Communications system, communications device used in same, management device, and information terminal
Abstract
A communications system includes a device connected to information terminals to enable a plurality of information terminals, mutually exchange data via a global network and enable highly confidential mutual communications between the information terminals included. The communications device includes a unit storing user authentication information for performing user authentication via the connected information terminal and pre-storing a device authentication listing pieces of device information in authentication of each communications device with regard to all the communications devices in the same group, the device authentication list being pre-stored in a state where the device authentication list is inaccessible from the user. When exchange of data is performed between the information terminals via the global network, the communications device configured to carry out user authentication process with the information terminal using the user authentication information and device-to-device authentication process with another communications device by referring to the device authentication list.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A communications device used for a communications system in which a plurality of information terminals included in a same group exchange data with each other via a global network, the communications device being connected to a first information terminal included in the group, and being connected to other communications device connected to a second information terminal included in the group via the global network, comprising:
a storage unit configure to store user authentication information for performing authentication of a user via the first information terminal and pre-store a device authentication list listing pieces of device authentication information necessary in authentication of all the communications devices in the group including the other communications device, the device authentication list being pre-stored in a state where at least part of the device authentication list is inaccessible externally; a user authentication unit configured to determine whether or not permission for access should be given in response to an access request from the first information terminal in accordance with the user authentication information stored in the storage unit; a device-to-device authentication unit configured to carry out device-to-device authentication process with the other communications device in accordance with the device authentication list stored in the storage unit; an input/output unit configured to input and output information to and from the first information terminal to which permission to access is given by the user authentication unit; and a data transmission/reception unit configured to perform transmission and reception of data with the other communications device authenticated by the device-to-device authentication unit.
2 . The communications device according to claim 1 , wherein
the device authentication list includes device authentication information including a device ID and a password of a valid user of each of already-registered communications devices in the group and device authentication information including a device ID and a password of a provisional user predefined for an unregistered communications device in the group, and when a new user is registered in the group, the communications device enables the device ID and the password of the provisional user, and notifies the enabled device ID of the user to all the communications devices.
3 . The communications device according to claim 1 , wherein
the device authentication list includes a provisional group name predefined for an unregistered group and device authentication information including a device ID and a password of a provisional user included in the provisional group name, and when a new group is registered, the communications device rewrites the provisional group name to a true group name, enables a device ID and a password of at least part of the provisional users of the true group name, and notifies the rewritten true group name and the device ID of the enabled users to a communications device of the enabled user of the new group.
4 . The communications device according to claim 1 , wherein
the storage unit stores an encryption key for performing encrypted communication with the other communications device or trigger information for triggering generation of the encryption key, the encryption key or the trigger information being stored in a state where the encryption key or the trigger information is inaccessible externally.
5 . The communications device according to claim 1 , being connected to, as the first information terminal, any pieces of equipment including a personal computer, a smartphone and a tablet terminal, which are operated by the user, and/or any pieces of equipment including IoT equipment, M2M equipment, a camera, a robot, remote operation equipment, an automobile and AI equipment, which receive and transmit various pieces of data.
6 . The communications device according to claim 1 , further comprising:
a history analysis unit configured to analyze communication history stored as needed in the storage unit; and an abnormality determination unit configured to determine an unauthorized access or an unauthorized operation in accordance with the communication history analyzed by the history analysis unit.
7 . The communications device according to claim 1 , comprising a sensor and being configured to determine whether or not the communications device is in an originally used state by referring to information acquired from the sensor.
8 . The communications device according to claim 1 , wherein the input/output unit is configured to display, to the first information terminal, a data entry screen imitating a postal item or a slip as a user interface.
9 . The communications device according to claim 1 , having an AI function carrying out machine learning based on data acquired from the other communications device and providing an optimum solution.
10 . The communications device according to claim 1 , being an IC card or a SIM attached to the first information terminal.
11 . A management device used for a communications system in which a first information terminal and a second information terminal included in a same group exchange data with each other via a global network connected with a first communications device connected to the first information terminal and a second communications device connected to the second information terminal, the management device being connected to the first communications device and the second communications device via the global network, comprising:
a storage unit configured to pre-store a device authentication list listing pieces of device authentication information necessary in authentication of all the communications devices in the group including the first communications device and the second communications device; and a device-to-device authentication unit configured to carry out at least part of device-to-device authentication process between the first communications device and the second communications device in accordance with the device authentication list stored in the storage unit.
12 . An information terminal in which a communications device is incorporated, wherein
the communications device is used for a communications system which exchanges data with other information terminal included in a same group as the information terminal via other communications device connected with the other information terminal and a global network, and the communications device comprises: a storage unit configured to store user authentication information for performing authentication of a user via the information terminal and pre-store a device authentication list listing pieces of device authentication information necessary in authentication of all the communications devices in the group, the device authentication list being pre-stored in a state where at least part of the device authentication list is inaccessible externally; a user authentication unit configured to determine whether or not permission for access should be given in response to an access request from the information terminal in accordance with the user authentication information stored in the storage unit; a device-to-device authentication unit configured to carry out device-to-device authentication process with the other communications device in accordance with the device authentication list stored in the storage unit; an input/output unit configured to input and output information to and from the information terminal to which permission to access is given by the user authentication unit; and a data transmission/reception unit configured to perform transmission and reception of data with the other communications device authenticated by the device-to-device authentication unit.
13 . The information terminal according to claim 12 , comprising a secret area which is inaccessible externally, wherein
the communications device is at least one of an EPROM unit incorporated in the secret area, and an IC card and a SIM to be attached to the information terminal.
14 . The information terminal according to claim 12 , wherein
the communications device is a communication circuit and communication software incorporated into the information terminal or a communication circuit and software incorporated into a SIM attached to the information terminal.
15 . The communications device according to claim 1 , wherein
the storage unit includes a normal area in which a general-purpose OS operates and a secure area in which a secure dedicated OS operates, and the user authentication information and the device authentication list are stored in the secure area.
16 . The management device according to claim 11 , wherein
the storage unit includes a normal area in which a general-purpose OS operates and a secure area in which a secure dedicated OS operates, and the user authentication information and the device authentication list are stored in the secure area.
17 . The information terminal according to claim 12 , wherein
the storage unit includes a normal area in which a general-purpose OS operates and a secure area in which a secure dedicated OS operates, and the user authentication information and the device authentication list are stored in the secure area.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.