[go: up one dir, main page]

JP2007274380A - Authentication system, authentication server and program - Google Patents

Authentication system, authentication server and program Download PDF

Info

Publication number
JP2007274380A
JP2007274380A JP2006097994A JP2006097994A JP2007274380A JP 2007274380 A JP2007274380 A JP 2007274380A JP 2006097994 A JP2006097994 A JP 2006097994A JP 2006097994 A JP2006097994 A JP 2006097994A JP 2007274380 A JP2007274380 A JP 2007274380A
Authority
JP
Japan
Prior art keywords
reliability
authentication
devices
reliability information
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2006097994A
Other languages
Japanese (ja)
Other versions
JP5052809B2 (en
Inventor
Toshiyasu Fuda
寿康 布田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Data Group Corp
Original Assignee
NTT Data Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Data Corp filed Critical NTT Data Corp
Priority to JP2006097994A priority Critical patent/JP5052809B2/en
Publication of JP2007274380A publication Critical patent/JP2007274380A/en
Application granted granted Critical
Publication of JP5052809B2 publication Critical patent/JP5052809B2/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

【課題】センタ型であり且つ認証する機器同士の認証関係に基づき信頼可否を判定することができる認証システムを提供する。
【解決手段】認証サーバ10は、機器A20から受けた機器B30との認証要求に応じて、機器A20および機器B30との相互認証をする。認証サーバ10の信頼性情報テーブル17は、各機器から各機器への信頼可否を記憶する。認証サーバ10の信頼性確認処理部15は、機器A20から機器B30への信頼可否と機器B30から機器A20への信頼可否とを信頼性情報テーブル17を参照して取得し、取得した結果が二つとも信頼可であったときは、機器A20と機器B30は相互に信頼可とする。
【選択図】図1An authentication system that is center-type and that can determine whether or not trust is possible based on an authentication relationship between devices to be authenticated.
An authentication server performs mutual authentication with a device A20 and a device B30 in response to an authentication request with the device B30 received from the device A20. The reliability information table 17 of the authentication server 10 stores the reliability of each device from each device. The reliability confirmation processing unit 15 of the authentication server 10 acquires the reliability of the device A20 from the device B30 and the reliability of the device B30 to the device A20 with reference to the reliability information table 17, and the acquired result is two. If both are reliable, the device A20 and the device B30 are mutually trustworthy.
[Selection] Figure 1

Description

本発明は、認証システム、認証サーバおよびプログラムにかかわり、特に多数の機器間での相互認証を認証サーバを介して行なうセンタ型の認証システム、認証サーバおよびプログラムに関する。   The present invention relates to an authentication system, an authentication server, and a program, and more particularly to a center-type authentication system, an authentication server, and a program that perform mutual authentication among a large number of devices via an authentication server.

従来の公開鍵証明書を利用した相互認証処理は、1対1の相互認証となっており、認証処理の結果が信頼可能となった場合は、その機器を全信頼している(例えば、特許文献1参照)。
例えば、多数の機器間で情報交換を実施する場合、情報交換を実施する機器間での相互認証を確立する方法には、P2P型とセンタ型の2種類がある。P2P型は、図6(a)に例を示すように、情報交換を実施する機器が、例えば、機器A100と機器B101とが、直接、相手の公開鍵証明書を検証して相互認証を実施する。センタ型は、図6(b)に例を示すように、機器A200と機器B202との間で相互認証を確立するのであれば、まず、機器A200と機器C201とが、相手の公開鍵証明書を検証して相互認証し、次に、機器C201と機器B202とが、相手の公開鍵証明書を検証して相互認証する。その結果、機器C201を信頼している機器A200は、機器C201が信頼している機器B202も信頼する。
特開2005−26842号公報 A conventional mutual authentication process using a public key certificate is a one-to-one mutual authentication. If the result of the authentication process becomes reliable, the device is fully trusted (for example, patents). Reference 1).
For example, when information is exchanged between a large number of devices, there are two types of methods for establishing mutual authentication between devices that exchange information: P2P type and center type. In the P2P type, as shown in FIG. 6A, for example, a device that exchanges information, for example, a device A100 and a device B101 directly verify each other's public key certificate and perform mutual authentication. To do. In the center type, as shown in an example in FIG. 6B, if mutual authentication is established between the device A 200 and the device B 202, first, the device A 200 and the device C 201 first communicate with each other's public key certificate. Next, the device C201 and the device B202 verify each other's public key certificate and perform mutual authentication. As a result, the device A200 that trusts the device C201 also trusts the device B202 that the device C201 trusts.
JP 2005-26842 A

しかしながら、従来のセンタ型とP2P型の認証システムにあっては、P2P型では相互に信頼可とする相互認証が成立しないのに、センタ型では相互認証が成立してしまう場合があるという問題がある。   However, in the conventional center type and P2P type authentication systems, there is a problem that mutual authentication may be established in the center type while mutual authentication in which the mutual trust is not established in the P2P type. is there.

例えば、図7に示すように、認証局CAは、DomainAのルートCAであるCA−1A301、CA−1A301のサブCAであるCA−2A302、さらにCA−2A302のサブCAであるCA−3A303と、DomainBのルートCAであるCA−1B311、CA−1B311のサブCAであるCA−2B312とからなり、各ドメインのルートCAであるCA−1A301とCA−1B311とは、ホップ数が2までの範囲(inhibitPolicyMapping:2)で相互認証証明書にて互いに認証しあっている場合を考える。このとき、機器A200の公開鍵証明書をCA−3A303が発行し、機器B202の公開鍵証明書をCA−2B312が発行し、機器C201の公開鍵証明書をCA−1A301が発行したとする。   For example, as illustrated in FIG. 7, the certificate authority CA includes CA-1A301, which is the root CA of Domain A, CA-2A302, which is a sub CA of CA-1A301, and CA-3A303, which is a sub CA of CA-2A302, CA-1B311 which is a root CA of Domain B and CA-2B312 which is a sub CA of CA-1B311. CA-1A301 and CA-1B311 which are root CAs of each domain have a range of up to two hops ( Consider a case where the mutual authentication certificates are mutually authenticated in inhibitPolicyMapping: 2). At this time, it is assumed that CA-3A303 issues a public key certificate for device A200, CA-2B312 issues a public key certificate for device B202, and CA-1A301 issues a public key certificate for device C201.

この場合、機器A200と機器C201との認証は、機器A200から機器C201の認証パスが、機器A200⇒CA−2B312⇒CA−1B311⇒CA−1A301⇒機器C201なので、ホップ数は、CA−1A301⇒機器C201の「1」であり信頼可、機器C201から機器A200への認証パスは、機器C201⇒CA−1A301⇒CA−1B311⇒CA−2B312⇒機器A200なので、ホップ数はCA−1B311⇒CA−2B312⇒機器A200の「2」であり信頼可なので、相互認証が成立する。また、機器B202と機器C201とは、同じDomainAなので相互認証が成立する。このように機器A200と機器C201との相互認証と、機器B202と機器C201との相互認証とが成立するので、センタ型では機器A200と機器B202は信頼可能である。   In this case, the authentication between the device A200 and the device C201 is that the authentication path from the device A200 to the device C201 is device A200 => CA-2B312 => CA-1B311 => CA-1A301 => device C201, so the number of hops is CA-1A301 => The device C201 is “1” and reliable, and the authentication path from the device C201 to the device A200 is device C201 => CA-1A301 => CA-1B311 => CA-2B312 => device A200, so the number of hops is CA-1B311 => CA−. 2B312⇒ “2” of device A200, which is reliable and mutual authentication is established. Further, since the device B202 and the device C201 are the same Domain A, mutual authentication is established. Thus, since mutual authentication between the device A200 and the device C201 and mutual authentication between the device B202 and the device C201 are established, the device A200 and the device B202 are reliable in the center type.

ところが、P2P型に相当する機器A200と機器B202との直接認証は、機器A200から機器B202への認証パスは、機器A200⇒CA−2B312⇒CA−1B311⇒CA−1A301⇒CA−2A302⇒CA−3A303⇒機器B202なので、ホップ数は、CA−1A301⇒CA−2A302⇒CA−3A303⇒機器B202の「3」なので相互認証は成立しない。   However, in the direct authentication between the device A200 corresponding to the P2P type and the device B202, the authentication path from the device A200 to the device B202 is as follows: device A200 => CA-2B312 => CA-1B311 => CA-1A301 => CA-2A302 => CA- Since 3A303 => device B202, the number of hops is “3” of CA-1A301 => CA-2A302 => CA-3A303 => device B202, so mutual authentication is not established.

つまり、従来のセンタ型の認証システムでは認証する機器と認証を媒介する機器との認証関係に基づき、信頼可否を判定しているため、認証する機器同士の認証関係では信頼不可にもかかわらず、信頼可としてしまうことがあるという問題がある。   In other words, in the conventional center type authentication system, since the reliability is determined based on the authentication relationship between the device to be authenticated and the device that mediates the authentication, the authentication relationship between the devices to be authenticated is not reliable, There is a problem that it may be trusted.

本発明は、このような事情に鑑みてなされたもので、その目的は、センタ型でありながら、P2P型と同様に認証する機器同士の認証関係に基づき信頼可否を判定することができる認証システムを提供することにある。   The present invention has been made in view of such circumstances, and an object of the present invention is to provide an authentication system that can determine whether or not trust is possible based on an authentication relationship between devices to be authenticated in the same manner as the P2P type while being a center type. Is to provide.

この発明は上述した課題を解決するためになされたもので、請求項1に記載の発明は、複数の機器と、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をする認証サーバとからなる認証システムにおいて、前記認証サーバは、前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段と、前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段とを備えることを特徴とする認証システムである。   The present invention has been made to solve the above-described problem, and the invention according to claim 1 is directed to an authentication request between a plurality of devices and another device received from one device among the plurality of devices. In the authentication system consisting of an authentication server that performs mutual authentication with the one device and the other device according to the authentication server, the authentication server includes a reliability information storage unit that stores the reliability of the plurality of devices; The reliability information from the one device to the other device and the reliability from the other device to the one device are acquired with reference to the reliability information storage means, and both of the acquired results are reliable. When it is possible, the authentication system includes a reliability confirmation unit that makes the one device and the other device trust each other.

また、請求項2に記載の発明は、請求項1に記載の認証システムであって、前記信頼性情報記憶手段は、前記複数の機器間の信頼可否とともに、該信頼可否の有効期限を記憶し、前記信頼性確認手段は、前記一の機器から前記他の機器への信頼可否および有効期限と前記他の機器から前記一の機器への信頼可否および有効期限とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可且つ有効期限内であったときは、前記一の機器と前記他の機器は相互に信頼可とすることを特徴とする。   The invention according to claim 2 is the authentication system according to claim 1, wherein the reliability information storage unit stores the validity period of the reliability as well as the reliability of the plurality of devices. The reliability confirmation unit includes the reliability information storage unit that stores the reliability and validity period from the one device to the other device and the reliability and validity period from the other device to the one device. When both of the acquired results are reliable and within the expiration date, the one device and the other device are mutually reliable.

また、請求項3に記載の発明は、請求項2に記載の認証システムであって、前記機器は、各々の公開鍵証明書を備え、前記認証サーバは、前記信頼性確認手段において前記信頼性情報記憶手段を参照した際に、必要な機器間の信頼可否が信頼性情報記憶手段に記憶されていないときは、前記必要な機器間の信頼可否を、前記必要な機器各々の公開鍵証明書間の認証パスを検証することで決定し、前記信頼性情報記憶手段に格納する信頼性情報生成手段を備えることを特徴とする。   The invention according to claim 3 is the authentication system according to claim 2, wherein the device includes each public key certificate, and the authentication server includes the reliability check unit in the reliability check unit. When referring to the information storage means, if the reliability between the required devices is not stored in the reliability information storage means, the public key certificate of each of the required devices is indicated as the reliability between the required devices. And a reliability information generating means for determining the authentication path between the reliability information storage means and storing the reliability information in the reliability information storage means.

また、請求項4に記載の発明は、請求項3に記載の認証システムであって、前記機器は、各々の属性証明書を備え、前記認証サーバの信頼性情報記憶手段は、前記複数の機器間の公開鍵証明書から属性証明書への信頼可否を記憶し、前記認証サーバの信頼性確認手段は、前記一の機器から前記他の機器の属性証明書への信頼可否と前記他の機器から前記一の機器の属性証明書への信頼可否とを前記信頼性情報記憶手段より取得し、取得した結果が二つとも信頼可であったときは、前記一の機器の属性証明書および前記他の機器の属性証明書は信頼可とし、前記認証サーバの信頼性情報生成手段は、前記信頼性確認手段において前記信頼性情報記憶手段を参照した際に、必要な機器間の属性照明書への信頼可否が信頼性情報記憶手段に記憶されていないときは、前記必要な機器間の属性照明書への信頼可否を、前記必要な機器間の属性証明書への認証パスを検証することで決定し、前記信頼性情報記憶手段に格納することを特徴とする。   The invention according to claim 4 is the authentication system according to claim 3, wherein the device includes each attribute certificate, and the reliability information storage unit of the authentication server includes the plurality of devices. And whether or not trust from the public key certificate to the attribute certificate is stored, and the reliability confirmation unit of the authentication server stores the trust propriety from the one device to the attribute certificate of the other device and the other device. And whether the attribute certificate of the one device is trustworthy from the reliability information storage means, and when both of the acquired results are trustworthy, the attribute certificate of the one device and the The attribute certificate of the other device is trusted, and the reliability information generating unit of the authentication server refers to the required attribute illumination between the devices when the reliability confirmation unit refers to the reliability information storage unit. Is stored in the reliability information storage means. If not, whether to trust the attribute lighting between the required devices is determined by verifying an authentication path to the attribute certificate between the required devices, and stored in the reliability information storage unit It is characterized by.

また、請求項5に記載の発明は、複数の機器と接続され、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をする認証サーバにおいて、前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段と前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段とを備えることを特徴とする認証サーバである。   Further, the invention according to claim 5 is connected to a plurality of devices, and the one device and the other device in response to an authentication request with another device received from one device among the plurality of devices. In the authentication server that performs mutual authentication with each other, the reliability information storage unit that stores the reliability of the plurality of devices, the reliability of the one device to the other device, and the other device to the one device The reliability information storage means is obtained with reference to the reliability information storage means, and when both of the obtained results are reliable, the one device and the other device are mutually trusted. An authentication server comprising: a reliability confirmation unit.

また、請求項6に記載の発明は、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をするコンピュータを、前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段、前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段として機能させるプログラムである。   The invention according to claim 6 is a computer that performs mutual authentication with the one device and the other device in response to an authentication request with another device received from one device among the plurality of devices. A reliability information storage means for storing the reliability between the plurality of devices, the reliability from the one device to the other device, and the reliability from the other device to the one device. A program for making reference to the sex information storage means and, when both of the obtained results are reliable, causing the one device and the other device to function as a reliability confirmation means for mutual trust It is.

この発明によれば、信頼性確認手段が、一の機器から他の機器への信頼可否と他の機器から一の機器への信頼可否を信頼性情報記憶手段から取得し、取得した結果が二つとも信頼可であるときは、相互に信頼可とするので、センタ型であり、且つ、認証する機器同士の認証関係に基づき信頼可否を判定することができる。   According to this invention, the reliability confirmation unit acquires the reliability from one device to another device and the reliability from another device to the one device from the reliability information storage unit. If both are reliable, they are mutually trustworthy. Therefore, it is possible to determine whether or not trust is possible based on the authentication relationship between the center type devices to be authenticated.

以下、図面を参照して、本発明の実施の形態について説明する。図1は、この発明の一実施形態による認証システムの構成を示す概略ブロック図である。10は、機器20、30を認証する認証サーバであり、依頼元認証処理部11、依頼先認証処理部12、公開鍵証明書記憶部13、サービス中継処理部14、信頼性確認処理部15、信頼性情報生成処理部16、信頼性情報テーブル17を備える。依頼元認証処理部11は、認証要求とともに受けた依頼元の公開鍵証明書PKCから、公開鍵証明書記憶部13より取得した自装置の公開鍵証明書PKCまで認証パスが到達することを検証し、検証に成功したときは、自装置の公開鍵証明書PKCを依頼元の機器へ送信する。依頼先認証処理部12は、認証要求とともに受けた依頼先機器へ、公開鍵証明書記憶部13より取得した自装置の公開鍵証明書PKCを送信し、該送信の返信として受けた依頼先機器の公開鍵証明書PKCから、公開鍵証明書記憶部13より取得した自装置の公開鍵証明書PKCまで認証パスが到達することを検証し、検証結果を依頼先機器へ通知する。   Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic block diagram showing a configuration of an authentication system according to an embodiment of the present invention. Reference numeral 10 denotes an authentication server that authenticates the devices 20 and 30, and includes a request source authentication processing unit 11, a request destination authentication processing unit 12, a public key certificate storage unit 13, a service relay processing unit 14, a reliability confirmation processing unit 15, A reliability information generation processing unit 16 and a reliability information table 17 are provided. The request source authentication processing unit 11 verifies that the authentication path reaches from the request source public key certificate PKC received together with the authentication request to the public key certificate PKC of the own device acquired from the public key certificate storage unit 13. If the verification is successful, the device public key certificate PKC is transmitted to the requesting device. The request destination authentication processing unit 12 transmits the public key certificate PKC of its own device acquired from the public key certificate storage unit 13 to the request destination device received together with the authentication request, and the request destination device received as a reply to the transmission It is verified that the certification path reaches from the public key certificate PKC to the public key certificate PKC of the own apparatus acquired from the public key certificate storage unit 13, and the verification result is notified to the request destination device.

公開鍵証明書記憶部13は、自装置の公開鍵証明書PKCを記憶している。サービス中継処理部14は、依頼元機器から受けたセッション開始要求を、依頼先認証処理部12において検証が成功し且つ信頼性確認処理部15または信頼性情報生成処理部16にて信頼性が確認できたときは、依頼先機器へ送信し、また、依頼先機器から受けたサービス実施結果を依頼元機器へ送信する。   The public key certificate storage unit 13 stores the public key certificate PKC of its own device. The service relay processing unit 14 has successfully verified the session start request received from the request source device in the request destination authentication processing unit 12 and the reliability is confirmed in the reliability confirmation processing unit 15 or the reliability information generation processing unit 16. When the request is made, the request is transmitted to the request destination device, and the service execution result received from the request destination device is transmitted to the request source device.

信頼性確認処理部15は、信頼性情報テーブル17を参照して、依頼元機器の公開鍵証明書PKCが依頼先機器の公開鍵証明書PKCおよび属性証明書ACを信頼可能であることと、依頼先機器の公開鍵証明書PKCが依頼元機器の公開鍵証明書PKCおよび属性証明書ACを信頼可能であることと、それぞれの有効期限とを確認し、全てが成立していれば信頼可とする。このとき、必要な情報が信頼性情報テーブル17に格納されていない場合は、該当する情報の生成を信頼性情報生成処理部16に依頼する。
信頼性情報生成処理部16は、信頼性確認処理部15から生成を依頼された確認先の証明書から確認元の証明書までの認証パスが到達することを検証することで信頼可否を決めるとともに、この認証パスの検証に要した全ての証明書の有効期限の中で最も近い有効期限あるいは現在時刻に所定の時間を足した時刻のうち近い方の時刻を選び出し、この検証結果と選び出した時刻を信頼性情報テーブル17に格納する。 The reliability confirmation processing unit 15 refers to the reliability information table 17 so that the public key certificate PKC of the request source device can trust the public key certificate PKC and the attribute certificate AC of the request destination device; Confirm that the public key certificate PKC of the requesting device can trust the public key certificate PKC and the attribute certificate AC of the requesting device, and the validity period of each. And At this time, if the necessary information is not stored in the reliability information table 17, the reliability information generation processing unit 16 is requested to generate the corresponding information.
The reliability information generation processing unit 16 determines whether or not trust is possible by verifying that the certification path from the confirmation destination certificate requested to be generated by the reliability confirmation processing unit 15 to the confirmation source certificate arrives. , Select the closest expiry date among all the expiry dates of all the certificates required for verification of this certification path or the current time plus a predetermined time, and select this verification result and the selected time Is stored in the reliability information table 17.

信頼性情報テーブル17は、公開鍵証明書PKCの信頼性情報と属性証明書ACの信頼性情報とを格納する。公開鍵証明書PKCの信頼性情報には、図2の(a)に例を示すように、確認元PKCのCA名とシリアルNo.で識別される、ある機器の公開鍵証明書PKCが、確認先PKCのCA名とシリアルNo.で識別される、もう一つの機器の公開鍵証明書PKCを信頼可能であるか否かの信頼性情報と、該情報の有効期限である信頼性期限とを格納する。属性証明書ACの信頼性情報には、図2の(b)に例を示すように、確認元PKCのCA名とシリアルNo.で識別される、ある機器の公開鍵証明書PKCが、確認先ACのAA名とシリアルNo.で識別される、もう一つの機器の属性証明書ACを信頼可能であるか否かの信頼性情報と、該情報の有効期限である信頼性期限とを格納する。   The reliability information table 17 stores the reliability information of the public key certificate PKC and the reliability information of the attribute certificate AC. The reliability information of the public key certificate PKC includes the CA name and serial number of the confirmation source PKC as shown in FIG. The public key certificate PKC of a certain device identified with the CA name of the confirmation destination PKC and the serial number. The reliability information as to whether or not the public key certificate PKC of the other device identified by (2) can be trusted and the reliability expiration date as the expiration date of the information are stored. The reliability information of the attribute certificate AC includes the CA name of the confirmation source PKC and the serial number as shown in FIG. The public key certificate PKC of a certain device identified by the AA name of the confirmation destination AC and the serial number. The reliability information indicating whether or not the attribute certificate AC of the other device identified in (2) is reliable and the reliability expiration date as the expiration date of the information are stored.

20は、認証の依頼元となる機器Aであり、相互認証処理部21とサービス依頼処理部22とサービス結果処理部23と公開鍵証明書記憶部24と属性証明書記憶部25とを備える。相互認証処理部21は、公開鍵証明書記憶部24から取得した自装置の公開鍵証明書PKCと、属性証明書記憶部25から取得した自装置の属性証明書ACと、サービス依頼先の機器のURLとを、認証要求とともに、認証サーバ10に送信する。さらに、相互認証処理部21は、認証要求の返信として認証サーバ10から受けた認証サーバ10の公開鍵証明書PKCから自装置の公開鍵証明書PKCまでの認証パスを検証する。サービス依頼処理部22は、セッション開始要求を認証サーバ10へ送信する。サービス結果処理部23は、セッション開始要求の返信として認証サーバ10から受けたサービス実施結果を受けて、これを機器A20の画面に表示する。   Reference numeral 20 denotes a device A that is an authentication request source, and includes a mutual authentication processing unit 21, a service request processing unit 22, a service result processing unit 23, a public key certificate storage unit 24, and an attribute certificate storage unit 25. The mutual authentication processing unit 21 includes the public key certificate PKC of the own device acquired from the public key certificate storage unit 24, the attribute certificate AC of the own device acquired from the attribute certificate storage unit 25, and the service request destination device. Are transmitted to the authentication server 10 together with the authentication request. Further, the mutual authentication processing unit 21 verifies the authentication path from the public key certificate PKC of the authentication server 10 received from the authentication server 10 as a reply to the authentication request to the public key certificate PKC of the own device. The service request processing unit 22 transmits a session start request to the authentication server 10. The service result processing unit 23 receives the service execution result received from the authentication server 10 as a reply to the session start request, and displays this on the screen of the device A20.

機器B30は、サービスの依頼先となる機器であり、相互認証処理部31とサービス実行処理部32と公開鍵証明書記憶部33と属性証明書記憶部34とを備える。相互認証処理部31は、認証サーバ10から受けた認証サーバ10の公開鍵証明書PKCから公開鍵証明書記憶部33より取得した自装置の公開鍵証明書PKCまでの認証パスを検証し、検証に成功したときは、公開鍵証明書記憶部33より取得した自装置の公開鍵証明書PKCと公開鍵証明書記憶部33より取得した自装置の属性証明書ACとを認証サーバ10に送信する。サービス実行処理部32は、認証サーバ10からセッション開始要求を受けると、サービスを実施し、その実施結果をサービス実施結果として認証サーバ10へ送信する。
ここで、図1にて図示はしていないが、認証サーバ10と機器A20と機器B30とは、LAN(Local Area Network)などのネットワークで接続され、互いに通信可能である。 The device B30 is a device that is a service request destination, and includes a mutual authentication processing unit 31, a service execution processing unit 32, a public key certificate storage unit 33, and an attribute certificate storage unit 34. The mutual authentication processing unit 31 verifies the authentication path from the public key certificate PKC of the authentication server 10 received from the authentication server 10 to the public key certificate PKC of the own device acquired from the public key certificate storage unit 33, When the authentication is successful, the public key certificate PKC of the own device acquired from the public key certificate storage unit 33 and the attribute certificate AC of the own device acquired from the public key certificate storage unit 33 are transmitted to the authentication server 10. . When the service execution processing unit 32 receives a session start request from the authentication server 10, the service execution processing unit 32 executes the service and transmits the execution result to the authentication server 10 as the service execution result.
Although not shown in FIG. 1, the authentication server 10, the device A20, and the device B30 are connected by a network such as a LAN (Local Area Network) and can communicate with each other.

次に、図3を参照して、本実施形態における各証明書および各証明書の発行元認証局CAの関係を説明する。本実施形態では、認証局CAとしてDomainA40のルートCAであるCA−1A41、CA−1A41のサブCAであるCA−2A42、さらにCA−2A42のサブCAであるCA−3A43と、DomainB50のルートCAであるCA−1B51、CA−1B51のサブCAであるCA−2B52とからなり、各ドメインのルートCAであるCA−1A41とCA−1B51とは、ホップ数が2までの範囲(inhibitPolicyMapping:2)で相互認証証明書にて互いに認証しあっている。認証サーバ20の公開鍵証明書PKCは、CA−1A41が発行し、機器A20の公開鍵証明書PKCおよび属性証明書ACをCA−2B52が発行し、機器B30の公開鍵証明書PKCおよび属性証明書ACをCA−3A43が発行している。   Next, with reference to FIG. 3, the relationship between each certificate and the issuing certificate authority CA of each certificate in this embodiment will be described. In this embodiment, CA-1A41, which is a root CA of Domain A40, CA-2A42, which is a sub CA of CA-1A41, CA-3A43, which is a sub CA of CA-2A42, and a root CA of Domain B50, as certificate authorities CA. CA-1B51 and CA-2B52, which are sub-CAs of CA-1B51, and CA-1A41 and CA-1B51, which are the root CAs of each domain, have a range of up to two hops (inhibitPolicyMapping: 2). Mutual authentication certificates authenticate each other. The public key certificate PKC of the authentication server 20 is issued by CA-1A41, the public key certificate PKC and attribute certificate AC of the device A20 are issued by CA-2B52, and the public key certificate PKC and attribute certificate of the device B30 are issued. The certificate AC is issued by CA-3A43.

次に、この認証システムの動作を図4の動作を説明する。まず、機器A20の相互認証処理部21は、公開鍵証明書記憶部24から取得した自装置の公開鍵証明書PKCと、属性証明書記憶部25から取得した自装置の属性証明書ACと、依頼先の機器である機器B30のURLとを、認証要求とともに、認証サーバ10に送信する(Sa1)。機器A20から認証要求を受けた依頼元認証処理部11は、認証要求とともに受けた機器A20の公開鍵証明書PKCから、認証サーバ10の公開鍵証明書記憶部13より取得した自装置の公開鍵証明書PKCまで認証パスが到達することを検証する(Sa2)。   Next, the operation of this authentication system will be described with reference to FIG. First, the mutual authentication processing unit 21 of the device A20 has its own public key certificate PKC acquired from the public key certificate storage unit 24, its own attribute certificate AC acquired from the attribute certificate storage unit 25, and The URL of the requesting device B30 is transmitted to the authentication server 10 together with the authentication request (Sa1). Upon receiving the authentication request from the device A20, the requester authentication processing unit 11 receives the public key of its own device obtained from the public key certificate storage unit 13 of the authentication server 10 from the public key certificate PKC of the device A20 received together with the authentication request. It is verified that the certification path reaches the certificate PKC (Sa2).

具体的な検証手順を説明する。ここでは、機器A20の公開鍵証明書PKCの発行元は認証局CA−2B52であり、認証局CA−2B52の公開鍵証明書PKCの発行元はその親認証局である認証局CA−1B51であり、認証局CA−1B51は相互認証証明書により認証局CA−1A41とホップ数2までの範囲で相互に認証しあっている。認証局CA−1A41は、認証サーバ10の公開鍵証明書PKCの発行元なので、これが機器A20の公開鍵証明書PKCから認証サーバ10の公開鍵証明書PKCまでの認証パスである。依頼元認証処理部11は、この認証パスに沿って、各証明書の署名をその証明書の発行元の公開鍵証明書PKCに含まれる公開鍵にて検証するとともに、各証明書の有効期限が期限切れでないことを検証する。   A specific verification procedure will be described. Here, the issuer of the public key certificate PKC of the device A20 is the certificate authority CA-2B52, and the issuer of the public key certificate PKC of the certificate authority CA-2B52 is the certificate authority CA-1B51 that is the parent certificate authority. Yes, the certificate authority CA-1B51 mutually authenticates with the certificate authority CA-1A41 within the range of up to two hops by the mutual authentication certificate. Since the certificate authority CA-1A41 is the issuer of the public key certificate PKC of the authentication server 10, this is the authentication path from the public key certificate PKC of the device A20 to the public key certificate PKC of the authentication server 10. The requester authentication processing unit 11 verifies the signature of each certificate with the public key included in the public key certificate PKC of the certificate issuer along the authentication path, and the expiration date of each certificate. Verify that is not expired.

これらの検証の結果、問題がなければ、依頼元認証処理部11は、認証サーバ10の公開鍵証明書PKCを公開鍵証明書記憶部13から取得して、認証要求の送信元である機器A20に送信する(Sa3)。機器A20は、認証サーバ10の公開鍵証明書PKCを受けると、その相互認証処理部21が、これを受けて、受けた認証サーバ10の公開鍵証明書PKCから機器A20の公開鍵証明書PKCまで認証パスが到達することを、ステップSa2と同様の手順で検証する(Sa4)。   If there is no problem as a result of these verifications, the request source authentication processing unit 11 acquires the public key certificate PKC of the authentication server 10 from the public key certificate storage unit 13, and the device A20 that is the transmission source of the authentication request (Sa3). When the device A20 receives the public key certificate PKC of the authentication server 10, the mutual authentication processing unit 21 receives it and from the received public key certificate PKC of the authentication server 10 to the public key certificate PKC of the device A20. It is verified by the same procedure as in step Sa2 that the authentication path has reached (Sa4).

検証の結果、問題がなければ、機器A20と認証サーバ10の相互認証は完了し、サービス依頼処理部22が、機器B30に対するセッション開始要求を認証サーバ10に送信する(Sa5)。認証サーバ10は、セッション開始要求を受けると、その依頼先認証処理部12が、公開鍵証明書記憶部13から自装置の公開鍵証明書PKCを取得して、取得した公開鍵証明書PKCをサービス依頼先である機器B30へ送信する(Sa6)。機器B30は、認証サーバ10の公開鍵証明書PKCを受けると、その相互認証処理部31が、これを受けて、受けた認証サーバ10の公開鍵証明書PKCから機器B30の公開鍵証明書PKCまで認証パスが到達することを、ステップSa2と同様の手順で検証する(Sa7)。   If there is no problem as a result of the verification, the mutual authentication between the device A20 and the authentication server 10 is completed, and the service request processing unit 22 transmits a session start request for the device B30 to the authentication server 10 (Sa5). Upon receiving the session start request, the authentication server 10 obtains the public key certificate PKC of its own device from the public key certificate storage unit 13 and receives the public key certificate PKC. The service request is sent to the device B30 (Sa6). When the device B30 receives the public key certificate PKC of the authentication server 10, the mutual authentication processing unit 31 receives this and the public key certificate PKC of the device B30 from the received public key certificate PKC of the authentication server 10. It is verified by the same procedure as in step Sa2 that the authentication path has reached (Sa7).

検証の結果、問題がなければ、相互認証処理部31は、公開鍵証明書記憶部33から自装置の公開鍵証明書PKCを取得して、取得した公開鍵証明書PKCを認証サーバ10へ送信する(Sa8)。認証サーバ10の依頼先認証処理部12は、相互認証処理部31が送信した機器B30の公開鍵証明書PKCを受けて、受けた機器B30の公開鍵証明書PKCから認証サーバ10の公開鍵証明書PKCまで認証パスが到達することを、ステップSa2と同様の手順で検証する(Sa9)。
検証の結果、問題がなければ、機器B30と認証サーバ10の相互認証は完了しているので、依頼先認証処理部12は、相互認証完了の通知を機器B30に送信する(Sa10)。機器B30は、相互認証完了の通知を受けると、相互認証処理部31が、これを受けて、相互認証されたことを認識する。 If there is no problem as a result of the verification, the mutual authentication processing unit 31 acquires the public key certificate PKC of its own device from the public key certificate storage unit 33 and transmits the acquired public key certificate PKC to the authentication server 10. (Sa8). The request destination authentication processing unit 12 of the authentication server 10 receives the public key certificate PKC of the device B30 transmitted by the mutual authentication processing unit 31, and receives the public key certificate of the authentication server 10 from the received public key certificate PKC of the device B30. It is verified by the same procedure as in step Sa2 that the certification path reaches the certificate PKC (Sa9).
If there is no problem as a result of the verification, the mutual authentication between the device B30 and the authentication server 10 has been completed, and the request destination authentication processing unit 12 transmits a notification of the completion of the mutual authentication to the device B30 (Sa10). Upon receiving notification of completion of mutual authentication, the device B30 receives this and recognizes that mutual authentication has been performed.

一方、依頼先認証処理部12が相互認証完了の通知を送信した後、認証サーバ10では、ステップSa11に遷移して図5に示すフローチャートで信頼性確認処理部15が動作して、機器A20の公開鍵証明書PKCと機器B30の公開鍵証明書PKCの信頼性確認、および、機器A20の属性証明書ACと機器B30の属性証明書ACの信頼性確認を行う。このステップSa11の信頼性確認処理が、従来のセンタ型にはなく、本発明における特徴的な処理である。
まず、信頼性確認処理部15は、信頼性確認テーブル17を参照して、確認元PKCのCA名、シリアルNo.がサービス依頼元である機器A20の公開鍵証明書PKCのCA名、シリアルNo.であり、確認先PKCのCA名、シリアルNo.がサービス依頼先である機器B30の公開鍵証明書PKCのCA名、シリアルNo.であるレコードを検索し、該当レコードが存在するか否かを確認する(Sb1)。存在する場合は、信頼性確認処理部15は、該当レコードに登録されている有効期限が切れているか否か(Sb2)、信頼性情報は「OK」であるか否かを確認する(Sb3)。 On the other hand, after the request destination authentication processing unit 12 transmits the mutual authentication completion notification, in the authentication server 10, the process proceeds to step Sa11 and the reliability confirmation processing unit 15 operates in the flowchart shown in FIG. The reliability of the public key certificate PKC and the public key certificate PKC of the device B30 is confirmed, and the reliability of the attribute certificate AC of the device A20 and the attribute certificate AC of the device B30 is confirmed. The reliability check process in step Sa11 is not a conventional center type but a characteristic process in the present invention.
First, the reliability confirmation processing unit 15 refers to the reliability confirmation table 17 and refers to the CA name of the confirmation source PKC, the serial number. Is the CA name and serial number of the public key certificate PKC of the device A20 that is the service request source. The CA name and serial number of the confirmation destination PKC. Is the CA name and serial number of the public key certificate PKC of the device B30 that is the service request destination. Is searched to check whether or not the corresponding record exists (Sb1). If it exists, the reliability confirmation processing unit 15 confirms whether the expiration date registered in the corresponding record has expired (Sb2) and whether the reliability information is “OK” (Sb3). .

これらの確認で問題なければ、さらに、信頼性確認処理部15は、信頼性確認テーブル17を参照して、ステップSb1とは逆向きに、確認元PKCのCA名、シリアルNo.がサービス依頼先である機器B30の公開鍵証明書PKCのCA名、シリアルNo.であり、確認先PKCのCA名、シリアルNo.がサービス依頼元である機器A20の公開鍵証明書PKCのCA名、シリアルNo.であるレコードを検索し、該当レコードが存在するか否かを確認する(Sb4)。存在する場合は、信頼性確認処理部15は、該当レコードに登録されている有効期限が切れているか否か(Sb5)、信頼性情報は「OK」であるか否かを確認する(Sb6)。これらの確認で問題なければ、機器A20と機器B30の信頼性確認結果を「OK」とする(Sb7)。   If there is no problem in these confirmations, the reliability confirmation processing unit 15 refers to the reliability confirmation table 17 and, in the opposite direction to step Sb1, the CA name and serial number of the confirmation source PKC. Is the CA name and serial number of the public key certificate PKC of the device B30 that is the service request destination. The CA name and serial number of the confirmation destination PKC. Is the CA name and serial number of the public key certificate PKC of the device A20 that is the service request source. Is searched to check whether or not the corresponding record exists (Sb4). If it exists, the reliability confirmation processing unit 15 confirms whether the expiration date registered in the record has expired (Sb5) and whether the reliability information is “OK” (Sb6). . If there is no problem in these confirmations, the reliability confirmation results of the devices A20 and B30 are set to “OK” (Sb7).

しかし、どちらかのレコードの信頼性情報が「OK」でなく、「NG」であった場合は(Sb3、Sb6)、信頼性確認処理部15は、信頼性確認結果を「NG]とする(Sb11)。また、どちらかのレコードが存在しなかった場合(Sb1、Sb4)、あるいは、有効期限が切れていた場合は(Sb2、Sb5)は、信頼性情報生成処理部16が、確認元の公開鍵証明書PKCから確認先の公開鍵証明書PKCまで認証パスが到達することを検証する(Sb8、Sb12)。検証の結果、認証パスが到達したときは、信頼性情報生成処理部16は、信頼性情報テーブル17に該当するテーブルを作成し、信頼性情報に「OK」を、有効期限に現在時刻に所定の時間を足した値もしくは検証に用いた証明書の有効期限で最も近い値のうち、近い値を登録し(Sb9、Sb13)、ステップSb9の場合はステップSb4に遷移し、ステップSb13の場合はステップSb7に遷移する。   However, if the reliability information of one of the records is not “OK” but “NG” (Sb3, Sb6), the reliability confirmation processing unit 15 sets the reliability confirmation result to “NG” ( Sb11) If one of the records does not exist (Sb1, Sb4), or if the expiration date has expired (Sb2, Sb5), the reliability information generation processing unit 16 checks the confirmation source. It is verified that the certification path reaches from the public key certificate PKC to the public key certificate PKC as the confirmation destination (Sb8, Sb12) As a result of the verification, the reliability information generation processing unit 16 Then, a table corresponding to the reliability information table 17 is created, “OK” is added to the reliability information, a value obtained by adding a predetermined time to the current time, or a value closest to the validity period of the certificate used for verification. Out of Registers have values (Sb9, Sb13), in the case of step Sb9 transitions to step Sb4, the case of step Sb13 process proceeds to a step Sb7.

一方、ステップSb8またはSb12における検証の結果、認証パスが到達できなかったときは、信頼性情報生成処理部16は、信頼性情報テーブル17に該当するテーブルを作成し、信頼性情報に「OK」を、有効期限に現在時刻に所定の時間を足した値を登録する(Sb10、Sb14)。これを受けて、信頼性確認処理部15は、信頼性確認結果を「NG]とする(Sb11)。   On the other hand, as a result of the verification in step Sb8 or Sb12, if the authentication path cannot be reached, the reliability information generation processing unit 16 creates a table corresponding to the reliability information table 17 and adds “OK” to the reliability information. A value obtained by adding a predetermined time to the current time to the expiration date is registered (Sb10, Sb14). Receiving this, the reliability confirmation processing unit 15 sets the reliability confirmation result to “NG” (Sb11).

これにより、信頼性確認処理部15は、依頼元機器の公開鍵証明書PKCと依頼先機器の公開鍵証明書PKCが互いに信頼可能であることを検証している。さらに、信頼性確認処理部15は、依頼元機器の公開鍵証明書PKCが依頼先機器の属性証明書ACを信頼可能であることと、依頼先機器の公開鍵証明書PKCが依頼元機器の属性証明書ACを信頼可能であることの確認を、図5のフローチャートにおける確認先を公開鍵証明書PKCから属性証明書ACに変更したフローにて実施する。   Accordingly, the reliability confirmation processing unit 15 verifies that the public key certificate PKC of the request source device and the public key certificate PKC of the request destination device are mutually trustworthy. Further, the reliability confirmation processing unit 15 confirms that the public key certificate PKC of the request source device can trust the attribute certificate AC of the request destination device, and that the public key certificate PKC of the request destination device is the request source device. Confirmation that the attribute certificate AC is reliable is performed in a flow in which the confirmation destination in the flowchart of FIG. 5 is changed from the public key certificate PKC to the attribute certificate AC.

図5によるフローチャートの動作例を具体的に説明する。ここでは、まずステップSb1にて該当レコードが存在しないとすると、ステップSb8に遷移し、信頼性確認処理部15は、サービス依頼先の公開鍵証明書PKCからサービス依頼元の公開鍵証明書PKCの発行元認証局に認証パスが到達可能か確認する。このときサービス依頼元の公開鍵証明書PKCは、機器A20の公開鍵証明書PKCであり、サービス依頼元の公開鍵証明書PKCの発行元認証局は、機器B30の公開鍵証明書PKCの発行元認証局CA−2B52である。   An example of the operation of the flowchart according to FIG. 5 will be specifically described. Here, assuming that there is no corresponding record in step Sb1, the process proceeds to step Sb8, and the reliability confirmation processing unit 15 changes the service request source public key certificate PKC to the service request source public key certificate PKC. Check whether the certification path can reach the issuing certificate authority. At this time, the public key certificate PKC of the service request source is the public key certificate PKC of the device A20, and the issuing certificate authority of the public key certificate PKC of the service request source issues the public key certificate PKC of the device B30. This is the former certificate authority CA-2B52.

図3を参照して認証パスを確認すると、まず、機器B30の公開鍵証明書PKCの発行元認証局は、認証局CA−3A43であり、認証局CA−3A43の発行元認証局は、認証局CA−2A42であり、認証局CA−2A42の発行元認証局は、認証局CA−1A41である。認証局CA−1A41は認証局CA−1B51と相互認証証明書60にて相互認証しあっており、認証局CA−1B51のサブCAには、認証局CA−2B52がある。この認証局CA−2B52は前述のようにサービス依頼元である機器A20の公開鍵証明書PKCの発行元認証局である。これが認証パスになるが、相互認証証明書60で制限しているホップ数を確認すると、機器B30の公開鍵証明書PKCから認証局CA−1A41までのホップ数は、機器B30の公開鍵証明書PKCから認証局CA−3A43、認証局CA−3A43から認証局CA−2A42、認証局CA−2A42から認証局CA−1A41の計3つである。このため、サービス依頼先である機器A20の公開鍵証明書PKCからサービス依頼元である機器B30の公開鍵証明書PKCの発行元認証局に認証パスが到達できない。   When the authentication path is confirmed with reference to FIG. 3, first, the issuing certificate authority of the public key certificate PKC of the device B30 is the certificate authority CA-3A43, and the issuing certificate authority of the certificate authority CA-3A43 is The certificate authority CA-2A42 and the issuing certificate authority of the certificate authority CA-2A42 are the certificate authorities CA-1A41. The certificate authority CA-1A41 is mutually authenticated with the certificate authority CA-1B51 by the mutual authentication certificate 60, and the certificate authority CA-2B52 is a sub CA of the certificate authority CA-1B51. This certificate authority CA-2B52 is the certificate authority that issued the public key certificate PKC of the device A20 that is the service requester as described above. This is an authentication path. When the number of hops restricted by the mutual authentication certificate 60 is confirmed, the number of hops from the public key certificate PKC of the device B30 to the certification authority CA-1A41 is the public key certificate of the device B30. There are a total of three from PKC to certification authority CA-3A43, certification authority CA-3A43 to certification authority CA-2A42, and certification authority CA-2A42 to certification authority CA-1A41. For this reason, the certification path cannot reach the issuing certificate authority of the public key certificate PKC of the device B30 that is the service request source from the public key certificate PKC of the device A20 that is the service request destination.

このため、ステップSb10に遷移し、確認元PKCを機器A20の公開鍵証明書PKC、確認先PKCを機器B30の公開鍵証明書PKCとするレコードを信頼性情報テーブル17に生成し、信頼性情報を「NG」、信頼性期限に現在時刻に所定の時間を足した値を登録し、信頼性確認結果を「NG」とする(Sb11)。
信頼性確認処理部15における、信頼性確認結果が「NG」のときは、機器A20からのセッション開始要求は破棄され、シーケンスは終了する。 For this reason, the process proceeds to step Sb10, and a record in which the confirmation source PKC is the public key certificate PKC of the device A20 and the confirmation destination PKC is the public key certificate PKC of the device B30 is generated in the reliability information table 17. Is set to “NG”, a value obtained by adding a predetermined time to the current time to the reliability deadline, and the reliability confirmation result is set to “NG” (Sb11).
When the reliability confirmation result in the reliability confirmation processing unit 15 is “NG”, the session start request from the device A20 is discarded, and the sequence ends.

信頼性確認結果が「OK」であったときは、サービス中継処理部14は、ステップSa5で受けたセッション開始要求を、機器B30へ送信する(Sa12)。機器B30は、セッション開始要求を受けると、そのサービス実行処理部32が、サービスを実施し(Sa13)、その結果をサービス実施結果として、認証サーバ10に送信する(Sa14)。認証サーバ10は、サービス実施結果を受けると、そのサービス中継処理部14が、受けたサービス実施結果を機器A20へ送信する(Sa15)。機器A20は、サービス実施結果を受けると、そのサービス結果処理部23が、サービス実施結果を画面に表示する。   If the reliability confirmation result is “OK”, the service relay processing unit 14 transmits the session start request received in step Sa5 to the device B30 (Sa12). When the device B30 receives the session start request, the service execution processing unit 32 executes the service (Sa13), and transmits the result to the authentication server 10 as the service execution result (Sa14). When the authentication server 10 receives the service execution result, the service relay processing unit 14 transmits the received service execution result to the device A20 (Sa15). When the device A20 receives the service execution result, the service result processing unit 23 displays the service execution result on the screen.

なお、本実施形態において、機器A20の相互認証処理部21と認証サーバ10の依頼元認証処理部11、依頼先認証処理部12と機器B30の相互認証処理部31は、公開鍵証明書を用いた相互認証を行なうとして説明したが、これらの処理部の間で実施する認証は、共通鍵を用いた認証であってもよいし、IDとパスワードやバイオメトリクスを用いた認証であってもよい。また、このとき、機器A20の相互認証処理部21と認証サーバ10の依頼元認証処理部11の認証方法と、依頼先認証処理部12と機器B30の相互認証処理部31の認証方法とは別々の認証方法であってもよい。
これにより、異なる認証方法を持つ機器の間でも、機器同士の認証関係に基づき信頼可否を判定することができる。 In the present embodiment, the mutual authentication processing unit 21 of the device A20, the request source authentication processing unit 11 of the authentication server 10, the request destination authentication processing unit 12 and the mutual authentication processing unit 31 of the device B30 use public key certificates. However, the authentication performed between these processing units may be authentication using a common key, or may be authentication using an ID and a password or biometrics. . At this time, the mutual authentication processing unit 21 of the device A20 and the authentication method of the request source authentication processing unit 11 of the authentication server 10 and the authentication method of the request destination authentication processing unit 12 and the mutual authentication processing unit 31 of the device B30 are different. The authentication method may be used.
Thereby, it is possible to determine whether or not trust is possible between devices having different authentication methods based on the authentication relationship between the devices.

また、本実施形態における各認証を実施する際に使用する証明書は、各装置が備えていてもよいし、認証サーバ10と機器A20と機器B30とが接続されたネットワークにリポジトリを設置し、該リポジトリが記憶していてもよい。また、リポジトリに記憶するときは、認証局CAのDomain毎などにリポジトリを設置してもよい。   In addition, the certificate used when performing each authentication in the present embodiment may be included in each device, or a repository is installed in a network in which the authentication server 10, the device A20, and the device B30 are connected, The repository may be stored. Further, when storing in the repository, the repository may be set for each domain of the certificate authority CA.

また、本実施形態における機器B30が実施して機器A20に提供するサービスは、認証された相手だけに情報を開示するサービスであってもよい、認証された相手にだけ業務サービスを提供するASP(Application Service Provider)であってもよい。   In addition, the service implemented by the device B30 in the present embodiment and provided to the device A20 may be a service that discloses information only to the authenticated partner. The ASP (providing business service only to the authenticated partner) Application Service Provider).

また、図1における依頼元認証処理部11、依頼先認証処理部12、サービス中継処理部14、信頼性確認処理部15、信頼性情報生成処理部16、相互認証処理部21、サービス依頼処理部22、サービス結果処理部23、相互認証処理部31、サービス実行処理部32の機能を実現するためのプログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録されたプログラムをコンピュータシステムに読み込ませ、実行することによりこれらの処理部の処理を行ってもよい。なお、ここでいう「コンピュータシステム」とは、OSや周辺機器等のハードウェアを含むものとする。   Further, the request source authentication processing unit 11, the request destination authentication processing unit 12, the service relay processing unit 14, the reliability confirmation processing unit 15, the reliability information generation processing unit 16, the mutual authentication processing unit 21, and the service request processing unit in FIG. 22. A program for realizing the functions of the service result processing unit 23, the mutual authentication processing unit 31, and the service execution processing unit 32 is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in a computer system. The processing of these processing units may be performed by reading and executing. The “computer system” here includes an OS and hardware such as peripheral devices.

また、「コンピュータシステム」は、WWWシステムを利用している場合であれば、ホームページ提供環境(あるいは表示環境)も含むものとする。
また、「コンピュータ読み取り可能な記録媒体」とは、フレキシブルディスク、光磁気ディスク、ROM、CD−ROM等の可搬媒体、コンピュータシステムに内蔵されるハードディスク等の記憶装置のことをいう。さらに「コンピュータ読み取り可能な記録媒体」とは、インターネット等のネットワークや電話回線等の通信回線を介してプログラムを送信する場合の通信線のように、短時間の間、動的にプログラムを保持するもの、その場合のサーバやクライアントとなるコンピュータシステム内部の揮発性メモリのように、一定時間プログラムを保持しているものも含むものとする。また上記プログラムは、前述した機能の一部を実現するためのものであっても良く、さらに前述した機能をコンピュータシステムにすでに記録されているプログラムとの組み合わせで実現できるものであっても良い。 Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used.
The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Furthermore, the “computer-readable recording medium” dynamically holds a program for a short time like a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. In this case, a volatile memory in a computer system serving as a server or a client in that case is also used to hold a program for a certain period of time. The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.

以上、この発明の実施形態を図面を参照して詳述してきたが、具体的な構成はこの実施形態に限られるものではなく、この発明の要旨を逸脱しない範囲の設計等も含まれる。   The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes design and the like within a scope not departing from the gist of the present invention.

この発明の一実施形態による認証システムの概略構成を示すブロック図である。It is a block diagram which shows schematic structure of the authentication system by one Embodiment of this invention. 同実施形態における信頼性情報テーブル17の内容例を示す図である。It is a figure which shows the example of the content of the reliability information table 17 in the embodiment. 同実施形態における各証明書の発行元認証局の関係を説明する図である。It is a figure explaining the relationship of the issuing certificate authority of each certificate in the same embodiment. 同実施形態における認証システムの動作を説明するためのシーケンス図である。It is a sequence diagram for demonstrating operation | movement of the authentication system in the embodiment. 同実施形態における信頼性確認処理部15および信頼性情報生成処理部16の動作を説明するためのフローチャートである。4 is a flowchart for explaining operations of a reliability confirmation processing unit 15 and a reliability information generation processing unit 16 in the same embodiment. 従来の認証システムの概略構成を示すブロック図である。It is a block diagram which shows schematic structure of the conventional authentication system. 従来の認証システムにおける各証明書の発行元認証局の関係例を説明する図である。It is a figure explaining the example of a relationship of the issuing certificate authority of each certificate in the conventional authentication system.

符号の説明Explanation of symbols

10…認証サーバ
11…依頼元認証処理部
12…依頼先認証処理部
13…公開鍵証明書記憶部
14…サービス中継処理部
15…信頼性確認処理部
16…信頼性情報生成処理部
17…信頼性情報テーブル
20…機器A
21…相互認証処理部
22…サービス依頼処理部
23…サービス結果処理部
24…公開鍵証明書記憶部
25…属性証明書記憶部
30…機器B
31…相互認証処理部
32…サービス実行処理部
33…公開鍵証明書記憶部
34…属性証明書記憶部
40…DomainA
41…認証局CA−1A
42…認証局CA−2A
43…認証局CA−3A
50…DomainB
51…認証局CA−1B
52…認証局CA−2B
60…相互認証証明書
100…機器A
101…機器B
102…機器X
200…機器A
201…機器C
202…機器B
203…機器X
300…DomainA
301…認証局CA−1A
302…認証局CA−2A
303…認証局CA−3A
310…DomainB
311…認証局CA−1B
312…認証局CA−2B

DESCRIPTION OF SYMBOLS 10 ... Authentication server 11 ... Request origin authentication process part 12 ... Request destination authentication process part 13 ... Public key certificate memory | storage part 14 ... Service relay process part 15 ... Reliability confirmation process part 16 ... Reliability information generation process part 17 ... Trust Sex information table 20 ... Device A
21 ... Mutual authentication processing unit 22 ... Service request processing unit 23 ... Service result processing unit 24 ... Public key certificate storage unit 25 ... Attribute certificate storage unit 30 ... Device B
31 ... Mutual authentication processing unit 32 ... Service execution processing unit 33 ... Public key certificate storage unit 34 ... Attribute certificate storage unit 40 ... Domain A
41 ... Certificate Authority CA-1A
42 ... Certificate Authority CA-2A
43 ... Certificate Authority CA-3A
50 ... DomainB
51 ... Certificate Authority CA-1B
52 ... CA CA-2B
60 ... Mutual authentication certificate 100 ... Device A
101 ... Device B
102 ... Device X
200: Device A
201 ... Device C
202 ... Device B
203 ... Device X
300 ... DomainA
301 ... Certificate Authority CA-1A
302 ... Certificate Authority CA-2A
303 ... Certificate Authority CA-3A
310 ... DomainB
311 ... Certificate Authority CA-1B
312 ... Certificate Authority CA-2B

Claims (6)

複数の機器と、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をする認証サーバとからなる認証システムにおいて、
前記認証サーバは、
前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段と、
前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段と
を備えることを特徴とする認証システム。 An authentication system comprising a plurality of devices and an authentication server that performs mutual authentication with the one device and the other device in response to an authentication request with another device received from one device of the plurality of devices In
The authentication server is
Reliability information storage means for storing reliability between the plurality of devices;
The reliability information from the one device to the other device and the reliability from the other device to the one device are acquired with reference to the reliability information storage means, and both of the acquired results are reliable. An authentication system comprising: a reliability confirmation unit configured to make the one device and the other device trust each other when it is acceptable. 前記信頼性情報記憶手段は、前記複数の機器間の信頼可否とともに、該信頼可否の有効期限を記憶し、
前記信頼性確認手段は、前記一の機器から前記他の機器への信頼可否および有効期限と前記他の機器から前記一の機器への信頼可否および有効期限とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可且つ有効期限内であったときは、前記一の機器と前記他の機器は相互に信頼可とすること
を特徴とする請求項1に記載の認証システム。 The reliability information storage means stores the validity period of the reliability along with the reliability between the plurality of devices,
The reliability confirmation means refers to the reliability information storage means for the reliability and validity period from the one apparatus to the other apparatus and the reliability validity and validity period from the other apparatus to the one apparatus. The one device and the other device are mutually trustworthy when both of the obtained results are reliable and within the expiration date. Authentication system. 前記機器は、各々の公開鍵証明書を備え、
前記認証サーバは、
前記信頼性確認手段において前記信頼性情報記憶手段を参照した際に、必要な機器間の信頼可否が信頼性情報記憶手段に記憶されていないときは、前記必要な機器間の信頼可否を、前記必要な機器各々の公開鍵証明書間の認証パスを検証することで決定し、前記信頼性情報記憶手段に格納する信頼性情報生成手段
を備えることを特徴とする請求項2に記載の認証システム。 The device includes each public key certificate,
The authentication server is
When referring to the reliability information storage means in the reliability confirmation means, if the reliability between necessary devices is not stored in the reliability information storage means, the reliability between the required devices is The authentication system according to claim 2, further comprising: a reliability information generation unit that is determined by verifying a certification path between public key certificates of each required device and that is stored in the reliability information storage unit. . 前記機器は、各々の属性証明書を備え、
前記認証サーバの信頼性情報記憶手段は、前記複数の機器間の公開鍵証明書から属性証明書への信頼可否を記憶し、
前記認証サーバの信頼性確認手段は、前記一の機器から前記他の機器の属性証明書への信頼可否と前記他の機器から前記一の機器の属性証明書への信頼可否とを前記信頼性情報記憶手段より取得し、取得した結果が二つとも信頼可であったときは、前記一の機器の属性証明書および前記他の機器の属性証明書は信頼可とし、
前記認証サーバの信頼性情報生成手段は、前記信頼性確認手段において前記信頼性情報記憶手段を参照した際に、必要な機器間の属性照明書への信頼可否が信頼性情報記憶手段に記憶されていないときは、前記必要な機器間の属性照明書への信頼可否を、前記必要な機器間の属性証明書への認証パスを検証することで決定し、前記信頼性情報記憶手段に格納すること
を特徴とする請求項3に記載の認証システム。 The device includes each attribute certificate,
The reliability information storage means of the authentication server stores the reliability of the attribute certificate from the public key certificate between the plurality of devices,
The reliability confirmation unit of the authentication server determines whether or not the one device can trust the attribute certificate of the other device and whether or not the other device can trust the attribute certificate of the one device. Obtained from the information storage means, and when both of the obtained results are reliable, the attribute certificate of the one device and the attribute certificate of the other device are trusted,
When the reliability information generating means of the authentication server refers to the reliability information storage means in the reliability confirmation means, the reliability information storage means stores the reliability of the attribute lighting between necessary devices. If not, whether to trust the attribute lighting between the necessary devices is determined by verifying an authentication path to the attribute certificate between the necessary devices, and stored in the reliability information storage unit The authentication system according to claim 3, wherein: 複数の機器と接続され、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をする認証サーバにおいて、
前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段と
前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段と
を備えることを特徴とする認証サーバ。 In an authentication server connected to a plurality of devices and performing mutual authentication with the one device and the other device in response to an authentication request with another device received from one device among the plurality of devices,
Reliability information storage means for storing reliability between the plurality of devices; reliability information from the one device to the other device; and reliability information from the other device to the one device. When the two results obtained by referring to the storage means are reliable, the one device and the other device are provided with a reliability confirmation means for making each other reliable. An authentication server. 複数の機器と接続され、前記複数の機器のうちの一の機器から受けた他の機器との認証要求に応じて前記一の機器および前記他の機器との相互認証をするコンピュータを、
前記複数の機器間の信頼可否を記憶する信頼性情報記憶手段、
前記一の機器から前記他の機器への信頼可否と前記他の機器から前記一の機器への信頼可否とを前記信頼性情報記憶手段を参照して取得し、取得した結果が二つとも信頼可であったときは、前記一の機器と前記他の機器は相互に信頼可とする信頼性確認手段
として機能させるプログラム。

A computer connected to a plurality of devices and performing mutual authentication with the one device and the other device in response to an authentication request with another device received from one device of the plurality of devices;
Reliability information storage means for storing reliability between the plurality of devices;
The reliability information from the one device to the other device and the reliability from the other device to the one device are acquired with reference to the reliability information storage means, and both of the acquired results are reliable. When it is possible, a program that causes the one device and the other device to function as a reliability confirmation unit that makes each other reliable.

JP2006097994A 2006-03-31 2006-03-31 Authentication system, authentication server and program Expired - Fee Related JP5052809B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2006097994A JP5052809B2 (en) 2006-03-31 2006-03-31 Authentication system, authentication server and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2006097994A JP5052809B2 (en) 2006-03-31 2006-03-31 Authentication system, authentication server and program

Publications (2)

Publication Number Publication Date
JP2007274380A true JP2007274380A (en) 2007-10-18
JP5052809B2 JP5052809B2 (en) 2012-10-17

Family

ID=38676712

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2006097994A Expired - Fee Related JP5052809B2 (en) 2006-03-31 2006-03-31 Authentication system, authentication server and program

Country Status (1)

Country Link
JP (1) JP5052809B2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011530957A (en) * 2008-08-14 2011-12-22 マイクロソフト コーポレーション Mobile device association
JP2012060561A (en) * 2010-09-13 2012-03-22 Ricoh Co Ltd Communication device, method for judging validity of electronic certificate, program for judging validity of electronic certificate, and storage medium
JP2013506352A (en) * 2009-09-30 2013-02-21 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method and system for obtaining public key, verifying and authenticating entity's public key with third party trusted online
US9032106B2 (en) 2013-05-29 2015-05-12 Microsoft Technology Licensing, Llc Synchronizing device association data among computing devices
US9197625B2 (en) 2008-08-14 2015-11-24 Microsoft Technology Licensing, Llc Cloud-based device information storage

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002072876A (en) * 2000-08-30 2002-03-12 Hitachi Ltd Certificate validity checking method and device
JP2002139996A (en) * 2000-11-01 2002-05-17 Nippon Telegr & Teleph Corp <Ntt> Signature verification support device, public key certificate validity confirmation method, digital signature verification method, and digital signature generation method
JP2003345742A (en) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> CUG (Closed User Group) management method, CUG providing system, CUG providing program, and storage medium storing CUG providing program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002072876A (en) * 2000-08-30 2002-03-12 Hitachi Ltd Certificate validity checking method and device
JP2002139996A (en) * 2000-11-01 2002-05-17 Nippon Telegr & Teleph Corp <Ntt> Signature verification support device, public key certificate validity confirmation method, digital signature verification method, and digital signature generation method
JP2003345742A (en) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> CUG (Closed User Group) management method, CUG providing system, CUG providing program, and storage medium storing CUG providing program

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011530957A (en) * 2008-08-14 2011-12-22 マイクロソフト コーポレーション Mobile device association
US9197625B2 (en) 2008-08-14 2015-11-24 Microsoft Technology Licensing, Llc Cloud-based device information storage
US10447705B2 (en) 2008-08-14 2019-10-15 Microsoft Technology Licensing, Llc Cloud-based device information storage
JP2013506352A (en) * 2009-09-30 2013-02-21 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 Method and system for obtaining public key, verifying and authenticating entity's public key with third party trusted online
US8751792B2 (en) 2009-09-30 2014-06-10 China Iwncomm Co., Ltd. Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party
JP2012060561A (en) * 2010-09-13 2012-03-22 Ricoh Co Ltd Communication device, method for judging validity of electronic certificate, program for judging validity of electronic certificate, and storage medium
US9032106B2 (en) 2013-05-29 2015-05-12 Microsoft Technology Licensing, Llc Synchronizing device association data among computing devices
US9311109B2 (en) 2013-05-29 2016-04-12 Microsoft Technology Licensing, Llc Synchronizing device association data among computing devices

Also Published As

Publication number Publication date
JP5052809B2 (en) 2012-10-17

Similar Documents

Publication Publication Date Title
JP5576985B2 (en) Method for determining cryptographic algorithm used for signature, verification server, and program
US10567370B2 (en) Certificate authority
US7512785B2 (en) Revocation distribution
KR100431210B1 (en) Validation Method of Certificate Validation Server using Certificate Policy Table and Certificate Policy Mapping Table in PKI
JP7665616B2 (en) Method and device for automated digital certificate validation - Patents.com
JP3880957B2 (en) Root certificate distribution system, root certificate distribution method, computer executable root certificate distribution program, server device, and client device
JP5448892B2 (en) Certificate verification system, path constraint information generation apparatus, certificate verification apparatus, and certificate verification method
JP2007149010A (en) Authority management server, authority management system, token verification method, and token verification program
JP5052809B2 (en) Authentication system, authentication server and program
JP2004248220A (en) Public key certificate issuing device, public key certificate recording medium, authentication terminal device, public key certificate issuing method, and program
JP2010081154A (en) Information processing device, program, and information processing system
JP5036500B2 (en) Attribute certificate management method and apparatus
JP2007074349A (en) Attribute authentication system and method for making attribute information anonymous in this system
JP2013223171A (en) Public key infrastructure control system, certificate authority server, user terminal, public key infrastructure control method and program
JP4761348B2 (en) User authentication method and system
JP2005286443A (en) Certificate verification apparatus and computer program therefor
JP2006270646A (en) Electronic certificate management apparatus
JP2008287359A (en) Authentication apparatus and program
JP2006229735A (en) Information processing apparatus and system
JP4166668B2 (en) Digital signature long-term verification system, digital signature long-term verification device, and computer program therefor
JP4730814B2 (en) User information management method and system
JP2002217899A (en) Portable terminal, certificate verification server, digital certificate validity verification system, digital certificate validity verification method
WO2020017643A1 (en) Electronic signature system, certificate issuance system, key management system, certificate issuance method, and program
JP4469687B2 (en) Service setting information download program, terminal device, and service setting information download method
JP4990560B2 (en) Electronic signature verification system

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20090130

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20110909

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20110920

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20111121

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20120313

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20120612

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20120619

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20120717

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20120725

R150 Certificate of patent or registration of utility model

Ref document number: 5052809

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20150803

Year of fee payment: 3

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313111

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

LAPS Cancellation because of no payment of annual fees