Security system, management apparatus, permission apparatus, terminal apparatus, security method and program
First Claim
1. A security system comprising:
- a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database, and outputting information representing any of the registration identification information; and
a first permission apparatus receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, storing setting information comprising the information representing the first partial registration identification information, receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus; and
a second permission apparatus receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, storing second setting information comprising the information representing the second partial registration identification information, receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus;
whereinan intersection of the first proper subset and the second proper subset is empty; and
the first partial authority information is different from the second partial authority information.
1 Assignment
0 Petitions
Accused Products
Abstract
At the time of setting authority, a management apparatus stores a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputs information representing any of the registration identification information; and a permission apparatus receives and stores the information. At the time of exercising the authority, the terminal apparatus outputs information representing identification information, and the permission apparatus receives the information and, when the identification information corresponds to registration identification information comprised in setting information, outputs information representing authority exercise information required to exercise the authority. The terminal apparatus receives the information representing the authority exercise information and outputs a drive signal corresponding to the authority exercise information. By this drive signal, a drive apparatus, which is a tangible object, is physically driven.
-
Citations
8 Claims
-
1. A security system comprising:
-
a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database, and outputting information representing any of the registration identification information; and a first permission apparatus receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, storing setting information comprising the information representing the first partial registration identification information, receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus; and a second permission apparatus receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, storing second setting information comprising the information representing the second partial registration identification information, receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus;
whereinan intersection of the first proper subset and the second proper subset is empty; and the first partial authority information is different from the second partial authority information. - View Dependent Claims (2)
-
-
3. A security system comprising:
-
a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputting information representing any of the registration identification information; and a first permission apparatus receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, wherein first partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles; the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, wherein the first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and the first permission apparatus stores the first partial authority information, and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs information representing the first authority exercise information obtained based on a first secret decryption key corresponding to the first public encryption key, a third public encryption key corresponding to the first partial registration identification information and the first partial authority information, the information representing the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext. - View Dependent Claims (4)
-
-
5. A security system comprising:
-
a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputting information representing any of the registration identification information; a first permission apparatus receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority; the terminal apparatus; and a first key management apparatus, wherein first partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles; the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information; the first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and the first key management apparatus stores a first secret decryption key corresponding to the first public encryption key; the first permission apparatus stores the first partial authority information and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs the first partial authority information; the terminal apparatus outputs information corresponding to the first partial authority information and a third public encryption key corresponding to the first partial registration identification information; when the third public encryption key and the information corresponding to the first partial authority information are sent, the first key management apparatus uses the information corresponding to the first partial authority information, the third public encryption key, and the first secret decryption key to obtain and output information corresponding to the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext; and the terminal apparatus receives the information corresponding to the first authority exercise information and obtains the first authority exercise information by a self-correction process using the information corresponding to the first authority exercise information.
-
-
6. A security method comprising the steps of:
-
outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and the registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database; receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, and storing setting information comprising the information representing the first partial registration identification information, at a first permission apparatus; and receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus, at the first permission apparatus; receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, and storing second setting information comprising the information representing the second partial registration identification information, at a second permission apparatus; receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus, at the second permission apparatus;
whereinan intersection of the first proper subset and the second proper subset is empty; and the first partial authority information is different from the second partial authority information.
-
-
7. A security method comprising the steps of:
-
outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database; receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, at a first permission apparatus; and receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, at the first permission apparatus, wherein first partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles; the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, wherein the first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and the first permission apparatus stores the first partial authority information, and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs information representing the first authority exercise information obtained based on a first secret decryption key corresponding to the first public encryption key, a third public encryption key corresponding to the first partial registration identification information and the first partial authority information, the information representing the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext.
-
-
8. A security method comprising the steps of:
-
outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database; receiving the information representing any of the registration identification information, and storing setting information comprising the information representing any of the registration identification information, at a first permission apparatus; and receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, the first permission apparatus;
whereinfirst partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles; the security method further comprising the steps of; receiving information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, at the first permission apparatus, wherein the first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; storing a first secret decryption key corresponding to the first public encryption key at a first key management apparatus; storing the first partial authority information and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting the first partial authority information, at the first permission apparatus; outputting information corresponding to the first partial authority information and a third public encryption key corresponding to the first partial registration identification information at the terminal apparatus; when the third public encryption key and the information corresponding to the first partial authority information are sent, using the information corresponding to the first partial authority information, the third public encryption key, and the first secret decryption key to obtain and output information corresponding to the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext, at the first key management apparatus; and receiving the information corresponding to the first authority exercise information and obtaining the first authority exercise information by a self-correction process using the information corresponding to the first authority exercise information at the terminal apparatus.
-
Specification