INFORMATION PROCESSING TRMINAL, METHOD, PROGRAM, AND INTEGRATED CIRCUIT FOR CONTROLLING ACCESS TO CONFIDENTIAL INFORMATION, AND RECORDING MEDIUM HAVING THE PROGRAM RECORDED THEREON

US 20120060008A1
Filed: 02/09/2011
Published: 03/08/2012
Est. Priority Date: 03/15/2010
Status: Active Grant

First Claim

Patent Images

1. An information processing terminal for controlling access to confidential information, said terminal comprising:

a storage area in which general information and confidential information are recorded;

an input/output receiving unit configured to receive, from a user, an access command which is a command to access the general information or the confidential information recorded in said storage area;

an accessible area holding unit configured to hold an accessible area designation map which indicates an area of activity in which access to the confidential information is allowed; and

a confidential information access control unit configured to determine whether or not access to the confidential information is allowed in response to receiving the access command to the confidential information by said input/output receiving unit,wherein said confidential information access control unit includes;

a current location acquisition unit configured to acquire current location information indicating a current location of said information processing terminal;

an access determination unit configured to allow access to the confidential information when the location of said information processing terminal indicated in the current location information is on the accessible area designation map held in said accessible area holding unit; and

a confidential information access unit configured to access the confidential information recorded in said storage area in response to the allowance of the access by said access determination unit,wherein the accessible area designation map is expressed as a set of a plurality of sections,the confidential information recorded in said storage area is encrypted with a data key,the data key is encrypted with a distinct section key assigned to each of the sections, andsaid confidential information access unit is configured to generate the section key based on the current location information acquired by said current location acquisition unit, to decrypt the data key with the generated section key, and to decrypt the confidential information recorded in said storage area with the decrypted data key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the access determination unit (305).

16 Citations

View as Search Results

17 Claims

1. An information processing terminal for controlling access to confidential information, said terminal comprising:
- a storage area in which general information and confidential information are recorded;
  
  an input/output receiving unit configured to receive, from a user, an access command which is a command to access the general information or the confidential information recorded in said storage area;
  
  an accessible area holding unit configured to hold an accessible area designation map which indicates an area of activity in which access to the confidential information is allowed; and
  
  a confidential information access control unit configured to determine whether or not access to the confidential information is allowed in response to receiving the access command to the confidential information by said input/output receiving unit,wherein said confidential information access control unit includes;
  
  a current location acquisition unit configured to acquire current location information indicating a current location of said information processing terminal;
  
  an access determination unit configured to allow access to the confidential information when the location of said information processing terminal indicated in the current location information is on the accessible area designation map held in said accessible area holding unit; and
  
  a confidential information access unit configured to access the confidential information recorded in said storage area in response to the allowance of the access by said access determination unit,wherein the accessible area designation map is expressed as a set of a plurality of sections,the confidential information recorded in said storage area is encrypted with a data key,the data key is encrypted with a distinct section key assigned to each of the sections, andsaid confidential information access unit is configured to generate the section key based on the current location information acquired by said current location acquisition unit, to decrypt the data key with the generated section key, and to decrypt the confidential information recorded in said storage area with the decrypted data key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12)
- - 2. The information processing terminal according to claim 1,wherein the accessible area designation map indicates route information of said information processing terminal from a starting point to an arrival point.
  - 3. The information processing terminal according to claim 2,wherein said accessible area holding unit is configured to hold a plurality of the accessible area designation maps for different routes.
  - 4. The information processing terminal according to claim 2, further comprisingan updating unit configured to update content of said accessible area holding unit with the accessible area designation map which is externally acquired.
  - 5. The information processing terminal according to claim 4,wherein said updating unit includes:
    - a media read/write unit configured to read the accessible area designation map from an external recording medium; and
      
      a route information write unit configured to write, to said accessible area holding unit, the accessible area designation map read from the external recording medium by said media read/write unit.
  - 6. The information processing terminal according to claim 4,wherein said updating unit includes:
    - a communication unit configured to communicate with an external server; and
      
      a route information write unit configured to write, to said accessible area holding unit, the accessible area designation map acquired from the external server by said communication unit.
  - 7. The information processing terminal according to claim 4,wherein said updating unit is further configured to calculate a first hash value by inputting acquired the accessible area designation map to a predetermined hash function, andsaid confidential information access control unit determines whether or not access to the confidential information is allowed when the first hash value calculated by said updating unit is equal to a second hash value obtained by inputting the accessible area designation map held in said accessible area holding unit to the predetermined hash function.
  - 8. The information processing terminal according to claim 1,wherein said confidential information access control unit is protected using tamper-resistant technology or Reactive Method.
  - 9. The information processing terminal according to claim 1,wherein the confidential information is recorded in a region of said storage area, having a protection level higher than the protection level of another region in which the general information is recorded.
  - 11. The information processing terminal according to claim 1,wherein the accessible area designation map is expressed as a set of a plurality of sections,said confidential information access control unit further includes:
    - a current location recording unit in which a section corresponding to the current location of said information processing terminal is recorded;
      
      a previous location recording unit in which a section where said information processing terminal has been present immediately before the section recorded in said current location recording unit is recorded; and
      
      a location update determination unit configured to cause said current location acquisition unit to acquire the current location information of said information processing terminal regularly, and when the section corresponding to the acquired current location information is different from the section recorded in said current location recording unit, said location update determination unit overwrites content of said previous location recording unit with the section which is recorded in said current location recording unit, and overwrites content of said current location recording unit with the section corresponding to the acquired current location information,wherein said access determination unit is configured to allow access to the confidential information when the section corresponding to the current location information acquired by said current location acquisition unit, and the section recorded in said previous location recording unit are adjacent to each other on the accessible area designation map at a timing when an access command to the confidential information is received by said input/output receiving unit.
  - 12. Information processing terminal according to claim 11,wherein the confidential information recorded in said storage area is encrypted with the data key,the data key is encrypted with a section key assigned to each of the sections, andsaid confidential information access unit generates the section key based on the section corresponding to the current position information acquired by said current location acquisition unit and the section recorded in said previous location recording unit, decrypts the data key with the generated section key, and decrypts the confidential information recorded in said storage area with the decrypted data key.

10. (canceled)

13. A method of controlling access to confidential information, said method being performed by an information processing terminal including an storage area in which general information and confidential information are recorded, and an accessible area holding unit configured to hold an accessible area designation map, the accessible area designation map indicating an area of activity in which access to the confidential information is allowed, said method comprising:
- receiving an access command from a user to the general information or the confidential information recorded in the storage area; and
  
  determining whether or not access to the confidential information is allowed in response to the access command to the confidential information, received in said receiving,said determining includes;
  
  acquiring current location information indicating a current location of the information processing terminal;
  
  allowing access to the confidential information when the location of the information processing terminal indicated by the current location information is on the accessible area designation map held in the accessible area holding unit; and
  
  accessing the confidential information recorded in the storage area in response to the access allowed in said allowingwherein the accessible area designation map is expressed as a set of a plurality of sections,the confidential information recorded in said storage area is encrypted with a data key,the data key is encrypted with a distinct section key assigned to each of the sections, andin said accessing, the section key is generated based on the current location information acquired in said acquiring, the data key is decrypted with the generated section key, and the confidential information recorded in said storage area is decrypted with the decrypted data key.
- View Dependent Claims (14, 16)
- - 14. The method of controlling access to confidential information according to claim 13,wherein the accessible area designation map is expressed as a set of a plurality of sections,said information processing terminal further includes:
    - a current location recording unit in which a section corresponding to the current location of said information processing terminal is recorded; and
      
      a previous location recording unit in which a section where said information processing terminal has been present immediately before the section recorded in said current location recording unit is recorded,wherein said determining further includes acquiring the current location information of said information processing terminal regularly, and when the section corresponding to the acquired current location information is different from the section recorded in said current location recording unit, said determining includes overwriting said previous location recording unit with the section which is recorded in said current location recording unit, and overwriting said current location recording unit with a section corresponding to the acquired current location information, andsaid access determination unit is configured to allow access to the confidential information when the section corresponding to the current location information acquired by said current location acquisition unit, and the section recorded in the previous location information are adjacent to each other on the accessible area designation map at a timing when an access command to the confidential information is received by said input/output receiving unit.
  - 16. A non-transitory computer-readable recording medium on which a program is recorded, the program causing a computer to execute the method of controlling access to confidential information according to claim 13.

15. (canceled)

17. An integrated circuit for controlling access to confidential information, comprising:
- a storage area in which general information and confidential information are recorded;
  
  an input/output receiving unit configured to receive an access command from a user to the general information or the confidential information recorded in said storage area;
  
  an accessible area holding unit configured to hold an accessible area designation map, the accessible area designation map indicating an area of activity in which access to the confidential information is allowed; and
  
  a confidential information access control unit configured to determine whether or not access to the confidential information is allowed in response to receiving an access command to the confidential information at said input/output receiving unit,wherein said confidential information access control unit includes;
  
  a current location acquisition unit configured to acquire current location information indicating a current location of said information processing terminal;
  
  an access determination unit configured to allow access to the confidential information when the location of said information processing terminal indicated by the current location information is on the accessible area designation map held in said accessible area holding unit; and
  
  a confidential information access unit configured to access to the confidential information recorded in said storage area in response to the access allowed by said access determination unit,wherein the accessible area designation map is expressed as a set of a plurality of sections,the confidential information recorded in said storage area is encrypted with a data key,the data key is encrypted with a distinct section key assigned to each of the sections, andsaid confidential information access unit is configured to generate the section key based on the current location information acquired by said current location acquisition unit, to decrypt the data key with the generated section key, and to decrypt the confidential information recorded in said storage area with the decrypted data key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Matsushima, Hideki, Matsuzaki, Natsume, Kobayashi, Kouji, Nonaka, Masao

Granted Patent

US 8,656,127 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

INFORMATION PROCESSING TRMINAL, METHOD, PROGRAM, AND INTEGRATED CIRCUIT FOR CONTROLLING ACCESS TO CONFIDENTIAL INFORMATION, AND RECORDING MEDIUM HAVING THE PROGRAM RECORDED THEREON

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING TRMINAL, METHOD, PROGRAM, AND INTEGRATED CIRCUIT FOR CONTROLLING ACCESS TO CONFIDENTIAL INFORMATION, AND RECORDING MEDIUM HAVING THE PROGRAM RECORDED THEREON

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links