JP6631210B2 - Terminal device authentication program, terminal device authentication method, server device, and authentication system - Google Patents

Description

  The present invention relates to a terminal device authentication program for a server to authenticate a terminal, a terminal device authentication method, a server device, and an authentication system.

  In order to securely authenticate a client terminal device in a client-server system, a method such as authentication using a public key method is used. For example, in Patent Document 1, a predetermined code is determined for an authentication request, the determined code is encrypted using a public key corresponding to a user name, an encrypted code is transmitted to a client, and a secret key is transmitted to the client. An authentication system for authenticating a user is disclosed based on a comparison result between a decryption result of an encrypted code decrypted using the determined code and a determined code.

JP 2001-236321 A

  However, in the related art, even if the client application itself in the terminal device is kept secure by obfuscation or the like, it is difficult to prevent impersonation of the terminal device when data stored by the client application is stolen. Was.

  Accordingly, the present invention has been made in view of the above-described problems and the like, and an object of the present invention is to provide a terminal device authentication program or the like that makes it difficult for a client terminal device to be spoofed.

In order to solve the above-mentioned problem, the invention according to claim 1 provides a computer with a unique ID generating means for generating a unique ID of a terminal device, and a unique key generated from unique information of the terminal device. A unique key generating unit, a unique ID encrypting unit that encrypts the unique ID with the unique key to generate an encrypted unique ID, and a first unit that obtains a first terminal ID assigned to the terminal device from a server device. Terminal ID acquisition means, unique ID decoding means for decoding the encrypted unique ID using the unique key generated from the unique information, authentication for generating an authentication key for authentication of the terminal device from the decoded unique ID A key generation unit, a unique key erasing unit for erasing the unique key after using the unique key, a unique ID erasing unit for erasing the unique ID after using the unique ID, the authentication Encryption data generating means for generating encrypted data from the first terminal ID by the encryption processing by the first terminal ID; authentication key erasing means for deleting the authentication key after using the authentication key; including the terminal ID, the second terminal ID generating means for generating a second terminal ID, the second terminal ID transmission means for transmitting the second terminal ID to the server apparatus, prior Symbol including the second terminal ID, the the terminal certificate attesting terminal device, the terminal certificate storage means for storing said server device or we receive and, and, for terminal authentication, the authentication key and the terminal certificate generated by the authentication key generation unit As a terminal certificate transmitting unit that transmits the terminal certificate to the server device.

  Further, according to a second aspect of the present invention, in the terminal device authentication program according to the first aspect, the second terminal ID generation unit mixes the encrypted data with the first terminal ID, A second terminal ID is generated.

Further, the invention according to claim 3, in the program for the terminal apparatus authentication according to claim 1 or claim 2, a communication key for communication before Symbol server device has generated and received from the server device communication It is characterized by further functioning as key receiving means.

  According to a fourth aspect of the present invention, in the terminal device authentication program according to the third aspect, the terminal certificate storage unit stores the terminal device private key and the public key generated by the server device. Receiving the terminal certificate including the terminal certificate, the terminal certificate transmitting unit transmits the terminal certificate from which the secret key for the terminal device has been removed to the server device, and the communication key receiving unit includes: Receiving the communication key encrypted with a public key for the device.

  According to a fifth aspect of the present invention, in the terminal device authentication program according to any one of the first to third aspects, the second terminal ID transmitting unit and the terminal certificate transmitting unit may include: Data encrypted by the terminal device secret key generated by the terminal device is transmitted to the server device.

Also, in the invention according to claim 6, the unique ID generation means generates a unique ID of the terminal device, and the unique key generation means determines the unique key from the unique information of the terminal device. A unique key encrypting step of generating a unique ID by the unique ID encrypting means using the unique key to generate an encrypted unique ID; A first terminal ID obtaining step of obtaining a first terminal ID assigned to the terminal device from a server device, and a unique ID decrypting means for converting the encrypted unique ID with the unique key generated from the unique information. An authentication key generation step of generating an authentication key for authentication of the terminal device from the decrypted unique ID, and an authentication key generation step of: A unique key erasing step for erasing the unique key after using the unique key; a cipher data generating means for erasing the unique ID after using the unique ID; and a cipher data generating means. A cryptographic data generating step of generating encrypted data from the first terminal ID by cryptographic processing using the authentication key; and an authentication key for deleting the authentication key after using the authentication key. An erasing step, a second terminal ID generating means for generating a second terminal ID including the first terminal ID in the encrypted data, and a second terminal ID transmitting means, a second terminal ID transmitting step of transmitting the second terminal ID to the server apparatus, a terminal certificate storage means, including the pre-Symbol second terminal ID, the terminal certificate certifying the terminal device , A terminal certificate storage step of receiving and storing from the server apparatus, the terminal certificate transmission means for terminal authentication, the authentication key generated by the generating means and the authentication key and the terminal certificate the server device And transmitting a terminal certificate to the terminal certificate.

According to a seventh aspect of the present invention, a first terminal ID transmitting means for generating and transmitting a first terminal ID assigned to the terminal device in response to a request from the terminal device, and a unique ID unique to the terminal device The second terminal ID including the first terminal ID is added to the encrypted data generated from the first terminal ID by the encryption processing using the authentication key for authentication of the terminal device generated from the terminal device. A second terminal ID receiving means for receiving, and a terminal certificate for certifying the terminal device, including the second terminal ID when the first terminal ID is extracted from the received second terminal ID, Terminal certificate transmitting means for transmitting to the terminal device, terminal certificate receiving means for receiving the terminal certificate and the authentication key from the terminal device for terminal authentication, and a second terminal included in the terminal certificate From ID Encrypted data extracting means for extracting the encrypted data, first terminal ID extracting means for extracting a first terminal ID from the encrypted data by decryption processing using the received authentication key, Determination means for determining whether or not the terminal ID is the first terminal ID stored in the terminal information storage means by referring to terminal information storage means in which the first terminal ID is stored in advance . It is characterized by the following.

According to an eighth aspect of the present invention, in the authentication system in which the server device authenticates the terminal device, the terminal device generates a unique ID unique to the terminal device; A unique key generating means for generating a unique key from the unique information of the server; a unique ID encrypting means for encrypting the unique ID with the unique key to generate an encrypted unique ID; First terminal ID acquisition means for acquiring the assigned first terminal ID, unique ID decoding means for decoding the encrypted unique ID with the unique key generated from the unique information, and the decrypted unique ID An authentication key generating means for generating an authentication key for authentication of the terminal device from the following; after using the unique key, a unique key erasing means for deleting the unique key; and after using the unique ID. A unique ID erasing means for erasing the unique ID, an encrypted data generating means for generating encrypted data from the first terminal ID by an encryption process using the authentication key, and an authentication key after using the authentication key. Authentication key erasing means for erasing the first terminal ID, second terminal ID generating means for generating a second terminal ID including the first terminal ID in the encrypted data, and transmitting the second terminal ID to the server device. a second terminal ID transmission means for, including a pre-Symbol second terminal ID, a terminal certificate attesting the terminal device, and the terminal certificate storage means for receiving and storing from the server apparatus, for terminal authentication Terminal certificate transmitting means for transmitting the authentication key and the terminal certificate generated by the authentication key generating means to the server device, wherein the server device receives a request from the terminal device, A first terminal ID transmitting means for generating and transmitting a first terminal ID to be assigned to the terminal device, and an encryption process using an authentication key for authentication of the terminal device generated from a unique ID unique to the terminal device, A second terminal ID receiving means for receiving, from the terminal device, a second terminal ID including the first terminal ID in the encrypted data generated from the first terminal ID; When the first terminal ID is extracted, a terminal certificate transmitting the terminal certificate that certifies the terminal device, including the second terminal ID, to the terminal device; and for terminal authentication, A terminal certificate receiving unit that receives the terminal certificate and the authentication key from the terminal device; an encrypted data extracting unit that extracts the encrypted data from a second terminal ID included in the terminal certificate; A first terminal ID extracting means for extracting a first terminal ID from the encrypted data by a decryption process using the authentication key, and a terminal information storage in which the extracted first terminal ID stores the first terminal ID in advance. Determining means for referring to the means to determine whether the ID is the first terminal ID stored in the terminal information storage means .

  According to the present invention, an encrypted unique ID is generated by encrypting a unique ID of a terminal device using a unique key generated from unique information of the terminal device, a first terminal ID of the terminal device is obtained from the server device, and the unique The encrypted unique ID is decrypted with the key, an authentication key for authentication of the terminal device is generated from the decrypted unique ID, and the first terminal ID is added to the encrypted data generated from the first terminal ID by encryption processing using the authentication key. Is generated and transmitted to the server device, the authentication key is deleted after use, and when the first terminal ID is extracted from the second terminal ID in the server device, the second terminal ID is transmitted from the server device to the second terminal ID. Receiving and storing a terminal certificate that certifies the terminal device, including the terminal ID, erasing the unique key and the unique ID after use, and transmitting the authentication key and the terminal certificate to the server device for terminal authentication. By Even app end device is stolen data stored can not be restored unique key and a unique ID, so authentication key for authentication can not be generated, it becomes impersonation hardly is a terminal device.

FIG. 1 is a schematic diagram illustrating a schematic configuration example of an authentication system according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a schematic configuration of the server device of FIG. 1. FIG. 2 is a block diagram illustrating an example of a schematic configuration of the terminal device of FIG. 1. FIG. 7 is a sequence diagram illustrating an operation example of registration of a terminal device. It is a schematic diagram which shows an example of a device identification value. It is a flowchart which shows the subroutine of generation of an encryption unique ID. 9 is a flowchart illustrating a subroutine for generating an authentication key. 9 is a flowchart illustrating a subroutine for generating a device verification value. FIG. 4 is a schematic diagram illustrating an example of generation of encrypted data. It is a schematic diagram which shows the example of a structure of a device verification value. FIG. 9 is a sequence diagram illustrating an operation example of authentication of a terminal device. It is a flowchart which shows the subroutine of decoding of a device identification value.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. The embodiment described below is an embodiment in which the present invention is applied to an authentication system.

[1. Outline of authentication system configuration and functions]
(1.1 Configuration and Function of Authentication System)
First, the configuration and general functions of an authentication system according to an embodiment of the present invention will be described with reference to FIG.

  FIG. 1 is a schematic diagram illustrating a schematic configuration example of an authentication system 1 according to the present embodiment.

As shown in FIG. 1, the authentication system 1
The client-server system includes a server device 10 that performs terminal authentication, and a plurality of terminal devices 20 that are client terminals.

  The server device 10 and the terminal device 20 are connected by the network 3 and can transmit and receive data by a communication protocol (for example, TCP / IP). The network 3 is configured by, for example, the Internet, a dedicated communication line (for example, a CATV (Community Antenna Television) line), a mobile communication network, a gateway, and the like.

  The server device 10 registers the terminal device 20, performs authentication according to a request from the terminal device 20, and establishes a secure communication path with the terminal device 20. The terminal device 20 acquires a dedicated application (an example of a terminal device authentication program) for establishing a secure communication channel, establishes a secure communication channel with this application, and communicates with the server device 10. I do.

(1.2 Configuration and Function of Server Device 10)
Next, the configuration and functions of the server device 10 will be described with reference to FIG.
FIG. 2 is a block diagram illustrating an example of a schematic configuration of the server device 10.

  As shown in FIG. 2, the server device 10 functioning as a computer includes a communication unit 11, a storage unit 12, an input / output interface unit 13, and a system control unit 14. Further, the system control unit 14 and the input / output interface unit 13 are connected via a system bus 15.

  The communication unit 11 is connected to the network 3 and controls communication with the terminal device 20.

  The storage unit 12 includes, for example, a hard disk drive, a silicon disk drive, and the like, and stores an operating system, a server program, and various programs such as an application provided to the terminal device 20.

  The various programs may be obtained from another server device or the like via the network 3, or may be recorded on a recording medium and read via a drive device (not shown). Is also good. Further, the application or the like may be a program product.

  The storage unit 12 also stores a terminal information database 12a (hereinafter, referred to as a “terminal information DB 12a”) for registering the terminal device 20 and tenant information for storing information such as a tenant name of a business owner who uses the server device 10. A database 12b (hereinafter referred to as a “tenant information DB 12b”) and the like are constructed.

  Note that these databases may be configured by the same device or different devices. Further, these databases may be constructed in a server different from the server device 10.

  In the terminal information DB 12a, a device identification value for identifying the terminal device 20, issued by the server device 10, is stored in association with a user number or the like.

  In the tenant information DB 12b, the tenant name of the business owner, the tenant ID, the domain name of the business owner, and the like are stored in association with each other.

  The input / output interface unit 13 performs an interface process between the communication unit 11, the storage unit 12, and the system control unit 14.

  The system control unit 14 includes a CPU (Central Processing Unit) 14a, a ROM (Read Only Memory) 14b, a RAM (Random Access Memory) 14c, and the like. The system control unit 14 performs processing for registering and authenticating a terminal device by reading and executing various programs stored in the ROM 14b and the storage unit 12 by the CPU 14a.

(2.2 Configuration and Function of Terminal Device 20)
Next, the configuration and functions of the terminal device 20 will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating an example of a schematic configuration of the terminal device 20.

  As shown in FIG. 3, the terminal device 20 functioning as a computer is, for example, a personal computer. The terminal device 20 includes a communication unit 21, a storage unit 22, a display unit 23, an operation unit 24, an input / output interface unit 25, and a system control unit 26. The system control unit 26 and the input / output interface unit 25 are connected via a system bus 27. Note that the terminal device 20 may be a computer such as a smartphone and a tablet.

  The communication unit 21 controls communication with the server device 10 and the like via the network 3.

  The storage unit 22 includes, for example, a hard disk drive or the like, and stores programs such as an operating system and an application.

  The display unit 23 includes, for example, a liquid crystal display element or an EL (Electro Luminescence) element.

  The operation unit 24 includes, for example, a keyboard and a mouse.

  The input / output interface unit 25 is an interface between the communication unit 21, the storage unit 22, and the system control unit 26.

  The system control unit 26 has, for example, a CPU 26a, a ROM 26b, and a RAM 26c. The system control unit 26 causes the CPU 26a to read and execute various programs such as applications stored in the ROM 26b, the RAM 26c, and the storage unit 22.

  The terminal device 20 may be a so-called Internet of Things terminal, for example, an RFID (radio frequency identifier) or a sensor. In this case, the display unit 23 and the operation unit 24 may not be provided, and the storage unit 22 may be a nonvolatile RAM 26c.

[2. Operation of authentication system]
Next, the operation of the authentication system 1 according to one embodiment of the present invention will be described with reference to FIGS.

(2.1 Operation example of terminal device registration)
First, an operation example of registration of the terminal device 20 in the authentication system 1 will be described with reference to FIGS.

  FIG. 4 is a sequence diagram illustrating an operation example of registration of the terminal device 20 in the authentication system 1. FIG. 5 is a schematic diagram illustrating an example of the device identification value.

  As shown in FIG. 4, the terminal device 20 downloads a dedicated application (step S1). Specifically, the system control unit 26 of the terminal device 20 downloads in advance a dedicated application for establishing communication with the server device 10 from a website or the like operated by the server device 10 or the like. Note that the dedicated application for the terminal device 20 may be included in the terminal device 20 in advance in a form preinstalled or incorporated.

  Next, the terminal device 20 generates an encrypted unique ID (Step S2). Specifically, the system control unit 26 activates this application for initial setting of a dedicated application, generates an encrypted unique ID, and stores the generated unique ID in the storage unit 22. More specifically, the system control unit 26 generates a unique ID for the terminal device 20 by a program of an application in a subroutine of the process of generating an encrypted unique ID, and generates unique information of the terminal device 20 (device unique information). ), A unique key unique to the terminal device 20 is generated, the unique ID is encrypted with the unique key, and an encrypted unique ID is generated. Note that the generated unique ID and unique key are discarded after use. Further, a subroutine of the process of generating the encrypted unique ID will be described later. Further, instead of the storage unit 22, the encrypted unique ID may be stored in the nonvolatile RAM 26c.

  Next, the user selects a dedicated application to register the terminal, the system control unit 26 activates the dedicated application, and performs the following processing on the terminal device 20 side.

  Next, the terminal device 20 receives a new login from the user (step S3). Specifically, the system control unit 26 causes the display unit 23 to display a new login screen for registering the terminal device 20 in the server device 10. A user inputs a tenant name, a user name, a password, and the like on a new login screen. The system control unit 26 transmits the input login information such as the tenant name, the user name, and the password to the server device 10 via the communication unit 21 as a registration request for newly registering the terminal device 20. The communication between the server device 10 and the terminal device 20 is performed by encrypting using https (Hypertext Transfer Protocol Secure) or the like.

  Next, the server device 10 receives the login information (Step S4). Specifically, the system control unit 14 of the server device 10 receives login information from the terminal device 20 via the communication unit 11 as a terminal registration request.

  Next, the server device 10 generates a device identification value for identifying the terminal device 20 (Step S5). For example, the system control unit 14 generates a numerical value for the terminal device 20 that has made the registration request by using a random number or the like, and refers to the tenant information DB 12b and associates the generated numerical value with the tenant name as shown in FIG. A device identification value (an example of a first terminal ID assigned to a terminal device) is generated by adding a value (for example, a tenant ID or a domain name of a business owner). Since the device identification value may be uniquely assigned to the terminal device 20, it is not necessary to add a value corresponding to the tenant name.

  Then, the system control unit 14 transmits the device identification value to the terminal device 20 via the communication unit 11 to issue the device identification value.

  As described above, the server device 10 functions as an example of a first terminal ID transmission unit that generates and transmits a first terminal ID to be assigned to the terminal device in response to a request from the terminal device.

  Next, the terminal device 20 receives the device identification value (Step S6). Specifically, the system control unit 26 receives the issued device identification value from the server device 10 via the communication unit 21.

  Next, the terminal device 20 generates an authentication key used to authenticate the terminal at the time of establishing the communication (step S7). Specifically, the system control unit 26 reads the encryption unique ID from the storage unit 22 in the subroutine of the authentication key generation process, generates the unique key again from the device unique information, The unique ID is decrypted from the ID, and an authentication key is generated from the decrypted unique ID.

  As described above, the application of the terminal device 20 functions as an example of an authentication key generation unit that generates an authentication key for authentication of the terminal device from the decrypted unique ID.

  Here, the authentication key is, for example, a common key in which the encryption key and the decryption key are the same. The encryption method is a common key encryption such as a block encryption or a stream encryption. The encryption method of the authentication key and the encryption method of the unique key may be the same or different. Note that the decrypted unique ID and the generated unique key are discarded after use. The subroutine of the authentication key generation process will be described later.

  Next, the terminal device 20 generates a device verification value used for verification at the time of establishing communication (Step S8). Specifically, in the subroutine of the device verification value generation process, the system control unit 26 generates encrypted data from the device identification value by encryption processing using the authentication key, discards the authentication key, and sets the device data in the encrypted data. A device verification value (an example of the second terminal ID) is generated including the identification value. The system control unit 26 transmits the generated device verification value to the server device 10 via the communication unit 21. Note that the subroutine of the device verification value generation processing will be described later.

  As described above, the application of the terminal device 20 functions as an example of a second terminal ID generation unit that generates the second terminal ID including the first terminal ID in the encrypted data. The application of the terminal device 20 functions as an example of a second terminal ID transmission unit that transmits the second terminal ID to the server device.

  Next, the server device 10 receives the device verification value (Step S9). Specifically, the system control unit 14 receives the device verification value from the terminal device 20 via the communication unit 11.

  As described above, the server device 10 performs the encryption process using the authentication key for authentication of the terminal device generated from the unique ID unique to the terminal device, and adds the encrypted data generated from the first terminal ID to the encrypted data. The terminal functions as an example of a second terminal ID receiving unit that receives the second terminal ID including the first terminal ID from the terminal device.

  Next, the server device 10 determines whether or not a device identification value is included (Step S10). Specifically, the system control unit 14 determines whether or not the received device verification value includes a device identification value. For example, the system control unit 14 extracts a device identification value included in the device verification value, and determines whether the extracted device identification value is correct with reference to the terminal information DB 12a of the storage unit 12. .

  If it contains the device identification value (step S10; YES), the server device 10 issues a certificate (step S11). Specifically, the system control unit 14 generates a certificate (an example of a terminal certificate) in accordance with a public key encryption standard (for example, PKCS (Public-Key Cryptography Standards) # 12 or the like), and Send to This certificate is a client certificate including a device verification value, a public key and a secret key for the terminal device 20, and information indicating that the server device 10 has issued the certificate. The public key and the secret key for the terminal device 20 are generated on the server side such as the server device 10.

  In this way, when the first terminal ID is extracted from the received second terminal ID, the server device 10 sends a terminal certificate that certifies the terminal device, including the second terminal ID, to the terminal device. It functions as an example of a terminal certificate transmitting unit that transmits the terminal certificate to the terminal device.

  If the formal device identification value is not included (step S10; NO), the registration fails, and the server device 10 ends the process.

  Next, the terminal device 20 receives the certificate (step S12). Specifically, the system control unit 26 receives the certificate via the communication unit 21. The system control unit 26 stores the received certificate in the storage unit 22. The received certificate is stored in the storage unit 22 by a dedicated application for establishing communication. Note that the certificate may be stored in the nonvolatile RAM 26c. Further, the system control unit 26 may remove the secret key for the terminal device 20 from the received certificate, and store the certificate with the secret key removed and the secret key in the storage unit 22.

  As described above, when the application of the terminal device 20 extracts the first terminal ID from the second terminal ID in the server device, the terminal device includes the second terminal ID from the server device. Function as an example of a terminal certificate storage unit that receives and stores a terminal certificate that certifies the terminal certificate. The application of the terminal device 20 functions as an example of a terminal certificate storage unit that receives the terminal certificate including the secret key and the public key for the terminal device generated by the server device.

  Next, the server device 10 destroys the certificate (step S13). Specifically, after transmitting the certificate to the terminal device 20, the system control unit 14 deletes the certificate data from the server device 10. That is, when the terminal device 20 of the client downloads the certificate, the server device 10 discards the certificate from the server device 10.

(2.2 Subroutine for generating encryption unique ID)
Next, a subroutine for generating an encrypted unique ID will be described with reference to FIG.

  FIG. 6 is a flowchart showing a subroutine for generating an encryption unique ID.

  As shown in FIG. 6, the terminal device 20 generates a unique ID of the device (Step S15). Specifically, the system control unit 26 generates a random number and generates a unique ID of the device. For example, the activated terminal registration application generates a random number.

  Thus, the application of the terminal device 20 functions as an example of a unique ID generation unit that generates a unique ID unique to the terminal device.

  Next, the terminal device 20 acquires the device unique information (Step S16). Specifically, the system control unit 26 acquires device unique information uniquely assigned to each terminal device 20 such as a MAC address (Media Access Control address) and a mobile phone number from a non-volatile memory of the terminal device 20 or the like. .

  Next, the terminal device 20 generates a unique key from the device unique information (Step S17). Specifically, the system control unit 26 inputs the device unique information to a hash function, calculates a hash value, and uses the hash value as a unique key.

  As described above, the application of the terminal device 20 functions as an example of a unique key generation unit that generates a unique key from unique information unique to the terminal device.

  Next, the terminal device 20 encrypts the unique ID using the unique key (step S18). Specifically, the system control unit 26 encrypts the generated unique ID using a unique key that is a hash value of the device unique information. The system control unit 26 stores the encrypted unique ID (encrypted unique ID) in the storage unit 22. Here, the unique key is, for example, a common key in which the encryption key and the decryption key are the same. The encryption method is a common key encryption such as a block encryption or a stream encryption.

  As described above, the application of the terminal device 20 functions as an example of a unique ID encrypting unit that encrypts the unique ID using the unique key and generates an encrypted unique ID.

  Next, the terminal device 20 discards the unique ID and the unique key (Step S19). Specifically, the system control unit 26 deletes the unique ID and the unique key from the terminal device 20. By encrypting the unique ID with the unique key, the unique ID and the unique key are used and become unnecessary, and the unique ID and the unique key are erased.

  In this way, the application of the terminal device 20 functions as an example of a unique key deleting unit that deletes the unique key after using the unique key. The application of the terminal device 20 functions as an example of a unique ID erasing unit that erases the unique ID after using the unique ID.

(2.3 Subroutine for generating authentication key)
Next, a subroutine for generating an encrypted unique ID will be described with reference to FIG.

  FIG. 7 is a flowchart showing a subroutine for generating an authentication key.

  As shown in FIG. 7, the terminal device 20 acquires an encryption unique ID (Step S20). Specifically, the system control unit 26 of the terminal device 20 reads the encryption unique ID from the storage unit 22 or the like.

  Next, the terminal device 20 acquires device specific information as in step S16 (step S21).

  Next, the terminal device 20 generates a unique key from the device unique information as in step S17 (step S22).

  As described above, the application of the terminal device 20 functions as an example of a unique key generation unit that generates a unique key from unique information unique to the terminal device.

  Next, the terminal device 20 decrypts the unique ID using the unique key (step S23). Specifically, the system control unit 26 generates the unique ID by decrypting the read encrypted unique ID using the unique key that is a common key.

  As described above, the application of the terminal device 20 functions as an example of a unique ID decrypting unit that decrypts the encrypted unique ID using the unique key generated from the unique information.

  Next, the terminal device 20 discards the unique key (Step S24). Specifically, the system control unit 26 deletes the unique key used to decrypt the unique ID from the terminal device 20.

  In this way, the application of the terminal device 20 functions as an example of a unique key deleting unit that deletes the unique key after using the unique key.

  Next, the terminal device 20 generates an authentication key from the unique ID (Step S25). Specifically, the system control unit 26 inputs the decrypted unique ID to a hash function, calculates a hash value, and uses the hash value as an authentication key. Then, the system control unit 26 stores the generated authentication key in the storage unit 22.

  As described above, the application of the terminal device 20 functions as an example of an authentication key generation unit that generates an authentication key for authentication of the terminal device from the decrypted unique ID.

  Next, the terminal device 20 discards the unique ID (Step S26). Specifically, the system control unit 26 deletes the unique ID used to generate the authentication key from the terminal device 20.

  As described above, the application of the terminal device 20 functions as an example of the unique ID erasing unit that erases the unique ID after using the unique ID.

(2.4 Subroutine for generating device verification value)
Next, a subroutine for generating a device verification value will be described with reference to FIGS.

  FIG. 8 is a flowchart showing a subroutine for generating a device verification value. FIG. 9 is a schematic diagram illustrating an example of generating encrypted data. FIG. 10 is a schematic diagram illustrating a configuration example of a device verification value.

  As shown in FIG. 8, the terminal device 20 generates encrypted data from the device identification value by performing an encryption process using an authentication key (step S27). Specifically, as shown in FIG. 9, the system control unit 26 of the terminal device 20 encrypts the device identification value (first terminal ID) using the authentication key to generate encrypted data. Then, after using the authentication key in generating the encrypted data, the system control unit 26 deletes the authentication key from the terminal device 20.

  As described above, the application of the terminal device 20 functions as an example of the encrypted data generation unit that generates the encrypted data from the first terminal ID by performing the encryption process using the authentication key.

  Note that the device identification value may be modified according to a predetermined rule, and encryption processing may be performed using an authentication key. For example, as a method of transforming the device identification value, as shown in FIG. 9, a value obtained by reversing the order of the device identification value may be encrypted with an authentication key, or the device identification value may be divided and replaced. Is also good.

  Next, the terminal device 20 discards the authentication key (Step S28). Specifically, the system control unit 26 deletes the authentication key from the terminal device 20.

  As described above, the application of the terminal device 20 functions as an example of an authentication key deleting unit that deletes the authentication key after using the authentication key.

  Next, the terminal device 20 includes a device identification value in the encrypted data (step S29). Specifically, as shown in FIG. 10A, the system control unit 26 links the device identification value to the end of the encrypted data to generate a device verification value. In step S10, the system control unit 26 extracts a predetermined number of bits from the end of the device verification value and extracts a device identification value. By including the device identification value in the device verification value, the server device 10 can extract and verify the device identification value included in the device verification value, thereby confirming the data from the terminal device 20.

  Note that the system control unit 26 may link the device identification value to the head of the encrypted data as shown in FIG. In this case, in step S10, the system control unit 26 cuts out a predetermined number of bits from the head of the device verification value and extracts a device identification value.

  Further, the system control unit 26 may mix the device identification value with the encrypted data. For example, as shown in FIG. 10 (C), the system control unit 26 decomposes the device identification value into two and connects them to the beginning and end of the encrypted data. In this case, in step S10, the system control unit 26 extracts a predetermined number of bits from the beginning and end of the device verification value, and concatenates them to extract a device identification value. Further, as shown in FIG. 10D, the system control unit 26 decomposes the device identification value into three, and inserts the decomposed device identification value into a predetermined position of the encrypted data. In this case, in step S10, the system control unit 26 extracts the decomposed device identification value from a predetermined position of the device verification value, and concatenates and extracts the device identification value.

  As described above, the application of the terminal device 20 functions as an example of a second terminal ID generation unit that generates the second terminal ID including the first terminal ID in the encrypted data. The application of the terminal device 20 functions as an example of a second terminal ID generation unit that generates the second terminal ID by mixing the first terminal ID with the encrypted data.

(2.5 Operation example of terminal device authentication)
Next, an operation example of authentication of a terminal device in the authentication system 1 will be described with reference to FIG.

  FIG. 11 is a sequence diagram illustrating an operation example of authentication of the terminal device 20 in the authentication system 1.

  First, the system control unit 26 of the terminal device 20 activates a dedicated application for establishing communication with the server device 10 and performs the following processing on the terminal device 20 side.

  As shown in FIG. 11, the terminal device 20 requests establishment of a communication channel (step S30). Specifically, the system control unit 26 transmits a request for establishing a communication path to the server device 10 via the communication unit 21.

  Next, the server device 10 receives the request (Step S31). Specifically, the system control unit 14 of the server device 10 receives a request for establishing a communication path from the terminal device 20 via the communication unit 11.

  Next, the server device 10 requests terminal authentication information (step S32). Specifically, the system control unit 14 transmits to the terminal device 20 via the communication unit 11 a request to send the certificate and the authentication key issued to the terminal device 20.

  Next, the terminal device 20 generates an authentication key (Step S33). Specifically, the system control unit 26 generates an authentication key by a subroutine for generating an authentication key as in step S7.

  As described above, the application of the terminal device 20 functions as an example of an authentication key generation unit that generates an authentication key for authentication of the terminal device from the decrypted unique ID.

  Next, the terminal device 20 sends the certificate and the authentication key, and after the transmission, discards the authentication key (step S34). Specifically, the system control unit 26 transmits the certificate read from the storage unit 22 and the generated authentication key to the server device 10 via the communication unit 21. Then, after sending the authentication key, the system control unit 26 deletes the authentication key from the terminal device 20.

  The certificate transmitted to the server device 10 does not include the secret key for the terminal device 20. When the certificate includes the private key for the terminal device 20, the system control unit 26 removes the private key from the certificate, makes the certificate a simple public key certificate, and transmits the certificate to the server device 10. .

  As described above, the application of the terminal device 20 functions as an example of a terminal certificate transmitting unit that transmits the authentication key and the terminal certificate generated by the authentication key generating unit to the server device for terminal authentication. . The application of the terminal device 20 functions as an example of an authentication key deleting unit that deletes the authentication key after using the authentication key. The application of the terminal device 20 functions as an example of a terminal certificate transmitting unit that transmits the terminal certificate from which the secret key for the terminal device has been removed to the server device.

  Next, the server device 10 determines whether the certificate is correct (Step S35). Specifically, the system control unit 14 receives a certificate and an authentication key from the terminal device 20. The system control unit 14 extracts information indicating the issuance from the received certificate, and determines whether or not the information is issued by the server device 10.

  As described above, the server device 10 functions as an example of a terminal certificate receiving unit that receives the terminal certificate and the authentication key from the terminal device for terminal authentication.

  If the certificate is correct (step S35; YES), the server device 10 extracts a device verification value (step S36). Specifically, the system control unit 14 extracts a device verification value in the certificate.

  If the certificate is incorrect (step S35; NO), it is assumed that the server device 10 has failed in establishing communication.

  Next, the server device 10 decrypts the device identification value (Step S37). Specifically, in the subroutine for decrypting the device identification value, the system control unit 14 decrypts the device identification value from the device verification value using the received authentication key. The subroutine for decoding the device identification value will be described later.

  Next, the server device 10 determines whether or not the value is the device identification value (Step S38). Specifically, the system control unit 14 determines whether or not the device identification value decrypted with the authentication key is correct with reference to the terminal information DB 12a of the storage unit 12.

  As described above, the server device 10 functions as an example of a determination unit that determines whether the extracted first terminal ID is correct.

  If the device identification value is correct (step S38; YES), the server device 10 generates an encryption key for communication (step S39). Specifically, the system control unit 14 generates a communication encryption key for the terminal device 20 from a random number or the like.

  Next, the server device 10 encrypts the communication encryption key (step S40). Specifically, the system control unit 14 encrypts the communication encryption key with the public key for the terminal device 20 included in the certificate. The system control unit 14 transmits, to the terminal device 20 via the communication unit 11, notification information indicating that the terminal authentication has been completed, and the encrypted communication encryption key.

  Next, the terminal device 20 decrypts the communication encryption key (step S41). Specifically, the system control unit 26 receives, via the communication unit 21, notification information indicating that terminal authentication has been completed and an encrypted communication encryption key. The system control unit 26 decrypts the communication encryption key with the secret key for the terminal device 20 included in the certificate.

  As described above, the application of the terminal device 20 determines that the encrypted data is extracted from the second terminal ID included in the terminal certificate in the server device, and the authentication data received by the server device is obtained from the encrypted data. If it is determined that the first terminal ID extracted by the key decryption process is correct, it functions as an example of a communication key receiving unit that receives a communication key for communication from the server device. The application of the terminal device 20 functions as an example of a communication key receiving unit that receives the communication key encrypted with the public key for the terminal device.

  Next, the terminal device 20 and the server device 10 perform secure communication on the established communication path. When transmitting data, communication is performed by encrypting the data using an encryption key for communication.

  In order to enhance security, when a certain session ends or a predetermined time elapses, the established communication path is terminated, and the communication encryption key is deleted from the terminal device 20 and the server device 10.

  When establishing a new communication path, the authentication system 1 newly performs the processing from step S30 to step S41, establishes a new communication path, and performs communication using a new communication encryption key.

(2.6 Device identification value decoding subroutine)
Next, a subroutine for decoding the device identification value will be described with reference to FIG.

  FIG. 12 is a flowchart showing a subroutine for decoding the device identification value.

  As shown in FIG. 12, the server device 10 extracts the encrypted data from the device verification value (Step S45). Specifically, the system control unit 14 of the server device 10 extracts the encrypted data from the device verification value based on the configuration of the device verification value.

  For example, as shown in FIG. 10A, when encrypted data is linked to the head of the device verification value, the system control unit 14 extracts the encrypted data from the head of the device verification value.

  As shown in FIG. 10B, when the encrypted data is linked to the end of the device verification value, the system control unit 14 extracts the encrypted data from the data after the device identification value in the device verification value. .

  As shown in FIG. 10C, when the encrypted data is included in the middle of the device verification value, the system control unit 14 extracts the encrypted data from the portion of the device verification value that includes the encrypted data.

  As shown in FIG. 10 (D), if the device verification values are distributed and included, the system control unit 14 takes out the encrypted data portions in the device verification values and joins them together to convert the encrypted data. Extract.

  The information on the position of the encrypted data in the device verification value (for example, the xxth bit from the beginning and the yzth bit to the zzth bit) is stored on the server device 10 side and the terminal device 20 side (for example, for the terminal device 20). (Dedicated application) and share in advance.

  As described above, the server device 10 functions as an example of an encrypted data extracting unit that extracts the encrypted data from the second terminal ID included in the terminal certificate.

  Next, the server device 10 decrypts the device identification value from the encrypted data by a decryption process using the authentication key (step S46). Specifically, the system control unit 14 decrypts the encrypted data using the authentication key. Then, after using the authentication key, the system control unit 14 deletes the authentication key from the server device 10.

  As described above, the server device 10 functions as an example of a first terminal ID extracting unit that extracts a first terminal ID from the encrypted data by performing a decryption process using the received authentication key. The server device 10 functions as an example of an authentication key deleting unit that deletes the authentication key after using the authentication key.

  As shown in FIG. 9, when the encrypted data is directly generated from the device identification value, the encrypted data is decrypted with the authentication key to obtain the device identification.

  As illustrated in FIG. 9, when the device identification value is modified according to a predetermined rule, the system control unit 14 modifies the decrypted encrypted data by performing a reverse transformation to the modified rule to obtain the decrypted encrypted data. Device identification value from the encrypted data.

  As described above, the server device 10 functions as an example of a first terminal ID extracting unit that extracts a first terminal ID from the encrypted data by performing a decryption process using the received authentication key.

  As described above, according to the present embodiment, the unique ID of the terminal device 20 is encrypted with the unique key generated from the unique information (for example, the MAC address) of the terminal device 20, and the encrypted unique ID is generated. A device identification value (an example of a first terminal ID) of the terminal device 20 is obtained, the encrypted unique ID is decrypted using the unique key, an authentication key for authentication of the terminal device 20 is generated from the decrypted unique ID, and the authentication is performed. A device verification value (an example of a second terminal ID) including the device identification value is generated in the encrypted data generated from the device identification value by the encryption processing using the key, and transmitted to the server device 10. When the device identification value is deleted and the device identification value is extracted from the device verification value in the server device 10, the terminal device certificate including the device verification value and certifying the terminal device 20 is transmitted from the server device 10. By receiving and storing the certificate, deleting the unique key and unique ID after use, and transmitting the authentication key and the terminal certificate to the server device 10 for terminal authentication, the data stored in the application of the terminal device 20 is saved. Even if the terminal device 20 is stolen, the unique key and the unique ID cannot be restored, and the authentication key cannot be generated at the time of authentication. Therefore, the impersonation of the terminal device 20 can be prevented. That is, even if the same application is installed on another terminal device and stolen information is set, authentication is not passed.

  When the device identification value of an example of the first terminal ID is mixed with the encrypted data to generate the device verification value of the example of the second terminal ID, it is difficult to extract the first terminal ID from the second terminal ID, Impersonation becomes more difficult, and the security of authentication and communication is further improved.

  In the server device 10, the encrypted data is extracted from the device verification value (an example of the second terminal ID) included in the terminal certificate, and is extracted from the encrypted data by a decryption process using the authentication key received by the server device 10. If it is determined that the device identification value (an example of the first terminal ID) is correct, and the communication key for communication is received from the server device 10, the terminal device 20 is less likely to be spoofed, and communication with high security is performed. A road can be established.

  The terminal device 20 receives the terminal certificate including the private key and the public key for the terminal device 20 generated by the server device 10, transmits the terminal certificate obtained by removing the private key for the terminal device to the server device 10, When receiving the communication key encrypted with the public key for use, the processing load on the terminal device 20 is reduced, and a highly secure communication path can be established. In particular, when the terminal device 20 is a terminal of the Internet of Things, the processing load can be reduced, and the power consumption and the size of the terminal device 20 can be reduced.

  Note that the terminal device 20 may generate a public key and a secret key for the terminal device 20. When the terminal device 20 transmits data, the data is encrypted using the secret key for the terminal device 20. When the server device 10 transmits data, the data is encrypted using the server device secret key generated by the server device 10. When transmitting data encrypted by the terminal device secret key generated by the terminal device 20 to the server device, there is no exchange of the secret key in communication, so that communication security is further improved.

  The timing of deleting the unique key, the unique ID, and the authentication key may be immediately after use, or after a series of processes is completed, when registration of the terminal device or authentication of the terminal device is completed, It may be within a predetermined time after generation. The timing for deleting the unique key, the unique ID, and the authentication key is preferably as early as possible after use to prevent spoofing.

  Furthermore, the present invention is not limited to the above embodiments. Each of the above embodiments is an example, and has substantially the same configuration as the technical idea described in the scope of the claims of the present invention, and any device having the same operation and effect can be obtained. It is included in the technical scope of the present invention.

1: Authentication system 10: Server device 20: Terminal device

Claims (8)

Computer
Unique ID generating means for generating a unique ID unique to the terminal device,
Unique key generating means for generating a unique key from unique information unique to the terminal device,
A unique ID encrypting means for encrypting the unique ID with the unique key to generate an encrypted unique ID;
First terminal ID acquisition means for acquiring a first terminal ID assigned to the terminal device from a server device,
A unique ID decoding unit for decoding the encrypted unique ID with the unique key generated from the unique information;
Authentication key generation means for generating an authentication key for authentication of the terminal device from the decrypted unique ID,
Unique key erasing means for erasing the unique key after using the unique key,
Unique ID erasing means for erasing the unique ID after using the unique ID,
Encrypted data generation means for generating encrypted data from the first terminal ID by encryption processing using the authentication key;
Authentication key erasing means for erasing the authentication key after using the authentication key,
A second terminal ID generating means for generating a second terminal ID including the first terminal ID in the encrypted data;
Second terminal ID transmission means for transmitting the second terminal ID to the server device,
Before SL including a second terminal ID, and terminal certificate attesting the terminal device, the terminal certificate storage means for storing said server device or we received by and,
A terminal device authentication program for functioning as a terminal certificate transmission unit for transmitting the authentication key and the terminal certificate generated by the authentication key generation unit to the server device for terminal authentication. The program for terminal device authentication according to claim 1,
A program for terminal device authentication, wherein the second terminal ID generation means generates the second terminal ID by mixing the encrypted data with the first terminal ID. The program for terminal device authentication according to claim 1 or 2,
The communication key for communication is pre-Symbol server generated, as a communication key receiving means for receiving from said server device, the terminal device program for authentication, characterized in that to further function. The program for terminal device authentication according to claim 3,
The terminal certificate storage unit receives the terminal certificate including a private key and a public key for the terminal device generated by the server device,
Wherein the terminal certificate transmitting unit transmits the terminal certificate, from which the secret key for the terminal device has been removed, to the server device,
A terminal device authentication program, wherein the communication key receiving means receives the communication key encrypted with a public key for the terminal device. The terminal device authentication program according to any one of claims 1 to 3,
The terminal device, wherein the second terminal ID transmitting means and the terminal certificate transmitting means transmit data encrypted by the terminal device secret key generated by the terminal device to the server device. Authentication program. A unique ID generating step of generating a unique ID of the terminal device,
A unique key generation step of generating a unique key from unique information unique to the terminal device;
A unique ID encrypting step of encrypting the unique ID with the unique key to generate an encrypted unique ID,
A first terminal ID acquisition step of acquiring a first terminal ID assigned to the terminal device from a server device,
A unique ID decoding step of decoding the encrypted unique ID with the unique key generated from the unique information,
An authentication key generation step of generating an authentication key for authentication of the terminal device from the decrypted unique ID,
A unique key erasing step of, after using the unique key, erasing the unique key,
A step of erasing the unique ID, wherein the encrypted data generating means erases the unique ID after using the unique ID;
An encrypted data generating step of generating encrypted data from the first terminal ID by an encryption process using the authentication key;
Authentication key erasing means, after using the authentication key, an authentication key erasing step of erasing the authentication key,
A second terminal ID generating step of generating a second terminal ID including the first terminal ID in the encrypted data,
A second terminal ID transmitting means for transmitting the second terminal ID to the server device, a second terminal ID transmitting step,
Terminal certificate storage means, before Symbol including the second terminal ID, and terminal certificate attesting the terminal device, a terminal certificate storage step of receiving and storing from said server device,
A terminal certificate transmitting unit for transmitting the authentication key and the terminal certificate generated by the authentication key generating unit to the server device for terminal authentication;
A terminal device authentication method comprising: First terminal ID transmitting means for generating and transmitting a first terminal ID to be assigned to the terminal device in response to a request from the terminal device;
A second process that includes the first terminal ID in encrypted data generated from the first terminal ID by performing encryption processing using an authentication key for authentication of the terminal device generated from a unique ID unique to the terminal device. A second terminal ID receiving means for receiving a terminal ID from the terminal device;
When the first terminal ID is extracted from the received second terminal ID, a terminal certificate including the second terminal ID and transmitting a terminal certificate for certifying the terminal device to the terminal device. Means,
For terminal authentication, terminal certificate receiving means for receiving the terminal certificate and the authentication key from the terminal device,
Encrypted data extracting means for extracting the encrypted data from the second terminal ID included in the terminal certificate;
First terminal ID extracting means for extracting a first terminal ID from the encrypted data by a decryption process using the received authentication key;
Determining means for determining whether the extracted first terminal ID is the first terminal ID stored in the terminal information storage means by referring to terminal information storage means in which the first terminal ID is stored in advance; When,
A server device comprising: In an authentication system in which a server device authenticates a terminal device,
The terminal device,
Unique ID generation means for generating a unique ID unique to the terminal device;
Unique key generation means for generating a unique key from unique information unique to the terminal device;
A unique ID encrypting means for encrypting the unique ID with the unique key to generate an encrypted unique ID;
First terminal ID acquisition means for acquiring a first terminal ID assigned to the terminal device from the server device;
A unique ID decoding unit for decoding the encrypted unique ID with the unique key generated from the unique information;
Authentication key generation means for generating an authentication key for authentication of the terminal device from the decrypted unique ID,
After using the unique key, unique key erasing means for erasing the unique key,
Unique ID erasing means for erasing the unique ID after using the unique ID;
Encrypted data generating means for generating encrypted data from the first terminal ID by performing encryption processing using the authentication key;
Authentication key erasing means for erasing the authentication key after using the authentication key,
A second terminal ID generating means for generating a second terminal ID including the first terminal ID in the encrypted data;
Second terminal ID transmission means for transmitting the second terminal ID to the server device;
Before SL including a second terminal ID, and terminal certificate attesting the terminal device, and the terminal certificate storage means for receiving and storing from said server device,
For terminal authentication, terminal certificate transmitting means for transmitting the authentication key and the terminal certificate generated by the authentication key generating means to the server device,
The server device is:
In response to a request from the terminal device, a first terminal ID to be assigned to the terminal device is generated,
First terminal ID transmitting means for transmitting;
A second process that includes the first terminal ID in encrypted data generated from the first terminal ID by performing encryption processing using an authentication key for authentication of the terminal device generated from a unique ID unique to the terminal device. A second terminal ID receiving means for receiving a terminal ID from the terminal device;
When the first terminal ID is extracted from the received second terminal ID, a terminal certificate including the second terminal ID and certifying the terminal device is transmitted to the terminal device. Means,
For terminal authentication, terminal certificate receiving means for receiving the terminal certificate and the authentication key from the terminal device,
Encrypted data extracting means for extracting the encrypted data from the second terminal ID included in the terminal certificate;
First terminal ID extracting means for extracting a first terminal ID from the encrypted data by a decryption process using the received authentication key;
Determining means for determining whether the extracted first terminal ID is the first terminal ID stored in the terminal information storage means by referring to terminal information storage means in which the first terminal ID is stored in advance; When,
An authentication system comprising:

Images