JP2000078128A - Communication system, IC card, and recording medium - Google Patents

Abstract

(57) [Summary] [Problem] To prevent unauthorized use such as a reply attack that reuses a communication message once used even if an information message from one side of the communication to the other side is stolen by a malicious third party. be able to. A communication system that transmits a message through a network and evaluates verification information added to the message to confirm the validity of the message, and generates different verification information for each message transmission. Sending system 320 to add to the message
And a receiving-side system 330 that checks the validity of the verification information that is different each time.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication system and a recording medium, and more particularly, to a communication system, an IC card, and a recording medium characterized by a portion for preventing unauthorized use of electronic information exchanged via a network or the like. It is.

[0002]

2. Description of the Related Art With the recent development of computer communication technology, various kinds of communication have been performed through an open network such as the Internet, and even commercial transactions have come to be performed by this communication.

[0003] When conducting commerce communication via a public network or the like, it is particularly important to appropriately protect the communicator from malicious third parties. For this reason, in such communication messages, it is common to prevent unauthorized use by encrypting important information such as bank account numbers and passwords.

FIG. 15 is a diagram showing message transmission and reception during a commercial transaction by a conventional communication system. As shown in the figure, the user of the commercial transaction system creates a communication message by encrypting the account number and password of the communication message and adding the product name, transaction quantity and header to the message without encryption. I do. The message thus created is sent to the transaction server.

Further, as disclosed in Japanese Patent Application Laid-Open No. Hei 9-81634 ("Network Billing Method"), there is a method in which one-time use cryptographic information itself is used as a unit of transaction information.

[0006]

As described above, in the prior art, important information such as a bank account number and a password, an order product name, and a quantity are encrypted and used in a communication message or the like relating to a commercial transaction.

However, even if the information is encrypted,
The message itself may be misused by a third party. FIG. 16 is a diagram showing how a malicious third party abuses a communication message of a commercial transaction system user.

[0008] Even if the commercial transaction message is encrypted, if the encryption result for the original information is the same, there is a problem that the result message remains unchanged even if the encryption is performed. In this case, if a transaction message encrypted by a malicious third party is acquired on a network and stolen, the stolen message itself is abused. In other words, even if the message is sent to the destination (commercial transaction system) again, since the commercial transaction system does not know that a malicious third party is impersonating the user, a commercial transaction that the user does not intend is completed. Become.

[0009] Such a sabotage action is called a reply attack. If the reply attack is performed frequently, the security of the commercial transaction is mediated, and the existence of the commercial transaction system via the public network is jeopardized. become. As shown in FIG. 15, even if not only the account number and the like but also the ordering information and the like are encrypted, the effectiveness as a defense against a reply attack is low.

[0010] The damage caused by such a reply attack is not caused only by the commercial transaction system. Even in a general communication system, if spoofing due to a reply attack prevails, it becomes difficult to safely operate a convenient communication system via a public line.

The present invention has been made in view of such circumstances, and even if an information message from one side of a communication to the other is stolen by a malicious third party, the communication message once used is re-used. Communication system capable of preventing unauthorized use of a reply attack and the like
It is intended to provide a C card and a recording medium.

[0012]

In order to solve the above problems, the invention according to claim 1 transmits a message through a network, evaluates verification information added to the message, and evaluates the message. This is performed for a communication system for confirming validity.

[0013] In this system, different verification information is generated from the transmission side system every time a message is transmitted, and is added to the message. On the other hand, the receiving system checks the validity of the different verification information every time.

Since the validity of the message is confirmed using the one-time verification information in this manner, it is possible to effectively prevent a third party from interfering. Next, according to a second aspect of the present invention, in the first aspect of the present invention, in the transmission-side system, verification information is generated by converting the original information by the verification information generating means.

The source information includes at least a counter value counted by the transmitting side counter means every time a message is transmitted. This base information may be, for example, the counter value itself, or may be, for example, a combination of a predetermined seed and a counter value.

Therefore, as the counter advances, the information itself, which is the source of the verification information, is changed every time a message is transmitted, and the security of communication is ensured. Next, the invention corresponding to claim 3 is the invention according to claim 2, wherein the receiving-side system includes:
The count value synchronized with the count value counted by the transmitting system is managed.

In the receiving system, the same information as the original information obtained including the count value managed by the receiving counter is converted by the verification information reproducing means, and the verification information is converted. Generated.

The verification information reproduced by the verification information reproducing unit and the verification information in the message are compared and collated by the validity evaluation unit, and the validity of the message is confirmed.

Therefore, even if the information message from one side of the communication to the other side is stolen by a malicious third party, it is possible to prevent unauthorized use such as a reply attack for reusing the once used communication message.

Next, the invention corresponding to claim 4 is the invention corresponding to claim 1, wherein in the transmission side system, the transmission side counter means counts the message verification information every time a message is transmitted. At least a counter value is included.

On the other hand, in the receiving side system, the receiving side counter means manages the count value synchronized with the count value counted in the transmitting side system.
Then, the validity evaluation unit extracts the count value from the message verification information, and determines that the count value in the received message is a value already counted based on the count value managed by the reception side counter unit. If so, the message is determined to be invalid.

Therefore, even if the information message from one side of the communication to the other side is stolen by a malicious third party, it is possible to prevent unauthorized use such as a reply attack for reusing the once used communication message.

Next, a fifth aspect of the present invention is a recording medium storing a program for causing a computer to realize the transmission side system according to the second aspect of the present invention.
The computer controlled by the program read from the recording medium functions as a transmission side system in the communication system of the second aspect.

Next, the invention corresponding to claim 6 is a recording medium storing a program for causing a computer to realize the receiving side system in the invention corresponding to claim 3.
The computer controlled by the program read from the recording medium functions as a receiving system in the communication system according to the third aspect.

Next, a seventh aspect of the present invention is a recording medium storing a program for causing a computer to realize the receiving system according to the fourth aspect of the present invention.
The computer controlled by the program read from the recording medium functions as a receiving system in the communication system according to the fourth aspect.

Next, the invention corresponding to claim 8 is an IC card which realizes the transmission side counter means of the transmission side system in the inventions corresponding to claims 2 to 4. Therefore, the computer system in which the IC card is inserted realizes the transmission system according to the second to fourth aspects of the present invention.

Next, the invention corresponding to claim 9 is an IC which realizes the verification information generation means and the transmission counter means of the transmission side system in the invention corresponding to claim 2 or 3.
Card. Therefore, the computer system in which the IC card is inserted realizes the transmission system according to the second or third aspect of the present invention.

[0028]

Embodiments of the present invention will be described below. (First Embodiment of the Invention) In the communication system of the present embodiment, an encrypted message containing important information such as a bank account number and a password is not fixed, but is effective only in one communication. Establish a mechanism. This makes it impossible to make a reply attack in which the encrypted important information is reused, thereby preventing unauthorized use of the important information by a malicious third party.

FIG. 1 is a diagram showing an example of the overall configuration of a commercial transaction system to which a communication system according to a first embodiment of the present invention is applied. FIG. 1 is a hardware configuration diagram showing physical components. The client PC 301, which is a personal computer on the user side, is a group of computers 306, 308, and 3 for actually providing commercial transactions such as banks and shops.
The transaction is made with a commercial transaction service system 330 composed of 10, 312 (hereinafter, also simply referred to as a server). The client-side system 320, which is a user, and the commercial transaction service system 330 are connected via the Internet 304 as a public network to configure a communication system, and exchange transaction messages.

The client side system 320 comprises a client PC 301, an IC card reading / writing device 302, and an IC card 303. On the other hand, the commercial transaction service system 330 includes a router 305, a public WW
W server 306, firewall 307, transaction server 308, authentication server 310, and IC card issuing device 31
2 is comprised. A transaction database 309 is connected to the transaction server 308, and an authentication database 311 is connected to the authentication server 310 and the IC card issuing device 312.

Hereinafter, each element will be described. The client PC 301 is a personal computer used by a user when using commercial transactions. It may be composed of a workstation or the like.

The IC card reading / writing device 302 is an IC card reading / writing device.
A contact point for exchanging information between the card 303 and the commercial transaction service system 330. Also, the IC card 330
Is a means for physically confirming the use of the user.

The router 305 is a physical contact between the Internet 304 and a network in the commerce service system 330. The public WWW server 306 is a primary window in the commercial transaction service system 330 that receives external access. Transaction server 308 that performs commercial transactions
Etc. are provided in order to prevent direct unauthorized attacks.

The firewall 307 restricts access from outside for preventing fraud. Transaction server 308
Provides commerce services on the Internet 304. In addition, the transaction database 309 stores data relating to commercial transactions and exchanges information with the transaction server 308.

The authentication server 310 performs user authentication based on the authentication data transmitted from the user. The authentication database 311 stores information required for authentication for each user (IC card 303).

The IC card issuing device 312 issues a new IC card 303 in cooperation with the authentication database 311. Next, the functional configuration of each unit will be described.

FIG. 2 is a block diagram showing a functional configuration of each unit in the communication system of the present embodiment. The client PC 301 includes a browser 402 for providing various services in communication with the Internet, an IC card reading /
IC card API 40 for input / output with writing device 302
4 and a client-side proxy 403 are provided. The client-side proxy 403 is in charge of processing such as connection to the Internet 304 on the client PC 301, and performs processing necessary for a message when performing commercial transactions by the present system.

On the other hand, the transaction server 308 is provided with a server-side proxy 411 for performing processing corresponding to the message processed by the client-side proxy 403, an encryption / decryption processing unit 414, an HTTP server 412, and a CGI program 413. ing.

The authentication server 310 and the IC card issuing device 312 are provided with an authentication process 416 and an issuance information generation process 419, respectively. The firewall 307 is provided with an HTTP proxy 420.

Next, the operation of the communication system according to the present embodiment configured as described above will be described. In a commercial transaction on the network, a message is exchanged for each transaction in several steps, and the transaction is usually completed when all the steps are completed. In the present embodiment, “identity authentication processing” for performing identity authentication is performed.
And message communication from the user to the commercial transaction service system 330 using the personal authentication mechanism will be described.

[Personal Authentication Processing] FIG. 3 is a diagram showing an outline of the personal authentication processing for confirming that the user operating the client-side system is correct.

First, a personal identification number (hereinafter referred to as a PIN (Personal dent) for certifying that the user is the owner of the IC card 303 from the authentication screen displayed on the browser 402 on the client PC 301.
application number) and a user number registered in the transaction service (hereinafter referred to as user I).
D) is input. In response to this input, user authentication using the PIN is performed by the IC card 303 (s1).

When the person operating the client PC 301 is authenticated by the IC card 303, the IC card authentication request data is created and encrypted (s2, s3). By transmitting the message with the necessary header added thereto, the authentication server is required to authenticate the IC card itself (s4).

This card authentication request message is relayed by the HTTP proxy 420 of the firewall 307 (s5), the card authentication data is taken out by the transaction server 308 (s6), and the card is authenticated by the authentication server 310 (s7, s7). s8). After the IC card authentication (s8), response data is created and encrypted and returned as an authentication response to the client PC 301 (s9, s10, s1).
1).

The authentication result of the IC card 303 by the commercial transaction service system 330 is displayed from the browser 402 (s12). The communication message from the client PC 301 includes a single-use phrase (hereinafter referred to as OTP (On), which is generated by the IC card 303 every time.
e TimePhrase) is incorporated so that a message having the same pattern does not flow more than once.

Next, each processing described in FIG. 3 will be described in more detail. (Authentication of Card User by PIN) The process of step s1 in FIG. 3 will be described.

FIG. 4 is a diagram showing authentication processing of a card user by PIN. First, in order to connect to the transaction server 308, the browser 402 sends an Internet address (hereinafter, “URL”) of the transaction server.
(Uniform Resource Locato
r)) is input by the user. At this time, it is necessary to confirm that the user is a valid owner of the IC card 303.

Therefore, the user inputs the URL of the transaction server into the browser and requests a connection (hereinafter referred to as “HTTP GE”).
("T request") (t1), the client-side proxy 403 recognizes that the request is a request to connect to the transaction server 308 from the URL.
Store the ET request temporarily.

The client-side proxy 403 recognizes that the user who issued the connection request is the owner of the IC card 303 mounted on the IC card reading / writing device 302 and the user of the transaction system. For this purpose, a screen for inputting the PIN of the IC card 303 and the user ID is displayed on the browser 402 (t2).

In response to this display, the user
When the PIN and the user ID are input from 02 (t3), the client-side proxy 403 transmits the input information to the IC card A
The PI 404 sends it to the IC card 303 via the IC card reading / writing device 302, and requests user authentication by PIN (t4).

The IC card 303 performs user authentication using the received PIN (t5) and sends the result to the client-side proxy 403. Individual IC if authentication is successful
Information generated by the IC card 303 for card identification (hereinafter referred to as “IC card identification information”) is also transmitted together with the result (t6). (Generation of IC Card Authentication Request Message) The processing of steps s2 and s3 in FIG. 3 will be mainly described.

The client-side proxy 403 on the client PC 301 sends an IC card 3
A data set (hereinafter, referred to as an “IC card authentication request message”) to be transmitted for requesting the authentication of No. 03 is generated.

When transmitting the generated message to the transaction server, there is a possibility that a malicious third party may intercept the message and receive a reply attack sent to the transaction server again. To prevent this, client-side proxy 403
Incorporates an OTP so as to have a different pattern every time a message having the same meaning is transmitted.

Hereinafter, generation of the IC card authentication request message will be described in order. FIG. 5 is a diagram showing how to generate IC card authentication data and how to create an IC card authentication request message.

First, the client side proxy 403
A TP generation request is created (u1), and this OTP generation request is notified to the IC card 303 (u2). This request is included when making the PIN authentication request (t4) in FIG.

When the IC card 303 is authenticated as a valid user (t5), it generates an OTP (FIG. 5: u).
3). OTP generation is performed as follows.

First, the IC card 303 has an OTP seed (hereinafter referred to as a “seed”) and a counter provided in the card. This seed is the same as one of the seed groups held by the authentication server 310 of the commercial transaction service system 330. In addition, each IC
A counter corresponding to the card 303 is also provided, and an OTP can be generated for each OTP counter value as described later.

The IC card 303 generates an OTP based on the seed and the counter value. In the generation of the OTP, for example, a one-way function is used, so that the seed cannot be restored from the OTP and the confidentiality of the seed is secured.

After generating the OTP, the IC card 303
The value of the counter is reduced by one, and the OTP and the OPT counter value reduced by one are transmitted to the client-side proxy 501 (FIG. 5: u4).

The client-side proxy 403, which has received the OTP and OPT counter values, stores the user ID and I stored in step t3 of the card user authentication process.
Data necessary for authentication in the transaction server 308, such as C card identification information, is added to the data, and the IC card authentication data is collected into a predetermined form (u5).

FIG. 6 is a diagram showing IC card authentication data. This IC card authentication data 501 contains the user I
D502, IC card identification information 503, OTP 504, and OTP counter 505.

FIG. 7 is a diagram showing an IC card authentication request message format. I created in step u5
The C card authentication data 501 is encrypted, and the encrypted IC card authentication data 605 is added to the identification character 60.
2, an extension header 601 (extension) with a version number 603 and a request content 604 added thereto.
n-header).

The identification character 602 is a character for identifying a request to the transaction server, and the version number 603 indicates the version of the transaction system. The request content 604 indicates the request content of the message, such as a transaction request or an authentication request. In this case, the request is an IC card authentication request.

The processing up to this point is performed by the client side proxy 403, and subsequently, the IC card authentication request message 606 according to HTTP is processed by the browser 402.
Is created (u6).

As shown in FIG. 7, the IC card authentication request message 606 includes a request line 608, a general header 609, a request header 610, an entity header 611, and a CRLF 612, and the extension header 6 includes an entity header 611.
Incorporated in IC card authentication request message 606
The portion other than the extension header 601 is a browser creation portion 607. (Transmission of IC Card Authentication Request Message) The processing of steps s4 and s5 in FIG. 3 will be described.

FIG. 8 is a diagram showing transmission of an IC card authentication request message. First, the client-side proxy 40
3 confirms the IC card identification information and the validity of the PIN authentication, and then transmits an IC card authentication request message 606 to the transaction server 308 (v1). The confirmation of the validity of the IC card identification information or the like is, for example, a process of confirming whether the user has removed the IC card 303 or changed to a different card immediately before transmission.

The sent message 606 is relayed by the HTTP proxy 420 of the firewall 307 and acquired by the transaction server 308 (v2). Note that the firewall 307 may have a unique user authentication function, and this function may be combined with the present embodiment. (IC Card Authentication Processing, Authentication Response Processing) The processing of steps s6 to s12 in FIG. 3 will be described.

FIG. 9 shows I by the transaction server and the authentication server.
It is a figure which shows C card authentication processing. FIG. 10 is a flowchart of the IC card authentication process. Step x1 in FIG.
~ X3, x8 ~ x10 are processing in the transaction server 308, x
4 to x7 indicate processing in the authentication server 310.

Transaction server 307, which has received IC card authentication request message 606, performs IC card authentication processing in cooperation with authentication server 310. For this purpose, first, the server-side proxy 411 on the transaction server 307 sends the received message 606 from the request line 608 to the HTTP.
It is determined that the request is a GET request. Next, it is determined from the identification character 602 of the extension header 611 that the access is to the commercial transaction service system 330.
Then, it is confirmed from the version number 603 that there is no inconsistency with the system version. Further, the request content 60
4, the authentication request of the IC card 303 is identified (FIG. 9: w1, FIG. 10: x1).

Next, the server side proxy 411 decrypts the encrypted IC card authentication data 605 necessary for authentication of the encrypted IC card 303 and extracts the IC card authentication data 501 (w2, w2). x2).

The decrypted IC card authentication data 501
To user ID 502, IC card identification information 503, O
Extract TP counter value 505 and send it to authentication server 310
Request C card authentication (w3, x3).

Upon receiving the request, the authentication server 310 performs user authentication (IC card authentication) based on the user ID 502 and the IC card identification information 503 (w4, x4). After the authentication is successful (x5), the authentication database 311 reads the authentication data (OTP seed) including the OTP counter value of the self-managed user (IC card).

The authentication server 310 confirms that the OTP counter value 505 received from the transaction server 308 is smaller than the self-managed OTP counter value. If the OTP counter value is large, it means that the OTP used once has been transmitted again and is invalidated (w5, x
6).

Here, each OTP counter value has the following meaning. Originally, the OTP counter value of the IC card and the OTP counter value managed by the authentication server 310 are the same value, and when the OTP is created from the same seed and the same counter value, the same OTP is obtained.
However, the counter value 505 obtained from the message reception is
OTP generation processing in C card 303 (FIG. 5: u3)
Reduces the value by one. Therefore, if the message is a legitimate message, the OTP counter value 505 is smaller by one than the OTP counter value managed by itself.
Therefore, the process proceeds to step x7 only in this case, and otherwise, the transaction server 308 is notified of the authentication failure (x10).

The OTP counter value is reduced every time a message is transmitted from the client-side system 320, and is also reduced by the authentication server 310 in response to receiving the message (x7). Therefore, in step x6 of FIG. 10 or step x8 described later, the OTP or OT
Only the message output from the legitimate client PC 301 evaluates the P counter value as valid, and it is evaluated as valid only once.

After the authentication server 310 confirms the OTP counter value, the authentication server 310 performs the OTP processing based on the OTP counter value and the OTP seed in the same processing as that in the IC card 303.
Is generated, and the OTP counter value managed by itself after generation is reduced by one (w6, x7). Then, the IC card authentication result and the regenerated OTP are transmitted to the transaction server 308 (w
7).

The server-side proxy 411 of the transaction server 308 that has received the OTP or the like,
The OTP 504 received from the authentication server 310 and the OTP regenerated by the authentication server 310 are compared to determine whether they are the same (w8, x8).

Thus, the authentication of the IC card 303 (= authentication) is completed. Here, when the authentication of the IC card is successful in step x8, the transaction server 308 creates a response message indicating the success of the authentication (x9), and transmits the authentication result to the client PC 301 (x11, FIG. 3: s11).

On the other hand, if card authentication fails in any of steps x5, x6 or x8, transaction server 308
Creates a response message to the effect of authentication failure (x10),
The authentication result is transmitted to the client PC 301 (x
11, FIG. 3: s11).

In this way, the client PC 301 that has received the authentication response displays the authentication result from the browser 402 (FIG. 3: s12). Here, if the authentication is successful, the IC card authentication stage ends, and the process proceeds to the transaction stage.

[Transaction Processing] The manner in which message communication according to the present embodiment is performed, including the IC card authentication stage and the transaction stage, will be described, and what will happen when a reply attack is received.

FIG. 11 is a diagram showing how message communication is performed by the communication system of this embodiment. First, I
In the C card authentication stage, the IC card authentication request message 606 is authenticated by the above-described procedure, and the IC card 3
03 authentication is performed. The communication message at this time does not require transaction details, and the IC card authentication request message 606 is composed of only a portion corresponding to a header portion at the time of transaction. Further, the OTP counter value (i) is confirmed by this authentication.

After the IC card authentication, a transaction message is output from the client side system 320 to the transaction service system 330, and the transaction is performed. Here, it is assumed that transaction messages # 1, # 2, and # 3 have been output.

Each transaction message includes an OTP and an OTP counter in its header. These are (i-1), (i-2), (i-3) in the order of output, assuming that the OTP counter value of the first authentication request message is (i).
It changes. Therefore, the OTP itself changes to Y, Z, and A corresponding to the counter.

When the transaction messages # 1, # 2, and # 3 are transmitted from the valid client PC 301, the OTP and the OTP counter value are extracted from the header portion of each message, and the above-described operations shown in FIGS. 9 and 10 are performed. The process authenticates the message as valid. Thus,
A commercial transaction will proceed between the client-side system 320 and the commercial transaction service system 330 (FIG. 1).
1 (2)).

Here, consider the case where a malicious third party has made a reply attack (FIG. 11 (3)). For example, assume that a malicious third party has successfully obtained transaction message # 2 on the Internet.

The third party sends the transaction message # 2 to the commercial transaction service system 330 as it is and applies a reply attack.
Is smaller than (i-2) included in the transaction message # 2. Therefore, the message relating to this reply attack is determined to be an invalid message in step x6 of FIG.

It is useless for an unauthorized person to know the mechanism of the present embodiment and change the OTP counter value in the communication message # 2 by any method. In other words, even if OT
This is because even if the P counter value itself is correct, if the OTP itself is incorrect information, the message is determined to be an incorrect message by step x8 in FIG. Therefore, if the OTP seed and the OTP generation function itself are not known, a malicious third party cannot perform an obstructive action by an unauthorized message.

As described above, in the communication system according to the embodiment of the present invention, the OTP and OT
Since the P counter value is included and the counter value is advanced each time a message is transmitted / received on the transmission / reception side, communication using a single-use password (OTP) can be realized each time.

As described above, it is possible not only to make it difficult to analyze the message itself by changing the OTP every time the counter advances on the transmitting side, but also to make it possible for the receiving side to receive the correct message once the valid message is received. And the same message is treated as an invalid message thereafter.

As described above, the OTP generated by the IC card makes it possible to confirm that the message is the latest message and that the IC card (= user) managed by the authentication server is correct. Third parties can be very difficult to obstruct.

Therefore, even if the information message from one side of the communication to the other side is stolen by a malicious third party, it is possible to prevent unauthorized use such as a reply attack for reusing the once used communication message. (Second Embodiment of the Invention) In this embodiment, in the first embodiment, falsification prevention data is added to the IC card authentication data included in the extension header to further enhance the security in communication. .

FIG. 12 is a diagram showing an example of a schematic configuration and a processing procedure of a communication system according to the second embodiment of the present invention. In the drawings of the present embodiment, the same portions as those in the first embodiment are denoted by the same reference numerals, and description thereof will be omitted. Only different portions will be described here.

In the present embodiment, MD (Message Digest) is used as data for preventing falsification.
The communication system of the present embodiment has the same configuration as that of the first embodiment except for the part related to the MD.

FIG. 13 is a diagram showing how the MD is generated. The IC card authentication data 501 is stored in the client P
MD in client-side proxy 403 of C301
It is converted to MD 702 by the generation means 701 (FIG. 1
2: y1).

The MD 702 is a value generated from the original information (the IC card authentication data 501) by a certain procedure (MD generating means 701) using a hash function or the like. Since the MD is uniquely generated with respect to the original information, the MD has a property of changing if the original information is changed.

In this embodiment, the MD is mounted on the IC card authentication data 501. FIG. 14 is a diagram showing a state where the MD is added to the IC card authentication data. First, the IC card authentication data 501 assembled by the client-side proxy 403 is further converted into an MD 702 by the MD generation means 701. The obtained MD 702 is encrypted, and the encrypted MD 703 is added to the IC card authentication data 501.

The entirety of the encrypted MD 703 and IC card authentication data 501 is encrypted to obtain encrypted IC card authentication data 605 '. Hereinafter, processing is performed in the same manner as in the first embodiment, and the extension header 601 ′,
An IC card authentication request message 606 'is generated (FIG. 12: y2).

The IC card authentication request message 606 'including the MD generated in this manner is transmitted to the client PC 30.
1 to the transaction server 308 (y3). In the server-side proxy 411 of the transaction server 308, the MD
702 and the IC card authentication data 501 are taken out (y4), MD is generated from the card authentication data 501 by MD generation means of the server side proxy 411 (y5), and compared with the received MD 702 (y).
6).

If the two MDs do not match, it indicates that information (message content) has been falsified in the course of communication. Therefore, information tampering can be checked by this MD check.

As described above, the communication system according to the embodiment of the present invention has the same configuration as that of the first embodiment, and also adds an MD to a message and performs matching on the receiving side. As a result, the same effects as those of the first embodiment can be obtained. In addition, it is possible to check for information tampering in the communication process, and to more strongly prevent unauthorized use.

The present invention is not limited to the above embodiments, but can be variously modified without departing from the gist thereof. For example, in the embodiments, the case has been described in which the present communication system is applied to the Internet, but the present invention is not limited to this case, and can be applied to various communication forms. That is, according to the present invention, a computer and an OS constituting a network topology and a system to be used are provided.
It can be realized irrespective of the type.

In the commercial transaction system of each embodiment,
Although the system using the IC card has been described, the present invention is not limited to this case. For example, information to be input to the card may be stored in a hardware resource of a computer such as a hard disk. Further, the commercial transaction system of the embodiment may be applied to a SET (Secure Electronic Transaction), which is a system for conducting commercial transactions on the Internet.

Further, in the embodiment, the case where the present invention is applied to a commercial transaction system has been described. However, the application object of the present invention is not limited to the commercial transaction system, but may be applied to various communication systems which need to perform communication while performing personal authentication. Can be applied.

The method described in the embodiment can be implemented by a computer (computer) as a program (software means) such as a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.). ), Stored in a storage medium such as a semiconductor memory, or transmitted and distributed via a communication medium. The programs stored on the medium side include
A software program (including not only an execution program but also a table and a data structure) to be executed by the computer includes a setting program for configuring the computer. A computer that realizes the present apparatus reads a program recorded in a storage medium, and in some cases, constructs software means by using a setting program, and executes the above-described processing by controlling the operation of the software means.

[0106]

As described in detail above, according to the present invention, a mechanism is provided in which the same message can be treated as valid only once, so that an information message from one communication to the other can be transmitted. It is possible to provide a communication system, an IC card, and a recording medium that can prevent unauthorized use such as a reply attack that reuses a once-used communication message even if the message is stolen by a malicious third party.

[Brief description of the drawings]

FIG. 1 is a diagram showing an example of the overall configuration of a commercial transaction system to which a communication system according to a first embodiment of the present invention is applied.

FIG. 2 is an exemplary block diagram showing a functional configuration of each unit in the communication system according to the embodiment;

FIG. 3 is a diagram showing an outline of a personal authentication process for confirming that a user who operates a client-side system is correct;

FIG. 4 is a diagram showing a card user authentication process using a PIN.

FIG. 5 is a diagram showing generation of IC card authentication data and IC
The figure which shows a mode that a card authentication request message is created.

FIG. 6 is a diagram showing IC card authentication data.

FIG. 7 is a diagram showing an IC card authentication request message format.

FIG. 8 is a diagram showing transmission of an IC card authentication request message.

FIG. 9 is a diagram showing an IC card authentication process by a transaction server and an authentication server.

FIG. 10 is a flowchart of an IC card authentication process.

FIG. 11 is an exemplary view showing how message communication is performed by the communication system of the embodiment.

FIG. 12 is a diagram showing an example of a schematic configuration and a processing procedure of a communication system according to a second embodiment of the present invention.

FIG. 13 is a diagram showing a state of generating an MD.

FIG. 14 is a diagram showing a state in which an MD is added to IC card authentication data.

FIG. 15 is a diagram showing message exchange during a commercial transaction by a conventional communication system.

FIG. 16 is a diagram showing a situation in which a malicious third party abuses a communication message of a commercial transaction system user.

[Explanation of symbols]

 301 client PC 302 IC card reading / writing device 303 IC card 305 router 306 public WWW server 307 firewall 308 transaction server 310 authentication server 312 IC card issuing device 309 transaction database 311 authentication Database 320 Client system 330 Business transaction system 402 Browser 403 Client proxy 404 IC card API 411 Server proxy 412 HTTP server 413 CGI program 414 Encryption / decryption processing unit 416 Authentication process 419 issue information generation process 420 HTTP proxy 501 data for IC card authentication 502 user ID 503 IC card identification information 504 OTP 505 OT Counter 601 Extension header 602 Identification character 603 Version number 604 Request contents 605 IC card authentication request message 606 IC card authentication request message 607 Browser creation part 608 Request line 609 General header 610 Request header 611 Entity header 612 ... CRLF 701 ... MD generation means 702 ... MD 703 ... Encrypted MD

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Takashi Eto 1 Toshiba-cho, Fuchu-shi, Tokyo Inside the Toshiba Fuchu Plant, Inc. Terms (reference) 5J104 AA08 AA12 EA09 EA17 JA01 KA01 KA07 LA00 LA01 LA05 NA01 NA11 NA12 NA21 NA27 NA35 PA07 PA09 PA10

Claims (9)

[Claims] 1. A communication system for transmitting a message through a network and evaluating verification information added to the message to confirm the validity of the message, the verification information being different for each message transmission. Produces
A communication system comprising: a transmitting system to be added to a message; and a receiving system that checks the validity of the verification information that is different each time. 2. The transmission-side system includes: a verification information generating unit configured to generate the verification information by converting source information; and a counter value counted for each message transmission in the source information. 2. The communication system according to claim 1, further comprising: transmission side counter means including at least the following. 3. The receiving system includes: a receiving counter for managing a count value synchronized with a count value counted by the transmitting system; and a count including the count managed by the receive counter. Verification information reproducing means for generating verification information by converting the same information as the original information obtained, and the verification information reproduced by the verification information reproducing means and the verification information in the message. 3. The communication system according to claim 2, further comprising: a validity evaluation unit that confirms the validity of the message by comparing and collating the information. 4. The transmitting system further comprises transmitting counter means for including at least a counter value counted for each message transmission in the message verification information, wherein the receiving system counts at the transmitting system. Receiving side counter means for managing the count value synchronized with the count value to be obtained, and taking out the count value from the verification information of the message, based on the count value managed by the receiving side counter means, 2. The communication system according to claim 1, further comprising: a validity evaluation unit that determines that the message is invalid when it is determined that the count value is already counted. 5. A program for controlling a transmission side system of a communication system for transmitting a message through a network and evaluating verification information added to the message to confirm the validity of the message.
Functioning a computer as verification information generating means for generating the verification information by converting the base information; and transmitting side counter means including at least a counter value counted for each message transmission in the base information. A computer-readable recording medium on which a program for causing a computer to record is recorded. 6. A program for controlling a receiving side system of a communication system for transmitting a message through a network and evaluating verification information added to the message to confirm the validity of the message. Receiving side counter means for managing the count value synchronized with the count value counted by the system, and including the count value managed by the receiving side counter means for generating the verification information in the transmitting side system. A verification information reproducing unit that obtains the same information as the original information, and generates verification information by converting the same information, and the verification information reproduced by the verification information reproducing unit and the message A computer is used as a validity evaluation means to confirm the validity of a message by comparing and verifying it with verification information. A computer-readable recording medium recording a program for causing the computer to function. 7. A program for controlling a receiving system of a communication system for transmitting a message through a network and evaluating verification information added to the message to confirm the validity of the message. Receiving side counter means for managing a count value synchronized with a count value counted by the system; extracting a count value from the verification information of the message; receiving based on the count value managed by the reception side counter means; A computer-readable recording medium in which a program for causing a computer to function as validity evaluation means for determining that the message is invalid when the count value in the message is already counted is recorded. 8. An IC card functioning as a transmission-side counter means of a transmission-side system in the communication system according to any one of claims 2 to 4. 9. An IC card functioning as a verification information generating unit and a transmitting counter unit of a transmitting system in the communication system according to claim 2 or 3.