containing a signature for the first public key generated using the first public key and the second private key. and a terminal communication unit 22 that transmits the server certificate to the control device 50 . The control device 50 includes a storage unit 53 storing a root certificate including a second public key corresponding to the second private key, a communication unit 51 receiving the server certificate from the information terminal 20, and a a control unit 52 for verifying the signature included in the server certificate using the second public key included in the root certificate stored in the storage unit 53, and canceling the restriction of the device when the verification is successful. . The first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key. A first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71. a first information processing unit 32 that acquires the server certificate and the root certificate that have been acquired and stores the acquired server certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a root certificate generated by the first information processing unit 32 , to the control device 50 . The first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 using the new second private key, and publishes the first public key. It causes the first communication unit 31 to transmit the key and the new server certificate including the new signature to the information terminal 20 .

 このような情報処理システム10は、古い第一管理装置30が新しい第一管理装置30に交換されたとしても、情報端末20に、物品または人の出入りの制限を解除する権限を付与することができる。 Even if the old first management device 30 is replaced with a new first management device 30, such an information processing system 10 can grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people. can.

 また、例えば、第一通信部31は、新たなルート証明書を制御装置50へ送信した後、記憶部53に記憶されたルート証明書を抹消するための抹消指令を制御装置50へ送信する。 Also, for example, after transmitting the new root certificate to the control device 50 , the first communication unit 31 transmits to the control device 50 a deletion command for deleting the root certificate stored in the storage unit 53 .

 このような情報処理システム10は、ルート証明書の移行期間を設けることができる。 Such an information processing system 10 can provide a root certificate migration period.

 また、例えば、第一通信部31は、新たなルート証明書を制御装置50へ送信する前に、記憶部53に記憶されたルート証明書を抹消するための抹消指令を制御装置50へ送信する。 Further, for example, the first communication unit 31 transmits a deletion command for deleting the root certificate stored in the storage unit 53 to the control device 50 before transmitting the new root certificate to the control device 50. .

 このような情報処理システム10は、古いルート証明書の使用を速やかに禁止することができる。 Such an information processing system 10 can quickly prohibit the use of old root certificates.

 また、情報処理システム10は、空間に対する物品または人の出入りを制限する機器の制限を解除するために用いられる。情報処理システム10は、情報端末20、第一管理装置30、第二管理装置40、及び、制御装置50を備える。第二管理装置40は、第三の秘密鍵及び第三の公開鍵を記憶している。情報端末20は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、第二の秘密鍵を用いて生成された第三の公開鍵に対する第一の署名を含む中間証明書と、第一の公開鍵、及び、第三の秘密鍵を用いて生成された第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部24と、サーバ証明書及び中間証明書を制御装置50へ送信する端末通信部22とを有する。制御装置50は、第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部53と、サーバ証明書及び中間証明書を情報端末20から受信する通信部51と、受信された中間証明書に含まれる第一の署名をルート証明書に含まれる第二の公開鍵を用いて検証し、受信されたサーバ証明書に含まれる第二の署名を中間証明書に含まれる第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に機器の制限を解除する制御部52とを有する。第一管理装置30は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部34であって、新たな第二の秘密鍵及び新たな第二の公開鍵が第一セキュア記憶部34の外部に取り出されることを抑制する機能を有する第一セキュア記憶部34と、第一記憶部33と、第一外部記憶装置71から第一外部記憶装置71に記憶された、中間証明書及びルート証明書を取得し、取得した中間証明書及びルート証明書を第一記憶部33に記憶する第一情報処理部32と、新たな第二の公開鍵を含む新たなルート証明書であって第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する第一通信部31とを有する。第一情報処理部32は、第一記憶部33に記憶された中間証明書に含まれる第三の公開鍵に対する新たな第一の署名を新たな第二の秘密鍵を用いて生成し、第三の公開鍵、及び、新たな第一の署名を含む新たな中間証明書を、第一通信部31に第二管理装置40へ送信させ、第二管理装置40は、新たな中間証明書を第一管理装置から受信し、受信した新たな中間証明書を情報端末20へ送信する第二通信部41を有する。 In addition, the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space. The information processing system 10 includes an information terminal 20 , a first management device 30 , a second management device 40 and a control device 50 . The second management device 40 stores a third secret key and a third public key. The information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key. a terminal storage unit 24 storing a certificate, a first public key, and a server certificate including a second signature for the first public key generated using a third private key; a server; and a terminal communication unit 22 that transmits the certificate and the intermediate certificate to the control device 50 . The control device 50 includes a storage unit 53 storing a root certificate including a second public key corresponding to the second private key, and a communication unit 51 receiving a server certificate and an intermediate certificate from the information terminal 20. , verifying the first signature contained in the received intermediate certificate using the second public key contained in the root certificate, and applying the second signature contained in the received server certificate to the intermediate certificate and a control unit 52 that verifies using the included third public key and cancels the restriction of the device when each verification is successful. The first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key. A first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71. a first information processing unit 32 that acquires the obtained intermediate certificate and root certificate and stores the acquired intermediate certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a new root certificate generated by the first information processing unit 32 , to the control device 50 . The first information processing unit 32 generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 using the new second private key, The third public key and a new intermediate certificate containing the new first signature are transmitted to the second management device 40 by the first communication unit 31, and the second management device 40 transmits the new intermediate certificate. It has a second communication unit 41 that receives from the first management device and transmits the received new intermediate certificate to the information terminal 20 .

 このような情報処理システム10は、古い第一管理装置30が新しい第一管理装置30に交換されたとしても、情報端末20に、物品または人の出入りの制限を解除する権限を付与することができる。 Even if the old first management device 30 is replaced with a new first management device 30, such an information processing system 10 can grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people. can.

 また、例えば、第一通信部31は、新たな中間証明書を第二管理装置40へ送信した後、記憶部53に記憶されたルート証明書を抹消するための抹消指令を制御装置50へ送信する。 Further, for example, after transmitting the new intermediate certificate to the second management device 40, the first communication unit 31 transmits a deletion command for deleting the root certificate stored in the storage unit 53 to the control device 50. do.

 このような情報処理システム10は、ルート証明書の移行期間を設けることができる。 Such an information processing system 10 can provide a root certificate migration period.

 また、例えば、第一通信部31は、新たな中間証明書を第二管理装置40へ送信する前に、記憶部53に記憶されたルート証明書を抹消するための抹消指令を制御装置50へ送信する。 Further, for example, the first communication unit 31 sends a deletion command to the control device 50 to delete the root certificate stored in the storage unit 53 before transmitting the new intermediate certificate to the second management device 40. Send.

 このような情報処理システム10は、古いルート証明書の使用を速やかに禁止することができる。 Such an information processing system 10 can quickly prohibit the use of old root certificates.

 また、情報処理システム10は、空間に対する物品または人の出入りを制限する機器の制限を解除するために用いられる。情報処理システム10は、情報端末20、第一管理装置30、第二管理装置40、及び、制御装置50とを備える。第一管理装置30は、第二の秘密鍵及び第二の公開鍵を記憶している。情報端末20は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、第二の秘密鍵を用いて生成された第三の公開鍵に対する第一の署名を含む中間証明書と、第一の公開鍵、及び、第三の公開鍵に対応する第三の秘密鍵を用いて生成された第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部24と、サーバ証明書及び中間証明書を制御装置50へ送信する端末通信部22とを有する。制御装置50は、第二の公開鍵を含むルート証明書が記憶された記憶部53と、サーバ証明書及び中間証明書を情報端末20から受信する通信部51と、受信された中間証明書に含まれる第一の署名をルート証明書に含まれる第二の公開鍵を用いて検証し、受信されたサーバ証明書に含まれる第二の署名を中間証明書に含まれる第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に機器の制限を解除する制御部52とを有する。第二管理装置40は、新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部44であって、新たな第三の秘密鍵及び新たな第三の公開鍵が第二セキュア記憶部44の外部に取り出されることを抑制する機能を有する第二セキュア記憶部44と、第二記憶部43と、第二外部記憶装置72から第二外部記憶装置72に記憶されたサーバ証明書を取得し、取得したサーバ証明書を第二記憶部43に記憶する第二情報処理部42と、新たな第三の公開鍵を第一管理装置30へ送信する第二通信部41とを有する。第一管理装置30は、第二管理装置40から第三の公開鍵を受信する第一通信部31と、受信した新たな第三の公開鍵に対する新たな第一の署名を第二の秘密鍵を用いて生成し、新たな第三の公開鍵、及び、新たな第一の署名を含む新たな中間証明書を、第一通信部31に第二管理装置40へ送信させ、第二情報処理部42は、第二記憶部43に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな第二の署名を新たな第三の秘密鍵を用いて生成し、第一の公開鍵、及び、新たな第二の署名を含む新たなサーバ証明書と、第一管理装置30から受信した新たな中間証明書とを第二通信部41に情報端末20へ送信させる。 In addition, the information processing system 10 is used to release restrictions on devices that restrict the entry and exit of goods or people into and out of space. The information processing system 10 includes an information terminal 20 , a first management device 30 , a second management device 40 and a control device 50 . The first management device 30 stores a second secret key and a second public key. The information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key. A certificate and a server certificate including a second signature for the first public key generated using a first public key and a third private key corresponding to the third public key are stored. and a terminal communication unit 22 for transmitting the server certificate and the intermediate certificate to the control device 50 . The control device 50 includes a storage unit 53 that stores a root certificate including a second public key, a communication unit 51 that receives a server certificate and an intermediate certificate from the information terminal 20, and a verifying the contained first signature using the second public key contained in the root certificate, and verifying the second signature contained in the received server certificate with the third public key contained in the intermediate certificate; and a control unit 52 that verifies using the device, and cancels the restriction on the device if each verification succeeds. The second management device 40 is a second secure storage unit 44 in which a new third private key and a new third public key are stored. A second secure storage unit 44 having a function to prevent the key from being taken out to the outside of the second secure storage unit 44, a second storage unit 43, and stored from the second external storage device 72 to the second external storage device 72. a second information processing unit 42 that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit 43; and a second communication that transmits a new third public key to the first management device 30. a portion 41; The first management device 30 receives the third public key from the second management device 40, and converts the new first signature for the received new third public key into the second secret key. and causes the first communication unit 31 to transmit a new intermediate certificate including a new third public key and a new first signature to the second management device 40, and the second information processing The unit 42 generates a new second signature for the first public key included in the server certificate stored in the second storage unit 43 using the new third private key, and generates the first public key , and the new server certificate including the new second signature and the new intermediate certificate received from the first management device 30 are transmitted to the information terminal 20 by the second communication unit 41 .

 このような情報処理システム10は、古い第二管理装置40が新しい第二管理装置40に交換されたとしても、情報端末20に、物品または人の出入りの制限を解除する権限を付与することができる。 Even if the old second management device 40 is replaced with a new second management device 40, such an information processing system 10 can grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people. can.

 また、例えば、第一通信部31は、新たな中間証明書を第二管理装置40へ送信した後、中間証明書を失効させるための失効指令を制御装置50へ送信する。 Also, for example, after transmitting the new intermediate certificate to the second management device 40, the first communication unit 31 transmits to the control device 50 a revocation command for revoking the intermediate certificate.

 このような情報処理システム10は、中間証明書の移行期間を設けることができる。 Such an information processing system 10 can provide a transition period for intermediate certificates.

 また、例えば、第一通信部31は、新たな中間証明書を第二管理装置40へ送信する前に、中間証明書を失効させるための失効指令を制御装置50へ送信する。 Also, for example, the first communication unit 31 transmits a revocation command for revoking the intermediate certificate to the control device 50 before transmitting the new intermediate certificate to the second management device 40 .

 このような情報処理システム10は、古い中間証明書の使用を速やかに禁止することができる。 Such an information processing system 10 can quickly prohibit the use of old intermediate certificates.

 また、第一管理装置30は、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる。情報端末20は、第一の秘密鍵及び第一の公開鍵と、第一の公開鍵、及び、第二の秘密鍵を用いて生成された第一の公開鍵に対する署名を含むサーバ証明書とを記憶しており、制限を解除するためにサーバ証明書を機器を制御する制御装置50へ送信する。制御装置50は、第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、情報端末20からサーバ証明書を受信すると、受信されたサーバ証明書に含まれる署名をルート証明書に含まれる第二の公開鍵を用いて検証し、検証に成功した場合に機器の制限を解除する。第一管理装置30は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部34であって、新たな第二の秘密鍵及び新たな第二の公開鍵が第一セキュア記憶部34の外部に取り出されることを抑制する機能を有する第一セキュア記憶部34と、第一記憶部33と、第一外部記憶装置71から第一外部記憶装置71に記憶されたサーバ証明書及びルート証明書を取得し、取得したサーバ証明書及びルート証明書を第一記憶部33に記憶する第一情報処理部32と、新たな第二の公開鍵を含む新たなルート証明書であって第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する第一通信部31とを有する。第一情報処理部32は、第一記憶部33に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな署名を新たな第二の秘密鍵を用いて生成し、第一の公開鍵、及び、新たな署名を含む新たなサーバ証明書を、第一通信部31に情報端末20へ送信させる。 In addition, the first management device 30 is used to grant the information terminal 20 the authority to release restrictions on devices that restrict the entry and exit of goods or people into and out of the space. The information terminal 20 has a first private key, a first public key, and a server certificate containing a signature for the first public key generated using the first public key and the second private key. is stored, and the server certificate is transmitted to the control device 50 that controls the device in order to release the restriction. The control device 50 stores a root certificate including the second public key corresponding to the second private key, and when receiving the server certificate from the information terminal 20, the signature included in the received server certificate is verified using the second public key included in the root certificate, and if the verification succeeds, the restrictions on the device are lifted. The first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key. A first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71. a first information processing unit 32 that acquires the server certificate and the root certificate that have been acquired and stores the acquired server certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a root certificate generated by the first information processing unit 32 , to the control device 50 . The first information processing unit 32 generates a new signature for the first public key included in the server certificate stored in the first storage unit 33 using the new second private key, and publishes the first public key. It causes the first communication unit 31 to transmit the key and the new server certificate including the new signature to the information terminal 20 .

 このような第一管理装置30は、新たに情報処理システム10に導入されたときに、情報端末20に、物品または人の出入りの制限を解除する権限を付与することができる。 Such a first management device 30, when newly introduced into the information processing system 10, can grant the information terminal 20 the authority to release restrictions on the entry and exit of goods or people.

 また、第一管理装置30は、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる第一管理装置30及び第二管理装置40のうちの第一管理装置30である。第二管理装置40は、第三の秘密鍵及び第三の公開鍵を記憶しており、情報端末20は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、第二の秘密鍵を用いて生成された第三の公開鍵に対する第一の署名を含む中間証明書と、第一の公開鍵、及び、第三の秘密鍵を用いて生成された第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、制限を解除するためにサーバ証明書及び中間証明書を機器を制御する制御装置50へ送信する。制御装置50は、第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、サーバ証明書及び中間証明書を情報端末20から受信すると、受信された中間証明書に含まれる第一の署名をルート証明書に含まれる第二の公開鍵を用いて検証し、受信されたサーバ証明書に含まれる第二の署名を中間証明書に含まれる第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に機器の制限を解除する。第一管理装置30は、新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部34であって、新たな第二の秘密鍵及び新たな第二の公開鍵が第一セキュア記憶部34の外部に取り出されることを抑制する機能を有する第一セキュア記憶部34と、第一記憶部33と、第一外部記憶装置71から第一外部記憶装置71に記憶された、中間証明書及びルート証明書を取得し、取得した中間証明書及びルート証明書を第一記憶部33に記憶する第一情報処理部32と、新たな第二の公開鍵を含む新たなルート証明書であって第一情報処理部32によって生成される新たなルート証明書を制御装置50へ送信する第一通信部31とを有する。第一情報処理部32は、第一記憶部33に記憶された中間証明書に含まれる第三の公開鍵に対する新たな第一の署名を新たな第二の秘密鍵を用いて生成し、第三の公開鍵、及び、新たな第一の署名を含む新たな中間証明書を、第一通信部31に第二管理装置40へ送信させる。 In addition, the first management device 30 is one of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction on the equipment that restricts the entry and exit of goods or people into and out of the space. is the first management device 30 of. The second management device 40 stores a third private key and a third public key, and the information terminal 20 stores the first private key, the first public key, the third public key, and an intermediate certificate containing a first signature to a third public key generated using a second private key; a first public key; and a first certificate generated using the third private key It stores a server certificate containing a second signature on the public key, and transmits the server certificate and the intermediate certificate to the control device 50 that controls the device in order to remove the restriction. The control device 50 stores a root certificate including a second public key corresponding to the second private key, and when receiving the server certificate and the intermediate certificate from the information terminal 20, the received intermediate certificate verifies the first signature contained in using the second public key contained in the root certificate, and verifies the second signature contained in the received server certificate with the third public key contained in the intermediate certificate , and if each verification succeeds, the device restriction is lifted. The first management device 30 is a first secure storage unit 34 in which a new second private key and a new second public key are stored, and stores the new second private key and the new second public key. A first secure storage unit 34 having a function to prevent the key from being taken out to the outside of the first secure storage unit 34, a first storage unit 33, and stored from the first external storage device 71 to the first external storage device 71. a first information processing unit 32 that acquires the obtained intermediate certificate and root certificate and stores the acquired intermediate certificate and root certificate in the first storage unit 33; and a first communication unit 31 that transmits a new root certificate, which is a new root certificate generated by the first information processing unit 32 , to the control device 50 . The first information processing unit 32 generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit 33 using the new second private key, It causes the first communication unit 31 to transmit the third public key and a new intermediate certificate containing the new first signature to the second management device 40 .

 このような第一管理装置30は、新たに情報処理システム10に導入されたときに、情報端末20に物品または人の出入りの制限を解除する権限を付与することができる。 Such a first management device 30, when newly introduced into the information processing system 10, can authorize the information terminal 20 to release restrictions on the entry and exit of goods or people.

 また、第二管理装置40は、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる第一管理装置30及び第二管理装置40のうちの第二管理装置40である。第一管理装置30は、第二の秘密鍵及び第二の公開鍵を記憶している。情報端末20は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、第二の秘密鍵を用いて生成された第三の公開鍵に対する第一の署名を含む中間証明書と、第一の公開鍵、及び、第三の公開鍵に対応する第三の秘密鍵を用いて生成された第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、サーバ証明書及び中間証明書を機器を制御する制御装置50へ送信する。制御装置50は、第二の公開鍵を含むルート証明書を記憶しており、サーバ証明書及び中間証明書を情報端末20から受信し、受信された中間証明書に含まれる第一の署名をルート証明書に含まれる第二の公開鍵を用いて検証し、受信されたサーバ証明書に含まれる第二の署名を中間証明書に含まれる第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に機器の制限を解除する。第二管理装置40は、新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部44であって、新たな第三の秘密鍵及び新たな第三の公開鍵が第二セキュア記憶部44の外部に取り出されることを抑制する機能を有する第二セキュア記憶部44と、第二記憶部43と、第二外部記憶装置72から第二外部記憶装置72に記憶されたサーバ証明書を取得し、取得したサーバ証明書を第二記憶部43に記憶する第二情報処理部42と、新たな第三の公開鍵を第一管理装置30へ送信する第二通信部41とを有し、第二情報処理部42は、第二記憶部43に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな第二の署名を新たな第三の秘密鍵を用いて生成し、第一の公開鍵、及び、新たな第二の署名を含む新たなサーバ証明書と、第一管理装置30から受信した新たな中間証明書とを第二通信部41に情報端末20へ送信させる。新たな中間証明書は、新たな第三の公開鍵、及び、第二の秘密鍵を用いて生成された新たな第三の公開鍵に対する新たな第一の署名を含む。 In addition, the second management device 40 is one of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction on the equipment that restricts the entry and exit of goods or people into and out of the space. is the second management device 40 of. The first management device 30 stores a second secret key and a second public key. The information terminal 20 generates an intermediate signature containing a first signature for a third public key generated using a first private key, a first public key, a third public key, and the second private key. store a certificate and a server certificate including a second signature for the first public key generated using the first public key and a third private key corresponding to the third public key; and transmits the server certificate and the intermediate certificate to the control device 50 that controls the device. The control device 50 stores a root certificate including a second public key, receives a server certificate and an intermediate certificate from the information terminal 20, and adds a first signature included in the received intermediate certificate. Verifying using the second public key contained in the root certificate, verifying the second signature contained in the received server certificate using the third public key contained in the intermediate certificate, and verifying each Remove device restrictions if verification succeeds. The second management device 40 is a second secure storage unit 44 in which a new third private key and a new third public key are stored. A second secure storage unit 44 having a function to prevent the key from being taken out to the outside of the second secure storage unit 44, a second storage unit 43, and stored from the second external storage device 72 to the second external storage device 72. a second information processing unit 42 that acquires the server certificate obtained and stores the acquired server certificate in the second storage unit 43; and a second communication that transmits a new third public key to the first management device 30. A second information processing unit 42 converts a new second signature for the first public key included in the server certificate stored in the second storage unit 43 into a new third private key. and send the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device 30 to the second communication unit 41 Send it to the information terminal 20 . The new intermediate certificate includes a new third public key and a new first signature for the new third public key generated using the second private key.

 このような第二管理装置40は、新たに情報処理システム10に導入されたときに、情報端末20に物品または人の出入りの制限を解除する権限を付与することができる。 Such a second management device 40 can give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people when it is newly introduced into the information processing system 10 .

 また、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる第一管理装置30が実行する情報処理方法は、第一外部記憶装置71から第一外部記憶装置71に記憶されたサーバ証明書及びルート証明書を取得し、取得したサーバ証明書及びルート証明書を第一記憶部33に記憶するステップと、新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した新たなルート証明書を制御装置50へ送信するステップと、第一記憶部33に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな署名を新たな第二の秘密鍵を用いて生成するステップと、第一の公開鍵、及び、新たな署名を含む新たなサーバ証明書を情報端末へ送信するステップとを含む。 In addition, the information processing method executed by the first management device 30, which is used for granting the information terminal 20 the authority to release the restriction on equipment that restricts the entry and exit of goods or people from the space, is performed by the first external storage device 71. acquiring the server certificate and root certificate stored in the first external storage device 71, storing the acquired server certificate and root certificate in the first storage unit 33; a step of generating a new root certificate containing the root certificate and transmitting the generated new root certificate to the control device 50; generating a signature using the new second private key; and sending the first public key and a new server certificate including the new signature to the information terminal.

 このような情報処理方法は、新たに導入された第一管理装置30を用いて、情報端末20に物品または人の出入りの制限を解除する権限を付与することができる。 Such an information processing method can use the newly introduced first management device 30 to give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.

 また、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる第一管理装置30及び第二管理装置40のうちの第一管理装置30が実行する情報処理方法は、第一外部記憶装置71から第一外部記憶装置71に記憶された、中間証明書及びルート証明書を取得し、取得した中間証明書及びルート証明書を第一記憶部33に記憶するステップと、新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した新たなルート証明書を制御装置50へ送信するステップと、第一記憶部33に記憶された中間証明書に含まれる第三の公開鍵に対する新たな第一の署名を新たな第二の秘密鍵を用いて生成するステップと、第三の公開鍵、及び、新たな第一の署名を含む新たな中間証明書を第二管理装置40へ送信するステップとを含む。 In addition, the first management device 30 out of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction of equipment that restricts the entry and exit of goods or people into and out of the space The information processing method to be executed is to acquire the intermediate certificate and root certificate stored in the first external storage device 71 from the first external storage device 71, and store the acquired intermediate certificate and root certificate in the first storage unit. 33; generating a new root certificate containing the new second public key; transmitting the generated new root certificate to the control device 50; a step of generating a new first signature for a third public key included in the obtained intermediate certificate using the new second private key; and generating the third public key and the new first signature. and sending the new intermediate certificate containing the certificate to the second management device 40 .

 このような情報処理方法は、新たに導入された第一管理装置30を用いて、情報端末20に物品または人の出入りの制限を解除する権限を付与することができる。 Such an information processing method can use the newly introduced first management device 30 to give the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.

 また、空間に対する物品または人の出入りを制限する機器の制限を解除する権限を情報端末20に付与するために用いられる第一管理装置30及び第二管理装置40のうちの第二管理装置40が実行する情報処理方法は、第二外部記憶装置72から第二外部記憶装置72に記憶されたサーバ証明書を取得し、取得したサーバ証明書を第二記憶部43に記憶するステップと、新たな第三の公開鍵を第一管理装置30へ送信するステップと、第二記憶部43に記憶されたサーバ証明書に含まれる第一の公開鍵に対する新たな第二の署名を新たな第三の秘密鍵を用いて生成するステップと、第一の公開鍵、及び、新たな第二の署名を含む新たなサーバ証明書と、第一管理装置30から受信した新たな中間証明書とを情報端末20へ送信するステップとを含む。新たな中間証明書は、新たな第三の公開鍵、及び、第二の秘密鍵を用いて生成された新たな第三の公開鍵に対する新たな第一の署名を含む。 In addition, the second management device 40 out of the first management device 30 and the second management device 40 used for granting the information terminal 20 the authority to release the restriction on the equipment that restricts the entry and exit of goods or people into and out of the space The information processing method to be executed includes the steps of acquiring the server certificate stored in the second external storage device 72 from the second external storage device 72, storing the acquired server certificate in the second storage unit 43, a step of transmitting the third public key to the first management device 30; a step of generating using a private key; a first public key; a new server certificate including a new second signature; 20. The new intermediate certificate includes a new third public key and a new first signature for the new third public key generated using the second private key.

 このような情報処理方法は、新たに導入された第二管理装置40を用いて、情報端末20に物品または人の出入りの制限を解除する権限を付与することができる。 Such an information processing method can use the newly introduced second management device 40 to grant the information terminal 20 the authority to release the restrictions on the entry and exit of goods or people.

 (その他の実施の形態)
 以上、実施の形態について説明したが、本発明は、上記実施の形態に限定されるものではない。 (Other embodiments)
Although the embodiments have been described above, the present invention is not limited to the above embodiments.

 例えば、上記実施の形態において、情報処理システムは、複数の装置によって実現されたが、単一の装置として実現されてもよい。例えば、情報処理システムは、情報端末、第一管理装置、第二管理装置、及び、制御装置のいずれかに相当する単一の装置として実現されてもよい。情報処理システムが複数の装置によって実現される場合、情報処理システムが備える構成要素(特に、機能的な構成要素)は、複数の装置にどのように振り分けられてもよい。 For example, in the above embodiments, the information processing system was implemented by a plurality of devices, but it may be implemented as a single device. For example, the information processing system may be implemented as a single device corresponding to any one of the information terminal, first management device, second management device, and control device. When the information processing system is realized by a plurality of devices, the components (especially functional components) included in the information processing system may be distributed to the plurality of devices in any way.

 また、上記実施の形態において、特定の処理部が実行する処理を別の処理部が実行してもよい。また、複数の処理の順序が変更されてもよいし、複数の処理が並行して実行されてもよい。 Further, in the above embodiment, the processing executed by a specific processing unit may be executed by another processing unit. In addition, the order of multiple processes may be changed, and multiple processes may be executed in parallel.

 また、上記実施の形態において、各構成要素は、各構成要素に適したソフトウェアプログラムを実行することによって実現されてもよい。各構成要素は、CPUまたはプロセッサなどのプログラム実行部が、ハードディスクまたは半導体メモリなどの記録媒体に記録されたソフトウェアプログラムを読み出して実行することによって実現されてもよい。 Also, in the above embodiments, each component may be realized by executing a software program suitable for each component. Each component may be realized by reading and executing a software program recorded in a recording medium such as a hard disk or a semiconductor memory by a program execution unit such as a CPU or processor.

 また、各構成要素は、ハードウェアによって実現されてもよい。例えば、各構成要素は、回路(または集積回路)でもよい。これらの回路は、全体として1つの回路を構成してもよいし、それぞれ別々の回路でもよい。また、これらの回路は、それぞれ、汎用的な回路でもよいし、専用の回路でもよい。 Also, each component may be realized by hardware. For example, each component may be a circuit (or integrated circuit). These circuits may form one circuit as a whole, or may be separate circuits. These circuits may be general-purpose circuits or dedicated circuits.

 また、本発明の全般的または具体的な態様は、システム、装置、方法、集積回路、コンピュータプログラムまたはコンピュータ読み取り可能なCD-ROMなどの記録媒体で実現されてもよい。また、本発明の全般的または具体的な態様は、システム、装置、方法、集積回路、コンピュータプログラム及び記録媒体の任意な組み合わせで実現されてもよい。 Also, general or specific aspects of the present invention may be implemented in a system, apparatus, method, integrated circuit, computer program, or recording medium such as a computer-readable CD-ROM. Also, general or specific aspects of the present invention may be implemented in any combination of systems, devices, methods, integrated circuits, computer programs and recording media.

 例えば、本発明は、上記実施の形態の情報端末、第一管理装置、第二管理装置、制御装置、または、電気錠システム(制御装置及び電気錠)として実現されてもよい。 For example, the present invention may be implemented as the information terminal, first management device, second management device, control device, or electric lock system (control device and electric lock) of the above embodiments.

 また、本発明は、上記実施の形態の情報処理システムなどのコンピュータが実行する情報処理方法として実現されてもよい。また、本発明は、情報処理方法をコンピュータに実行させるためのプログラムとして実現されてもよい。本発明は、このようなプログラムが記録されたコンピュータ読み取り可能な非一時的な記録媒体として実現されてもよい。 The present invention may also be implemented as an information processing method executed by a computer such as the information processing system of the above embodiment. Further, the present invention may be implemented as a program for causing a computer to execute the information processing method. The present invention may be implemented as a computer-readable non-temporary recording medium in which such a program is recorded.

 また、本発明は、汎用の情報端末を、上記実施の形態の情報端末、第一管理装置、または、第二管理装置として機能させるためのアプリケーションプログラムとして実現されてもよい。本発明は、このようなアプリケーションプログラムが記録されたコンピュータ読み取り可能な非一時的な記録媒体として実現されてもよい。 The present invention may also be implemented as an application program for causing a general-purpose information terminal to function as the information terminal, first management device, or second management device of the above embodiments. The present invention may be implemented as a computer-readable non-temporary recording medium in which such an application program is recorded.

 その他、各実施の形態に対して当業者が思いつく各種変形を施して得られる形態、または、本発明の趣旨を逸脱しない範囲で各実施の形態における構成要素及び機能を任意に組み合わせることで実現される形態も本発明に含まれる。 In addition, forms obtained by applying various modifications to each embodiment that a person skilled in the art can think of, or realized by arbitrarily combining the constituent elements and functions of each embodiment without departing from the spirit of the present invention. Also included in the present invention.

 10 情報処理システム
 20 情報端末
 21 操作受付部
 22 端末通信部
 23 端末制御部
 24 端末記憶部
 30 第一管理装置
 31 第一通信部
 32 第一情報処理部
 33 第一記憶部
 34 第一セキュア記憶部
 40 第二管理装置
 41 第二通信部
 42 第二情報処理部
 43 第二記憶部
 44 第二セキュア記憶部
 50 制御装置
 51 通信部
 52 制御部
 53 記憶部
 60 電気錠
 71 第一外部記憶装置
 72 第二外部記憶装置
 80 施設
 81 ドア REFERENCE SIGNS LIST 10 information processing system 20 information terminal 21 operation reception unit 22 terminal communication unit 23 terminal control unit 24 terminal storage unit 30 first management device 31 first communication unit 32 first information processing unit 33 first storage unit 34 first secure storage unit 40 second management device 41 second communication unit 42 second information processing unit 43 second storage unit 44 second secure storage unit 50 control device 51 communication unit 52 control unit 53 storage unit 60 electric lock 71 first external storage device 72 second Two external storage devices 80 facilities 81 doors

Claims (16)

 空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、
 情報端末、第一管理装置、及び、制御装置を備え、
 前記情報端末は、
 第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とが記憶された端末記憶部と、
 前記サーバ証明書を前記制御装置へ送信する端末通信部とを有し、
 前記制御装置は、
 前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部と、
 前記情報端末から前記サーバ証明書を受信する通信部と、
 受信された前記サーバ証明書に含まれる前記署名を前記記憶部に記憶された前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、
 前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、
 前記第一情報処理部は、前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を、前記第一通信部に前記情報端末へ送信させる
 情報処理システム。 An information processing system used to remove the restriction of a device that restricts the entry and exit of goods or people to a space,
An information terminal, a first management device, and a control device,
The information terminal is
A first private key, a first public key, and a server certificate including a signature for the first public key generated using the first public key and the second private key are stored. a terminal storage unit that
a terminal communication unit that transmits the server certificate to the control device;
The control device is
a storage unit storing a root certificate including a second public key corresponding to the second private key;
a communication unit that receives the server certificate from the information terminal;
verifying the signature included in the received server certificate using the second public key included in the root certificate stored in the storage unit, and if the verification succeeds, restricting the device; and a control unit for releasing the
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
A first information processing unit that acquires the server certificate and the root certificate stored in the external storage device from an external storage device and stores the acquired server certificate and the root certificate in the first storage unit. and,
a first communication unit configured to transmit a new root certificate including the new second public key and generated by the first information processing unit to the control device;
The first information processing unit uses the new second private key to generate a new signature for the first public key included in the server certificate stored in the first storage unit, and An information processing system that causes the first communication unit to transmit a first public key and a new server certificate including the new signature to the information terminal.  前記第一通信部は、前記新たなルート証明書を前記制御装置へ送信した後、前記記憶部に記憶された前記ルート証明書を抹消するための抹消指令を前記制御装置へ送信する
 請求項1に記載の情報処理システム。 2. After transmitting the new root certificate to the control device, the first communication unit transmits a deletion command for deleting the root certificate stored in the storage unit to the control device. The information processing system according to .  前記第一通信部は、前記新たなルート証明書を前記制御装置へ送信する前に、前記記憶部に記憶された前記ルート証明書を抹消するための抹消指令を前記制御装置へ送信する
 請求項1に記載の情報処理システム。 The first communication unit transmits a deletion command for deleting the root certificate stored in the storage unit to the control device before transmitting the new root certificate to the control device. 1. The information processing system according to 1.  空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、
 情報端末、第一管理装置、第二管理装置、及び、制御装置を備え、
 前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、
 前記情報端末は、
 第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部と、
 前記サーバ証明書及び前記中間証明書を前記制御装置へ送信する端末通信部とを有し、 前記制御装置は、
 前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書が記憶された記憶部と、
 前記サーバ証明書及び前記中間証明書を前記情報端末から受信する通信部と、
 受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、
 前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、
 前記第一情報処理部は、前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成し、前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させ、
 前記第二管理装置は、前記新たな中間証明書を前記第一管理装置から受信し、受信した前記新たな中間証明書を前記情報端末へ送信する第二通信部を有する
 情報処理システム。 An information processing system used to remove the restriction of a device that restricts the entry and exit of goods or people to a space,
An information terminal, a first management device, a second management device, and a control device,
The second management device stores a third private key and a third public key,
The information terminal is
a first private key and a first public key, and an intermediate certificate containing a first signature for said third public key generated using said third public key and said second private key; , a terminal storage unit storing the first public key and a server certificate containing a second signature for the first public key generated using the third private key;
a terminal communication unit configured to transmit the server certificate and the intermediate certificate to the control device;
a storage unit storing a root certificate including a second public key corresponding to the second private key;
a communication unit that receives the server certificate and the intermediate certificate from the information terminal;
verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate, and verifying the second signature included in the received server certificate; using the third public key included in the intermediate certificate, and canceling the restriction of the device when each verification is successful,
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
first information processing for acquiring the intermediate certificate and the root certificate stored in the external storage device from an external storage device and storing the acquired intermediate certificate and the root certificate in the first storage unit; Department and
a first communication unit configured to transmit a new root certificate including the new second public key and generated by the first information processing unit to the control device;
The first information processing unit generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit using the new second private key. and causing the first communication unit to transmit the third public key and a new intermediate certificate containing the new first signature to the second management device,
The information processing system, wherein the second management device includes a second communication unit that receives the new intermediate certificate from the first management device and transmits the received new intermediate certificate to the information terminal.  前記第一通信部は、前記新たな中間証明書を前記第二管理装置へ送信した後、前記記憶部に記憶された前記ルート証明書を抹消するための抹消指令を前記制御装置へ送信する
 請求項4に記載の情報処理システム。 After transmitting the new intermediate certificate to the second management device, the first communication unit transmits a deletion command for deleting the root certificate stored in the storage unit to the control device. Item 5. The information processing system according to item 4.  前記第一通信部は、前記新たな中間証明書を前記第二管理装置へ送信する前に、前記記憶部に記憶された前記ルート証明書を抹消するための抹消指令を前記制御装置へ送信する
 請求項4に記載の情報処理システム。 The first communication unit transmits a deletion command for deleting the root certificate stored in the storage unit to the control device before transmitting the new intermediate certificate to the second management device. The information processing system according to claim 4.  空間に対する物品または人の出入りを制限する機器の前記制限を解除するために用いられる情報処理システムであって、
 情報端末、第一管理装置、第二管理装置、及び、制御装置を備え、
 前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、
 前記情報端末は、
 第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とが記憶された端末記憶部と、
 前記サーバ証明書及び前記中間証明書を前記制御装置へ送信する端末通信部とを有し、
 前記制御装置は、
 前記第二の公開鍵を含むルート証明書が記憶された記憶部と、
 前記サーバ証明書及び前記中間証明書を前記情報端末から受信する通信部と、
 受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除する制御部とを有し、
 前記第二管理装置は、
 新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、
 第二記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶する第二情報処理部と、
 前記新たな第三の公開鍵を前記第一管理装置へ送信する第二通信部とを有し、
 前記第一管理装置は、
 前記第二管理装置から前記第三の公開鍵を受信する第一通信部と、
 受信した前記新たな第三の公開鍵に対する新たな第一の署名を前記第二の秘密鍵を用いて生成し、前記新たな第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させ、
 前記第二情報処理部は、前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した前記新たな中間証明書とを前記第二通信部に前記情報端末へ送信させる
 情報処理システム。 An information processing system used to remove the restriction of a device that restricts the entry and exit of goods or people to a space,
An information terminal, a first management device, a second management device, and a control device,
The first management device stores a second private key and a second public key,
The information terminal is
a first private key and a first public key, a third public key, and an intermediate certificate containing a first signature for said third public key generated using said second private key; , the first public key, and a server certificate including a second signature for the first public key generated using a third private key corresponding to the third public key. a terminal storage unit that
a terminal communication unit that transmits the server certificate and the intermediate certificate to the control device;
The control device is
a storage unit storing a root certificate including the second public key;
a communication unit that receives the server certificate and the intermediate certificate from the information terminal;
verifying the first signature included in the received intermediate certificate using the second public key included in the root certificate, and verifying the second signature included in the received server certificate; using the third public key included in the intermediate certificate, and canceling the restriction of the device when each verification is successful,
The second management device is
A second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and the new third public key are the second secure a second secure storage unit having a function of preventing it from being taken out of the storage unit;
a second storage unit;
a second information processing unit that acquires the server certificate stored in the external storage device from an external storage device and stores the acquired server certificate in the second storage unit;
a second communication unit that transmits the new third public key to the first management device;
The first management device is
a first communication unit that receives the third public key from the second management device;
generating a new first signature for the received new third public key using the second private key, comprising the new third public key and the new first signature cause the first communication unit to transmit a new intermediate certificate to the second management device;
The second information processing unit generates a new second signature for the first public key included in the server certificate stored in the second storage unit using the new third private key. and sending the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device to the second communication unit An information processing system that transmits information to an information terminal.  前記第一通信部は、前記新たな中間証明書を前記第二管理装置へ送信した後、前記中間証明書を失効させるための失効指令を前記制御装置へ送信する
 請求項7に記載の情報処理システム。 The information processing according to claim 7, wherein said first communication unit transmits a revocation command for revoking said intermediate certificate to said control device after transmitting said new intermediate certificate to said second management device. system.  前記第一通信部は、前記新たな中間証明書を前記第二管理装置へ送信する前に、前記中間証明書を失効させるための失効指令を前記制御装置へ送信する
 請求項7に記載の情報処理システム。 8. The information according to claim 7, wherein the first communication unit transmits a revocation command for revoking the intermediate certificate to the control device before transmitting the new intermediate certificate to the second management device. processing system.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置であって、
 前記情報端末は、
 第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記情報端末から前記サーバ証明書を受信すると、受信された前記サーバ証明書に含まれる前記署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、
 前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、
 前記第一情報処理部は、前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を、前記第一通信部に前記情報端末へ送信させる
 第一管理装置。 A first management device used to grant an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of space,
The information terminal is
storing a first private key and a first public key, and a server certificate including a signature for the first public key generated using the first public key and the second private key; and transmitting the server certificate to a control device that controls the device in order to remove the restriction;
The control device stores a root certificate including a second public key corresponding to the second private key, and when receiving the server certificate from the information terminal, the received server certificate verifying the contained signature using the second public key contained in the root certificate, and releasing the restriction of the device if the verification is successful;
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
A first information processing unit that acquires the server certificate and the root certificate stored in the external storage device from an external storage device and stores the acquired server certificate and the root certificate in the first storage unit. and,
a first communication unit configured to transmit a new root certificate including the new second public key and generated by the first information processing unit to the control device;
The first information processing unit uses the new second private key to generate a new signature for the first public key included in the server certificate stored in the first storage unit, and A first management device that causes the first communication unit to transmit a first public key and a new server certificate including the new signature to the information terminal.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第一管理装置であって、
 前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、
 前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信すると、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶する第一情報処理部と、
 前記新たな第二の公開鍵を含む新たなルート証明書であって前記第一情報処理部によって生成される新たなルート証明書を前記制御装置へ送信する第一通信部とを有し、
 前記第一情報処理部は、前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成し、前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を、前記第一通信部に前記第二管理装置へ送信させる
 第一管理装置。 A first management device out of a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space,
The second management device stores a third private key and a third public key,
The information terminal creates a first signature for the third public key generated using the first private key, the first public key, the third public key, and the second private key. and a server certificate containing a second signature for the first public key generated using the first public key and the third private key, transmitting the server certificate and the intermediate certificate to a control device that controls the device in order to remove the restriction;
The control device stores a root certificate including a second public key corresponding to the second private key, and receives the server certificate and the intermediate certificate from the information terminal. verifying the first signature included in the intermediate certificate using the second public key included in the root certificate, and verifying the second signature included in the received server certificate to the intermediate certificate; verifying using the third public key included in the certificate, and canceling the restriction of the device when each verification is successful;
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
first information processing for acquiring the intermediate certificate and the root certificate stored in the external storage device from an external storage device and storing the acquired intermediate certificate and the root certificate in the first storage unit; Department and
a first communication unit configured to transmit a new root certificate including the new second public key and generated by the first information processing unit to the control device;
The first information processing unit generates a new first signature for the third public key included in the intermediate certificate stored in the first storage unit using the new second private key. and causes the first communication unit to transmit the third public key and a new intermediate certificate including the new first signature to the second management device.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第二管理装置であって、
 前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、
 前記情報端末は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信し、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、
 前記第二管理装置は、
 新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、
 第二記憶部と、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶する第二情報処理部と、
 前記新たな第三の公開鍵を前記第一管理装置へ送信する第二通信部とを有し、
 前記第二情報処理部は、前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成し、前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した新たな中間証明書とを前記第二通信部に前記情報端末へ送信させ、
 前記新たな中間証明書は、前記新たな第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記新たな第三の公開鍵に対する新たな第一の署名を含む
 第二管理装置。 A second management device out of a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space,
The first management device stores a second private key and a second public key,
The information terminal creates a first signature for the third public key generated using the first private key, the first public key, the third public key, and the second private key. and a server certificate containing a second signature for said first public key generated using said first public key and a third private key corresponding to said third public key and transmitting the server certificate and the intermediate certificate to a control device that controls the device;
The control device stores a root certificate including the second public key, receives the server certificate and the intermediate certificate from the information terminal, and receives the intermediate certificate included in the received intermediate certificate. verifying the first signature using the second public key contained in the root certificate, and verifying the second signature contained in the received server certificate by verifying the third signature contained in the intermediate certificate; verify using the public key of, and if each verification is successful, remove the restriction of the device;
The second management device is
A second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and the new third public key are the second secure a second secure storage unit having a function of preventing it from being taken out of the storage unit;
a second storage unit;
a second information processing unit that acquires the server certificate stored in the external storage device from an external storage device and stores the acquired server certificate in the second storage unit;
a second communication unit that transmits the new third public key to the first management device;
The second information processing unit generates a new second signature for the first public key included in the server certificate stored in the second storage unit using the new third private key. and transmitting the first public key, the new server certificate including the new second signature, and the new intermediate certificate received from the first management device to the second communication unit as the information send it to your device
said new intermediate certificate includes said new third public key and a new first signature for said new third public key generated using said second private key; management device.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置が実行する情報処理方法であって、
 前記情報端末は、
 第一の秘密鍵及び第一の公開鍵と、前記第一の公開鍵、及び、第二の秘密鍵を用いて生成された前記第一の公開鍵に対する署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記情報端末から前記サーバ証明書を受信すると、受信された前記サーバ証明書に含まれる前記署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、検証に成功した場合に前記機器の前記制限を解除し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部とを有し、
 前記情報処理方法は、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書及び前記ルート証明書を取得し、取得した前記サーバ証明書及び前記ルート証明書を前記第一記憶部に記憶するステップと、
 前記新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した前記新たなルート証明書を前記制御装置へ送信するステップと、
 前記第一記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな署名を前記新たな第二の秘密鍵を用いて生成するステップと、
 前記第一の公開鍵、及び、前記新たな署名を含む新たなサーバ証明書を前記情報端末へ送信するステップとを含む
 情報処理方法。 An information processing method executed by a first management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space,
The information terminal is
storing a first private key and a first public key, and a server certificate including a signature for the first public key generated using the first public key and the second private key; and transmitting the server certificate to a control device that controls the device in order to remove the restriction;
The control device stores a root certificate including a second public key corresponding to the second private key, and when receiving the server certificate from the information terminal, the received server certificate verifying the contained signature using the second public key contained in the root certificate, and releasing the restriction of the device if the verification is successful;
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
The information processing method includes:
obtaining the server certificate and the root certificate stored in the external storage device from an external storage device, and storing the obtained server certificate and the root certificate in the first storage unit;
generating a new root certificate containing the new second public key, and transmitting the generated new root certificate to the control device;
generating a new signature for the first public key included in the server certificate stored in the first storage unit using the new second private key;
and transmitting the first public key and a new server certificate including the new signature to the information terminal.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第一管理装置が実行する情報処理方法であって、
 前記第二管理装置は、第三の秘密鍵及び第三の公開鍵を記憶しており、
 前記情報端末は、第一の秘密鍵及び第一の公開鍵と、前記第三の公開鍵、及び、第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記制限を解除するために前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の秘密鍵に対応する第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信すると、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、
 前記第一管理装置は、
 新たな第二の秘密鍵及び新たな第二の公開鍵が記憶された第一セキュア記憶部であって、前記新たな第二の秘密鍵及び前記新たな第二の公開鍵が前記第一セキュア記憶部の外部に取り出されることを抑制する機能を有する第一セキュア記憶部と、
 第一記憶部とを有し、
 前記情報処理方法は、
 外部記憶装置から前記外部記憶装置に記憶された、前記中間証明書及び前記ルート証明書を取得し、取得した前記中間証明書及び前記ルート証明書を前記第一記憶部に記憶するステップと、
 前記新たな第二の公開鍵を含む新たなルート証明書を生成し、生成した前記新たなルート証明書を前記制御装置へ送信するステップと、
 前記第一記憶部に記憶された前記中間証明書に含まれる前記第三の公開鍵に対する新たな第一の署名を前記新たな第二の秘密鍵を用いて生成するステップと、
 前記第三の公開鍵、及び、前記新たな第一の署名を含む新たな中間証明書を前記第二管理装置へ送信するステップとを含む
 情報処理方法。 An information processing method executed by a first management device out of a first management device and a second management device used for granting an information terminal the authority to release the restriction of a device that restricts the movement of goods or people into and out of a space and
The second management device stores a third private key and a third public key,
The information terminal creates a first signature for the third public key generated using the first private key, the first public key, the third public key, and the second private key. and a server certificate containing a second signature for the first public key generated using the first public key and the third private key, transmitting the server certificate and the intermediate certificate to a control device that controls the device in order to remove the restriction;
The control device stores a root certificate including a second public key corresponding to the second private key, and receives the server certificate and the intermediate certificate from the information terminal. verifying the first signature included in the intermediate certificate using the second public key included in the root certificate, and verifying the second signature included in the received server certificate to the intermediate certificate; verifying using the third public key included in the certificate, and canceling the restriction of the device when each verification is successful;
The first management device is
A first secure storage unit storing a new second private key and a new second public key, wherein the new second private key and the new second public key are the first secure a first secure storage unit having a function of preventing it from being taken out of the storage unit;
a first storage unit;
The information processing method includes:
obtaining the intermediate certificate and the root certificate stored in the external storage device from an external storage device, and storing the obtained intermediate certificate and the root certificate in the first storage unit;
generating a new root certificate containing the new second public key, and transmitting the generated new root certificate to the control device;
generating a new first signature for the third public key included in the intermediate certificate stored in the first storage unit using the new second private key;
and transmitting a new intermediate certificate including the third public key and the new first signature to the second management device.  空間に対する物品または人の出入りを制限する機器の前記制限を解除する権限を情報端末に付与するために用いられる第一管理装置及び第二管理装置のうちの第二管理装置が実行する情報処理方法であって、
 前記第一管理装置は、第二の秘密鍵及び第二の公開鍵を記憶しており、
 前記情報端末は、第一の秘密鍵及び第一の公開鍵と、第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記第三の公開鍵に対する第一の署名を含む中間証明書と、前記第一の公開鍵、及び、前記第三の公開鍵に対応する第三の秘密鍵を用いて生成された前記第一の公開鍵に対する第二の署名を含むサーバ証明書とを記憶しており、前記サーバ証明書及び前記中間証明書を前記機器を制御する制御装置へ送信し、
 前記制御装置は、前記第二の公開鍵を含むルート証明書を記憶しており、前記サーバ証明書及び前記中間証明書を前記情報端末から受信し、受信された前記中間証明書に含まれる前記第一の署名を前記ルート証明書に含まれる前記第二の公開鍵を用いて検証し、受信された前記サーバ証明書に含まれる前記第二の署名を前記中間証明書に含まれる前記第三の公開鍵を用いて検証し、それぞれの検証に成功した場合に前記機器の前記制限を解除し、
 前記第二管理装置は、
 新たな第三の秘密鍵及び新たな第三の公開鍵が記憶された第二セキュア記憶部であって、前記新たな第三の秘密鍵及び前記新たな第三の公開鍵が前記第二セキュア記憶部の外部に取り出されることを抑制する機能を有する第二セキュア記憶部と、
 第二記憶部とを有し、
 前記情報処理方法は、
 外部記憶装置から前記外部記憶装置に記憶された前記サーバ証明書を取得し、取得した前記サーバ証明書を前記第二記憶部に記憶するステップと、
 前記新たな第三の公開鍵を前記第一管理装置へ送信するステップと、
 前記第二記憶部に記憶された前記サーバ証明書に含まれる前記第一の公開鍵に対する新たな第二の署名を前記新たな第三の秘密鍵を用いて生成するステップと、
 前記第一の公開鍵、及び、前記新たな第二の署名を含む新たなサーバ証明書と、前記第一管理装置から受信した新たな中間証明書とを前記情報端末へ送信するステップとを含み、
 前記新たな中間証明書は、前記新たな第三の公開鍵、及び、前記第二の秘密鍵を用いて生成された前記新たな第三の公開鍵に対する新たな第一の署名を含む
 情報処理方法。 An information processing method executed by a second control device out of a first control device and a second control device used for granting an information terminal the authority to release the restriction of a device that restricts the entry and exit of goods or people into and out of a space and
The first management device stores a second private key and a second public key,
The information terminal creates a first signature for the third public key generated using the first private key, the first public key, the third public key, and the second private key. and a server certificate containing a second signature for said first public key generated using said first public key and a third private key corresponding to said third public key and transmitting the server certificate and the intermediate certificate to a control device that controls the device;
The control device stores a root certificate including the second public key, receives the server certificate and the intermediate certificate from the information terminal, and receives the intermediate certificate included in the received intermediate certificate. verifying the first signature using the second public key contained in the root certificate, and verifying the second signature contained in the received server certificate by verifying the third signature contained in the intermediate certificate; verify using the public key of, and if each verification is successful, remove the restriction of the device;
The second management device is
A second secure storage unit storing a new third private key and a new third public key, wherein the new third private key and the new third public key are the second secure a second secure storage unit having a function of preventing it from being taken out of the storage unit;
a second storage unit;
The information processing method includes:
obtaining the server certificate stored in the external storage device from an external storage device, and storing the obtained server certificate in the second storage unit;
sending the new third public key to the first management device;
generating a new second signature for the first public key included in the server certificate stored in the second storage unit using the new third private key;
transmitting a new server certificate containing the first public key and the new second signature, and a new intermediate certificate received from the first management device to the information terminal; ,
The new intermediate certificate includes the new third public key and a new first signature for the new third public key generated using the second private key. Method.  請求項13~15のいずれか1項に記載の情報処理方法をコンピュータに実行させるためのプログラム。 A program for causing a computer to execute the information processing method according to any one of claims 13 to 15.
PCT/JP2022/029402 2021-08-20 2022-07-29 Information processing system, first management device, second management device, and information processing method Ceased WO2023021968A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2023542309A JP7561359B2 (en) 2021-08-20 2022-07-29 Information processing system, first management device, second management device, and information processing method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021-135010 2021-08-20
JP2021135010 2021-08-20

Publications (1)

Publication Number Publication Date
WO2023021968A1 true WO2023021968A1 (en) 2023-02-23

Family

ID=85240650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/029402 Ceased WO2023021968A1 (en) 2021-08-20 2022-07-29 Information processing system, first management device, second management device, and information processing method

Country Status (2)

Country Link
JP (1) JP7561359B2 (en)
WO (1) WO2023021968A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024214460A1 (en) * 2023-04-13 2024-10-17 パナソニックIpマネジメント株式会社 Information processing system, management device, control device, and information processing method
WO2025089020A1 (en) * 2023-10-26 2025-05-01 パナソニックIpマネジメント株式会社 Information processing system, control device, and information processing method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148505A1 (en) * 2002-11-08 2004-07-29 General Instrument Corporation Certificate renewal in a certificate authority infrastructure
JP2005039790A (en) * 2003-06-25 2005-02-10 Ricoh Co Ltd Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
JP2017216596A (en) * 2016-05-31 2017-12-07 Kddi株式会社 Communication system, communication device, communication method, and program
JP2019176441A (en) * 2018-03-29 2019-10-10 セコム株式会社 Electric lock
JP2020135651A (en) * 2019-02-22 2020-08-31 日本電信電話株式会社 Authorization system, management server and authorization method
JP2020202500A (en) * 2019-06-11 2020-12-17 株式会社ユビキタスAiコーポレーション Information processing device and control program thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148505A1 (en) * 2002-11-08 2004-07-29 General Instrument Corporation Certificate renewal in a certificate authority infrastructure
JP2005039790A (en) * 2003-06-25 2005-02-10 Ricoh Co Ltd Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
JP2017216596A (en) * 2016-05-31 2017-12-07 Kddi株式会社 Communication system, communication device, communication method, and program
JP2019176441A (en) * 2018-03-29 2019-10-10 セコム株式会社 Electric lock
JP2020135651A (en) * 2019-02-22 2020-08-31 日本電信電話株式会社 Authorization system, management server and authorization method
JP2020202500A (en) * 2019-06-11 2020-12-17 株式会社ユビキタスAiコーポレーション Information processing device and control program thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"All about USB Type-C, first edition", 1 January 2020, CQ PUBLISHING CO., LTD., JP, ISBN: 978-4-7898-4644-8, article NOZAKI GENSEI, ETC.: "A3.2 Authentication technology used [ITU-T X.509]", pages: 237 - 239, XP009543486 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024214460A1 (en) * 2023-04-13 2024-10-17 パナソニックIpマネジメント株式会社 Information processing system, management device, control device, and information processing method
WO2025089020A1 (en) * 2023-10-26 2025-05-01 パナソニックIpマネジメント株式会社 Information processing system, control device, and information processing method

Also Published As

Publication number Publication date
JP7561359B2 (en) 2024-10-04
JPWO2023021968A1 (en) 2023-02-23

Similar Documents

Publication Publication Date Title
US12148258B2 (en) Multifamily electronic lock credential management
CN112330855B (en) Electronic lock safety management method, equipment and system
KR101296863B1 (en) Entry authentication system using nfc door lock
CN101052970B (en) Access control system and access control method
JP7173305B2 (en) Entrance/exit management system, authentication device for entrance/exit management system, management device for entrance/exit management system, mobile terminal or mobile body for entrance/exit management system, entrance/exit management program, and construction method of entrance/exit management system
KR20190105776A (en) Electronic device and method for managing electronic key thereof
TWI569230B (en) Control system with mobile devices
JP7398685B2 (en) Information processing system and information processing method
JP7561359B2 (en) Information processing system, first management device, second management device, and information processing method
KR20230104921A (en) How to break the protection of an object achieved by the protection device
JP5265166B2 (en) Access control device and locking / unlocking control method
JP2007241368A (en) Security management device, security management method and program
WO2024042928A1 (en) Information processing system, control device, and information processing method
JP2014158222A (en) Key distribution system
CN114255533B (en) Intelligent lock system and implementation method thereof
KR20240159880A (en) Locking system for one or more buildings
KR102408528B1 (en) User authentication method and device
US20260051211A1 (en) Information processing system, control device, and information processing method
JP7546235B2 (en) Information processing system and information processing method
KR102850593B1 (en) Door Access Method Using One Time Key
WO2024214460A1 (en) Information processing system, management device, control device, and information processing method
JP2026019009A (en) Electronic key issuing method, electronic key issuing system, key device, and electric lock
JP2025072560A (en) Processing System
JP2023066608A (en) Building gate management system, gate management method and program
JP2024167513A (en) Management system and management method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22858289

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023542309

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22858289

Country of ref document: EP

Kind code of ref document: A1