Key management mobile terminal, user mobile terminal, key management method, program for key management mobile terminal, program for user mobile terminal, and key management system

The key management system efficiently manages and secures digital keys for multiple access targets by direct communication between terminals, addressing the inefficiencies of network-dependent key sharing and return processes.

JP2026092494APending Publication Date: 2026-06-05DAI NIPPON PRINTING CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
DAI NIPPON PRINTING CO LTD
Filing Date
2024-11-26
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Key management for multiple access targets, such as rental cars or houses, is cumbersome and requires network connections for sharing and returning digital keys, leading to inefficiencies and difficulties in user management.

Method used

A key management system comprising a key management mobile terminal that stores and manages multiple digital keys, directly connects to user mobile terminals for key transmission and reception, and manages key provisioning and return without network connections, using short-range wireless communication and secure authentication protocols.

Benefits of technology

Facilitates easy management and secure transfer of digital keys between users and access targets, eliminating the need for network connections and simplifying the process of key distribution and return, thereby preventing unauthorized use.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026092494000001_ABST
    Figure 2026092494000001_ABST
Patent Text Reader

Abstract

We provide a portable key management terminal and other devices that facilitate the management of digital keys. [Solution] Multiple digital keys that can access the target are stored (S2), when providing a digital key, a direct connection is made to a user mobile terminal 20 for accessing and using the target, and the digital key is transmitted to the user mobile terminal (S3, S4), when the digital key is returned, a notification that the digital key has been deleted from the user mobile terminal 20 is received along with information identifying the digital key (S8~S11), when providing a digital key, the information of the transmitted digital key is stored (S6), and when the digital key is returned, the information of the digital key return corresponding to the received notification is stored (S12).
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to the technical fields of a key management mobile terminal, a user mobile terminal, a key management method, a program for a key management mobile terminal, a program for a user mobile terminal, and a key management system.

Background Art

[0002] Digital keys that use smartphones or authentication cards to access objects such as cars and houses have begun to be used. For example, in Patent Document 1, a digital key for authentication is obtained via a network in each of a vehicle control device mounted on a vehicle and a mobile terminal device carried by a user, authentication is performed using these digital keys, and the vehicle control device includes a digital key acquisition unit, a ToF distance measurement unit that detects the distance and moving speed to the mobile terminal device, predicts the time until the mobile terminal device reaches an area where keyless operation is possible based on the detection result by the ToF distance measurement unit, and sets an area indicating the activation timing of the digital key acquisition unit based on this prediction result, and an AP control unit that activates the digital key acquisition unit when the mobile terminal device reaches this area. A vehicle control system is disclosed.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] By the way, when renting a house or car, you sometimes need to use multiple keys. However, key management has not been easy. The person lending the keys has to provide the necessary number of physical keys or authentication cards to unlock or lock the property, and the user has to go through the trouble of pairing their smartphone with the property to share the keys by connecting them to the network.

[0005] Therefore, the present invention has been made in view of the above problems, and aims to provide a key management portable terminal, a user portable terminal, a key management method, a program for the key management portable terminal, a program for the user portable terminal, and a key management system that facilitate the management of digital keys. [Means for solving the problem]

[0006] To solve the above problems, the invention described in claim 1 is characterized by comprising: a storage means for storing a plurality of digital keys that can access an access target; a digital key transmission means for directly connecting to a user's mobile terminal for accessing and using the access target and transmitting the digital keys to the user's mobile terminal when the digital keys are provided; a deletion notification receiving means for receiving a notification from the user's mobile terminal that the digital keys have been deleted, along with information identifying the digital keys, when the digital keys are returned; and a management means for storing information about the provision of the transmitted digital keys when the digital keys are provided, and for storing information about the return of the digital keys corresponding to the received notification when the digital keys are returned.

[0007] The invention described in claim 2 is a key management mobile terminal described in claim 1, wherein the management means deletes the transmitted digital key from the storage means, and stores the digital key received from the user mobile terminal when the digital key is returned in the storage means.

[0008] The invention described in claim 3 is a key management portable terminal described in claim 1 or claim 2, characterized in that the management means manages the number of digital keys in the storage means, counts down the number of digital keys when the digital keys are provided, and counts up the number of digital keys when the digital keys are returned.

[0009] The invention described in claim 4 is characterized by comprising: a digital key acquisition means that directly connects to a key management mobile terminal that manages a plurality of digital keys that can access an access target, and acquires the digital key from the key management mobile terminal in order to access the access target; a deletion means that deletes the information of the digital key when the digital key is returned; and a notification means that notifies the key management mobile terminal of the deletion of the digital key, along with information that identifies the digital key.

[0010] The invention described in claim 5 is characterized in that the user mobile terminal described in claim 4 further comprises a digital key return means for transmitting the digital key to be deleted to the key management mobile terminal.

[0011] The invention described in claim 6 is characterized by comprising: a storage step in which a storage means stores a plurality of digital keys that can access an access target; a digital key transmission step in which a digital key transmission means, when providing the digital keys, directly connects to a user mobile terminal for accessing and using the access target and transmits the digital keys to the user mobile terminal; a deletion notification receiving step in which, when the digital keys are returned, a notification is received from the user mobile terminal that the digital keys have been deleted, along with information identifying the digital keys; and a management step in which, when providing the digital keys, the provision information of the transmitted digital keys is stored, and when the digital keys are returned, the return information of the digital keys corresponding to the received notification is stored.

[0012] The invention described in claim 7 is characterized in that the digital key acquisition means is directly connected to a key management mobile terminal that manages a plurality of digital keys that can access an access target, and includes a digital key acquisition step of acquiring the digital key from the key management mobile terminal in order to access the access target; a deletion step of the deletion means deleting the information of the digital key when the digital key is returned; and a notification step of the notification means notifying the key management mobile terminal that the digital key has been deleted, along with information that identifies the digital key.

[0013] The invention described in claim 8 is characterized in that the computer functions as a storage means for storing a plurality of digital keys that can access an access target; a digital key transmission means for directly connecting to a user's mobile terminal for accessing and using the access target and transmitting the digital keys to the user's mobile terminal when the digital keys are provided; a deletion notification receiving means for receiving a notification from the user's mobile terminal that the digital keys have been deleted, along with information identifying the digital keys, when the digital keys are returned; and a management means for storing information about the provision of the transmitted digital keys when the digital keys are provided and storing information about the return of the digital keys corresponding to the received notification when the digital keys are returned.

[0014] The invention described in claim 9 is characterized in that a computer is directly connected to a key management mobile terminal that manages a plurality of digital keys that can access an access target, and the computer functions as a digital key acquisition means for acquiring the digital keys to access the access target from the key management mobile terminal, a deletion means for deleting the information of the digital keys when the digital keys are returned, and a notification means for notifying the key management mobile terminal that the digital keys have been deleted, along with information that identifies the digital keys.

[0015] The invention described in claim 10 is a key management system comprising a key management mobile terminal for managing a plurality of digital keys that can access an access target, and a user mobile terminal for accessing and using the access target, wherein the key management mobile terminal has storage means for storing a plurality of digital keys, digital key transmission means for directly connecting to the user mobile terminal and transmitting the digital keys to the user mobile terminal when the digital keys are provided, deletion notification receiving means for receiving a notification from the user mobile terminal that the digital keys have been deleted, along with information identifying the digital keys, when the digital keys are returned, management means for storing the provision information of the transmitted digital keys when the digital keys are provided, and for storing the return information of the digital keys corresponding to the received notification when the digital keys are returned, and the user mobile terminal has digital key acquisition means for directly connecting to the key management mobile terminal and acquiring the digital keys from the key management mobile terminal, deletion means for deleting the information of the digital keys when the digital keys are returned, and notification means for notifying the key management mobile terminal that the digital keys have been deleted, along with information identifying the digital keys. [Effects of the Invention]

[0016] According to the present invention, multiple digital keys that can access the target are stored, and when a digital key is provided, a direct connection is made to the user's mobile terminal for accessing and using the target, and the digital key is transmitted to the user's mobile terminal. When a digital key is returned, a notification that the digital key has been deleted is received from the user's mobile terminal along with information identifying the digital key. When a digital key is provided, the provision information of the transmitted digital key is stored, and when a digital key is returned, the return information of the digital key corresponding to the received notification is stored. This makes it easy to manage the provision and return of multiple digital keys without connecting to a network. [Brief explanation of the drawing]

[0017] [Figure 1] This figure shows an example of the overview configuration of the key management system according to this embodiment. [Figure 2]It is a diagram showing a schematic configuration example of a key management mobile terminal. [Figure 3] It is a diagram showing an example of a digital key stored in the key management mobile terminal. [Figure 4] It is a diagram showing a schematic configuration example of a user mobile terminal. [Figure 5] It is a diagram showing an example of a digital key stored in the user mobile terminal. [Figure 6] It is a diagram showing a schematic configuration example of a control device. [Figure 7] It is a sequence diagram showing an operation example of the key management system. [Embodiments for Carrying Out the Invention]

[0018] Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiments described below are embodiments when the present invention is applied to the key management system S.

[0019] [1. Configuration and Functions of Key Management System S and Each Device] (1.1 Schematic Configuration of Key Management System S) First, referring to FIG. 1 and the like, the schematic configuration of the key management system S according to the present embodiment will be described. FIG. 1 is a diagram showing a schematic configuration example of the key management system S according to the present embodiment.

[0020] As shown in FIG. 1, the key management system S includes a key management mobile terminal 10 that manages digital keys used in a vehicle 5, a house 7, etc., a plurality of user mobile terminals 20 for accessing the vehicle 5, the house 7, etc., and a control device 30 mounted on the vehicle 5 or installed on the door of the house 7.

[0021] Vehicle 5, an example of an access target, is, for example, a rental car lent to a user, or a vehicle allowed to be used by other users (family, employees, etc.) by the vehicle owner. Vehicle 5 is also an example of a mobile device, such as a two-wheeled vehicle, a four-wheeled vehicle, or a bicycle. House 7, another example of an access target, can be a detached house, an apartment building, or an office building, and can be either rented or owned, as long as access is controlled by a digital key.

[0022] The key management mobile terminal 10 is, for example, a contactless IC card such as an authentication card. The key management mobile terminal 10 is an electronic information storage medium and is composed of, for example, a secure element with high tamper resistance (e.g., eSE (embedded Secure Element)). The key management mobile terminal 10 stores multiple digital keys that can access the target. The key management mobile terminal 10 provides digital keys to each user mobile terminal 20.

[0023] The user's mobile terminal 20 is, for example, the user's smartphone. The user's mobile terminal 20 is the user's electronic device and has the function of a digital key that allows access to vehicles 5, houses 7, etc., by installing a dedicated key application. The user's mobile terminal 20 may have, for example, a secure element with high tamper resistance. The OS (Operating System) of the user's mobile terminal 20, which is a smartphone, may itself have the digital key function of the present invention. The user's mobile terminal 20 may also be a contactless IC card or a key for a vehicle 5 with smart entry functionality. The user's mobile terminal 20 can be any digital key device authenticated by digital data. The digital data is, for example, digital data used for authentication such as a private key, public key, shared key, encryption key, or ciphertext.

[0024] The control device 30 is, for example, a control device such as an ECU (Electronic Control Unit) or a device with a security element. In the case of a vehicle 5, the control device 30 controls the vehicle 5's engine and brake driving control system equipment, the vehicle 5's body system equipment such as lights and doors, collision prevention safety control equipment, navigation equipment, drive recorder and other electronic devices.

[0025] In the case of house 7, the control device 30 manages the locking of the doors. The control device 30 of house 7 may also control access to household appliances such as lighting fixtures, air conditioners, and water heaters located inside house 7.

[0026] Short-range wireless communication is possible between the key management mobile terminal 10, the user mobile terminal 20, and the control device 30. Technologies such as NFC (Near Field Communication), Bluetooth (registered trademark), or UWB (Ultra Wide Band) can be used for short-range wireless communication. The key management mobile terminal 10 and the user mobile terminal 20, the key management mobile terminal 10 and the control device 30, and the user mobile terminal 20 and the control device 30 may be directly connected via short-range wireless communication without using a network, or they may be directly connected via wired connections through terminals on each device.

[0027] (1.2 Configuration and Function of Each Device) Next, an example of the general configuration of the key management mobile terminal 10, the user mobile terminal 20, and the control device 30 will be explained using diagrams.

[0028] An example of the key management mobile terminal 10's configuration will be explained using Figures 2 and 3. Figure 2 shows an example of the key management mobile terminal 10's configuration. Figure 3 shows an example of a digital key stored in the key management mobile terminal 10.

[0029] As shown in Figure 2, the key management portable terminal 10, which has computer functions, is configured to include a communication unit 11, a storage unit 12, and a control unit 13, etc.

[0030] The communication unit 11 is equipped with an antenna and performs short-range wireless communication with the user's mobile terminal 20 or the control device 30 within the range of short-range wireless communication. Note that communication between the key management mobile terminal 10 and the control device 30 may be done via contact.

[0031] The storage unit 12 is configured with, for example, RAM (Random Access Memory) and non-volatile memory (NVM (Nonvolatile Memory)). The storage unit 12 stores the operating system (OS) and applications. The applications include mutual authentication processing programs, etc.

[0032] Furthermore, as shown in Figure 3, the storage unit 12 stores multiple digital keys for the same access target control device 30, and a database is constructed in which the key ID, key value, and access target ID are associated with the key number. The access target ID is, for example, the unique ID of the control device 30, the registration number of the access target, etc. The unique ID of the control device 30 is, for example, the secure element ID of the secure element that the control device 30 has, the terminal ID of the control device 30, etc.

[0033] Furthermore, this database records the recipient ID corresponding to the digital key provided to the user's mobile terminal 20. The recipient ID is, for example, the unique ID of the user's mobile terminal 20, the secure element ID of the secure element possessed by the user's mobile terminal 20, the terminal ID of the user's mobile terminal 20, etc.

[0034] Furthermore, the storage unit 12 stores authentication data used for mutual authentication processing to establish a secure channel with the user's mobile terminal 20 or the control device 30. This authentication data is, for example, a key set including a secure channel encryption key, a secure channel MAC (Message Authentication Code) key, and a data encryption key.

[0035] The control unit 13 is comprised of a CPU (Central Processing Unit) and a secure element, etc. The control unit 13 performs mutual authentication processing to establish a secure session with the user's mobile terminal 20 or the control device 30 according to the mutual authentication processing program, and after the secure session is established, it performs pairing to share multiple digital keys with the control device 30 and provides digital keys to the user's mobile terminal 20.

[0036] The memory unit 12 is an example of a storage means that stores multiple digital keys that can access the target. This storage means may also be the memory included in the secure element.

[0037] Next, an example of the user's mobile terminal 20 configuration will be explained using Figures 4 and 5. Figure 4 is a diagram showing an example of the user's mobile terminal configuration. Figure 5 is a diagram showing an example of a digital key stored in the user's mobile terminal.

[0038] As shown in Figure 4, the user's mobile terminal 20, which has computer functionality, comprises a communication unit 21, a storage unit 22, a display unit 23, an operation unit 24, a control unit 25, and an input / output interface unit 26. The control unit 25 and the input / output interface unit 26 are connected via a system bus 27. The user's mobile terminal 20, which is a smartphone, may have a secure element separate from the smartphone platform.

[0039] The communication unit 21 is equipped with an antenna and performs short-range wireless communication with the key management mobile terminal 10 or the control device 30 within the range of short-range wireless communication.

[0040] The storage unit 22 is composed of, for example, a solid-state drive. The storage unit 22 stores programs such as an operating system and applications. The applications include a mutual authentication processing program and a dedicated application for keys. The dedicated application for keys has various commands for processing with the key management mobile terminal 10. For example, commands include a command for the user mobile terminal 20 to obtain pairing information from the key management mobile terminal 10 (GET PAIRING INFORMATION command), a command to transfer pairing information from the user mobile terminal 20 to the key management mobile terminal 10 (MOVE command), a command to instruct the secure element of the user mobile terminal 20 to format the pairing information (SERIALIZE command), a command to delete pairing information in the user mobile terminal 20 (DELETE command), and a command to notify the key management mobile terminal 10 of the pairing status from the user mobile terminal 20 (INFO command). The storage unit 22 also stores authentication data used for mutual authentication processing to establish a secure channel with the key management mobile terminal 10 or the control device 30. Here, pairing information refers to the serialized information such as key IDs and key values ​​stored within the secure element.

[0041] Furthermore, as shown in Figure 5, the storage unit 22 has a database built in which the unique ID of the user's mobile terminal 20 is associated with the key ID and key value provided by the key management mobile terminal 10 for a specific control device 30. The unique ID of the user's mobile terminal 20 is, for example, the secure element ID of the secure element that the user's mobile terminal 20 has, or the terminal ID of the user's mobile terminal 20. The storage unit 22 may also store a counter indicating the number of digital keys that have not been lent out, i.e., not provided.

[0042] If the user's mobile device 20 is a smartphone, the secure element memory of the user's mobile device 20 may store authentication data used for mutual authentication processing, or a database may be built containing key IDs and key values ​​provided by the key management mobile device 10.

[0043] The display unit 23 is composed of, for example, a liquid crystal display element or an organic EL (Electro-Luminescence) element. The operation unit 24 is a touch switch type display panel, such as the display unit 23.

[0044] The control unit 25 includes, for example, a CPU, RAM, and ROM (Read Only Memory). The control unit 25 may also have a secure element. The CPU of the control unit 25 reads and executes various programs stored in the ROM, RAM, and storage unit 22. For example, the control unit 25 performs mutual authentication processing to establish a secure session with the key management mobile terminal 10 or the control device 30 according to a mutual authentication processing program. After establishing a secure session with the key management mobile terminal 10, the control unit 25 receives a digital key from the key management mobile terminal 10 and stores the digital key in the storage unit 22. After establishing a secure session with the control device 30, operations such as unlocking / locking the doors of the vehicle 5 or house 7 are performed based on the digital key provided by the key management mobile terminal 10, by operating the digital key app displayed on the display unit 23.

[0045] The input / output interface unit 26 is the interface between the communication unit 21 and the storage unit 22 and the control unit 25.

[0046] Next, an example of the general configuration of the control device 30 will be described using Figure 6. Figure 6 is a diagram showing an example of the general configuration of the control device 30. As shown in Figure 6, the control device 30, which has computer functions, is configured to include a communication unit 31, a storage unit 32, and a control unit 33, etc.

[0047] The communication unit 31 is equipped with an antenna and performs short-range wireless communication with the key management mobile terminal 10 or the user mobile terminal 20 within the range of short-range wireless communication. The control device 30 may also communicate with the key management mobile terminal 10 and the user mobile terminal 20 via contact.

[0048] The storage unit 32 is configured with RAM, NVM, etc. The storage unit 32 stores the operating system and applications. The applications include mutual authentication processing programs, etc. Furthermore, the storage unit 32 stores authentication data used for mutual authentication processing to establish a secure channel with the key management mobile terminal 10 or the user mobile terminal 20.

[0049] The control unit 33 is configured to include a CPU and a secure element, etc. The control unit 33 performs mutual authentication processing to establish a secure session with the key management mobile terminal 10 or the user mobile terminal 20 according to the mutual authentication processing program. After establishing a secure session with the key management mobile terminal 10, the control unit 33 performs pairing to share multiple digital keys. After establishing a secure session with the user mobile terminal 20, the control unit 33 performs actions such as unlocking / locking the doors of the vehicle 5 or house 7 based on the digital key of the user mobile terminal 20.

[0050] [2. Operation of the key management system S] Next, an example of the operation of the key management system S will be explained using Figure 7. Figure 7 is a sequence diagram showing an example of the operation of the key management system S.

[0051] First, we will explain the process by which the control device 30 issues multiple digital keys for accessing the target to which it is installed, and how these keys are shared between the control device 30 and the key management mobile terminal 10.

[0052] As shown in Figure 7, the key management system S establishes a secure session between the key management mobile terminal 10 and the control device 30 to be accessed (step S1). Specifically, the key management mobile terminal 10 and the control device 30 connect and, according to their respective mutual authentication processing programs, perform mutual authentication processing for establishing a secure session (for example, processing according to SCP (Secure Channel Protocol) 03, SCP11, etc.) using certificate verification and passwords.

[0053] Next, the key management system S prepares multiple digital keys and performs pairing (step S2). Specifically, the key management mobile terminal 10 and the control device 30 perform pairing to share multiple digital keys for accessing the vehicle 5 or house 7 controlled by the control device 30. These digital keys may be a common key or a pair of private and public keys.

[0054] The key management mobile terminal 10 stores the key IDs and key values ​​of multiple digital keys shared with the control device 30 in the storage unit 12, associating them with key numbers. The key management mobile terminal 10 may also store the number of paired digital keys in the counter of the storage unit 12. The key management system S terminates the secure session after pairing is complete.

[0055] Thus, the key management mobile terminal 10 functions as an example of a storage means for storing multiple digital keys that can access the target.

[0056] The processing in steps S1 and S2 may be performed by direct communication between the key management mobile terminal 10 and the control device 30, or it may be performed via an external server (not shown). The key management mobile terminal 10 may also have digital keys for multiple access targets, such as a vehicle 5 and a house 7.

[0057] As described above, a key management mobile terminal 10 is prepared, which has multiple digital keys for the access target. The key management mobile terminal 10 stores, for example, five digital keys. The number of keys is changed depending on the usage scenario. Rather than preparing five identical digital keys, five keys are prepared for both the key management mobile terminal 10 and the access target, and the corresponding keys are paired. The digital keys in the control device 30 of the access target may be generated by the control device 30, for example, or provided from an external server.

[0058] Next, we will explain the process from when a key management mobile terminal 10 is given to a user who wishes to access the target device, when a digital key is provided from the key management mobile terminal 10 to each user's mobile terminal 20, until the target device is used.

[0059] The user to be accessed launches a dedicated application or similar on their mobile device 20 and brings the key management mobile device 10 close to the user's mobile device 20.

[0060] As shown in Figure 7, the key management system S establishes a secure session between the key management mobile terminal 10 and the user mobile terminal 20 (step S3). Specifically, the key management mobile terminal 10 and the user mobile terminal 20 connect directly via short-range wireless communication and perform mutual authentication processing for establishing a secure session, using certificate verification and passwords, according to their respective mutual authentication processing programs.

[0061] Next, the key management system S requests pairing information (step S4). Specifically, the user's mobile terminal 20 requests the key management mobile terminal 10 to send pairing information, including the key ID and key value, using the GET PAIRING INFORMATION command to obtain pairing information from the key management mobile terminal 10. When making the request, the user's mobile terminal 20 also sends its own unique ID.

[0062] Next, the key management system S returns a pairing information response (step S5). Specifically, the key management mobile terminal 10 transmits the pairing information to the user mobile terminal 20. The user mobile terminal 20 stores the key ID and key value of the received pairing information, along with the ID of the secure element of the user mobile terminal 20, in the storage unit 22. In this way, the key management system S transfers the information related to the digital key (all information including the key) in the key management mobile terminal 10, such as an authentication card, to the user mobile terminal 20, such as a smartphone.

[0063] Thus, the key management mobile terminal 10, when providing the digital key, directly connects to a user mobile terminal for accessing and using the access target and functions as an example of a digital key transmission means that transmits the digital key to the user mobile terminal.

[0064] Thus, the user's mobile terminal 20 is directly connected to a key management mobile terminal that manages multiple digital keys that can access the access target, and functions as an example of a digital key acquisition means that acquires the digital key from the key management mobile terminal in order to access the access target.

[0065] Next, the key management system S decrements the digital key counter (step S6). Specifically, the key management mobile terminal 10 decrements the counter in the storage unit 12 (an example of information on the transmitted digital keys) which indicates the number of digital keys that have not yet been provided and remain. As an example of information on the transmitted digital keys, the key management mobile terminal 10 stores the unique ID of the user mobile terminal 20 to which the digital key was provided as the recipient ID in the storage unit 12. The key management system S terminates the secure session. As an example of information on the transmitted digital keys, the key management mobile terminal 10 may also set a flag indicating that a digital key has been provided, corresponding to the key ID of the provided digital key. The key management mobile terminal 10 may also delete the key value of the provided digital key.

[0066] Thus, the key management mobile terminal 10 functions as an example of a management means that stores the information of the transmitted digital key when the digital key is provided. The key management mobile terminal 10 also functions as an example of a management means that deletes the transmitted digital key from the storage means. Furthermore, the key management mobile terminal 10 manages the number of digital keys in the storage means and functions as an example of a management means that counts down the number of digital keys when the digital key is provided.

[0067] If there are multiple users, steps S3 to S6 are also performed on the user mobile terminals 20 of the other users. Each user mobile terminal 20 is provided with a digital key to access the control device 30 to be accessed.

[0068] Next, the key management system S utilizes the key (step S7). Specifically, the user brings their mobile terminal 20 close to the access target, such as a vehicle 5. The user's mobile terminal 20 and the access target's control device 30 connect via communication, establishing a secure session between the user's mobile terminal 20 and the access target's control device 30. Digital key authentication is performed, and once authenticated, the access target becomes available. In the case of vehicle 5, the door lock is unlocked, and the user can drive vehicle 5. In the case of house 7, the door lock for house 7 is unlocked, and the user can enter house 7.

[0069] When there are multiple users, such as when friends or family are using the service, user A may unlock the door using their mobile device 20, and user B may lock the door using their mobile device 20.

[0070] Next, we will explain the process that the key management mobile terminal 10 goes through from the return of the access target from the user until the digital key is returned to the key management mobile terminal 10.

[0071] As shown in Figure 7, the key management system S formats the pairing information (step S8). Specifically, when the use of the accessed service ends and the user launches a dedicated application on the user's mobile terminal 20 and presses the button to return the digital key, the user's mobile terminal 20 issues a SERIALIZE command instructing the secure element to format the pairing information. The user's mobile terminal 20 reads the unique ID, the owned key ID, and the key value stored in the storage unit 22 or the secure element, and formats the pairing information into a format for transmission. For example, pairing information including the unique ID, the owned key ID, and the key value is formatted.

[0072] Next, the key management system S sends pairing information (step S9). Specifically, the user mobile terminal 20 and the key management mobile terminal 10 are brought close together, and after a secure session is established between the key management mobile terminal 10 and the user mobile terminal 20, the user mobile terminal 20 sends the formatted pairing information to the key management mobile terminal 10 using the MOVE command to transfer the pairing information. Note that the user mobile terminal 20 does not have to send the key value of the provided digital key as pairing information; it may also send the owned key ID and unique ID, as long as the key management mobile terminal 10 can identify which digital key has been returned. Pairing information, owned key ID, or unique ID are examples of information that can identify a digital key.

[0073] As an example of digital key return information, the key management mobile terminal 10 refers to the database in the storage unit 12 based on the held key ID of the received pairing information and deletes the corresponding recipient ID. Also, if the key value has been deleted, as an example of digital key return information, the key management mobile terminal 10 writes the key value of the received pairing information corresponding to the held key ID.

[0074] Thus, the user's mobile terminal 20 functions as an example of a digital key return means that transmits the digital key to be deleted to the key management mobile terminal.

[0075] Next, the key management system S deletes the pairing information (step S10). Specifically, the user's mobile terminal 20 deletes the owned key ID and key value from the storage unit 22 or secure element using a DELETE command to delete the pairing information.

[0076] Thus, the user's mobile terminal 20 functions as an example of a deletion means for deleting the information of the digital key when the digital key is returned.

[0077] Next, the key management system S issues a deletion notification (step S11). Specifically, the user's mobile terminal 20 executes an INFO command to notify the pairing status and notifies the key management mobile terminal 10 that the digital key has been deleted, along with an example of information that identifies the digital key, such as the owned key ID or unique ID. The key management mobile terminal 10 receives the deletion notification.

[0078] Thus, the user's mobile terminal 20 functions as an example of a notification means that notifies the key management mobile terminal of the deletion of the digital key, along with information identifying the digital key.

[0079] Thus, the key management mobile terminal 10 functions as an example of a deletion notification receiving means that, upon the return of the digital key, receives a notification that the digital key has been deleted from the user's mobile terminal, along with information identifying the digital key.

[0080] Next, the key management system S increments the digital key counter (step S12). Specifically, the key management mobile terminal 10 increments the digital key counter (an example of digital key return information).

[0081] As an example of digital key return information, after receiving a deletion notification, the key management mobile terminal 10 may delete the corresponding provider ID based on the held key ID of the received pairing information, or, if the key value has been deleted, the key management mobile terminal 10 may write the key value of the received pairing information corresponding to the held key ID.

[0082] Thus, the key management mobile terminal 10 functions as an example of a management means that stores information about the return of the digital key corresponding to the received notification when the digital key is returned. The key management mobile terminal 10 also functions as an example of a management means that stores the digital key received from the user mobile terminal in the storage means when the digital key is returned. Furthermore, the key management mobile terminal 10 functions as an example of a management means that manages the number of digital keys in the storage means and increments the number of digital keys when the digital key is returned.

[0083] If there are multiple users, steps S8 to S12 are also performed on the user's mobile terminal 20 of the other users. A digital key is returned from each user's mobile terminal 20.

[0084] The lender of the digital key receives the key management mobile terminal 10 back, accesses the key management mobile terminal 10 using a terminal with a reader / writer (not shown), checks the contents of the digital key on the key management mobile terminal 10, and confirms whether the digital key has been deleted from the user's mobile terminal 20.

[0085] As described above, according to the above embodiment, multiple digital keys that can access the access target such as a vehicle 5 or a house 7 are stored, and when a digital key is provided, the key management mobile terminal 10 directly connects to the user's mobile terminal 20 for accessing and using the access target and transmits the digital key to the user's mobile terminal 20, and when a digital key is returned, a notification that the digital key has been deleted from the user's mobile terminal 20 is received along with information identifying the digital key, and when a digital key is provided, the information of the transmitted digital key is stored, and when a digital key is returned, the information of the digital key returned corresponding to the received notification is stored, so that the key management mobile terminal 10 can easily manage the provision and return of multiple digital keys without connecting to a network. In addition, it is possible to confirm that the digital key has been deleted from the user's mobile terminal 20, and unauthorized use of the digital key can be prevented.

[0086] Previously, when pairing multiple devices to access a target environment, it was possible to use a server for pairing. However, this required a network connection, and furthermore, user management was necessary to access the site where pairing information, including digital keys, was downloaded. When distributing multiple keys to each user's mobile device 20, such as a smartphone, using a server required user access management. Users who borrowed keys also had to manage multiple keys. In addition, in the case of rental housing or rental cars, keys must be returned at the end of the contract, but it was difficult for the lender to confirm that the digital keys downloaded to the devices had been securely deleted. When renting a house or car, there are times when multiple keys are needed, but it was time-consuming for the key lender to provide the required number of keys using physical keys or authentication cards, and to pair each user's smartphone with the target environment.

[0087] However, according to the present invention, even without a network connection, the key management mobile terminal 10 can manage multiple digital keys and users. Users who have borrowed a digital key can also manage multiple digital keys with a single key management mobile terminal 10. When lending out a digital key, the lender only needs to lend out one key management mobile terminal 10. Multiple users can avoid the trouble of pairing their respective user mobile terminals 20 with their access targets.

[0088] By deleting the transmitted digital key from the storage unit 12 and then storing the digital key received from the user's mobile terminal 20 in the storage unit 12 upon the return of the digital key, it is possible to reliably prevent the provision of the same digital key.

[0089] The memory unit 12 manages the number of digital keys, counts down the number of digital keys when a digital key is provided, and counts up the number of digital keys when a digital key is returned. This allows for the management of the number of digital keys that have been provided and the number of digital keys that have not been provided and remain.

[0090] The user's mobile terminal 20 connects directly to a key management mobile terminal 10 that manages multiple digital keys that can access the target object. The user's mobile terminal 20 obtains a digital key from the key management mobile terminal 10 to access the target object, deletes the digital key information when the digital key is returned, and notifies the key management mobile terminal of the deletion, along with information identifying the digital key. This allows the user to receive digital keys and receive notifications regarding their return without connecting to a network, thus simplifying the management of digital keys on the key management mobile terminal. Furthermore, it is possible to confirm that the digital key has been deleted, preventing unauthorized use of the digital key.

[0091] When a user's mobile device 20 sends a digital key to be deleted to the key management mobile device 10, if the key management mobile device 10 has deleted the digital key at the time of provision, it can receive the digital key back, thereby preventing the provision of the same digital key to other user mobile devices while still being able to provide the same digital key to other users' mobile devices. [Explanation of symbols]

[0092] 5 vehicles (accessible) 7. Houses (accessible) 10 Key management mobile terminal 20. User's mobile device 30 Control device S Key Management System

Claims

1. A storage means for storing multiple digital keys that can access the target, When providing the digital key, a digital key transmission means connects directly to a user's mobile terminal for accessing and using the access target and transmits the digital key to the user's mobile terminal. A deletion notification receiving means receives a notification that the digital key has been deleted from the user's mobile device when the digital key is returned, along with information identifying the digital key. A management means that stores the information about the provision of the transmitted digital key when the digital key is provided, and stores the information about the return of the digital key corresponding to the received notification when the digital key is returned. A key management mobile terminal characterized by being equipped with the following features.

2. In the key management portable terminal according to claim 1, The management means is characterized by deleting the transmitted digital key from the storage means and storing the digital key received from the user's mobile terminal in the storage means when the digital key is returned.

3. In the key management portable terminal according to claim 1 or claim 2, The management means manages the number of digital keys in the storage means, A key management mobile terminal characterized by counting down the number of digital keys when the digital keys are provided and counting up the number of digital keys when the digital keys are returned.

4. A digital key acquisition means that directly connects to a key management mobile terminal that manages multiple digital keys that can access the target, and obtains the digital key from the key management mobile terminal in order to access the target. A deletion means for deleting the information of the digital key when the digital key is returned, A notification means for notifying the key management mobile terminal of the deletion of the digital key, along with information identifying the digital key; A user-facing mobile terminal characterized by having the following features.

5. In the user's mobile terminal according to claim 4, A digital key return means that transmits the digital key to be deleted to the key management mobile terminal, A user-facing mobile terminal that is further equipped with additional features.

6. A storage step in which the storage means stores multiple digital keys that can access the target to be accessed, A digital key transmission step in which the digital key transmission means, when providing the digital key, directly connects to a user's mobile terminal for accessing and using the access target and transmits the digital key to the user's mobile terminal, A deletion notification receiving step in which the deletion notification receiving means receives a notification from the user's mobile terminal that the digital key has been deleted when the digital key is returned, along with information identifying the digital key, The management means includes a management step in which, when the digital key is provided, it stores the information of the transmitted digital key being provided, and when the digital key is returned, it stores the information of the digital key being returned that corresponds to the received notification, A key management method characterized by including the following.

7. A digital key acquisition means directly connects to a key management mobile terminal that manages multiple digital keys that can access the target to be accessed, and obtains the digital key from the key management mobile terminal in order to access the target to be accessed. The deletion means includes a deletion step of deleting the information of the digital key when the digital key is returned, A notification step in which the notification means notifies the key management mobile terminal of the deletion of the digital key, along with information identifying the digital key, A key management method characterized by including the following.

8. Computers, A storage means for storing multiple digital keys that can access the target object. When providing the digital key, a digital key transmission means connects directly to a user's mobile terminal for accessing and using the access target, and transmits the digital key to the user's mobile terminal. A deletion notification receiving means that receives a notification that the digital key has been deleted from the user's mobile device when the digital key is returned, along with information identifying the digital key, and A key management mobile terminal program characterized by functioning as a management means that stores information about the provision of the transmitted digital key when the digital key is provided, and stores information about the return of the digital key corresponding to the received notification when the digital key is returned.

9. Computers, A digital key acquisition means that directly connects to a key management mobile terminal that manages multiple digital keys that can access the target, and obtains the digital key from the key management mobile terminal in order to access the target. A deletion means for deleting the information of the digital key when the digital key is returned, and A program for a user's mobile terminal, characterized in that it functions as a notification means for notifying the key management mobile terminal of the deletion of the digital key, along with information identifying the digital key.

10. A key management system comprising a key management mobile terminal for managing multiple digital keys that can access an access target, and a user mobile terminal for accessing and using the said access target, The aforementioned key management portable terminal is A storage means for storing multiple digital keys, When providing the digital key, a digital key transmission means connects directly to the user's mobile terminal and transmits the digital key to the user's mobile terminal, A deletion notification receiving means receives a notification that the digital key has been deleted from the user's mobile device when the digital key is returned, along with information identifying the digital key. A management means that stores the information about the provision of the transmitted digital key when the digital key is provided, and stores the information about the return of the digital key corresponding to the received notification when the digital key is returned. It has, The aforementioned user's mobile terminal is A digital key acquisition means that connects directly to the aforementioned key management mobile terminal and acquires the digital key from the aforementioned key management mobile terminal, A deletion means for deleting the information of the digital key when the digital key is returned, A notification means for notifying the key management mobile terminal of the deletion of the digital key, along with information identifying the digital key; A key management system characterized by having the following features.