Security system, management apparatus, permission apparatus, terminal apparatus, security method and program

US 10,275,960 B2
Filed: 05/12/2015
Issued: 04/30/2019
Est. Priority Date: 05/13/2014
Status: Active Grant

First Claim

Patent Images

1. A security system comprising:

a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database, and outputting information representing any of the registration identification information; and

a first permission apparatus receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, storing setting information comprising the information representing the first partial registration identification information, receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus; and

a second permission apparatus receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, storing second setting information comprising the information representing the second partial registration identification information, receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus;

whereinan intersection of the first proper subset and the second proper subset is empty; and

the first partial authority information is different from the second partial authority information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At the time of setting authority, a management apparatus stores a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputs information representing any of the registration identification information; and a permission apparatus receives and stores the information. At the time of exercising the authority, the terminal apparatus outputs information representing identification information, and the permission apparatus receives the information and, when the identification information corresponds to registration identification information comprised in setting information, outputs information representing authority exercise information required to exercise the authority. The terminal apparatus receives the information representing the authority exercise information and outputs a drive signal corresponding to the authority exercise information. By this drive signal, a drive apparatus, which is a tangible object, is physically driven.

Citations

8 Claims

1. A security system comprising:
- a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database, and outputting information representing any of the registration identification information; and
  
  a first permission apparatus receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, storing setting information comprising the information representing the first partial registration identification information, receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus; and
  
  a second permission apparatus receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, storing second setting information comprising the information representing the second partial registration identification information, receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus;
  
  whereinan intersection of the first proper subset and the second proper subset is empty; and
  
  the first partial authority information is different from the second partial authority information.
- View Dependent Claims (2)
- - 2. The security system according to claim 1, whereinthe registration identification information comprises a public encryption key in accordance with asymmetric key cryptography;
    - andthe first authority exercise information is ciphertext obtained by encrypting secret information required to exercise the authority, using the registration identification information corresponding to the identification information.

3. A security system comprising:
- a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputting information representing any of the registration identification information; and
  
  a first permission apparatus receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, whereinfirst partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles;
  
  the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, whereinthe first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and
  
  the first permission apparatus stores the first partial authority information, and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs information representing the first authority exercise information obtained based on a first secret decryption key corresponding to the first public encryption key, a third public encryption key corresponding to the first partial registration identification information and the first partial authority information, the information representing the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext.
- View Dependent Claims (4)
- - 4. The security system according to claim 3, comprising a first key management apparatus storing the first secret decryption key, whereinwhen the identification information corresponds to the first partial registration identification information comprised in the setting information, the first permission apparatus outputs the third public encryption key and information corresponding to the first partial authority information;
    - when the third public encryption key and the information corresponding to the first partial authority information are sent, the first key management apparatus uses the information corresponding to the first partial authority information, the third public encryption key, and the first secret decryption key to obtain and output information corresponding to the first authority exercise information; and
      
      the first permission apparatus receives the information corresponding to the first authority exercise information and obtains the first authority exercise information by a self-correction process using the information corresponding to the first authority exercise information.

5. A security system comprising:
- a management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputting information representing any of the registration identification information;
  
  a first permission apparatus receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority;
  
  the terminal apparatus; and
  
  a first key management apparatus, whereinfirst partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles;
  
  the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information;
  
  the first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and
  
  the first key management apparatus stores a first secret decryption key corresponding to the first public encryption key;
  
  the first permission apparatus stores the first partial authority information and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs the first partial authority information;
  
  the terminal apparatus outputs information corresponding to the first partial authority information and a third public encryption key corresponding to the first partial registration identification information;
  
  when the third public encryption key and the information corresponding to the first partial authority information are sent, the first key management apparatus uses the information corresponding to the first partial authority information, the third public encryption key, and the first secret decryption key to obtain and output information corresponding to the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext; and
  
  the terminal apparatus receives the information corresponding to the first authority exercise information and obtains the first authority exercise information by a self-correction process using the information corresponding to the first authority exercise information.

6. A security method comprising the steps of:
- outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and the registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database;
  
  receiving information representing first partial registration identification information which is elements of a first proper subset of a universal set constituted by the plurality of pieces of the registration identification information, and storing setting information comprising the information representing the first partial registration identification information, at a first permission apparatus; and
  
  receiving information representing identification information which is output from a first terminal apparatus and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting information representing authority exercise information required to exercise the authority corresponding to first partial authority information which is the authority information associated with the first partial registration identification information, the information representing the first authority exercise information being input to the first terminal apparatus which outputs a first drive signal corresponding to the first authority exercise information, the first drive signal being a signal for physically driving a first drive apparatus, at the first permission apparatus;
  
  receiving information representing second partial registration identification information which is elements of a second proper subset of the universal set, and storing second setting information comprising the information representing the second partial registration identification information, at a second permission apparatus;
  
  receiving information representing second identification information which is output from a second terminal apparatus and, when the second identification information corresponds to the second partial registration identification information comprised in the second setting information, outputting information representing second authority exercise information required to exercise authority corresponding to second partial authority information which is the authority information associated with the second partial registration identification information, the information representing the second authority exercise information being input to the second terminal apparatus which outputs a second drive signal corresponding to the second authority exercise information, the second drive signal being a signal for physically driving a second drive apparatus, at the second permission apparatus;
  
  whereinan intersection of the first proper subset and the second proper subset is empty; and
  
  the first partial authority information is different from the second partial authority information.

7. A security method comprising the steps of:
- outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database;
  
  receiving the information representing any of the registration identification information, storing setting information comprising the information representing any of the registration identification information, at a first permission apparatus; and
  
  receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, at the first permission apparatus, whereinfirst partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles;
  
  the first permission apparatus receives information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, whereinthe first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information; and
  
  the first permission apparatus stores the first partial authority information, and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputs information representing the first authority exercise information obtained based on a first secret decryption key corresponding to the first public encryption key, a third public encryption key corresponding to the first partial registration identification information and the first partial authority information, the information representing the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext.

8. A security method comprising the steps of:
- outputting information representing any of registration identification information from a management apparatus, the management apparatus storing a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, a plurality of pieces of the authority information and a plurality of pieces of the registration identification information being associated in the database;
  
  receiving the information representing any of the registration identification information, and storing setting information comprising the information representing any of the registration identification information, at a first permission apparatus; and
  
  receiving information representing identification information, and, when the identification information corresponds to any of the registration identification information comprised in the setting information, outputting information representing first authority exercise information required to exercise the authority, the first permission apparatus;
  
  whereinfirst partial authority information is the authority information corresponding to a part of authorities that the first permission apparatus handles;
  
  the security method further comprising the steps of;
  
  receiving information representing first partial registration identification information, which is the registration identification information associated with the first partial authority information, and stores the setting information comprising the first partial registration identification information, at the first permission apparatus, whereinthe first partial authority information comprises first ciphertext obtained by encrypting first secret information required to exercise authority corresponding to the first partial authority information with a first common key, and first common key ciphertext obtained by encrypting the first common key with a first public encryption key corresponding to the authority corresponding to the first partial authority information;
  
  storing a first secret decryption key corresponding to the first public encryption key at a first key management apparatus;
  
  storing the first partial authority information and, when the identification information corresponds to the first partial registration identification information comprised in the setting information, outputting the first partial authority information, at the first permission apparatus;
  
  outputting information corresponding to the first partial authority information and a third public encryption key corresponding to the first partial registration identification information at the terminal apparatus;
  
  when the third public encryption key and the information corresponding to the first partial authority information are sent, using the information corresponding to the first partial authority information, the third public encryption key, and the first secret decryption key to obtain and output information corresponding to the first authority exercise information comprising first common key re-encrypted ciphertext obtained by encrypting the first common key with the third public encryption key and the first ciphertext, at the first key management apparatus; and
  
  receiving the information corresponding to the first authority exercise information and obtaining the first authority exercise information by a self-correction process using the information corresponding to the first authority exercise information at the terminal apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
Fuji, Hitoshi, Yamamoto, Tomohide, Kobayashi, Tetsutaro, Yoshida, Reo
Primary Examiner(s)
Wilson, Brian

Application Number

US15/309,458
Publication Number

US 20170186255A1
Time in Patent Office

1,449 Days
Field of Search
US Class Current
CPC Class Codes

E05B 47/0001   with electric actuators; Co...

E05B 49/00   Electric permutation locks;...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/44   Program or device authentic...

G07C 2009/00412   the transmitted data signal...

G07C 9/00309   operated with bidirectional...

G07C 9/00571   operated by interacting wit...

G07C 9/38   with central registration

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Security system, management apparatus, permission apparatus, terminal apparatus, security method and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Security system, management apparatus, permission apparatus, terminal apparatus, security method and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links