JP2003132028A - Access control system, access control server, electronic device, remote electronic device and access control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To safely get access to an electronic device in a management area from an electronic device in an external relocation destination. SOLUTION: An access management server 10 sets a session key for getting access into the management area. Using the session key, the electronic device 20 communicates with a remote electronic device 30 outside the management area of the access management server 10. The remote electronic device 30 gets access to the electronic device 20 in the management area of the access management server 10 from a remote place. In addition, information is transmitted as IP packets (packets: a collection of packeted data for transmitting the information in a network) in a network 40.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an access control system and an access control method for controlling access to electronic equipment connected to a network, and particularly to an access control system for safely accessing electronic equipment from anywhere in the world. And an access control method.

[0002]

2. Description of the Related Art In recent years, various communication networks have been used along with the advanced information society. In particular, the Internet is rapidly expanding and developing all over the world because it does not require an expensive exchange and can be constructed by an inexpensive router. With the expansion and development,
IP address assigned to each user (Internet Protoco
lAddress: There was a problem of exhaustion of the address that identifies the location of the device connected to the network. However, it shows about 4.3 billion pieces of address information up to then 3
IPv4 (Internet
Protocol Version4 (IPv4) using a 128-bit IP address from an IPv6 (Internet Protocol)
l Version6) The problem is solved by upgrading to a network, and further expansion and development are expected.

Under such circumstances, there are various applications using the IPv4 or IPv6 protocol (Protocol: an agreement for data communication including an IP address), especially the Internet. There is. For example, using the Internet
This is a case where the target device is accessed from the outside.

[0004]

In this case, since anyone can access the target device from the outside in such a case, it is necessary to perform access control such as restricting access to only specific users.

For this reason, conventionally, a firewall method has been used as an access control method for devices connected to homes, organizations, and the like. In the firewall, a gateway is placed between the device you want to control access to and the Internet.
By filtering P packets, it becomes possible to protect the inside of the gateway with a firewall.
Access control functions are provided. For filtering, the IP address and port number of the start point and end point of the IP packet are used. By setting the filtering rules appropriately, only the permitted packets can access the device inside the firewall. Normally, a firewall divides the network, so NAT (Network Address) that uses a private IP address is used for devices inside the firewall.
Translation) is used.

As another access control method, I
IPsec, which is a security mechanism in the P layer, is used. In IPsec, RFC (Request for Comm)
ents) 2401 as specified in RFC240
2 and an authentication header (hereinafter abbreviated as AH) specified in 2 and an encapsulating security payload (Encapsulating Security Paylo) specified in RFC2406.
ad, hereinafter abbreviated as ESP). In AH and ESP, prior to communication, a security association (Securi) including a key for authentication and an authentication algorithm is included.
ty Association (hereinafter abbreviated as SA) is set, and the communication partner can be authenticated only when the communication partner holds the correct SA, so that access control can be performed. SA is
It may be set manually, but IKE (Internet Key Exchang), which is a key exchange protocol specified in RFC2409.
It can be set automatically by using e). IKE is based on Diffie-Hellman public key cryptography and establishes SA for IKE and then SA for IPsec.

Further, as another access control method,
JP-A-11-167536 and JP-A-2000-13
There are three examples shown in Japanese Patent No. 2474 and Japanese Patent Laid-Open No. 2000-151677.

(1) In the example disclosed in Japanese Patent Laid-Open No. 11-167536, it is assumed that a firewall is used, and an intermediate device such as a firewall and a permitted client can safely communicate with each other.

(2) In Japanese Patent Laid-Open No. 2000-132474, it is assumed that the remote access server (RAS) is used, and the gateway is set for each user, so that only the address assigned by the RAS can be safely stored. I am able to communicate.

(3) In the example disclosed in Japanese Patent Laid-Open No. 2000-151677, when a mobile client under the control of a transfer agent server moves from a home network to another network in mobile IP (Mobile IP), the mobile client The packet addressed to is sent to the home network, but since the mobile client no longer exists in the home network, the transfer agent server judges it and transfers it to the mobile client.

However, the firewall has a problem in that the setting of the filtering rule is complicated, and if an incorrect setting is made, it may result in a security hole. In IPsec, the user needs to set the SA each time the host to be used is changed. In order to automatically set the SA of IPsec by IKE, all the end hosts involved in communication need to be IK
There is a problem in that the initial setting for establishing the SA for E is necessary, and the more the number of devices used, the more complicated this process becomes.

Further, in the example disclosed in Japanese Patent Laid-Open No. 11-167536, it was necessary to install a firewall in order to carry out secure communication. Furthermore, JP 2000-1
In the example disclosed in Japanese Patent No. 32474, it is necessary to ask the administrator of the server or gateway to set an address or the like that can be used in order to perform secure communication. Furthermore, in the example disclosed in Japanese Patent Application Laid-Open No. 2000-151677, only mobile registration is performed, and a process for performing secure communication is required.

An object of the present invention is made in view of the above points, and an object of the present invention is to provide an access control system and an access control method that enable safe communication even when a user moves. To do.

[0014]

In order to solve the above problems, the present invention provides an access control system for controlling access to electronic equipment connected to a network, for authenticating a connection from outside the management area of the network. Register the key paired with the authentication key, distribute the authentication key to the outside of the management area of the network, authenticate the connection request from outside the management area of the network, generate the session key for message authentication, By joining the management server by sending the registration information to the access management server and the access management server that sends the session key, and receiving the session key,
Request a connection from outside the management area of the network with an electronic device that performs communication with message authentication using a session key,
An access control system characterized by having a remote electronic device that authenticates with an access management server using a distributed authentication key, and uses a received session key to communicate with an electronic device with message authentication. Provided.

According to the above configuration, the session key for performing the user authentication and automatically enabling the access to the electronic device under the management area of the access management server is automatically set, and the message authentication is performed using the key. By doing so, it is possible to provide safe communication even if the user moves.

[0016]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a principle diagram of an access control system of the present invention.

The access control system 1 includes an access management server 10 for setting a session key for accessing the management area, an electronic device 20 for communication within the management area of the access management server 10, and an access management server 10 from a remote location. Remote electronic device 3 to access the management area of
0, IP packet for information (Packet: A collection of data packaged when transmitting information in a network)
It is composed of a network 40 for transmitting as. Note that a plurality of electronic devices 20 and remote electronic devices 30 in this configuration can be installed for one access management server 10. Here, in each description of the present invention, it is assumed that there are a plurality of units.

The access management server 10 is an electronic device 20.
The remote electronic device 30 connected to the remote electronic device 30 via the network 40 performs user authentication with respect to the remote electronic device 30 outside the management area that has requested access to the electronic device 20 within the management area. Also, a session key for accessing the electronic device 20 in the management area from the remote electronic device 30 is set. Here, the access management server 10 is in the same area as the electronic device 20, and manages access to the electronic device 20 (hereinafter, this area is defined as a management area).
The management area is, for example, one organization such as the same house or office. Note that one organization is a range in which the access management server 10 permits access to one or a plurality of electronic devices 20 located in the same organization. in this case,
Each electronic device 20 only makes settings for the access management server 10 located in the same organization.

The electronic device 20 is the access management server 10.
And the remote electronic device 30 via the network 40, the access management server 10, the other electronic device 2
0, and some communication with other devices including the remote electronic device 30 and the like. Here, the electronic device 20 registers with the access management server 10 to participate in the management organization. Further, the session key is used to send and receive a message with message authentication to and from the remote electronic device 30.
The electronic device 20 is, for example, a personal computer, a peripheral device, a television, a VCR, an audiovisual device, or the like.

The remote electronic device 30 is connected to the access management server 10 and the electronic device 20 via the network 40, and other devices including the access management server 10, the electronic device 20, and other remote electronic devices 30. When,
Do some communication. Here, the remote electronic device 30
Performs user authentication with the access management server 10 in order to access the electronic device 20 in the management area. After the user authentication, the session key sent from the access management server 10 is used to send and receive a message with message authentication to and from the electronic device 20 in the management area. The remote electronic device 30 is, for example, a personal computer or PDA (Personal Digital Assistant).
t), mobile phones, peripherals, televisions, VCRs, and audiovisual equipment.

The network 40 transmits information based on a predetermined protocol within a network having communication paths. The protocols are, for example, IPv6, H
TTP (Hypertext Transfer Protocol), FTP (Fil
e Transfer Protocol) or PPP (Point-to-po)
int Protocol). The network 40 is, for example, a public line network, the Internet of IPv6, or the Internet 2 (hereinafter, referred to as an IPv6 network).

According to such an access control system, the access management server 10 receives registration of participation in the management organization from the electronic device 20 connected to the network 40. After registration, the remote electronic device 30 requesting access to the electronic device 20 in the management area can be controlled by the user authentication to permit / deny access. Further, by using the session key set by the access management server 10, it is possible to perform communication with message authentication.

As a result, even if the user moves, the remote electronic device 30 can be used for access, and the session key can be used to send and receive a message accompanied by message authentication. It will be possible to provide.

Embodiments of the present invention will be specifically described below. In the embodiment of the present invention, in the system as shown in FIG. 1, the access management server 10, the electronic device 20, and the remote electronic device 30 are connected to the network 40.
Connected via. In this, access management server 1
0 and the electronic device 20, message transmission is performed between the access management server 10 and the remote electronic device 30, and between the electronic device 20 and the remote electronic device 30. Therefore, send a message to the opposite device,
Alternatively, taking the case of receiving a message from the opposite device as an example, the function of each device in the present embodiment will be specifically described below.

FIG. 2 is a functional block diagram showing the processing functions of the access management server of the present invention. The access management server 10 is responsible for overall processing, a processing unit 11 for authenticating a user who has requested access to the management area, a session key generation unit 13 for generating a session key, and a user authentication unit. A user authentication key database 14 that stores key information, a device key information database 15 that stores device key information, and a network interface 16 that communicates via a network 40. Here, the access management server 10 connects the electronic device 20 and the remote electronic device 30 to the network 4
They are opposed to each other through 0.

The processing unit 11 is connected to the user authentication unit 12, the session key generation unit 13, the device key information database 15 and the network interface 16, and controls and processes the whole. Note that the processing unit 11 may be, for example, a computer program, is stored in a memory (Memory) not shown, and has a CPU (Central Processing Uni) not shown.
The function of the present invention is realized by being executed by t).

The user authentication unit 12 is connected to the processing unit 11, the user authentication key database 14 and the network interface 16 and authenticates a user who has made an access request within the management area managed by the access management server 10. Also, the user authentication unit 12 exchanges various processing requests with the processing unit 11. The user authentication unit 12 may be, for example, a computer program, is stored in a memory (not shown), and is executed by a CPU (not shown) to realize the functions of the present invention.

The session key generation unit 13 is connected to the processing unit 11 and the device key information database 15 and generates a session key. The session key generation unit 13 may be, for example, a computer program, is stored in a memory (not shown), and is executed by a CPU (not shown) to realize the functions of the present invention.

The user authentication key database 14 is connected to the user authentication unit 12, holds key information for authenticating a user, and centrally manages it. The user authentication key database 14 is a rewritable storage medium, such as a hard disk or a memory.

The device key information database 15 is the processing unit 1
1 and the session key generation unit 13 to hold device key information and perform centralized management. The device key information database 15 is a rewritable storage medium such as a hard disk or a memory.

The network interface 16 is connected to the processing unit 11 and the user authentication unit 12, and communicates with the electronic device 20 and the remote electronic device 30 via the network 40. Here, the network interface 1
A device 6 is connected to the network 40 via a communication medium. The communication medium is, for example, a physical medium such as a wired metal cable or optical fiber, or a wireless medium.

FIG. 3 is a functional block diagram showing processing functions of the electronic device of the present invention. The electronic device 20 includes a processing unit 21 that sets a session key, a message authentication unit 22 that authenticates communication via the network 40, a session key database 23 that stores key information for authenticating a message, and a network 40. It is composed of a network interface 24 for performing communication via.
Here, the electronic device 20 faces the access management server 10 and the remote electronic device 30 via the network 40, respectively.

The processing unit 21 is connected to the session key database 23 and the network interface 24,
Set session key. The processing unit 21 may be, for example, a computer program, is stored in a memory (not shown), and is executed by a CPU (not shown) to implement the functions of the present invention.

The message authentication unit 22 is connected to the session key database 23 and the network interface 24, authenticates all communication via the network 40, and discards communication data that is not correctly authenticated. The message authentication unit 22 may be, for example, a computer program, is stored in a memory (not shown), and is executed by a CPU (not shown) to realize the function of the present invention.

The session key database 23 is connected to the processing unit 21 and the message authentication unit 22 and holds key information for authenticating a message. The session key database 23 is a rewritable storage medium such as a hard disk or a memory.

The network interface 24 is connected to the processing unit 21 and the message authentication unit 22, and communicates with the access management server 10 and the remote electronic device 30 via the network 40. Here, the network interface 24 is a device, and is connected to the network 40 via a communication medium. The communication medium is, for example, a physical medium such as a wired metal cable or optical fiber, or a wireless medium.

FIG. 4 is a functional block diagram showing processing functions of the remote electronic equipment of the present invention. Remote electronics 3
Reference numeral 0 denotes a processing unit 31 that sets a session key and issues a user authentication command, a user authentication unit 32 that authenticates a user to access the management area, and a message authentication unit 33 that authenticates communication via the network 40. A user authentication key database 34 that stores key information for authenticating a user, a session key database 35 that stores key information for authenticating a message, and a network interface 36 that communicates via a network 40. . Here, the remote electronic device 30 connects the access management server 10 and the electronic device 20 to the network 40.
Are opposed to each other.

The processing unit 31 is connected to the user authentication unit 32, the session key database 35 and the network interface 36, and sets the session key. In addition,
The processing unit 31 may be, for example, a computer program, is stored in a memory (not shown), and is executed by a CPU (not shown) to realize the functions of the present invention.

The user authentication section 32 is connected to the processing section 31, the user authentication key database 34 and the network interface 36. In order to access the management area managed by the access management server 10, the user is authenticated with the access management server 10 at the time of access request. Further, the user authentication unit 32 exchanges various processing requests with the processing unit 31. The user authentication unit 32
May be a computer program, for example, and is stored in a memory (not shown) and executed by a CPU (not shown) to realize the functions of the present invention.

The message authentication unit 33 is connected to the session key database 35 and the network interface 36, authenticates all communications via the network 40, and adds an authenticator to the message. The message authentication unit 33 may be, for example, a computer program, is stored in a memory (not shown), and has a CPU (not shown).
The functions of the present invention are realized by being executed by

The user authentication key database 34 is connected to the user authentication unit 32 and holds key information for authenticating a user. The user authentication key database 34 is a rewritable storage medium such as a hard disk or a memory.

The session key database 35 is connected to the processing unit 31 and the message authentication unit 33 and holds key information for authenticating a message. The session key database 35 is a rewritable storage medium such as a hard disk or a memory.

The network interface 36 is connected to the processing unit 31, the user authentication unit 32, and the message authentication unit 33, and performs communication between the access management server 10 and the electronic device 20 via the network 40. Here, the network interface 36 is a device, and is connected to the network 40 via a communication medium. The communication medium is, for example, a physical medium such as a wired metal cable or optical fiber, or a wireless medium.

The computer program illustrated in FIGS. 2 to 4 described above can be recorded in a computer-readable recording medium. Computer-readable recording media include magnetic recording media, optical disks, magneto-optical recording media, semiconductor memories, and the like. Magnetic recording media include hard disks, flexible disks,
There are ZIP (Zip: a kind of magnetic disk), magnetic tape, and the like. The optical disc is a DVD (Digital Versatile Di
sc), DVD-RAM (DVD Random Access Memory),
CD-ROM (Compact Disc Read Only Memory), C
D-R (CD Recordable), CD-RW (CD Rewritabl
e) etc. Magneto-optical recording media include MO (Magneto O
ptical Disk). The semiconductor memory includes a flash memory and the like.

When distributing the computer programs, portable recording media, such as DVDs and CD-ROMs, on which the respective computer programs are recorded are sold. Further, the computer program is stored in a storage device of a server (corresponding to the access management server 10 in the description of the embodiment of the present invention), and the client (from the description of the embodiment of the present invention through the network Then, it corresponds to the electronic device 20 and the remote electronic device 30)
Computer programs can also be transferred to.

Next, the processing flow of each device will be specifically described. FIG. 5 is a flowchart explaining the basic operation of the access management server of the present invention. The description of this flowchart is based on the principle of the names of the respective devices in FIG. 1, and in the functional block diagram of the names of the respective parts of the devices in FIG.
Based on.

[S10] In the access management server 10, a user identifier and a key for authentication are registered in the user authentication key database 14 for each user who needs access to each electronic device 20 to be managed. Here, the key is, for example, a public-key cryptosystem (Public-key Crypt
The public key of the cryptography) or the common key of the common key cryptosystem (Symmetric Cryptography). It should be noted that this key only needs to be information for authenticating the user, and therefore a key other than the above can be applied.

[S11] The processing unit 11 receives the device identifier and the key information from each electronic device 20 managed by the access management server 10, and stores and registers the device identifier and the key information in the device key information database 15. Here, the key information is information necessary for generating a session key, and is, for example, an available authentication algorithm or key length.

[S12] When the electronic device 20 and the remote electronic device 30 send and receive a message, a "session key generation process" is performed to generate a session key which is a key for authenticating the message. Here, this process is repeated every time the user uses the remote electronic device 30 to access the electronic device 20 in the management area of the access management server 10. Details of the “session key generation process” will be described with reference to FIG.

FIG. 6 is a flow chart for explaining the "session key generation process" of the present invention. When step S12 of FIG. 5 is executed, processing is performed according to the following flow. A session key is generated by this processing. The description of this flowchart will be given based on FIG. 1, which is a principle diagram of the names of the respective devices, and FIG. 2, which is a functional block diagram of the names of the respective parts of the devices.

[S120] The user authentication unit 12 receives an access request (authentication request) from the remote electronic device 30 outside the management area to the electronic device 20 inside the management area.
The user authentication of the remote electronic device 30 is determined. This determination uses a pair of authentication keys stored in the user authentication key database 14 and the remote electronic device 30. In the case of a public key cryptosystem, for example, a pair means a public key and a secret key. In the case of the common key cryptosystem, it means the same common key. Here, if the user authentication is successful, the user authentication unit 12 proceeds to step S121, and if the user authentication is not successful, the process returns to step S12 of FIG.

[S121] The processing section 11 receives the key information from the remote electronic device 30 and the identifier of the electronic device 20 which is the access request target. Then, with respect to the session key generation unit 13, together with the key information corresponding to the received device identifier obtained from the device key information database 15,
Pass the received key information. Here, the key information is information necessary for generating a session key, and is, for example, an available authentication algorithm or key length.

[S122] Session key generation unit 13
Generates a session key from the key information passed from the processing unit 11. Then, the session key generation unit 13 passes the generated session key to the processing unit 11. Any method may be applied as the method of generating the session key as long as it corresponds to the authentication algorithm included in the key information.

[S123] The processing section 11 transmits the generated session key to the electronic device 20 in the management area of the access management server 10. If necessary, the session key may be the user's public key or the access management server 10
And the remote electronic device 30 are encrypted using a shared key shared in advance so that they can be transmitted safely.

[S124] The processing section 11 controls the remote electronic device 30 located outside the management area of the access management server 10.
Send the generated session key to. If necessary, the session key is encrypted by using the user's public key or a shared key shared in advance by the access management server 10 and the remote electronic device 30 so that the session key can be safely transmitted.

FIG. 7 is a flow chart for explaining the basic operation of the electronic device of the present invention. The description of this flowchart will be given based on FIG. 1, which is a principle diagram of names of respective devices, and FIG. 3, which is a functional block diagram of names of respective parts of the devices.

[S20] In the electronic device 20, the processing section 21 sends the key information and the identifier to the access management server 10 and registers them in the access management server 10. As a result, the user participates in the management area of the access management server 10.

[S21] After participation registration in the management area of the access management server 10, "session communication processing of electronic device" is performed in order to transmit / receive a signed message to / from the remote electronic device 30. In addition, this process is repeated every time the remote electronic device 30 accesses the electronic device 20. Details of the "session communication process of the electronic device" will be described with reference to FIG.

FIG. 8 is a flow chart for explaining the "session communication process of electronic equipment" of the present invention. When step S21 of FIG. 7 is executed, processing is performed according to the following flow. By this processing, communication is established after the session is established. Here, the session is a series of processes from access to completion of the process. The description of this flowchart will be given based on FIG. 1, which is a principle diagram of names of respective devices, and FIG. 3, which is a functional block diagram of names of respective parts of the devices.

[S210] In the electronic device 20, the processing unit 21 receives the session key from the access management server 10. [S211] The processing unit 21 uses the access management server 10
The session key received from is stored in the session key database 23.

[S212] The message authentication section 22
The signature-added message is received from the remote electronic device 30. The message received here is tentative received data, and it is officially determined to be received or discarded by verification in step S213 described later.

[S213] The message authentication unit 22
The session key stored in the session key database 23 is used to verify the signature added to the received message. That is, message authentication is performed.
If the signature verification is successful, step S21
If not successful (failed), the process proceeds to step S215.

[S214] The message authentication unit 22
In step S213, the signature verification is successful, that is, the message authentication is successful, so the message received in step S212 is formally received.

[S215] The message authentication unit 22
Since the signature verification has failed in step S213, that is, the message authentication has failed, the message received in step S212 is discarded.

[S216] The message authentication section 22
While the session is established, the processing from step S212 to step S215 is repeated. The term “established session” refers to a state in which a one-to-one logical connection relationship is established between the remote electronic device 30 and the electronic device 20. If the session has ended, the process proceeds to step S217, and if not ended, the process returns to step S212.

[S217] Since the session has ended, the session key stored in the session key database 23 is discarded. FIG. 9 is a flowchart explaining the basic operation of the remote electronic device of the present invention. The description of this flowchart will be given based on FIG. 1, which is a principle diagram showing names of respective devices, and FIG. 4, which is a functional block diagram showing names of respective parts of the devices.

[S30] In the remote electronic device 30, the key paired with the key registered in advance in the access management server 10 is stored in the user authentication key database 34. Here, the paired keys may be keys that are stored in advance in a storage medium that can be taken out and distributed. By inserting the storage medium into the reading device, the stored key can be read and stored in the user authentication key database 34.

[S31] The processing section 31 determines whether or not a session is started. If the session is started, the process proceeds to step S32, and if the session is not started, the process returns to step S31.

[S32] In order to send / receive a signed message to / from the electronic device 20 under the control of the access management server 10, "session communication process of remote electronic device" is performed. Details of the "session communication process of the remote electronic device" will be described with reference to FIG.

[S33] The processing section 31 determines that the user has finished using the remote electronic device 30 or has moved to another remote electronic device 30. If the remote electronic device 30 is used or moved, the process proceeds to step S34. If the remote electronic device 30 is not used or moved, the process returns to step S31 and the same process is repeated.

[S34] The user selects the remote electronic device 3
0 to end use or other remote electronic device 3
Since it has moved to 0, the user authentication unit 32 discards the user authentication key stored in the user authentication key database 34.

FIG. 10 is a flow chart for explaining the "session communication process of the remote electronic device" of the present invention. When step S32 of FIG. 9 is executed, processing is performed according to the following flow. By this processing, communication is established after the session is established. The description of this flowchart will be given based on FIG. 1, which is a principle diagram showing names of respective devices, and FIG. 4, which is a functional block diagram showing names of respective parts of the devices.

[S320] In the remote electronic device 30, the processing section 31 issues an authentication request to the user authentication section 32. The issued user authentication unit 32 communicates with the access management server 10 to authenticate the user.
Here, for user authentication, the user authentication key database 3
4 and the access management server 10 use a pair of authentication keys. In the authentication process, the user holds the correct key information (for example, a pair of key information capable of decrypting data encrypted based on the encryption key information and decryption based on the decryption key information). In any case, any method may be used as long as it can be authenticated.

[S321] The processing unit 31 receives the result of user authentication from the user authentication unit 32, and determines the next process to be performed. Here, if the user authentication is successful,
If the process does not succeed (fails) in step S322, the process returns to step S32 in FIG.

[S322] Since the user authentication is successful in step S321, the processing section 31 transmits the key information of the remote electronic device 30 and the identifier of the electronic device 20 to be accessed to the access management server 10. . Here, the key information is information necessary for generating a session key, and is, for example, an available authentication algorithm or key length.

[S323] The processing section 31 receives the session key from the access management server 10. [S324] The processing unit 31 stores the received session key in the session key database 35. As a result, the session key is set in the remote electronic device 30.

[S325] The message authentication unit 33
The session key stored in the session key database 35 is used to generate the signature of the message transmitted in the session. The signature may be generated by any method as long as the signature method, that is, the algorithm used for message authentication is optimal for each session.

[S326] The message authentication unit 33
The message added with the signature generated in step S325 is transmitted to the electronic device 20 in the management area of the access management server 10.

[S327] The message authentication unit 33
Determines if the session has ended. Here, if the session has ended, the process proceeds to step S328, and if not ended, the process returns to step S325 and the same process is repeated.

[S328] Since the session has ended, the session key stored in the session key database 35 is discarded. FIG. 11 is a network sequence diagram for explaining the operation between the remote electronic device, the access management server, and the electronic device of the present invention. Access request-message transmission / reception from a remote electronic device is processed according to the following flow. In addition, this process is performed by the user from the remote electronic device 30 through the access management server 1
It is repeated every time the electronic device 20 under the management area of 0 is accessed. The description of this network sequence diagram will be made based on FIG. 1, which is a principle diagram of names of respective devices, and FIG. 2, FIG. 3, and FIG. 4, which are functional block diagrams of names of respective parts of the devices.

[S1000] In the remote electronic device 30, the processing section 31 issues an authentication request to the user authentication section 32 (this is the step S3 already described).
Corresponding to 20).

[S1001] The user authentication unit 32 of the remote electronic device 30 communicates with the user authentication unit 12 of the access management server 10 to authenticate the user. here,
For user authentication, a pair of authentication keys stored in the respective user authentication key database 14 and user authentication key database 34 are used (this corresponds to steps S120 and S320 already described).

[S1002] In the remote electronic device 30, the user authentication section 32 returns the result of user authentication to the processing section 31. Here, when the user authentication fails, the process is not performed and the session is ended (this corresponds to step S120 and step S321 already described).

[S1003] The processing unit 31 of the remote electronic device 30 transmits the key information of the remote electronic device 30 and the identifier of the electronic device 20 to be accessed to the processing unit 11 of the access management server 10 (this is , Corresponding to step S322 already described).

[S1004] Access management server 10
In, the processing unit 11 passes the received key information together with the key information corresponding to the received device identifier, which is obtained from the device key information database 15, to the session key generation unit 13 (this has already been described. Step S121
Corresponding to).

[S1005] Access management server 10
At, the session key generation unit 13 generates a session key from the passed key information (this corresponds to step S122 already described).

[S1006] Access management server 10
In, the session key generation unit 13 passes the generated session key to the processing unit 11 (this corresponds to step S122 already described).

[S1007] Access management server 10
The processing unit 11 of the
The generated session key is transmitted (this corresponds to step S123 already described).

[S1008] In the electronic device 20,
The processing unit 21 stores the received session key in the session key database 23 (this corresponds to steps S210 and S211 described above).

[S1009] Access management server 10
The processing unit 11 transmits the generated session key to the processing unit 31 of the remote electronic device 30 (this corresponds to step S124 already described).

[S1010] In the remote electronic device 30, the processing section 31 determines the session key database 35.
Then, the received session key is stored (this corresponds to steps S323 and S324 already described).

[S1011] In the remote electronic device 30, the message authenticating unit 33 uses the session key stored in the session key database 35,
Generate a signature for the message to be sent in that session (this corresponds to step S325 already described).

[S1012] The message authentication unit 33 of the remote electronic device 30 transmits the message with the signature to the message authentication unit 22 of the electronic device 20 (this corresponds to step S326 already described). .

[S1013] In the electronic device 20,
The message authentication unit 22 uses the session key database 2
The signature of the received message is verified using the session key stored in 3. If the signature verification fails, ie message authentication fails, the message is discarded. If the signature verification is successful, ie the message authentication is successful, the message is received.
Then, the processes of steps S1011 to S1013 are repeated as long as the session continues (this corresponds to steps S212 to S216 and step S327 already described).

While the session is established, the above processing is performed. When the session ends, the session keys stored in the session key databases 23 and 35 of the electronic device 20 and the remote electronic device 30 are discarded. When the user finishes using the remote electronic device 30 or moves to another remote electronic device 30, the authentication key stored in the user authentication key database 34 is discarded (this is the step S33, which has already been described). Step S34, Step S216, Step S217, Step S327, and Step S32
8).

Next, the overall structure, operation and flow of one embodiment will be described using a specific example. FIG. 12 is an overall configuration diagram showing a specific example of the access control system of the present invention. The numbers shown in FIG. 12 (numbers 1 to 7 circled) correspond to the following (1) to (7).

In IPv6, which is the next-generation Internet protocol, it is a reality that all electronic devices in the world are directly connected to the Internet by virtue of the vast address space. The system of the present invention is an access control system that can be applied when electronic devices all over the world are directly connected to the Internet without being protected by a firewall or the like. Therefore, as one embodiment, IP
An example when the v6 network is adopted will be given.

As a mechanism of message authentication in the system of the present invention, IPsec AH, which is standardly incorporated in IPv6, can be adopted as it is. In this case, SA of IPsec is used as the key information of the device.

As a mechanism of user authentication in the system of the present invention, RSA which is one of public key cryptography is adopted. It is assumed that an access management server connected to the Internet is installed at a certain home, and a VCR connected to the Internet is under its control. Then, let us consider an example in which the family uses a computer, which is a terminal connected to the Internet, to remotely control the VCR from outside.

First, the overall structure will be described. The access control system 1 includes an access management server 10, a video deck 20 a classified as an electronic device 20, and a personal computer 30 classified as a remote electronic device 30.
a is configured in a network environment in which a and a are connected by a network 40 based on IPv6.

Next, the operation and flow (1) to (7) will be described. (1) The user has the access management server 10 in advance.
, The public key of RSA is registered.

(2) On the other hand, the other RSA that forms a pair
The private key is stored in an easily portable storage medium (in the drawings and the text, hereafter, temporarily referred to as a flexible disk) and always retained. The storage medium is a flexible disk, MO, ZIP, CD-R,
It is a CD-RW or a readable / writable nonvolatile semiconductor memory (for example, a flash memory).

(3) As initialization operation, registration of management area participation is performed from the video deck 20a to the access management server 10. (4) When the user wants to record a video of a certain program on the go, the remote electronic device 30 connected to the network 40, for example, the personal computer 30a used in the office (illustrated in the drawing), Insert a flexible disk into a mobile information terminal, mobile terminal, etc. Here, the private key is stored in the user authentication key database 34.

(5) Based on the public key and the secret key, the personal computer 30a and the access management server 10
RSA authentication of the user is performed between and. (6) After that, the access management server 10 compares the authentication algorithms that can be used by the personal computer 30a and the video deck 20a, and if SHA-1 is available, for example, generates a random number as its key, SA is set to enable IPsec AH communication between the personal computer 30a and the video deck 20a.

(7) Since the SA is established, the remote operation can be safely performed on the personal computer 30a by starting the remote operation application of the video deck 20a.

With the above configuration, the access management server 1
By performing user authentication by 0 and performing message authentication at the time of message transmission and reception, it is possible to easily access even if the user moves and secure communication is possible.

In the above description, "distribute authentication key"
Although the storage medium is used for the above, another delivery means with secured security, for example, delivery by communication can be similarly applied.

[0108]

As described above, since the user holds only the key, it is possible to safely access the electronic device regardless of the place or from which remote electronic device the access is made. Become.

Since the user authentication key does not need to be set for all devices and only the access management server is set, the number of times the user authentication key is set can be reduced and user convenience can be improved. Is possible.

Further, since the access management server performs the processing required by the electronic device under the control of the access management server, the automatic setting of the session key can be facilitated even in the electronic device having a small number of computational resources.

[Brief description of drawings]

FIG. 1 is a principle diagram of an access control system of the present invention.

FIG. 2 is a functional block diagram showing processing functions of an access management server of the present invention.

FIG. 3 is a functional block diagram showing processing functions of the electronic device of the present invention.

FIG. 4 is a functional block diagram showing processing functions of the remote electronic device of the present invention.

FIG. 5 is a flowchart illustrating a basic operation of the access management server of the present invention.

FIG. 6 is a flowchart illustrating a session key generation process of the present invention.

FIG. 7 is a flowchart illustrating a basic operation of the electronic device of the invention.

FIG. 8 is a flowchart illustrating a session communication process of the electronic device of the invention.

FIG. 9 is a flowchart illustrating the basic operation of the remote electronic device of the present invention.

FIG. 10 is a flowchart illustrating session communication processing of the remote electronic device of the present invention.

FIG. 11 is a network sequence diagram for explaining the operation between the remote electronic device, the access management server, and the electronic device of the present invention.

FIG. 12 is an overall configuration diagram showing a specific example of an access control system of the present invention.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Access control system, 10 ... Access management server, 11 ... Processing part, 12 ... User authentication part, 13 ... Session key generation part, 14 ... User authentication key database, 15 ... Device key information database, 16 ... Network interface, 20 ...
Electronic device, 21 ... processing unit, 22 ... message authentication unit, 23 ... session key database, 24 ...
..Network interface, 30 ... Remote electronic device, 31 ... Processing unit, 32 ... User authentication unit, 33 ... Message authentication unit, 34 ... User authentication key database, 35 ... Session Key database, 36 ... Network interface, 40 ...
·network

Claims (13)

[Claims] 1. An access control system for controlling access to an electronic device connected to a network, wherein a key paired with an authentication key for authenticating a connection from outside the management area of the network is registered to manage the network. An access management server that distributes the authentication key outside the area, authenticates a connection request from outside the management area of the network, generates a session key for message authentication, and transmits the session key; By sending registration information to the access management server, it becomes a member under the management, receives the session key, and makes a connection request from outside the management area of the network with an electronic device that performs communication with the message authentication using the session key. , Authenticates with the access management server using the distributed authentication key, and receives An access control system, comprising: a remote electronic device that communicates with the electronic device with the message authentication using the session key. 2. The management key of the access management server can be carried by storing the authentication key in a portable storage medium and used by the remote electronic device outside the management area of the network. 2. The access control system according to claim 1, wherein the electronic device inside can be accessed from anywhere. 3. The access control system according to claim 1, wherein the authentication reduces the number of times the authentication key is initially set by interposing an access management server. 4. An access management server that manages electronic devices connected to a network and controls access, a processing unit that is responsible for overall processing, a user authentication unit that authenticates an access request to the management area, and a session. A session key generation unit that generates a key, a user authentication key database that stores key information for performing the authentication, a device key information database that stores key information that is registration information of an electronic device to be managed, and the network An access management server comprising: a network interface that performs communication via the. 5. An electronic device connected to a network and managed by a server, a processing unit that sets a session key, a message authentication unit that performs message authentication in communication via the network, and the message authentication. An electronic device, comprising: a session key database for storing key information including the session key, and a network interface for performing communication via the network. 6. A remote electronic device connected to a security-controlled area from outside the network, a processing unit for setting a session key and issuing an authentication command, and a user for performing the authentication to access the management area. An authentication unit, a message authentication unit that performs message authentication in communication via a network, a user authentication key database that stores key information for performing the authentication, and a session key that performs the message authentication. A remote electronic device comprising: a session key database that stores key information; and a network interface that performs communication via the network. 7. An access control method for controlling access to an electronic device connected to a network, which is paired with an authentication key for authenticating a connection from outside the management area of the network by a device managing the electronic device. Is registered, the authentication key is distributed to the outside of the management area of the network, a connection request from outside the management area of the network is authenticated, a session key for message authentication is generated, transmitted, and managed. The device participates under management by transmitting registration information to a device that manages the electronic device, receives the session key, performs communication with the message authentication using the session key, and manages the session key. A connection request is made from outside the management area of the network by a device externally connecting to the device, and the management key is distributed using the distributed authentication key. An access control method comprising: authenticating with a managed device, connecting to the managed device, and using the received session key to perform communication with the message authentication. 8. A program for causing a computer to realize a process of managing an electronic device connected to a network and controlling access to the computer, performing a processing function of performing the entire process of the computer, and authenticating an access request to the management area. A user authentication function, a session key generation function for generating a session key, a user authentication key database function for storing the key information for performing the authentication in a storage device, and a key information which is registration information of a managed electronic device is stored in the storage. A program implemented as a device key information database function stored in the device and a network interface function for performing communication via the network. 9. A program for connecting a computer to a network and realizing the process managed by a server in a computer, a processing function for setting a session key for the computer, and a message authentication function for performing message authentication in communication via a network. A program implemented as a session key database function for storing key information including the session key for performing the message authentication, and a network interface function for performing communication via the network. 10. A program for causing a computer to perform a process of connecting to the area controlled by security from outside the network, the computer having a processing function of setting a session key and issuing an authentication command, for accessing the management area. The user authentication function for performing the authentication, the message authentication function for performing the message authentication in the communication via the network, the user authentication key database function for storing the key information for the authentication, the message authentication for performing the message authentication, A program implemented as a session key database function for storing key information including a session key, and a network interface function for performing communication via the network. 11. A computer-readable recording medium in which a program for causing a computer to realize a process of managing an electronic device connected to a network and controlling access is recorded. User authentication function for authenticating access request to the inside, session key generation function for generating session key, user authentication key database function for storing key information for the authentication in a storage device, management electronic device A computer-readable recording medium recording a program realized as a device key information database function of storing key information as registration information in the storage device, and a network interface function of performing communication via the network. 12. A computer-readable recording medium having a program connected to a network for causing a computer to realize a process managed by a server, the computer having a processing function of setting a session key, and communication via the network. , A message authentication function for performing message authentication, a session key database function for storing key information including the session key for performing the message authentication, and a network interface function for performing communication via the network. The recorded computer-readable recording medium. 13. A process for setting a session key and issuing an authentication command to a computer in a computer-readable recording medium in which a program for causing a computer to perform a process for connecting to a security-managed area from outside a network is recorded. Function, user authentication function for performing the authentication for accessing the management area, message authentication function for performing message authentication in communication via a network, user authentication key database function for storing key information for the authentication, A computer readable record storing a program to be realized as a session key database function for storing key information including the session key for performing the message authentication, and a network interface function for performing communication via the network. Media.