JP2007020031A - Location management and method for integrating key management - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To realize safe coding location dependent service (CLBS) by flexibly and safely combining a plurality of location management functions and a plurality of key management functions in a location key management system for providing a mobile terminal with location dependent service. <P>SOLUTION: A location key server has a location key function. The location key function has a key dependent location processing function (KLF) and a location dependent key processing function (LKF) and each function is comprised of a location management function, a key management function and a policy judgment function. The location key server generates a location key according to a request of a location key client. In that case, unity between two functions by confirming identity of location key clients in location management processing and key management processing. A location key is generated by making one of the location management processing and the key management processing depend on the other according to a location key policy and provided to the location key client. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an integrated method of location management and key management, and in particular, in a location key management system that provides location-dependent services to mobile terminals, a plurality of location management functions and a plurality of key management functions of a location key server are flexible and flexible. It relates to an integrated method of location management and key management that can be combined safely.

  In recent years, in the field of ubiquitous computing, provision of a service (Context Awareness Service) that uses information that depends on the actual environment of a mobile terminal has been studied. The ability to provide such a service is one of the features of ubiquitous computing. Information that uses location information as real-world information is called location-based service (LBS) and is expected to become popular in the future. Location-dependent services (LBS) include information distribution to specific locations, pedestrian guidance, tracking of moving objects (Non-Patent Document 9, Non-Patent Document 16), access control, and issuance of position certificates (non- Patent Document 15) and the like.

  Many high-value location-dependent services (LBS) require security and use cryptography. Cryptographic Location Based Service (CLBS) is a location dependent service (LBS) that uses cryptographic technology to improve security. It consists of key management technology and location management technology. As an example of the encryption position dependent service (CLBS), the following can be considered. One is a system in which a confidential document stored in a notebook computer can be browsed inside the company, but if the document is moved outside the company, the document is encrypted and cannot be browsed. The other is a system in which a digital signature key in place of a presidential seal or company seal can be used for signing only in a specific location such as the president's office.

  The technical elements of the encrypted location dependent service (CLBS) include key management and location management. Key management includes authentication of a client by a service provider and sharing of a session key used for encryption of a communication path. Location management involves verifying the location of the client. In order to realize the encrypted location-dependent service (CLBS), it is necessary to link the key management function for performing client authentication and key sharing with the location management function for grasping the client location. Regarding key management, many studies have been conducted in the field of cryptography.

  For position management, GPS (Global Positioning System) and radar positioning systems have already been put into practical use. As a positioning method mainly targeting the outdoors, there are a method using GPS (Non-patent Document 7), a method using a mobile phone or a PHS base station, and a method using a radar. As a positioning method mainly targeting indoors, a method using wireless LAN (Non-patent Document 10), a method using RFID (Radio Frequency Identification) (Non-Patent Document 12), or a method using a sensor network (Non-Patent Document 14). Recently, the main focus of research has shifted from the former to the latter, and practical use of wireless LAN and RFID-based methods is progressing.

  Research has also begun on technologies for safely verifying the location of mobile terminals. Research on methods that emphasize safety, such as methods using communication delay (Non-Patent Document 1, Non-Patent Document 2, Non-Patent Document 3, Non-Patent Document 5, Non-Patent Document 13, Non-Patent Document 15) Has been done. There are various types of these methods, such as the range of use and cost. In terms of cost, they range from extremely expensive satellites such as GPS to low-cost ones such as RFID. In terms of safety, there is a range from a low level of safety such as RFID to a level of safety guaranteed to some extent, such as a method using communication delay.

  So far, the location management function and the key management function have been studied separately. In the future, as location-dependent services (LBS) become more widespread, location-dependent services (LBS) that require more safety will appear. Therefore, it is necessary to increase the security of key management and location management, and to realize a secure encrypted location-dependent service (CLBS) as a total system that links them together. Although it is limited to specific functions, a method that integrates key management and location management has been proposed. For example, authentication is performed only when a personal wireless device is brought close to a PC, and an encrypted file is decrypted, or the location of an untrusted terminal using the radio wave intensity of a beacon from a trusted access point A system for generating a key by confirming the key and a system for issuing a certificate indicating that the mobile terminal exists at the position after the position verification of the mobile terminal have been proposed. These perform key sharing and key distribution after location verification, and simply integrate location management and key management. Below are some conventional examples related to this.

  The “information protection device” disclosed in Patent Document 1 is an information protection device that ensures the safety of information stored inside a portable computer or the like. The function control unit fixedly stops the storage medium of the information processing device when the current position of the information processing device detected by the position detection unit is outside the movable range of the information processing device determined by the range determination unit. Or the power supply circuit of the information processing apparatus is stopped.

  The “location verification method” disclosed in Patent Document 2 is a location verification method that objectively proves that a person using location verification by a base station is present at a certain time in a mobile phone equipped with a fingerprint authentication function. It is a method that can objectively prove that a person was present at a certain place at a certain time. When a user who wants to receive location certification causes his / her mobile phone to read his / her fingerprint, fingerprint data is transmitted to the server. When the server receives the fingerprint data transmitted from the mobile phone, the server checks the user of the mobile phone by collating with the fingerprint data for collation registered in the database in advance. Subsequently, the server obtains the authentication time, obtains the base station number of the mobile phone that requested the location certification from the service station, and stores it in the location registration file of the database in association with the user. In addition, based on the location certificate issuance request from the PDA, the server issues a location certificate (electronic data) related to the location and time of the proved person stored in the location registration file of the database with an electronic signature. To do. Charges are also made at the time of location registration operation or when a location certificate is issued.

  Non-Patent Document 4 discloses a system that uses the radio wave intensity of a beacon from a reliable access point to check the position of an untrusted terminal and generate a key. Non-Patent Document 6 discloses a system in which authentication is performed and an encrypted file is decrypted only when a personal wireless device is brought close to a PC.

JP-A-9-185554 JP 2003-284113 A J. Anzai, T. Matsumoto, "Location Verification (1): Location Verification Schemes Resistant Against Relay Attack," Proc. Of SCIS2005, 2B4-3, 2005. J. Anzai, T. Matsumoto, "Location Verification (2): Plural Provers Verifiable Location Verification Schemes," Proc. Of SCIS2005, 2B4-4, 2005. S. Brands, D. Chaum, "Distance-Bounding Protocols," Proc. Of Eurocrypto'93, Springer-Verlag, pp. 344-359, 1993.

S. Banerjee, A. Mishra, "Secure Spaces: Location-based Secure Wireless Group Communication," Mobile Computing and Communications Review, Volume 1, Number 2, 2002. S. Capkun, J. P. Hubaux, "Securing position and distance verification in wireless networks," Technical report EPFL / IC / 200443, submitted to ACM MobiCom04, 2004. M. D. Corner, B. D. Noble, "Zero-Interaction Authentication," In Proc. Of MOBICOM'02, 2002. E. Gabber and A. Wool, "How to prove where you are: Tracking the location of customer equipment," In Proc. 5th ACM Conf. Computer and Communications Security (CCS), pp. 142-149, 1998. S. Haber, W. S. Stornetta, "How to Time-Stamp a Digital Document," Journal of Cryptology: the Journal of the International Association for Cryptologic Research 3, 2 (1991), 99-111, 1991. M. Izumi, S. Takeuchi, Y. Watanabe, K. Uehara, H. Sunahara, J. Murai, "A Proposal on a Privacy Control Method for Geographical Location Information Systems," Proc. Of INET'00, 2000.

T. Kitasuka, T. Nakanishi, and A. Fukuda, "Indoor Location Sensing Techinique using Wireless Network," In Proc. Of Computer System Symposium'02, pp. 83-90, 2002. JSR 118 Expert Group, Java (R) Community Process, "Mobile Information Device Profile for Java (R) 2 Micro Edition Version 2.0," 2002. K. Nakanishi, J. Nakazawa, and H. Tokuda, "LEXP: Preserving User Privacy and Certifying the Location Information," 2nd Work-shop on Security in Ubiquitous Computing Ubicomp'03, 2003. N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," Report No. UCB // CDS-03-1245, University of California, Berkekey. A. Vora, M. Nesterenko, "Secure Location Verification Using Radio Broadcast," In Proc. Of OPODIS 2004: 8th International Conference on Principles of Distributed Systems, 2004. B. R. Waters, E. W. Felten, "Secure, Private Proofs of Location," Princeton University Computer Science Technical Reports, TR-667-03, 2003. Y. Watanabe, S. Takeuchi, F. Teraoka, K. Uehara and J. Murai, "The Geographical Location Information System with Privacy Protection," IPSJ Journal, Vol. 37, No. 6, 1996. J. Anzai, T. Matsumoto, "Interaction Key Generation Schemes," IEICE Trans. Fundamentals, Special Issue on Cryptography and Information Security, Vol. E87-A, No. 1, pp. 152-159, 2004.

  However, the conventional method for integrating the position management function and the key management function has the following problems. The conventional method is a method for realizing a specific combination of location management and key management, and since the integration function and integration method of location management and key management are not clear, the security of the combined portion is unknown. The overall picture centering on the security of the integrated function of location management and key management is not clear. Simply combining the two technologies is not necessarily safe. Incomplete integration of location management and key management can lead to attacks on Cryptographic Location Dependent Services (CLBS). For example, when a server performs key sharing with a terminal at a specific location, it may not be possible to detect an attack in which an attacker interrupts and shares a key with the server simply by sharing the key after verifying the location of the client.

  An object of the present invention is to solve the above-mentioned conventional problems, and in a location key management system that provides location-dependent services to a mobile terminal, it is possible to combine a plurality of location management and a plurality of key management flexibly and safely. It is to realize encrypted location dependent service (CLBS).

  In order to solve the above-described problems, the present invention includes a location key client that is a mobile terminal, a location key management unit that includes a location management unit and a key management unit, and integrates location management and key management. A location key client transmits a location key service request information to a location key server in a location key management system comprising a location key server that provides a location key client with a location key service. The location key server receives location key service request information from the location key client, and the location key management means performs one of location management processing and key management processing while confirming the identity of the location key client. The position key is generated depending on the other. Further, the location key server includes a policy judgment unit and a policy storage unit, and performs policy control by the policy judgment unit according to the request type in the location key service request information and the location key policy held in the policy storage unit. It was a method.

  By adopting the method as described above, in a location key management system that provides location-dependent services to mobile terminals, a secure encrypted location is obtained by combining a plurality of location management functions and a plurality of key management functions flexibly and safely. Dependent service (CLBS) can be realized. In other words, the output of one of the position management means and the key management means is used as the other input, and the coincidence of the clients is confirmed by both means, thereby enhancing the connectivity between the position management function and the key management function. Further, by performing execution control based on the position key policy, the position key is issued only when the condition is met, so that safety is improved.

  Hereinafter, the best mode for carrying out the present invention will be described in detail with reference to FIGS.

  An embodiment of the present invention is a location key server comprising location management means, key management means, and policy control means in response to a location key service request from a location key client. While confirming the identity of the client, based on the location key policy, the location management process and the key management are performed using the output of the key management means as the input of the location management means or the output of the location management means as the input of the key management means. This is a location key management system that generates location keys by making one of the processes dependent on the other, and provides location key services to location key clients.

  FIG. 1 is a conceptual diagram showing a configuration of a location key management system in an embodiment of the present invention. In FIG. 1, a location key server (S) is a device that has a location key function that integrates and processes location management and key management, and provides location key services to location key clients in accordance with the location key policy. The location key server includes a location-dependent key processing function (first location key management unit) that uses the output of the location management unit as an input to the key management unit, and a key-dependent location that uses the output of the key management unit as an input to the location management unit. One or both of processing functions (second position key management means) are provided. The location key server includes a policy determination unit and a policy storage unit, and performs policy control by the policy determination unit according to the request type in the location key service request information and the location key policy held in the policy storage unit. The means for executing the position key function is called position key means. The same applies to other functions. The location key client (C) is a device that requests the location key server to provide location key services. The location key service is any location information service using a location key.

  A location-dependent key processing function (LKF) is a function that executes key management processing depending on the output of the location management function. A key-dependent location processing function (KLF: Key operating then Location operating Function) is a function that executes location management processing depending on the output of the key management function. The position management function (position management means) fulfills either or both of a position verification function and a position verification function. The location management means inputs the client-dependent data, confirms the identity of the location key client, and outputs a location token. The input to the location management means is one or more of client identification information, temporary identification information, a management key, and a location token. The key management function (key management means) performs one or more of a key generation function, a key issue function, a key sharing function, a key invalidation function, a key distribution function, and a key access control function. The key management means inputs the client-dependent data, confirms the identity of the position key client, and outputs a management key. The client-dependent data depends on one or more of client identification information, position, and time.

  The location key policy is data describing conditions for executing the location dependent key processing function (LKF) and the key dependent location processing function (KLF). The position key policy is stored in the policy storage means. The location key policy has one or more items of a location key client attribute, a location key processing type, and a location key issuance condition. The location token (LT) is data obtained by digitizing location information obtained by the positioning means of the location key server. The location key is a key determined by a relative positional relationship with the location key client at a certain time and the client key. The location key server information (InfoS) is information about the location key server (random number, location, time, internal state, etc.). The random number (R) is a random number used as temporary identification information. The server secret key (SK) is a key that the location key server keeps secretly.

  The request type is a type such as a location key generation condition for requesting issuance. The request type includes a location management type, a key management type, a location token type, and a privacy type. The client secret key (CK) is a secret key unique to the mobile terminal or a pair of a secret key and a public key. The position key auxiliary function is a function that performs auxiliary processing necessary for requesting a position key. The position key client information (InfoC) is information (random number, position, time, etc.) regarding the position key client.

  FIG. 2 is a table showing an example of a location key policy (LKP) of the location key management system. FIG. 3 is a table showing the relationship between the location token, the location key server, and the positioning method. FIG. 4 is a conceptual diagram showing a configuration of a key-dependent position processing function (KLF) among the position key functions in the position key server. FIG. 5 is a conceptual diagram showing a configuration of a position-dependent key processing function (LKF) among the position key functions in the position key server. 4 and 5, the key management function (KMF) includes client-dependent data (DataCK), key management type (KMT), client identification information (CID), server identification information (SID), and position key client. It is a function that inputs information (InfoC) and location key server information (InfoS) and outputs a processing key (PK). The location management function (LMF) includes client-dependent data (DataCK), location management type (LMT), client identification information (CID), server identification information (SID), server secret key (SK), and location key. This is a function that inputs client information (InfoC), location key server information (InfoS), and location token type (LTT), and outputs a location token (LT).

  Policy Judgment Function (PJF) includes client privacy type (CPT), location key policy (LKP), location key server internal state (LKS), location key management type (LKT), and client identification. Input information (CID) and location key client information (InfoC), determine location key generation processing conditions, key management type (KMT), {client privacy type (CPT), location management type (LMT) , Position token type (LTT)}, or a function that outputs “Reject”. The continuity confirmation value (CCV: Context Connection Value) is a value (client identification information (CID), random number (R), processing key (PK), position token (LT)) for matching the context. The processing key (PK) is a secret key that is an output of a key management function with a client secret key as an input, or a pair of a secret key and a public key. The location key management type (LKT) is data indicating the type of location key management ((KMT || LMT) or (LMT || KMT)). The client privacy type (CPT) is data indicating the privacy type (anonymous (AM), hidden position (LH), hidden time (TH), “None”, or a combination thereof) of the position key client.

  FIG. 6 is a flowchart showing the operation procedure of the position key management system. FIG. 7 is a table showing combinations of key management and location management.

  The operation of the location key management system in the embodiment of the present invention configured as described above will be described. First, the entities of the location key management system will be described with reference to FIG. The entity of the location key management system is a location key client that requests location key services and a location key server that provides services using location key functions. Each may be one or more.

  A location key client is a mobile terminal that requests a location key service. The location key client transmits location key issue request information including client identification information to the location key server, and requests issue of a location key. The client identification information (CID) is unique identification information of the position key client. In this example, it is “i”. The location key client (Ci) whose identification information (ID) is “i” holds a unique client secret key (CKi). When the identification information is not a problem, it is simply referred to as a position key client (C). In some cases, the location information, time information, and random number of the location key client itself can be acquired. The client information (InfoC) is information (random number, position, time, etc.) regarding the position key client. The client-dependent data (DataCK) is data that depends on the client secret key (CK) (and client information). The location key client is a mobile phone or a notebook PC.

  The location key server is a server that provides a location key service to location key clients. The location key server receives location key service request information from the location key client, makes the location key management means check the identity of the location key client, and makes one of the location management processing and the key management processing depend on the other. Generate a location key. As means for performing the position key management function, a key-dependent position processing function (KLF) and a position-dependent key processing function (LKF) are provided. These functions are controlled according to the position key policy. The location key server switches to any one of the location dependent key processing function (first location key management means) and the key dependent location processing function (second location key management means) according to the location key request information. If the location management means and the key management means have multiple functions, switch to one of them and perform key management depending on location management or location management depending on key management To generate a position key. Server identification information (SID) is unique identification information of the location key server. In this example, it is “j”. The location key server (Sj) whose identification information (ID) is “j” may have a server secret key (SKj), its own location information, a random number, and time information. Server information (InfoS) is information (random number, position, time, internal state, etc.) related to the location key server. When the identification information is not a problem, it is simply referred to as a location key server (S).

The type of location key server will be described.
(1) A station is fixed at a specific location such as a mobile phone, a PHS base station, or a public wireless LAN access point (including a PC connected to it), and has a relatively high computing capacity. Device. Assume that it is reliable by itself.
(2) A mobile is a mobile object such as a notebook PC, PDA, or mobile phone, and is a device having a medium computing ability. A single unit is not necessarily reliable.
(3) A sensor is a device that is arranged at a specific position, such as a sensor node in a sensor network or an active IC tag in RFID, has a low calculation capability, and can be actively operated. It is assumed that it cannot be trusted by itself.
(4) A tag (Tag) is a device that is disposed at a specific position, such as an RFID passive IC tag, has almost no calculation capability, and performs a passive operation. It is assumed that it cannot be trusted by itself. When worn, it is the same as the sensor.

A method for measuring the position of the position key client or a method for acquiring information about the position is called a positioning method, and the following is assumed.
(1) The report type is a method in which the position key client self-reports its position to the position key server, and there are many systems (such as GPS) that assist the positioning of the position key client.
(2) Inference type is a method in which the verifier infers the position of the position key client from the evidence. The location key server and location key client may interact during verification. This is a method mainly using RFID, and the position is estimated from evidence (RFID identification information).
(3) Direct type is a method in which the location key server directly verifies the location of the location key client. One way in which the location key server unilaterally validates the location key client, as in the method using the communication delay, as in the method using the communication delay, and the method in which the location key server and the location key server are interactive. Can be classified into formulas. There may be a single location key server or a plurality of location key servers.

  Second, location management will be described. Location management is a general term for location verification and location certification. The location verification is that the verifier directly verifies the position of the moving body. The position verification result is position information. However, when the position verification result is provided to another entity, the position verification result is converted into a position token. The location certification is to prove the location information of the moving body to a third party, and the third party verifies the location information. The position information of the mobile body is provided to a third party as a position token. The execution of each function related to location management is called location operation. The location management type (LMT) is data indicating the type of location management (verification, certification, “None”).

Locations handled in location management are the following four types.
(1) Distance is a relative distance between the moving object and another entity.
(2) The range is a range where the moving object exists.
(3) A position is a point where a moving body exists.
(4) A route (Route) is a route along which the moving body has moved.

Third, key management will be described. Key management targets the following keys.
(1) The client secret key (CK) is a secret key unique to the mobile terminal or a pair of a secret key and a public key, and the secret key is securely stored in the mobile terminal. The client secret key (CK) is a key that the location key client holds secretly.
(2) The processing key (PK) is a secret key or a secret key / public key pair output by the key management function with the client secret key (CK) as an input.

  The server secret key (SK) is a key that the location key server keeps secretly. The location key (LK) is a key that certifies the location issued by the location server. The key management type (KMT) is data indicating a type of key management (issue, generation, sharing, delivery, invalidation, control, “None”).

Key management is a general term for the following functions, and execution of the functions is called key operation. The input is a client key and the output is a management key.
(1) Key issuing is a key issuing function including a public key certificate.
(2) Key sharing is a key sharing function by a plurality of entities. Includes key exchange.
(3) Key distribution is a function for distributing keys to specific entities.
(4) Key generation is a key generation function by a single or a plurality of entities.
(5) Key revocation is a key revocation function. All processes that make a specific key unavailable. As a result, key sharing and key generation that make a specific key unusable are included.
(6) Key access control is a key access restriction function.

  The position key is an output of the position key function, and is a generic name of the next key determined by the relative positional relationship with the position key client at a certain time and the client key. The management key that is the output of the position-dependent key processing function (LKF) and the position token that is the output of the key-dependent position processing function (KLF) are the target keys. The location key server includes a location dependent key processing function (LKF) and a key dependent location processing function (KLF), and provides a service using the location key management function to the location key client according to the location key policy.

  The location key policy is data describing conditions for executing the location dependent key processing function (LKF) and the key dependent location processing function (KLF). The internal state (LKS) is an internal state (for example, current position, balance, presence / absence of a specific key, etc.) of the position key server necessary for determining the position key policy (LKP). FIG. 2 shows an example of the position key policy (LKP). The position key policy (LKP) is composed of a plurality of records (Record), and the record includes three items (Item). The item (Item) means that the attribute (Attribute) is the client or its attribute, the action (Action) means the processing permitted to the client, and the condition (Condition) means a condition necessary for permission. .

  Fourth, the position token will be described. The position token (LT) is data obtained by digitizing the position information of the position key client obtained by the positioning function of the position key server in various formats. The location key token includes at least location key client identification information and location key client location information (if the location key server is fixed at a specific location, the server identification information (SID) also identifies the location key client location. And includes at least one of the time information when the position key function is executed. The location token type (LTT) is data indicating the type of location token (location certificate (LC), location evidence (LE), location reference (LR), “None”)). A location token (LT) is issued including a location key, or issued in pairs with a specific location key. A position token model consisting of multiple position token providers with different positioning functions, a prover who proves his position using the provided position token, and a verifier who verifies the position of the prover using the position token. Is assumed. As a conventional example similar to this, a position token model in a narrow sense based on a single positioning function is disclosed in Non-Patent Document 15.

The following types of location tokens are defined according to the current location key server and positioning technology.
(1) Location key certificate (LC) is location key client (Ci) location information (Li), processing time (Ti), and issuance destination location key client (Ci) identification information. Is a message that is digitally signed by a reliable location key server (Sj) with respect to “j” that is the identification information of the issuer location key server (Sj). It can be said that location information is added to the public key certificate, and the location key is used instead of the public key. Further, it can be considered that position information is added to the time stamp for the key (Non-Patent Document 8). As the position key server (Sj), a station or a mobile is assumed, and a direct type is assumed as a positioning method.

(2) Location Key Evidence (LE) is information about the location acquired by the location key client (Ci) from the location key server (Sj), and is a message authentication code (MAC: Message Authentication Code, hereinafter referred to as MAC). If written, it is assumed that a secure MAC function is used). A sensor is assumed as the position key server (Sj), and a guess type is assumed as the positioning method. The position evidence is the identification information of the sensor or the position information (Li) of the position key client (Ci). The processing time (Ti), “i” that is the identification information of the location key client (Ci) that is the issue destination, “j” that is the identification information of the location key server (Sj) that is the issue source, and the location key May include.

(3) Provisional Location Key Evidence (PLE: Provisional Location Key Evidence) is information regarding the location acquired by the location key client (Ci) from the location key server (Sj). A tag is assumed as the position key server (Sj), a speculation type is assumed as the positioning method, and the temporary position evidence becomes identification information of the tag.

(4) The location reference (LR) is location information calculated by the location key client (Ci) using an auxiliary entity other than the location key server (Sj). Assume a GPS satellite as an auxiliary entity. Corresponds to the report type as a positioning function. The location key (Sj) is not issued by the location key server (Sj), but may be issued as a location token of another format when received from the location key client (Ci).

  FIG. 3 shows the relationship between the location token, the location key server, and the positioning method. The hyphen (-) in the table is a system that does not exist at the present time. When such a system appears, it can be used by newly defining a corresponding position token. In addition, the station, the mobile, and the sensor can receive the location reference (LR) and convert it into a location key certificate (LC) or location key evidence (LE).

  The location key server may give a location token to the location key client as the output of the location key function. Since the location token has a different verification method depending on the type, the location key client may request the location key server in advance for the location token type that can be verified by itself or a third party who intends to provide the location token. it can. In addition, the reliability of the location token differs depending on the type and the domain of the issued location key server. A domain is a category to which a certificate issuer belongs. In the non-patent document 11, there are a trusted domain (trusted domain {operator, manufacture, trusted third party}) and an untrusted domain (untrusted domain), which are given different authorities. A domain gives a high authority in the order of Tag, Sensor, Mobile, and Station. The concept of domain is also applied to MAC.

  Since position tokens issued by tags and sensors cannot be trusted alone, a plurality of position tokens may be determined comprehensively. However, if the location token is issued based on the location reference provided by the location key client, the location key server must include this in the location token. This is because there is a high possibility that the location information is not reliable even if the domain is reliable. The location key client can receive a location dependent service (LBS) by providing the location token provided from the location key server to a third party or another location key server.

  Fifth, a function used for the location key server will be described. The location key server includes a location dependent key processing function (LKF) and a key dependent location processing function (KLF) as location key functions. The position dependent key processing function (LKF) is an integrated position key function that inputs the output of the position management function to the key management function. The output of the position dependent key processing function (LKF) is a position key. The key-dependent position processing function (KLF) is an integrated position key function that inputs the output of the key management function to the position management function. The output of the key-dependent position processing function (KLF) is a pair of a position key and a position token. The position key function receives client identification information (CID), temporary identification information (random number), and continuity confirmation value (CCV), and inputs one of the position management function and key management function to the other By doing so, the position management function and the key management function are securely combined. Further, since execution is controlled based on the request of the location key client and the location key policy, a secure encrypted location dependent service (CLBS) is realized.

  The key-dependent position processing function (KLF) includes a key management function (KMF), a position management function (LMF), and a policy determination function (PJF), and is a function that manages a position key according to the position key policy. Client-dependent data (DataCK), location key policy (LKP), location key server internal status (LKS), location key management type (LKT), location token type (LTT), and server identification information (SID) The server secret key (SK), client information (InfoC), and server information (InfoS) are input, and a set of {location key (LK), location token (LT)} is output, or “reject ( Reject) ".

  When location token type (LTT) = location certificate (LC), it is assumed that the location token (LT) includes a location key (LK). Location key server internal status (LKS), location key management type (LKT), location token type (LTT), server identification information (SID), server secret key (SK), client information (InfoC), The server information (InfoS) may or may not be used depending on the location key management type (LKT) or the location key policy (LKP).

  The position-dependent key processing function (LKF) is composed of a position management function (LMF), a key management function (KMF), and a policy determination function (PJF), and is a function that manages a position key according to the position key policy. Client-dependent data (DataCK), location key policy (LKP), location key server internal status (LKS), location key management type (LKT), server identification information (SID), server secret key (SK) Then, the client information (InfoC) and the server information (InfoS) are input, and the position key (LK) is output or “Reject” is output. The internal state of the location key server (LKS), location key management type (LKT), server identification information (SID), server secret key (SK), client information (InfoC), and server information (InfoS) are: Depending on the location key management type (LKT) or location key policy (LKP), it may or may not be used.

  The location management function (LMF) includes client-dependent data (DataCK), location management type (LMT), client identification information (CID), server identification information (SID), server secret key (SK), and client information. (InfoC), server information (InfoS), and a position token type (LTT), and a function that outputs a position token (LT). Client identification information (CID), server identification information (SID), server secret key (SK), client information (InfoC), and server information (InfoS) are used depending on the location management type (LMT) It may not be used. If the position token type (LTT) is “None”, the default position token (LT) is output. When a key management method for performing client authentication is used, client identification information (CID) is output in addition to the location token (LT). When the client information (InfoC) and the server information (InfoS) include a random number, the random number (R) is output.

  The key management function (KMF) includes client-dependent data (DataCK), key management type (KMT), client identification information (CID), server identification information (SID), server secret key (SK), and client information. It is a function that inputs (InfoC) and server information (InfoS) and outputs a processing key (PK). Client identification information (CID), server identification information (SID), server secret key (SK), client information (InfoC), and server information (InfoS) are used depending on the key management type (KMT) It may not be used. When using a key management method for client authentication, client identification information is output in addition to the processing key (PK). When the client information (InfoC) and the server information (InfoS) include a random number, the random number (R) is output.

  The policy determination function (PJF) includes client privacy type (CPT), location key policy (LKP), location key server internal state (LKS), location key management type (LKT), and client identification information (CID). And the location key client information (InfoC) is input, the processing conditions for generating the location key are determined, the key management type (KMT), {client privacy type (CPT), location management type (LMT), location token type (LTT)} or a function that outputs “Reject”. That is, the policy determination means (policy determination function) performs policy control according to the request type in the position key issue request information and the position key policy held in the policy storage means. Location key server internal status (LKS), location key management type (LKT), client identification information (CID), and client information (InfoC) are used or not used depending on the location key policy (LKP) There is.

  The operation of the key-dependent position processing function (KLF) will be described with reference to FIG. The key-dependent location processing function (KLF) uses the output of the key management function (KMF) as the input of the location management function (LMF) and the output of the policy decision function (PJF) as the key management function (KMF) and location management. It consists of control paths that are input to each function (LMF). In the management path, the key management function (KMF) requested by the key management type (KMT) includes client identification information (CID), server secret key (SK), server information (InfoS), server identification information, client information (InfoC ) As an input, a question-response key management process is executed with the position key client, and a processing key (PK) is output. Further, when the key management function (KMF) executes authentication by client identification information or client identification by temporary identification information, client identification information and random number (R) are output as continuity confirmation values (CCV), respectively. When the client identification information or the random number (R) is not output, the processing key (PK) becomes the continuity confirmation value (CCV).

  Next, the location management function (LMF) requested by the location management type (LMT) depends on the continuity confirmation value (CCV) with the location key client using the output of the key management function (KMF) as input. Execute the location management process of the question-response type, and the {location key (LK), location token (LT)} requested by the client privacy type (CPT) and location token type (LTT) Output a set. Here, depending on the continuity confirmation value (CCV) means confirming that the client has confidential information corresponding to the continuity confirmation value (CCV) or continuity confirmation value (CCV). To do. In the control path, the policy decision function (PJF) controls the execution of the key management function (KMF) from the location key policy (LKP), the location key server internal state (LKS), and the location key client request (Request). In addition, execution control of the location management function (LMF) is performed from the output of the key management function (KMF), the location key policy (LKP), the internal state (LKS) of the location key server, and the request of the location key client (Request). If the policy determination function (PJF) outputs “reject” (Reject), the processing is stopped at that time, and the output of the key-dependent position processing function (KLF) becomes “Reject”.

  The operation of the position dependent key processing function (LKF) will be described with reference to FIG. The position-dependent key processing function (LKF) is a management path that uses the output of the position management function (LMF) as the input of the key management function (KMF), and the output of the policy determination function (PJF) It consists of control paths that are input to each management function (LMF). In the management path, the location management function (LMF) requested by the location management type (LMT) receives the server secret key (SK), server information (InfoS), server identification information, and client information (InfoC) as input, Client and Challenge-Response type location management processing is executed. Further, when the location management function (LMF) executes authentication by client identification information or client identification by temporary identification information, client identification information and random number (R) are output as continuity confirmation values (CCV), respectively. . When the client identification information or the random number (R) is not output, the position token (LT) becomes the continuity confirmation value (CCV). Next, the key management function (KMF) requested by the key management type (KMT) receives the output of the position management function (LMF) as an input, and the question (Challenge) -response (depending on the continuity confirmation value (CCV)) Response type key management processing is executed with the location key client, and a location key (LK) or “Reject” is output. In the control path, only the order of the key-dependent position processing function (KLF), the key management function (KMF), and the position management function (LMF) is different.

Sixth, the flow of the position key issuing process will be described with reference to FIG.
(1) The location key client (Ci) is a request message consisting of (CID || KMT || LMT || InfoC || CPT || LTT) or (CID || LMT || KMT || InfoC). Is transmitted to the location key server (Sj).

(2) The location key server (Sj) selects a location key function (key-dependent location processing function (KLF) or location-dependent key processing function (LKF)) according to the location key management type (LKT), and the location key function A request message, a location key policy (LKP), an internal state of the location key server (LKS), and server information (InfoS) are input. As a result, the position key function is executed, and a predetermined protocol is executed between the position key server (Sj) and the position key client (Ci). That is, the position key function executes a question-response type key management process depending on the continuity confirmation value (CCV) with the position key client.

(3) If the location key management type is (LKT = KMT || LMT), the location key server (Sj) sets a {location key (LK), location token (LT)} pair or “Reject” Obtained by a key function. If the location key management type is (LKT = LMT || KMT), the location key (LK) or “Reject” is obtained by the location key function. The content selected according to the location key policy (LKP) and the internal state (LKS) of the location key server is transmitted as a location key message (LK message) to the location key client (Ci). When key sharing or the like is selected as the key management type (KMT), as a result, the location key client (Ci) may obtain a processing key (PK).

(4) If the location key management type is (LKT = KMT || LMT), the location key client (Ci) sets {Reject key (LK), location token (LT)} or “Reject” Received as a location key message (LK message). If the key management type is (KT = LMT || KMT), a location key (LK) or “Reject” is received as a location key message (LK message).

Seventh, a combination of key management and position management for each of the position-dependent key processing function (LKF) and the key-dependent position processing function (KLF) will be described with reference to FIG. Examples of some combinations of location key management types (LKT) are given below.
(1) The LKF type # 2 is a method of verifying that the position is a specific position and sharing the secret information with the node if it is correct (Non-Patent Document 4).
(2) KLF type # 3 is a group key generation method. By this method, a group member can issue a certificate regarding the location and time with a third party sharing the group key (Non-patent Document 17).
(3) LKF type # 4 is a method for verifying the position and delivering the decryption key within a certain distance (Non-patent Document 6).
(4) The LKF type # 5 is a content service method that verifies a position and invalidates a key after a certain distance and cannot be decrypted.
(5) The LKF type # 7 is a method for verifying the position and proving that it exists at the position (Non-patent Document 15).
(6) LKF type # 6 is a method for realizing a digital signature key that can only be used in the president's office.
(7) KLF type # 9 is a method in which all meeting participants generate a key and issue a location certificate to the key.
(8) KLF type # 12 is a method in which the door is opened after verifying the position where the key has been revoked. Although some examples have been shown above, other combinations can be used for various location dependent services (LBS).

Eighth, the requirements to be satisfied by the position key system will be described.
(1) Availability is that an authorized location key client can use the location key function of the location key server.
(2) Universality is a design that can be easily applied to a plurality of existing systems. In reality, there are various types of servers, positioning methods, key management methods, and location management methods, so it is necessary to have a general-purpose design that does not specialize in one form.
(3) Associativity is that the key management function and the location management function are securely combined, and it is difficult for an attacker to control and modify the output of the location key function of the location key server.
(4) Privacy protection means that the information requested by the location key client to be concealed (client identification information, information about the location of the client, the time when the location key function was executed, or a combination thereof) It is not leaked from the location token issued by the server. However, the case where the combination of the position key function type requested by the client and the information to be kept inconsistent is excluded. Also, concealing location key client identification information is anonymous (AM: Anonymity), concealing location key client location information is location hiding (LH: Location hiding), and location key function execution time. Concealment is referred to as time hiding (TH).

It will be explained that the position key system satisfies the above four requirements.
(1) There is availability. Since the location key server has a location key function and the location key function is controlled by the location key policy, only authorized location key clients can use the location key function. However, the function for authenticating the location key client is assumed to be included in the key management function (KMF) or the location management function (LMF).
(2) Versatile. As shown in FIG. 3, by preparing four types of location tokens corresponding to combinations of four types of location servers and three types of positioning methods, and by requesting a location token type from the location key client to the location key server It is possible to cope with various actual systems. In addition, since the key management function and the location management function are handled as modules, the existing system can be used as it is.

(3) There is a binding property. As shown in FIG. 1, in order to enhance the connectivity between the key management function (KMF) and the position management function (LMF), the position-dependent key processing function (LKF) is the key management function (KMF) (or the position management function ( Output of LMF)) can be used as input of position management function (LMF) (or key management function (KMF)). The key management function (KMF) and location management function (LMF) use a continuity check value (CCV) to prevent the client authenticated by one management function from differing from the client authenticated by the other management function. The same location key client can be authenticated.

  The continuity confirmation value (CCV) (client identification information (CID), random number (R), processing key (PK), location token (LT)) is sent to the location key client targeted by each management function as follows: Dependent. Since the client identification information (CID) is uniquely determined identification information, the location key server can identify the location key client. Since the random number (R) is temporary identification information given to the location key client by the location key server for the location-dependent service (LBS), the location key server is not limited to the location key client having the random number (R). Location key clients can be distinguished but not identified. Since the location key server does not always specify a location key client for key management, the location key server can distinguish a location key client having a processing key (PK) from other location key clients. Is not limited. Since the location key server does not always identify a location key client for location management, the location key server can distinguish, but can identify, location key clients with location tokens (LT) from other location key clients. Not necessarily.

  Therefore, even if the location key client requests anonymity, or if the method supported by each management function cannot use temporary identification information, the location key server uses the same location key client as the continuity confirmation value (CCV). Can be used for authentication. This is because the continuity confirmation value (CCV) supports a random number (R), a processing key (PK), and a position token (LT). The safety of the continuity confirmation value (CCV) depends on the safety of each management function. In addition, the input of the position key function is limited to only a request and a response. The policy decision function (PJF) can directly verify the request. On the other hand, the key management function (KMF) and the location management function (LMF) verify the response (Response), and the policy determination function (PJF) verifies the feedback result. That is, the policy determination function (PJF) can indirectly verify the response (Response). The policy decision function (PJF) can also stop the execution of the position key function if the feedback of each management function indicates that the same client has not been authenticated. Therefore, the policy determination function (PJF) can verify the management path between the management functions. As a result, the position key function can satisfy the connectivity safely by the continuity confirmation value (CCV), the structure in which the output of one management function is the input of the other management function, and policy-based access control. .

(4) Privacy can be protected. The location key client can request the location key server for anonymous / hidden location / hidden time or a combination thereof according to the client privacy type (CPT) in the request (Request). Since the location key server generates a location token excluding the part corresponding to the client privacy type (CPT), the privacy protection condition is satisfied.

Ninth, the security of the position key system will be described. The prerequisites for the security of the position key system are as follows.
(1) The position key server is assumed to be secure in the order of a tag, a sensor, a mobile, and a station, and only the station can be trusted alone.
(2) The location key client shall securely store the client secret key (CK).
(3) The location key server securely stores the server secret key (SK).
(4) Since the key management method and the location management method are assumed to be existing methods, their security depends on each method. Individual formulas are treated as safe.

Attackers and attacks are as follows:
(1) The attacker is a location key client or a third party.
(2) There is a possibility that a third party and the position key client collide for an attack.
(3) When a plurality of position key clients or position key servers are assumed at the time of positioning, at least one client and one server do not act illegally.
(4) The communication path between the location key client and the location key server is not secure.
(5) The purpose of the attack is to illegally use the location key function of the location key server and to modify the output of the location key function.
(6) The attacker obtains secret information by direct and indirect analysis with respect to the position key server, and performs message wiretapping / tampering / forgery.

  In order to build an encrypted location-dependent service (Secure CLBS) that is secure against the above-mentioned attacks under the preconditions described above, confirm that the key management and location management target entities match, Added dependency on management and location management so that execution control conditions for key management and location management can be specified. Specific means for realizing these three points are the entity matching confirmation by continuity confirmation value (CCV), the structure using the output of the management function as the input of the other management function, the location key policy and the policy. The execution control method of both management functions by decision function was adopted. As a result, the position key function is safe against external attacks. When the position key server is a station, the position key function can be trusted, so that when the position key server is a station, the above attack can be prevented. When the location key server is mobile, sensor, or tag, the security is equal to the security based on the reliability of the location key server.

  As described above, in the embodiment of the present invention, the location key management system is a location key server including location management means, key management means, and policy control means in response to a location key service request from a location key client. While checking the identity of the location key client in the location management process and the key management processing, based on the location key policy, the output of the key management unit is used as the input of the location management unit, or the output of the location management unit is managed as a key As the input of the means, the position key is generated by making one of the position management process and the key management process dependent on the other, and the position key is provided to the position key client. Therefore, a secure encrypted position dependent service can be realized. .

  The location key management system of the present invention is a system for location-dependent services (LBS) such as information distribution to a specific location, pedestrian navigation, mobile node tracking, ticket gate system, etc. It is optimal as a system for encrypted location-dependent services (CLBS) that realizes confidential documents that can be viewed (decrypted) and presidential seals (digital signature keys) that can be used only in the president's office.

It is a conceptual diagram which shows the structure of the position key management system in the Example of this invention. It is a table | surface which shows the example of the position key policy of the position key management system in the Example of this invention. It is a table | surface which shows the relationship between the position token of the position key management system in the Example of this invention, a position key server, and a positioning system. It is a conceptual diagram which shows the structure of the key dependence position processing function in the position key function in the position key server of the position key management system in the Example of this invention. It is a conceptual diagram which shows the structure of the position dependence key processing function in the position key function in the position key server of the position key management system in the Example of this invention. It is a flowchart which shows the operation | movement procedure of the position key management system in the Example of this invention. It is a table | surface which shows the combination of the key management and position management of the position key management system in the Example of this invention.

Explanation of symbols

S location key server
InfoS server information
SK server private key
Internal state of LKS location key server C Location key client
InfoC client information
CK client private key
KLF key-dependent position processing function
LKF position-dependent key processing function
LMF position management function
LKT location key management type
LMT location management type
KMF key management functions
KMT key management type
PK processing key
LK position key
CCV continuity confirmation value
LC location certificate
LE position evidence
LR position reference
LT position token
LTT position token type
LKP location key policy
PJF policy decision function

Claims (16)

A location key client that is a mobile terminal, and a location key management unit that has location management means and key management means and that integrates location management and key management, and provides a service using the location key to the location key client A location and key management method in a location key management system comprising a key server, wherein the location key client sends location key service request information to the location key server to request provision of location key service, and The key server receives the location key service request information from the location key client, and depends on one of the location management processing and the key management processing while checking the identity of the location key client by the location key management means. And a location key is generated. 2. The location and key management method according to claim 1, wherein the location management means fulfills one or both of a location verification function and a location verification function. 2. The key management unit performs one or more of a key generation function, a key issue function, a key sharing function, a key revocation function, a key distribution function, and a key access control function. Description location and key management method. 2. The location and key management method according to claim 1, wherein the location management means inputs client-dependent data, confirms the identity of the location key client, and outputs a location token. 2. The location and key management method according to claim 1, wherein the key management means inputs client-dependent data, confirms the identity of the location key client, and outputs a management key. 6. The location and key management method according to claim 5, wherein the input to the location management means is one or more of client identification information, temporary identification information, a management key, and a location token. 6. The location and key management method according to claim 4, wherein the client-dependent data depends on one or more of client identification information, location, and time. The location key server includes a policy determination unit and a policy storage unit, and policy control is performed by the policy determination unit according to the request type in the location key service request information and the location key policy held in the policy storage unit. The position and key management method according to claim 1, wherein: 9. The location and key management method according to claim 8, wherein the location key policy has one or more items of a location key client attribute, a location key processing type, and a location key issuance condition. . The location key server includes a first location key management unit that uses the output of the location management unit as an input to the key management unit, and a second location key that uses the output of the key management unit as an input to the location management unit. The position according to claim 1, comprising at least one of management means and performing key management depending on position management or performing position management depending on key management to generate a position key. Key management method. 11. The location and key management method according to claim 10, wherein the first location key management means inputs client-dependent data, confirms the identity of the location key client, and outputs a location key. 11. The location and key management method according to claim 10, wherein the second location key management means inputs client-dependent data, confirms the identity of the location key client, and outputs a location token and a location key. . One or more of a random number, a server key, server identification information, a server location, and a time are stored in the first location key management unit, the second location key management unit, the location management unit, and the key management unit. The position and key management method according to any one of claims 10 to 12, wherein any one or a plurality of inputs is used. The location key server includes a first location key management unit that uses the output of the location management unit as an input to the key management unit, and a second location key that uses the output of the key management unit as an input to the location management unit. Management means, and the location key server switches to one of the first location key management means and the second location key management means according to the location key request information, and the location management means When the key management means has a plurality of functions, depending on whether the key management is performed depending on the position management or the position management depending on the key management by switching to any one of the functions, The position and key management method according to claim 1, wherein the position key is generated. The location key server includes a first location key management unit that uses the output of the location management unit as an input to the key management unit, and a second location key that uses the output of the key management unit as an input to the location management unit. A management unit, a policy control unit, and a policy storage unit, and performs policy control by the policy determination unit according to the request type in the location key request information and the location key policy held in the policy storage unit, When the key management is performed depending on the location management or the location management is performed depending on the key management, the location key is generated, and when the policy determination unit outputs “reject”, the location management unit 2. The location and key management method according to claim 1, wherein any one or more of the key management unit, the first location key management unit, and the second location key management unit are stopped. 16. The policy control unit determines an authentication result based on information fed back from the location management unit or the key management unit, and outputs “rejection” when authentication is unsuccessful. Location and key management method.

Images