JP2003101530A - Authentication system, and mobile authentication system by narrow area radio communication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system which can conduct authentication in a communication environment difficult to secure a communication time, in particular, can receive a number of services whose security is guaranteed even in a traveling vehicle, along with making the most use of limited commutation resources of LAN such as DSRC (dedicated short range communications). SOLUTION: Prior to communication, a random number is generated at an authenticating device, a common key and an encryption common key are generated, and the encryption common key is appended with an electronic signature at a device to be authenticated. During communication for authentication, the random number is transmitted by a transmission means of the authenticating device, then the random number is received by a reception means of the device to be authenticated, the random number is encrypted using the common key by an encryption means of the device to be authenticated, and the encryption common key appended with the electronic signature and the encrypted random number are transmitted by a transmission means of the device to be authenticated.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication system using a public key cryptosystem and a common key cryptosystem, and more particularly to an ITS (Intelligent Transpo).
The present invention relates to a mobile body authentication system by narrow-range wireless communication used in rt System) or the like.

[0002]

2. Description of the Related Art Currently, ITS (Intelligent Transport System)
In the case of DSRC (Dedic
aged Short Range Communic
The provision of services using these services is considered to be influential. In the communication between the vehicle and the roadside device (roadside wireless base station) by the DSRC, high speed traveling is performed due to the relationship between the DSRC communication area (tens of meters) and the vehicle speed (tens of km / h) (see FIG. 5). At times, it is possible to secure communication time of only a few hundred ms, and in order to provide services such as payment and membership services using DSRC, spatially, spot-wise and discontinuous communication are combined to provide these services. A mechanism to realize is required. In addition, in order to provide such services, it is necessary to ensure security by preventing impersonation and data tampering.

As a method of authenticating a communication partner which is generally used at present, Challenge & Responses is used.
The method e is widely used. Where this Ch
An outline of communication partner authentication processing (when A authenticates B) by allenge & Response will be described (see FIG. 6).

First, A generates a random number R1 (t
01). Then, the generated random number R1 is transmitted to B (t
02). Next, when B receives the random number R1 from A, the random number R1 is encrypted with the secret key of B to generate CR1 (t03). Then, B sends the encrypted random number CR1 to A
To (t04). Next, when A receives the encrypted random number CR1 from B, the received data CR1 is decrypted by the public key of B to obtain the restored random number data R1 ′ (t0
5). Then, it is confirmed whether or not the restored random number data R1 ′ matches the original random number R1 (t06). Here, if R1 ′ and R1 match, it is found that B possesses the private key corresponding to B's public key, and A can authenticate B. The thick lines in the figure are the processes (t02 to t04) that need to be performed during communication in one communication area.

In this way, the conventional Challenge &
In the authentication processing by Response, using the public key cryptosystem, B encrypts the random number generated by A with its own secret key and returns the encrypted random number, and A transmits the encrypted random number that A returns to B. The communication partner is authenticated by decrypting using the key and confirming that the communication partner has the secret key of B by checking the match between the data and the original random number.

[0006]

However, at present, the encryption with the secret key in the public key cryptosystem is 100.
It requires a processing time of about ms, which makes it difficult to apply to DSRC communication. As mentioned above, DSRC
However, since it is spatially, spotwise and discontinuous wireless communication, in order to authenticate the communication partner or transmit / receive the encrypted telegram using DSRC communication, several tens of
A mechanism to complete communication for authentication or transmission / reception of encrypted telegram in ms is required.

The present invention has been made in view of the above points, and provides an authentication system capable of reducing the processing time of authentication processing by Challenge & Response in order to perform authentication in a communication environment in which it is difficult to secure communication time. Yes, especially in order to make the most effective use of limited communication resources of narrow-range wireless communication such as DSRC as much as possible, and also to enable many vehicles with security to enjoy many services in a narrow range. A mobile body authentication system by wireless communication is provided.

[0008]

In the authentication system of the present invention, in the authentication system using the public key cryptosystem and the common key cryptosystem, the device to be authenticated has a unit for generating a common key and the public side of the authentication side. A means for generating an encrypted common key by encrypting the common key with a key, and an electronic signature obtained by encrypting a hash value of the encrypted common key with the private key of the authenticated side is added to the encrypted common key. Means, a receiving means for receiving a random number from the authentication side device, an encrypting means for encrypting the received random number with the common key, an encrypted common key with the digital signature added, and an encrypted random number. The authenticating device includes means for generating a random number, transmitting means for transmitting the random number to the device to be authenticated, and encryption to which a digital signature is added from the device to be authenticated. Encrypted common key and encrypted random number Receiving means for receiving, and a decrypting means for verifying the electronic signature from the encrypted common key added with the electronic signature received from the device to be authenticated, and for decrypting the encrypted common key with the private key of the authentication side. A verification unit that decrypts the encrypted random number received from the device to be authenticated with the decrypted common key, compares the decrypted random number with the original random number, and verifies whether they match. Is characterized by.

In the authentication system of the present invention, a random number is generated in advance in the authentication side device, and the common key and the encrypted common key are generated and the electronic signature is added in the authenticated device. During communication for authentication, the random number is transmitted by the transmitting means of the authentication side device, and the random number is received by the receiving means of the authenticated side device,
The random number is encrypted by using the common key by the encryption means of the device to be authenticated, and the encrypted common key to which the electronic signature is added by the transmission means of the device to be authenticated and the encrypted random number to the authentication device. It is characterized in that only transmission is executed.

Further, according to the present invention, in the mobile body authentication system by the short range wireless communication, the device to be authenticated has a means for generating a common key and an encryption common which encrypts the common key with the public key of the authentication side. Means for generating a key, means for adding an electronic signature obtained by encrypting the hash value of the encrypted common key with the private key of the authenticated side to the encrypted common key, and receiving a random number from the authentication side device Means, encryption means for encrypting the received random number with the common key, and transmission means for transmitting the encrypted common key to which the electronic signature is added and the encrypted random number to the authentication side device. The authenticating device receives a means for generating a random number, a transmitting device for transmitting the random number to the authenticated device, and an encrypted common key with an electronic signature and an encrypted random number from the authenticated device. Receiving means and receiving from the device to be authenticated The electronic signature is verified from the encrypted common key to which the digital signature is added, and the decryption means for decrypting the encrypted common key with the private key of the authentication side and the encrypted received from the device to be authenticated. It is characterized by further comprising: a verification unit that decrypts the random number with the decrypted common key, compares the decrypted random number with the original random number, and verifies whether they match.

Further, the present invention is an authentication side device in a mobile body authentication system using short range wireless communication according to claim 3, wherein the authentication side device is mounted on a vehicle in a network including an ITS (Intelligent Transport System). It is characterized by being incorporated in a gateway server that relays data transmission and reception between a server that provides services to terminals and an in-vehicle terminal.

Further, the present invention is a device to be authenticated in the mobile body authentication system according to claim 3 which is a vehicle-mounted terminal in an ITS (Intelligent Transport System). It is characterized by being incorporated into.

Further, the device to be authenticated includes a procedure for generating a common key and a cipher code obtained by encrypting the common key with the public key of the authenticating side, as a procedure executed at the time of communication for authentication. For authenticating the encrypted common key, and a step of adding an electronic signature obtained by encrypting the hash value of the encrypted common key with the private key of the authenticated side to the encrypted common key. As a procedure executed at the time of communication, a procedure of receiving a random number from the authenticating side, a procedure of encrypting the received random number with the common key, an encrypted common key with the digital signature added, and an encrypted random number. May be realized by installing a program including a procedure of transmitting to the authenticating side in a communicable computer.

Further, the authentication side apparatus executes a random number generation procedure and an encrypted common key added with an electronic signature received from the authentication side, as a procedure to be executed at times other than communication for authentication. The procedure of verifying the electronic signature and further decrypting the encrypted common key with the private key of the authenticating side, and the encrypted random number received from the authenticated side with the decrypted common key A step of comparing the decrypted random number with the original random number and verifying whether they match, and a step of transmitting the random number to a side to be authenticated as a step executed at the time of communication for authentication. It may be realized by installing a program including a procedure for receiving an encrypted common key to which an electronic signature is added and an encrypted random number from a party to be authenticated in a communicable computer.

[0015]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. First, an outline of the mobile body authentication system according to the present embodiment will be described.

As described above, in narrow-range wireless communication, the communication range (communicable area) is as narrow as several tens of meters,
In addition, the available communication time between the vehicle, which is a moving mobile object, and the roadside device by this short-range wireless communication is limited. The mobile authentication system according to the present embodiment enables various services to be enjoyed by a running vehicle in such a communication environment. When providing services to running vehicles using short-range wireless communication, communication time is restricted as described above, but especially services involving payment and membership services provided only to registered members In addition to the time required to provide the service itself, etc., since the user authentication process is generally involved, the processing time for the authentication process is also required.

Therefore, in the mobile authentication system according to the present embodiment, the processes executed during the communication time are minimized, that is, the processes that do not need to be processed during the communication time are times other than the communication time. Challenge & Respo, which is usually performed during communication time.
Instead of the private key encryption of the public key cryptosystem used in the authentication processing by the nse, the common key encryption with a shorter processing time is performed to reduce the number of wireless communication and to perform wireless communication for authentication. It shortens the communication time and maximizes the effective use of communication resources for short-range wireless communication. In addition, since this common key can be used for encryption and decryption of telegrams other than during wireless communication, and encrypted communication can be performed during wireless communication by short-range wireless communication, similarly, communication resources for encrypted communication are also available. It is possible to reduce the consumption of data and to secure the security for the transmitted and received telegrams.

The overall structure of the mobile unit authentication system according to the embodiment of the present invention will be described (see FIGS. 1 to 3).

The mobile authentication system according to the present embodiment is an ITS-compatible in-vehicle terminal 4 mounted on a vehicle and a server that provides a service to the in-vehicle terminal 4 via an ITS network (a network constructed by ITS). And a gateway server (hereinafter, referred to as a gateway) 1 that relays transmission and reception of data between the vehicle-mounted terminal 4 and the vehicle-mounted terminal 4. Certification and I
Performs a connection to a server in the TS network. In addition, in the present embodiment, the gateway 1 includes the vehicle-mounted terminal 4
The relay is performed between the server in the ITS network and the server in the ITS network, but may be further relayed between the vehicle-mounted terminal 4 and an external server on the Internet. In this case, an SSL (Secure Socket Layer) is provided between the gateway 1 and an external server on the Internet.
By performing the encrypted communication according to r), it is possible to secure security and maintain compatibility with existing systems and versatility.

Next, the configuration of the gateway 1 of this embodiment will be described with reference to FIG.

In FIG. 2, reference numeral 2a is a random number generator, which generates a random number for each object to be authenticated (device to be authenticated). Reference numeral 2b is a transmission unit, which transmits a random number generated by the random number generation unit 2a or other electronic message in accordance with a request such as a connection request from the vehicle side for communication (not shown).
Also, it is transmitted to the vehicle to be authenticated via the ITS network and its roadside device. Reference numeral 2c is a receiving unit, which receives an encrypted common key to which an electronic signature is added, an encrypted random number, and other electronic texts sent from a vehicle-mounted terminal (device to be authenticated) 4 described later.

Reference numeral 2d is a common key decryption unit, which decrypts the received encrypted common key with the private key of the gateway 1 itself which is the authenticating side. The encrypted common key is the common key encrypted in the vehicle-mounted terminal 4 on the authenticated side by using the public key of the gateway 1.

Reference numeral 2e is an electronic signature verification unit, which verifies the electronic signature from the encrypted common key to which the electronic signature received from the vehicle-mounted terminal 4 is added, and the encrypted common key is surely the target authenticated side. It is confirmed whether it is from the in-vehicle terminal 4. The electronic signature is obtained by applying a hash function to the encrypted common key in the vehicle-mounted terminal 4 on the authenticated side to obtain a hash value, and encrypting the hash value using the private key on the authenticated side.

The electronic signature verification unit 2e decrypts this electronic signature using the public key of the authenticated side, and uses the decrypted hash value and the encrypted common key received with the electronic signature on the authenticated side. The hash function and the hash value obtained by applying the same hash function are compared to determine whether they match. If they match in this determination, it is confirmed that the vehicle-mounted terminal 4 that has transmitted the electronic signature surely generated this encrypted common key. The public key cryptosystem may be, for example, Rivest, Shamir, or Adlem.
It can be implemented using a method such as the "RSA method" by an. Further, the public key of the authenticated side is registered in the storage unit 3 below in advance.

The code 2f is a random number decoding unit,
The encrypted random number returned from the vehicle-mounted terminal 4, which is the authenticated side, is decrypted using the common key decrypted by the common key decryption unit 2d. The encrypted random number returned from the vehicle-mounted terminal 4 is the random number sent from the gateway 1 to the vehicle-mounted terminal 4,
It is encrypted in the vehicle-mounted terminal 4 using a common key.

Further, reference numeral 2g is a random number verification unit, which compares the original random number transmitted to the vehicle-mounted terminal 4 which is the authenticated side with the random number decoded by the random number decoding unit 2f, and determines whether they match. judge. If they match in this determination, it is confirmed that the vehicle-mounted terminal 4 that has returned the encrypted random number is certainly the device to be authenticated to which the random number is transmitted. The code 2h is a telegram encryption / decryption unit, which uses a common key to encrypt the telegram to be transmitted and decrypt the received telegram.

Reference numeral 3 is a storage unit that stores the common key received from the authenticated side and the public key of the authenticated side registered in advance for each user, and further stores the public key of the gateway 1 itself and Store private key and other data.

Next, the configuration of the vehicle-mounted terminal 4 of this embodiment will be described with reference to FIG.

In FIG. 3, reference numeral 5a is a common key generation unit, which generates a common key by the common key cryptosystem. As this common key cryptosystem, for example, "DES (Data
Encryption standard method "is known, and a common key is generated based on such a method. Note that this common key may be generated each time authentication is performed. Reference numeral 5b is an encrypted common key generation unit, which encrypts the common key generated by the common key generation unit 5a using the public key of the gateway 1 on the authentication side to generate an encrypted common key. This is except for the in-vehicle terminal 4, except for the gateway 1 on the authentication side,
This is so that this common key cannot be used. The public key on the authentication side is registered in the storage unit 6 below in advance.

Reference numeral 5c is an electronic signature unit, which applies a hash function to the encrypted common key generated by the encrypted common key generation unit 5b to obtain its hash value, and this hash value is used by the vehicle-mounted terminal 4 concerned. An encrypted digital signature is generated using its own private key, and this digital signature is added to the encrypted common key. Even if the digital signature generated here and added to the encrypted common key is integrated with the encrypted common key, it should be data different from the encrypted common key and used in combination with the encrypted common key. Good. The electronic signature is for certifying that the encrypted common key to which the electronic signature is added is surely generated by the vehicle-mounted terminal 4.

Reference numeral 5d is a receiving unit, which receives a random number sent from the gateway 1 or a telegram such as data or response sent from the ITS network. Further, reference numeral 5e is a random number encryption unit, which encrypts the random number received by the reception unit 5d using the common key generated by the common key generation unit 5a to generate an encrypted random number. Also, reference numeral 5f
Is a transmission unit, and transmits to the gateway 1 the encrypted common key to which the encrypted random number generated by the random number encryption unit 5e and the electronic signature are added, or other message (connection request, ...). Reference numeral 5g is a telegram encryption / decryption unit,
By using the common key, other messages to be transmitted are encrypted and the received messages are decrypted.

Reference numeral 6 denotes a storage unit, which is a common key generated by the common key generation unit 5a, a public key and a secret key of the vehicle-mounted terminal 4 itself, and data such as a public key of the authenticating side which is stored in advance. Store other data.

In the gateway 1, the random number generator 2a, the transmitter 2b, the receiver 2c, and the common key decryptor 2 are included.
Each of the d, the electronic signature verification unit 2e, the random number decryption unit 2f, the random number verification unit 2g, and the electronic message encryption / decryption unit 2h is implemented as a function of the processing unit 2, and in the vehicle-mounted terminal 4, the common key generation unit. 5a, encrypted common key generation unit 5b, electronic signature unit 5
Each of the c, the receiving unit 5d, the random number encrypting unit 5e, the transmitting unit 5f, and the message encrypting / decrypting unit 5g is implemented as a function of the processing unit 5. Then, the processing units 2 and 5
Is composed of a memory, a CPU (central processing unit), etc., and the function is realized by loading a program (not shown) for realizing each function of the processing units 2 and 4 into the memory and executing the program. Shall be.

The storage units 3 and 6 are EEPROM (E
electrically Erasable Prog
Ramble Read-Only Memor
y), a hard disk, a magneto-optical disk, or other non-volatile recording device, and the gateway 1 and the vehicle-mounted terminal 4 are connected to an input device, a display device, and the like (none of which are shown) as peripheral devices. To do. Here, the input device refers to an input device such as a keyboard, a mouse and a touch panel. What is a display device? CRT (Catho
de Ray Tube), a liquid crystal display device, and the like.

The gateway 1 is provided with a communication interface for communicating with the ITS network (including a server that provides a service to the vehicle-mounted terminal 4), and the roadside device included in the ITS network and the vehicle-mounted terminal 4 are provided. Are capable of wireless communication by DSRC (Short Range Wireless Communication). Further, the normal communication procedure between the vehicle-mounted terminal 4 and the roadside device is performed based on the DSRC communication protocol.

Next, the operation of the gateway 1 and the vehicle-mounted terminal 4 of this embodiment configured as described above will be described with reference to FIG.
Will be explained. In the following, particularly, the authentication process when the gateway 1 authenticates the vehicle-mounted terminal 4 or the user thereof will be described, and the description of the process related to the normal wireless communication compliant with ITS and DSRC will be omitted.

First, the gateway 1 generates a random number R1 (t11). On the other hand, the vehicle-mounted terminal 4 generates the common key K1 (t12). Furthermore, the in-vehicle terminal 4 uses the common key K
1 is encrypted with the public key of the gateway 1 to generate an encrypted common key CK1 (t13). Furthermore, the in-vehicle terminal 4
For the encrypted common key CK1, the electronic signature Sig is obtained using the hash function and the private key of the vehicle-mounted terminal 4 as described above.
1 is generated and added to the encrypted common key CK1 (t1
4). The processes of the gateway 1 and the vehicle-mounted terminal 4 described above are executed at times other than during wireless communication by narrow-range wireless communication.

Next, a connection request is transmitted from the vehicle-mounted terminal 4 for authentication (t15), and when the gateway 1 and the vehicle-mounted terminal 4 are connected by the short range wireless communication via the roadside device, the gateway 1 In response to the connection request for authentication from the vehicle-mounted terminal 4, the vehicle-mounted terminal 4 is designated as the destination, and the previously generated random number R1 is transmitted (t16). The connection request here includes identification information that identifies the in-vehicle terminal 4. Hereinafter, from the vehicle-mounted terminal 4 to the gateway 1,
Alternatively, the data transmitted from the gateway 1 to the in-vehicle terminal 4 is added with the identification information for identifying the transmission side and the information for identifying the type of data to be transmitted, and based on these information, the sender's The identification and the type of transmitted data shall be identified. In addition, since this connection request is to start wireless communication, the short-range wireless communication is spatially spot-like and discontinuous communication, so that the position of the vehicle-mounted terminal 4 whose authenticating side is the authenticated side can be specified. As described above, the call is transmitted during wireless communication and is not essential in the authentication process.

On the other hand, the in-vehicle terminal 4 receives the received random number R1.
Is encrypted with the previously generated common key K1, and the encrypted random number C
R1 is generated (t17). And this encrypted random number C
R1, the previously generated encrypted common key CK1 and electronic signature S
and ig1 are returned to the gateway 1 (t18).

The above processing of the gateway 1 and the vehicle-mounted terminal 4 (t15 to t18) is executed during the wireless communication by the short-range wireless communication (thick line portion in FIG. 4). In this way, during wireless communication by short-range wireless communication, the previously generated random number is transmitted from the authenticating side to the authenticated side, and the random number is encrypted by a common key that is faster in processing than the public key cryptosystem. Encryption and the encrypted random number and the data generated in advance are sent back from the authenticated side to the authenticated side.
The wireless communication for authentication can be completed with.

Next, the gateway 1 decrypts the common key K1 from the received encrypted common key CK1 with the private key of the gateway 1 (t19). Further, the public key of the vehicle-mounted terminal 4 is acquired from the storage unit 3 based on the identification information for identifying the vehicle-mounted terminal 4 included in the received data. Then, as described above, the received electronic signature Sig1 is verified with the public key of the vehicle-mounted terminal 4 (t20). further,
The received encrypted random number CR1 is decrypted with the decrypted common key K1 to obtain the restored random number data R1 ′ (t2
1). Then, a match between the restored random number data R1 ′ and the original random number R1 transmitted to the vehicle-mounted terminal 4 is confirmed (t22).

As described above, if the verification of the electronic signature and the confirmation of the match between the restored random number data and the original random number are successful, the authentication of the vehicle-mounted terminal 4 (that is, the user) is completed. It should be noted that the above processing of the gateway 1 is executed at times other than the wireless communication by the short-range wireless communication. The above is the authentication process performed by the gateway 1 and the vehicle-mounted terminal 4.

The authentication processing executed between the gateway 1 and the vehicle-mounted terminal 4 has been described above. Here, when the vehicle-mounted terminal 4 or its user receives the service from the server described above, the vehicle-mounted terminal 4
Sends a service request to the server via gateway 1. Then, when the gateway 1 receives a response directed to the user to the transferred service request from the server, the gateway 1 transfers this response to the vehicle-mounted terminal 4. If necessary, the information contained in this response is encrypted with a common key and transferred.
In this way, the user in the vehicle can use the vehicle-mounted terminal 4 to receive various services provided by the server.

Needless to say, the process executed on the server providing the service is executed independently of the process at the time of wireless communication by the short range wireless communication.
In addition, wireless communication by short-range wireless communication is performed in a communicable area. Further, when the server that provides the service to the vehicle-mounted terminal 4 requires the authentication, the authentication information based on the result of the authentication process performed by the gateway 1 may be provided to the server.

The embodiment of the present invention has been described in detail above with reference to the drawings. However, the specific structure is not limited to this embodiment, and the structure and the like without departing from the gist of the present invention are also included. included. The technical idea relating to the authentication processing of the present invention is effective not only in the short-range wireless communication such as DSRC, but also in the authentication for a mobile object, in a communication environment where it is difficult to secure the communication time.

Further, a program for realizing a part or all of the functions of the processing unit 2 in FIG. 2 or the processing unit 4 in FIG. 3 is recorded in a computer-readable recording medium and recorded in this recording medium. You may perform the process in an authentication side apparatus or the process in an authentication side apparatus by making a computer system read and run a program. The “computer system” mentioned here includes an OS and hardware such as peripheral devices.

The "computer-readable recording medium" means a flexible disk, a magneto-optical disk,
A portable medium such as a ROM or a CD-ROM, or a storage device such as a hard disk built in a computer system. Furthermore, "computer-readable recording medium"
Is a volatile memory (RAM) inside a computer system that serves as a server or client when a program is sent via a network such as the Internet or a communication line such as a telephone line, and holds the program for a certain period of time. Those that are present are also included.

The above program may be transmitted from a computer system that stores the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the program may be a program for realizing some of the functions described above. further,
It may be a so-called difference file (difference program) that can realize the above-mentioned functions in combination with a program already recorded in the computer system.

[0049]

As described above in detail, according to the present invention, the device to be authenticated generates a common key, and the common encryption is a common key encrypted by the public key of the authentication side. Means for generating a key, means for adding an electronic signature obtained by encrypting the hash value of the encrypted common key with the private key of the authenticated side to the encrypted common key, and receiving a random number from the authentication side device Means, encryption means for encrypting the received random number with the common key, and transmission means for transmitting the encrypted common key to which the electronic signature is added and the encrypted random number to the authentication side device. A means for the authentication side device to generate a random number,
Transmission means for transmitting the random number to the device to be authenticated, reception means for receiving the encrypted common key to which the electronic signature is added and the encrypted random number from the device to be authenticated, and the electronic device received from the device to be authenticated The electronic signature is verified from the encrypted common key to which the signature is added, and the decryption means for decrypting the encrypted common key with the private key of the authentication side, and the encrypted random number received from the device to be authenticated. Since the decryption common key is provided, and the verification unit that compares the decrypted random number with the original random number and verifies whether they match, it is possible to reliably authenticate the device to be authenticated, and The common side can be safely shared between the authenticating side and the authenticated side. Also, Challenge
Since it is possible to shorten the processing time of the authentication processing by & Response, it is particularly effective in a communication environment by narrow-range wireless communication in which it is difficult to secure the communication time.

Further, according to the present invention, in the authentication system, the authentication side device generates random numbers in advance, and the authenticated side device generates the common key, the encrypted common key, and the electronic signature. In wireless communication for authentication, the transmitting means of the authenticating device transmits the random number, the receiving means of the authenticated device receives the random number, and the encrypting device of the authenticated device. Since only the encryption of the random number using the common key by the device and the transmission of the encrypted common key and the encrypted random number to which the electronic signature is added by the transmission means of the device to be authenticated are executed to the device on the authentication side,
The processing for authentication performed during wireless communication and the processing time thereof are reduced, and it becomes possible to effectively use the communicable time by the short-range wireless communication.

The authentication side device is incorporated in a gateway server that relays data transmission / reception between a server providing a service to an in-vehicle terminal and an in-vehicle terminal in a network including an ITS (intelligent transportation system), and the authenticated side device Is incorporated into the in-vehicle terminal in ITS,
A running vehicle can receive various services from the server. Further, according to the present invention, the user (the device to be authenticated) can be authenticated and the encrypted communication using the common key cryptosystem can be performed, so that the security required for payment, membership services, etc. can be ensured.

[Brief description of drawings]

FIG. 1 is a conceptual diagram showing an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of a gateway according to the same embodiment.

FIG. 3 is a block diagram showing a configuration of an in-vehicle terminal according to the same embodiment.

FIG. 4 is a sequence diagram illustrating an authentication process executed between the gateway and the vehicle-mounted terminal according to the same embodiment.

FIG. 5 is a diagram showing a communication environment by DSRC.

FIG. 6 Conventional Challenge & Responses
It is a sequence diagram explaining the authentication process by e.

[Explanation of symbols]

1 ... Gateway 2 ... Processing unit (inside gateway) 3 ... Storage unit (inside gateway) 2a ... Random number generation unit 2b ... Transmission unit (inside gateway) 2c ... Reception unit (inside gateway) 2d ... Common key decryption unit 2e ... Electronic Signature verification unit 2f ... Random number decryption unit 2g ... Random number verification unit 2h ... Telegram encryption / decryption unit (in gateway) 4 ... In-vehicle terminal 5 ... Processing unit (in-vehicle terminal) 6 ... Storage unit (in-vehicle terminal) 5a ... Common key generation unit 5b ... Encrypted common key generation unit 5c ... Electronic signature unit 5d ... Reception unit (in-vehicle terminal) 5e ... Random number encryption unit 5f ... Transmission unit (in-vehicle terminal) 5g ... Telegram encryption / decryption unit ( (In-vehicle terminal)

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04Q 7/38 H04L 9/00 601C 601E (72) Inventor Shinichiro Matsuo 3-3 Toyosu, Koto-ku, Tokyo No. Incorporated in NTT DATA (72) Inventor Yoshiyuki Hashikawa 3-3-3 Toyosu, Koto-ku, Tokyo Incorporated in NTT DATA (72) Inventor Takahiro Maekawa Tokyo 3-3-3 Toyosu, Koto-ku Stock company F term in NTT DATA (reference) 5B085 AE04 AE29 BA06 BC02 5J104 AA07 AA09 AA16 EA04 EA19 KA02 KA04 KA06 LA03 LA05 LA06 NA02 PA01 5K067 AA14 A41 BB43 BB21 EE02 EE12 HH21 HH22

Claims (5)

[Claims] 1. In an authentication system using a public key cryptosystem and a common key cryptosystem, a device to be authenticated includes a means for generating a common key, and an encryption in which the common key is encrypted by a public key on the authentication side. Means for generating a common key, means for adding an electronic signature obtained by encrypting the hash value of the encrypted common key with the private key of the authenticated side to the encrypted common key, and receiving a random number from the authentication side device A reception unit; an encryption unit that encrypts the received random number with the common key; and a transmission unit that transmits the encrypted common key to which the electronic signature is added and the encrypted random number to the authentication side device. Then, the authenticating device includes means for generating a random number, transmitting means for transmitting the random number to the authenticated device, an encrypted common key with an electronic signature added from the authenticated device, and an encrypted random number. Receiving means to receive and authenticated side device The electronic signature is verified from the encrypted common key added with the electronic signature received from the device, and the decryption means for decrypting the encrypted common key with the private key of the authentication side, and the encryption received from the device to be authenticated. An authentication system comprising: a verification unit configured to decrypt the encrypted random number with the decrypted common key, and compare the decrypted random number with an original random number to verify whether they match. 2. In the authentication system, a random number is generated in advance in the authentication side device, the common key is generated in the authenticated side device, an encrypted common key is generated, and an electronic signature is added, and authentication is performed. At the time of communication for communication, the transmitting means of the authentication side device transmits the random number, the receiving means of the authenticated side device receives the random number, and the common key is used by the encryption means of the authenticated side device. Random number encryption,
2. The authentication system according to claim 1, wherein only the encrypted common key added with the electronic signature and the encrypted random number are transmitted to the authentication side device by the transmission means of the authentication side device. 3. In a mobile authentication system using short-range wireless communication, a device to be authenticated generates a common key, and an encrypted common key obtained by encrypting the common key with a public key of the authentication side. Means, means for adding an electronic signature obtained by encrypting the hash value of the encrypted common key with the private key of the authenticated side to the encrypted common key, receiving means for receiving a random number from the authentication side device, and receiving An authenticating device for encrypting the generated random number with the common key; and a transmitting device for transmitting the encrypted common key added with the electronic signature and the encrypted random number to the authenticating device. Is a means for generating a random number, a transmitting means for transmitting the random number to the device to be authenticated, and a receiving means for receiving the encrypted common key added with the electronic signature and the encrypted random number from the device to be authenticated. , Electronic received from the device to be authenticated The electronic signature is verified from the encrypted common key to which the signature is added, and the decryption means for decrypting the encrypted common key with the private key of the authentication side, and the encrypted random number received from the device to be authenticated. A mobile unit authentication system by short-range wireless communication, comprising: a decryption unit using the decrypted common key; and a verification unit that compares the decrypted random number with the original random number to verify whether they match. 4. The authentication side device in the mobile authentication system by short-range wireless communication according to claim 3, wherein the authentication side device provides a service to an in-vehicle terminal in a network including an ITS (Intelligent Transport System). An authentication-side device, which is incorporated in a gateway server that relays transmission / reception of data between a server provided and an in-vehicle terminal. 5. A device to be authenticated in the mobile body authentication system by short-range wireless communication according to claim 3, wherein the device to be authenticated is incorporated in a vehicle-mounted terminal in an ITS (Intelligent Transport System). The authenticated device.