JP5099895B2 - Communication terminal and access control method - Google Patents

Description

  The present invention relates to a communication terminal and an access control method, and more particularly to a technique for defense against unauthorized memory access.

  A communication terminal such as a mobile phone terminal is provided with various programs in advance in order to be able to perform various processes. It is possible to add a new program to the communication terminal having such a predetermined program or to change a part or all of the program in order to improve user convenience. .

  When a new program is added to the apparatus, a special rewriting tool (generally a special application program that can be used on a personal computer (PC)) can be used on the PC. However, in this case, a dongle is usually connected to the PC in order to prevent unauthorized program rewriting, thereby restricting rewriting by a physical medium.

  Here, the dongle is a small external device connected to a computer such as a USB key, and performs authentication processing to prevent unauthorized copying or tampering of the program by being connected to a PC or the like. .

  For example, the following method has been proposed as an authentication method for preventing such unauthorized tampering of the program.

  First, it is known that when updating the internal program of the BIOS chip, challenge / response authentication is performed in order to prevent unauthorized updating by a virus, and the update is permitted only when the authentication is successful ( For example, see Patent Document 1).

  Secondly, in order to control whether or not the computer can be used, authentication is performed by using unique information registered in advance in a USB key (memory) and comparing information on a plurality of USB keys with information on the computer. It is known (see, for example, Patent Document 2). As a result, even if the person who uses the USB key is a regular user, the computer cannot be used unless the user has the regular USB key.

  Thirdly, it is known to control whether or not writing is possible by sending a writing target program and corresponding signature data to the terminal and verifying whether the signature data corresponds to the target program on the terminal side. (For example, see Patent Document 3).

JP 2002-055725 A JP 2004-355056 A JP 2006-185063 A

  However, if a regular dongle such as a regular USB key is taken out by some unauthorized means, or if an unexpected situation such as theft or loss occurs, the regular dongle may be used illegally. As a result, there is a possibility that a malicious person abuses the dongle to create, for example, a pirated communication terminal.

  In addition, it is impossible to identify a legitimate dongle that has been lost, identify where a fraud is taking place, or stop the function of a lost dongle. It is possible that damage will be expanded by repeated abuse.

  Furthermore, it is possible to configure a method of failing authentication when there is no dongle by combining physical authentication and functional authentication described in Patent Documents 1 and 2, but authentication of the dongle and challenge / response authentication are possible. It is difficult to prevent fraud if the dongle is lost.

  The present invention has been made in view of the above circumstances, and provides a communication terminal and an access control method that can identify a lost dongle even if the dongle for performing an authentication process is lost. For the purpose.

In order to achieve the above object, a first communication terminal of the present invention is connected to a first storage unit, a second storage unit that stores at least identification information for refusing access, and an external authentication device. A communication unit that receives an access signal including identification information of the external authentication device for accessing the first storage unit from the external information processing device; and the identification information included in the access signal is the second information And a write control unit that stores the identification information included in the access signal in the second storage unit when it is determined that the authentication is successful on the condition that it is not stored in the second storage unit.

  With this configuration, even when a dongle that is an example of an external authentication device for performing authentication processing is lost, the lost dongle can be identified, and the spread of damage such as information leakage can be suppressed. Become.

Further, the second communication terminal of the present invention is the first communication terminal, and the write control unit is provided on the condition that the identification information included in the access signal is not stored in the second storage unit. When it is determined that the authentication is successful, the device information of the external information processing apparatus is stored in the second storage unit together with the identification information included in the access signal .

  With this configuration, when the authentication is successful, in addition to the dongle ID, device information (for example, an IP address, a MAC address, etc.) that identifies the PC having the actually used rewriting tool is stored in the storage unit of the communication terminal. Written automatically. Therefore, even if a legitimate dongle is leaked to the outside and a pirated unauthorized communication terminal is created by access using the dongle and an unauthorized rewriting tool, the PC with the rewriting tool is addressed. It can be identified from the above, and the spread of damage can be suppressed.

The third communication terminal of the present invention is the first or the second communication terminal, before SL write control unit, the authentication processing unit, the identification information that is part of the access signal is the first When it is determined that the authentication has failed on the condition that it is stored in the second storage unit, the external information processing apparatus is prohibited from accessing the first storage unit.

  With this configuration, for example, by registering the dongle ID of a dongle that has been found lost or the like in the storage unit of the communication terminal, unauthorized access using the corresponding dongle can be automatically prohibited, and the damage is expanded. Can be prevented.

The fourth communication terminal of the present invention, the update processing unit that a third communication terminal, and updates the identification information for rejecting the access stored in said second storage unit by wireless communication It has composition which has.

  With this configuration, for example, even when a cell phone device that is an example of a communication terminal is already on the market and a new dongle is discovered, this memory is stored in each mobile phone device. Since the dongle information can be sequentially added by wireless communication (air download), safety against information leakage is further improved.

The fifth communication terminal of the present invention is the first or second communication terminal, wherein the communication unit is the write control unit, and the identification information included in the access signal is the second storage unit. If it is determined that the authentication has failed on the condition that it is stored in the server, an invalid information write request signal for writing invalid information for invalidating access from the external authentication device to the external authentication device is provided. The information is transmitted to the external information processing apparatus.

  With this configuration, for example, when the condition for prohibiting access is satisfied, that is, when authentication fails, the PC equipped with the rewriting tool can request the dongle used for authentication to write invalid information. The function of this dongle can be disabled, and the safety is further improved, and the spread of damage can be suppressed.

The sixth communication terminal of the present invention, there is provided a fifth communication terminal, the write control unit, when receiving the access signal including the invalid information by the communication unit, according to prior Kigaibu information processing apparatus Access to the first storage unit is prohibited.

  With this configuration, for example, when an access signal including invalid information indicating that authentication has failed has been received, unauthorized access using a dongle that stores invalid information can be automatically prohibited. Expansion can be prevented.

The seventh communication terminal of the present invention is the first or second communication terminal, wherein an authentication key is stored in the second storage unit, and the write control unit uses the authentication key. The configuration is such that it is determined that the authentication is successful on the condition that the access signal is determined to be a regular access signal .

Also, access control method of the present invention is a communication terminal, the identification of the external information processing apparatus external authentication device is connected, the external authentication device to access the first storage unit of the communication terminal Receiving an access signal including information; determining whether identification information included in the access signal is stored in a second storage unit of the communication terminal; and identification information included in the access signal Is determined to have been successfully authenticated on the condition that it is determined that it is not stored in the second storage unit of the communication terminal, the identification information included in the access signal is stored in the second storage unit of the communication terminal. And storing it in a method.

  With this configuration, even when a dongle that is an example of an external authentication device for performing authentication processing is lost, the lost dongle can be identified, and the spread of damage such as information leakage can be suppressed. Become.

  According to the present invention, it becomes possible to identify the dongle used for unauthorized access by examining the contents of the non-volatile memory on the communication terminal, thereby suppressing the expansion of damage against the outflow of the dongle to the outside. Is possible.

  A communication terminal and an access control method according to an embodiment of the present invention will be described below with reference to the drawings.

  FIG. 1 is a block diagram showing an example of the configuration of an authentication system 100 according to an embodiment of the present invention.

  The authentication system 100 includes a mobile terminal 10, a PC 20 that includes a dedicated rewriting tool for accessing the internal memory of the mobile terminal 10, and a dongle 30 that is connected to the PC 20 and performs predetermined authentication processing. Composed. The mobile terminal 10 is an example of a communication terminal or an external communication terminal. The PC 20 is an example of an information processing device or an external information processing device. The dongle 30 is an example of an external authentication device.

  Specific examples of the portable terminal 10 include a cellular phone terminal, a portable information terminal (PDA), a portable music player, and a portable game machine.

  In addition, the PC 20 is assumed to be configured to include, for example, a basic system (hardware and operating system) of a personal computer and a dedicated application program having a function for memory access to the mobile terminal 10. . As the application program, for example, a program for deleting, changing or adding information in the address book of the mobile phone can be considered.

  Further, it is assumed that the dongle 30 is realized by registering in advance information for performing a predetermined authentication process on a nonvolatile storage unit using a physical medium such as a USB memory shape.

  The mobile terminal 10 includes a storage unit 11, a transmission / reception unit 12, a random number generation unit 13, a challenge generation unit 14, a response verification unit 15, a write control unit 16, a write unit 17, an update processing unit 18, and a main storage unit 19. Composed. Each of these functional elements can be configured by dedicated hardware, or can be realized by a combination of a control computer and a program that can be executed by the computer.

  The main storage unit 19 is a storage area for registering programs and data necessary for realizing various functions (functions of mobile phones, etc.) of the main body of the mobile terminal 10, and the stored information disappears even when the power is turned off. It is configured to be non-volatile. In order to access the main storage unit 19 from the outside and update the program, a PC 20 and a dongle 30 equipped with a rewriting tool are used here. The main storage unit 19 is an example of a first storage unit.

  The storage unit 11 is a non-volatile storage area, and holds information necessary for defense against unauthorized access to the main storage unit 19. Specifically, an area for storing an ID list (black list) of a dongle ID, an area for storing information of various flags (flags F1, F2, and the like to be described later), and information acquired when accessing from the outside An area for storing the dongle ID of the dongle 30 and the address information of the PC 20 and an area for storing the authentication key are provided. The storage unit 11 may encrypt and store these various types of information. The storage unit 11 is an example of a second storage unit.

  Note that the ID list (black list) is a specific dongle in which outflow or unauthorized access to the outside is permitted at the time of manufacture of the mobile terminal 10 (or unauthorized access or the like is permitted after manufacture by the update processing unit 18). Is a list of dongle ID list information representing the information stored in the storage unit 11 in advance. The authentication key is a key used when an authentication process such as challenge / response authentication is performed between the mobile terminal 10 and the PC 20.

  The transmission / reception unit 12 is an interface for connecting the mobile terminal 10 and the PC 20, and a wired interface, an infrared communication interface, a wireless interface for transmitting and receiving radio waves, and the like are used. Note that the transmission / reception unit 12 has a function as a communication unit.

  The random number generator 13 sequentially generates necessary random numbers as necessary when performing authentication between the mobile terminal 10 and the PC 20.

  The challenge generation unit 14 receives the random number generated by the random number generation unit 13 and generates a challenge in challenge / response authentication.

  The response verification unit 15 verifies the content of the response transmitted from the PC 20 in response to the challenge sent by the challenge generation unit 14. At the time of verification, the authentication key held in the storage unit 11 is read and used. Further, the dongle ID and the like included in the response are extracted.

  The write control unit 16 performs an authentication process for determining whether or not to permit writing based on the verification result of the response verification unit 15 and the information held in the storage unit 11, and accesses the main storage unit 19 ( (Data writing) is controlled. Further, necessary information (a specific example will be described later) is written in the storage unit 11. The write control unit 16 has a function as an authentication processing unit.

  The writing unit 17 controls the writing of data to the main storage unit 19 according to the write permission information (OK / NG) generated as a result of the processing of the write control unit 16.

  The update processing unit 18 performs processing for rewriting the contents of the ID list in the storage unit 11 with the latest information. When the mobile terminal 10 is a terminal capable of wireless communication such as a mobile phone terminal, even if the terminal is on the market, the contents of the ID list can be used using the wireless communication function according to the manufacturer's instructions. Air download to rewrite can be performed. Therefore, even when the outflow of a specific dongle is found after the portable terminal 10 is shipped from the manufacturer, the dongle ID of the newly outflowed dongle is added to the ID list on the portable terminal 10. Can do.

  The dongle 30 includes a key storage unit 31, an ID storage unit 32, an invalid information storage unit 33, and a PC information storage unit 34. In order to enhance safety, each storage unit on the dongle 30 can hold the respective information in an encrypted state.

  The key storage unit 31 holds authentication key information prepared in advance. As the authentication key, a common key may be assigned to all of a plurality of dongles prepared by the manufacturer that manufactures the dongle 30, or a common key may be assigned to each group of a certain number of dongles.

  The ID storage unit 32 holds dongle ID information for identifying the dongle 30 assigned in advance. One dongle ID may be assigned to each group that develops a program related to a certain function of the mobile terminal 10, for example. The same dongle ID may be commonly assigned to a plurality of dongles so that members of the same group can use a plurality of dongles. However, the safety is improved when the number of usable dongles is reduced.

  The invalid information storage unit 33 is an area for writing information for invalidating the function of the dongle 30. There is no invalid information in the initial state. The invalid information may be any information as long as it can be controlled to prohibit writing using a specific dongle 30 having invalid information, and may be, for example, a flag indicating invalid / valid. The invalid information is updated by an instruction from the PC 20 when the authentication process in the mobile terminal 10 fails, as will be described later.

  The PC information storage unit 34 stores address information (IP address, MAC address, etc.) of the PC 20 including the rewriting tool used for unauthorized access when unauthorized access is detected.

  The invalid information storage unit 33 and the PC information storage unit 34 can be omitted, but providing them increases safety.

  The PC 20 includes a transmission / reception unit 21, an address storage unit 22, a dongle ID acquisition unit 23, a key acquisition unit 24, an invalid information acquisition unit 25, a response generation unit 26, a writing unit 27, a PC information writing unit 28, and an invalid information writing unit 29. It is configured. Each of these functional elements can be configured by dedicated hardware, or can be realized by a combination of a control computer and a program that can be executed by the computer.

  The transmission / reception unit 21 is a communication interface for connecting the PC 20 and the mobile terminal 10, and a wired interface, an infrared communication interface, a wireless interface for transmitting and receiving radio waves, and the like are used. The transmission / reception unit 21 has a function as a communication unit.

  The address storage unit 22 stores address information such as the MAC address and IP address of the PC 20. In addition to these addresses, for example, unique ID information and device information for specifying the hardware of the PC 20 can be used.

  The dongle ID acquisition unit 23 acquires dongle ID information from the ID storage unit 32 of the dongle 30 connected to the PC 20. The dongle ID acquisition unit 23 has a function as an identification information acquisition unit.

  The key acquisition unit 24 acquires authentication key information from the key storage unit 31 of the dongle 30 connected to the PC 20.

  The invalid information acquisition unit 25 acquires invalid information from the invalid information storage unit 33 of the dongle 30 connected to the PC 20.

  The response generation unit 26 acquires address information from the address storage unit 20 during challenge / response authentication, and generates a response to be sent as a response to the challenge transmitted from the mobile terminal 10. A specific example of the response to be generated will be described later. The response generation unit 26 has a function as an access signal generation unit that generates an access signal such as a response.

  The writing unit 27 performs control for writing a program and data to the main storage unit 19 of the mobile terminal 10 when it is confirmed by the authentication process that the access is not unauthorized.

  The PC information writing unit 28 acquires the address information assigned to the PC 20 from the address storage unit 22 and writes this information to the PC information storage unit 34 of the dongle 30 connected to the PC 20. Although the address information is used here, identification information that can identify the PC 20 other than the address information may be used. The PC information writing unit 28 has a function as a device information writing unit.

  When the invalid information writing unit 29 receives a predetermined invalid information write request from the mobile terminal 10, the invalid information writing unit 29 writes the predetermined invalid information into the invalid information storage unit 33 on the dongle 30.

Next, an example of the operation of each unit in the authentication system 100 will be described.
FIG. 2 is a diagram illustrating an example of an operation when permitting access to the mobile terminal 10 from the PC 20.

  When rewriting a program (PG) or data (Data) on the main storage unit 19 of the mobile terminal 10 using the PC 20, a predetermined dongle 30 is connected to the PC 20 so that the PC 20 and the mobile terminal 10 can communicate with each other. Connect in state.

  Thereafter, when a predetermined input operation is performed, the transmission / reception unit 21 of the PC 20 sends a PG / Data write request to the portable terminal 10 (step S11).

  When the transmission / reception unit 12 of the portable terminal 10 receives this PG / Data write request, the challenge generation unit 14 generates a challenge corresponding to the random number based on the random number generated by the random number generation unit 13 (step S12). Sends a challenge to the PC 20 (step S13).

  When the transmission / reception unit 21 of the PC 20 receives the challenge from the mobile terminal 10, the authentication key, the dongle ID, and the invalid information are read from the dongle 30 connected to the PC 20 (step S14). If invalid information is not stored, reading of invalid information is omitted.

  Subsequently, the response generation unit 26 of the PC 20 generates a response that is authentication information based on the information acquired from the dongle 30 and the challenge received from the mobile terminal 10 using the authentication key acquired from the dongle 30. (Step S15), the transmission / reception unit 21 sends this response toward the mobile terminal 10 (Step S16). Further, the transmitting / receiving unit 21 transmits the address information to the PC information storage unit 34 of the dongle 30 (step S17). In step S17, device information that can identify the PC 20 instead of the address information may be transmitted to the PC information storage unit 34.

  Specifically, the response is generated as follows. That is, a result calculated with a function (Sign (x, y)) having two types of parameters x and y is generated as a response. This function (Sign (x, y)) is a function for signing data y, which is the other parameter, using one parameter x as a key. When response transmission is performed by encryption, a common key-based technique such as HMAC (Keyed-Hashing for Message Authentication code) may be used as the encryption technique, or a public key such as RSA encryption may be used. Base technology may also be used.

  As the data y, at least one of a challenge from the mobile terminal 10, a dongle ID read from the dongle 30, address information of the PC 20, and invalid information read from the dongle 30 is used. Actually, one response may be generated using the result of combining a plurality of pieces of information by calculation or the like as data y, or a plurality of dongle IDs, address information, and invalid information are used as one piece of data y. Response may be generated.

  When the transmission / reception unit 12 of the portable terminal 10 receives a response from the PC 20, the response verification unit 15 verifies the response using the authentication key held in the storage unit 11 (step S18). Then, the dongle ID, address information, and invalid information transmitted from the PC 20 as a response are acquired. In the response verification, for example, in the case of the HMAC base, since x is shared, the verification side also calculates Sign (x, y) and is a legitimate response when it is the same as the received Sign (x, y). It is judged. In the case of RSA, it is determined whether or not Sign (x, y) is a legitimate response based on the public key z corresponding to x.

  Further, if the response is correct (A) can be verified, the write control unit 16 reads the first flag (F1) from the storage unit 11 and there is no problem (falsification) in the flag F1. (B) The dongle ID that is read from the storage unit 11 and extracted from the response does not exist on the ID list (C), the response does not contain invalid information.・ Authentication processing for confirming (D) is performed.

  In the mobile terminal 10, before starting the processing of FIGS. 2 and 3, each unit on the mobile terminal 10 (random number generation unit 13, challenge generation unit 14, response verification unit 15, write control unit 16, and write unit 17. ) And the presence / absence of falsification regarding the data on the storage unit 11 are verified, and the result is reflected in the state of the first flag (F1) on the storage unit 11.

  When all the conditions (A) to (D) are satisfied, the write control unit 16 indicates that all the conditions (A) to (D) are satisfied. The dongle ID and address information (IP address or MAC address, etc.) reflected in the state of (F2) and extracted from the received response are encrypted and stored on the storage unit 11 (step S19). Further, the transmission / reception unit 12 sends a write permission message from the portable terminal 10 to the PC 20 (step S20). In step S19, device information that can identify the PC 20 instead of the address information may be stored in the storage unit 11.

  Note that it is desirable to use a public key as the key used for encryption in step S18, and store the private key corresponding to the public key in a place other than on the portable terminal 10. For example, if the public key is stored in the portable terminal 10 and the manufacturer that manufactures the portable terminal 10 does not store the corresponding private key in the portable terminal 10, the manufacturer can, for example, store a pirated terminal in the market. If found, the dongle ID can be decrypted with the corresponding private key held by the manufacturer, and the lost dongle can be identified. In this case, an unauthorized person who has acquired only the lost mobile terminal 10 cannot decrypt the dongle ID.

  When the writing unit 27 of the PC 20 receives the write permission message sent from the portable terminal 10 in step S19, the writing unit 27 starts the writing process accordingly and accesses the main storage unit 19 via the writing unit 17 of the portable terminal 10. Then, the program and data stored in the main storage unit 19 are read or rewritten (step S21).

  According to the authentication system 100 that performs the processing of FIG. 2, writing can be permitted only when the authentication processing is successful, that is, when all the conditions (A) to (D) are satisfied.

  FIG. 3 is a diagram illustrating an example of an operation when access to the mobile terminal 10 from the PC 20 is denied. Steps that perform the same processing as the processing in FIG. 2 are denoted by the same step numbers, and description thereof is omitted or simplified.

  First, in the authentication system 100, the processes of steps S11 to S18 are performed as in the process of FIG.

  Subsequently, the writing control unit 16 of the mobile terminal 10 confirms each of the above conditions (A) to (D), and if at least one of the conditions is not satisfied, the fact that the authentication has failed is indicated by 2 on the storage unit 11. This is reflected in the state of the second flag (F2) (step S31). Subsequently, a write disapproval message is sent from the transmission / reception unit 12 of the mobile terminal 10 to the PC 20 (step S32). Further, an invalid information write request is sent from the transmission / reception unit 12 of the mobile terminal 10 to the PC 20 (step S33).

  When the transmission / reception unit 21 of the PC 20 receives the write disapproval message from the portable terminal 10, the writing unit 27 recognizes that the access from the PC 20 to the portable terminal 10 is denied, and stops the access to the main storage unit 19. . In addition, when the transmitting / receiving unit 21 of the PC receives the invalid information write request from the mobile terminal 10, the invalid information writing unit 29 stores the invalid information predetermined for the invalid information storage unit 33 of the dongle 30 connected to the PC 20. Is written (step S34). Instead of writing invalid information, the authentication key may be destroyed.

  According to the authentication system 100 that performs the process of FIG. 3, if the authentication process fails, that is, if any one of the conditions (A) to (D) is not satisfied, the writing may be rejected. Is possible.

Next, a specific example of write control performed in the authentication system 100 will be described.
FIG. 4 is a diagram showing a specific example of the appearance of the authentication system 100 and write control.

  In FIG. 4, it is assumed that “911” is registered as the dongle ID in the dongle 30 to be used, and “911” is included in the ID list of the mobile terminal 10. In this case, when the rewriting tool of the PC 20 tries to rewrite the mobile terminal 10, the processing of FIG. 3 is executed, and access from the rewriting tool of the PC 20 is denied. Further, the dongle ID of the used dongle and the address information (IP address, MAC address, etc.) that can identify the used PC 20 are written on the storage unit 11 of the portable terminal 10 in an encrypted state. Added. Further, the PC 20 writes the address information of the PC 20 to the dongle 30, and further writes invalid information when the rewriting access of the portable terminal 10 by the PC 20 is denied.

  Therefore, by using the authentication system 100, the following effects can be obtained.

  According to such an authentication system 100, even if the dongle 30 for performing the authentication process is lost, the lost dongle can be specified. Further, in the authentication process between the portable terminal 10 and the PC, the response (authentication information) depends on the dongle ID, so that the safety is improved.

  If authentication between the portable terminal 10 and the PC 20 fails due to some unauthorized access, the dongle ID of the dongle 30 used at that time and the address information for specifying the used PC 20 are obtained. Therefore, by examining the contents of the storage unit 11 of the portable terminal 10 that has been attacked by unauthorized access, the manufacturer of the portable terminal 10 can identify the dongle 30 or the PC 20 used for the attack or the location thereof. Can be specified.

  Also, by storing the dongle ID and address information encrypted with the public key and storing and managing the private key in a location different from the portable terminal 10 on the manufacturer side, those who have made unauthorized access are Since the dongle ID and address information written in the terminal 10 cannot be decoded and recognized, safety is improved.

  In addition, regarding the dongle 30 that has been found to be lost, by registering the dongle ID in the ID list of the mobile terminal 10, unauthorized access can be automatically denied against an attack using the corresponding dongle 30. .

  In addition, when unauthorized access is detected or alteration of a program or data of the mobile terminal 10 is detected, the PC 20 can write invalid information to the dongle 30 by a request from the mobile terminal 10. Thereafter, the dongle 30 can be made unusable for unauthorized access.

  Further, when the PC 20 generates a response (authentication information), the dongle ID is also required. Therefore, unless the regular dongle 30 is obtained and connected, the PC 20 can access the main storage unit 19 of the mobile terminal 10. Can not.

  In addition, since the address information of the PC 20 provided with the rewriting tool can be written to the dongle 30 connected to the PC 30, it is possible to find the trace of unauthorized access by examining the contents of the dongle 30 as necessary. become. For example, a manufacturer temporarily takes out a regular dongle 30 illegally, rewrites the program or data on the portable terminal 10 illegally using a computer at home or the like, and then returns the dongle 30 to the company. In this case, since the address information of the PC 20 used when performing unauthorized access remains on the dongle 30, it is possible to detect the fact that unauthorized access has been performed and to identify the PC 20 used for unauthorized access.

  In addition, before executing the authentication process in the mobile terminal 10, by verifying the presence or absence of falsification of the program and data for executing the authentication process, and reflecting the result in the contents of the first flag (F1), It is also possible to prevent unauthorized access to attacks that alter programs and data.

  In addition, since the result of whether or not the portable terminal 10 has permitted writing, that is, whether or not the authentication has been successful, is reflected in the contents of the second flag (F2), the contents of the second flag are confirmed, and writing is permitted. Writing can only be performed if Alternatively, when the decryption of the written data is permitted when the authentication is successful, whether to permit the decryption may be determined by confirming the content of the second flag.

  Furthermore, according to the authentication system 100, if the manufacturer of the mobile terminal 10 finds a pirated terminal (for example, a terminal rewritten in another language) whose program or the like has been illegally rewritten, Can respond.

  First, the contents of the storage unit 11 of the discovered pirated terminal (corresponding to the mobile terminal 10) are read and analyzed, and the dongle ID used for unauthorized access and the address information of the PC 20 provided with the rewriting tool are acquired. The dongle ID acquired here is regarded as the outflow dongle, and this dongle ID is added to the ID list managed by the manufacturer. Then, based on the latest contents of the ID list managed by the manufacturer, the ID list on the storage unit 11 of the mobile terminal 10 distributed in the market is updated (added newly discovered dongle ID is added). . When the ID list of the mobile terminal 10 is updated, for example, the update processing unit 18 may download data from a predetermined server managed by the manufacturer using the wireless communication function of the mobile terminal 10.

  Further, when rewriting the program and data in the main storage unit 19 of the mobile terminal 10, the dongle ID and address information of the used dongle 30 are written in the storage unit 11, but are written in the storage unit 11. As for the information, the information in the storage unit 11 can be overwritten or added each time the main storage unit 19 is accessed. In the case of additional writing, it is possible to leave a history of updating programs and the like.

  Here, the writing control method when rewriting the program and data on the mobile terminal 10 has been described. However, the present invention is not limited to writing, and for example, the contents of the program and data such as personal information are illegally read and viewed. The present invention can also be applied to such illegal acts.

  INDUSTRIAL APPLICABILITY The present invention is useful for a portable terminal device that can identify a lost dongle even if the dongle for performing authentication processing is lost.

It is a block diagram which shows an example of a structure of the authentication system in embodiment of this invention. It is a sequence diagram which shows an example of operation | movement in the case of permitting access with respect to the portable terminal from PC in embodiment of this invention. It is a sequence diagram which shows an example of operation | movement in the case of refusing the access with respect to the portable terminal from PC in embodiment of this invention. The figure which shows the specific example of the external appearance and write-in control of the authentication system in embodiment of this invention

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Authentication system 10 Portable terminal device 11 Storage part 12 Transmission / reception part 13 Random number generation part 14 Challenge generation part 15 Response verification part 16 Write control part 17 Write part 18 Update process part 19 Main memory part 20 PC
21 Transmission / Reception Unit 22 Address Storage Unit 23 Dongle ID Acquisition Unit 24 Key Acquisition Unit 25 Invalid Information Acquisition Unit 26 Response Generation Unit 27 Write Unit 28 PC Information Write Unit 29 Invalid Information Write Unit 30 Dongle 31 Key Storage Unit 32 ID Storage Unit 33 Invalid Information storage unit 34 PC information storage unit

Claims (8)

A first storage unit;
A second storage unit for storing at least identification information for refusing access ;
A communication unit that receives an access signal including identification information of the external authentication device for accessing the first storage unit from an external information processing device connected to the external authentication device;
When it is determined that the authentication has succeeded on the condition that the identification information included in the access signal is not stored in the second storage unit, the identification information included in the access signal is transferred to the second storage unit. A write control unit to store;
A communication terminal. The communication terminal according to claim 1,
When the write control unit determines that the authentication is successful on the condition that the identification information included in the access signal is not stored in the second storage unit, along with the identification information included in the access signal, A communication terminal for storing device information of the external information processing apparatus in the second storage unit. The communication terminal according to claim 1 or 2,
If the prior SL write control unit determines that the identification information that is part of the access signal fails to authenticate the condition that is stored in the second storage unit, the by the external information processing apparatus A communication terminal that prohibits access to the first storage unit. The communication terminal according to claim 3, further comprising:
A communication terminal having an update processing unit that updates the identification information for rejecting the access stored in said second storage unit by wireless communication. The communication terminal according to claim 1 or 2,
When the communication control unit determines that the authentication has failed on the condition that the identification information included in the access signal is stored in the second storage unit, the communication control unit from the external authentication device A communication terminal that transmits an invalid information write request signal for writing invalid information for invalidating access to the external authentication apparatus to the external information processing apparatus. The communication terminal according to claim 5, wherein
The write control unit, a communication terminal to prohibit access said when receiving an access signal containing invalid information, Previous Kigaibu information processing apparatus according to the first memory unit by the communication unit. The communication terminal according to claim 1 or 2,
An authentication key is stored in the second storage unit,
The write control unit is a communication terminal that determines that the authentication is successful on the condition that the access signal is determined to be a regular access signal using the authentication key . In the communication terminal,
Receiving an access signal including identification information of the external authentication device for accessing the first storage unit of the communication terminal from an external information processing device connected to the external authentication device;
Determining whether identification information included in the access signal is stored in a second storage unit of the communication terminal ;
When it is determined that the authentication has succeeded on the condition that the identification information included in the access signal is not stored in the second storage unit of the communication terminal, the identification information included in the access signal is An access control method comprising: storing in a second storage unit of the communication terminal.

Images