JP2005165671A - Multiplex system for authentication server and multiplex method therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for guaranteeing the reliability of a multiplex authentication server introduced and installed to a system. <P>SOLUTION: This multiplex system by a plurality of authentication servers for the purpose of multiplexing the authentication servers comprises client PCs 1-1, 1-2 connected to a network 1-6, the servers 1-4, 1-5, and a device 1-3. In the multiplex system, the identification and authentication of a user, and access to a resource and permission are centrally managed by the authentication servers 1-4, 1-5. Each of the plurality of authentication servers 1-4, 1-5 has: a holding means holding a private key related to itself, of a key pair of a public key and the private key based on a public key cipher system, in secrecy; and a communication means performing periodic communication so as to confirm reliability between the multiplexed authentication servers. The multiplex system for the authentication server uses the key pair for the communication by the communication means. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a multiplexing (redundant) system that authenticates a plurality of PCs and devices and users who use them, and backs up the function of an authentication server that controls access to resources. The present invention also relates to a multiplexing method for giving reliability to and confirming a plurality of authentication servers configured by the multiplexing system.

  In a logical area (domain) composed of client PCs, servers, and devices connected to a network, when a user uses some resource on the domain, it is necessary to authenticate the user and grant access authority to the resource. . The authentication server in the client-server system provides functions such as identification and authentication of users and granting access rights to resources based on a unique or standardized protocol, allowing users to use resources in the system. Provide.

  Resources in the system also include information having a high asset value for a specific third party, and mutual security must be ensured in communication between the client PC and the server or between the device and the server. Specifically, it may be necessary to guarantee the confidentiality and integrity of the communication data, and to prevent impersonation of the communication partner. In such a case, conventionally, a method of encrypting communication data and ensuring security is used. For example, according to a key distribution method using a public key cryptosystem, it is possible to prevent spoofing of a communication partner and securely distribute an encryption key for encrypting communication data.

  In such a case, the authentication server also has a function of providing a key distribution service using a public key cryptosystem to the client PC or device. Secure and confidential network security in the domain is realized by an authentication server protected by high security.

  By the way, ensuring the security of the authentication server itself is an important factor in ensuring the security of the system. This is because the security of the entire system cannot be secured if the authentication server itself is easily tampered with or impersonated. Furthermore, there must be only one authentication server operating in a domain. This is because functions such as domain user management, encryption key management, and distribution need to be performed uniformly by one authentication server. This is also necessary to avoid security problems (security holes) such as impersonation of the authentication server.

  However, in the case where there is only one authentication server that constitutes a domain, if any failure occurs in the authentication server, there arises a problem that functions such as user authentication and granting access authority do not work at all. In such a state, even if a resource to be used, for example, a device or a file server is operating normally, the user cannot use these resources because authentication and usage rights are not given from the authentication server. This is because there is only one authentication server belonging to the domain.

  In this way, the authentication server must be the only one in the domain because of its functional characteristics. On the other hand, the authentication server also suffers from the convenience problem such as the down of the entire system at the time of failure. It is necessary for actual operation to deal with it. In order to cope with this problem, there is usually a concept of multiplexing or redundancy of authentication servers in a client server system constituting a domain, which has been put into practical use.

  Multiplexing of authentication servers is a system form in which a plurality of authentication servers for controlling authentication in a domain are prepared and all of them are operated in a priority order. The priority order is configured so that the order (priority) in which the authentication server functions effectively is set in advance and functions in order from the authentication server having the highest priority. Here, the multiplexed authentication server also has the disadvantage that it tends to be a source of security holes, such as server impersonation and tampering, and it is assumed that all authentication servers are authentic authentication servers. Must be configured.

  The outline of the operation of the authentication server having the multiplexing function will be described as follows. When a failure occurs in the first-priority authentication server and the authentication function is stopped, the second-priority authentication server automatically takes over the work and performs work such as authentication work or granting access authority. Furthermore, when there is a third-priority authentication server, there is a mechanism in which the third-priority authentication server automatically functions if a failure continues in the second-priority authentication server. Here, for the procedure for taking over the function to the authentication server with a lower priority when a failure occurs in the authentication server, for example, the type in which the client side detects and switches the authentication server failure or other multiplexed authentication There is a method in which the server monitors an authentication server with higher priority.

  Thus, when a failure occurs in the authentication server, the problem that the resources constituting the domain cannot be used can be solved by multiplexing the authentication servers. However, on the other hand, there is a new problem in terms of the reliability of the security function for which the authentication server is responsible. That is, impersonation of the authentication server itself.

  In a system that multiplexes authentication servers, an administrator usually sets up and activates a backup authentication server, but the mechanism for guaranteeing the reliability of the authentication server set up for backup here is insufficient. If the backup authentication server is a server that is not intended by the original correct administrator (malicious authentication server rogue server), this spoofed authentication server becomes effective if a failure occurs in the primary authentication server. It may be the case.

  Once the rogue server is running, unintended users other than those registered in accordance with legitimate procedures can be authenticated to access resources, and passwords can be stolen from legitimate user authentication procedures. Security problems will occur.

  As a means to prevent rogue servers that cause many security problems from joining the domain as backup authentication servers, currently require administrator password authentication when setting up an authentication server for backups. There is a way to avoid it by the procedure of doing.

  That is, after the authentication server is correctly installed and started, a work process is prepared in which the first priority authentication server joins the second priority authentication server to the domain. In order to participate in the authentication server, password authentication of the administrator is necessary, and input of the administrator password is required. The first-priority authentication server permits participation in the domain using the second-priority authentication server as a backup server only when the input password authentication is correct. Usually, the administrator's password is information that only the administrator can know, and as a rule is not known to general users. Therefore, by introducing such a work process, the first priority authentication server can prevent the second priority authentication server from participating in the domain without permission. As a result, the first priority authentication server can trust the second priority authentication server.

  By the way, as described in the above conventional example, according to the method by the administrator password authentication, the first priority authentication server is effective as a method of trusting the second priority authentication server when the authentication server is installed.

  However, with this method, once the authentication server is installed and the multiplexed configuration is constructed, that is, until the system is in operation, the reliability of the multiplexed authentication server installed for backup cannot be maintained. For example, security problems such as a backup authentication server being replaced by a malicious third party or tampering can be considered. It is necessary to check the reliability of the authentication server even during operation.

  Conventionally, there has been no mechanism for automatically checking and guaranteeing the reliability of a backup authentication server in operation for the above purposes. Further, it has been possible for a system administrator who manages and monitors the entire system to use a method of periodically checking the configuration of the backup authentication server and a method of auditing access logs and statuses. However, such a method has a drawback that it requires a very large amount of labor for the system administrator and the management cost is high.

  The present invention has been made paying attention to such a problem that has not yet been determined in the operation and management of the conventional authentication server, and has a mechanism for guaranteeing the reliability of the multiplexed authentication server installed and installed in the system. It is intended to provide. In addition, as another object, there is provided a mechanism for completely automating the process for guaranteeing the reliability of the multiplexed authentication server and reducing the management cost of the system administrator as much as possible.

  In order to achieve the above object, the present invention comprises client PCs, servers, and devices connected to a network, and user identification and authentication, as well as access and authorization of resources, are centrally managed by an authentication server. A multiplexing system using a plurality of authentication servers for the purpose of multiplexing the authentication servers, wherein the plurality of authentication servers are associated with a key pair of a public key and a secret key based on a public key cryptosystem. Holding means for holding the secret key in secret, and communication means for performing periodic communication for confirming reliability between the multiplexed authentication servers, for communication by the communication means Further, the present invention provides an authentication server multiplexing system using the key pair.

  According to the present invention, the reliability of the multiplexed authentication server installed for backup can be maintained after the system is constructed, that is, even during the operation of the system. Therefore, for example, the reliability of the authentication server not only during installation but also during system operation, against security problems such as a backup authentication server being replaced or altered by a malicious third party. Can be confirmed, and the security problem can be dealt with.

  In addition, the system administrator who manages and monitors the entire system does not need to use methods such as regularly checking the configuration of the authentication server for backups or auditing access logs and status. Since the reliability of the authentication server can be ensured, the management cost of the system administrator can be greatly reduced.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(First embodiment)
FIG. 1 is an overall configuration diagram of an authentication server multiplexing system according to a first embodiment of the present invention.
In FIG. 1, reference numerals 1-1 and 1-2 denote client PCs constituting the multiplexing system. A user accesses the network system using the client PC and uses various resources. In accessing and using system resources, a user first performs user authentication from the client PC and receives assignment of access control information assigned to each user. In the present embodiment, two client PCs are shown for convenience, but the number is not necessarily limited to two.

  In FIG. 1, reference numeral 1-3 denotes a device connected to the system via a network. The device corresponds to, for example, a printing device, a scanner, a FAX, or a multifunction machine of these. A file server (not shown) is also one of the network systems.

  As the physical network connection means, there is wired information communication by Ethernet (R) or wireless information communication conforming to the wireless LAN standard, and in either case, it is planned as a network means of the present system.

  In FIG. 1, reference numeral 1-4 denotes an authentication server that performs overall user authentication and access control of the entire system according to the present invention. The authentication server controls and controls system user identification, authentication, access control, and the like, and configures a security logical area (domain, 1-6) that controls system security. A domain also means a logical boundary for distinguishing from another security domain managed by another authentication server. Therefore, a plurality of client PCs, devices, and authentication servers that are physically coupled by the same network means may be logically divided and operated in a plurality of security domains.

  In principle, one authentication server exists as a preferential authentication server (primary authentication server) in one domain, and controls the security of the domain. Therefore, when there are a plurality of domains, one primary authentication server is installed in each domain. As a function of the authentication server, there may be a function for establishing a trust relationship between the authentication servers in order to realize authentication and access control across domains.

  By the way, since the security function in a domain is controlled by a single primary authentication server, if a failure occurs in this authentication server, the user cannot use any resources in that domain. End up. In order to solve such a problem, there is a mechanism in which authentication servers are multiplexed and another authentication server for backup takes over the subsequent processing even if a failure occurs in one authentication server. Such a mechanism is called a multiplexing system, a redundant system, or a backup system, and other authentication servers for backup are called a backup authentication server, a secondary authentication server, or the like.

  In the authentication server multiplexing system according to the present invention, the authentication server has a function corresponding to the multiplexing system. In FIG. 1, the authentication server 1-4 corresponds to a primary authentication server. On the other hand, in FIG. 1, 1-4 and 1-5 correspond to secondary authentication servers. When a failure occurs in the primary authentication server (1-4), the server automatically switches to the secondary authentication server. Processing such as authentication continues.

  Here, the domain 1-6 is managed by a system administrator (not shown) that manages and operates the entire system. The authentication servers 1-4 and 1-5 are both correctly installed by the system administrator and are trusted at this time.

  On the other hand, when the operation of the system is started, the authentication server multiplexing system according to the present invention performs communication based on the challenge and response method between the respective authentication servers. In FIG. 1, reference numeral 1-7 denotes a state in which the authentication servers according to the present invention perform network communication based on the challenge and response method. This communication is performed in order to ensure reliability periodically and automatically after the operation of the system has started since the installation of the authentication server. Hereinafter, a communication procedure based on the challenge and response method and a mechanism for ensuring reliability based on the communication procedure will be described with reference to the diagram shown in FIG.

FIG. 3 is a ladder chart showing a communication procedure based on the challenge and response method in the authentication server multiplexing system according to the present invention.
In FIG. 3, reference numerals 3-1 and 3-2 denote processing steps of the primary authentication server and the secondary authentication server, respectively. 3, the primary authentication server 3-1 corresponds to the primary authentication server 1-4 in FIG. 1, and the secondary authentication server 3-2 corresponds to the secondary authentication server 1-5 in FIG.

  In FIG. 3, step S3-3 is a step in which the primary authentication server (3-1) generates a random number and holds it in the internal data storage area of the server itself. This random number has a predetermined data length, and a different value is generated each time communication is performed. This value is held in the data storage area of the server itself.

  In FIG. 3, step S3-4 is a step of encrypting the above random number value with the public key of the secondary authentication server (3-2). When the authentication server is installed, a pair of encryption keys based on the public key cryptosystem, that is, a public key and a private key are created in advance, and the public key is distributed to other authentication servers based on known key distribution means. Is retained. In this step (step S3-4), since the data is encrypted as data that can be decrypted only by the secondary authentication server, the random value previously generated and held by the primary authentication server (3-1) is used as the secondary authentication server. Encrypt with the public key (3-2). As the public key encryption method, a known encryption algorithm can be used.

  The encrypted random value is transmitted to the secondary authentication server according to a predetermined communication protocol (step S3-5). The predetermined communication protocol includes, for example, FTP and HTTP as public standard protocols, but it is also possible to follow a unique protocol.

  The secondary authentication server (3-2) decrypts the encrypted random number value with its own secret key, and acquires the random value generated by the primary authentication server (3-1) as a value associated with this communication. (Step S3-6). The secret key refers to a secret key among encryption keys based on a predetermined public key encryption algorithm. The encryption algorithm may be specified in advance when the authentication server is installed, but in the multiplexing system according to the present invention, which encryption algorithm is to be applied is specified during handshake processing during communication. This is because there may be a difference in the corresponding algorithm depending on the type of the authentication server. The random value is generated by the primary authentication server for each communication.

  Next, the secondary authentication server (3-2) performs an electronic signature process on the acquired random number value using a private key owned by itself (step S3-7). The electronic signature is performed for the purpose of verifying the identity and the fact that the transmitted data is not falsified. As an electronic signature method, the system according to the present invention executes, for example, processing according to the following procedures and steps. That is, as processing of the secondary authentication server, the random number value is encrypted with the public key of the counterpart authentication server that transmits the signature data. Thereafter, the secondary authentication server transmits the encrypted data to the primary authentication server (step S3-9).

  The primary authentication server that has received the encrypted data decrypts the encrypted data with its own private key. As a result of the decryption process, the primary authentication server acquires a random value (step S3-10). Here, the primary authentication server holds a random value generated before communication, and compares the value with the random number obtained as a result of decryption. If the random number values match as a result of the comparison, the secondary authentication server can decrypt the encrypted data of the random value previously transmitted by the primary authentication server with its private key.

  In order to correctly decrypt the data, the secondary authentication server must decrypt the encrypted data using a correct private key corresponding to the public key held by the primary authentication server. From this, if it can be determined that the decryption has been correctly performed, the secondary authentication server has the genuine secret key intended by the primary authentication server. It is possible to recognize that the server has been deleted (step S3-11).

  Thereafter, if the primary authentication server (3-1) determines that the secondary authentication server (3-2) is a genuinely installed server, the primary authentication server (3-1) continues to trust the secondary authentication server (3-2). However, if it is determined that the secondary authentication server (3-2) is not genuinely installed, the result is audited, and a warning message is issued to the system administrator and the secondary authentication server is disconnected from the system. It performs (step S3-12).

  By the way, as a security attack technique, it is possible for a third party to intercept communication from the secondary authentication server (3-2), hack a data packet, and impersonate the secondary authentication server (3-2). is there. This is a so-called reply attack.

  The authentication server multiplexing system according to the present invention provides the following method to cope with this attack. That is, in order to change the random number for each communication between the primary authentication server (3-1) and the secondary authentication server (3-2), the previous random number value is used to generate and hold a random number for the next communication (step S3). -3) is stored, and if the random number values coincide by chance, the random number values are discarded and regenerated again. Thereby, since the random number used for communication changes reliably for each communication, it is possible to detect this reliably when there is a reply attack.

In addition, as another method, the following process can be added.
That is, a step in which the secondary authentication server (3-2) digitally signs the random number value (step S3-7) and a step in which the signature data is encrypted with the public key of the primary authentication server (3-2) (step S3-8). The time of the secondary authentication server (3-2) is entered. In order to prevent tampering in the middle, a hash is calculated according to a predetermined hash algorithm, a random number value with this value, and a destination authentication server that combines the time data with a predetermined delimiter and transmits signature data, That is, encryption is performed with the public key of the primary authentication server (3-1).

  After that, the primary authentication server (3-1) that has received the encrypted data takes out the time data in the encrypted data decrypting step (step S3-10) and the signature data verifying step (step S3-11). If it is within the set allowable value range, the secondary authentication server is trusted, and if the time has passed beyond the allowable value, it is determined that a reply attack is being met.

  The series of processes described above is a single communication flow performed between the primary authentication server (3-1) and the secondary authentication server (3-2). By continuously performing this series of communications periodically and automatically, the reliability of the secondary authentication server can be confirmed after the server is installed. As a result, security is maintained during system operation.

  On the other hand, the communication based on the challenge and response method shown in the present embodiment has been described as being performed in one direction from the primary authentication server to the secondary authentication server. However, it is also possible to implement a challenge-and-response scheme in both directions for the purpose of mutually verifying and reliably ensuring the reliability of authentication servers.

  That is, the secondary authentication server 3-2 generates and holds a random number, encrypts it with the public key of the primary authentication server, and transmits it. The primary authentication server decrypts the received encrypted data with its own private key, encrypts it with the public key of the secondary authentication server after performing an electronic signature. The secondary authentication server 3-2 receives the encrypted data from the primary authentication server 3-1, decrypts it with its own private key, verifies the signature data, and switches the action according to the verification result.

  When two-way communication is performed, there are several variations in the direction of communication based on the challenge-and-response method, for example, alternately, and an optimal method for the system may be determined first.

  Next, the means for configuring the authentication server multiplexing system according to this embodiment will be described with reference to FIG. FIG. 2 is a diagram schematically showing a functional configuration of the authentication server in the authentication server multiplexing system according to the present invention.

  In FIG. 2, reference numeral 2-1 denotes a function boundary of the authentication server. 2-2 is a key pair generation unit based on the public key cryptosystem of the authentication server itself. The public key generated in this way is distributed and held to other authentication servers when the server is installed. On the other hand, the secret key is held inside the authentication server while maintaining confidentiality by the secret key holding means indicated by 2-4 in FIG. The secret key data held here is the data of the authentication server 2-1 itself, and must be prevented from being referenced by anyone other than the authentication server itself. Therefore, normally, the data area in which the secret key is held is securely held in an area that cannot be accessed by anyone including the system administrator.

  In order to realize such a form, for example, after generating a secret key, it is possible to take a technique such as attaching a device holding the secret key data in hardware as a dongle to the authentication server. In order to reduce the installation cost, the generated secret key may be stored in a data storage area that has no access authority other than the authentication server system.

  In FIG. 2, 2-3 is a random number generating / holding means. Random numbers generated by the random number generation / holding means are used as arbitrary data transmitted and received by communication between authentication servers. The random number is stored in a predetermined storage area of the authentication server, and is used to determine whether the random value returned from the secondary authentication server matches the random value transmitted by the primary authentication server.

  In FIG. 2, reference numeral 2-7 denotes encryption / decryption means. In the authentication server multiplexing system according to the present invention, encryption / decryption processing based on a public key cryptosystem is executed in order to ensure confidentiality of communication between authentication servers. The encryption / decryption means 2-7 contributes to the realization of the public key encryption process.

  In FIG. 2, 2-6 is an electronic signature means. In the authentication server multiplexing system according to the present embodiment, there is an affirmative in which an electronic signature of a random number is performed as described above. The electronic signature means 2-6 realizes the electronic signature processing in this case.

  In FIG. 2, 2-5 is a communication means. In the authentication server multiplexing system according to the present invention, when the authentication servers communicate with each other, the communication means 2-5 provides a data communication function according to a predetermined protocol. For example, in addition to protocols such as FTP and HTTP, unique protocols may be supported.

(Second Embodiment)
FIG. 4 is an overall configuration diagram of an authentication server multiplexing system according to the second embodiment of the present invention.
4, 4-1, 4-2, and 4-3 correspond to the client PC and the device portion of the system configuration according to the present invention, and are the same as those in FIG. 1 described in the first embodiment. It corresponds to 1-1 to 1-3.

  In FIG. 4, 4-8 is an authentication server that controls the authentication of the domain 4-6 according to the present invention. This is done intensively, including user identification and authentication, and access control information management and grant. For example, Windows (R) Active Directory is applicable.

  In FIG. 4, 4-4 is a primary authentication GW (gateway). The authentication GW is interposed between the client PC and the device and the authentication server, and acts as a proxy for the user authentication process. In this configuration, when the user has already used the general-purpose authentication server 4-8 before introducing the system according to the present invention, the role of proxying the authentication processing to introduce the system according to the present invention. Have Accordingly, the authentication GW itself does not directly perform authentication processing on the client PC or device.

  In addition, when a plurality of types of authentication servers are mixed in the existing environment of the user, for example, by authenticating the authentication processing to each of these authentication servers by the authentication GW such as Windows (R) and Notes, It is possible to provide a common authentication processing environment (for example, a single sign-on function) to users.

  In FIG. 4, 4-5 is a secondary authentication GW. The client PC and device do not directly communicate with the authentication server 4-8 but receive identification, authentication, and access right through the authentication GW 4-4. Therefore, when a failure occurs in the authentication GW 4-4, the client PC and the device cannot access the resources of the domain 4-6. The secondary authentication GW 4-5 is installed to represent the function when a failure occurs in the authentication GW 4-4.

  In the authentication server multiplexing system according to the present embodiment, since the authentication GW is multiplexed, the primary authentication GW 4-4 and the secondary authentication GW 4-5 confirm the reliability according to the challenge and response method. . That is, the primary authentication GW 4-4 generates and stores a random number, which is encrypted with the public key of the authentication GW 4-5 and transmitted.

  The secondary authentication GW 4-5 decrypts the received encrypted data with its own private key, performs a predetermined electronic signature process, and subsequently encrypts it with the public key of the authentication GW 4-4. The encrypted data is transmitted again to the primary authentication GW 4-4. The primary authentication GW 4-4 decrypts the received encrypted data with its own private key and verifies the electronic signature. Depending on the verification result, appropriate processing thereafter is performed.

  By the way, in the second embodiment according to the present invention, the primary authentication GW 4-4 and the primary authentication GW 4-5 are multiplexed, and each generates a key pair based on the public key cryptosystem. When installing the authentication GW, the system administrator applies an electronic signature to the public key of the authentication GW with the system administrator's own private key. Thereby, the reliability is given to the entire domain 4-6 of the authentication GWs 4-4 and 4-5.

  For communication between the authentication GW and the existing authentication server in the user environment, for example, in the case of Windows (R), NTLM authentication or Kerberos authentication is applied. Further, when the authentication server is Notes, LDAP authentication may be applied. Therefore, the authentication server itself applies to multiple authentication protocols instead of performing user authentication processing, and provides a common authentication interface for multiple authentication servers mixed in the user's environment. Is a feature.

1 is an overall configuration diagram of an authentication server multiplexing system according to a first embodiment of the present invention. It is the figure which represented typically the functional structure which the authentication server has in the multiplexing system of the authentication server concerning this invention. 5 is a ladder chart showing a communication procedure based on a challenge and response method in the authentication server multiplexing system according to the present invention. It is a whole block diagram of the multiplexing system of the authentication server concerning the 2nd Embodiment of this invention.

Explanation of symbols

1-1 Client PC-A
1-2 Client PC-B
1-3 Network device 1-4 Authentication server (primary)
1-5 Authentication server (secondary)
1-6 Domain 1-7 Network communication based on challenge and response method

Claims (12)

Consists of client PCs, servers, and devices connected to the network. User identification and authentication, as well as access and authorization of resources, are centrally managed by the authentication server for the purpose of multiplexing the authentication servers. A multiplexing system with a plurality of authentication servers,
The plurality of authentication servers include a holding unit that secretly holds a secret key associated with itself among a key pair of a public key and a secret key based on a public key cryptosystem,
A communication means for performing periodic communication in order to check the reliability between the multiplexed authentication servers,
An authentication server multiplexing system, wherein the key pair is used for communication by the communication means. Consists of client PCs, servers, and devices connected to the network. User identification and authentication, as well as access and authorization of resources, are centrally managed by the authentication server for the purpose of multiplexing the authentication servers. A multiplexing system with a plurality of authentication servers,
The plurality of authentication servers include a holding unit that secretly holds a secret key associated with itself among a key pair of a public key and a secret key based on a public key cryptosystem,
An authentication means for performing authentication based on a periodic challenge-and-response method between multiplexed authentication servers;
An authentication server multiplexing system, wherein the key pair is used for authentication by the authentication means. The authentication server confirms reliability with other authentication servers.
Random number generation and holding means for generating and holding random numbers;
Encryption / decryption means based on the algorithm of the public key cryptosystem;
The authentication server multiplexing system according to claim 1, further comprising: an electronic signature unit that performs an electronic signature in accordance with a predetermined electronic signature method and performs a verification process. It further has a predetermined audit means,
4. The authentication server multiplexing system according to claim 3, wherein when the fraud is detected by the electronic signature means, the audit means notifies the administrator.   The authentication server multiplexing system according to claim 1, wherein the communication unit performs periodic communication with each other in order to mutually check reliability between the multiplexed authentication servers.   3. The authentication unit according to claim 2, wherein the authentication unit mutually performs authentication based on a periodic challenge-and-response scheme in order to mutually confirm reliability between multiplexed authentication servers. Authentication server multiplexing system. It is composed of client PCs, servers, and devices connected to a network. User identification and authentication, and access and authorization to resources are centrally managed by an authentication server. ,
Of the public key and private key pair based on the public key cryptosystem, a holding step for secretly holding a secret key associated with itself,
A communication process for performing periodic communication to check reliability between multiplexed authentication servers,
An authentication server multiplexing method, wherein the key pair is used for communication in the communication step. It is composed of client PCs, servers, and devices connected to a network. User identification and authentication, and access and authorization to resources are centrally managed by an authentication server. ,
Of the public key and private key pair based on the public key cryptosystem, a holding step for secretly holding a secret key associated with itself,
An authentication process for performing authentication based on a periodic challenge-and-response method between multiplexed authentication servers,
An authentication server multiplexing method, wherein the key pair is used for authentication in the authentication step. A random number generation and holding step for generating and holding a random number in order to check reliability between multiplexed authentication servers;
An encryption / decryption step based on the algorithm of the public key cryptosystem;
The authentication server multiplexing method according to claim 7, further comprising: an electronic signature step of performing an electronic signature according to a predetermined electronic signature method and performing a verification process. It further has a predetermined audit process,
10. The authentication server multiplexing method according to claim 9, wherein when an illegality is detected by the electronic signature process, an administrator is notified by the audit process.   8. The authentication server multiplexing method according to claim 7, wherein the communication step performs periodic communication with each other in order to mutually confirm reliability between the multiplexed authentication servers.   9. The authentication method according to claim 8, wherein the authentication step performs mutual authentication based on a periodic challenge and response method in order to mutually confirm reliability between multiplexed authentication servers. Authentication server multiplexing method.

Images