JP4599812B2 - Service providing system, service providing server, device authentication program, storage medium, terminal device, device authentication server, and public key confirmation information update program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a device authentication system and the like, and more particularly to a device authentication performed by each service server by using a digital certificate.
[0002]
[Prior art]
In recent years, the spread of CE (Consumer Electronics) equipment has been spreading. A CE device is a device that has a built-in computer in an audio-visual device such as a video deck, stereo, or TV, a household appliance such as a rice cooker or a refrigerator, or other electronic devices, and can use services via a network. is there.
For this reason, device authentication information for device authentication is built in the CE device, and the service server that provides the service provides the CE device with the service after performing device authentication on the device authentication server. It is configured.
[0003]
FIG. 10 is a diagram illustrating an example of a configuration of a conventional service providing system.
The service servers 107, 107,... Are server devices that provide services to the CE device 109.
When receiving the service from the service servers 107, 107,..., The CE device 109 first authenticates the device with the device authentication server 105, and transmits the device authentication result to the service servers 107, 107,.
[0004]
On the other hand, the service servers 107, 107,... Inquire the device authentication server 105 about the device authentication result in order to check whether the device authentication result received from the CE device 109 is correct. If the device authentication result is confirmed to be correct, the service servers 107, 107,... Provide a service to the CE device 109.
As described above, the invention in which the authentication server authenticates the client includes the following.
The invention disclosed in this document performs user authentication using a public key / private key pair.
[0005]
[Patent Document 1]
JP 2001-236321 A
[0006]
In the present invention, first, the client side owns the secret key, and the authentication server side owns the public key corresponding to the user.
Then, the random number (code) generated in the authentication server is encrypted with the public key and then transmitted to the client. Then, the client is authenticated by judging whether or not the encrypted random number can be correctly decrypted with the secret key.
[0007]
In the present invention, the public key that is paired with the secret key is collectively managed by a specific server device.
Therefore, it is not always efficient as an authentication method for CE devices that are marketed in large quantities and are produced and discarded every day.
This is because, in the present invention, as the CE device is produced, discarded, and the owner is transferred, the public key that is collectively managed must be updated each time, and maintenance of the public key is costly and labor-intensive. It is.
[0008]
[Problems to be solved by the invention]
However, the conventional service providing system has a problem that device authentication is concentrated on the device authentication server 105.
For this reason, a load may be concentrated on the device authentication server 105, and it may be difficult to perform device authentication efficiently.
[0009]
Therefore, an object of the present invention is to reduce the concentration of device authentication load by distributing the device authentication function.
[0010]
[Means for Solving the Problems]
In order to achieve the above object, the present invention is a service providing system comprising a terminal device and a service providing server that authenticates each other with the terminal device and provides a service to the terminal device. Issued by the device authentication authority used to confirm that the terminal private key, the terminal public key paired with the terminal private key, and the terminal public key are recognized by a predetermined device authentication authority Terminal public key confirmation information stored therein, and when the service providing server is requested to provide a service, the stored terminal public key and terminal public key confirmation information are stored in the service providing server. The service providing server uses the terminal public key confirmation information to confirm that the terminal public key is approved by the device authentication authority, and First secret secret information is generated by encrypting the secret information with the confirmed terminal public key using a common key shared between the device and the service providing server as secret information, and first ID information And the first code information and the common key are stored in association with each other, and the first encrypted secret information, the first ID information, and the first code information are stored in the terminal. The terminal device acquires the common key which is the secret information by decrypting the received first encrypted secret information using the stored terminal secret key, and the terminal device Using the acquired common key, the service providing server confirms that the first code information is encrypted, and the terminal device decrypts the encrypted first code information. First decryption confirmation for The first decryption confirmation information and the first ID information generated are transmitted to the service providing server, and the service providing server uses the received first ID information, The first code information associated with the first ID information and the common key are acquired, and the received first decryption confirmation information is encrypted using the common key. The terminal device authenticates the terminal device by comparing the first code information and confirming that the secret information has been decrypted from the transmitted first encrypted secret information in the terminal device. A server private key, a server public key paired with the server private key, server public key confirmation information used to confirm that the server public key is approved by a predetermined device authentication authority, Remember The second ID information and the common key are stored in association with each other, and the stored server public key, server public key confirmation information, and second ID information are transmitted to the terminal device. The terminal device uses the server public key confirmation information to confirm that the received server public key is recognized by the device certification authority, and confirms one of the confirmed server public key and the common key. After encrypting the second code information using the second code information, the second code secret information is generated by further encrypting using the other, and the generated second encrypted secret information, Second ID information is transmitted to the service providing server, and the service providing server obtains the common key associated with the second ID information from the received second ID information, The received second cipher The second code information is obtained by decrypting the secret information using one of the common key and the stored server secret key, and further decrypted using the other, and the obtained second code Is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information, and the terminal device The received second decryption confirmation information is compared with the stored second code information, and the second code information is obtained from the second encrypted secret information transmitted by the service providing server. A service providing system is provided that authenticates the service providing server by confirming that the data has been decrypted, and requests the service providing server to provide the service. 1 configuration).
Further, the present invention is a service providing server for providing a service after mutual device authentication with a terminal device, wherein the terminal device includes a terminal secret key, a terminal public key paired with the terminal secret key, Terminal public key confirmation information used for confirming that the terminal public key is approved by a predetermined device certification authority, and storing the terminal public key and the terminal public key from the terminal device Public key receiving means for receiving key confirmation information, and terminal public key confirmation means for confirming that the received terminal public key is recognized by the device authentication authority using the received terminal public key confirmation information And using the common key shared between the terminal device and the service providing server as secret information, and generating first encrypted secret information obtained by encrypting the secret information using the confirmed terminal public key. First ID information, first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, and the first ID information are stored. Encrypted secret information transmitting means for transmitting the code information to the terminal device, and a first unit for confirming that the secret information has been decrypted from the transmitted first encrypted secret information from the terminal device. The decoding confirmation information receiving means for receiving the first decoding confirmation information and the first ID information, and the first ID information associated with the first ID information from the received first ID information. The code information and the common key are obtained, and the received first decryption confirmation information is compared with the first code information that is encrypted with the common key. From the transmitted first encrypted secret information in the terminal device, Decryption confirmation means for confirming that secret information has been decrypted, a server private key, a server public key that forms a pair with the server private key, and the server public key that has been approved by a predetermined device authentication authority And storing the server public key confirmation information used for confirming that the key information storage means, the second ID information, and the common key are stored in association with each other. The terminal device transmits the public key, the server public key confirmation information, and the second ID information to the terminal device, and the terminal device transmits the public key, corresponding to the transmitted server public key. Encrypted secret information receiving means for receiving the second encrypted secret information and the second ID information;
The common key associated with the second ID information is acquired from the received second ID information, and the received second encrypted secret information is used as the common key and the stored server secret key. The code information decoding means for acquiring the second code information by decoding using the other, and further providing the service with the acquired second code information. Decoding confirmation information transmitting means for transmitting to the terminal device as second decoding confirmation information for the terminal device to confirm that the server has decrypted the second code information. A characteristic service providing server is provided (second configuration).
The present invention also provides: A terminal secret key, a terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority, Remember A device authentication program that implements a mutual device authentication function with a service providing server configured by a computer that provides services after mutual device authentication with a terminal device, Computer Public key reception for receiving the terminal public key and the terminal public key confirmation information from the terminal device means And terminal public key confirmation for confirming that the received terminal public key is recognized by the device authentication authority using the received terminal public key confirmation information. means And generating a first encrypted secret information obtained by encrypting the secret information using the confirmed terminal public key, with a common key shared between the terminal device and the service providing server as secret information, The ID information, the first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, and the first code information are stored. And transmitting the encrypted secret information to the terminal device means Receiving, from the terminal device, first decryption confirmation information for confirming that the secret information has been decrypted from the transmitted first encrypted secret information, and the first ID information. Decryption confirmation information received means The first code information associated with the first ID information and the common key are obtained from the received first ID information, and the received first decryption confirmation information And the first code information encrypted by itself using the common key, and the secret information is decrypted from the transmitted first encrypted secret information in the terminal device. Confirm the decryption means A server private key, a server public key paired with the server private key, and server public key confirmation information used for confirming that the server public key has been approved by a predetermined device authentication authority; , Memorize key information means And the second ID information and the common key are stored in association with each other, and the stored server public key, the server public key confirmation information, and the second ID information are stored in the terminal device. Server public key transmission to send to means And receiving the second encrypted secret information transmitted by the terminal device and the second ID information corresponding to the transmitted server public key. means And acquiring the common key associated with the second ID information from the received second ID information, and storing the received second encrypted secret information with the common key and the stored server. Code information decryption for obtaining the second code information by decrypting with one of the secret keys and further decrypting with the other means Then, the obtained second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. Send decryption confirmation information to be sent means , To function as A device authentication program is provided (third configuration).
The present invention also provides: A terminal secret key, a terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority, Remember A storage medium storing a device authentication program for realizing a mutual device authentication function in a service providing server configured by a computer that provides a service after mutual device authentication with a terminal device, Computer Public key reception for receiving the terminal public key and the terminal public key confirmation information from the terminal device means And terminal public key confirmation for confirming that the received terminal public key is recognized by the device authentication authority using the received terminal public key confirmation information. means And generating a first encrypted secret information obtained by encrypting the secret information by using the confirmed terminal public key with a common key shared between the terminal device and the service providing server as secret information, The ID information, the first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, and the first code information are stored. And transmitting the encrypted secret information to the terminal device means Receiving, from the terminal device, first decryption confirmation information for confirming that the secret information has been decrypted from the transmitted first encrypted secret information, and the first ID information. Decryption confirmation information received means The first code information associated with the first ID information and the common key are obtained from the received first ID information, and the received first decryption confirmation information And the first code information encrypted by itself using the common key, and the secret information is decrypted from the transmitted first encrypted secret information in the terminal device. Confirm the decryption means A server private key, a server public key paired with the server private key, and server public key confirmation information used for confirming that the server public key has been approved by a predetermined device authentication authority; , Memorize key information means And the second ID information and the common key are stored in association with each other, and the stored server public key, the server public key confirmation information, and the second ID information are stored in the terminal device. Server public key transmission to send to means And receiving the second encrypted secret information transmitted by the terminal device and the second ID information corresponding to the transmitted server public key. means And acquiring the common key associated with the second ID information from the received second ID information, and storing the received second encrypted secret information with the common key and the stored server. Code information decryption for obtaining the second code information by decrypting with one of the secret keys and further decrypting with the other means Then, the obtained second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. Send decryption confirmation information to be sent means , To function as A computer-readable storage medium storing a device authentication program is provided (fourth configuration).
In the present invention, a terminal secret key storage unit that stores a terminal secret key, a terminal public key that forms a pair with the terminal secret key, and the terminal public key are recognized by a predetermined device authentication authority. The terminal public key storage means for storing the terminal public key confirmation information, and the service providing server, when requesting the provision of the service, the stored terminal public key and the terminal public key confirmation information. A terminal public key transmitting means for transmitting to the service providing server; first encrypted secret information returned from the service providing server in response to the transmitted terminal public key and terminal public key confirmation information; Encrypted secret information receiving means for receiving the first ID information and the first code information, and decrypting the received first encrypted secret information with the stored terminal secret key Confirming that the service providing server has decrypted the secret information by using the decrypting means for acquiring a common key shared by the terminal device and the service providing server, which is information, and the acquired common key In order to do this, the first code information is encrypted using the acquired common key, and the encrypted first code information is generated as the first decryption confirmation information. A decryption confirmation information transmitting means for transmitting the generated first decryption confirmation information and the first ID information to the service providing server, a server secret key, and the server secret key. And a server public key confirmation information used for confirming that the server public key is recognized by a predetermined device authentication authority. Server public key receiving means for receiving the server public key, the server public key confirmation information, and the second ID information from the server, and the received server public key using the received server public key confirmation information. After encrypting the second code information using one of the confirmed server public key and the common key, a server public key confirming means for confirming that the key is approved by the device certification authority, Encrypted secret information generating means for generating second encrypted secret information by further encrypting using the other, the generated second encrypted secret information, and the second ID information, To confirm that the second code information is decrypted from the encrypted secret information transmitting means for transmitting to the service providing server and the second encrypted secret information transmitted by the service providing server. The decoding confirmation information receiving means for receiving the second decoding confirmation information from the service providing server, comparing the received second decoding confirmation information with the stored second code information, There is provided a terminal device comprising: a decryption confirmation means for confirming that the second code information is decrypted from the transmitted second encrypted secret information by the service providing server. (Fifth configuration).
Further, the present invention is a device authentication program for realizing a mutual device authentication function by a computer constituting a terminal device, Computer Terminal secret key memory for storing terminal secret key means A terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority Public key memory means Terminal public key transmission for transmitting the stored terminal public key and terminal public key confirmation information to the service providing server when requesting the service providing server to provide the service means Corresponding to the transmitted terminal public key and terminal public key confirmation information, first encrypted secret information returned from the service providing server, first ID information, first code information, , Receive encrypted secret information means And decrypting the received first encrypted secret information with the stored terminal secret key to obtain a common key shared by the terminal device and the service providing server, which is secret information means And using the acquired common key to encrypt the first code information using the acquired common key in order to confirm that the service providing server has decrypted the secret information. Decryption confirmation information generation for generating the encrypted first code information as first decryption confirmation information means Decryption confirmation information transmission for transmitting the generated first decryption confirmation information and the first ID information to the service providing server means A server private key, a server public key paired with the server private key, and server public key confirmation information used for confirming that the server public key has been approved by a predetermined device authentication authority; Server public key reception for receiving the server public key, the server public key confirmation information, and the second ID information from the service providing server storing means And a server public key confirmation that uses the received server public key confirmation information to confirm that the received server public key has been approved by the device certification authority. means And encrypting the second code information using one of the confirmed server public key and the common key, and further encrypting the second code information using the other, thereby generating second encrypted secret information Secret information generation means And transmitting the generated second encrypted secret information and the second ID information to the service providing server. means And receiving from the service providing server second decryption confirmation information for confirming that the second code information has been decrypted from the transmitted second encrypted secret information. Decryption confirmation information received means And the received second decryption confirmation information and the stored second code information, and the second code information is obtained from the second encrypted secret information transmitted by the service providing server. Decryption confirmation to confirm that has been decrypted means , To function as A device authentication program is provided (sixth configuration).
Further, the present invention is a storage medium storing a device authentication program for realizing a mutual device authentication function with a computer constituting a terminal device, Computer Terminal secret key memory for storing terminal secret key means A terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority Public key memory means Terminal public key transmission for transmitting the stored terminal public key and terminal public key confirmation information to the service providing server when requesting the service providing server to provide the service means Corresponding to the transmitted terminal public key and terminal public key confirmation information, first encrypted secret information returned from the service providing server, first ID information, first code information, , Receive encrypted secret information means And decrypting the received first encrypted secret information with the stored terminal secret key to obtain a common key shared by the terminal device and the service providing server, which is secret information means And using the acquired common key to encrypt the first code information using the acquired common key in order to confirm that the service providing server has decrypted the secret information. Decryption confirmation information generation for generating the encrypted first code information as first decryption confirmation information means Decryption confirmation information transmission for transmitting the generated first decryption confirmation information and the first ID information to the service providing server means A server private key, a server public key paired with the server private key, and server public key confirmation information used for confirming that the server public key has been approved by a predetermined device authentication authority; Server public key reception for receiving the server public key, the server public key confirmation information, and the second ID information from the service providing server storing means And a server public key confirmation that uses the received server public key confirmation information to confirm that the received server public key has been approved by the device certification authority. means And encrypting the second code information using one of the confirmed server public key and the common key, and further encrypting the second code information using the other, thereby generating second encrypted secret information Secret information generation means And transmitting the generated second encrypted secret information and the second ID information to the service providing server. means And receiving from the service providing server second decryption confirmation information for confirming that the second code information has been decrypted from the transmitted second encrypted secret information. Decryption confirmation information received means And the received second decryption confirmation information and the stored second code information, and the second code information is obtained from the second encrypted secret information transmitted by the service providing server. Decryption confirmation to confirm that has been decrypted means , To function as A computer-readable storage medium storing a device authentication program is provided (seventh configuration).
[0011]
DETAILED DESCRIPTION OF THE INVENTION
DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described in detail with reference to the drawings.
[Outline of Embodiment]
FIG. 1 is a diagram illustrating an example of a configuration of a service providing system according to the present embodiment.
Service servers 7, 7, 7,... (Hereinafter referred to as service server 7) are server devices that provide services to the CE device 9 via a network.
The CE device 9 stores a digital certificate (hereinafter referred to as a CE certificate) and transmits it to the service server 7.
This CE certificate includes a public key corresponding to the private key held by the CE device 9.
[0012]
The service server 7 receives the public key from the CE device 9 and confirms that the public key is recognized by the device certification authority by the signature of the certificate (described later), and then uses the public key to store the secret information. The data is encrypted and transmitted to the CE device 9.
On the other hand, the CE device 9 decrypts the encrypted secret information with the secret key.
The CE device 9 authenticates the CE device 9 by confirming that the secret information has been decrypted by the CE device 9.
[0013]
That is, only the CE device 9 having a secret key that is paired with this public key can decrypt the secret information encrypted with this public key, and this public key is recognized by the device certification authority. Therefore, device authentication can be performed using a certificate.
[0014]
In this embodiment, a common key (session key) dynamically generated by the service server 7 is used as the secret information. Therefore, after device authentication, the CE device 9 and the service server 7 can share a common key, and efficient service provision using this common key can be performed.
[0015]
Thus, in this embodiment, since device authentication is performed by each service server 7, the device authentication function can be distributed by the service providing system, and concentration of load associated with device authentication can be prevented.
In the present embodiment, since the pair of the secret key and the public key is managed inside the CE device 9, even if the public key distributed in the service providing system fluctuates due to production or disposal of the CE device 9. As a service providing system, it is not necessary to manage this.
Furthermore, although the public key is managed inside the CE device 9, the authenticity of the public key can be secured by a certificate issued by the device certification authority.
[0016]
[Details of the embodiment]
FIG. 2 is a diagram for explaining a logical configuration of the CE device 9 according to the present embodiment.
The CE device 9 includes a tamper-resistant chip 10 as hardware, and stores a CE certificate 12 used for device authentication in a storage device.
The tamper-resistant chip 10 is a tamper-resistant device in which sufficient measures are taken against fraud such as tampering, duplication, and decoding of an internal logical structure, and is configured by an IC chip that stores an integrated circuit.
The tamper resistant chip 10 stores a secret key (hereinafter referred to as a CE secret key) (secret key storage means). The tamper resistant chip 10 receives a request for decryption of information encrypted with a CE public key included in a CE certificate 12 described later, and outputs the decrypted result.
[0017]
The CE certificate 12 is stored in the storage device of the CE device 9 (public key storage means), the device ID of the CE device 9, the public key corresponding to the CE private key (hereinafter referred to as the CE public key), the expiration date, etc. The message is composed of a digital signature (hereinafter referred to as a signature), etc., which is made by the device certification authority to guarantee the authenticity of these messages.
In other words, the service server 7 that has received the CE certificate 12 can confirm that the content included in the CE certificate 12 has been authenticated by the device certification authority by confirming the signature.
[0018]
Therefore, the signature constitutes public key confirmation information for confirming that the CE public key is approved by the device certification authority.
Further, the service server 7 can recognize the device ID of the CE device 9 from the device ID included in the CE certificate 12, and can know the expiration date of the CE public key from the expiration date.
[0019]
The device authentication module 11 is a module that transmits and receives information to and from the service server 7 using the tamper-resistant chip 10 and the CE certificate 12 and causes the service server 7 to perform device authentication of the CE device 9.
[0020]
FIG. 3 is a flowchart for explaining a procedure in which the service server 7 authenticates the CE device 9.
First, the device authentication module 11 transmits the CE certificate 12 to the service server 7 (step 2).
The device authentication module 11 transmits the public key to the service server 7 using the CE certificate 12. As described above, the CE device 9 includes public key transmission means.
The service server 7 receives the CE certificate 12 from the CE device 9 (public key receiving means), and confirms the authenticity of the CE certificate 12 (step 20).
The service server 7 confirms the authenticity of the CE certificate 12 using the signature, thereby confirming the authenticity of the CE public key (public key confirming means). A specific confirmation method will be described later.
[0021]
Next, the service server 7 generates a session key (step 22).
The session key is used as a common key shared between the service server 7 and the CE device 9 when providing the service.
In order to increase the security level, the session key is dynamically generated and is different every time.
[0022]
The service server 7 extracts the CE public key from the CE certificate 12, and encrypts the session key generated previously using this (step 24).
In this embodiment, the session key is used as secret information. That is, if it is confirmed that the session key is encrypted with the CE public key and decrypted by the CE device 9, the CE device 9 can be authenticated, and the common key can be shared with the CE device 9.
[0023]
Hereinafter, the encrypted information A is referred to as encryption (information A) or the like. If a method for describing the encrypted information is defined in this way, the information generated in step 24 can be expressed as encryption (session key). Encryption (session key) constitutes encryption secret information.
[0024]
Next, the service server 7 generates a session ID and a random number (hereinafter referred to as a random number A) (step 26).
The session ID is ID information used for maintaining the session, and the random number A is code information for confirming that the session key can be decrypted by the CE device 9.
[0025]
Then, the service server 7 stores the session key generated at step 22 in association with the session ID generated at step 26 and the random number A (step 28).
Next, the service server 7 transmits the session ID generated in step 26, the random number A, and the encryption (session key) generated in step 24 to the CE device 9 (encrypted secret information transmission unit).
[0026]
The CE device 9 receives these pieces of information (encrypted secret information receiving means), and the device authentication module 11 requests the tamper resistant chip 10 to decrypt the encryption (session key) (step 4).
The tamper resistant chip 10 decrypts the encryption (session key) to generate a session key, and provides it to the device authentication module 11 (step 10).
In this way, the tamper resistant chip 10 constitutes a decryption means for decrypting the encrypted secret information with the CE secret key.
The device authentication module 11 acquires a session key from the tamper resistant chip 10.
[0027]
Thus, the CE device 9 can share a common key (session key) with the service server 7.
Then, the device authentication module 11 encrypts the random number A received from the service server 7 using this session key, and generates encryption (random number A) (decryption confirmation information generating means) (step 6).
This encryption (random number A) constitutes decryption confirmation information for the service server 7 to confirm that the CE device 9 has successfully decrypted the secret information.
[0028]
The device authentication module 11 transmits the session ID transmitted from the service server 7 in step 30 and the encryption (random number A) generated in step 6 to the service server 7 (decryption confirmation information transmitting means) (step 8).
[0029]
The service server 7 receives the session ID and encryption (random number A) from the CE device 9 (decryption confirmation information receiving means).
Then, the random number A and the session key are acquired from the session ID received from the CE device 9 and the correspondence stored in step 28 (step 32).
[0030]
Next, the service server 7 encrypts the random number A with the session key acquired in step 32, and generates encryption (random number A) (encrypted code information generation means) (step 34).
Then, the service server 7 compares the encryption (random number A) generated in step 34 with the encryption (random number A) received from the CE device 9, and determines whether or not they match (decryption confirmation means). (Step 36).
If the two match, it is determined that the device authentication of the CE device 9 has succeeded, and service provision to the CE device 9 is started (step 38).
If they do not match, it is determined that device authentication of the CE device 9 has failed, and no service is provided to the CE device 9.
[0031]
As described above, the service server 7 can confirm that the CE device 9 possesses the CE private key by confirming that the CE device 9 can decrypt the session key. That is, it can be confirmed that the CE device 9 is a genuine CE device.
In addition, after the device authentication, the service server 7 can provide a service to the CE device 9 by using the session key as a shared key.
[0032]
Furthermore, in the present embodiment, the service server 7 encrypts the session key with the CE public key and transmits it to the CE device 9, so that the CE device 9 and the service server 7 can share the session key as a common key. The security level can be enhanced by configuring the CE server 9 so that the service server 7 confirms the information encrypted by the common key.
In this case, the security level is higher than when the CE device 9 is authenticated by simply confirming that the information encrypted by the service server 7 using the CE public key can be decrypted by the CE device 9 using the private key. .
[0033]
In the present embodiment, the session key is used as secret information. However, for example, code information such as a random number can be used as secret information.
In this case, the service server 7 encrypts the random number with the CE public key and transmits it to the CE device 9.
In response to this, the CE device 9 decrypts the random number with the CE secret key and transmits it to the service server 7.
The service server 7 confirms that the random number received from the CE device 9 is the same as the random number transmitted to the CE device 9, and authenticates the CE device 9.
[0034]
Next, authenticity confirmation of the CE certificate 12 in step 20 will be described.
In the present embodiment, a certificate such as the CE certificate 12 is assumed to be electronic information that can confirm that the information included in the certificate is correct information by some method.
As described above, as a method for confirming that the content of the certificate is correct, for example, there is a method of signing the certificate with a private key issued by a trusted certification authority.
[0035]
In this method, the certificate provider (hereinafter, the provider, corresponding to the CE device 9), the certificate recipient (hereinafter, the receiver, corresponding to the service server 7), and the certification authority that signs the certificate. Exists.
First, the provider submits a message to be certified by a certificate to the certification authority.
The certificate authority has a private key / public key pair for the certificate authority, generates a hash value of the message submitted by the provider, and encrypts it with the secret key. Information encrypted with this secret key is a signature.
The certification authority attaches a signature to the message to give a certificate and issues it to the provider.
[0036]
On the other hand, the recipient who receives this certificate from the provider decrypts the signature with the public key provided by the certification authority. Information that can be decrypted with the public key of the certification authority is limited to information encrypted with the private key of the certification authority, so that the certificate can be authenticated by the certification authority because the signature can be decrypted with the public key of the certification authority. Can be confirmed.
Next, the recipient generates a hash value of the message in the certificate and checks it against the hash value decrypted from the signature.
By matching the two, it can be confirmed that the message has not been tampered with.
[0037]
In this way, the recipient of the certificate can confirm that the certificate is issued by the certificate authority by being able to decrypt the signature with the public key of the certificate authority, and further compare the hash values. By doing so, it can be confirmed that the message has not been tampered with.
[0038]
A hash value is a conversion value obtained by converting a message by a one-way function called a hash function. If the message is the same, the same conversion value is obtained, and if the message is different, the conversion value is also different. It has become. Therefore, it is possible to detect message tampering by comparing hash values.
In addition, the hash function is configured so that it is difficult to perform reverse conversion to restore the original message from the converted value.
[0039]
In the same manner as described above, the service server 7 can confirm the authenticity of the CE certificate 12 by using the signature included in the CE certificate 12.
In other words, the service server 7 only needs to include a public key for decrypting the signature included in the CE certificate 12 and a hash value generation means for comparing the message.
The above method is merely an example, and any method that can confirm the authenticity of the CE certificate 12 can be employed.
[0040]
By the way, there is a case where a trust chain is formed such that there is a certificate that proves the authenticity of the certificate, and there is a certificate that proves the authenticity of the certificate. In this case, the service server 7 verifies the path of the trust chain.
[0041]
For example, when the trust chain as shown in FIG. 4 is formed, the service server 7 follows the path as shown by the thick line in the figure, and the trust chain of the CE certificate 12 is the root certificate 13. Make sure it ’s connected to If it is not connected, the CE certificate 12 cannot be trusted.
The root certificate 13 is a certificate issued by a reliable device certification authority.
[0042]
Alternatively, the service server 7 can be configured to entrust the verification work to a verification service server that provides a service for verifying that the trust chain of the CE certificate 12 is connected to the root certificate 13.
The verification service server is a server operated by a person who has a trust relationship with the operator of the service server 7, and the trust chain of the CE certificate 12 is connected to the root certificate 13 in the same manner as shown in FIG. Make sure.
Thus, by entrusting the authenticity confirmation work of the CE certificate 12 to the outside, the service server 7 does not need to have the CE certificate 12 confirmation function.
[0043]
As described above, in the present embodiment, the service server 7 can confirm the authenticity of the CE certificate 12 acquired from the CE device 9, and the CE device 9 can further confirm the CE public key in the CE certificate 12. Since it is possible to confirm that the CE private key corresponding to is possessed, spoofing by a third party can be prevented, and the CE device 9 can be appropriately authenticated.
[0044]
That is, even if a third party duplicates the CE certificate 12 and uses it on another CE device, the CE device does not store the CE private key corresponding to the CE public key of the CE certificate 12. Therefore, the device authentication cannot be received from the service server 7.
Further, since the CE private key is stored in the tamper resistant chip 10, it is not taken and used by a third party.
[0045]
Next, a method for manufacturing the CE device 9 will be described.
In the present embodiment, the tamper resistant chip 10 in which the CE secret key is embedded is manufactured in the tamper resistant chip factory, and this chip is embedded in the CE device 9 body in the assembly factory.
Further, the CE certificate 12 is generated by the key management system, and is stored in the CE device 9 at the assembly factory.
[0046]
FIG. 5 is a flowchart for explaining a process of embedding device authentication-related information in the CE device 9.
First, the tamper resistant chip factory system requests a device ID usage frame from the key management system (step 40).
The key management system manages the device ID, and when there is a request from the tamper resistant chip factory system, provides the requested device ID to the tamper resistant chip factory system.
[0047]
The key management system receives a request from the tamper-resistant chip factory system and extracts the device ID (step 50).
The tamper resistant chip factory system receives the device ID from the key management system and generates a CE public key and CE private key pair (step 42).
[0048]
Next, the tamper resistant chip factory system embeds the device ID received in step 42 and the refined CE secret key in the tamper resistant chip 10 (step 44).
In the tamper resistant chip factory system, after the secret key is embedded in the tamper resistant chip 10, the secret key in the tamper resistant chip factory system is safely deleted.
[0049]
The tamper resistant chip 10 stores the CE private key and the device ID by this embedding work (step 70), is shipped to the assembly factory, and is incorporated into the CE device 9 at the assembly factory.
On the other hand, the tamper resistant chip factory system transmits the device ID embedded in the tamper resistant chip 10 in step 44 and the CE public key generated in step 42 to the key management system and reports the completion of embedding (step 46).
[0050]
The key management system creates the CE certificate 12 using the device ID and CE public key received from the tamper-resistant chip factory system (step 52) and distributes them to the assembly factory system (step 54).
In this case, the key management system functions as a device certification authority for the CE certificate 12.
The assembly factory system stores the CE certificate 12 distributed from the key management system for incorporation into the CE device 9.
[0051]
The assembly plant system requests the CE device 9 to provide a device ID (step 60).
Note that the assembly factory system is connected to the CE device 9 by a connector or the like and can communicate with the CE device 9.
At this time, the tamper resistant chip 10 is already incorporated in the CE device 9 and is accessible from the device authentication module 11.
In response to the request from the assembly plant system, the device authentication module 11 requests the tamper resistant chip 10 to provide a device ID (step 82).
[0052]
In response to this, the tamper resistant chip 10 provides a device ID to the device authentication module 11 (step 74).
The device authentication module 11 acquires the device ID from the tamper resistant chip 10 and provides it to the assembly factory system (step 84).
[0053]
The assembly factory system collates the device ID acquired from the CE device 9 with the device ID included in the CE certificate 12 distributed in step 54, and matches the device ID provided from the CE device 9. 12 is embedded in the storage device of the CE device 9 (step 62).
The CE device 9 stores the CE certificate 12 (step 86).
[0054]
As described above, the CE device 9 can embed the tamper-resistant chip 10 storing the CE secret key and the CE certificate 12 including the CE public key.
[0055]
Next, a procedure for updating the CE certificate 12 embedded in the CE device 9 will be described.
Since an expiration date is set for the CE certificate 12, it is necessary to update the CE certificate 12 in order to use device authentication by the CE certificate 12 even after the expiration date.
[0056]
FIG. 6 is a flowchart for explaining a procedure for updating the CE certificate 12.
First, the device authentication module 11 requests the tamper resistant chip 10 to provide a device ID (step 120).
On the other hand, the tamper resistant chip 10 provides a device ID to the device authentication module 11 (step 110).
The device authentication module 11 acquires the device ID from the tamper resistant chip 10 and transmits it to the key management system (update request transmitting means) (step 122).
[0057]
The key management system receives the device ID from the CE device 9 (issue request receiving means), and acquires the CE public key corresponding to this device ID (step 100).
The key management system stores the combination of the device ID and the CE public key transmitted from the tamper resistant chip factory system in step 46 (FIG. 5), and uses this to specify the CE public key.
[0058]
Next, the key management system generates a new CE certificate 12 using the device ID received from the CE device 9 and the CE public key acquired in Step 100 (Step 102).
[0059]
Next, the key management system signs the generated new CE certificate 12 with the private key of the key management system (step 104), and transmits it to the CE device 9 (update public key confirmation information transmission means) (step 106). .
The CE device 9 receives this new CE certificate 12 (update public key confirmation information receiving means), and the device authentication module 11 overwrites the old CE certificate 12 using the new CE certificate 12 (update means). (Step 124).
As described above, the expired CE certificate 12 can be updated.
[0060]
Next, mutual authentication using a certificate between the CE device 9 and the service server 7 will be described.
In the device authentication described with reference to the flowchart of FIG. 3, the service server 7 starts authenticating the CE device 9 and then starts providing the service to the CE device 9.
[0061]
On the other hand, in the mutual authentication, the CE server 9 is authenticated from the service server 7 and the CE device 9 also authenticates whether the service server 7 is an appropriate server device.
And after both authentication succeeds, the service server 7 starts provision of a service.
[0062]
The mutual authentication procedure will be described below with reference to the flowcharts of FIGS.
[0063]
FIG. 7 is a flowchart for explaining a procedure in which the service server 7 authenticates the CE device 9 in mutual authentication.
Each step from Step 2 to Step 36 is the same as that in FIG.
[0064]
After successfully authenticating the CE device 9 in step 36, the service server 7 generates a second session ID (hereinafter referred to as session ID # 2) and a certificate on the service server 7 side (hereinafter referred to as SP certificate). Then, the session ID # 2 is transmitted to the CE device 9 (server public key transmission means) (step 39).
Further, the service server 7 stores the correspondence between the session ID # 2 and the session key when generating the session ID # 2.
[0065]
This is to acquire a corresponding session key when session ID # 2 is transmitted later from CE device 9 (step 150 in FIG. 8).
Here, the service server 7 newly generates a session ID # 2 that is different from the session ID # 1 generated in the process of authenticating the CE device. The same session ID number may be used, but by using different session ID numbers, it can be easily confirmed which authentication process is being performed.
Further, the service server 7 stores an SP certificate issued from the device authentication authority, and the SP certificate includes the public key (hereinafter, SP public key) of the service server 7. To do.
The SP certificate guarantees that the SP public key is authentic by the SP certificate.
Furthermore, it is assumed that the service server 7 stores an SP private key corresponding to the SP public key.
[0066]
FIG. 8 is a flowchart for explaining a procedure in which the CE device 9 authenticates the service server 7 with the SP certificate after the service server 7 transmits the SP certificate and the session ID # 2 to the CE device 9.
First, in the CE device 9, the device authentication module 11 confirms the authenticity of the SP certificate received from the service server 7 (server public key confirmation means) (step 130). The confirmation method is the same as the method in which the service server 7 confirms the authenticity of the CE certificate 12 of the CE device 9 (step 20 in FIG. 3).
[0067]
Next, the device authentication module 11 generates a random number (referred to as random number B) (step 132), and encrypts it with the SP public key included in the SP certificate (step 134). As a result, encryption (random number B) is generated. Here, the random number B corresponds to the second code information.
[0068]
Next, the device authentication module 11 further encrypts encryption (random number B) with the session key (step 136). The device authentication module 11 stores the random number B for comparison with the random number B transmitted by the service server 7 in step 156 later.
[0069]
Here, when the encryption (information A), which is the encrypted information A, is further encrypted, it is referred to as encryption (information A) again. When the notation method is defined in this way, the information generated in step 136 is again expressed as encryption (random number B).
The encryption (random number B) again constitutes the second encrypted secret information and is encrypted using the SP public key and the session key (second encrypted secret information generating means).
[0070]
Next, the device authentication module 11 again encrypts (random number B) and transmits the session ID # 2 to the service server 7 (second encrypted secret information transmitting means) (step 138).
The service server 7 receives this (second encrypted secret information receiving means), and acquires a session key from the session ID # 2 (step 150).
[0071]
Next, the service server 7 decrypts the encryption (random number B) again with this session key to obtain the encryption (random number B) (step 152), and further decrypts it with the SP private key to generate the random number B. Is acquired (second code information decoding means) (step 154).
[0072]
Next, the service server 7 generates a third session ID (hereinafter referred to as session ID # 3), and transmits the decrypted random number B and session ID # 3 to the CE device 9 (second code information transmission means) (Step 156).
The CE device 9 receives the session ID # 3 and the decrypted random number B (second decryption confirmation information) from the service server 7 (second decryption confirmation information receiving means).
The CE device 9 compares the random number B previously stored in the device authentication module 11 with the random number B received from the service server 7 and determines whether or not they are the same (second decryption). Confirming means) (step 140).
[0073]
If they are the same, the service server 7 has been successfully authenticated, and if they are not the same, the authentication has failed.
That is, when the random numbers B are the same, it means that the service server 7 can extract the random number B from the encryption (random number B) again.
[0074]
This means that the service server 7 has a session key associated with the session ID # 2 and also has a private key corresponding to the SP public key included in the SP certificate. This is because the CE device 9 can confirm that the service server 7 is a valid server device.
[0075]
Here, it is assumed that the service server 7 has been successfully authenticated, and the device authentication module 11 completes the mutual authentication process and requests the service server 7 to start a session (step 142).
In response to this, the service server 7 starts providing the service (step 158).
[0076]
As described above, when the mutual authentication as described above is used, not only the service server 7 authenticates the CE device 9 but also the CE device 9 can authenticate the validity of the service server 7.
For this reason, it is possible to prevent the CE device 9 from connecting to a service server operated by a third party pretending to be the service server 7.
When the mutual authentication processing with the CE device 7 is performed, the service server 7 newly generates and sends a session ID # 3. As described above, the same session ID number may be used, but the authentication process can be confirmed by changing the session ID number. Here, for example, since the CE device 7 having the session ID # 3 has completed mutual authentication, it can be seen that the service server 7 can provide a service to the CE device 7.
[0077]
In this embodiment, the random number B is encrypted with the SP public key and then re-encrypted with the session key. Conversely, after encrypting with the session key, the random number B is re-encrypted with the SP public key. It can also be configured.
The CE device 9 may be configured to simply authenticate the random number B with the SP public key and to authenticate the device by the service server 7 decrypting it with the SP private key.
[0078]
FIG. 9 is a diagram illustrating an example of a hardware configuration of the CE device 9.
A CPU (Central Processing Unit) 121 is a central processing unit that executes various processes according to programs stored in a ROM (Read Only Memory) 122 and programs loaded from a storage unit 128 to a RAM (Random Access Memory) 123. It is.
[0079]
The ROM 122 stores basic programs and parameters necessary for causing the CE device 9 to function.
The RAM 123 provides a working area necessary for the CPU 121 to execute various processes.
[0080]
The storage unit 128 stores programs and data necessary for the CE device 9 to function, and includes a storage device such as a hard disk or a semiconductor memory, for example.
[0081]
Information stored in the storage unit 128 includes, for example, a device authentication certificate, a device authentication program for configuring the device authentication module 11, file input / output, and control of each unit of the CE device 9. There are OS (Operating System) for realizing basic functions.
When the device authentication program is executed by the CPU 121, the device authentication module 11 is configured.
[0082]
The tamper resistant chip 10 stores the CE secret key, and performs encryption and decryption processing using the CE secret key.
When an encryption command and information to be encrypted are input from the outside, information encrypted with the CE secret key is output. When a decryption command and information to be decrypted are input, the information decrypted with the CE secret key is output. Has two operation modes.
[0083]
The tamper resistant chip 10 is a kind of black box, and the internal logical structure and CE secret key are not known from the outside.
Further, when the tamper resistant chip 10 is physically disassembled and the inside is to be examined, the internal information can be automatically destroyed.
As described above, the tamper resistant chip 10 is an IC chip that has been subjected to duplication and tampering prevention measures.
[0084]
The CPU 121, ROM 122, RAM 123, and tamper-resistant chip 10 are connected to each other via a bus 124. An input / output interface 125 is also connected to the bus 124.
[0085]
The input / output interface 125 includes an input unit 126 including a keyboard and a mouse, a display including a CRT (Cathode-Ray Tube), an LCD (Liquid Crystal Display), an output unit 127 including a speaker, a hard disk, and the like. A communication unit 129 including a storage unit 128, a modem, a terminal adapter, and the like is connected.
[0086]
The communication unit 129 is a functional unit that performs communication processing via a network. For example, the communication unit 129 is connected to the service server 7 to transmit / receive information related to device authentication, or service data provided from the service server 7 is received. Or receive.
[0087]
A drive 130 is connected to the input / output interface 125 as necessary, and a magnetic disk 141, an optical disk 142, a magneto-optical disk 143, a memory card 144, or the like is appropriately mounted, and a computer program read therefrom is It is installed in the storage unit 128 as necessary.
Note that the configuration of the service server 7 is basically the same as that of the CE device 9, and the description thereof is omitted.
[0088]
According to the embodiment described above, the following effects can be obtained.
(1) The CE server 12 authenticates the device by confirming the authenticity of the CE device 9 by establishing a trust relationship between the CE device 9 and the service provider operating the service server 7 using the CE certificate 12. Can do.
(2) By performing device authentication with the service server 7, it is not necessary to use a centralized device authentication server, and the system load accompanying device authentication can be distributed.
[0089]
(3) By using the tamper resistant chip 10 for storing the CE secret key, security can be improved and unauthorized use such as impersonation can be prevented.
(4) The CE device 9 can download and update the CE certificate 12, and can reduce troublesome processing associated with certificate revocation.
To do.
[0090]
(5) The service server 7 can reinforce the security level by encrypting the session key with the CE public key and transmitting it to the CE device 9 and using the session key as a common key.
(6) The reliability can be improved by confirming that the CE public key of the CE certificate 12 is issued by a trusted certificate authority.
(7) By performing mutual authentication, not only the service server 7 authenticates the CE device 9, but also the CE device 9 can authenticate the service server 7.
[0091]
(8) Since the CE secret key and CE public key pair are managed by the CE device 9, no other system for collectively managing the CE secret key and the CE public key is required.
For this reason, even if the user discards the CE device 9 or purchases a new CE device 9, no adjustment on the service providing system side is required.
In particular, since the CE device 9 is on the market in large quantities, the CE secret key and the CE public key are managed by another system (for example, a system operated by a device authentication organization that guarantees the authenticity of the public key). It is difficult.
[0092]
【The invention's effect】
ADVANTAGE OF THE INVENTION According to this invention, the function which performs apparatus authentication can be distributed, and concentration of the load of the service provision system accompanying apparatus authentication can be reduced.
[Brief description of the drawings]
FIG. 1 is a diagram illustrating an example of a configuration of a service providing system according to an embodiment.
FIG. 2 is a diagram for explaining a logical configuration of a CE device according to the present embodiment.
FIG. 3 is a flowchart for explaining a procedure in which a service server performs device authentication of a CE device.
FIG. 4 is a diagram for explaining an example of a trust chain.
FIG. 5 is a flowchart for explaining a process of embedding device authentication-related information in a CE device.
FIG. 6 is a flowchart for explaining a CE certificate update procedure;
FIG. 7 is a flowchart for explaining a mutual authentication procedure;
FIG. 8 is a flowchart for explaining a mutual authentication procedure;
FIG. 9 is a diagram illustrating an example of a hardware configuration of a CE device.
FIG. 10 is a diagram illustrating an example of a configuration of a conventional service providing system.
[Explanation of symbols]
7 Service server 9 CE equipment
10 Tamper resistant chip 11 Device authentication module
12 CE certificate

Claims (7)

A service providing system comprising a terminal device and a service providing server that provides mutual terminal authentication with the terminal device and provides a service to the terminal device;
The terminal device is
Issued by the device authentication authority used to confirm that the terminal private key, the terminal public key paired with the terminal private key, and the terminal public key are recognized by a predetermined device authentication authority Terminal public key confirmation information, and
When requesting the service providing server to provide a service, the stored terminal public key and terminal public key confirmation information are transmitted to the service providing server,
The service providing server includes:
Using the terminal public key confirmation information to confirm that the terminal public key is recognized by the device certification authority,
Generating a first encrypted secret information by encrypting the secret information with the confirmed terminal public key as a secret information shared by the terminal device and the service providing server;
Storing the first ID information, the first code information, and the common key in association with each other;
Transmitting the first encrypted secret information, the first ID information, and the first code information to the terminal device;
The terminal device is
By using the stored terminal secret key, the received first encrypted secret information is decrypted to obtain the common key that is the secret information,
Using the acquired common key, the service providing server confirms that the first code information is encrypted and the terminal device decrypts the encrypted first code information. To generate the first decryption confirmation information for
Transmitting the generated first decryption confirmation information and the first ID information to the service providing server;
The service providing server includes:
The first code information associated with the first ID information and the common key are acquired from the received first ID information, and the received first decryption confirmation information; The terminal device compares the first code information encrypted using the common key and confirms that the secret information has been decrypted from the transmitted first encrypted secret information in the terminal device. To authenticate the terminal device,
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority. Remember,
Storing second ID information and the common key in association with each other;
Transmitting the stored server public key, server public key confirmation information, and the second ID information to the terminal device;
The terminal device is
Using the server public key confirmation information to confirm that the received server public key is recognized by the device certification authority,
The second code information is encrypted using one of the confirmed server public key and the common key and then further encrypted using the other to generate second encrypted secret information,
Transmitting the generated second encrypted secret information and the second ID information to the service providing server;
The service providing server includes:
The common key associated with the second ID information is acquired from the received second ID information, and the received second encrypted secret information is used as the common key and the stored server secret key. The second code information is obtained by decoding using one of the two and further decoding using the other,
The acquired second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. ,
The terminal device is
The received second decryption confirmation information is compared with the stored second code information, and the second code information is decrypted from the transmitted second encrypted secret information by the service providing server. Authenticating the service providing server by confirming that
A service providing system that requests the service providing server to provide a service. A service providing server that provides services after mutual device authentication with a terminal device,
The terminal device includes a terminal secret key, a terminal public key paired with the terminal secret key, and a terminal public key used for confirming that the terminal public key is recognized by a predetermined device authentication authority. Confirmation information,
Public key receiving means for receiving the terminal public key and the terminal public key confirmation information from the terminal device;
Terminal public key confirmation means for confirming that the received terminal public key is recognized by the device authentication authority using the received terminal public key confirmation information;
Using the common key shared by the terminal device and the service providing server as secret information, generating first encrypted secret information obtained by encrypting the secret information using the confirmed terminal public key, and generating a first ID Information, first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, the first code information, Encrypted secret information transmitting means for transmitting to the terminal device;
Decryption receiving first decryption confirmation information for confirming that the secret information has been decrypted from the transmitted first encrypted secret information and the first ID information from the terminal device Confirmation information receiving means,
The first code information associated with the first ID information and the common key are acquired from the received first ID information, and the received first decryption confirmation information; The terminal device compares the first code information encrypted using the common key and confirms that the secret information has been decrypted from the transmitted first encrypted secret information in the terminal device. Decryption confirmation means to
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority. Key information storage means for storing;
Second ID information and the common key are stored in association with each other, and the stored server public key, server public key confirmation information, and second ID information are transmitted to the terminal device. A server public key transmission means to perform,
In correspondence with the transmitted server public key, encrypted secret information receiving means for receiving the second encrypted secret information transmitted by the terminal device and the second ID information;
The common key associated with the second ID information is acquired from the received second ID information, and the received second encrypted secret information is used as the common key and the stored server secret key. Code information decoding means for acquiring the second code information by decoding using one of the two and further decoding using the other;
The acquired second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. Decryption confirmation information transmitting means;
A service providing server comprising: A terminal secret key, a terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority, A device authentication program that realizes a mutual device authentication function with a service providing server configured by a computer that provides services after mutual device authentication with a stored terminal device, the computer comprising:
Public key receiving means for receiving the terminal public key and the terminal public key confirmation information from the terminal device;
A terminal public key verification means for verifying that the terminal public key thus received using the received terminal public key confirmation information is being granted by the device authentication authority,
Using the common key shared by the terminal device and the service providing server as secret information, generating first encrypted secret information obtained by encrypting the secret information using the confirmed terminal public key, and generating a first ID Information, first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, the first code information, Encrypted secret information transmitting means for transmitting to the terminal device;
Decryption receiving first decryption confirmation information for confirming that the secret information has been decrypted from the transmitted first encrypted secret information and the first ID information from the terminal device Confirmation information receiving means ,
The first code information associated with the first ID information and the common key are acquired from the received first ID information, and the received first decryption confirmation information; The terminal device compares the first code information encrypted using the common key and confirms that the secret information has been decrypted from the transmitted first encrypted secret information in the terminal device. Decryption confirmation means to
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority. Key information storage means for storing;
After storing the second ID information and the common key in association with each other, the stored server public key, the server public key confirmation information, and the second ID information are transmitted to the terminal device. A server public key transmission means to perform,
In correspondence with the transmitted server public key, encrypted secret information receiving means for receiving the second encrypted secret information transmitted by the terminal device and the second ID information;
The common key associated with the second ID information is acquired from the received second ID information, and the received second encrypted secret information is used as the common key and the stored server secret key. Code information decoding means for acquiring the second code information by decoding using one of the two and further decoding using the other;
The acquired second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. Decryption confirmation information transmission means ,
Device authentication program to function as A terminal secret key, a terminal public key paired with the terminal secret key, and a terminal public key confirmation information used for confirming that the terminal public key is recognized by a predetermined device authentication authority, A storage medium storing a device authentication program for realizing a mutual device authentication function in a service providing server configured by a computer that provides a service after mutual device authentication with a stored terminal device, the computer comprising:
Public key receiving means for receiving the terminal public key and the terminal public key confirmation information from the terminal device;
A terminal public key verification means for verifying that the terminal public key thus received using the received terminal public key confirmation information is being granted by the device authentication authority,
Using the common key shared by the terminal device and the service providing server as secret information, generating first encrypted secret information obtained by encrypting the secret information using the confirmed terminal public key, and generating a first ID Information, first code information, and the common key are stored in association with each other, and then the first encrypted secret information, the first ID information, the first code information, Encrypted secret information transmitting means for transmitting to the terminal device;
Decryption receiving first decryption confirmation information for confirming that the secret information has been decrypted from the transmitted first encrypted secret information and the first ID information from the terminal device Confirmation information receiving means ,
The received first decryption confirmation information is compared with the first code information encrypted by itself using the common key, and the transmitted first encrypted secret information in the terminal device First decryption confirmation means for confirming that the secret information is decrypted from:
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority. Key information storage means for storing;
After storing the second ID information and the common key in association with each other, the stored server public key, the server public key confirmation information, and the second ID information are transmitted to the terminal device. A server public key transmission means to perform,
In correspondence with the transmitted server public key, encrypted secret information receiving means for receiving the second encrypted secret information transmitted by the terminal device and the second ID information;
The common key associated with the second ID information is acquired from the received second ID information, and the received second encrypted secret information is used as the common key and the stored server secret key. Code information decoding means for acquiring the second code information by decoding using one of the two and further decoding using the other;
The acquired second code information is transmitted to the terminal device as second decoding confirmation information for the terminal device to confirm that the service providing server has decrypted the second code information. Decryption confirmation information transmission means ,
A computer-readable storage medium that stores a device authentication program for functioning as a computer. Terminal secret key storage means for storing the terminal secret key;
A terminal public key that stores a terminal public key that forms a pair with the terminal secret key, and terminal public key confirmation information that is used to confirm that the terminal public key is recognized by a predetermined device authentication authority Storage means;
A terminal public key transmitting means for transmitting the stored terminal public key and terminal public key confirmation information to the service providing server when requesting the service providing server to provide a service;
Corresponding to the transmitted terminal public key and terminal public key confirmation information, first encrypted secret information returned from the service providing server, first ID information, and first code information, Means for receiving encrypted secret information;
Decryption means for obtaining a common key shared between the terminal device and the service providing server, which is secret information, by decrypting the received first encrypted secret information with the stored terminal secret key;
In order to confirm that the service providing server has decrypted the secret information using the acquired common key, the first code information is encrypted using the acquired common key, and the encryption Decoding confirmation information generating means for generating the converted first code information as first decoding confirmation information;
Decryption confirmation information transmitting means for transmitting the generated first decryption confirmation information and the first ID information to the service providing server;
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority are stored. Server public key receiving means for receiving the server public key, the server public key confirmation information, and the second ID information from the service providing server.
Server public key confirmation means for confirming that the received server public key is recognized by the device certification authority using the received server public key confirmation information;
The encrypted secret for generating the second encrypted secret information by encrypting the second code information using one of the confirmed server public key and the common key and then further encrypting the second code information using the other Information generating means;
Encrypted secret information transmitting means for transmitting the generated second encrypted secret information and the second ID information to the service providing server;
Decryption for receiving from the service providing server second decryption confirmation information for confirming that the second code information has been decrypted from the transmitted second encrypted secret information by the service providing server. Confirmation information receiving means;
The received second decryption confirmation information is compared with the stored second code information, and the second code information is decrypted from the transmitted second encrypted secret information by the service providing server. Decryption confirmation means for confirming that
A terminal device comprising: A device authentication program for realizing a mutual device authentication function on a computer constituting a terminal device, the computer comprising:
Terminal secret key storage means for storing the terminal secret key;
A terminal public key that stores a terminal public key that forms a pair with the terminal secret key, and terminal public key confirmation information that is used to confirm that the terminal public key is recognized by a predetermined device authentication authority Storage means ;
A terminal public key transmitting means for transmitting the stored terminal public key and terminal public key confirmation information to the service providing server when requesting the service providing server to provide a service;
Corresponding to the transmitted terminal public key and terminal public key confirmation information, first encrypted secret information returned from the service providing server, first ID information, and first code information, Means for receiving encrypted secret information;
Decryption means for obtaining a common key shared between the terminal device and the service providing server, which is secret information, by decrypting the received first encrypted secret information with the stored terminal secret key;
In order to confirm that the service providing server has decrypted the secret information using the acquired common key, the first code information is encrypted using the acquired common key, and the encryption Decoding confirmation information generating means for generating the converted first code information as first decoding confirmation information;
Decryption confirmation information transmitting means for transmitting the generated first decryption confirmation information and the first ID information to the service providing server;
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority are stored. Server public key receiving means for receiving the server public key, the server public key confirmation information, and the second ID information from the service providing server.
Server public key confirmation means for confirming that the received server public key is recognized by the device certification authority using the received server public key confirmation information;
The encrypted secret for generating the second encrypted secret information by encrypting the second code information using one of the confirmed server public key and the common key and then further encrypting the second code information using the other Information generating means ;
Encrypted secret information transmitting means for transmitting the generated second encrypted secret information and the second ID information to the service providing server;
Decryption for receiving from the service providing server second decryption confirmation information for confirming that the second code information has been decrypted from the transmitted second encrypted secret information by the service providing server. Confirmation information receiving means ;
The received second decryption confirmation information is compared with the stored second code information, and the second code information is decrypted from the transmitted second encrypted secret information by the service providing server. Decryption confirmation means for confirming that
Device authentication program to function as A storage medium storing a device authentication program for realizing a mutual device authentication function on a computer constituting a terminal device, the computer comprising:
Terminal secret key storage means for storing the terminal secret key;
A terminal public key that stores a terminal public key that forms a pair with the terminal secret key, and terminal public key confirmation information that is used to confirm that the terminal public key is recognized by a predetermined device authentication authority Storage means ;
A terminal public key transmitting means for transmitting the stored terminal public key and terminal public key confirmation information to the service providing server when requesting the service providing server to provide a service;
Corresponding to the transmitted terminal public key and terminal public key confirmation information, first encrypted secret information returned from the service providing server, first ID information, and first code information, Means for receiving encrypted secret information;
Decryption means for obtaining a common key shared between the terminal device and the service providing server, which is secret information, by decrypting the received first encrypted secret information with the stored terminal secret key;
In order to confirm that the service providing server has decrypted the secret information using the acquired common key, the first code information is encrypted using the acquired common key, and the encryption Decoding confirmation information generating means for generating the converted first code information as first decoding confirmation information;
Decryption confirmation information transmitting means for transmitting the generated first decryption confirmation information and the first ID information to the service providing server;
A server private key, a server public key that forms a pair with the server private key, and server public key confirmation information used to confirm that the server public key is recognized by a predetermined device authentication authority are stored. Server public key receiving means for receiving the server public key, the server public key confirmation information, and the second ID information from the service providing server.
Server public key confirmation means for confirming that the received server public key is recognized by the device certification authority using the received server public key confirmation information;
Encrypted secret information for generating second encrypted secret information by encrypting the second code information using one of the confirmed server public key and the common key and then encrypting the second code information using the other Generating means ;
Encrypted secret information transmitting means for transmitting the generated second encrypted secret information and the second ID information to the service providing server;
Decryption for receiving from the service providing server second decryption confirmation information for confirming that the second code information has been decrypted from the transmitted second encrypted secret information by the service providing server. Confirmation information receiving means ;
The received second decryption confirmation information is compared with the stored second code information, and the second code information is decrypted from the transmitted second encrypted secret information by the service providing server. Decryption confirmation means for confirming that
A computer-readable storage medium that stores a device authentication program for functioning as a computer.

Images