JP2019133555A - Communication system, terminal device, and program - Google Patents

Abstract

To make it difficult to use reverse engineering even if a terminal device is in the hands of a third party when a communication service is provided for members by using an authentication technique.SOLUTION: A terminal device includes: a communication unit that receives a communication request transmitted by a biometric authentication device; a display processing unit that starts an application to access a closed network on the basis of the communication request received by the communication unit; and a creation unit that creates a service request which is information to request for connection to the closed network from a management server connected to the closed network. The communication unit transmits the service request created by the connection request processing unit to the management server.SELECTED DRAWING: Figure 2

Description

  Embodiments described herein relate generally to a communication system, a terminal device, and a program.

  Economic losses due to cyber attacks are increasing. For example, fictional billing and account hijacking techniques have become more sophisticated and problematic year by year. In addition, the damage caused by ransomware viruses called ransomware is spreading worldwide. This ransom virus is a kidnapping and threatening malware that uses data as a hostage and requests ransom.

Regarding cyber attacks, a technique for analyzing a log along an attack scenario and detecting a cyber attack is known (for example, see Patent Document 1).
According to this technology, an attack scenario that defines a log database that stores a log of a computer system provided with a detection device that detects an attack, a plurality of attacks targeting the computer system, and a sequence of the plurality of attacks. Among the attack scenario database to be memorized and the attacks defined in the attack scenario database stored in the attack scenario database, the detection device has not yet detected the attack, and the order defined in the attack scenario is determined by the detection device. A related attack extractor that extracts an attack prior to at least one attack that has already been detected, and a log stored in the log database is analyzed, and the computer system is subjected to an attack extracted by the related attack extractor. If an attack was detected, and if it was determined that it was received, an attack detection failure occurred. And a attack determination unit determines to.

Japanese Patent Laying-Open No. 2015-121968

It is difficult to take quick and effective security measures against new cyber attacks that evolve every day.
Therefore, it is considered to provide a membership-based communication service using a closed network that is physically separated from the Internet. By using authentication technology, this communication service eliminates the connection of non-members to the closed network.
However, if the terminal device connected to the closed network is lost or stolen when the user goes out, the authentication technology may be reverse engineered when the terminal device is in the hands of a third party. If the authentication technology is reverse engineered, it may become possible to access a membership-based communication service even if the authentication technology is not a member.
The present invention has been made in view of the above points, and its purpose is to provide a communication service to a member using an authentication technology, even when the terminal device is in the hands of a third party. It is to provide a communication system, a terminal device, and a program that can be hardly reverse-engineered.

One aspect of the present invention is a communication system including a biometric authentication device, a terminal device, and a management server, wherein the biometric authentication device stores information in which user identification information and user biometric information are associated with each other. An authentication device storage unit, a reading unit that reads biometric information, a collation unit that collates the biometric information read by the reading unit, and the biometric information stored in the biometric authentication device storage unit, and the collation unit A communication request creation unit that creates a communication request including the user identification information stored in association with the biometric information stored in the biometric authentication device storage unit when the verification by the authentication is successful, and the communication request creation And a biometric authentication device communication unit that transmits the communication request created by the unit to the terminal device, and the terminal device communicates with the terminal device that receives the communication request transmitted by the biometric authentication device. Based on the communication request received by the terminal device communication unit, to a display processing unit that activates an application connected to the closed network, to the management server connected to the closed network, to the closed network A creation unit that creates a service request that is information for requesting connection, the terminal device communication unit transmits the service request created by the creation unit to the management server, and the management server sends the terminal The management server communication unit that receives the service request transmitted by the apparatus, the management server verification unit that verifies the service request received by the management server communication unit, and the verification of the service request by the management server verification unit is successful. In this case, the communication system includes a communication processing unit that performs connection processing between the terminal device and the closed network.
In the communication system according to an aspect of the present invention, the biometric authentication device storage unit further stores a license key of the application, and the communication request creation unit is configured to perform the biometric authentication when the verification by the verification unit is successful. The communication request further including the license key stored in a device storage unit is created, and the display processing unit is based on the license key included in the communication request received by the terminal device communication unit. Launch the app.
In the communication system according to an aspect of the present invention, the biometric authentication device storage unit includes a user private key paired with a user public key, and a user public key certificate of the user public key created using the user private key. And the creation unit creates a service request including the user public key certificate, and the management server verification unit includes the user public key included in the service request received by the management server communication unit. The service request is verified based on the certificate, and the communication processing unit performs a connection process between the terminal device and the closed network when the verification by the management server verification unit is successful.
In the communication system according to an aspect of the present invention, the terminal device includes a terminal private key paired with a terminal public key, and a terminal public key certificate of the terminal public key created using the terminal private key. A terminal storage unit for storing, the creation unit creates a connection request including the terminal public key certificate, the management server verification unit, based on the terminal public key certificate included in the connection request, The connection request is verified, and the communication processing unit performs connection processing between the terminal device and the management server when the connection request is successfully verified by the management server.
In the communication system according to one aspect of the present invention, the display processing unit terminates the application when communication via the closed network is terminated.
One aspect of the present invention is a communication unit that receives a communication request transmitted by a biometric authentication device, a display processing unit that activates an application that accesses a closed network based on the communication request received by the communication unit, A creation unit that creates a service request that is information requesting connection to the closed network to a management server connected to the closed network, and the communication unit creates the service request created by the connection request creation unit Is transmitted to the management server.
According to one aspect of the present invention, a step of starting an application for accessing a closed network based on a communication request transmitted from a biometric authentication device to a computer of a terminal device, and a management server connected to the closed network, A program for executing a step of creating a service request, which is information for requesting connection to a closed network, and a step of transmitting the created service request to the management server.

  According to the embodiment of the present invention, when providing a communication service to a member using an authentication technique, even if the terminal device is in the hands of a third party, it is difficult to reverse engineer the communication system and the terminal device. And can provide programs.

It is a figure which shows an example of the communication system of this embodiment. It is a figure for demonstrating the biometrics apparatus, terminal device, and management server which comprise the communication system of 1st Embodiment. It is a sequence chart which shows an example (the 1) of operation | movement of the communication system of 1st Embodiment. It is a sequence chart which shows an example (the 2) of operation | movement of the communication system of 1st Embodiment. It is a figure for demonstrating the biometrics apparatus, terminal device, and management server which comprise the communication system of 2nd Embodiment.

Next, a communication system, a terminal device, and a program according to the present embodiment will be described with reference to the drawings. Embodiment described below is only an example and embodiment to which this invention is applied is not restricted to the following embodiment.
Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiments, and the repetitive description will be omitted.
Further, “based on XX” in the present application means “based on at least XX”, and includes a case based on another element in addition to XX. Further, “based on XX” is not limited to the case where XX is directly used, but also includes the case where it is based on an operation or processing performed on XX. “XX” is an arbitrary element (for example, arbitrary information).

(First embodiment)
(Communications system)
FIG. 1 is a diagram illustrating an example of a communication system according to the present embodiment.
The communication system of this embodiment provides a communication service to members using a closed network. By receiving a communication service, a member can communicate with other devices via a closed network, access a cloud server connected to the closed network, and obtain data stored in the accessed cloud server. .
The communication system 10 includes a biometric authentication device 100, a terminal device 200, a management server 300, a cloud server 400, and an authentication server 500.
The biometric authentication device 100 and the terminal device 200 are connected by short-range wireless communication. Here, examples of short-range wireless communication include Bluetooth (Bluetooth is a registered trademark), RFID (Radio Frequency Identification), and the like. In the present embodiment, a description will be continued regarding a case where Bluetooth is applied as an example of short-range wireless communication. In this case, pairing is performed between the biometric authentication device 100 and the terminal device 200 prior to communication.
The terminal device 200, the management server 300, the cloud server 400, and the authentication server 500 are connected via the closed network 50. The closed network 50 is a network physically separated from the Internet.

The biometric authentication device 100 performs biometric authentication of the user. An example of the biometric authentication device 100 is a biometric fingerprint authentication card. In the present embodiment, as an example of the biometric authentication device 100, the case where the biometric authentication device 100 is a fingerprint authentication card will be described. In this case, the fingerprint authentication card stores biometric information such as fingerprint feature quantities.
First, membership registration of a user who uses the communication service is performed. In member registration, the following processing is performed.
A member number (hereinafter referred to as “user ID yid”) is associated with a user who wishes to register as a member, and a biometric authentication device 100 used by the user is prepared. Biometric authentication device identification information (hereinafter referred to as “biometric authentication device IDcid”) is registered in the biometric authentication device 100.

A fingerprint of a user who wishes to register as a member is acquired, and biometric information such as a feature amount of the acquired fingerprint is derived. Further, when the user uses a secure application installed in the terminal device 200, a license key KR for activating the secure application is issued. Here, the secure application is an application that has the basic functions of a web application and has enhanced measures to prevent unauthorized access and information leakage. The user ID yid, the biometric authentication device IDcid, and the license key KR are associated with each other and stored in the management server 300.
Also, a pair of the user's public key (hereinafter referred to as “public key Kpy”) and the user's private key (hereinafter referred to as “secret key Ksy”) is generated, and after the user who wishes to register as a member is examined, the authentication server 500 issues a certificate for the public key Kpy (hereinafter referred to as “user public key certificate Cpy”).
User ID yid, biometric information, license key KR, secret key Ksy, and user public key certificate Cpy are stored in biometric authentication apparatus 100. That is, the biometric authentication device 100 includes a user ID yid, a biometric authentication device IDcid, biometric information, a license key KR, a secret key Ksy, and a user public key certificate of a public key Kpy that is a pair of the secret key Ksy. Cpy is stored.
When the member registration is completed, the biometric authentication device 100 in which various kinds of information are stored is handed over to the user who desires the member registration.

The terminal device 200 generates a pair of the public key of the terminal device 200 (hereinafter referred to as “public key Kpt”) and the private key of the terminal device 200 (hereinafter referred to as “secret key Kst”), and uses the generated secret key Kst. Remember.
The terminal device 200 creates a connection request including the terminal IDtid and the public key Kpt, and transmits the created connection request to the management server 300 connected to the closed network 50.
When the management server 300 receives the connection request transmitted by the terminal device 200 and stores the terminal IDtid included in the received connection request, the management server 300 issues an issue request that is a signal for requesting issuance of a public key certificate, It transmits to the authentication server 500. Here, the issue request includes the terminal IDtid and the public key Kpt.
The authentication server 500 receives the issuance request transmitted by the management server 300, and based on the terminal IDtid and the public key Kpt included in the received issuance request, the certificate for the public key Kpt (hereinafter, “terminal public key certificate Cpt”). "). The authentication server 500 transmits an issue request response including the issued terminal public key certificate Cpt to the terminal device 200 via the management server 300.
The terminal device 200 receives the issue request response transmitted by the authentication server 500 and stores the terminal public key certificate Cpt included in the received issue request response.

A case where the service is used will be described.
The terminal device 200 transmits a connection request that is a signal for requesting connection to the management server 300 to the management server 300 connected to the closed network 50. Here, the connection request includes the terminal IDtid of the terminal device 200 and the terminal public key certificate Cpt. The terminal public key certificate Cpt includes a terminal IDtid and an electronic signature of the public key Kpt. The electronic signature of the public key Kpt is encrypted data obtained as a result of encrypting a digest of data including the terminal IDtid with the secret key Kst. The management server 300 receives the connection request transmitted from the terminal device 200 and verifies the terminal public key certificate Cpt included in the received connection request. When the verification is successful, the management server 300 transmits an expiration date confirmation request, which is a signal for confirming the expiration date of the terminal public key certificate Cpt, to the authentication server 500. The expiration date confirmation request includes the terminal public key certificate Cpt.

The authentication server 500 receives the expiration date confirmation request transmitted by the management server 300, confirms the expiration date of the terminal public key certificate Cpt included in the received expiration date confirmation request, and displays the expiration date confirmation result as the management server To 300. The management server 300 acquires the expiration date confirmation result transmitted by the authentication server 500. The management server 300 transmits, to the terminal device 200, a connection response including information for permitting connection when the acquired expiration date confirmation result indicates that the acquired expiration date confirmation result has not expired, and the acquired expiration date confirmation result has expired. A connection response including information for refusing the connection is transmitted.
The terminal device 200 receives the connection response transmitted from the management server 300, and when the received connection response includes information that permits connection, the terminal device 200 receives an IP address from a DHCP (Dynamic Host Configuration Protocol) server (not shown). To get. The terminal device 200 receives the connection response transmitted from the management server 300, and executes predetermined error processing when the received connection response includes information for refusing the connection.

A user who has registered as a member (hereinafter referred to as “user member”) brings the biometric authentication device 100 close to the terminal device 200, whereby the biometric authentication device 100 and the terminal device 200 are wirelessly connected. The user member places the registered user member's finger on the fingerprint authentication sensor of the biometric authentication device 100. The fingerprint authentication sensor derives a fingerprint feature quantity of the placed finger, and authenticates the user member by comparing the derived finger feature quantity with stored biometric information. When the biometric authentication is successful, the biometric authentication device 100 transmits a communication request including the user ID yid, the biometric authentication device IDcid, and the license key KR to the terminal device 200.
When using a communication service, the user member acquires the biometric authentication device 100, downloads a secure application to the terminal device 200, and installs the downloaded secure application. Here, the secure application installed by the terminal device 200 is an application related to the license key KR, and may include the license key KR and information related to the license key KR.

  The terminal device 200 receives the communication request and verifies the user ID yid, the biometric authentication device IDcid, and the license key KR included in the received communication request. When the verification is successful, the terminal device 200 activates the secure application installed in the terminal device 200 based on the license key KR. When the secure application is activated, the terminal device 200 activates the secure application.

After the secure application is activated, the user member selects a service to be used from the displayed portal menu. When the user member selects a service to be used, the terminal device 200 requests the management server 300 for a session using a protocol such as SSL (Secure Sockets Layer). The terminal device 200 creates a service request that is a signal for using the service, and transmits the created service request to the management server 300. The service request includes information indicating a service to be used, a user ID yid, a biometric authentication device IDcid, and a user public key certificate Cpy.
The user public key certificate Cpy includes a user ID yid and an electronic signature of the public key Kpy. The electronic signature of the public key Kpy is encrypted data obtained as a result of encrypting a digest of data including the user ID yid with the secret key Ksy.

The management server 300 receives the service request transmitted by the terminal device 200 and verifies the user public key certificate Cpy included in the received service request. When the verification is successful, the management server 300 creates a service request response that is a signal for permitting the terminal device 200 to use a service such as accessing the cloud server 400 connected to the closed network 50. The generated service request response is transmitted to the terminal device 200.
The cloud server 400 is a server constructed on the cloud, and provides a cloud service to the terminal device 200. Specifically, the cloud server 400 permits the terminal device 200 to access the stored information.

Hereinafter, among the biometric authentication device 100, the terminal device 200, the management server 300, the cloud server 400, and the authentication server 500 configuring the communication system 10, the biometric authentication device 100, the terminal device 200, and the authentication server 500 are included. Will be described sequentially.
FIG. 2 is a diagram for explaining the biometric authentication device, the terminal device, and the management server that constitute the communication system according to the first embodiment.

(Biometric authentication device)
The biometric authentication device 100 is realized by an integrated circuit card (ICC), a smart card, a chip card, or the like.
The biometric authentication device 100 includes a communication unit 110, a storage unit 120, an information processing unit 130, a reading unit 140, and an address bus for electrically connecting each component as shown in FIG. And a bus line 150 such as a data bus.
The communication unit 110 is realized by a communication module that performs short-range wireless communication. The communication unit 110 communicates with other devices such as the terminal device 200. Specifically, the communication unit 110 transmits the communication request output from the information processing unit 130 to the terminal device 200.

  The storage unit 120 is realized by, for example, a RAM (Random Access Memory), a ROM (Read Only Memory), a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 120 stores a program 121 executed by the information processing unit 130. Furthermore, the storage unit 120 includes biometric information 122 of a user who uses the biometric authentication device 100, a user public key certificate Cpy, a secret key Ksy, a license key KR, a user ID yid, and a biometric authentication device IDcid. Remembered. The biological information is information on human physical features (biological organs) such as fingerprints, irises, and veins. In this embodiment, as described above, the case where the feature amount of the fingerprint is used as the biological information will be described. to continue.

The user public key certificate Cpy includes a user ID yid and an electronic signature of the public key Kpy. The electronic signature of the public key Kpy is encrypted data obtained as a result of encrypting a digest of data including the user ID yid with the secret key Ksy.
The private key Ksy is a private key of a public key Kpy pair included in the user public key certificate Cpy.
The license key KR is information for determining whether or not a secure application installed in the terminal device 200 can be used. The license key KR is used when the secure application is activated. Specifically, the license key KR is a serial number or a secure application registration code.
The user ID yid is user identification information, and may be a communication service member number.
The biometric authentication device IDcid is identification information of the biometric authentication device 100, and may be a MAC address assigned to the biometric authentication device 100.

The reading unit 140 is realized by a fingerprint authentication sensor. When the finger is placed on the fingerprint authentication sensor, the reading unit 140 reads the fingerprint information of the placed finger and derives the feature amount of the fingerprint. The reading unit 140 outputs information indicating the derived fingerprint feature amount to the information processing unit 130.
The information processing unit 130 is a functional unit (hereinafter, referred to as a software functional unit) realized by a processor such as a CPU (Central Processing Unit) executing the program 121 stored in the storage unit 120, for example. Note that all or part of the information processing unit 130 may be realized by hardware such as LSI (Large Scale Integration), ASIC (Application Specific Integrated Circuit), or FPGA (Field-Programmable Gate Array). It may be realized by a combination of a unit and hardware.
The information processing unit 130 includes, for example, a collation unit 131 and a communication request creation unit 132.

The collation unit 131 acquires information indicating the feature amount of the fingerprint output from the reading unit 140, and based on the acquired information indicating the feature amount of the fingerprint, the biometric feature stored in the storage unit 120. The information 122 is collated. When the collation is successful, the collation unit 131 outputs information indicating that the collation is successful to the communication request creation unit 132. The collation unit 131 ends the process when the collation fails.
The communication request creation unit 132 acquires the user ID yid, the biometric authentication device IDcid, and the license key KR stored in the storage unit 120 when acquiring the information indicating that the verification output from the verification unit 131 is successful. .
The communication request creation unit 132 creates a communication request including the user ID yid, the biometric authentication device IDcid, and the license key KR. The communication request creation unit 132 outputs the created communication request to the communication unit 110.

(Terminal device)
The terminal device 200 is realized by a PC, a notebook PC, a tablet terminal, a smartphone, or the like.
The terminal device 200 includes a communication unit 210a, a communication unit 210b, a storage unit 220, an information processing unit 230, and an address bus and data for electrically connecting each component as shown in FIG. And a bus line 250 such as a bus.
The communication unit 210a is realized by a communication module that performs short-range wireless communication. The communication unit 210a communicates with other devices such as the biometric authentication device 100. Specifically, the communication unit 210 a receives the communication request transmitted by the biometric authentication device 100 and outputs the received communication request to the information processing unit 230.

The communication unit 210b is realized by a communication module. The communication unit 210b communicates with other devices such as the management server 300. Specifically, the communication unit 210b acquires the connection request output from the information processing unit 230, and transmits the acquired connection request to the management server 300. Further, the communication unit 210 b receives the connection response transmitted by the management server 300 in response to the connection request, and outputs the received connection response to the information processing unit 230.
In addition, the communication unit 210b acquires the DHCP request output from the information processing unit 230, and transmits the acquired DHCP request to the DHCP server. In response to the DHCP request, the communication unit 210 b receives the DHCP response transmitted by the DHCP server, and outputs the received DHCP response to the information processing unit 230.
In addition, the communication unit 210 b acquires the service request output from the information processing unit 230 and transmits the acquired service request to the management server 300. Further, the communication unit 210 b receives the service request response transmitted by the management server 300 in response to the service request, and outputs the received service request response to the information processing unit 230.

The storage unit 220 is realized by, for example, a RAM, a ROM, an HDD (Hard Disk Drive), a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 220 stores a program 221 executed by the information processing unit 230 and a secure application 222. Further, the storage unit 220 stores a terminal public key certificate Cpt, a secret key Kst, and a terminal IDtid.
The terminal public key certificate Cpt includes a terminal IDtid and an electronic signature of the public key Kpt. The electronic signature of the public key Kpt is encrypted data obtained as a result of encrypting a digest of data including the public key Kpt and the terminal IDtid with the secret key Kst.
The private key Kst is a private key of a public key Kpt pair included in the terminal public key certificate Cpt.
The terminal IDtid is identification information of the terminal device 200, and may be a MAC address assigned to the terminal device 200.
The operation unit 260 is configured by, for example, a touch panel, detects a touch operation on a portal menu displayed on the display unit 270, and outputs the detection result of the touch operation to the information processing unit 230.
The display unit 270 displays character information or an image output from the information processing unit 230. Specifically, the display unit 270 displays a portal menu.

The information processing unit 230 is, for example, a software function unit realized by executing a program 121 stored in the storage unit 220 or a secure application 222 by a processor such as a CPU. Note that all or part of the information processing unit 230 may be realized by hardware such as LSI, ASIC, or FPGA, or may be realized by a combination of a software function unit and hardware.
The information processing unit 230 includes, for example, a verification unit 231, a creation unit 232, a display processing unit 233, and a communication processing unit 234.

The creation unit 232 creates a public key Kpt, creates a connection request including the created public key Kpt, and outputs the created connection request to the communication unit 210b.
The creation unit 232 also acquires the terminal IDtid and the terminal public key certificate Cpt stored in the storage unit 220. The creation unit 232 creates a connection request including the acquired terminal IDtid and terminal public key certificate Cpt, and outputs the created connection request to the communication unit 210b.
Further, the creation unit 232 acquires information indicating the service output by the operation unit 260 and acquires the user ID yid, the biometric authentication device IDcid, and the user public key certificate Cpy from the biometric authentication device 100. The creation unit 232 creates a service request including information indicating the acquired service, the user ID yid, the biometric authentication device IDcid, and the user public key certificate Cpy, and outputs the created service request to the communication unit 210b. .

The communication processing unit 234 acquires the issue request response transmitted by the authentication server 500 in response to the connection request. When the acquired issuance request response includes the terminal public key certificate Cpt, the communication processing unit 234 stores the terminal public key certificate Cpt in the storage unit 220.
If the acquired connection response includes information that permits connection, the communication processing unit 234 creates a DHCP request and outputs the created DHCP request to the communication unit 210b. In response to the DHCP request, the communication processing unit 234 acquires a DHCP response transmitted from the DHCP server, and extracts an IP address included in the acquired DHCP response. The communication processing unit 234 assigns the extracted IP address to the own terminal device 200.
The communication processing unit 234 acquires the service request response output from the communication unit 210b. If the service request response includes information indicating that communication is permitted, the communication processing unit 234 performs communication with the cloud server 400 connected to the closed network 50 and other terminal devices. If the service request response includes information indicating that communication is not permitted, the communication processing unit 234 may execute predetermined error processing.
When the communication via the closed network 50 is completed, the communication processing unit 234 outputs information indicating that the communication is completed to the display processing unit 233.

The verification unit 231 acquires the user ID yid, biometric authentication device IDcid, and license key KR included in the communication request output by the communication unit 210a. The verification unit 231 verifies the acquired user ID yid, biometric authentication device IDcid, and license key KR, and outputs information indicating that the verification is successful to the display processing unit 233 if the verification is successful. To do. The verification unit 231 may perform predetermined error processing when the verification fails. For example, the verification unit 231 determines whether or not the acquired license key KR matches the license key related to the secure application 222 stored in the storage unit 220. If they match, the verification is passed. If they do not match, the verification fails.
When the display processing unit 233 acquires information indicating that the verification output from the verification unit 231 is acceptable, the display processing unit 233 activates the secure application 222 stored in the storage unit 220 based on the license key KR.
Further, when the display processing unit 233 acquires information indicating that the communication output from the communication processing unit 234 has ended, the display processing unit 233 ends the secure application 222.

(Management server)
The management server 300 is realized by a PC or the like. An example of the management server 300 is a virtual machine (VM) on the cloud.
The management server 300 includes a communication unit 310, a storage unit 320, an information processing unit 330, and a bus line such as an address bus and a data bus for electrically connecting each component as shown in FIG. 350.

The communication unit 310 is realized by a communication module. The communication unit 310 communicates with other devices such as the terminal device 200 via the closed network 50.
Specifically, the communication unit 310 receives a connection request including the terminal IDtid and the public key Kpt transmitted by the terminal device 200, and outputs the received connection request to the information processing unit 330.
Further, the communication unit 310 transmits an expiration date confirmation request including the public key Kpt output from the information processing unit 330 to the authentication server 500.
In addition, the communication unit 310 receives a connection request including the terminal IDtid and the terminal public key certificate Cpt transmitted by the terminal device 200, and outputs the received connection request to the information processing unit 330. In response to the connection request, the communication unit 310 acquires the connection response output by the information processing unit 330 and transmits the acquired connection response to the terminal device 200.
In addition, the communication unit 310 receives the service request transmitted from the terminal device 200 and outputs the received service request to the information processing unit 330. Further, the communication unit 310 acquires the service request response output by the information processing unit 330 in response to the service request, and transmits the acquired service request response to the terminal device 200.

  The storage unit 320 is realized by, for example, a RAM, a ROM, an HDD, a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 320 stores a program 321 executed by the information processing unit 330 and an authentication application 322. Further, member information 323 is stored in the storage unit 320. In the member information 323, for each of a plurality of user members, a user ID yid, a terminal ID tid, a biometric authentication device ID cid, and a secure application license key KR are stored in association with each other.

The information processing unit 330 is a software function unit that is realized, for example, when a processor such as a CPU executes the program 321 stored in the storage unit 320 or the authentication application 322. Note that all or part of the information processing unit 330 may be realized by hardware such as LSI, ASIC, or FPGA, or may be realized by a combination of a software function unit and hardware.
The information processing unit 330 includes, for example, a verification unit 331 and a communication processing unit 334.

The verification unit 331 acquires the terminal IDtid and the public key Kpt included in the connection request output from the communication unit 310, and verifies the validity of the terminal device 200 using the terminal IDtid included in the connection request. Specifically, when the member ID 323 included in the connection request is included in the member information 323 of the storage unit 320, it is determined that the verification of the terminal device 200 is successful, and when the terminal ID 200 is not included, the determination is made. It is determined that the verification fails.
When the verification of the terminal device 200 is acceptable, the verification unit 331 notifies the communication processing unit 334 of information indicating that the verification of the terminal device 200 is acceptable. Here, the information indicating that the verification of the terminal device 200 is acceptable includes the terminal IDtid and the public key Kpt. The verification unit 331 may execute predetermined error processing when the verification of the terminal device 200 fails. Specifically, when the verification of the terminal device 200 fails, the verification unit 331 notifies the communication processing unit 334 of information indicating that the verification of the terminal device 200 fails.

The verification unit 331 acquires the terminal IDtid and the terminal public key certificate Cpt included in the connection request output from the communication unit 310, and the validity of the terminal device 200 is determined based on the terminal IDtid and the terminal public key certificate included in the connection request. Verify using certificate Cpt.
When the verification of the terminal device 200 is acceptable, the verification unit 331 notifies the communication processing unit 334 of information indicating that the verification of the terminal device 200 is acceptable. Here, the information indicating that the verification of the terminal device 200 is successful includes the terminal IDtid and the terminal public key certificate Cpt. The verification unit 331 may execute predetermined error processing when the verification of the terminal device 200 fails. Specifically, when the verification of the terminal device 200 fails, the verification unit 331 notifies the communication processing unit 334 of information indicating that the verification of the terminal device 200 fails.
Further, the verification unit 331 acquires information indicating the service included in the service request output by the communication unit 310, the user ID yid, the biometric authentication device ID cid, and the user public key certificate Cpy, and acquires the acquired user public key The validity of the user is verified based on the certificate Cpy. When the user verification is acceptable, the verification unit 331 outputs information indicating that the user verification is acceptable to the communication processing unit 334. The verification unit 331 may execute predetermined error processing when the user verification fails.

The communication processing unit 334 acquires information indicating that the verification of the terminal device 200 output by the verification unit 331 is acceptable, and discloses the terminal IDtid and the information indicating that the acquired verification of the terminal device 200 is acceptable. If the key Kpt is included, an issue request including the terminal IDtid and the public key Kpt is created, and the created issue request is output to the communication unit 310.
Further, the communication processing unit 334 acquires information indicating that the verification of the terminal device 200 output by the verification unit 331 is acceptable, and adds the terminal IDtid to the information indicating that the acquired verification of the terminal device 200 is acceptable. And the terminal public key certificate Cpt are generated, an expiration date confirmation request including the terminal IDtid and the terminal public key certificate Cpt is created, and the created expiration date confirmation request is output to the communication unit 310. . In response to the expiration date confirmation request, the communication processing unit 334 acquires the expiration date confirmation result transmitted from the authentication server 500 from the communication unit 310. The communication processing unit 334 creates a connection response including information permitting connection and outputs the created connection response to the communication unit 310 when the confirmation result of the expiration date indicates that it has not expired. The communication processing unit 334 creates a connection response including information for refusing the connection, and outputs the created connection response to the communication unit 310 when the expiration date confirmation result indicates that it has expired.

  When the communication processing unit 334 acquires information indicating that the user verification output by the verification unit 331 is acceptable, the communication processing unit 334 operates the terminal device 200 based on the acquired information indicating that the user verification is acceptable. To the user who is performing communication via the closed network 50. The communication processing unit 334 creates a service request response that is a signal for permitting a user operating the terminal device 200 to perform communication via the closed network 50, and the created service request response is Output to the communication unit 310. The communication processing unit 334 outputs information indicating that the communication is ended to the communication unit 310 when the user who has permitted the communication ends the communication.

(Operation of communication system (1))
FIG. 3 is a sequence chart illustrating an example (part 1) of the operation of the communication system according to the first embodiment.
In the example illustrated in FIG. 3, the terminal device 200 performs a process of requesting the authentication server 500 to issue a terminal public key certificate Cpt for the generated public key Kpt. Then, the terminal device 200 performs processing for storing the terminal public key certificate Cpt issued by the authentication server 500.
(Step S101)
The creation unit 232 of the terminal device 200 acquires the public key Kpt and the terminal IDtid stored in the storage unit 220. The creation unit 232 creates a connection request including the acquired public key Kpt and the terminal IDtid.
(Step S102)
The creation unit 232 of the terminal device 200 outputs a connection request including the user ID yid and the public key Kpt to the communication unit 210b. The communication unit 210b transmits the connection request output from the creation unit 232 to the management server 300.
(Step S103)
The verification unit 331 of the management server 300 verifies the validity of the terminal device 200 using the terminal IDtid included in the connection request. Here, the description is continued for a case where the verification is successful. If the verification fails, the verification unit 331 may execute a predetermined error process.

(Step S104)
When the communication processing unit 334 of the management server 300 acquires information indicating that the verification of the terminal device 200 output by the verification unit 331 is acceptable, the communication processing unit 334 displays information indicating that the verification of the acquired terminal device 200 is acceptable. An issue request including the included terminal IDtid and public key Kpt is created, and the created issue request is output to the communication unit 310. The communication unit 310 transmits the issue request output from the communication processing unit 334 to the authentication server 500.
(Step S105)
The authentication server 500 receives the issue request transmitted by the management server 300 and issues a terminal public key certificate Cpt for the public key Kpt included in the received issue request. The authentication server 500 transmits an issue request response including the issued terminal public key certificate Cpt to the terminal device 200.
(Step S106)
The communication processing unit 234 of the terminal device 200 acquires the issue request response transmitted by the authentication server 500 in response to the connection request. When the acquired issuance request response includes the terminal public key certificate Cpt, the communication processing unit 234 stores the terminal public key certificate Cpt in the storage unit 220.

(Operation of communication system (2))
FIG. 4 is a sequence chart illustrating an example (part 2) of the operation of the communication system according to the first embodiment.
In the example illustrated in FIG. 4, processing in which a user member receives provision of a membership-based communication service using a closed network will be described. In the example shown in FIG. 4, the operation after the biometric authentication device 100 (fingerprint authentication card) is issued to the user member will be described.
(Step S201)
The creation unit 232 of the terminal device 200 acquires the terminal IDtid and the terminal public key certificate Cpt stored in the storage unit 220. The creation unit 232 creates a connection request including the acquired public key Kpt and the terminal IDtid.
(Step S202)
The creation unit 232 of the terminal device 200 outputs the created connection request to the communication unit 210b. The communication unit 210b transmits the connection request output from the creation unit 232 to the management server 300.
(Step S203)
The verification unit 331 of the management server 300 verifies the validity of the terminal device 200 using the terminal IDtid and the terminal public key certificate Cpt included in the connection request. Here, the description is continued for a case where the verification is successful. In this case, the verification unit 331 outputs information indicating that the verification of the terminal device 200 is acceptable to the communication processing unit 334. If the verification fails, the verification unit 331 may execute a predetermined error process.
(Step S204)
The communication processing unit 334 of the management server 300 acquires information indicating that the verification of the terminal device 200 is acceptable, and the terminal IDtid and the terminal disclosure included in the information indicating that the acquired verification of the terminal device 200 is acceptable. The key certificate Cpt is acquired. The communication processing unit 334 creates an expiration date confirmation request including the acquired terminal IDtid and terminal public key certificate Cpt, and outputs the created expiration date confirmation request to the communication unit 310. The communication unit 310 acquires the expiration date confirmation request output from the communication processing unit 334 and transmits the acquired expiration date confirmation request to the authentication server 500.

(Step S205)
The authentication server 500 receives the expiration date confirmation request transmitted by the management server 300 and confirms the expiration date of the terminal public key certificate Cpt included in the received expiration date confirmation request.
(Step S206)
The authentication server 500 transmits the expiration date confirmation result to the management server 300.
(Step S207)
The communication processing unit 334 of the management server 300 acquires the confirmation result of the expiration date, and when the acquired expiration date confirmation result includes information indicating that the expiration date has not expired, information that permits connection Is generated, and the generated connection response is output to the communication unit 310. The communication processing unit 334 creates a connection response including information for refusing the connection when the confirmation result of the expiration date includes information indicating that the expiration date has expired. Output to the communication unit 310. Here, the description continues when the communication processing unit 334 creates a connection response including information for permitting connection.
(Step S208)
The communication unit 310 of the management server 300 acquires the connection response output from the communication processing unit 334 and transmits the acquired connection response to the terminal device 200.
(Step S209)
The communication unit 210 b of the terminal device 200 receives the connection response transmitted from the management server 300 and outputs the received connection response to the communication processing unit 234. The communication processing unit 234 acquires the connection response output by the communication unit 210b, and since the acquired connection response includes information that permits connection, the communication processing unit 234 creates a DHCP request and communicates the created DHCP request. To the unit 210b. In response to the DHCP request, the communication processing unit 234 acquires a DHCP response transmitted by the DHCP server, and acquires an IP address included in the acquired DHCP response. The communication processing unit 234 assigns the acquired IP address to the own terminal device 200.

(Step S210)
When the user member brings the biometric authentication device 100 closer to the terminal device 200, connection processing is performed between the communication unit 110 of the biometric authentication device 100 and the communication unit 210a of the terminal device 200. As a result, the biometric authentication device 100 and the terminal device 200 are wirelessly connected.
(Step S211)
When the finger is placed on the fingerprint authentication sensor, the reading unit 140 of the biometric authentication device 100 reads biometric information such as the feature amount of the fingerprint of the placed finger. The reading unit 140 outputs the read biometric information of the finger to the information processing unit 130.
(Step S212)
The collation unit 131 of the biometric authentication device 100 acquires the biometric information output from the reading unit 140 and collates the acquired biometric information with the biometric information 122 stored in the storage unit 120. Here, the description is continued for the case where the collation is successful. If the collation is successful, the collation unit 131 outputs information indicating that the collation is successful to the communication request creation unit 132. The collation unit 131 ends the process when the collation fails. If the verification fails, the verification unit 131 may execute a predetermined error process.

(Step S213)
When the communication request creation unit 132 of the biometric authentication device 100 acquires information indicating that the verification is successful, the communication request creation unit 132 acquires the user ID yid, the biometric authentication device IDcid, and the license key KR stored in the storage unit 120. The communication request creation unit 132 creates a communication request including the acquired user ID yid, biometric authentication device IDcid, and license key KR.
(Step S214)
The communication request creation unit 132 of the biometric authentication device 100 outputs the created communication request to the communication unit 110. The communication unit 110 transmits the communication request output from the communication request creation unit 132 to the terminal device 200.

(Step S215)
The verification unit 231 of the terminal device 200 acquires the user ID yid, the biometric authentication device IDcid, and the license key KR that are included in the communication request transmitted by the biometric authentication device 100. The verification unit 231 verifies the acquired user ID yid and biometric authentication device IDcid, and outputs information indicating that the verification is successful to the display processing unit 233 if the verification is successful. Here, the description is continued for the case where the verification is successful. The verification unit 231 may perform predetermined error processing when the verification fails.
(Step S216)
When the display processing unit 233 of the terminal device 200 acquires information indicating that the verification output by the verification unit 231 is acceptable, the display processing unit 233 activates the secure application 222 stored in the storage unit 220 based on the license key KR. To do. The display unit 270 displays a portal menu. The user member can select a service to be used from the portal menu.
(Step S217)
The creation unit 232 of the terminal device 200 acquires information indicating the service output by the operation unit 260 and acquires the user ID yid, the biometric authentication device IDcid, and the user public key certificate Cpy from the biometric authentication device 100. The creation unit 232 creates a service request including information indicating the acquired service, a user ID yid, a biometric authentication device IDcid, and a user public key certificate Cpy.
(Step S218)
The creation unit 232 of the terminal device 200 outputs the created service request to the communication unit 210b. The communication unit 210b transmits the service request output from the creation unit 232 to the management server 300.

(Step S219)
The communication unit 310 of the management server 300 receives the service request transmitted by the terminal device 200 and outputs the received service request to the verification unit 331. The verification unit 331 acquires information indicating the service included in the service request output from the communication unit 310, the user ID yid, the biometric authentication device ID cid, and the user public key certificate Cpy, and acquires the acquired user public key certificate Based on Cpy, the validity of the user is verified. When the user verification is acceptable, the verification unit 331 outputs information indicating that the user verification is acceptable to the communication processing unit 334. Here, the description is continued for the case where the user verification is successful. The verification unit 331 may execute predetermined error processing when the user verification fails.
(Step S220)
If the verification is successful, the communication processing unit 334 of the management server 300 permits the user operating the terminal device 200 to perform communication via the closed network 50 based on the user ID yid. The communication processing unit 334 creates a service request response including information indicating that communication is permitted, and transmits the created service request response to the terminal device 200.

(Step S221)
The communication processing unit 234 of the terminal device 200 communicates with the cloud server 400 via the closed network 50 from the communication unit 210b.
(Step S222)
The user performs an operation to end communication via the closed network 50 on the operation unit 260. The communication processing unit 234 acquires information for ending communication, outputs information for ending the acquired communication to the display processing unit 233, and creates a disconnection request based on the information for ending the communication. The communication processing unit 234 outputs the created disconnection request to the communication unit 210b. The communication unit 210b acquires the disconnection request output from the communication processing unit 234, and transmits the acquired disconnection request to the management server 300 via the closed network 50.
(Step S223)
The display processing unit 233 of the terminal device 200 acquires information for ending communication, and ends the secure application 222 based on the acquired information for ending communication.
(Step S224)
When acquiring the disconnection request, the communication processing unit 334 of the management server 300 prohibits the terminal device 200 that has transmitted the disconnection request from communicating via the closed network 50.

  In the above-described embodiment, the terminal device 200 verifies the user ID yid, the biometric authentication device IDcid, and the license key KR included in the received communication request. If the verification is successful, the terminal device 200 is based on the license key KR. The terminal device 200 has been described with respect to the case where the secure application installed in the 200 is activated to activate the secure application. However, the present invention is not limited to this example. For example, the terminal device 200 verifies the user ID yid, the biometric authentication device IDcid, and the license key KR included in the received communication request. If the verification is successful, the terminal device 200 is installed in the terminal device 200 based on the license key KR. The icon of the secure application may be displayed. Then, after displaying the icon of the secure application, the terminal device 200 may activate the secure application when the icon is selected by tapping the icon of the secure application.

  According to the communication system of the first embodiment, the secure application 222 installed in the terminal device 200 is activated when the verification of the license key KR is successful, and thus configured via the closed network 50. Thus, the presence of a secure application for communication can be recognized when the verification of the license key KR is successful. For this reason, even if the terminal device 200 is lost or stolen, it is not possible to know whether or not the secure application 222 is installed in the terminal device 200 in that state. Can be reduced.

(Second Embodiment)
(Communications system)
FIG. 1 can be applied to an example of the communication system according to the second embodiment.
The communication system of this embodiment provides a communication service to members using the closed network 50. By receiving the communication service, the member communicates with another device via the closed network 50, accesses the cloud server 400 connected to the closed network 50, and stores the data stored in the accessed cloud server 400. Or get it.
The communication system 10a includes a biometric authentication device 100a, a terminal device 200a, a management server 300a, a cloud server 400, and an authentication server 500.
The biometric authentication device 100a and the terminal device 200a are connected by short-range wireless communication. Here, examples of short-range wireless communication include Bluetooth (Bluetooth is a registered trademark), RFID, and the like. In the present embodiment, a description will be continued regarding a case where Bluetooth is applied as an example of short-range wireless communication. In this case, prior to communication, pairing is performed between the biometric authentication device 100a and the terminal device 200a.
The terminal device 200a, the management server 300a, the cloud server 400, and the authentication server 500 are connected via the closed network 50. The closed network 50 is a network physically separated from the Internet.

The biometric authentication device 100a performs biometric authentication of the user. An example of the biometric authentication device 100a is a biometric fingerprint authentication card. In the present embodiment, as an example of the biometric authentication device 100a, the case where the biometric authentication device 100a is a fingerprint authentication card will be described. In this case, the fingerprint authentication card stores biometric information such as fingerprint feature quantities.
First, membership registration of a user who uses the communication service is performed. In member registration, the following processing is performed.
A user ID yid is associated with a user who wishes to register as a member, and a biometric authentication device 100a used by the user is prepared. A biometric authentication device IDcid is registered in the biometric authentication device 100a.

A fingerprint of a user who wishes to register as a member is acquired, and biometric information such as a feature amount of the acquired fingerprint is derived. Further, when the user uses a secure application installed in the terminal device 200a, a license key KR for activating the secure application is issued. User ID yid, biometric authentication device IDcid, and license key KR are associated with each other and stored in management server 300a.
In the second embodiment, a pair of the user's public key and the user's private key is not generated. The biometric authentication device 100a stores a user ID yid, biometric information, a license key KR, and a biometric authentication device IDcid. That is, the biometric authentication apparatus 100a does not store the user's private key and user public key certificate.
When the member registration is completed, the biometric authentication device 100a is handed over to the user who desires the member registration.

The terminal device 200a generates a pair of the public key of the terminal device 200a (hereinafter referred to as “public key Kpt”) and the private key of the terminal device 200a (hereinafter referred to as “secret key Kst”), and uses the generated secret key Kst. Remember.
The terminal device 200a creates a connection request including the terminal IDtid and the public key Kpt, and transmits the created connection request to the management server 300a connected to the closed network 50.
When the management server 300a receives the connection request transmitted by the terminal device 200a and stores the terminal IDtid included in the received connection request, the management server 300a issues an issuance request, which is a signal requesting issuance of a public key certificate, It transmits to the authentication server 500. Here, the issue request includes the terminal IDtid and the public key Kpt.
The authentication server 500 receives the issuance request transmitted by the management server 300a, and based on the terminal IDtid and the public key Kpt included in the received issuance request, the certificate for the public key Kpt (hereinafter, “terminal public key certificate Cpt”). "). The authentication server 500 transmits an issue request response including the issued terminal public key certificate Cpt to the terminal device 200a via the management server 300a.
The terminal device 200a receives the issue request response transmitted by the authentication server 500, and stores the terminal public key certificate Cpt included in the received issue request response.

A case where the service is used will be described.
The terminal device 200a transmits a connection request, which is a signal for requesting connection to the management server 300a, to the management server 300a connected to the closed network 50. Here, the connection request includes the terminal IDtid of the terminal device 200a and the terminal public key certificate Cpt. The terminal public key certificate Cpt includes a terminal IDtid and an electronic signature of the public key Kpt. The electronic signature of the public key Kpt is encrypted data obtained as a result of encrypting a digest of data including the terminal IDtid with the secret key Kst.
The management server 300a receives the connection request transmitted from the terminal device 200a, and verifies the terminal public key certificate Cpt included in the received connection request. When the verification is successful, the management server 300a transmits an expiration date confirmation request, which is a signal for confirming the expiration date of the terminal public key certificate Cpt, to the authentication server 500. The expiration date confirmation request includes the terminal public key certificate Cpt.

The authentication server 500 receives the expiration date confirmation request transmitted by the management server 300a, confirms the expiration date of the terminal public key certificate Cpt included in the received expiration date confirmation request, and displays the expiration date confirmation result as the management server Send to 300a. The management server 300a acquires the expiration date confirmation result transmitted by the authentication server 500. The management server 300a transmits, to the terminal device 200a, a connection response including information for permitting connection when the acquired expiration date confirmation result indicates that the acquired expiration date confirmation result has not expired, and the acquired expiration date confirmation result has expired. A connection response including information for refusing the connection is transmitted.
The terminal device 200a receives the connection response transmitted by the management server 300a, and acquires an IP address from the DHCP server when the received connection response includes information that permits connection. The terminal device 200a receives the connection response transmitted from the management server 300a, and executes predetermined error processing when the received connection response includes information for refusing the connection.

When the user member who has registered as a member moves the biometric authentication device 100a closer to the terminal device 200a, the biometric authentication device 100a and the terminal device 200a are wirelessly connected. The user member places the registered user member's finger on the fingerprint authentication sensor of the biometric authentication device 100a. The fingerprint authentication sensor derives a fingerprint feature quantity of the placed finger, and authenticates the user member by comparing the derived finger feature quantity with stored biometric information. When the biometric authentication is successful, the biometric authentication device 100a transmits a communication request including the user ID yid, the biometric authentication device IDcid, and the license key KR to the terminal device 200a.
When using the communication service, the user member acquires the biometric authentication device 100a, downloads a secure application to the terminal device 200a, and installs the downloaded secure application. Here, the secure application installed by the terminal device 200a is an application related to the license key KR, and may include the license key KR.

  The terminal device 200a receives the communication request, and verifies the user ID yid, the biometric authentication device IDcid, and the license key KR included in the received communication request. When the verification is successful, the terminal device 200a activates the secure application installed in the terminal device 200a based on the license key KR. When the secure application is activated, the terminal device 200a activates the secure application.

  After the secure application is activated, the user member selects a service to be used from the displayed portal menu. When the user member selects a service to be used, the terminal device 200a requests the management server 300a for a session using a protocol such as SSL. The terminal device 200a creates a service request that is a signal for using the service, encrypts the created service request with the common key Kkt, and transmits the result of encryption with the common key Kkt to the management server 300a. Here, the common key Kkt is the same as the common key Kkk stored in the management server 300a. The service request includes information indicating a service to be used, a user ID yid, and a biometric authentication device IDcid.

The management server 300a receives the service request transmitted by the terminal device 200a, and decrypts the received service request with the common key Kkk. The management server 300a verifies the user ID yid and biometric authentication device IDcid included in the result of decrypting the service request with the common key Kkk. The management server 300a determines that the verification is successful when the combination of the user ID yid and the biometric authentication device IDcid is stored, and the verification is failed when the combination is not stored. When the verification is successful, the management server 300a permits the terminal device 200a to use a service such as accessing the cloud server 400 connected to the closed network 50.
The cloud server 400 is a server constructed on the cloud, and provides a cloud service to the terminal device 200a. Specifically, the cloud server 400 creates a service request response that is a signal for permitting access to the stored information to the terminal device 200a, and sends the created service request response to the terminal device 200a. Send to.

Hereinafter, among the biometric authentication device 100a, the terminal device 200a, the management server 300a, the cloud server 400, and the authentication server 500 constituting the communication system 10a, the biometric authentication device 100a, the terminal device 200a, and the management server 300a. Will be described sequentially.
FIG. 5 is a diagram for explaining the biometric authentication device, the terminal device, and the management server that constitute the communication system according to the second embodiment.

(Biometric authentication device)
The biometric authentication device 100a is realized by an IC card, a smart card, a chip card, or the like.
The biometric authentication device 100a includes a communication unit 110, a storage unit 120a, an information processing unit 130, a reading unit 140, and an address bus for electrically connecting each component as shown in FIG. And a bus line 150 such as a data bus.
The storage unit 120a is realized by, for example, a RAM, a ROM, a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 120a stores a program 121 executed by the information processing unit 130. Furthermore, the storage unit 120a stores biometric information 122 of a user who uses the biometric authentication device 100, a license key KR, a user ID yid, and a biometric authentication device IDcid. The biological information is information on human physical features (biological organs) such as fingerprints, irises, and veins. In this embodiment, as described above, the case where the feature amount of the fingerprint is used as the biological information will be described. to continue.

The license key KR is information for determining whether or not a secure application installed in the terminal device 200a can be used. Specifically, the license key KR is a serial number or a secure application registration code.
The user ID yid is user identification information, and may be a communication service member number.
The biometric authentication device IDcid is identification information of the biometric authentication device 100a, and may be a MAC address assigned to the biometric authentication device 100a.

(Terminal device)
The terminal device 200a is realized by a PC, a notebook PC, a tablet terminal, a smartphone, or the like.
The terminal device 200a includes a communication unit 210a, a communication unit 210b, a storage unit 220a, an information processing unit 230a, an operation unit 260, a display unit 270, and each component as shown in FIG. And a bus line 250 such as an address bus or a data bus for connection.

The storage unit 220a is realized by, for example, a RAM, a ROM, an HDD, a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 220a stores a program 221a executed by the information processing unit 230a and a secure application 222. Further, the storage unit 220a stores a terminal public key certificate Cpt, a secret key Kst, and a terminal IDtid.
The terminal public key certificate Cpt includes a terminal IDtid and an electronic signature of the public key Kpt. The electronic signature of the public key Kpt is encrypted data obtained as a result of encrypting a digest of data including the public key Kpt and the terminal IDtid with the secret key Kst.
The private key Kst is a private key of a public key Kpt pair included in the terminal public key certificate Cpt.
The terminal IDtid is identification information of the terminal device 200a, and may be a MAC address assigned to the terminal device 200a.

The information processing unit 230a is, for example, a software function unit realized by a processor such as a CPU executing a program 221a stored in the storage unit 220a or the secure application 222. Note that all or part of the information processing unit 230a may be realized by hardware such as LSI, ASIC, or FPGA, or may be realized by a combination of a software function unit and hardware.
The information processing unit 230a includes, for example, a verification unit 231a, a creation unit 232a, a display processing unit 233, and a communication processing unit 234.
The creation unit 232a stores the common key Kkt. The creation unit 232a creates a public key Kpt, creates a connection request including the created public key Kpt, and outputs the created connection request to the communication unit 210b.
The creation unit 232a acquires the terminal IDtid and the terminal public key certificate Cpt stored in the storage unit 220a. The creation unit 232a creates a connection request including the acquired terminal IDtid and terminal public key certificate Cpt, and outputs the created connection request to the communication unit 210b.
In addition, the creation unit 232a acquires information indicating the service output by the operation unit 260, and acquires the user ID yid and the biometric authentication device IDcid from the biometric authentication device 100. The creation unit 232 creates a service request including information indicating the acquired service, the user ID yid, and the biometric authentication device IDcid, and encrypts the created service request with the common key Kkt. The creation unit 232a outputs the result of encrypting the service request with the common key Kkt to the communication unit 210b.

(Management server)
The management server 300a is realized by a PC or the like. An example of the management server 300a is a virtual machine on the cloud on the cloud.
The management server 300a includes a communication unit 310, a storage unit 320a, an information processing unit 330a, and bus lines such as an address bus and a data bus for electrically connecting each component as shown in FIG. 350.

  The storage unit 320a is realized by, for example, a RAM, a ROM, an HDD, a flash memory, or a hybrid storage device in which a plurality of these are combined. The storage unit 320a stores a program 321a executed by the information processing unit 330a and an authentication application 322. Further, member information 323 is stored in the storage unit 320. In the member information 323, for each of a plurality of user members, a user ID yid, a terminal ID tid, a biometric authentication device ID cid, and a secure application license key KR are stored in association with each other.

The information processing unit 330a is a software function unit realized by executing a program 321a stored in the storage unit 320a or an authentication application 322 by a processor such as a CPU, for example. Note that all or part of the information processing unit 330 may be realized by hardware such as LSI, ASIC, or FPGA, or may be realized by a combination of a software function unit and hardware.
The information processing unit 330a includes, for example, a verification unit 331a and a communication processing unit 334a.

The verification unit 331a acquires the terminal IDtid and the public key Kpt included in the connection request output from the communication unit 310, and verifies the validity of the terminal device 200a using the terminal IDtid included in the connection request. Specifically, if the member ID 323 included in the connection request is included in the member information 323 of the storage unit 320a, it is determined that the verification of the terminal device 200a is successful, and if not included, the terminal information of the terminal device 200a is determined. It is determined that the verification fails.
When the verification of the terminal device 200a is acceptable, the verification unit 331a notifies the communication processing unit 334a of information indicating that the verification of the terminal device 200a is acceptable. Here, the information indicating that the verification of the terminal device 200a is acceptable includes the terminal IDtid and the public key Kpt. If the verification of the terminal device 200a fails, the verification unit 331a may execute a predetermined error process. Specifically, when the verification of the terminal device 200a fails, the verification unit 331a notifies the communication processing unit 334a of information indicating that the verification of the terminal device 200a fails.

The verification unit 331a acquires the terminal IDtid and the terminal public key certificate Cpt included in the connection request output from the communication unit 310, and determines the validity of the terminal device 200a as the terminal IDtid and the terminal public key certificate included in the connection request. Verify using certificate Cpt.
When the verification of the terminal device 200a is acceptable, the verification unit 331a notifies the communication processing unit 334a of information indicating that the verification of the terminal device 200a is acceptable. Here, the information indicating that the verification of the terminal device 200a is successful includes the terminal IDtid and the terminal public key certificate Cpt. If the verification of the terminal device 200a fails, the verification unit 331a may execute a predetermined error process. Specifically, when the verification of the terminal device 200a fails, the verification unit 331a notifies the communication processing unit 334a of information indicating that the verification of the terminal device 200a fails.
In addition, the verification unit 331a decrypts the result of encrypting the service request output from the communication unit 310 with the common key Kkt, the information indicating the service included in the decrypted result, the user ID yid, the biometric The authentication device IDcid is acquired, and the validity of the user is verified based on the acquired user IDyid and biometric authentication device IDcid. Specifically, the verification unit 331a passes the verification when the combination of the user ID yid and the biometric authentication device IDcid is stored in the member information 323 of the storage unit 320a, and if the verification is not stored Verification fails. When the user verification is acceptable, the verification unit 331 a outputs information indicating that the user verification is acceptable to the communication processing unit 334. The verification unit 331a may execute predetermined error processing when the user verification fails.

(Operation of communication system)
The process in which the terminal device 200a requests the authentication server 500 to issue the terminal public key certificate Cpt for the generated public key Kpt and the process of storing the terminal public key certificate Cpt issued by the authentication server 500 are described above. FIG. 3 can be applied.
FIG. 4 described above can be applied to processing in which a user member receives provision of a membership-based communication service using a closed network. However, in step S217, the creation unit 232a of the terminal device 200a acquires information indicating the service output by the operation unit 260, and acquires the user ID yid and the biometric authentication device IDcid from the biometric authentication device 100. The creation unit 232a creates a service request including information indicating the acquired service, a user ID yid, and a biometric authentication device IDcid. The creation unit 232a encrypts the created service request with the common key Kkt. In step S218, the creation unit 232a of the terminal device 200a outputs the result of encrypting the created service request with the common key Kkt to the communication unit 210b. The communication unit 210b transmits the result of encrypting the service request output from the creation unit 232a with the common key Kkt to the management server 300.
In step S219, the communication unit 310 of the management server 300a receives the result of encrypting the service request transmitted by the terminal device 200a with the common key Kkt, and the result of encrypting the received service request with the common key Kkt. The data is output to the verification unit 331a. The verification unit 331a decrypts the result of encrypting the service request output from the communication unit 310 with the common key Kkt, information indicating the service included in the decrypted result, the user ID yid, the biometric authentication device IDcid is acquired, and the validity of the user is verified based on the acquired user IDyid and biometric authentication device IDcid. When the user verification is acceptable, the verification unit 331a outputs information indicating that the user verification is acceptable to the communication processing unit 334a. The verification unit 331a may execute predetermined error processing when the user verification fails.

  According to the communication system 10a of the second embodiment, the user public key certificate Cpy and the secret key Ksy are not stored in the biometric authentication device 100a as compared to the communication system 10 of the first embodiment. As a result, it is possible to omit the trouble of issuing the public key Kpy and the secret key Ksy and the trouble of issuing the user public key certificate Cpy.

<Configuration example>
As one configuration example,
A biometric authentication device (the biometric authentication device 100 in the first example, the biometric authentication device 100a in the second embodiment) and a terminal device (the terminal device 200 in the first example, the terminal device 200a in the second embodiment) ) And a management server (first example, management server 300 in the second embodiment) in a communication system (communication system 10 in the first example, communication system 10a in the second embodiment). Then, the biometric authentication device includes user identification information (first example, user ID yid in the second embodiment) and user biometric information (first example, biometric information 122 in the second embodiment). ), A biometric authentication device storage unit (storage unit 120 in the first example, storage unit 120a in the second example), and a reading unit (first example, Second implementation In the state, the reading unit 140), a matching unit that checks the biometric information read by the reading unit and the biometric information stored in the biometric authentication device storage unit (in the first embodiment and the second embodiment, The collation unit 131) and a communication request creation unit that creates a communication request including user identification information stored in association with the biometric information stored in the biometric authentication device storage unit when collation by the collation unit is successful ( The communication request creation unit 132 in the first example, the communication request creation unit 132a in the second embodiment, and the biometric authentication device communication unit (first unit) that transmits the communication request created by the communication request creation unit to the terminal device. In the second embodiment, the communication device 110), and the terminal device receives the communication request transmitted by the biometric authentication device (first embodiment, second embodiment). Then, the communication unit 210a) and the terminal A display processing unit that activates an application connected to the closed network based on the communication request received by the remote communication unit (the display processing unit 233 in the first embodiment and the second embodiment), and a connection to the closed network A connection request creating unit (creating unit 232 in the first embodiment, creating unit 232a in the second embodiment) that creates a service request that is information requesting connection to the closed network to the management server. The terminal device communication unit transmits the service request created by the creation unit to the management server, and the management server receives the service request transmitted by the terminal device (first embodiment, second embodiment). In the embodiment, the communication unit 310), the management server verification unit (first example, verification unit 331 in the second embodiment) that verifies the service request received by the management server communication unit, A communication processing unit (first embodiment, communication processing unit 334 in the second embodiment) that performs connection processing between the terminal device and the closed network when the verification of the service request by the server verification unit is successful. The communication system.

As one configuration example, the biometric authentication device storage unit further stores the license key of the application (the license key KR in the first embodiment and the second embodiment), and the communication request creation unit performs verification by the verification unit. When successful, the communication request further including the license key stored in the biometric authentication device storage unit is created, and the display processing unit is based on the license key included in the communication request received by the terminal device communication unit Start the app.
As an example of the configuration, the biometric authentication device storage unit includes a user secret key (first example, second example) paired with a user public key (first example, public key Kpy in the second embodiment). Private key Ksy) in the form, and user public key certificate of the user public key created using the user private key (first example, user public key certificate Cpy in the second embodiment) The creation unit creates a service request including the user public key certificate, and the management server verification unit verifies the service request based on the user public key certificate included in the service request received by the management server communication unit. When the verification by the management server verification unit is successful, the communication processing unit performs a connection process between the terminal device and the closed network.

As one configuration example,
The terminal device has a terminal secret key (first example, secret key Kst in the second embodiment) paired with a terminal public key (first example, public key Kpt in the second embodiment), A terminal storage unit (first embodiment) that stores a terminal public key certificate (first example, terminal public key certificate Cpt in the second embodiment) of a terminal public key created using the terminal private key The example includes a storage unit 220, and in the second embodiment, the storage unit 220a), the creation unit creates a connection request including a terminal public key certificate, and the management server verification unit includes the terminal disclosure included in the connection request. The communication processing unit verifies the connection request based on the key certificate, and the communication processing unit performs a connection process between the terminal device and the management server when the verification of the connection request by the management server is successful.
As an example of the configuration, the display processing unit terminates the application (the first example, the secure application 222 in the second embodiment) when the communication via the closed network is terminated.

As one configuration example, a closed network based on a communication unit (first example, communication unit 210a in the second embodiment) that receives a communication request transmitted by a biometric authentication device and a communication request received by the communication unit A display processing unit (display processing unit 233 in the first embodiment, display processing unit 233a in the second embodiment) that starts an application that accesses the network, and a management server connected to the closed network. A connection request creation unit (a creation unit 232 in the first embodiment, a creation unit 232a in the second embodiment) that creates a service request, which is information for requesting a connection. A communication unit (first example, communication unit 210b in the second embodiment) that transmits the created service request to the management server is provided.
As one configuration example, a step of starting an application for accessing a closed network based on a communication request transmitted from the biometric authentication device to a computer of the terminal device, and a management server connected to the closed network to the closed network A program (program 221 in the first example, second embodiment) that executes a step of creating a service request that is information for requesting connection and a step of communicating the created service request to the management server Then, the program 221a).

As mentioned above, although embodiment was described, these embodiment was shown as an example and is not intending limiting the range of invention. These embodiments can be implemented in various other forms, and various omissions, replacements, changes, and combinations can be made without departing from the scope of the invention. These embodiments are included in the scope and gist of the invention, and at the same time, are included in the invention described in the claims and the equivalents thereof.
Note that the above-described biometric authentication device 100, biometric authentication device 100a, terminal device 200, terminal device 200a, management server 300, and management server 300a may be realized by a computer. In that case, a program for realizing the function of each functional block is recorded on a computer-readable recording medium. The program recorded on the recording medium may be read by a computer system and executed by the CPU. The “computer system” here includes hardware such as an OS (Operating System) and peripheral devices.
The “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM. The “computer-readable recording medium” includes a storage device such as a hard disk built in the computer system.

Furthermore, the “computer-readable recording medium” may include a medium that dynamically holds a program for a short time. What holds the program dynamically for a short time is, for example, a communication line when the program is transmitted via a network such as the Internet or a communication line such as a telephone line.
In addition, the “computer-readable recording medium” may include a medium that holds a program for a certain period of time, such as a volatile memory inside a computer system that serves as a server or a client. The program may be for realizing a part of the functions described above. Further, the program may be a program that can realize the above-described functions in combination with a program already recorded in the computer system. The program may be realized using a programmable logic device. The programmable logic device is, for example, an FPGA (Field Programmable Gate Array).

The biometric authentication device 100, the biometric authentication device 100a, the terminal device 200, the terminal device 200a, the management server 300, and the management server 300a described above have a computer inside. Each process of the biometric authentication device 100, the biometric authentication device 100a, the terminal device 200, the terminal device 200a, the management server 300, and the management server 300a is stored in a computer-readable recording medium in the form of a program. The above processing is performed by the computer reading and executing this program.
Here, the computer-readable recording medium means a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like. Alternatively, the computer program may be distributed to the computer via a communication line, and the computer that has received the distribution may execute the program.
The program may be for realizing a part of the functions described above.
Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 10 ... Communication system, 50 ... Closed network, 100 ... Biometric authentication apparatus, 110, 210a, 210b, 310 ... Communication part, 120, 220, 320 ... Storage part, 121, 221, 321 ... Program, 122 ... Biometric information, 130 , 230, 330 ... information processing unit, 131 ... collation unit, 132 ... communication request creation unit, 232 ... creation unit, 140 ... reading unit, 150 ... bus line, 200 ... terminal device, 222 ... secure application, 231, 331 ... Verification unit, 233 ... display processing unit, 234, 334 ... communication processing unit, 260 ... operation unit, 270 ... display unit, 300 ... management server, 322 ... authentication application, 323 ... member information, 400 ... cloud server, 500 ... authentication server

Claims (7)

A communication system comprising a biometric authentication device, a terminal device, and a management server,
The biometric authentication device is:
A biometric authentication device storage unit that stores information in which user identification information and user biometric information are associated;
A reading unit for reading biological information;
A collation unit that collates the biometric information read by the reading unit with the biometric information stored in the biometric authentication device storage unit;
A communication request creation unit that creates a communication request including the user identification information stored in association with the biometric information stored in the biometric authentication device storage unit when the verification by the verification unit is successful;
The communication request created by the communication request creation unit includes a biometric authentication device communication unit that transmits to the terminal device,
The terminal device
A terminal device communication unit that receives the communication request transmitted by the biometric authentication device;
Based on the communication request received by the terminal device communication unit, a display processing unit that activates an application connected to a closed network;
A creation unit that creates a service request that is information for requesting connection to the closed network to the management server connected to the closed network;
The terminal device communication unit transmits the service request created by the creation unit to the management server,
The management server
A management server communication unit that receives the service request transmitted by the terminal device;
A management server verification unit that verifies the service request received by the management server communication unit;
A communication system comprising: a communication processing unit that performs connection processing between the terminal device and the closed network when the management server verification unit successfully verifies the service request. The biometric authentication device storage unit further stores a license key of the application,
The communication request creation unit creates the communication request further including the license key stored in the biometric authentication device storage unit when the collation by the collation unit is successful,
The communication system according to claim 1, wherein the display processing unit activates the application based on the license key included in the communication request received by the terminal device communication unit. The biometric authentication device storage unit stores a user private key paired with a user public key, and a user public key certificate of the user public key created using the user private key,
The creation unit creates a service request including the user public key certificate,
The management server verification unit
Based on the user public key certificate included in the service request received by the management server communication unit, the service request is verified,
The communication system according to claim 1, wherein the communication processing unit performs a connection process between the terminal device and the closed network when verification by the management server verification unit is successful. The terminal device
A terminal storage unit that stores a terminal private key paired with the terminal public key and a terminal public key certificate of the terminal public key created using the terminal private key;
The creation unit creates a connection request including the terminal public key certificate, and the management server verification unit verifies the connection request based on the terminal public key certificate included in the connection request,
The said communication processing part performs the connection process of the said terminal device and the said management server, when the verification of the said connection request by the said management server is successful, The Claim 1 WHEREIN: Communications system.   The communication system according to any one of claims 1 to 4, wherein the display processing unit terminates the application when communication via the closed network is terminated. A communication unit for receiving a communication request transmitted by the biometric authentication device;
Based on the communication request received by the communication unit, a display processing unit that activates an application that accesses a closed network;
A creation unit that creates a service request that is information for requesting connection to the closed network to the management server connected to the closed network;
The communication unit is a terminal device that transmits the service request created by the creation unit to a management server. In the terminal computer,
Starting an application that accesses the closed network based on the communication request transmitted by the biometric authentication device;
Creating a service request which is information requesting connection to the closed network to the management server connected to the closed network;
A program for causing the created service request to communicate with the management server.

Images