JP2018148463A - Authentication system, authentication information generator, apparatus to be authenticated, and authentication apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system, an authentication information generating device, an authenticated device and an authentication device for performing highly secure authentication between two devices. An authentication system 1 includes a user terminal 20 that makes an authentication request, a service device 30 that authenticates the authentication request, and a server 10 that generates authentication information used for the authentication. The server 10 generates the authentication information by signing the personal authentication code, which is the secret information, using the server private key and encrypting it using the service device public key, and transmits the authentication information to the user terminal 20. The user terminal 20 transmits the authentication information acquired from the server 10 and the personal authentication code input by the user to the service device 30. The service device 30 decrypts the received authentication information using the service device private key to extract the personal authentication code, and checks the signature of the received authentication information using the server public key. Authentication is performed using the received confidential information and the extracted confidential information. [Selection diagram] Fig. 1

Description

  The present invention relates to an authentication system, an authentication information generation device, a device to be authenticated, and an authentication device.

  Conventionally, a system for performing authentication between two devices is known. For example, Patent Document 1 describes that authentication is performed between a server and a client. The client transmits an authentication request including the ID and password to the server. The server performs authentication by checking whether the combination of the ID and password included in the authentication request matches the combination of the ID and password stored in advance.

JP 2012-191270 A

  As described above, in the conventional authentication, confidential information to be concealed such as a password used for authentication needs to be shared by both apparatuses that receive authentication and those that perform authentication. Sharing secret information may cause problems in the security of the authentication system. For example, confidential information may be leaked in the process of sharing confidential information. Moreover, since confidential information is held by a plurality of devices, the risk of leakage of confidential information is improved.

  The present invention has been made in view of the above, and an object of the present invention is to provide an authentication system, an authentication information generation device, an authentication target device, and an authentication device that can perform highly secure authentication.

  In order to achieve the above object, an authentication system according to the present invention includes an authenticated device that makes an authentication request, an authentication device that authenticates the authentication request, and authentication information that generates authentication information used for the authentication. An authentication system including a generation device, wherein the authentication information generation device acquires a secret key used for generating authentication information and a generation side key storage unit that stores a secret key of the own device and a public key of the authentication device For the secret information acquired by the generation side information acquisition unit and the generation side information acquisition unit, the signature using the private key of the own device stored by the generation side key storage unit and the public key of the authentication device are used. An authentication information generation unit that generates authentication information by performing encryption, and a generation-side transmission unit that transmits the authentication information generated by the authentication information generation unit to the device to be authenticated. From the generator The authenticated side receiving unit that receives the received authentication information, the authenticated side information acquiring unit that acquires confidential information, the authentication information received by the authenticated side receiving unit, and the authenticated side information acquiring unit An authentication-side transmission unit that transmits the confidential information as an authentication request to the authentication device, and the authentication device includes an authentication-side key storage unit that stores the private key of the own device and the public key of the authentication information generation device. An authentication-side receiving unit that receives authentication information and confidential information transmitted as an authentication request from the device to be authenticated, and the self-device stored in the authentication-side key storage unit for the authentication information received by the authentication-side receiving unit The secret information extraction unit that decrypts the secret information by using the secret key and the authentication information received by the authentication side reception unit checks the signature using the public key of the authentication information generation device and performs authentication. By the side receiver An authentication processing unit for performing authentication by using the extracted secret information by the confidential information extraction section received confidential information Te comprises a.

  In the authentication system according to the present invention, the authentication information transmitted from the device to be authenticated without storing the secret information in the authentication device in advance by using the public key and the secret key of the authentication information generation device and the authentication device, respectively. And authentication is performed from confidential information. Therefore, according to the authentication system of the present invention, highly secure authentication can be performed.

  The authentication information generating device, the device to be authenticated, and the authentication device included in the authentication system have a novel configuration and correspond to an invention. That is, an authentication information generation apparatus according to the present invention includes an authentication target apparatus that performs an authentication request, an authentication apparatus that performs authentication in response to the authentication request, and an authentication information generation apparatus that generates authentication information used for the authentication. An authentication information generation device included in an authentication system including a generation side key storage unit that stores a private key of the own device and a public key of the authentication device, and a generation side that acquires confidential information used to generate authentication information For the confidential information acquired by the information acquisition unit and the generation side information acquisition unit, a signature using the private key of the own device stored by the generation side key storage unit, and encryption using the public key of the authentication device And an authentication information generation unit that generates authentication information and a generation side transmission unit that transmits the authentication information generated by the authentication information generation unit to the device to be authenticated.

  An authenticated device according to the present invention includes an authenticated device that makes an authentication request, an authentication device that authenticates the authentication request, and an authentication information generation device that generates authentication information used for the authentication. An authenticated device included in the authentication system, the authenticated side receiving unit that receives the authentication information transmitted from the authentication information generating device, the authenticated side information acquiring unit that acquires confidential information, and the authenticated side receiving unit The authentication-side transmitting unit that transmits the authentication information received by the authentication-side information acquisition unit and the confidential information acquired by the authenticated-side information acquisition unit to the authentication device as an authentication request.

  An authentication apparatus according to the present invention includes an authentication apparatus including an authentication target apparatus that performs an authentication request, an authentication apparatus that performs authentication in response to the authentication request, and an authentication information generation apparatus that generates authentication information used for the authentication. An authentication device included in the system, including an authentication-side key storage unit that stores a private key of the device itself and a public key of the authentication information generation device, and authentication information and confidential information transmitted as an authentication request from the device to be authenticated. Authentication information receiving unit that extracts the confidential information by decrypting the received authentication side receiving unit and the authentication information received by the authentication side receiving unit using the private key of the own device stored in the authentication side key storage unit And the authentication information received by the authentication side receiving unit using the public key of the authentication information generating device to check the signature and extracting the secret information received by the authentication side receiving unit and the secret information extracting unit. And an authentication processing unit for performing authentication by using the is confidential information.

  In the present invention, by using the public key and the secret key of each of the authentication information generation device and the authentication device, the authentication information is not stored in the authentication device in advance, and the authentication information and the secret information transmitted from the device to be authenticated are used. Authentication is performed. Therefore, according to the present invention, highly secure authentication can be performed.

It is a figure which shows the structure of the authentication system which concerns on embodiment of this invention. In the authentication system which concerns on embodiment of this invention, it is a sequence diagram which shows the process performed when an unlocking key is issued. In the authentication system which concerns on embodiment of this invention, it is a sequence diagram which shows the process performed when unlocking is performed. It is a figure which shows the hardware constitutions of the apparatus contained in the authentication system which concerns on embodiment of this invention.

  Hereinafter, embodiments of an authentication system, an authentication information generation device, an authentication target device, and an authentication device according to the present invention will be described in detail with reference to the drawings. In the description of the drawings, the same elements are denoted by the same reference numerals, and redundant description is omitted.

  FIG. 1 shows an authentication system 1 according to this embodiment. The authentication system 1 includes a server 10, a user terminal 20, and a service device 30. The server 10 is an authentication information generation device that generates authentication information used for authentication.

  The user terminal 20 is a device to be authenticated that makes an authentication request to the service device 30 using the authentication information generated by the server 10. Specifically, the user terminal 20 is a device used by the user, and corresponds to a device such as a smartphone. The user terminal 20 and the server 10 can transmit and receive information to and from each other via a network N such as a mobile communication network. A user terminal ID that is an identifier of the user terminal 20 is set in the user terminal 20.

  The service device 30 is an authentication device that performs authentication in response to an authentication request from the user terminal 20. For example, the service device 30 is a device that functions as a lock such as a car, a bicycle, a hotel room, or a locker. The service device 30 performs (physical) unlocking according to the authentication. Accordingly, the user terminal 20 functions as an unlock key for the service device 30. The user terminal 20 and the service device 30 can mutually transmit and receive information by short-range wireless communication using NFC (Near Field Communication). For example, the user can unlock the service device 30 by holding the user terminal 20 over the service device 30. The short-range wireless communication between the user terminal 20 and the service device 30 does not have to be performed by NFC, but may be performed by BLE (Bluetooth Low Energy (Bluetooth is a registered trademark)) or the like. A service device ID that is an identifier of the service device 30 is set in the service device 30.

  In the present embodiment, first, the user terminal 20 receives the first authentication from the service device 30 and receives the unlock key (corresponding information) from the service device 30. When unlocking the service device 30, the user terminal 20 receives the second authentication using the unlock key from the service device 30.

  Subsequently, functions of the server 10, the user terminal 20, and the service device 30 according to the present embodiment will be described. As illustrated in FIG. 1, the server 10 includes a generation side key storage unit 11, a generation side information acquisition unit 12, an authentication information generation unit 13, and a generation side transmission unit 14.

  The generation side key storage unit 11 is a functional unit that stores (3) a server private key that is a private key of the own device 10 and (4) a service device public key that is a public key of the service device 30. The public key and secret key of the server 10 and the public key and secret key of the service device 30 are generated and stored in advance. For example, it is generated when the server 10 and the service device 30 are manufactured or shipped. The generation may be performed in each of the server 10 and the service device 30, or may be performed in another device. When the secret key and the public key are generated in each of the server 10 and the service device 30, each public key is transmitted and received between the server 10 and the service device 30 in advance. The public key and private key of the server 10 and the public key and private key of the service device 30 are generated by a method capable of encryption and signature (digital signature). For example, it is generated by RSA. The generation-side key storage unit 11 stores (4) the service device public key stored in the service device 30 by associating the service device public key with the (2) service device ID of the service device 30. I know how.

  The generation-side information acquisition unit 12 is a functional unit that acquires (8) a personal authentication code, which is confidential information used to generate authentication information. The authentication information is (12) unlock key acquisition right transmission data used for authentication (first authentication described above) for the user terminal 20 to receive the unlock key from the service device 30. (12) The unlock key acquisition right transmission data is data obtained by encrypting (11) the unlock key acquisition right (information corresponding thereto) as will be described later. (8) The personal authentication code is, for example, a character or number having a predetermined number of characters (for example, four characters) that is set in advance by being randomly generated by the server 10.

  The generation-side information acquisition unit 12 also acquires an authenticated identifier that is an identifier corresponding to the user terminal 20 and an authentication identifier that is an identifier corresponding to the service device 30. The authenticated identifier is, for example, (1) a user terminal ID that is an identifier of the user terminal 20 set in advance for each user terminal 20. The authentication identifier is, for example, (2) a service device ID that is an identifier of the service device 30 set in advance for each service device 30. (1) User terminal ID and (2) service device ID are stored in advance in the corresponding user terminal 20 and service device 30, respectively.

  Specifically, for example, the generation-side information acquisition unit 12 acquires (8) a personal authentication code, (1) a user terminal ID, and (2) a service device ID as follows. The generation-side information acquisition unit 12 inputs a request for the right to cause the user terminal 20 to acquire the unlock key, that is, a request for acquiring the unlock key, which is a request for using the user terminal 20 as the unlock key of the service device 30. To do. The input may be performed by receiving the unlock key acquisition right request from a device other than the user terminal 20, or may be performed by other methods. The unlock key acquisition right request includes (1) the user terminal ID of the user terminal 20 that is the acquisition target of the unlock key, and (2) the service device ID of the service device 30 that is the source of the unlock key. It is done.

  The generation side information acquisition unit 12 randomly generates (8) a personal authentication code. The generation-side information acquisition unit 12 transmits the generated (8) personal authentication code to the user terminal 20 identified by the user terminal ID included in the unlock key acquisition right request (1). The transmission is performed by, for example, SMS (Short Message Service). The user terminal 20 receives and displays the transmitted (8) personal authentication code. The user of the user terminal 20 performs an operation of inputting the same (8) personal authentication code as the displayed (8) personal authentication code to the user terminal 20. The user terminal 20 receives the user's operation, (8) inputs the personal authentication code, and (8) enters the personal authentication code and the (1) user terminal ID of the own device 20 stored in the own device 20 as a server. 10 to send. The generation-side information acquisition unit 12 receives the transmitted (8) personal authentication code and (1) user terminal ID.

  The generation-side information acquisition unit 12 includes the received (8) personal authentication code and (1) user terminal ID and the transmitted (8) personal authentication code and the unlock key acquisition right request (1) user terminal The user authentication is performed by comparing with the ID. If the generation-side information acquisition unit 12 determines that they match, it is assumed that the user has been authenticated (authentication OK). If it is determined that they do not match, the generation-side information acquisition unit 12 determines that the user cannot be authenticated (authentication NG) and does not perform the subsequent processing. That is, if the user authentication can be performed, the unlock key acquisition right is subsequently generated. The generation-side information acquisition unit 12 outputs the (8) personal authentication code, (1) user terminal ID, and (2) service device ID acquired as described above to the authentication information generation unit 13.

  The authentication information generation unit 13 stores the (8) personal authentication code, (1) user terminal ID, and (2) service device ID acquired by the generation side information acquisition unit 12 by the generation side key storage unit 11. (3) This is a functional unit that performs signature using a server private key and (4) encryption using a service device public key, and (12) generates unlocking key acquisition right transmission data. Specifically, for example, the authentication information generation unit 13 generates (12) unlock key acquisition right transmission data as follows.

  The authentication information generation unit 13 inputs (8) a personal authentication code, (1) a user terminal ID, and (2) a service device ID from the generation side information acquisition unit 12. The authentication information generation unit 13 generates a random number (9) for generating the unlock key acquisition right. The authentication information generation unit 13 inputs (1) a user terminal ID, (2) a service device ID, (8) a personal authentication code, and (9) a random number into a hash function stored in advance, and calculates a hash value. Note that the hash function is shared in advance between the server 10 and the service device 30. (9) Random numbers are used in order to prevent the generated (11) unlock key acquisition right from being unique information. The authentication information generation unit 13 encrypts the calculated hash value using (3) the server private key, and (11) generates an unlock key acquisition right. (3) Encryption using the server private key corresponds to (3) a signature using the server private key. Note that (11) the unlock key acquisition right includes information indicating attributes such as the expiration date or the number of times of the unlock key, and the information is used for controlling the expiration date or the number of times of the unlock key. It is good as well.

  The authentication information generation unit 13 sets (8) the identity authentication code, (9) random number, (10) the common key for initial NFC communication encryption, and the generated (11) unlock key acquisition right to (2) service device ID. The corresponding (4) service device public key is used for encryption, and (12) unlock key acquisition right transmission data is generated. (10) The initial NFC communication encryption common key is a common key used for the first communication between the user terminal 20 and the service device 30 and is stored in the server 10 in advance. The authentication information generation unit 13 (2) Service device ID, (2) Service device public key corresponding to the service device ID, (10) Common key for initial NFC communication encryption, and (12) Unlock generated The key acquisition right transmission data is output to the generation side transmission unit 14.

  The generation side transmission unit 14 is a functional unit that transmits (12) unlock key acquisition right transmission data generated by the authentication information generation unit 13 to the user terminal 20. The generation-side transmission unit 14 receives, from the authentication information generation unit 13, (2) service device ID, (4) service device public key, (10) initial NFC communication encryption common key, and (12) unlock key acquisition right transmission data. Enter. The generation side transmission unit 14 transmits each input information to the user terminal 20 identified by (1) user terminal ID. That is, the generation-side transmission unit 14 distributes the key acquisition right to the user terminal 20.

  As shown in FIG. 1, the user terminal 20 includes an authenticated-side receiving unit 21, an authenticated-side information acquisition unit 22, and an authenticated-side transmitting unit 23.

  Authentication-side receiving unit 21 transmits (2) service device ID, (4) service device public key, (10) common key for initial NFC communication encryption, and (12) unlock key acquisition right transmission transmitted from server 10. It is a functional unit that receives data. The authenticated-side receiving unit 21 outputs each received information to the authenticated-side transmitting unit 23.

  The authenticated-side information acquisition unit 22 is a functional unit that acquires (8) a personal authentication code and (1) a user terminal ID. These acquisitions are performed when the user terminal 20 receives the first authentication from the service device 30, that is, when the unlock key is received from the service device 30.

  When the user terminal 20 and the service device 30 enter a range where short-range wireless communication by NFC is possible, that is, when the user terminal 20 is brought close to the service device 30 by the user, the authenticated-side information acquisition unit 22 The NFC detection notification transmitted from the device 30 is received. The service device 30 transmits an NFC detection notification periodically or when detecting that the user terminal 20 has entered the above range. The (2) service device ID of the service device 30 is included in the NFC detection notification. The authenticated-side transmitting unit 23 inputs the received (2) service device ID. When receiving the NFC detection notification, the to-be-authenticated information acquisition unit 22 requests the user to input (8) a personal authentication code. For example, the to-be-authenticated side information acquisition unit 22 performs (8) a display prompting the user to input a personal authentication code. In response to the request, the user of the user terminal 20 performs an operation of (8) inputting the personal authentication code into the user terminal 20. The authenticated-side information acquisition unit 22 receives a user operation (8) and acquires a personal authentication code.

  When the to-be-authenticated information acquisition unit 22 acquires (8) a personal authentication code, the user terminal 20 authenticates the service device 30. Authentication of the service device 30 is performed as follows. First, IV values (IV1, IV2) are exchanged between the user terminal 20 and the service device 30. The IV value is a random value generated each time in the user terminal 20 and the service device 30 when the service device 30 is authenticated. Further, the user terminal 20 generates a random number Rand different from the above. The user terminal 20 encrypts IV1, IV2, and Rand using the service device public key received by the authenticated-side receiving unit 21 and transmits the encrypted data to the service device 30.

  The service device 30 receives the encrypted information and decrypts it using the (4) ′ service device encryption key stored in advance. The service device 30 inputs IV1, IV2, Rand obtained by decryption into a hash function stored in advance, and calculates a hash value. Note that the hash function is shared in advance between the user terminal 20 and the service device 30. The service device 30 encrypts the calculated hash value using the (4) ′ service device encryption key and transmits the encrypted hash value to the user terminal 20.

  The user terminal 20 receives the encrypted information and (4) decrypts it using the service device public key. Further, the user terminal 20 inputs IV1, IV2, and Rand into a hash function that is previously shared and stored with the service device 30, and calculates a hash value. The user terminal 20 verifies the decrypted information and the calculated hash value. Specifically, the user terminal 20 determines whether or not they match. If it is determined that they match, the user terminal 20 performs the subsequent processing on the assumption that the service device 30 has been authenticated (authentication OK). If it is determined that they do not match, the user terminal 20 determines that the service device 30 has not been authenticated (authentication NG) and terminates the process between the user terminal 20 and the service device 30.

  When the service device 30 can be authenticated, the authenticated-side information acquisition unit 22 reads and acquires (1) the user terminal ID of the own device 20 stored in advance. The authenticated-side information acquisition unit 22 outputs the acquired (8) personal authentication code and (1) user terminal ID to the authenticated-side transmission unit 23.

  The authenticated-side transmitting unit 23 receives the (12) unlock key acquisition right transmission data received by the authenticated-side receiving unit 21, (8) the personal authentication code acquired by the authenticated-side information acquiring unit 22, and (1 ) A functional unit that transmits the user terminal ID to the service device 30 as a first authentication request, that is, an unlock key issue request.

  The authenticated-side transmitting unit 23 obtains (2) a service device ID, (4) a service device public key, (10) a common key for initial NFC communication encryption, and (12) an unlock key from the authenticated-side receiving unit 21. Enter the right transmission data. The authenticated-side transmitting unit 23 inputs (8) a personal authentication code and (1) a user terminal ID from the authenticated-side information acquiring unit 22. The to-be-authenticated transmission unit 23 inputs the service device ID included in the NFC detection notification (2). The authenticated-side transmission unit 23 identifies (2) the service device ID input from the authenticated-side reception unit 21 that matches the (2) service device ID included in the NFC detection notification. The authenticated-side transmission unit 23 sends the (2) service key ID corresponding to the (2) unlock key acquisition right transmission data, (8) the personal authentication code, and (1) the user terminal ID to the (2) service (4) Encrypt using the service device public key corresponding to the device ID to generate an unlock key issue request. The authenticated-side transmission unit 23 transmits the generated unlock key issuance request to the service device. As described above, the authenticated-side transmission unit 23 performs the transmission by short-range wireless communication.

  As shown in FIG. 1, the service device 30 includes an authentication side key storage unit 31, an authentication side reception unit 32, a secret information extraction unit 33, and an authentication processing unit 34.

  The authentication-side key storage unit 31 is a functional unit that stores the (4) ′ service device private key that is the private key of the own device 30 and the (3) ′ server public key that is the public key of the server 10. The secret key and public key are generated together with the secret key and public key stored in the server 10 and stored in the authentication side key storage unit 31.

  The authentication-side receiving unit 32 transmits (12) unlock key acquisition right transmission data, (8) identity authentication code, and (1) user transmitted from the user terminal 20 as the first authentication request, that is, the unlock key issue request. It is a functional unit that receives a terminal ID. As described above, the authentication-side receiving unit 32 performs the reception through short-range wireless communication. Specifically, the authentication-side receiving unit 32 receives (4) an unlock key issuance request that is information encrypted using the service device public key. The authentication-side receiving unit 32 outputs the received unlocking key issuance request to the confidential information extracting unit 33.

  The secret information extraction unit 33 uses the (4) ′ service device secret key stored in the authentication side key storage unit 31 for the (12) unlock key acquisition right transmission data received by the authentication side reception unit 32. The functional unit extracts (8) the identity authentication code, (1) the user terminal ID, and (2) the service device ID.

  The secret information extraction unit 33 inputs an unlock key issue request from the authentication side reception unit 32. The secret information extraction unit 33 decrypts the unlock key issue request using the (4) ′ service device secret key. By the decryption, (12) unlock key acquisition right transmission data, (8) personal authentication code, and (1) user terminal ID are obtained. Subsequently, the secret information extraction unit 33 decrypts the obtained (12) unlock key acquisition right transmission data using the (4) ′ service device secret key. By the decryption, (8) a personal authentication code, (9) a random number, (10) a common key for initial NFC communication encryption, and (11) an unlock key acquisition right are obtained (extracted). The secret information extraction unit 33 outputs each obtained information to the authentication processing unit 34.

  The authentication processing unit 34 checks the signature using the (3) ′ server public key on the (12) unlock key acquisition right transmission data received by the authentication side receiving unit 32 and uses the authentication side receiving unit 32 to check the signature. This is a functional unit that performs authentication using the received (8) personal authentication code and the (8) personal authentication code extracted by the confidential information extraction unit 33.

  The authentication processing unit 34 inputs information from the secret information extraction unit 33. The authentication processing unit 34 decrypts the inputted (11) unlock key acquisition right using the (3) ′ server public key. On the other hand, the authentication processing unit 34 reads and acquires the (2) service device ID of the own device 30 stored in advance. The authentication processing unit 34 decrypts the (8) personal authentication code and (1) user terminal ID, (12) the unlocking key acquisition right transmission data obtained by decrypting the unlocking key issuance request into the hash function stored in advance. The hash value is calculated by inputting (9) the random number obtained by (2) and the acquired (2) service device ID. The hash function is a hash function shared in advance between the server 10 and the service device 30 described above.

  The authentication processing unit 34 (11) information obtained by decrypting the unlock key acquisition right (that is, the hash value calculated from the information (1) (2) (8) (9) in the server 10) ) And the calculated hash value. If the authentication processing unit 34 determines that they match, it is assumed that the authenticity of the signed (11) right to acquire the unlocking key can be authenticated (authentication OK). If the authentication processing unit 34 determines that they do not match, the authentication of the user terminal 20 and the service device 30 indicates that the authenticity of the signed (11) unlock key acquisition right could not be authenticated (authentication NG). The process between them is terminated.

  When the authentication is successful, the authentication processing unit 34 generates (13) an unlock key which is second authentication information used for subsequent authentication of the user terminal 20, that is, second authentication. The authentication processing unit 34 inputs (1) the user terminal ID, (2) the service device ID, and (5) the unlock master key into the hash function stored in advance, calculates the hash value, and calculates the hash value (13 ) Use the unlock key. The hash function is a hash function set only in the service device 30, and is a hash function that is independent (different) from the hash function shared in advance with the other devices described above.

  Further, the authentication processing unit 34 inputs (1) the user terminal ID, (2) the service device ID, and (6) the NFC communication encryption common master key into the hash function, calculates a hash value, and calculates the hash The value is (14) a common key for NFC communication. Further, the authentication processing unit 34 inputs (1) a user terminal ID, (2) a service device ID, and (7) a service device authentication master key into the hash function, calculates a hash value, and calculates the hash value. (15) A service device authentication key is used. The above (5) unlock master key, (6) NFC communication encryption common master key, and (7) service device authentication master key are generated as random values when the service device 30 is initialized. , Information stored in advance in the service device 30.

  The authentication processing unit 34 uses the generated (13) unlock key, (14) NFC communication common key, and (15) service device authentication key, and (10) the initial NFC communication encryption common key. Encrypt. The authentication processing unit 34 transmits the (2) service device ID of the own device 30 and the encrypted information to the user terminal 20. The authentication processing unit 34 stores (1) the NFC communication common key and (15) the service device authentication key in the service device 30 in association with the user terminal ID.

  The user terminal 20 receives the transmitted information and (10) decrypts it using the initial NFC communication encryption common key. The user terminal 20 stores the decrypted information as information used at the time of unlocking.

  At the time of unlocking, the following processing is performed. For unlocking the service device 30, when the user terminal 20 and the service device 30 enter a range where short-range wireless communication by NFC is possible, that is, when the user brings the user terminal 20 close to the service device 30, the user The terminal 20 receives the NFC detection notification transmitted from the service device 30. The service device 30 transmits an NFC detection notification periodically or when detecting that the device has entered the above range. The NFC detection notification includes (2) the service device ID of the service device 30 and a random number 1 that is a random number generated at that time in the service device 30.

  The user terminal 20 receives the NFC detection notification and transmits (1) the user terminal ID of the own device 20 and the random number 2 that is a random number generated at that time in the user terminal 20 to the service device 30.

  The service device 30 receives (1) the user terminal ID and the random number 2. The service device 30 stores the random number 1, the random number 2, and the received (1) service device authentication key stored in association with the (1) user terminal ID. (14) Encryption is performed using a common key for NFC communication. The service device 30 transmits the encrypted information to the user terminal 20 as a service device authentication request.

  The user terminal 20 receives the service device authentication request. The user terminal 20 decrypts the received service device authentication request using (2) the NFC communication common key stored in association with the received (2) service device ID. The user terminal 20 compares (15) the service device authentication key obtained by decryption with (2) the service device authentication key stored in association with the service device ID (15). If the user terminal 20 determines that they match, it is assumed that the service device 30 has been authenticated (authentication OK). If it is determined that they do not match, the user terminal 20 determines that the service device 30 has not been authenticated (authentication NG) and terminates the process between the user terminal 20 and the service device 30.

  If the authentication is successful, the user terminal 20 corresponds to the random number 1, the random number 2, and the received (2) service device ID stored in association with the received (2) service key (2) corresponding to the service device ID. (14) Encryption is performed using a common key for NFC communication. The user terminal 20 transmits the encrypted information to the service device 30 as an unlock key authentication request.

  The service device 30 receives the unlock key authentication request. The service device 30 decrypts the received unlock key authentication request using the received (1) NFC communication common key stored in association with the user terminal ID (14). On the other hand, the service device 30 inputs (1) the user terminal ID, (2) the service device ID, and (5) the unlock master key into the hash function stored in advance when (13) the unlock key is generated. To calculate a hash value. The service device 30 compares (13) the unlock key obtained by decryption with the calculated hash value. If the service device 30 determines that they match, it is assumed that (13) the unlock key has been authenticated (authentication OK). The service device 30 (13) performs the above-described (physical) unlocking when the unlocking key can be authenticated. If it is determined that they do not match, the service device 30 determines that (13) the unlock key could not be authenticated (authentication NG), and does not perform (physical) unlock.

  The reason for using random number 1 and random number 2 in the unlocking process is to prevent impersonation of user terminal 20 and service device 30, respectively. If (13) the unlock key and (15) the service device authentication key are encrypted without including a random number, the encrypted data is always unique. As a result, if the encrypted unique data is leaked, a spoofing attack is performed by a third party who illegally obtained the unique data. By including the random number 1 and the random number 2 in the information to be encrypted, the encrypted data is not unique for each unlocking process, and a spoofing attack can be prevented. By including the random number 1, the service device 30 can confirm the validity of the user terminal 20. By including the random number 2, the user terminal 20 can confirm the validity of the service device 30.

  (13) When the user terminal 20 storing the unlock key is stolen or lost, the information on the service device 30 side is reset, and (13) the unlock key cannot be used. Also good. Specifically, (5) unlock master key, (6) NFC communication encryption common master key, (7) service device authentication master key, and (14) NFC communication common key stored in service device 30 And (15) deleting the service device authentication key from the service device 30. The erasure may be performed by an operation on the service device 30 or may be performed by transmitting a control signal to the service device 30 from the outside. In this case, (5) unlock master key, (6) NFC communication encryption common master key, and (7) service device authentication master key are newly set. (13) The unlock key, (14) the NFC communication common key, and (15) the service device authentication key may be generated by the processing described above.

  Also, (5) unlock master key, (6) NFC communication encryption common master key, (7) service device authentication master key, (13) unlock key, (14) NFC communication common key and (15 ) The service device authentication key may be updated periodically. The above is the function of the authentication system 1.

  Subsequently, processing (an operation method performed by the authentication system 1) executed in the authentication system 1 according to the present embodiment will be described with reference to the sequence diagrams of FIGS. First, processing executed when an unlock key is issued will be described with reference to the sequence diagram of FIG.

  In this process, first, in the server 10, an unlock key acquisition right request is input by the generation side information acquisition unit 12 (S01). The unlock key acquisition right request includes (1) a user terminal ID and (2) a service device ID. Subsequently, (8) a personal authentication code is generated by the generation side information acquisition unit 12 (S02). The generated (8) personal authentication code is transmitted from the generation side information acquisition unit 12 to the user terminal 20 identified by the user terminal ID included in the unlock key acquisition right request (S03). .

  In the user terminal 20, (8) in response to receiving the personal authentication code, (8) the personal authentication code is input by the user's operation (S04). The input (8) personal authentication code and (1) user terminal ID of the user terminal 20 are transmitted from the user terminal 20 to the server 10 (S05).

  Subsequently, in the server 10, the generating information acquisition unit 12 receives the received (8) personal authentication code and (1) user terminal ID and the transmitted (8) personal authentication code and the above-described unlocking key acquisition right request. User authentication is performed from the included (1) user terminal ID (S06). If user authentication can be performed, the following processing is performed.

  Next, in the server 10, the authentication information generation unit 13 generates (11) an unlock key acquisition right (S07). (11) The unlock key acquisition right is obtained by (1) user terminal ID, (2) service device ID, (8) identity authentication code and (9) hash value calculated from random number, (3) server secret key is Used to be encrypted. Subsequently, the authentication information generation unit 13 generates (12) unlock key acquisition right transmission data (S08). (12) Unlock key acquisition right transmission data includes (8) identity authentication code, (9) random number, (10) common key for initial NFC communication encryption, and (11) unlock key acquisition right is (2) service (4) The service device public key corresponding to the device ID is used to be encrypted and generated. Subsequently, (2) the service device ID, (4) the service device public key, (10) the common key for initial NFC communication encryption, and (12) the unlock key acquisition right transmission data are transmitted from the generation side transmission unit 14 to the user terminal 20. (S09). In the user terminal 20, the information is received by the authenticated-side receiving unit 21.

  Subsequently, when the user terminal 20 is brought close to the service device 30 by the user, the NFC detection notification transmitted from the service device 30 is received by the authenticated-side information acquisition unit 22 in the user terminal 20 (S10). The (2) service device ID of the service device 30 is included in the NFC detection notification. Subsequently, authentication processing of the service device 30 by the user terminal 20 is performed between the user terminal 20 and the service device 30 (S11). If service device authentication can be performed, the following processing is performed.

  Subsequently, in the user terminal 20, an unlock key issuance request is generated by the authenticated-side transmitting unit 23 and transmitted to the service device 30 (S12). The unlock key issue request includes (2) service device ID corresponding to (12) unlock key acquisition right transmission data, (8) identity authentication code and (1) user terminal ID. (4) The service device public key corresponding to is encrypted and generated.

  In the service device 30, the authentication side receiving unit 32 receives the unlock key issue request. Subsequently, the secret information extraction unit 33 extracts information from the unlock key issuance request (S13). Specifically, the unlock key issuance request is decrypted using (4) ′ service device private key, (12) unlock key acquisition right transmission data, (8) identity authentication code, and (1) user terminal. An ID is obtained. Also, the obtained (12) unlock key acquisition right transmission data is decrypted using the (4) ′ service device private key, and (8) the identity authentication code, (9) a random number, and (10) the initial NFC communication encryption. Common key and (11) unlock key acquisition right.

  Subsequently, the authentication processing unit 34 checks (12) the unlocking key acquisition right transmission data using the (3) ′ server public key and checks the signature and (8) the received personal authentication code and Authentication of the unlocking key acquisition right, that is, unlocking key issuance authentication is performed using the extracted (8) personal authentication code (S14). Specifically, (11) the unlock key acquisition right is (3) information decrypted using the 'server public key, and (8) the identity authentication code obtained by decrypting the unlock key issue request and ( (1) User terminal ID, (12) Unlock key acquisition right transmission data (9) Random number obtained by decryption, and (2) Hash value obtained from service device ID are compared to authenticate Done. If the authentication can be performed, the subsequent processing is performed.

  Subsequently, the authentication processing unit 34 generates (13) an unlock key (S15). Specifically, a hash value calculated from (1) user terminal ID, (2) service device ID, and (5) unlock master key is used as (13) unlock key. A hash value calculated from (1) the user terminal ID, (2) the service device ID, and (6) the NFC communication encryption common master key is used as the (14) NFC communication common key. A hash value calculated from (1) user terminal ID, (2) service device ID, and (7) service device authentication master key is used as (15) service device authentication key. The authentication processing unit 34 encrypts (13) the unlock key, (14) the NFC communication common key, and (15) the service device authentication key using (10) the initial NFC communication encryption common key. (2) It is transmitted to the user terminal 20 together with the service device ID (S16). In the service device 30, (1) a NFC communication common key and (15) a service device authentication key are stored in association with the user terminal ID. In the user terminal 20, the transmitted information is received and (10) decrypted and stored using the initial NFC communication encryption common key. The above is the processing executed when the unlock key is issued.

  Next, processing executed when unlocking is performed will be described using the sequence diagram of FIG. When the user terminal 20 is brought close to the service device 30 by the user for unlocking the service device 30, the user terminal 20 receives an NFC detection notification transmitted from the service device 30 (S21). The NFC detection notification includes (2) the service device ID of the service device 30 and the random number 1. Subsequently, the user terminal 20 receives the NFC detection notification, and (1) the user terminal ID and the random number 2 are transmitted to the service device 30 (S22). In the service device 30, (1) the user terminal ID and the random number 2 are received. Subsequently, the service device 30 stores the random number 1, the random number 2, and the received (1) user terminal ID in association with the received (1) service device authentication key (1) corresponds to the user terminal ID. (14) The encrypted common key for NFC communication is used for encryption. The encrypted information is transmitted from the service device 30 to the user terminal 20 as a service device authentication request (S23).

  The user terminal 20 receives the service device authentication request and authenticates the service device 30 based on the service device authentication request (S24). If service device authentication can be performed, the following processing is performed.

  Subsequently, the user terminal 20 stores the random number 1, the random number 2, and the received (2) service device ID in association with the received (13) unlock key in association with the (2) service device ID. The stored (14) NFC communication common key is used for encryption. The encrypted information is transmitted from the user terminal 20 to the service device 30 as an unlock key authentication request (S25).

  The service device 30 receives the unlock key authentication request and (13) authenticates the unlock key. Specifically, (1) the user terminal ID, (2) the service device ID, and (5) the hash value calculated from the unlocking master key and the unlocking key authentication request obtained by decrypting (13) unlocking Authentication is performed by comparing with the lock key. If the authentication can be performed, unlocking is performed by the service device 30 (S27). The above is the processing executed when unlocking is performed.

  In the present embodiment, by using the public key and the secret key of the server 10 and the service device 30, respectively, (8) the user authentication code as secret information is not stored in the service device 30 in advance from the user terminal 20. Authentication is performed from the transmitted authentication information (12) unlock key acquisition right transmission data and (8) personal authentication code. Therefore, according to this embodiment, highly secure authentication can be performed. Specifically, (8) it is possible to reduce the risk of leakage of the personal authentication code, thereby preventing impersonation of the user. Further, since the signature with the secret key is used for authentication, it is possible to prevent the unlocking key from being falsified and illegally generated. Note that the information exchanged between the server 10 and the service device 30 in advance is public information that does not cause a problem with respect to safety even if it is publicized.

  Moreover, since this embodiment can be easily realized, a secure and low-cost authentication system can be realized.

  Further, as in the present embodiment, after successful authentication using (12) unlock key acquisition right transmission data and (8) personal authentication code, the unlock key that is the second authentication information is generated. Further, it may be used for subsequent authentication of the user terminal 20. The service device 30 (4) 'decryption with the service device private key and (3)' checking the signature with the server public key has a large processing load and requires a relatively long time. Therefore, if it is set as the above-mentioned structure, it can avoid that the process which takes time each time at the time of unlocking is performed, and it can be set as a highly convenient system. However, it is not always necessary to generate the second authentication information, and it may be a system in which only (12) unlock key acquisition right transmission data and (8) authentication by a personal authentication code are performed.

  Moreover, it is good also as using user terminal ID for authentication like this embodiment. Thereby, impersonation of the user terminal 20 can be prevented and authentication with higher safety can be performed. However, it is not always necessary to use the user terminal ID for authentication.

  Further, as in the present embodiment, the service device ID may be used for authentication. Thereby, the use of the non-designated service device 30 can be prevented, and authentication with higher safety can be performed. However, the service device ID is not necessarily used for authentication.

  Further, as in the present embodiment, information may be exchanged between the user terminal 20 and the service device 30 by short-range wireless communication such as NFC. According to this configuration, the service device 30 does not need to have another communication function such as mobile communication, and authentication is performed even in a local environment where another communication such as mobile communication cannot be performed. It can be carried out.

  In addition, the block diagram used for description of the said embodiment has shown the block of the functional unit. These functional blocks (components) are realized by any combination of hardware and / or software. Further, the means for realizing each functional block is not particularly limited. That is, each functional block may be realized by one device physically and / or logically coupled, and two or more devices physically and / or logically separated may be directly and / or indirectly. (For example, wired and / or wireless) and may be realized by these plural devices.

  For example, the server 10, the user terminal 20, the service device 30, and the like according to an embodiment of the present invention may function as a computer that performs processing of the server 10, the user terminal 20, and the service device 30 according to the present embodiment. FIG. 4 is a diagram illustrating an example of a hardware configuration of the server 10, the user terminal 20, and the service device 30 according to the present embodiment. The server 10, the user terminal 20, and the service device 30 described above are physically configured as computer devices including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like. May be.

  In the following description, the term “apparatus” can be read as a circuit, a device, a unit, or the like. The hardware configuration of the server 10, the user terminal 20, and the service device 30 may be configured to include one or a plurality of each device illustrated in the figure, or may be configured not to include some devices. .

  Each function in the server 10, the user terminal 20, and the service device 30 is obtained by reading predetermined software (program) on hardware such as the processor 1001 and the memory 1002, so that the processor 1001 performs computation and communication by the communication device 1004 Alternatively, it is realized by controlling data reading and / or writing in the memory 1002 and the storage 1003.

  For example, the processor 1001 controls the entire computer by operating an operating system. The processor 1001 may be configured by a central processing unit (CPU) including an interface with peripheral devices, a control device, an arithmetic device, a register, and the like. For example, each functional unit of the server 10, the user terminal 20, and the service device 30 may be realized including the processor 1001.

  Further, the processor 1001 reads a program (program code), software module, and data from the storage 1003 and / or the communication device 1004 to the memory 1002, and executes various processes according to these. As the program, a program that causes a computer to execute at least a part of the operations described in the above embodiments is used. For example, each functional unit of the server 10, the user terminal 20, and the service device 30 may be realized by a control program stored in the memory 1002 and operated by the processor 1001, or may be realized similarly for other functional blocks. Good. Although the above-described various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001. The processor 1001 may be implemented by one or more chips. Note that the program may be transmitted from a network via a telecommunication line.

  The memory 1002 is a computer-readable recording medium and includes, for example, at least one of ROM (Read Only Memory), EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), RAM (Random Access Memory), and the like. May be. The memory 1002 may be called a register, a cache, a main memory (main storage device), or the like. The memory 1002 can store a program (program code), a software module, and the like that can be executed to perform the method according to the embodiment of the present invention.

  The storage 1003 is a computer-readable recording medium such as an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, a magneto-optical disk (for example, a compact disk, a digital versatile disk, a Blu-ray (Registered trademark) disk, smart card, flash memory (for example, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like. The storage 1003 may be referred to as an auxiliary storage device. The storage medium described above may be, for example, a database, server, or other suitable medium including the memory 1002 and / or the storage 1003.

  The communication device 1004 is hardware (transmission / reception device) for performing communication between computers via a wired and / or wireless network, and is also referred to as a network device, a network controller, a network card, a communication module, or the like. For example, the functional units of the server 10, the user terminal 20, and the service device 30 described above may be realized including the communication device 1004.

  The input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, or the like) that accepts an external input. The output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that performs output to the outside. The input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).

  Each device such as the processor 1001 and the memory 1002 is connected by a bus 1007 for communicating information. The bus 1007 may be configured with a single bus or may be configured with different buses between apparatuses.

  The functional units of the server 10, the user terminal 20, and the service device 30 are a microprocessor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a programmable logic device (PLD), and an FPGA (Field). Hardware such as a programmable gate array) may be included, and a part or all of each functional block may be realized by the hardware. For example, the processor 1001 may be implemented by at least one of these hardware.

  Although the present embodiment has been described in detail above, it will be apparent to those skilled in the art that the present embodiment is not limited to the embodiment described in this specification. The present embodiment can be implemented as a modification and change without departing from the spirit and scope of the present invention defined by the description of the scope of claims. Therefore, the description of the present specification is for illustrative purposes and does not have any limiting meaning to the present embodiment.

  The notification of information is not limited to the aspect / embodiment described in the present specification, and may be performed by other methods. For example, notification of information includes physical layer signaling (for example, DCI (Downlink Control Information), UCI (Uplink Control Information)), upper layer signaling (for example, RRC (Radio Resource Control) signaling, MAC (Medium Access Control) signaling), It may be implemented by broadcast information (MIB (Master Information Block), SIB (System Information Block))), other signals, or a combination thereof. Further, the RRC signaling may be referred to as an RRC message, and may be, for example, an RRC connection setup message, an RRC connection reconfiguration message, or the like.

  Each aspect / embodiment described herein includes LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G, 5G, FRA (Future Radio Access), W-CDMA. (Registered trademark), GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, UWB (Ultra-WideBand), The present invention may be applied to a Bluetooth (registered trademark), a system using another appropriate system, and / or a next generation system extended based on the system.

  As long as there is no contradiction, the order of the processing procedures, sequences, flowcharts, and the like of each aspect / embodiment described in this specification may be changed. For example, the methods described herein present the elements of the various steps in an exemplary order and are not limited to the specific order presented.

  Information or the like can be output from the upper layer (or lower layer) to the lower layer (or upper layer). Input / output may be performed via a plurality of network nodes.

  Input / output information and the like may be stored in a specific location (for example, a memory) or may be managed by a management table. Input / output information and the like can be overwritten, updated, or additionally written. The output information or the like may be deleted. The input information or the like may be transmitted to another device.

  The determination may be performed by a value represented by 1 bit (0 or 1), may be performed by a true / false value (Boolean: true or false), or may be performed by comparing numerical values (for example, a predetermined value) Comparison with the value).

  Each aspect / embodiment described in this specification may be used independently, may be used in combination, or may be switched according to execution. In addition, notification of predetermined information (for example, notification of being “X”) is not limited to explicitly performed, but is performed implicitly (for example, notification of the predetermined information is not performed). Also good.

  Software, whether it is called software, firmware, middleware, microcode, hardware description language, or other names, instructions, instruction sets, codes, code segments, program codes, programs, subprograms, software modules , Applications, software applications, software packages, routines, subroutines, objects, executable files, execution threads, procedures, functions, etc. should be interpreted broadly.

  Also, software, instructions, etc. may be transmitted / received via a transmission medium. For example, software may use websites, servers, or other devices using wired technology such as coaxial cable, fiber optic cable, twisted pair and digital subscriber line (DSL) and / or wireless technology such as infrared, wireless and microwave. When transmitted from a remote source, these wired and / or wireless technologies are included within the definition of transmission media.

  Information, signals, etc. described herein may be represented using any of a variety of different technologies. For example, data, commands, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description are voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields or photons, or any of these May be represented by a combination of

  Note that the terms described in this specification and / or terms necessary for understanding this specification may be replaced with terms having the same or similar meaning. For example, the channel and / or symbol may be a signal. The signal may be a message. Further, the component carrier (CC) may be called a carrier frequency, a cell, or the like.

  As used herein, the terms “system” and “network” are used interchangeably.

  In addition, information, parameters, and the like described in this specification may be represented by absolute values, may be represented by relative values from a predetermined value, or may be represented by other corresponding information. . For example, the radio resource may be indicated by an index.

  The names used for the parameters described above are not limiting in any way. Further, mathematical formulas and the like that use these parameters may differ from those explicitly disclosed herein. Since various channels (eg, PUCCH, PDCCH, etc.) and information elements (eg, TPC, etc.) can be identified by any suitable name, the various names assigned to these various channels and information elements are However, it is not limited.

  A mobile communication terminal is defined by those skilled in the art as a subscriber station, mobile unit, subscriber unit, wireless unit, remote unit, mobile device, wireless device, wireless communication device, remote device, mobile subscriber station, access terminal, mobile terminal, It may also be referred to as a wireless terminal, remote terminal, handset, user agent, mobile client, client, or some other appropriate terminology.

  As used herein, the terms “determining” and “determining” may encompass a wide variety of actions. “Judgment”, “decision” can be, for example, calculating, computing, processing, deriving, investigating, looking up (eg, table, database or another (Searching in the data structure), and confirming (ascertaining) what has been confirmed may be considered as “determining” or “determining”. In addition, “determination” and “determination” include receiving (for example, receiving information), transmitting (for example, transmitting information), input (input), output (output), and access. (accessing) (e.g., accessing data in a memory) may be considered as "determined" or "determined". In addition, “determination” and “decision” means that “resolving”, “selecting”, “choosing”, “establishing”, and “comparing” are regarded as “determining” and “deciding”. May be included. In other words, “determination” and “determination” may include considering some operation as “determination” and “determination”.

  The terms “connected”, “coupled”, or any variation thereof, means any direct or indirect connection or coupling between two or more elements and It can include the presence of one or more intermediate elements between two “connected” or “coupled” elements. The coupling or connection between the elements may be physical, logical, or a combination thereof. As used herein, the two elements are radio frequency by using one or more wires, cables and / or printed electrical connections, and as some non-limiting and non-inclusive examples By using electromagnetic energy, such as electromagnetic energy having a wavelength in the region, microwave region, and light (both visible and invisible) region, it can be considered to be “connected” or “coupled” to each other.

  As used herein, the phrase “based on” does not mean “based only on,” unless expressly specified otherwise. In other words, the phrase “based on” means both “based only on” and “based at least on.”

  Where the designation "first", "second", etc. is used herein, any reference to that element does not generally limit the amount or order of those elements. These designations can be used herein as a convenient way to distinguish between two or more elements. Thus, a reference to the first and second elements does not mean that only two elements can be employed there, or that in some way the first element must precede the second element.

  These terms are similar to the term “comprising” as long as “include”, “including” and variations thereof are used herein or in the claims. It is intended to be comprehensive. Furthermore, the term “or” as used herein or in the claims is not intended to be an exclusive OR.

  In this specification, a plurality of devices are also included unless there is only one device that is clearly present in context or technically. Throughout this disclosure, the plural is included unless the context clearly indicates one.

  DESCRIPTION OF SYMBOLS 1 ... Authentication system, 10 ... Server, 11 ... Generation side key storage part, 12 ... Generation side information acquisition part, 13 ... Authentication information generation part, 14 ... Generation side transmission part, 20 ... User terminal, 21 ... Authentication side reception , 22 ... Authentication-side information acquisition unit, 23 ... Authentication-side transmission unit, 30 ... Service device, 31 ... Authentication-side key storage unit, 32 ... Authentication-side reception unit, 33 ... Secret information extraction unit, 34 ... Authentication processing Part 1001... Processor 1002 memory 1003 storage 1004 communication device 1005 input device 1006 output device 1007 bus N network

Claims (8)

An authentication system including an authenticated device that performs an authentication request, an authentication device that performs authentication in response to the authentication request, and an authentication information generation device that generates authentication information used for the authentication,
The authentication information generation device includes:
A generation-side key storage unit that stores a private key of the own device and a public key of the authentication device;
A generation-side information acquisition unit that acquires confidential information used to generate authentication information;
The secret information acquired by the generation side information acquisition unit is encrypted using the signature using the private key of the own device stored by the generation side key storage unit and the public key of the authentication device. An authentication information generation unit for generating authentication information
A generation side transmission unit that transmits the authentication information generated by the authentication information generation unit to the device to be authenticated,
The device to be authenticated is
An authenticated-side receiving unit that receives authentication information transmitted from the authentication information generating device;
An authenticated-side information acquisition unit that acquires confidential information;
An authentication-side transmitting unit that transmits the authentication information received by the authenticated-side receiving unit and the confidential information acquired by the authenticated-side information acquiring unit to the authenticating device as an authentication request,
The authentication device
An authentication-side key storage unit that stores a private key of the own device and a public key of the authentication information generation device;
An authentication-side receiving unit that receives authentication information and confidential information transmitted as an authentication request from the device to be authenticated;
A secret information extraction unit that decrypts the authentication information received by the authentication side reception unit using the private key of the own device stored in the authentication side key storage unit and extracts confidential information;
The authentication information received by the authentication-side receiving unit is checked by using the public key of the authentication information generating device and the secret information received by the authentication-side receiving unit and extracted by the secret information extracting unit An authentication system comprising: an authentication processing unit that performs authentication using the confidential information.   The authentication system according to claim 1, wherein, when the authentication is successful, the authentication processing unit generates second authentication information used for subsequent authentication of the device to be authenticated. The generation side information acquisition unit also acquires an authenticated identifier that is an identifier corresponding to the authenticated device,
The authentication information generation unit performs encryption using the public key of the authentication device stored by the generation side key storage unit for the confidential information and the authenticated identifier acquired by the information acquisition unit,
The authenticated side information acquisition unit acquires the authenticated identifier,
The authentication information received by the authenticated side receiving unit, and the confidential information and the authenticated identifier acquired by the authenticated side information acquiring unit are transmitted to the authentication device as an authentication request,
The authentication-side receiving unit receives authentication information, confidential information, and an authenticated identifier transmitted as an authentication request from the authenticated device,
The secret information extracting unit extracts the secret information and the authenticated identifier by decrypting the authentication information received by the authenticating-side receiving unit using the secret key of the own device,
The authentication processing unit performs authentication using the confidential information and the authenticated identifier received by the authenticating-side receiving unit and the confidential information and the authenticated identifier extracted by the confidential information extracting unit. The authentication system described in. The generation side information acquisition unit also acquires an authentication identifier that is an identifier corresponding to the authentication device,
The authentication information generation unit performs encryption using the public key of the authentication device stored by the generation side key storage unit for the confidential information and the authentication identifier acquired by the information acquisition unit,
The secret information extraction unit extracts the secret information and the authentication identifier by decrypting the authentication information received by the authentication side reception unit using the secret key of the own device,
The authentication processing unit performs authentication using the confidential information received by the authentication-side receiving unit and the authentication identifier stored in advance in the device itself and the confidential information and authentication identifier extracted by the confidential information extracting unit. The authentication system according to any one of claims 1 to 3.   The authentication system according to any one of claims 1 to 4, wherein the authentication-side receiving unit receives authentication information and confidential information by short-range wireless communication. An authentication information generation device included in an authentication system including an authentication target device that makes an authentication request, an authentication device that performs authentication in response to the authentication request, and an authentication information generation device that generates authentication information used for the authentication. And
A generation-side key storage unit that stores a private key of the own device and a public key of the authentication device;
A generation-side information acquisition unit that acquires confidential information used to generate authentication information;
The secret information acquired by the generation side information acquisition unit is encrypted using the signature using the private key of the own device stored by the generation side key storage unit and the public key of the authentication device. An authentication information generation unit for generating authentication information
A generation-side transmitter that transmits the authentication information generated by the authentication information generator to the device to be authenticated;
An authentication information generating apparatus comprising: An authenticated device included in an authentication system including an authenticated device that performs an authentication request, an authentication device that performs authentication in response to the authentication request, and an authentication information generation device that generates authentication information used for the authentication. ,
An authenticated-side receiving unit that receives authentication information transmitted from the authentication information generating device;
An authenticated-side information acquisition unit that acquires confidential information;
An authentication-side transmitting unit that transmits the authentication information received by the authenticated-side receiving unit and the confidential information acquired by the authenticated-side information acquiring unit to the authenticating device as an authentication request;
A device to be authenticated. An authentication device included in an authentication system including an authenticated device that performs an authentication request, an authentication device that performs authentication in response to the authentication request, and an authentication information generation device that generates authentication information used for the authentication,
An authentication-side key storage unit that stores a private key of the own device and a public key of the authentication information generation device;
An authentication-side receiving unit that receives authentication information and confidential information transmitted as an authentication request from the device to be authenticated;
A secret information extraction unit that decrypts the authentication information received by the authentication side reception unit using the private key of the own device stored in the authentication side key storage unit and extracts confidential information;
The authentication information received by the authentication-side receiving unit is checked by using the public key of the authentication information generating device and the secret information received by the authentication-side receiving unit and extracted by the secret information extracting unit An authentication processing unit that performs authentication using the confidential information that has been
An authentication device comprising:

Images