Information processing system, control device, information processing method, and program
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO LTD
- Filing Date
- 2025-12-03
- Publication Date
- 2026-06-25
Smart Images

Figure JP2025042083_25062026_PF_FP_ABST
Abstract
Description
Information Processing System, Control Device, Information Processing Method, and Program
[0001] The present invention relates to an information processing system, a control device, an information processing method, and a program.
[0002] Conventionally, a security system for locking or unlocking the doors of facilities has been known. Patent Document 1 discloses a security system that can safely remotely operate the locking and unlocking of a house without requiring other devices such as a fingerprint authentication device. Patent Document 2 discloses an information processing system that performs authentication using a secret key, a public key, a server certificate, etc., and locks and unlocks a delivery box or a car.
[0003] Japanese Unexamined Patent Application Publication No. 2014 - 159692 Japanese Unexamined Patent Application Publication No. 2005 - 240492
[0004] In the information processing system of Patent Document 2, secure communication is realized by pairing a locking device and a key device. However, since the time required for pairing is long, it is difficult to shorten the time from when the user presses a switch until the locking device is unlocked.
[0005] The present invention provides an information processing system or the like that can shorten the time required to解除 the restrictions of a device.
[0006] An information processing system according to an aspect of the present invention is an information processing system used to解除 the restrictions of a device that restricts the operation of an article, and includes an information terminal and a control device. The information terminal includes a first communication unit, a first storage unit in which a common key is stored, and an information processing unit that transmits an advertisement signal based on Bluetooth (registered trademark) including control information encrypted using the common key stored in the first storage unit to the control device using the first communication unit. The control device includes a second communication unit that receives the advertisement signal, a second storage unit in which the common key is stored, and when the decryption of the control information included in the received advertisement signal using the common key stored in the second storage unit is successful, transmits an advertisement response based on Bluetooth (registered trademark) to the information terminal using the second communication unit, and a control unit that解除 the restrictions of the device. (注:原文中“解除”一词在中文语境下表述较模糊,这里直接保留了原文的日语表述“解除”,在实际应用中,可根据具体含义替换为准确的中文词汇,比如“解除限制”等)
[0007] A control device according to one aspect of the present invention is a control device for releasing the restrictions on a device that restricts the operation of an article, comprising: a communication unit that receives an advertisement signal based on Bluetooth®, which includes control information encrypted using a common key, from an information terminal; a storage unit that stores the common key; and, upon successful decryption of the control information contained in the received advertisement signal using the common key stored in the storage unit, transmitting an advertisement response based on Bluetooth® to the information terminal using the communication unit, and releasing the restrictions on the device.
[0008] An information processing method according to one aspect of the present invention is an information processing method performed by an information processing system used to release the restrictions of a device that restricts the operation of an article, wherein the information processing system comprises an information terminal having a first storage unit and a control device having a second storage unit, and the information processing method includes the steps of: the information terminal transmitting a Bluetooth®-based advertisement signal to the control device, which includes control information encrypted using a common key stored in the first storage unit; the control device receiving the advertisement signal; and the control device successfully decrypting the control information contained in the received advertisement signal using the common key stored in the second storage unit, transmitting a Bluetooth®-based advertisement response to the information terminal and releasing the restrictions of the device.
[0009] An information processing method according to one aspect of the present invention is an information processing method performed by a control device that releases the restrictions on a device that restricts the operation of an article, wherein the control device includes a storage unit, and the information processing method includes the steps of: receiving a Bluetooth®-based advertisement signal from an information terminal, which includes control information encrypted using a common key; and, upon successful decryption of the received advertisement signal using the common key stored in the storage unit, transmitting a Bluetooth®-based advertisement response to the information terminal and releasing the restrictions on the device.
[0010] A program according to one aspect of the present invention is a program for causing a computer to execute the information processing method described above.
[0011] An information processing system, etc., according to one aspect of the present invention can reduce the time required to remove equipment restrictions.
[0012] Figure 1 is an external view of the information processing system according to the embodiment. Figure 2 is a block diagram showing the configuration of the information processing system according to the embodiment. Figure 3 is a sequence diagram of operation example 1 for information terminals and control devices to share an unlocking token. Figure 4 is a sequence diagram of operation example for unlocking an electric lock using an unlocking token. Figure 5 is a sequence diagram of the first half of operation example 2 for information terminals and control devices to share an unlocking token. Figure 6 is a diagram showing an example of a server certificate format. Figure 7 is a sequence diagram of the second half of operation example 2 for information terminals and control devices to share an unlocking token. Figure 8 is a sequence diagram of operation example 3 for information terminals and control devices to share an unlocking token.
[0013] The embodiments will be described in detail below with reference to the drawings. Note that the embodiments described below are all comprehensive or specific examples. The numerical values, shapes, materials, components, arrangement positions and connection configurations of components, steps, and the order of steps shown in the following embodiments are examples only and are not intended to limit the present invention. Furthermore, components in the following embodiments that are not described in an independent claim will be described as optional components.
[0014] Please note that each figure is a schematic diagram and not necessarily a strictly accurate representation. Furthermore, in each figure, substantially identical components are denoted by the same reference numerals, and redundant explanations may be omitted or simplified.
[0015] (Embodiment) [Configuration] First, the configuration of the information processing system according to the embodiment will be described. Figure 1 is an external view of the information processing system according to the embodiment. Figure 2 is a block diagram showing the configuration of the information processing system according to the embodiment.
[0016] As shown in Figure 1, the information processing system 10 according to this embodiment is a system for safely unlocking an electric lock 60 using an information terminal 20 and a management terminal 30. The information processing system 10 comprises an information terminal 20, a management terminal 30, a control device 50, and an electric lock 60. The control device 50 and the electric lock 60 are installed as an electric lock system on a door 81 (or door frame) in a facility 80, for example. The facility 80 is, for example, an apartment building, but it may also be a facility other than a residence, such as an office building. As will be described later, the information processing system 10 may be equipped with multiple sets of control devices 50 and electric locks 60.
[0017] The information terminal 20 is an information terminal used by users of facility 80 to unlock the electric lock 60. Users of facility 80 include not only visitors to facility 80 (see Figure 1; in other words, non-residents) but also residents who live in facility 80. The information terminal 20 is a portable information terminal such as a smartphone or tablet. The information terminal 20 comprises a communication unit 21, an information processing unit 22, a storage unit 23, an operation reception unit 24, and a display unit 27.
[0018] The communication unit 21 is a communication circuit for the information terminal 20 to communicate with the management terminal 30 and the control device 50, respectively. For example, the communication unit 21 communicates with the management terminal 30 via wireless communication through a wide-area communication network such as the Internet, and communicates with the control device 50 via wireless communication through a local communication network using Bluetooth® 5.4.
[0019] The information processing unit 22 performs information processing for unlocking the electric lock 60. The information processing unit 22 is implemented by, for example, a microcomputer, but may also be implemented by a processor. The functions of the information processing unit 22 are realized, for example, by the microcomputer or processor constituting the information processing unit 22 executing a computer program stored in the storage unit 23.
[0020] The memory unit 23 is a storage device that stores information necessary for the above-mentioned information processing, as well as the computer program mentioned above. The memory unit 23 is implemented, for example, by semiconductor memory.
[0021] The operation reception unit 24 receives user input. The operation reception unit 24 may be implemented by, for example, a touch panel, but it may also be implemented by hardware keys or the like.
[0022] The display unit 27 displays an image. The display unit 27 is implemented by, for example, a liquid crystal panel, but may also be implemented by an organic EL panel. If the operation reception unit 24 is implemented by a touch panel and the touch panel is superimposed on the display unit 27, the touch panel and the image displayed on the display unit 27 constitute a GUI (Graphical User Interface).
[0023] The management terminal 30 is an information terminal used by the administrator of the facility 80. The administrator is the owner of the facility 80 or an employee of the facility 80 management company. The management terminal 30 is a portable information terminal such as a smartphone or tablet. The management terminal 30 comprises a communication unit 31, an information processing unit 32, a storage unit 33, an operation reception unit 34, and a display unit 37.
[0024] The communication unit 31 is a communication circuit for the management terminal 30 to communicate with the information terminal 20 and the control device 50, respectively. For example, the communication unit 31 communicates with the information terminal 20 via wireless communication through a wide-area communication network such as the Internet, and communicates with the control device 50 via wireless communication through a local communication network using Bluetooth® 5.4.
[0025] The information processing unit 32 performs information processing to grant the information terminal 20 the authority to unlock the electric lock 60, and information processing to unlock the electric lock 60. The information processing to grant the information terminal 20 the authority to unlock the electric lock 60 is, for example, the process of issuing a server certificate to the information terminal 20 (described later). The information processing unit 32 is implemented by, for example, a microcomputer, but may also be implemented by a processor. The functions of the information processing unit 32 are realized, for example, by the microcomputer or processor constituting the information processing unit 32 executing a computer program stored in the storage unit 33.
[0026] The memory unit 33 is a storage device that stores information necessary for the above-mentioned information processing, as well as the computer program mentioned above. The memory unit 33 is implemented, for example, by semiconductor memory.
[0027] The operation reception unit 34 receives operations from the administrator. The operation reception unit 34 may be implemented by, for example, a touch panel, but it may also be implemented by hardware keys or the like.
[0028] The display unit 37 displays an image. The display unit 37 is implemented by, for example, a liquid crystal panel, but may also be implemented by an organic EL panel. If the operation reception unit 34 is implemented by a touch panel and the touch panel is superimposed on the display unit 37, the touch panel and the image displayed on the display unit 37 constitute a GUI.
[0029] The control device 50 is a control device that controls the locking and unlocking of the electric lock 60. The control device 50 is built into, for example, the door 81 or the door frame. The control device 50 comprises a communication unit 51, a control unit 52, a storage unit 53, and an operation reception unit 54.
[0030] The communication unit 51 is a communication circuit for the control device 50 to communicate with the information terminal 20 and the management terminal 30, respectively. The communication unit 51, for example, performs wireless communication with the information terminal 20 and the management terminal 30 via a local communication network using Bluetooth® 5.4.
[0031] The control unit 52 performs information processing for locking or unlocking the electric lock 60. Specifically, the control unit 52 locks or unlocks the electric lock 60 by outputting a control signal to the electric lock 60. The control unit 52 is implemented by, for example, a microcomputer, but may also be implemented by a processor. The functions of the control unit 52 are realized, for example, by the microcomputer or processor constituting the control unit 52 executing a computer program stored in the storage unit 53.
[0032] The memory unit 53 is a storage device that stores information necessary for the above-mentioned information processing, as well as the computer program mentioned above. The memory unit 53 is implemented, for example, by a semiconductor memory.
[0033] The operation reception unit 54 receives user input. The operation reception unit 54 may be implemented by hardware keys such as push buttons, but it may also be implemented by a touch panel.
[0034] The electric lock 60 locks or unlocks the door 81 based on a control signal output from the control unit 52. Specifically, the electric lock 60 includes an electric motor and a transmission mechanism that transmits the driving force of the electric motor to the deadbolt. The driving force of the electric motor is transmitted to the deadbolt via the transmission mechanism, causing the deadbolt to move to the locked or unlocked position.
[0035] In the following embodiments, the description will mainly focus on the example in which the control device 50 unlocks the electric lock 60, but the control device 50 may also lock the electric lock 60. In other words, in the following embodiments, unlocking the electric lock 60 can be interpreted as locking the electric lock 60.
[0036] [Example of operation 1 for sharing unlocking tokens] In the information processing system 10, the information terminal 20 that receives the user's operation requests the control device 50 to unlock the electric lock 60 via advertised communication as defined in Bluetooth® 5.4, thereby shortening the time required from the time the operation is received until the restriction on the unlocking device of the electric lock 60 is lifted.
[0037] As a preliminary step (initial setup) for the information terminal 20 to request the control device 50 to unlock the electric lock 60, the information terminal 20 and the control device 50 need to share an unlocking token. The unlocking token is an example of a common key used for authentication to unlock the electric lock 60.
[0038] The following describes an example of operation for the information terminal 20 and the control device 50 to share an unlocking token. Figure 3 is a sequence diagram of operation example 1 for the information terminal 20 and the control device 50 to share an unlocking token. In the following example of operation for storing an unlocking token, the information terminal 20 is described as being used by a user of the facility 80.
[0039] The user installs an application program (hereinafter also simply referred to as "app") for using the information processing system 10 on the information terminal 20. The user, while holding the information terminal 20 and located near the control device 50, performs a predetermined operation on the information terminal 20 (S11) that is running the app, in order to store the unlocking token in the storage unit 23. The operation reception unit 24 receives the predetermined operation (S12a).
[0040] When a predetermined operation is received by the operation reception unit 24, the information processing unit 22 attempts to perform Bluetooth® pairing (hereinafter simply referred to as pairing) with the control device 50 using the communication unit 21 (S13). Pairing means establishing a secure communication connection between communication devices that can communicate according to Bluetooth®. When attempting pairing, the information terminal 20 becomes the peripheral and the control device 50 becomes the central. Although not explained in operation example 1, it may also be necessary to input authentication information, such as a passkey, to the operation reception unit 24 when pairing is achieved.
[0041] Furthermore, the user performs a predetermined operation on the control device 50 to store the unlocking token in the storage unit 53, and the operation reception unit 54 accepts the predetermined operation (S12b). Once the predetermined operation is accepted by the operation reception unit 54, the control unit 52 attempts to pair with the information terminal 20 using the communication unit 51 (S13).
[0042] Once pairing is successful, the information terminal 20 and the control device 50 can communicate securely with each other. The control unit 52 of the control device 50 uses the communication unit 51 to send request information to the information terminal 20 to request the generation of an unlocking token (S14).
[0043] The communication unit 21 of the information terminal 20 receives the request information. The information processing unit 22 generates an unlocking token based on the received request information (S15), and transmits the response information, including the generated unlocking token, to the control device 50 using the communication unit 21 (S16). The communication unit 51 of the control device 50 receives the response information.
[0044] The information processing unit 22 of the information terminal 20 stores the unlocking token generated in step S15 in the storage unit 23 (S17a). Also, the control unit 52 of the control device 50 stores the unlocking token included in the response information received in step S16 in the storage unit 53 (S17b). As a result, the unlocking token is shared by the information terminal 20 and the control device 50.
[0045] Note that the request information transmitted in step S14 corresponds to the ATT_READ_REQ message in the Encrypted Data Key Material defined by Bluetooth (registered trademark) 5.4, and the response information transmitted in step S16 corresponds to the ATT_READ_RSP message in the Encrypted Data Key Material.
[0046] In this way, the unlocking token is stored in each of the storage unit 23 and the storage unit 53 when the communication units 21 and 51 communicate based on the Bluetooth (registered trademark) Encrypted Data Key Material while the information terminal 20 and the control device 50 are paired.
[0047] [Operation example of unlocking an electric lock using an unlocking token] In a state where the unlocking token is stored in the storage unit 23, the information terminal 20 can unlock the electric lock 60 using the unlocking token. Hereinafter, an operation example of unlocking the electric lock 60 using the unlocking token will be described. FIG. 4 is a sequence diagram of the operation example of unlocking the electric lock 60 using the unlocking token. In FIG. 4, the transmission and reception of the advertisement signal are indicated by solid lines, and the transmission and reception of the advertisement response are indicated by broken lines.
[0048] When the information terminal 20 in which the unlocking token is stored in the memory unit 23 is activated (executed) due to an operation such as starting an application by the user (S21), it enters a standby state for receiving an advertisement signal from the control device 50. On the other hand, the control device 50 periodically transmits an advertisement signal having a format defined in Bluetooth (registered trademark) 5.4 (S22). The advertisement signal includes the ID of the information terminal 20.
[0049] When the communication unit 21 of the information terminal 20 receives an advertisement signal, the information processing unit 22 uses PAwR (Periodic Advertising with Responses) defined in Bluetooth (registered trademark) 5.4 to transmit an advertisement response including a response message (S23). The communication unit 51 of the control device 50 receives the advertisement response. When the communication unit 51 receives the advertisement response, the control unit 52 enters a standby state for receiving an advertisement signal from the information terminal 20 (S24).
[0050] Next, the information processing unit 22 of the information terminal 20 uses the unlocking token stored in the memory unit 23 to encrypt an unlocking command and includes the encrypted unlocking command in an advertisement signal, which is then transmitted to the control device 50 using the communication unit 21 (S25).
[0051] The communication unit 51 of the control device 50 receives the advertisement signal (encrypted unlocking command). When the control unit 52 can correctly decrypt the unlocking command included in the advertisement signal using the unlocking token, it encrypts a control reception notification using the unlocking token and transmits an advertisement response including the encrypted control reception notification to the information terminal 20 using the communication unit 51 (S26). Further, the control unit 52 unlocks the electric lock 60 based on the unlocking command (S27).
[0052] The communication unit 21 of the information terminal 20 receives the advertisement response. The information processing unit 22 decrypts the control reception notification included in the received advertisement response using the unlocking token stored in the memory unit 23.
[0053] To confirm the status of the electric lock 60 (whether or not it is unlocked), the information processing unit 22 sends an advertisement signal containing an encrypted confirmation request using an unlocking token to the control device 50 using the communication unit 21 (S28).
[0054] The communication unit 51 of the control device 50 receives the advertised signal. If the control unit 52 can correctly decrypt the confirmation request contained in the received advertised signal using the unlocking token, it encrypts the status notification of the electric lock 60 using the unlocking token and transmits the advertised response, including the encrypted status notification, to the information terminal 20 using the communication unit 51 (S29).
[0055] The communication unit 21 of the information terminal 20 receives an advertised response. The information processing unit 22 decodes the status notification contained in the received advertised response using the unlocking token stored in the storage unit 23, and displays the status indicated by the status notification (that the electric lock 60 has been unlocked) on the display unit 27 (S30).
[0056] Note that steps S28 and S29 may be omitted, and the information processing unit 22 of the information terminal 20 may, after receiving the advertisement response in step S26, assume that the electric lock 60 has been unlocked and perform the display in step S30.
[0057] In this way, the information processing system 10 can safely unlock the electric lock 60 using advertised communication (advertised signals and advertised responses; hereinafter also simply referred to as advertised communication) as defined in Bluetooth® 5.4.
[0058] Because advertising communication based on Bluetooth® takes less time to establish a communication connection compared to GATT (Generic Attribute Profile) communication, the control device 50 can unlock the electric lock 60 in a short time and with low power consumption. In other words, advertising communication allows the information terminal 20 and the control device 50 to communicate more efficiently.
[0059] [Example 2 for sharing unlocking tokens] In Example 1 for sharing unlocking tokens, the user (or administrator) needs to perform operations on both the information terminal 20 and the control device 50 simultaneously in order to perform pairing that enables GATT communication (not JustWorks). In contrast, Example 2, described below, is an example of operation that does not require any operation from the user on the control device 50, as the control device 50 authenticates the information terminal 20 using a public key certificate (server certificate and root certificate), and then uses temporary Bluetooth® pairing via JustWorks.
[0060] First, an example of the operation for storing a server certificate in the information terminal 20 will be described. Figure 5 is a sequence diagram of the example of the operation for storing a server certificate in the information terminal 20 (the first half of operation example 2). In the following example of the operation for storing a server certificate, and in the examples of operations described later, the information terminal 20 will be described as being used by a user of the facility 80, and the management terminal 30 will be described as being used by the administrator of the facility 80, etc. The user is a non-resident, such as a delivery person or a person dispatched from a provider of housekeeping services, but may also be a resident of the facility 80.
[0061] The server certificate serves as an authorization certificate for unlocking the electric lock 60. As shown in Figure 5, the storage unit 23 of the information terminal 20 stores the public key A and its corresponding private key A. The public key A and private key A are generated, for example, when an application is installed on the information terminal 20 and stored in the storage unit 23.
[0062] Furthermore, the storage unit 33 of the management terminal 30 stores the public key B and its corresponding private key B. The public key B and private key B are stored in the storage unit 33, for example, when an application for using the information processing system 10 is installed on the management terminal 30.
[0063] First, the user performs a predetermined operation on the operation reception unit 24 of the information terminal 20 running the above application. The predetermined operation is for installing the server certificate. The operation reception unit 24 accepts the predetermined operation (S31).
[0064] When the operation reception unit 24 receives a predetermined operation, the information processing unit 22 generates a server certificate issuance request and transmits the generated issuance request to the management terminal 30 using the communication unit 21 (S32). The issuance request includes the public key A. The communication unit 21 transmits the public key A to the management terminal 30 via wireless communication over a wide-area communication network.
[0065] The communication unit 31 of the management terminal 30 receives an issuance request including the public key A. When the administrator confirms the user's issuance request and authorizes the user to unlock the electric lock 60, the information processing unit 32 generates a signature for the received public key A and usage conditions using the private key B (S33). The information processing unit 32 also transmits the server certificate, including the public key A, usage conditions, and signature, to the information terminal 20 using the communication unit 31 (S34). The usage conditions are, for example, information indicating a time requirement (in other words, an expiration date), and are predetermined by, for example, the administrator using the management terminal 30. The time requirement specifies, for example, the start and end dates when the server certificate is considered valid, but it is sufficient to specify at least the end date.
[0066] For example, an X.509 certificate is used as the format for the server certificate. Figure 6 shows an example of the server certificate format. In Figure 6, the certificate's validity period corresponds to the usage conditions (timing requirements) mentioned above, the subject's public key information corresponds to public key A, and signatureValue corresponds to the signature. In addition, usage conditions other than the expiration date may be stored in the extended area of the format in Figure 6.
[0067] The communication unit 21 of the information terminal 20 receives the server certificate. The information processing unit 22 stores the received server certificate in the storage unit 23 (S35).
[0068] Next, we will describe an example of operation in which JustWorks performs pairing using the server certificate stored as described above and shares the unlocking token. Figure 7 is a sequence diagram of the operation example (second half of operation example 2) in which JustWorks performs pairing using the server certificate and shares the unlocking token.
[0069] As shown in Figure 7, the root certificate is stored in the storage unit 53 of the control device 50. The root certificate includes the public key B. The root certificate is generated, for example, by the information processing unit 32 of the management terminal 30 and transmitted to the control device 50 by the communication unit 31, thereby being stored in the storage unit 53. The root certificate may also be stored in the storage unit 53 by the manufacturing equipment during the manufacturing of the control device 50.
[0070] The information processing unit 22 of the information terminal 20 starts (executes) the above application when the user performs an operation to launch the application (S41).
[0071] The control unit 52 of the control device 50 transmits an advertisement signal to indicate the presence of the control device 50 using the communication unit 51 (S42). The communication unit 51 transmits the advertisement signal at predetermined time intervals. The advertisement signal is transmitted continuously.
[0072] When the user moves near the door 81, they perform a predetermined start operation to initiate the process of sharing the unlocking token with the control device 50 to the operation reception unit 24 of the information terminal 20. The operation reception unit 24 accepts the start operation (S43). The start operation is a simple operation in which the user expresses their intention to share the unlocking token between the information terminal 20 and the control device 50, and is, for example, a touch operation on the screen displayed on the display unit 27 when the above application is running.
[0073] When the information processing unit 22 receives a start operation from the operation reception unit 24, it establishes a Bluetooth® short-range wireless communication connection (BLE communication connection) between the information terminal 20 (communication unit 21) and the control device 50 (communication unit 51) (S44).
[0074] Note that the short-range wireless communication connection in step S44 is different from pairing. To ensure secure communication, it is necessary to perform pairing or to perform proprietary encrypted communication based on Bluetooth® using the above application. In operation example 2, after authentication using a public key certificate, pairing is performed using JustWorks.
[0075] After a short-range wireless communication connection is established, the information processing unit 22 of the information terminal 20 transmits the server certificate to the control device 50 using the communication unit 21 (S45).
[0076] The communication unit 51 of the control device 50 receives the server certificate. The control unit 52 verifies the signature contained in the received server certificate using the public key B contained in the root certificate stored in the storage unit 53 (S46). A signature scheme such as ECDSA is used for signature verification. If the signature verification is successful, the control unit 52 determines the usage conditions contained in the server certificate (S47). The usage conditions are, for example, time requirements (whether the server certificate is within its validity period).
[0077] When the control unit 52 determines that the usage conditions are met, it sends an authentication success notification to the information terminal 20 using the communication unit 51 (S48). The control unit 52 also attempts to pair the information terminal 20 with JustWorks for a limited time. JustWorks is capable of encrypted communication but does not have security resistance against man-in-the-middle attacks. Therefore, the control device 50 ensures security by performing authentication with the information terminal 20 using a public key certificate and then performing Bluetooth® pairing for a short time.
[0078] Similarly, the information processing unit 22, which received the authentication success notification in step S48, also attempts to pair with the control device 50 using JustWorks (S49). In this embodiment, since the unlock token created by the information terminal 20 is shared with the control device 50 using Bluetooth® Encrypted Data Key Material, the information terminal 20 becomes the peripheral and the control device 50 becomes the central during JustWorks pairing.
[0079] If pairing via JustWorks is successful, the information terminal 20 and the control device 50 can communicate securely. From there, the same process as in steps S14 to S17b in Figure 3 is performed. That is, based on the Bluetooth® Encrypted Data Key Material, the communication unit 21 and the communication unit 51 communicate, and the unlocking token is stored in the storage unit 23 and the storage unit 53, respectively. With the unlocking token stored in the storage unit 23, the information terminal 20 can unlock the electric lock 60 using the unlocking token (see Figure 4).
[0080] Thus, in Operation Example 2, the unlocking token is stored in the storage unit 23 and the storage unit 53, respectively, by communication between the communication unit 21 and the communication unit 51 based on Bluetooth® Encrypted Data Key Material during temporary pairing, which is performed on the condition that public key authentication is successful.
[0081] Compared to Operation Example 1, Operation Example 2 offers greater user convenience because pairing is performed with only simple operations on the information terminal 20, and no operations on the control device 50 are required. Furthermore, by using public key authentication, the risk of man-in-the-middle attacks during pairing by JustWorks can be reduced, enabling relatively secure pairing. In addition, public key authentication has the advantage that the control device 50 does not need to have information about the information terminal 20 stored in it beforehand.
[0082] [Operation Example 3 for Sharing Unlocking Tokens] In Operation Example 2 for sharing unlocking tokens, there is a temporary risk of a man-in-the-middle attack. In contrast, Operation Example 3 below is an operation example in which the control device 50 authenticates the information terminal 20 using a public key certificate, and then ensures security by performing a proprietary encrypted communication based on Bluetooth® without performing pairing. Figure 8 is a sequence diagram of Operation Example 3 for sharing unlocking tokens. Note that the processing up to storing the server certificate in the information terminal is the same as in Figure 5, and is therefore omitted in Figure 8. In other words, each process shown in Figure 8 is performed after each process shown in Figure 5 has been performed.
[0083] The process from step S41 to step S47 is the same as in operation example 2, so a detailed explanation is omitted. If the control unit 52 of the control device 50 determines in step S47 that the usage conditions are met, it generates a session key using the public key A included in the server certificate (S61). The control unit 52 encrypts the generated session key with the public key A and transmits the encrypted session key to the information terminal 20 using the communication unit 51 (S62).
[0084] The information processing unit 22 decrypts the session key using the secret key A, and thereafter, encrypted communication between the information terminal 20 (information processing unit 22) and the control device 50 (control unit 52) is established by using the session key (S63).
[0085] Once encrypted communication is established, the information terminal 20 and the control device 50 can communicate securely with each other. The control unit 52 of the control device 50 uses the communication unit 51 to send request information to the information terminal 20 to request the generation of an unlocking token (S64).
[0086] The communication unit 21 of the information terminal 20 receives the request information. The information processing unit 22 generates an unlocking token based on the received request information (S65), and transmits response information including the generated unlocking token to the control device 50 using the communication unit 21 (S66). The communication unit 51 of the control device 50 receives the response information. The unlocking token here is a common key that can encrypt the advertised signal and the data included in the advertised response, similar to Bluetooth® 5.4 Encrypted Data Key Material.
[0087] The information processing unit 22 of the information terminal 20 stores the unlocking token generated in step S65 in the storage unit 23 (S67a). The control unit 52 of the control device 50 also stores the unlocking token included in the response information received in step S66 in the storage unit 53 (S67b). As a result, the unlocking token is shared between the information terminal 20 and the control device 50. With the unlocking token stored in the storage unit 23, the information terminal 20 can use the unlocking token to unlock the electric lock 60 (see Figure 4).
[0088] Thus, in operation example 3, the unlocking token is stored in the storage unit 23 and the storage unit 53, respectively, by the communication unit 21 and the communication unit 51 performing encrypted communication using a session key.
[0089] Operation Example 3 reduces the risk of man-in-the-middle attacks compared to Operation Example 2 and offers improved security. Furthermore, public key authentication has the advantage that the control device 50 does not need to have information about the information terminal 20 pre-stored.
[0090] [Modification] In the above embodiment, an example was described in which a user unlocks the electric lock 60 using the information terminal 20. Here, in each example of the above operation, an administrator or the like may unlock or lock the electric lock 60 using the management terminal 30. For example, in each example of the above operation, the information terminal 20, communication unit 21, information processing unit 22, storage unit 23, operation reception unit 24, and display unit 27 may be read as the management terminal 30, communication unit 31, information processing unit 32, storage unit 33, operation reception unit 34, and display unit 37.
[0091] When unlocking the electric lock 60 using the information terminal 20, the server certificate includes the public key A and a signature generated using the private key B. However, when unlocking the electric lock 60 using the management terminal 30, the server certificate includes the public key B and a signature generated using the private key B. The management terminal 30 can also be considered as the information terminal 20 having the function of issuing server certificates to other information terminals.
[0092] In the above embodiment, the electric lock 60 unlocked the door 81, but the electric lock 60 may also be an electric lock that unlocks doors such as electric assist bicycles, delivery boxes, coin lockers, or safe deposit boxes, or an electric lock that unlocks the windows of a room.
[0093] Furthermore, the control object of the control device 50 is not limited to the electric lock 60. The control device 50 can simply remove the restrictions on equipment that restricts the operation of an object. For example, the control object of the control device 50 may be an automatic door. Also, the information processing system 10 can be applied when only specific people are permitted to control home appliances such as lighting equipment and air conditioning equipment.
[0094] [Effects, etc.] The following describes examples of inventions that can be obtained from the disclosures of this specification, and explains the effects, etc. that can be obtained from the examples of inventions.
[0095] Invention 1 is an information processing system 10 used to remove restrictions on equipment that restricts the operation of an article, comprising an information terminal 20 and a control device 50, wherein the information terminal 20 comprises a communication unit 21, a storage unit 23 in which an unlocking token is stored, and an information processing unit 22 that transmits a Bluetooth®-based advertisement signal, which includes control information encrypted using the unlocking token stored in the storage unit 23, to the control device 50 using the communication unit 21, and the control device 50 comprises a communication unit 51 that receives the advertisement signal, a storage unit 53 in which an unlocking token is stored, and a control unit 52 that, upon successful decryption of the control information contained in the received advertisement signal using the unlocking token stored in the storage unit 53, transmits a Bluetooth®-based advertisement response to the information terminal 20 using the communication unit 51 and removes the restrictions on the equipment, thus forming the information processing system 10. Communication unit 21, storage unit 23, communication unit 51, storage unit 53, unlock token, and unlock command are examples of the first communication unit, first storage unit, second communication unit, second storage unit, common key, and control information. Releasing the restrictions on the device means, for example, unlocking the electric lock 60.
[0096] In such an information processing system 10, the information terminal 20 and the control device 50 release device restrictions through advertised communication. This allows for faster device restriction release compared to cases where the information terminal 20 and the control device 50 perform pairing and GATT communication to release device restrictions. In other words, the information processing system 10 can reduce the time required to release device restrictions.
[0097] Invention 2 is an information processing system 10 of Invention 1, in which the unlocking token is stored in the storage unit 23 and the storage unit 53, respectively, when the information terminal 20 and the control device 50 are paired, by communication between the communication unit 21 and the communication unit 51 based on Bluetooth® Encrypted Data Key Material.
[0098] Such an information processing system 10 can securely share unlocking tokens through communication based on Bluetooth® Encrypted Data Key Material.
[0099] Invention 3 is an information processing system 10 of Invention 1, in which a private key A, a public key A corresponding to the private key A, and a server certificate are stored in the storage unit 23, the server certificate includes the public key A and a signature for the public key A, and a root certificate including the public key is stored in the storage unit 53, and in the process of sharing an unlocking token, the information processing unit 22 transmits the server certificate to the control device 50 using the communication unit 21, the communication unit 51 receives the server certificate, the control unit 52 verifies the signature included in the received server certificate using the public key included in the root certificate, and if the verification is successful, the information terminal 20 and the control device 50 are temporarily paired by JustWorks, and when the information terminal 20 and the control device 50 are temporarily paired, the communication unit 21 and the communication unit 51 communicate based on Bluetooth® Encrypted Data Key Material, and the unlocking token is stored in the storage unit 23 and the storage unit 53, respectively. Private key A and public key A are examples of a first private key and a first public key.
[0100] This information processing system 10, after public key authentication, performs temporary pairing using JustWorks and then shares the unlock token, thereby enhancing user operability while ensuring security.
[0101] Invention 4 is an information processing system 10 of Invention 1, in which a private key A, a public key A corresponding to the private key A, and a server certificate are stored in the storage unit 23, the server certificate includes the public key A and a signature for the public key A, and a root certificate including the public key is stored in the storage unit 53, and in the process of sharing an unlocking token, the information processing unit 22 transmits the server certificate to the control device 50 using the communication unit 21, the communication unit 51 receives the server certificate, the control unit 52 verifies the signature included in the received server certificate using the public key included in the root certificate, and if the verification is successful, the communication unit 21 and the communication unit 51 perform encrypted communication using a session key, thereby storing the unlocking token in the storage unit 23 and the storage unit 53, respectively.
[0102] Such an information processing system 10 shares an unlocking token via encrypted communication using a session key after public key authentication, thereby enhancing user-friendliness while ensuring security.
[0103] Invention 5 is an information processing system 10 of Invention 3 or 4, wherein the signature is a signature generated using private key A, and the public key included in the root certificate is public key A.
[0104] Such an information processing system 10 can safely and quickly remove device restrictions using an information terminal 20 that can issue server certificates to other information terminals.
[0105] Invention 6 is an information processing system 10 of Invention 3 or 4, wherein the signature is a signature generated using a private key B different from private key A, and the public key included in the root certificate is the public key B corresponding to private key B. Private key B and public key B are examples of a second private key and a second public key.
[0106] Such an information processing system 10 can safely and quickly remove restrictions on equipment using an information terminal 20 that receives a server certificate from a management terminal 30.
[0107] Invention 7 is a control device 50 for releasing restrictions on equipment that restricts the operation of an article, comprising: a communication unit 51 that receives an advertisement signal based on Bluetooth® from an information terminal 20, which includes control information encrypted using an unlocking token; a storage unit 53 that stores the unlocking token; and, upon successful decryption of the control information contained in the received advertisement signal using the unlocking token stored in the storage unit 53, the control device 50 transmits an advertisement response based on Bluetooth® to the information terminal 20 using the communication unit 51 and releases the restrictions on the equipment.
[0108] Such a control device 50 can reduce the time required to release the restrictions on the equipment.
[0109] Invention 8 is an information processing method performed by an information processing system 10 used to release restrictions on equipment that restricts the operation of an article, wherein the information processing system 10 comprises an information terminal 20 equipped with a storage unit 23 and a control device 50 equipped with a storage unit 53, and the information processing method includes the steps of: the information terminal 20 transmitting a Bluetooth®-based advertisement signal to the control device 50, which includes control information encrypted using an unlocking token stored in the storage unit 23; the control device 50 receiving the advertisement signal; and, if the control device 50 successfully decrypts the control information contained in the received advertisement signal using an unlocking token stored in the storage unit 53, transmitting a Bluetooth®-based advertisement response to the information terminal 20 and releasing the restrictions on the equipment.
[0110] This type of information processing method can reduce the time required to remove restrictions on the equipment.
[0111] Invention 9 is an information processing method performed by a control device 50 that releases restrictions on a device that restricts the operation of an article, wherein the control device 50 includes a storage unit 53, and the information processing method includes the steps of: receiving an advertisement signal based on Bluetooth® from an information terminal 20, which includes control information encrypted using an unlocking token; and, if successful decryption of the control information contained in the received advertisement signal using an unlocking token stored in the storage unit 53, transmitting an advertisement response based on Bluetooth® to the information terminal 20 and releasing the restrictions on the device.
[0112] This type of information processing method can reduce the time required to remove restrictions on the equipment.
[0113] Invention 10 is a program for causing a computer to execute the information processing method of Invention 8 or 9.
[0114] Such a program can reduce the time it takes for a computer to remove device restrictions after a user has performed a deactivation operation.
[0115] (Other Embodiments) Although embodiments have been described above, the present invention is not limited to the embodiments described above.
[0116] For example, in the above embodiment, the information processing system was implemented by multiple devices, but it may also be implemented as a single device. For example, the information processing system may be implemented as a single device corresponding to an information terminal, a management terminal, or a control device. When the information processing system is implemented by multiple devices, the components of the information processing system (in particular, functional components) may be distributed among the multiple devices in any way.
[0117] Furthermore, in the above embodiment, a process executed by a specific processing unit may be executed by another processing unit. Also, the order of multiple processes may be changed, or multiple processes may be executed in parallel.
[0118] Furthermore, in the above embodiment, each component may be realized by executing a software program suitable for each component. Each component may also be realized by a program execution unit such as a CPU or processor reading and executing a software program recorded on a recording medium such as a hard disk or semiconductor memory.
[0119] Furthermore, each component may be implemented by hardware. For example, each component may be a circuit (or integrated circuit). These circuits may form a single circuit as a whole, or they may be separate circuits. Also, each of these circuits may be a general-purpose circuit or a dedicated circuit.
[0120] Furthermore, general or specific embodiments of the present invention may be implemented as a system, apparatus, method, integrated circuit, computer program, or recording medium such as a computer-readable CD-ROM. Also, general or specific embodiments of the present invention may be implemented as any combination of a system, apparatus, method, integrated circuit, computer program, and recording medium.
[0121] For example, the present invention may be implemented as an information terminal, management terminal, control device, or electric lock system (control device and electric lock) according to the above embodiment.
[0122] Furthermore, the present invention may be implemented as an information processing method executed by a computer, such as an information processing system, information terminal, management terminal, and control device, as described above. The present invention may also be implemented as a program for causing a computer to execute an information processing method. The present invention may also be implemented as a computer-readable, non-temporary recording medium on which such a program is recorded.
[0123] Furthermore, the present invention may be implemented as an application program for causing a general-purpose information terminal to function as an information terminal or management terminal according to the above embodiment. The present invention may also be implemented as a computer-readable non-temporary recording medium on which such an application program is recorded.
[0124] Furthermore, the present invention also includes forms obtained by applying various modifications to each embodiment that a person skilled in the art could conceive, or forms realized by arbitrarily combining the components and functions of each embodiment without departing from the spirit of the present invention.
[0125] 10 Information processing system 20 Information terminal 21, 31 Communication unit (first communication unit) 22, 32 Information processing unit 23, 33 Storage unit (first storage unit) 24, 34, 54 Operation reception unit 27, 37 Display unit 30 Management terminal 50 Control unit 51 Communication unit (second communication unit) 52 Control unit 53 Storage unit (second storage unit) 60 Electric lock 80 Facility 81 Door
Claims
1. An information processing system used to remove the restrictions on a device that restricts the operation of an article, comprising an information terminal and a control device, wherein the information terminal comprises a first communication unit, a first storage unit that stores a common key, and an information processing unit that transmits a Bluetooth®-based advertisement signal, including control information encrypted using the common key stored in the first storage unit, to the control device using the first communication unit, and the control device comprises a second communication unit that receives the advertisement signal, a second storage unit that stores the common key, and a control unit that, upon successful decryption of the control information contained in the received advertisement signal using the common key stored in the second storage unit, transmits a Bluetooth®-based advertisement response to the information terminal using the second communication unit and removes the restrictions on the device, the information processing system.
2. The information processing system according to claim 1, wherein the common key is stored in the first storage unit and the second storage unit, respectively, when the information terminal and the control device are paired, by the first communication unit and the second communication unit communicating based on Bluetooth® Encrypted Data Key Material.
3. The first storage unit stores a first private key, a first public key corresponding to the first private key, and a server certificate, the server certificate includes the first public key and a signature for the first public key, the second storage unit stores a root certificate including the public key, in the process of sharing the common key, the information processing unit transmits the server certificate to the control unit using the first communication unit, the second communication unit receives the server certificate, the control unit verifies the signature included in the received server certificate using the public key included in the root certificate, if the verification is successful, the information terminal and the control unit are temporarily paired by JustWorks, and while the information terminal and the control unit are temporarily paired, the first communication unit and the second communication unit communicate based on Bluetooth® Encrypted Data Key Material, thereby storing the common key in the first storage unit and the second storage unit, respectively. The information processing system according to claim 1.
4. The information processing system according to claim 1, wherein the first storage unit stores a first private key, a first public key corresponding to the first private key, and a server certificate, the server certificate includes the first public key and a signature for the first public key, the second storage unit stores a root certificate including a public key, and in a process for sharing the common key, the information processing unit transmits the server certificate to the control device using the first communication unit, the second communication unit receives the server certificate, the control unit verifies the signature included in the received server certificate using the public key included in the root certificate, and if the verification is successful, the first communication unit and the second communication unit perform encrypted communication using a session key so that the common key is stored in the first storage unit and the second storage unit, respectively.
5. The information processing system according to claim 3 or 4, wherein the signature is a signature generated using the first private key, and the public key included in the root certificate is the first public key.
6. The information processing system according to claim 3 or 4, wherein the signature is a signature generated using a second private key different from the first private key, and the public key included in the root certificate is a second public key corresponding to the second private key.
7. A control device for releasing the restrictions on the operation of an object, comprising: a communication unit that receives an advertisement signal based on Bluetooth® from an information terminal, which includes control information encrypted using a common key; a storage unit that stores the common key; and, upon successful decryption of the control information contained in the received advertisement signal using the common key stored in the storage unit, the control device transmits an advertisement response based on Bluetooth® to the information terminal using the communication unit and releases the restrictions on the object.
8. An information processing method to be performed by an information processing system used to remove the restrictions on a device that restricts the operation of an article, wherein the information processing system comprises an information terminal having a first storage unit and a control device having a second storage unit, and the information processing method includes the steps of: the information terminal transmitting a Bluetooth®-based advertisement signal to the control device, which includes control information encrypted using a common key stored in the first storage unit; the control device receiving the advertisement signal; and, if the control device successfully decrypts the control information contained in the received advertisement signal using the common key stored in the second storage unit, transmitting a Bluetooth®-based advertisement response to the information terminal and removing the restrictions on the device.
9. An information processing method performed by a control device for releasing the restrictions on a device that restricts the operation of an article, wherein the control device comprises a storage unit, and the information processing method includes the steps of: receiving a Bluetooth®-based advertisement signal from an information terminal, which includes control information encrypted using a common key; and, upon successful decryption of the received advertisement signal using the common key stored in the storage unit, transmitting a Bluetooth®-based advertisement response to the information terminal and releasing the restrictions on the device.
10. A program for causing a computer to execute the information processing method described in claim 8 or 9.