Search

EP-3916701-B1 - UTILIZATION MANAGEMENT SYSTEM, MANAGEMENT DEVICE, UTILIZATION CONTROL DEVICE, UTILIZATION MANAGEMENT METHOD, AND COMPUTER-READABLE PROGRAM

EP3916701B1EP 3916701 B1EP3916701 B1EP 3916701B1EP-3916701-B1

Inventors

  • EJIRI, YUKI
  • YAMAMOTO, HIROSHI

Dates

Publication Date
20260513
Application Date
20191218

Claims (12)

  1. A utilization management system that manages use of a usage target object, comprising: a utilization control device (1) that controls use of the usage target object (50) by locking/unlocking, access control or encrypting/decrypting based on a use permit; a management device (2) that manages the usage target object by association with the utilization control device; a provider terminal (3) that sets hole data required for verification of the use permit in the utilization control device; and a user terminal (4) that notifies the utilization control device of the use permit, wherein the management device comprises: a transaction management means (205) that manages transaction information including conditions for using the usage target object; an object management means (203) that manages a first secret key/public key in association with the utilization control device; a hole management means (204) that manages a second secret key/public key in association with the utilization control device; a hole data processing means (208) that generates a first signature on the hole data including the second public key managed by the hole management means by using the first secret key managed by the object management means to send the hole data and the first signature to the provider terminal; and a use permit processing means (211) that generates a second signature on the use permit including the transaction information managed by the transaction management means by using the second secret key managed by the hole management means to send the use permit and the second signature to the user terminal; the provider terminal sends the hole data and the first signature received from the management device to the utilization control device via Near Field Communication; the user terminal sends the use permit and the second signature received from the management device to the utilization control device via the Near Field Communication; and the utilization control device communicates only via the Near Field Communication, and comprises: a hole setting means (13) that verifies the first signature received together with the hole data from the provider terminal by using the pre-registered first public key to set the hole data in the utilization control device itself when the verification is established; a transaction information obtaining means (15) that verifies the second signature received together with the use permit from the user terminal by using the second public key included in the hole data set in the utilization control device itself to obtain the transaction information included in the use permit when the verification is established; and a lifting means (14) that lifts restriction on use of the usage target object with referring to the transaction information obtained by the transaction obtaining means when conditions specified by the transaction information are satisfied.
  2. A utilization management system according to claim 1, wherein in the management device (2), the transaction management means (205) manages the transaction information with a use permit obtainable time being included in the transaction information; and when the use permit processing means (211) receives a use permit request accompanied by designation of the transaction information from the user terminal (4) and it is after the use permit obtainable time included in the transaction information designated by the use permit request and managed by the transaction management means, the use permit processing means: generates the use permit that includes the transaction information; generates the second signature on the use permit by using the second secret key managed by the hole management means (204); and sends the use permit and the second signature to the user terminal.
  3. A utilization management system according to claim 2, wherein the management device (2) further comprises: a transaction approval/disapproval inquiry means (209) that sends to the provider terminal (3) a transaction approval/disapproval inquiry that includes conditions on use of the usage target object (50) and that inquiries about transaction approval/disapproval of services for using the usage target object, when the transaction approval/disapproval inquiry means receives a use request that includes the conditions on use of the usage target object from the user terminal (4); and a transaction information processing means (210) that generates the transaction information that includes the conditions on use of the usage target object included in the transaction approval/disapproval inquiry and the use permit obtainable time and sends a transaction establishment notice that includes the use permit obtainable time to the user terminal, when a transaction acceptance response is received from the provider terminal as a response to the transaction approval/disapproval inquiry sent from the transaction approval/disapproval inquiry means to the provider terminal.
  4. A utilization management system according to any one of claims 1 - 3, wherein in the management device (2), when a hole generation request accompanied by designation of the utilization control device (1) is received from the provider terminal (3), the hole data processing means (208): generates the second secret key/public key; generates according to the hole generation request the first signature on the hole data that includes the second public key by using the first secret key managed by the object management means (203); and sends the hole data and the first signature to the provider terminal.
  5. A utilization management system according to any one of claims 1 - 4, wherein the management device (2) further comprises an object registration request processing means (207) that generates the first secret key/public key and sends an object registration notice that includes the first public key to the provider terminal (3), when an object registration request accompanied by designation of the utilization control device (1) is received from the provider terminal; the provider terminal sends the object registration notice received from the management device to the utilization control device via the Near Field Communication; and the utilization control device registers the first public key included in the object registration notice received from the provider terminal.
  6. A utilization management system of according to any one of claims 1 - 5, wherein in the management device (2), the hole management means (204) manages also a common key by association with the utilization control device (1); the hole data processing means (208) sends the hole data with the common key being included in the hole data; and the use permit processing means (211) uses the common key to encrypt the transaction information to be included in the use permit; and in the utilization control device, the transaction information obtaining means (15) uses the common key included in the hole data that is set in the utilization control device itself to decrypt the encrypted transaction information included in the use permit.
  7. A utilization management system according to any one of claims 1 - 6, further comprising an ID reader connected to the utilization control device (1), wherein in the management device (2), the transaction management means (205) manages the transaction information that includes, as one of the conditions for using the usage target object (50), a list of permission IDs required for using the usage target object; and in the utilization control device (1), when the ID reader reads a permission ID from an ID storage medium, the lifting means (14) lifts the restriction on use of the usage target object if the permission ID exists in the list of permission IDs included in the conditions specified by the transaction information obtained by the transaction information obtaining means (15) and the conditions specified by the transaction information other than the list are satisfied.
  8. A management device (2) for managing a utilization control device (1) adapted to control, based on a use permit, use of a usage target object (50) by locking/unlocking, access control, or encrypting/decrypting, the management device comprising: a transaction management means (205) that manages transaction information that includes conditions for using the usage target object; an object management means (203) that manages a first secret key/public key by association with the utilization control device; a hole management means (204) that manages a second secret key/public key by association with the utilization control device; a hole data processing means (208) that generates a first signature on hole data required for verification of the use permit and including the second public key managed by the hole management means by using the first secret key managed by the object management means to send the hole data and the first signature to a provider terminal (3) for setting the hole data to the utilization control device; and a use permit processing means (211) that generates a second signature on the use permit including the transaction information managed by the transaction management means by using the second secret key managed by the hole management means to send the use permit and the second signature to a user terminal (4) for notifying the utilization control device of the use permit.
  9. A utilization control device (1) that controls use of a usage target object (50) by locking/unlocking, access control, or encrypting/decrypting, based on a use permit, wherein the utilization control device communicates only via Near Field Communication, and comprises: a hole setting means (13) that verifies a first signature received together with hole data required for verification of a use permit from a provider terminal (3) by using a pre-registered first public key to set the hole data in the utilization control device itself when the verification is established; and a lifting means (14) that verifies a second signature received together with a use permit from a user terminal (4) by using a second public key included in the hole data set in the utilization control device itself to refer to transaction information included in the use permit when the verification is established and to lift restriction on use of the usage target object when conditions specified by the transaction information are satisfied.
  10. A utilization management method for managing use of a usage target object by using: a utilization control device (1) that controls use of the usage target object (50) by locking/unlocking, access control, or encrypting/decrypting based on a use permit; a management device (2) that manages the usage target object by association with the utilization control device; a provider terminal (3) that sets hole data required for verification of the use permit in the utilization control device; and a user terminal (4) that notifies the utilization control device of the use permit, wherein the management device manages transaction information including conditions for using the usage target object, and manages a first secret key/public key and a second secret key/public key in association with the utilization control device; generates (S128) a first signature on the hole data including the second public key by using the first secret key to send the hole data and the first signature to the provider terminal; and generates (S169) a second signature on the use permit including the transaction information by using the second secret key to send the use permit and the second signature to the user terminal; the provider terminal sends (S131) the hole data and the first signature received from the management device to the utilization control device via Near Field Communication; the user terminal sends (S182) the use permit and the second signature received from the management device to the utilization control device via the Near Field Communication; the utilization control device: communicates only via the Near Field Communication; verifies (S132) the first signature received together with the hole data from the provider terminal by using the pre-registered first public key to set the hole data in the utilization control device itself when the verification is established; and verifies (S183) the second signature received together with the use permit from the user terminal by using the second public key included in the hole data set in the utilization control device itself to refer to the transaction information included in the use permit when the verification is established and to lift (S186) restriction on use of the usage target object if the conditions specified by the transaction information are satisfied (S185).
  11. A computer-readable program, wherein the program, when executed by a computer, cause the computer to function as a management device (2) that manages a utilization control device (1) for controlling use of a usage target object (50) by locking/unlocking, access control, or encrypting/decrypting based on a use permit; and the management device: manages transaction information including conditions for using the usage target object; manages a first secret key/public key in association with the utilization control device; manages a second secret key/public key in association with the utilization control device; generates a first signature on hole data required for verification of the use permit and including the second public key managed by a hole management means by using the first secret key managed by the object management means to send the hole data and the first signature to a provider terminal (3) for setting the hole data to the utilization control device; and generates a second signature on the use permit including the transaction information managed by a transaction management means by using the second secret key managed by the hole management means to send the use permit and the second signature to a user terminal (4) for notifying the utilization control device of the use permit.
  12. A computer-readable program, wherein the program, when executed by a computer, cause the computer to function as a utility control device (1) that controls use of a usage target object (50) by locking/unlocking, access control, or encrypting/decrypting, based on a use permit; and the utilization control device: communicates only via Near Field Communication, and verifies a first signature received together with hole data required for verification of a use permit from a provider terminal (3) by using a pre-registered first public key to set the hole data in the utilization control device itself when the verification is established; and verifies a second signature received together with a use permit from a user terminal (4) by using a second public key included in the hole data set in the utilization control device itself to refer to transaction information included in the use permit when the verification is established and lifts restriction on use of the usage target object with referring to the transaction information obtained by a transaction obtaining means when conditions specified by the transaction information are satisfied.

Description

Technical Field The present invention relates to a utilization management technique for managing use of a usage target object whose use can be limited by locking/unlocking, access control, or encrypting/decrypting. As such a usage target object, it is possible to mention an entrance of a hotel, an inn, a guesthouse, a house, a warehouse, or a room, a moving body such as an automobile or a bicycle, and a browsing terminal for an electronic medium containing an electronic medical record or an electronic book, for example. Background Art The Patent Literature 1 discloses a system in which, by carrying a room key only, a user can use various services, including locking and unlocking of a room, in a facility such as a corporate facility, a hospital, a game hall, a public facility, or the like. This system comprises: a room key having a Radio Frequency Identification (RFID) tag that can store information such as a room number, a password, customer information, or the like and readable and writable; RFID readers, which are installed at various places of the facility for reading and writing information from and into the RFID tag of the room key; a database, which stores information on rooms and equipment in the facility; and a server, which is connected to the RFID readers and the database via a network and performs management of the rooms and the equipment in the facility. For example, an RFID reader installed at a door or in a room in the facility reads information stored in an RFID tag of a room key and sends the information to the server. Receiving the information, the server compares the room number contained in the information received from the RFID reader with the room number of the room in which the RFID reader is installed, to lock or unlock the room. Citation List Patent Literature Patent Literature 1: Japanese Unexamined Patent Application Laid-Open No. 2003-132435 US 2016/212137 A1 discloses a permissions management system for data processing devices using a private key guest and owner pairs of public and private keys for signing certificates and access control lists. Summary of Invention Technical Problem The system of the Patent Literature 1, however, premises that a room key is lent out and returned at a reception desk of a facility such as a corporate facility, a hospital, a game hall, or a public facility. Therefore, even if a reservation of the facility is made via the Internet, a user of the facility must stop at the reception desk of the management section of the facility in order to borrow a room key before moving to the reserved facility. Further, after using the facility, the user must stop at the reception desk of the management section in order to return the room key. Accordingly, a geographical distance between the reserved facility and the management section managing the facility causes inconvenience to the user. Further, in the system of the Patent Literature 1, the RFID readers installed at various places of the facility read information stored in the RFID tag of a room key, and send the information to the server via the network. Accordingly, in the case where the server is placed outside the facility and the RFID readers installed at various places inside the facility are connected to the server placed outside the facility via the Internet, read information is transmitted over the Internet each time when an RFID reader reads information from the RFID tag of a room key. This therefore increases the security risk. The present invention has been made taking the above situation into consideration. An object of the invention is to reduce security risks while improving convenience in a utilization management technique for managing use of a usage target object whose use can be restricted by locking/ unlocking, access control, or encrypting/decrypting, the usage target object including an entrance of a hotel, an inn, a guesthouse, a house, a warehouse, or a room, a moving body such as an automobile or a bicycle, and a browsing terminal for an electronic medium containing an electronic health record or an electronic book, for example. Solution to Problem To solve the above problems, the present invention provides a utilization control device that controls use of the usage target object by locking/unlocking, access control or encrypting/decrypting based on a use permit; a management device that manages the usage target object by association with the utilization control device; a provider terminal that sets hole data required for verification of the use permit in the utilization control device; and a user terminal that notifies the utilization control device of the use permit. Here, the utilization control device can communicate only via Near Field Communication, and is separated from a network. Further, the utilization control device stores a first public key that is the pair to a first secret key stored being associated with the utilization control device in the management device. When the util