JP2021179690A - Communication system, repeater, communication method, and program - Google Patents

Abstract

To provide a communication system which can ensure security of communication without reserving a large-capacity secure memory area in a repeater even when many client devices are connected to the repeater, a repeater, a communication method, and a program.SOLUTION: A communication system 1 comprises a server device 10, a repeater 40 connected to the server device 10 so that it can communicate with the server device 10, and a plurality of client devices (70-1, 70-2, and 70-N) connected to the repeater 40 so that they can communicate with the repeater 40. Each of the client devices includes a client storage unit in which concealment information for use in processing of concealing communication with the server device is stored. The repeater includes a device control unit which instructs the client device to perform processing which is to be performed by using the concealment information stored in the client storage unit, of processing for concealing communication between the server device and the client device.SELECTED DRAWING: Figure 1

Description

The present invention relates to communication systems, relay devices, communication methods, and programs.

In the field of IoT (Internet of Things), there is a system that aggregates measurement data measured by each of a plurality of client devices into a server device. In such a system, a plurality of client devices may be divided into several groups, relay devices may be arranged in each group, and communication between the client device and the server device may be performed via the relay device.

Further, in such a system, since data is aggregated via the communication network, there is a possibility that the communication data may be stolen or tampered with by a malicious device on the communication network. As a countermeasure, security in a communication network is strengthened, such as authenticating whether the communication destination device is a legitimate device or encrypting and transmitting communication data. Patent Document 1 discloses a technique for causing a relay device to perform processing related to authentication and encrypted communication, which should be conventionally performed by a client device. As a result, communication security can be ensured without increasing the load on the client device.

JP-A-2002-82907.

However, in Patent Document 1, the relay device stores the digital certificate and the encryption key of each client device, and performs authentication using the digital certificate, encryption / decryption processing using the encryption key, and the like. Therefore, regardless of the number of client devices that are actually connected, a large capacity for storing the electronic certificate and encryption key of each client device, assuming that a large number of client devices are connected to the relay device. There is a problem that it is necessary to secure a secure memory area in the relay device, which is costly.

The present invention has been made in view of such a situation. An object of the present invention is a communication system capable of ensuring confidentiality in communication without securing a large-capacity secure memory area in the relay device assuming that many client devices are connected to the relay device. , Relay devices, communication methods, and programs.

The communication system of the present invention includes a server device, a relay device communicably connected to the server device, and a plurality of client devices communicably connected to the relay device. It has a client storage unit that stores confidential information used in a process for concealing communication with the server device, and the relay device is such that the relay device conceals communication between the server device and the client device. It has a device control unit for instructing the client device to perform a process performed by using the confidential information stored in the client storage unit among the processes for performing the above.

The relay device of the present invention is a relay device that is communicably connected to the client device and the server device, and is a process for concealing communication between the server device and the client device. It has a device control unit for instructing the client device to perform a process performed by using the confidential information stored in the server device, which is used for the process for concealing communication with the server device.

The communication method of the present invention is a communication method of a relay device connected to a client device and a server device, and is a process for the device control unit to conceal communication between the server device and the client device. The client device is instructed to perform a process performed by using the confidential information stored in the client device and used for the process for concealing communication with the server device.

The program of the present invention is stored in the client device among the processes for concealing the communication between the server device and the client device in the computer of the relay device connected to the client device and the server device. It is a program for functioning as a device control means for instructing the client device to perform a process performed by using the confidential information used for the process for concealing communication with the server device.

According to the present invention, it is possible to ensure confidentiality in communication without securing a large-capacity secure memory area in the relay device assuming that many client devices are connected to the relay device.

It is a block diagram which shows the structural example of the communication system 1 by embodiment of this invention. It is a block diagram which shows the structural example of the server apparatus 10 by embodiment of this invention. It is a block diagram which shows the structural example of GW50 by embodiment of this invention. It is a block diagram which shows the structural example of the GW side SE60 by embodiment of this invention. It is a block diagram which shows the structural example of the IoT device 80 by embodiment of this invention. It is a block diagram which shows the structural example of the client side SE90 by embodiment of this invention. It is a figure which shows the structural example of the key information 121 by embodiment of this invention. It is a figure which shows the structural example of the confidential information 920 by embodiment of this invention. It is a sequence diagram which shows the flow of the process performed by the communication system 1 by embodiment of this invention. It is a sequence diagram which shows the flow of the process performed by the communication system 1 by embodiment of this invention.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram showing a configuration example of the communication system 1 according to the embodiment of the present invention. The communication system 1 includes, for example, a server device 10, a communication network 30, a relay device 40, and a plurality of client devices 70 (client devices 70-1, 70-2, ..., 70-N). N is an arbitrary natural number.

The server device 10 and the relay device 40 are connected to each other so as to be able to communicate with each other via the communication network 30. The relay device 40 and the plurality of client devices 70 are communicably connected to each other. Here, the relay device 40 and the plurality of client devices 70 are communicably connected via a communication network different from that of the communication network 30. Although omitted in FIG. 1, in the communication system 1, a plurality of relay devices 40 are connected to one server device 10, and a so-called tree-type network is formed.

The server device 10 is a computer such as a server device that aggregates data from each of the plurality of client devices 70. The server device 10 receives the measurement data measured by the client device 70 using the sensor via the relay device 40. The measurement data measured by the client device 70 may be arbitrary data, and may be, for example, image pickup data by a surveillance camera or the like, temperature data measured by a temperature sensor or the like, or the like.

The communication network 30 is, for example, a communication network including a part or all of an Internet, a WAN (Wide Area Network), a LAN (Local Area Network), a provider device, a radio base station, a dedicated line, and the like.

The relay device 40 is a device that relays the communication between the server device 10 and the client device 70, and includes, for example, a GW 50 and a GW side SE60. The GW 50 is a computer device such as a PC (Personal Computer) having a relay function. The SE60 on the GW side has a function of enhancing the security of communication. The SE60 on the GW side connects to the GW50 and enhances communication security relayed by the GW50. The process of strengthening the security of communication here is, for example, a process of authenticating the device of the communication destination and encrypting or decrypting the communication with the device of the communication destination. Details of the process of enhancing communication security will be described in detail later.

The GW side SE60 is a semiconductor device in which an integrated circuit is mounted on a semiconductor substrate, which is called, for example, an IC chip, SE (secure element), a secure IC chip, a secure chip, a secure IC, a secure microcomputer, or the like. The SE60 on the GW side may be an IC card or a SIM card (Subscriber Identity Module Card) whose functions are mounted on card equipment such as plastic. In this case, the GW side SE60 is detachably attached via a contact portion (not shown) provided on the GW 50.

The client device 70 is a sensor terminal with a communication function that transmits various measurement data to the server device 10 via the relay device 40. The client device 70 includes, for example, an IoT device 80 and a client-side SE90. The IoT device 80 acquires measurement data measured by various sensors and transmits the acquired measurement data to the relay device 40.

The client-side SE90 has a function of enhancing communication security like the GW-side SE60. The client-side SE90 is connected to the IoT device 80 to enhance the communication security of the measurement data transmitted by the IoT device 80. For example, the client-side SE90 is an IC chip or the like having the same function and structure as the GW-side SE60.

Here, a process for enhancing communication security will be described. For example, mutual authentication processing is performed to enhance communication security. Mutual authentication means that the communication source device and the communication destination device mutually authenticate each other. The authentication here is to confirm that the device of the communication partner is a legitimate device that is not spoofing or the like.

Mutual authentication is performed by, for example, a challenge and response method using encryption using a common key for authentication. For example, consider a case where the server device 10 and the client device 70 mutually authenticate. In this case, when the client device 70 authenticates the server device 10, the challenge side becomes the client device 70 and the response side becomes the server device 10. When the server device 10 authenticates the client device 70, the challenge side becomes the server device 10 and the response side becomes the client device 70. Further, it is premised that a common encryption key (common key) used for authentication is written and stored in the server device 10 and the client device 70 in advance.

The challenge side sends a challenge (host random number) to the response side. The response side encrypts the host random number using the common key, and notifies the challenge side of the encrypted host random number. The challenge side decodes the encrypted host random number with the common key, and when the decoded host random number and the transmitted host random number match, the response side authenticates that the device is a legitimate communication destination. Mutual authentication is performed by exchanging the challenge side and the response side and performing the same exchange. In this case, both the authentication source device and the authentication destination device need to securely store the common key for authentication.

In the mutual authentication in this case, the authentication is performed not by matching the decrypted host random number and the transmitted host random number, but by matching the received ciphertext and the encrypted one of the transmitted host random number. It may be done. For example, the server device 10 transmits a host random number to the client device 70. The client device 70 encrypts the host random number received from the server device 10 with the common key, and notifies the server device 10 of the encrypted host random number. The server device 10 encrypts the host random number transmitted to the client device 70 with a common key, and when the encrypted host random number matches the ciphertext received from the client device 70, the client device 70 is a legitimate device. Is determined. The same applies when the client device 70 authenticates the server device 10.

Alternatively, mutual authentication may be performed using a pair of a private key and a public key. In this case, the authentication destination device (for example, the server device 10) creates a public key / private key pair in advance, and sends the public key among them to the authentication source device (for example, the client device 70). .. At the time of authentication, the client device 70 transmits arbitrary information (for example, a random number) to the server device 10. The server device 10 encrypts the received information with the private key and transmits the received information to the client device 70. The client device 70 decodes the information received from the server device 10 with the public key, and determines that the server device 10 is a legitimate device when the decoded information matches the original information (for example, a random number). The same applies when the server device 10 authenticates the client device 70. In this case, it is necessary for the authentication destination device to securely store the private key corresponding to the public key sent to the authentication source.

Alternatively, in mutual authentication, the digital certificate possessed by the communication destination device may be verified. In this case, for example, the certificate authority presupposes that an electronic certificate (server certificate) has been issued in advance in response to a request from the authentication destination device (for example, the server device 10). An electronic certificate is information in which an electronic document is digitally signed. The electronic signature is information obtained by encrypting a hash value extracted from an electronic document using a private key. The private key here is information that is strictly managed by a certificate authority, such as being stored in a secure memory area. The certificate authority makes the public key corresponding to the private key publicly available.

The client device 70 requests the server device 10 for a server certificate, for example, when the communication destination device (here, the server device 10) can authenticate that the other party is a legitimate device. The server device 10 transmits a server certificate to the client device 70 in response to a request from the client device 70. The client device 70 extracts a hash value from the electronic document of the server certificate received from the server device 10. Further, the client device 70 decrypts the electronic signature of the server certificate received from the server device 10 with the public key. When the extracted hash value and the decoded information match, the client device 70 determines that the server device 10 is a legitimate device. The same applies when the server device 10 authenticates the client device 70. In this case, the device to be authenticated needs to securely store the digital certificate (server certificate or client certificate).

Alternatively, mutual authentication may be performed using a login ID and a password. In this case, the authentication destination device (for example, the client device 70) registers the login ID and the password in the authentication source device (for example, the server device 10) in advance. The server device 10 receives a login ID and a password from the client device 70 at the time of authentication. When the received login ID and password match the login ID and password registered in advance, the server device 10 determines that the client device 70 is a legitimate device. The same applies when the client device 70 authenticates the server device 10. In this case, the authentication source device needs to securely store the password associated with the login ID registered from the authentication destination device.

In this way, in the case of mutual authentication, it is necessary for the device related to mutual authentication to securely store the information used for authentication. The information used for authentication is, for example, a common key when mutual authentication is performed by the challenge & response method. The information used for authentication is, for example, a private key when mutual authentication is performed using a pair of a private key and a public key. The information used for authentication is, for example, an electronic certificate when mutual authentication by an electronic certificate is performed. The information used for authentication is, for example, a password when mutual authentication is performed using a login ID and a password. The information used for authentication is an example of "confidential information".

Further, when there are a plurality of authentication destinations, it is necessary to securely store the information used for the authentication corresponding to each of the authentication destination devices. Therefore, when each of the server device 10 and the plurality of client devices 70 performs mutual authentication, the server device 10 needs to securely store the common key or the like corresponding to each of the plurality of client devices 70. There is. In general, as a computer device provided as a server device 10, a computer device provided with a high-performance processor and memory is often used, so it is less problematic to provide the server device 10 with a large amount of secure memory. it is conceivable that.

In the present embodiment, when the server device 10 and the plurality of client devices 70 each perform mutual authentication, the authentication process to be performed by the client device 70 is shared between the relay device 40 and the client device 70.

For example, consider a case where the server device 10 and the relay device 40 are communicably connected, and a plurality of (for example, three) client devices 70-1 to 70-3 are communicably connected to the relay device 40. In this case, the relay device 40 performs a process related to mutual authentication between the server device 10 and the client devices 70-1 to 70-3. In the following, the case where mutual authentication is performed by the challenge & response method will be described as an example, but authentication using another method (public key / private key pair, digital certificate, or login ID and password), or A similar method can be applied to the encryption / decryption process.

Specifically, the relay device 40 performs a process related to mutual authentication between the server device 10 and the client device 70-1 by using, for example, the common key K1. The relay device 40 performs a process related to mutual authentication between the server device 10 and the client device 70-2 by using, for example, the common key K2. The relay device 40 performs a process related to mutual authentication between the server device 10 and the client device 70-3 by using, for example, the common key K3. In this case, the relay device 40 needs to securely store the common keys K1 to K3.

Here, the GW side SE60 included in the relay device 40 has a function of strengthening communication security, and is a dedicated IC chip or the like that performs special processing such as mutual authentication and encryption / decryption processing. Therefore, the SE60 on the GW side has a secure memory space. Therefore, it is conceivable to store the common keys K1 to K3 used by the relay device 40 for mutual authentication in the secure memory space of the GW side SE60. However, in order to reduce the device cost of the GW side SE60, in most cases, the GW side SE60 is configured so as not to have a large capacity in the secure memory space. In this case, when the number of client devices 70 to be connected is large, it becomes difficult for the relay device 40 to securely store the common key used for each mutual authentication.

As a countermeasure, in the present embodiment, the relay device 40 causes each of the client devices 70 connected to the relay device 40 to store the common key required for each authentication. This makes it possible to secure communication security without securing a large-capacity secure memory area in the relay device 40.

For example, consider a case where client devices 70-1 to 70-3 are connected to the relay device 40 and each of the common keys K1 to K3 is used for each authentication. In this case, the client device 70-1 stores the common key K1 used for the mutual authentication process of itself (client device 70-1). The client device 70-2 stores the common key K2 used in the process of mutual authentication of itself (client device 70-2). The client device 70-3 stores a common key K3 used for processing mutual authentication of itself (client device 70-3).

Then, in the process related to mutual authentication, the relay device 40 acquires a common key used for its own authentication from the client device 70 to be processed, and processes related to mutual authentication using the acquired common key. I do.

For example, when the relay device 40 performs mutual authentication between the server device 10 and the client device 70-1, the relay device 40 acquires a common key K1 from the client device 70-1, and uses the acquired common key K1 to perform processing related to mutual authentication. I do. When the relay device 40 performs mutual authentication between the server device 10 and the client device 70-2, the relay device 40 acquires a common key K2 from the client device 70-2 and performs a process related to mutual authentication using the acquired common key K2. .. When the relay device 40 performs mutual authentication between the server device 10 and the client device 70-3, the relay device 40 acquires a common key K3 from the client device 70-3 and performs a process related to mutual authentication using the acquired common key K3. ..

Further, there is an encryption / decryption process as a process for enhancing communication security. In this encryption / decryption process, the same method as the above-mentioned process related to mutual authentication can be applied. Here, the information used in the encryption / decryption process is an example of "confidential information".

The encryption / decryption process of the present embodiment will be described in more detail below. The encryption process is a process for encrypting plaintext. The decryption process is a process of decrypting the encrypted information and returning it to plain text. By performing the encryption / decryption process, even if the information flowing through the communication path is stolen, it becomes difficult to decrypt the content, and it is possible to maintain the security of the communication by keeping the communication content confidential. be.

In the present embodiment, when the server device 10 and the plurality of client devices 70 each perform encrypted communication, the encryption / decryption process to be performed by the client device 70 is shared between the relay device 40 and the client device 70. Will be.

For example, consider a case where the server device 10 and the relay device 40 are communicably connected, and a plurality of (for example, three) client devices 70-1 to 70-3 are communicably connected to the relay device 40. In this case, the relay device 40 performs processing related to encryption / decryption between the server device 10 and the client devices 70-1 to 70-3. In this case, the relay device 40 performs encryption / decryption processing using different encryption keys for each of the client devices 70-1 to 70-3. For example, the relay device 40 uses the encryption key A1 to perform processing related to encryption / decryption between the server device 10 and the client device 70-1. The relay device 40 uses the encryption key A2 to perform processing related to encryption / decryption between the server device 10 and the client device 70-2. The relay device 40 uses the encryption key A3 to perform processing related to encryption / decryption between the server device 10 and the client device 70-3. In this case, each of the encryption keys A1 to A3 used for encryption and decryption needs to be securely stored.

In the present embodiment, the relay device 40 causes each of the client devices 70 connected to the relay device 40 to store the encryption key required for the respective encryption / decryption processing. This makes it possible to secure communication security without securing a large-capacity secure memory area in the relay device 40.

For example, consider a case where client devices 70-1 to 70-3 are connected to the relay device 40 and each of the encryption keys A1 to A3 is used for encryption / decryption. In this case, the client device 70-1 stores the encryption key A1 used for the encryption / decryption process of itself (client device 70-1). The client device 70-2 stores the encryption key A2 used for the encryption / decryption process of itself (client device 70-2). The client device 70-3 stores the encryption key A3 used for the encryption / decryption process of itself (client device 70-3).

Then, in the process of the encryption / decryption process, the relay device 40 acquires an encryption key used for its own encryption or decryption from the client device 70 to be processed, and encrypts using the acquired encryption key. Performs processing related to encryption / decryption.

For example, when the relay device 40 performs encryption / decryption processing between the server device 10 and the client device 70-1, the relay device 40 acquires the encryption key A1 from the client device 70-1 and encrypts the encrypted key A1 using the acquired encryption key A1. Performs decryption processing. When the relay device 40 performs the encryption / decryption process between the server device 10 and the client device 70-2, the relay device 40 acquires the encryption key A2 from the client device 70-2 and uses the acquired encryption key A2 for encryption / decryption. Perform the relevant processing. When the relay device 40 performs the encryption / decryption process between the server device 10 and the client device 70-3, the relay device 40 acquires the encryption key A3 from the client device 70-3 and uses the acquired encryption key A3 for encryption / decryption. Perform the relevant processing.

FIG. 2 is a block diagram showing a configuration example of the server device 10 according to the embodiment of the present invention. The server device 10 includes, for example, a communication unit 11, a storage unit 12, and a control unit 13. The communication unit 11 communicates with the relay device 40 via the communication network 30.

The storage unit 12 is a storage medium, for example, an HDD (Hard Disk Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a RAM (Random Access read / write Memory), a ROM (Read Only Memory), or a storage medium thereof. It consists of any combination of storage media.

The storage unit 12 stores, for example, the sensor information 120 and the key information 121. The sensor information 120 is information (measurement data measured by the sensor, etc.) aggregated from each of the client devices 70. The key information 121 is information related to a key (for example, a common key or an encryption key) used for authentication or encrypted communication. The key information 121 may include information regarding a private key, a digital certificate, and a password.

The control unit 13 is realized, for example, by causing a CPU (Central Processing Unit) provided as hardware in the server device 10 to execute a program stored in the storage unit 12. The control unit 13 includes, for example, a sensor information management unit 130, an authentication unit 131, 132, and a device control unit 133.

The sensor information management unit 130 manages information (measurement data measured by the sensor, etc.) aggregated from the client device 70. For example, the sensor information management unit 130 sequentially establishes communication synchronization with each of the plurality of client devices via the relay device 40, and receives the information acquired by each client device 70. The sensor information management unit 130 stores the received information in the sensor information 120.

The authentication unit 131 performs processing related to mutual authentication. For example, the authentication unit 131 authenticates the client device 70 of the communication destination when communicating with each of the plurality of client devices 70 via the relay device 40. Further, the authentication unit 131 authenticates that the server device 10 is a legitimate device in response to a request from each of the plurality of client devices.

The encryption / decryption processing unit 132 performs processing related to encryption / decryption. For example, the encryption / decryption processing unit 132 transmits information using the encryption key stored in the key information 121 when communicating with each of the plurality of client devices 70 via the relay device 40 via the relay device 40. To encrypt. Further, the encryption / decryption processing unit 132 decrypts the information received by the server device 10 by using the encryption key stored in the key information 121.

The device control unit 133 comprehensively controls the server device 10. The device control unit 133 causes the sensor information management unit 130 to acquire sensor information when, for example, the authentication unit 131 authenticates the client device 70 of the communication destination as a legitimate device. The device control unit 133 decodes the sensor information received via the communication unit 11 by the encryption / decryption processing unit 132, and outputs the decoded information to the sensor information management unit 130.

FIG. 3 is a block diagram showing a configuration example of the GW 50 according to the embodiment of the present invention. The GW 50 includes, for example, a communication unit 51, a storage unit 52, and a control unit 53. The communication unit 51 includes a server communication unit 510, a client communication unit 511, and a relay side SE communication unit 512.

The server communication unit 510 communicates with the server device 10. The communication protocol between the GW 50 and the server device 10 is a communication method via a communication network 30, and for example, a communication method configured by a general-purpose network such as the Internet is applied.

The client communication unit 511 communicates with the client device 70. The communication protocol between the GW 50 and the client device 70 may be arbitrary, but for example, ZETA (registered trademark) of the LPWA (Low Power Wide Area) standard is applied.

The relay-side SE communication unit 512 communicates with the relay-side SE60. As the communication protocol between the GW 50 and the relay side SE60, for example, serial data communication such as UART (Universal Asynchronous Receiver / Transmitter) is applied.

The storage unit 52 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 52 stores, for example, the relay information 520. The relay information 520 is information related to data to be relayed, and is, for example, information related to data received from a relay source, data transmitted to a relay destination, a conversion method of a data protocol related to relay, and the like.

The control unit 53 is realized, for example, by causing a CPU provided as hardware in the GW 50 to execute a program stored in the storage unit 52. The control unit 53 includes, for example, a relay unit 530 and a device control unit 531. The relay unit 530 performs processing related to data relay. The relay unit 530 converts the data received from the conversion source device into a communication protocol applied to the conversion destination communication, and transmits the converted data to the conversion destination device. Specifically, the relay unit 530 converts the data received from the client device 70 into a communication protocol applied to the communication network 30, and transmits the converted data to the server device 10. The relay unit 530 converts the data received from the server device 10 into a communication protocol applied to the communication with the client device 70, and transmits the converted data to the client device 70.

The device control unit 531 controls the GW 50 in an integrated manner. The device control unit 531 outputs, for example, the data received from the device of the relay source to the relay unit 530. The device control unit 531 transmits the data whose communication protocol has been converted by the relay unit 530 to the relay destination device via the communication unit 51. The device control unit 531 transmits the data to be decrypted or encrypted to the relay side SE60 via the relay side SE communication unit 512. The device control unit 531 outputs the data decrypted or encrypted by the relay side SE60 to the relay unit 530.

FIG. 4 is a block diagram showing a configuration example of the GW side SE60 according to the embodiment of the present invention. The GW side SE60 includes, for example, a communication unit 61, a storage unit 62, and a control unit 63. The communication unit 61 communicates with the GW 50. The storage unit 62 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media.

The control unit 63 is realized, for example, by causing a CPU provided as hardware in the SE60 on the GW side to execute a program stored in the storage unit 62. The control unit 63 includes, for example, an authentication unit 630, an encryption / decryption unit 631, and a device control unit 632.

The authentication unit 630 performs processing related to mutual authentication between the server device 10 and the client device 70 connected to the relay device 40. In the process related to mutual authentication, the authentication unit 630 acquires a common key or the like used for mutual authentication from the client device 70 to be processed, and performs the process related to mutual authentication using the acquired common key or the like. ..

The encryption / decryption unit 631 performs processing related to encryption / decryption between the server device 10 and the client device 70 connected to the relay device 40. In the process related to encryption / decryption, the authentication unit 630 acquires an encryption key used for encryption / decryption from the client device 70 to be processed, and uses the acquired encryption key to perform processing related to encryption / decryption. conduct.

The device control unit 632 comprehensively controls the GW side SE60. The device control unit 632 transmits a notification to request a common key to the client device 70 via the communication unit 61 in the process of processing by the authentication unit 630. The device control unit 632 outputs the common key received from the client device 70 via the communication unit 61 to the authentication unit 630.

FIG. 5 is a block diagram showing a configuration example of the IoT device 80 according to the embodiment of the present invention. The IoT device 80 includes, for example, a communication unit 81, a storage unit 82, and a control unit 83. The communication unit 81 includes a GW communication unit 810 and a terminal-side SE communication unit 811. The GW communication unit 810 communicates with the GW 50. The terminal-side SE communication unit 811 communicates with the client-side SE90.

The storage unit 82 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 82 stores, for example, the sensor information 820. The sensor information 820 is data measured by various sensors connected to the client device 70.

The control unit 83 is realized by causing a CPU provided as hardware in the IoT device 80 to execute a program stored in the storage unit 82. The control unit 83 includes, for example, a sensor information acquisition unit 830 and a device control unit 831. The data measured by various sensors connected to the client device 70 is acquired. The device control unit 831 comprehensively controls the IoT device 80. The device control unit 831 transmits, for example, the data acquired by the sensor information acquisition unit 830 or the sensor information 820 stored in the storage unit 82 to the GW 50.

FIG. 6 is a block diagram showing a configuration example of the client-side SE90 according to the embodiment of the present invention. The client-side SE90 includes, for example, a communication unit 91, a storage unit 92, and a control unit 93. The communication unit 91 communicates with the IoT device 80.

The storage unit 92 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 92 stores, for example, the confidential information 920. The confidential information 920 is information used for enhancing communication security and needs to be securely stored. The confidential information 920 is, for example, information related to a common key, a private key, a digital certificate, a password, and the like used for mutual authentication.

The control unit 93 is realized by causing a CPU provided as hardware in the terminal side SE90 to execute a program stored in the storage unit 92. The control unit 93 includes, for example, an authentication-corresponding unit 930, an encryption / decryption-corresponding unit 931 and a device control unit 932.

The authentication response unit 930 responds to a request from the GW side SE60 in the process of processing related to mutual authentication in the client device 70. Specifically, when the authentication corresponding unit 930 requests the common key used for mutual authentication from the GW side SE60, the authentication corresponding unit 930 acquires the corresponding common key by referring to the confidential information 920, and the acquired common key is used on the GW side. Send to SE60.

The encryption / decryption corresponding unit 931 responds to a request from the GW side SE60 in the process of the encryption / decryption in the client device 70. Specifically, when the encryption / decryption corresponding unit 931 is requested by the GW side SE60 for the encryption key used for encryption or decryption, the encryption / decryption corresponding unit 931 acquires the corresponding encryption key by referring to the confidential information 920, and the acquired encryption key. Is transmitted to the GW side SE60.

The device control unit 932 comprehensively controls the client-side SE90. When the device control unit 932 receives a notification requesting a common key related to mutual authentication from the GW side SE60 via the communication unit 91, the device control unit 932 outputs the received information to the authentication corresponding unit 930. When the device control unit 932 receives a notification requesting an encryption key for encryption or decryption from the GW side SE60 via the communication unit 91, the device control unit 932 outputs the received information to the encryption / decryption compatible unit 931.

In the above, as an example of the case where the relay device 40 and the client device 70 are shared, a case where the relay device 40 performs a process related to confidentiality in communication (authentication process or encryption / decryption process) is exemplified. explained. However, it is not limited to this. As an example of the case where the relay device 40 and the client device 70 are shared, the relay device 40 may instruct the client device 70 to perform a process related to communication concealment. The processing related to the confidentiality in communication here may be an arbitrary processing in the authentication processing or the encryption / decryption processing, but in particular, the processing performed by using the confidential information 920 stored in the client device 70. It is desirable to have. For example, when performing a process related to encryption / decryption, the relay device 40 instructs the client device to execute the process using the encryption key, and the relay device 40 performs the process using the encryption key such as the generation of the communication history. To do so.

In this case, the relay device 40 does not perform a process related to confidentiality in communication (authentication process or encryption / decryption process). Therefore, the GW side SE60 can be omitted. Further, the communication unit 51 of the GW 50 can omit the relay side SE communication unit 512.

In the process of mutual authentication, the relay device 40 orders the client device 70 to be processed to perform the process of mutual authentication using the common key used for its own authentication. For example, the device control unit 531 of the GW 50 orders the client device 70 to perform processing related to mutual authentication via the communication unit 51. Then, the relay device 40 acquires the result of the process related to mutual authentication from the client device 70, and transmits the acquired information to the server device 10.

Further, the relay device 40 instructs the client device 70, which is the target of the process, to perform the process related to the encryption / decryption using the encryption key stored by itself in the process of the process related to the encryption / decryption. For example, the device control unit 531 of the GW 50 orders the client device 70 to perform a process related to encryption / decryption via the communication unit 51. Then, the relay device 40 acquires the result of the process related to encryption / decryption from the client device 70, and transmits the acquired information to the server device 10.

As a result, it is possible to perform processing related to mutual authentication or encryption / decryption without transmitting information to be securely stored such as a common key and an encryption key to the outside from the client device 70. Therefore, it is possible to further improve the confidentiality of communication.

FIG. 7 is a diagram showing a configuration example of the key information 121 according to the embodiment of the present invention. The key information 121 includes, for example, items for each of the server device 10 and the plurality of client devices 70 to be communicated with. In this example, the items of the server device 10 include items such as a device ID and a server certificate. The device ID is identification information that uniquely identifies the server device 10. The server certificate is information indicating an electronic certificate acquired by the server device 10 from a certificate authority. The items of the client device 70 include, for example, items such as a device ID, a common key, and an encryption key. The device ID is identification information that uniquely identifies the client device 70. The common key is information about the common key used when performing mutual authentication with the client device 70 specified by the device ID. The encryption key is information about an encryption key used when encrypting information to the client device 70 specified by the device ID and decrypting information from the client device 70.

FIG. 8 is a diagram showing a configuration example of confidential information 920 according to the embodiment of the present invention. The confidential information 920 includes an item of the client device 70. In this example, the items of the client device 70 include items such as a device ID, a common key, an encryption key, and a client certificate. The device ID is identification information that uniquely identifies the client device 70. The common key is information about the common key used when performing mutual authentication with the client device 70 specified by the device ID. The encryption key is information about an encryption key used when encrypting information to the client device 70 specified by the device ID and decrypting information from the client device 70. The client certificate is information indicating an electronic certificate acquired by the client device 70 from a certificate authority.

As shown in FIG. 7, the server device 10 needs to store a common key and an encryption key for each of the client devices 70 to be communicated with, and manages these information securely so as not to be leaked to the outside. Is required. When the relay device 40 performs processing related to mutual authentication and encryption / decryption of the client devices 70 connected to the relay device 40, among the key information 121 shown in FIG. 7, the client connected to the relay device 40 itself. It is necessary to securely store the common key and the encryption key for the device 70, and the device cost may increase in order to secure a large capacity area for storing these.

As a countermeasure, in the present embodiment, instead of storing information about the common key and the encryption key related to the plurality of client devices 70 in the storage unit 62 of the GW side SE60, as shown in FIG. 8, the storage unit of the client side SE90 is stored. The unit 92 stores information about the common key and the encryption key related to each client device 70. Since the amount of information about the common key and the encryption key related to one client device 70 is not so large, it is unlikely to be a factor that increases the device cost of the client-side SE90. Therefore, the device cost of the communication system 1 as a whole does not increase.

9 and 10 are sequence diagrams showing a flow of processing performed by the communication system 1 according to the embodiment of the present invention. Hereinafter, the flow of processing when the relay device 40 instructs the client device 70 to perform processing related to communication concealment will be described as an example.

In step S1 of FIG. 9, the client device 70 generates a random number and transmits the generated random number to the relay device 40. Here, since the random number transmitted to the relay device 40 is information that can be leaked without any problem, it may be generated by the IoT device 80 or may be generated by the client-side SE90.

In step S2, the relay device 40 transmits the random number received from the client device 70 to the server device 10.

In step S3, the server device 10 transmits the random number generated by the server device 10 to the relay device 40.

In step S4, the server device 10 transmits the server certificate to the relay device 40. The server certificate contains a public key and a digital signature. A digital signature is information in which an electronic document included in a server certificate is encrypted with a private key paired with a public key included in the server certificate.

In step S5, the relay device 40 authenticates the server device 10. For example, the relay device 40 extracts a hash value from an electronic document included in the server certificate. The relay device 40 decrypts the electronic signature included in the server certificate with the public key. When the hash value extracted from the electronic document and the information obtained by decrypting the electronic signature with the public key match, the relay device 40 authenticates that the server device 10 is a legitimate device.

In step S6, the client device 70 transmits the client certificate to the relay device 40 in response to the request from the relay device 40. The client certificate here may be securely stored in the confidential information 920 or may be stored in the storage unit 82. This is because the client certificate is generally information that may be leaked to the outside. The client certificate contains a public key and a digital signature. A digital signature is information in which an electronic document contained in a client certificate is encrypted with a private key paired with a public key contained in the client certificate.

In step S7, the relay device 40 transmits the client certificate received from the client device 70 to the server device 10.

In step S8, the relay device 40 generates a history (communication history) of communication between the server device 10 and the relay device 40, and transmits the generated communication history to the client device 70.

In step S9, the client device 70 generates an electronic signature in which the communication history received from the relay device 40 is encrypted with the private key associated with the client certificate. The private key associated with the client certificate here is securely stored in the confidential information 920, and the generation of the electronic signature is performed by the authentication corresponding unit 930.

In step S10, the client device 70 transmits the generated electronic signature to the relay device 40.

In step S11, the relay device 40 transmits the electronic signature generated from the communication history to the server device 10.

In step S12, the server device 10 verifies the signature in the client certificate and the signature generated from the communication history with the public key included in the client certificate.

In step S13, the server device 10 generates a session key. The session key is a disposable encryption key that is valid only for a certain number of times, time, data amount, or from the start to the end of communication. The server device 10 uses, for example, a random number generated by the client device 70, a random number generated by the server device 10, a public key included in the client certificate, and a private key associated with the server certificate as arguments, and a predetermined algorithm. Generate a session key by executing.

In step S14, the relay device 40 transmits the random number generated by the server device 10 and the server certificate to the client device 70.

In step S15, the client device 70 uses, for example, a random number generated by the client device 70, a random number generated by the server device 10, a public key included in the server certificate, and a private key associated with the client certificate as arguments. , Generate a session key by executing a given algorithm.

As a result, the same session key used for communication between the server device 10 and the client device 70 can be safely shared. A third party cannot know the private key associated with the server certificate or the private key associated with the client certificate. Therefore, even if all the communication contents in the relay device 40 are eavesdropped, the session key is not generated and the contents of the encrypted communication using the session key are not stolen. Communication synchronization is established by performing the processes shown in steps S1 to S15.

In step S16 of FIG. 10, the client device 70 encrypts the acquired measurement data using the session key.

In step S17, the client device 70 transmits the encrypted measurement data to the relay device 40.

In step S18, the relay device 40 transmits the measurement data encrypted with the session key to the server device 10.

In step S19, the server device 10 decodes the received measurement data using the session key.

In step S20, the server device 10 stores the decoded measurement data in the sensor information 120 so that the measurement data can be utilized.

When information (for example, information indicating parameter settings such as sensor measurement frequency) is transmitted from the server device 10 to the client device 70, the same method as the process shown in steps S1 to S20 described above is applied. be able to.

As described above, the communication system 1 of the embodiment includes a server device 10, a relay device 40 communicably connected to the server device 10, and a plurality of client devices 70 communicably connected to the relay device 40. , Equipped with. The client device 70 has a storage unit 92 that stores confidential information 920 used in a process for concealing communication with the server device 10. The relay device 40 has a device control unit 531 that orders the client device 70 to execute the process performed by using the confidential information 920 among the processes for ensuring the communication between the server device 10 and the client device 70. Have.

The storage unit 92 is an example of a “client storage unit”.

As a result, in the communication system 1 of the embodiment, the relay device 40 uses the confidential information 920 stored in the client-side SE90 among the processes for concealing the communication such as the processes related to mutual authentication and encryption / decryption. It is possible to instruct the client device 70 to perform the processing to be performed. Therefore, even when many client devices 70 are connected to the relay device 40, communication security can be ensured without securing a large-capacity secure memory area in the relay device 40.

Here, as a comparative example 1, consider a case where the relay device 40 performs all the processes related to encryption / decryption. In this case, the relay device 40 must acquire the encryption key from the client device 70 when performing processing using the encryption key. Therefore, the encryption key is output to the outside of the client device 70, and the encryption key may be stolen or tampered with. On the other hand, in the communication system 1 of the present embodiment, the client device 70 is made to execute the process using the confidential information 920. Therefore, the encryption key is not output to the outside of the client device 70. That is, it is possible to prevent the possibility that the encryption key is stolen or tampered with. Therefore, more secure encrypted communication becomes possible.

Further, as a comparative example 2, consider a case where the client device 70 performs all the processes related to encryption / decryption. In this case, since the processing load of the client device 70 increases, it is necessary to provide a high-performance CPU or the like capable of executing the increased processing, and the device cost increases. On the other hand, in the communication system 1 of the present embodiment, the relay device 40 has the confidential information 920 stored in the client-side SE90 among the processes for concealing the communication such as the processes related to mutual authentication and encryption / decryption. Can be executed without using. Therefore, the amount of processing performed by the client device 70 can be reduced, and an increase in the device cost of the client device 70 can be suppressed. Even if the client device 70 does not have a high-performance CPU or the like, the relay device 40 can perform complicated encrypted communication (for example, TLS) by performing processing. Further, although omitted in the above-mentioned example of FIG. 9, in the case of the configuration in which the client device 70 connects the SE90 to the IoT device 80 and causes the SE90 to perform the encryption processing, an instruction is given to the SE90 to execute the encryption processing. There is a need. The relay device 40 creates an instruction to cause the SE 90 to execute the encryption process, and the created instruction is transmitted to the client device 70 to instruct the client device 70 to perform the encryption process. In this case, the client device 70 does not need to create an instruction to cause the SE90 to execute the encryption process. Therefore, it is possible to reduce the processing performed by the client device 70. Therefore, it is possible to secure communication security while suppressing the cost for the client device 70.

Further, in the communication system 1 of the embodiment, the confidential information 920 includes information indicating a common key shared between the server device 10 and the client device 70. The authentication unit 630 authenticates the server device by decrypting the information notified from the server device 10 using the common key. The authentication unit 630 causes the server device 10 to authenticate the client device 70 by transmitting the information encrypted using the common key to the server device 10. As a result, the same effect as the above-mentioned effect is obtained.

Further, in the communication system 1 of the embodiment, the confidential information 920 includes information indicating a private key corresponding to the public key disclosed to the server device 10, and the authentication unit 630 contains information encrypted with the private key. Is transmitted to the server device 10, so that the server device 10 authenticates the client device 70. As a result, the same effect as the above-mentioned effect is obtained.

Further, in the communication system 1 of the embodiment, the confidential information 920 includes information indicating an encryption key generated after the server device 10 is authenticated as a legitimate device, and the encryption / decryption unit 631 is legitimate. The information to be notified to the server device 10 that has been authenticated as a device is encrypted using an encryption key, and the encrypted information is transmitted to the server device 10. As a result, the same effect as the above-mentioned effect is obtained.

Further, the relay device 40 of the embodiment is communicably connected to the client device 70 and the server device 10. The relay device 40 includes an authentication unit 630 or an encryption / decryption unit 631. As a result, the same effect as the above-mentioned effect is obtained.

The functions described in each of the above-described embodiments are not limited to the configuration using hardware, but can also be realized by loading a program describing each function into a computer using software. Further, each function may be configured by appropriately selecting either software or hardware.

The communication system 1 and the relay device 40 in the above-described embodiment may be realized by a computer in whole or in part. In that case, a program for realizing this function may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read by a computer system and executed. The term "computer system" as used herein includes hardware such as an OS and peripheral devices. Further, the "computer-readable recording medium" refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, or a CD-ROM, and a storage device such as a hard disk built in a computer system. Further, a "computer-readable recording medium" is a communication line for transmitting a program via a network such as the Internet or a communication line such as a telephone line, and dynamically holds the program for a short period of time. It may also include a program that holds a program for a certain period of time, such as a volatile memory inside a computer system that is a server or a client in that case. Further, the above program may be for realizing a part of the above-mentioned functions, and may be further realized for realizing the above-mentioned functions in combination with a program already recorded in the computer system. It may be realized by using a programmable logic device such as FPGA.

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to this embodiment, and includes designs and the like within a range that does not deviate from the gist of the present invention.

1 ... Communication system 10 ... Server device 40 ... Relay device 50 ... GW
60 ... Relay side SE
630 ... Authentication unit 631 ... Encryption / decryption unit 632 ... Device control unit 70 ... Client device 80 ... IoT device 90 ... Client side SE

Claims (11)

A server device, a relay device communicably connected to the server device, and a plurality of client devices communicably connected to the relay device are provided.
The client device has a client storage unit that stores confidential information used in a process for concealing communication with the server device.
In the relay device, among the processes for concealing the communication between the server device and the client device, the client device performs the process performed by using the confidential information stored in the client storage unit. Has a device control unit that commands
Communications system. The process for concealing the communication between the server device and the client device is a process related to encryption / decryption.
The client device stores an encryption key used in a process related to encryption / decryption, and stores the encryption key.
The communication system according to claim 1, wherein the relay device orders the client device to perform a process using the encryption key among the processes related to encryption / decryption. The confidential information includes information indicating a common key shared between the server device and the client device.
The device control unit authenticates the server device by decrypting the information notified from the server device using the common key.
The communication system according to claim 1 or 2. The device control unit transmits the first information to the server device, receives the information in which the first information is encrypted using the common key from the server device, and uses the received information as the common key. Decrypted using, and if the decoded information matches the first information, the server device is authenticated as a legitimate device.
The communication system according to claim 3. The device control unit transmits the first information to the server device, the server device receives the information obtained by encrypting the first information using the common key from the server device, and the received information is the common information. When the first information matches the encrypted information using the key, the server device is authenticated as a legitimate device.
The communication system according to claim 3. The confidential information includes information indicating a common key shared between the server device and the client device.
The device control unit causes the server device to authenticate the client device by transmitting information encrypted using the common key to the server device.
The communication system according to any one of claims 1 to 3. The confidential information includes information indicating a private key corresponding to the public key disclosed to the server device.
The device control unit causes the server device to authenticate the client device by transmitting the information signed by the private key to the server device.
The communication system according to any one of claims 1 to 3. The confidential information includes information indicating an encryption key generated in the process of authenticating the server device as a legitimate device.
The device control unit encrypts the information notified to the server device authenticated as a legitimate device by using the encryption key, and transmits the encrypted information to the server device.
The communication system according to any one of claims 1 to 7. A relay device that is communicably connected to a client device and a server device.
Among the processes for concealing the communication between the server device and the client device, the confidential information stored in the client device and used for the process for concealing the communication with the server device is used. It has a device control unit that orders the client device to perform the processing to be performed.
Relay device. It is a communication method of the relay device that connects the client device and the server device.
Among the processes for concealing the communication between the server device and the client device, the device control unit conceals used for the process for concealing the communication with the server device stored in the client device. Instructing the client device to perform processing performed using information.
Communication method. To the computer of the relay device connected to the client device and the server device,
Among the processes for concealing the communication between the server device and the client device, the confidential information stored in the client device and used for the process for concealing the communication with the server device is used. A device control means for instructing the client device to perform the processing to be performed.
A program to function as.

Images