| CPC G06F 21/33 (2013.01) [G06F 21/604 (2013.01); G06F 21/64 (2013.01)] | 9 Claims |
|
1. A utilization control system for controlling use of usage target objects, comprising:
a use permit issuing device that issues a use permit including use conditions for using one of the usage target objects;
a utilization control device and a use permit notification device that are provided for each of the usage target objects, wherein the utilization control device controls use of the usage target object based on the use permit by locking/unlocking, by access control, or by encrypting/decrypting and the use permit notification device notifies the use permit to the utilization control device; and
a setting terminal that sends a use permit issue request including designation of the usage target object to the use permit issuing device according to an instruction of an operator to acquire setting information including the use permit from the use permit issuing device, and notifies the acquired setting information to the use permit notification device that is provided correspondingly to the usage target object designated in the use permit issue request;
wherein,
the use permit issuing device comprises:
an authentication data storage means that stores, for each user, at least one type of authentication data together with an authentication method of the authentication data in question in association with at least one type of identification information;
a key information storage means that stores, for each of the usage target objects, key information including a secret key used for signing the use permit;
a use permit issuing means that, on receiving from the setting terminal a use permit issue request including user's identification information, designation of a usage target object, specifying information that can identify an authentication method employed by the use permit notification device corresponding to the usage target object, and use conditions for using the usage target object, issues the use permit that includes the use conditions included in the use permit issue request;
a signature generation means that generates a signature on the use permit issued by the use permit issuing means, by using the secret key included in the key information stored in the key information storage means in association with the usage target object designated in the use permit issue request;
an authentication data identification means that identifies the authentication data of the authentication method identified by the specifying information included in the use permit issue request, among the authentication data stored in the authentication data storage means in association with the user's identification information included in the use permit issue request; and
a setting information sending means that sends setting information including the use permit issued by the use permit issuing means, the signature generated by the signature generation means, and the authentication data identified by the authentication data identification means, to the setting terminal that is the sender of the use permit issue request;
the use permit notification device comprises:
a setting information storage means that stores the setting information notified from the setting terminal;
an authentication data acquisition means that acquires the authentication data from a user according to a predetermined authentication method;
a setting information searching means that searches the setting information storage means for the setting information including the authentication data acquired by the authentication data acquisition means; and
a use permit sending means that sends the use permit and the signature included in the setting information retrieved by the setting information searching means to the utilization control device that is the pair to the use permit notification device itself via Near Field Communication; and
the utilization control device can communicate only via the Near Field Communication and comprises:
a hole data storage means that stores hole data including a public key used for verification of the use permit;
a use conditions acquisition means that verifies the signature received together with the use permit from the use permit notification device by using the public key included in the hole data stored in the hole data storage means, and acquires the use conditions included in the use permit when the verification being established; and
a lifting means that lifts restriction on use of the usage target object when the use conditions acquired by the use conditions acquisition means being satisfied.
|