WO2015092953A1 - 認証システムおよび認証方法 - Google Patents
認証システムおよび認証方法 Download PDFInfo
- Publication number
- WO2015092953A1 WO2015092953A1 PCT/JP2014/005014 JP2014005014W WO2015092953A1 WO 2015092953 A1 WO2015092953 A1 WO 2015092953A1 JP 2014005014 W JP2014005014 W JP 2014005014W WO 2015092953 A1 WO2015092953 A1 WO 2015092953A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- controller
- crl
- authentication
- server
- certificate
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Definitions
- This disclosure relates to an authentication system that enables a device and a controller to be connected safely.
- Wi-Fi Protected Setup to facilitate connection between devices.
- Wi-Fi wireless connection only guarantees device interoperability between the appliance at the access point corresponding to the controller and the home appliance, and does not authenticate whether the connection partner is a legitimate device. .
- Non-patent Document 2 a public key authentication infrastructure (PKI: Public Key Infrastructure) in order to authenticate the validity of a device.
- PKI Public Key Infrastructure
- the authentication based on PKI guarantees the validity of a device by authenticating that an entity (home appliance or controller) has a private key and a public key certificate issued by a certificate authority. When a private key is leaked, the public key certificate needs to be revoked in order to prevent fraud using the public key certificate.
- a certificate revocation list CTL that is a certificate revocation list is represented (Non-patent Document 2).
- the CRL is a list of revoked public key certificates, and the certificate authority that issued the public key certificate adds a signature to the revoked public key certificate ID and distributes it.
- the home appliance or controller entity verifies whether the public key certificate of another entity to be connected is described in the CRL. Therefore, it is necessary to use the latest CRL as the CRL.
- Wi-Fi Alliance “Wi-Fi CERTIFIED Wi-Fi Protected Setup: Easing the User Experience for Home and Small Office Wi-FiR Network, 20 June (20th, 20th, 20th, 20th, 20th, 20th, 20th, 20th) Search], Internet ⁇ URL: http: // www. wi-fi.
- An authentication system includes an apparatus, an operation terminal that operates the apparatus, and a controller.
- the authentication system performs authentication between the controller and the apparatus.
- the certificate revocation list is acquired, the second certificate revocation list is acquired together with the control instruction from the operation terminal to the device, and the first certificate revocation list and the second certificate revocation list are stored in the controller and the device.
- FIG. 1 is an overall configuration diagram of an authentication system in Embodiment 1.
- FIG. 2 is a configuration diagram of a controller in Embodiment 1.
- FIG. 6 is a diagram illustrating an example of a connected device management table of a controller according to Embodiment 1.
- FIG. 6 is a diagram showing an example of a public key certificate in Embodiment 1.
- FIG. 3 is a diagram illustrating an example of a CRL in Embodiment 1.
- FIG. 1 is a configuration diagram of a device in Embodiment 1.
- FIG. 6 is a diagram illustrating an example of a connection controller management table of devices in the first embodiment.
- FIG. FIG. 3 is a configuration diagram of a manufacturer server in the first embodiment.
- FIG. 6 is a diagram illustrating an example of a device information management table of a maker server according to Embodiment 1.
- FIG. 2 is a configuration diagram of a portal server in Embodiment 1.
- FIG. 3 is a sequence diagram at the time of device registration in Embodiment 1.
- FIG. 3 is a sequence diagram at the time of device registration in Embodiment 1.
- FIG. 10 is a sequence diagram when updating the CRL of the manufacturer server in the first embodiment.
- FIG. 10 is a sequence diagram when updating the CRL of the device in the first embodiment.
- FIG. 10 is a sequence diagram when updating the CRL of the device in the first embodiment.
- FIG. 10 is a sequence diagram when updating the CRL of the device in the first embodiment.
- FIG. 10 is a sequence diagram when updating the CRL of the device in the first embodiment.
- FIG. 10 is a sequence diagram when updating the CRL of the device in the first embodiment.
- FIG. 10 is a sequence diagram at the time of device registration in the second embodiment.
- FIG. 10 is a sequence diagram at the time of device registration in the second embodiment.
- FIG. 10 is a sequence diagram at the time of device registration in the second embodiment.
- FIG. 10 is a diagram illustrating an example of a connection controller management table of devices in the second embodiment.
- 10 is a diagram illustrating an example of a connected device management table of a controller according to Embodiment 2.
- FIG. FIG. 10 is a sequence diagram at the time of device history information transmission processing in the second embodiment.
- FIG. 10 is an overall configuration diagram of an authentication system in a third embodiment.
- FIG. 10 is a configuration diagram of a device in a third embodiment.
- FIG. 10 is a configuration diagram of a server in a third embodiment.
- FIG. 10 is a configuration diagram of an operation terminal in a third embodiment.
- FIG. 10 is a diagram illustrating an example of a control device management table of an operation terminal according to Embodiment 3.
- FIG. 10 is a diagram illustrating an example of a control command message in the third embodiment.
- FIG. 11 is a sequence diagram when executing device control in the third embodiment.
- FIG. 11 is a sequence diagram when executing device control in the third embodiment.
- FIG. 10 is an overall configuration diagram of an authentication system in a fourth embodiment.
- FIG. 10 is a configuration diagram of an operation terminal in a fourth embodiment.
- FIG. 10 is a sequence diagram at the time of CRL update of the operation terminal in the fourth embodiment.
- FIG. 10 is a sequence diagram when performing device control in the fourth embodiment.
- FIG. 10 is a configuration diagram of an operation terminal in a third embodiment.
- FIG. 10 is a diagram illustrating an example of a control device management table of an operation terminal according to Embodiment 3.
- FIG. 10
- FIG. 10 is a sequence diagram when performing device control in the fourth embodiment.
- FIG. 10 is an overall configuration diagram of an authentication system in a fifth embodiment.
- FIG. 10 is a configuration diagram of a device in a fifth embodiment.
- FIG. 10 is a sequence diagram when executing device control in the fifth embodiment.
- FIG. 10 is a sequence diagram when executing device control in the fifth embodiment.
- the home appliance acquires the CRL via the controller.
- the controller is an unauthorized device, even if the public key certificate is described in the CRL, unless the controller distributes the CRL in which the controller's public key certificate is described to the home appliance, The controller is authenticated as a valid device.
- An authentication method is an authentication method in an authentication system that includes an apparatus, an operation terminal that operates the apparatus, and a controller, and performs authentication between the controller and the apparatus.
- the first certificate revocation list is acquired from the operation terminal
- the second certificate revocation list is acquired together with the control instruction for the device from the operation terminal
- the first certificate revocation list and the second certificate revocation list are: This is a revocation list related to the certificates of the controller and the device, and the validity of the controller is determined based on the first certificate revocation list or the second certificate revocation list.
- the authentication method stops the connection with the controller when the device determines that the controller is unauthorized.
- the authentication method determines the validity of the controller by comparing the next issuance date of the first certificate revocation list with the issuance date of the second certificate revocation list. To do.
- the authentication system further includes a server, and the server gives the second certificate revocation list to the control instruction.
- the device authenticates the validity of the controller according to the content of the control instruction, and the execution order and / or execution of the control processing based on the content of the control instruction. Judgment is made.
- FIG. 1 is a diagram illustrating an overall configuration of the authentication system 10 according to the present disclosure.
- the authentication system 10 includes a controller 100, a device 200, a server 300, and a portal server 400.
- the controllers 100a and 100b are devices having a function of controlling the devices.
- the controllers 100a and 100b have functions such as connecting to a server, transmitting home appliance history information to the server, receiving a control request from the server, and controlling home appliances.
- the devices 200a to 200c are home appliances and housing equipment that collect device history information, such as televisions, recorders, air conditioners, refrigerators, and storage batteries.
- Servers 300a to 300c are a content server that distributes content, a manufacturer server that manufactures home appliances, and a service server that provides services.
- the history information of the device in the home is transmitted to the controller, and the controller transmits the history information of the device to the manufacturer server.
- the service server is an electric power company
- the electric power company connects to the controller via a home smart meter (not shown). Based on the power information from the power company, the controller controls household devices and suppresses power consumption in the home.
- FIG. 2 is a configuration diagram of the controller 100a.
- the controller 100a includes a device management unit 101, a device information holding unit 102, an authentication processing unit 103, an authentication information holding unit 104, and a communication unit 105.
- the controller 100b has the same configuration.
- the device management unit 101 manages devices connected to the controller. When there is a connection request from the device, the device management unit 101 transmits the public key certificate received from the device to the authentication processing unit 103 and requests an authentication process. The device management unit 101 receives the authentication result from the authentication processing unit 103. If the authentication is successful, the device management unit 101 registers the device ID and the certificate ID in the connected device management table held by the device information holding unit 102.
- the device information holding unit 102 manages information on devices connected to the controller.
- FIG. 3 is a diagram showing an example of a device information management table that the device information holding unit 102 has.
- the device information management table records a device ID and a certificate ID of a public key certificate possessed by the device.
- the authentication processing unit 103 performs an authentication process with the device.
- the authentication processing unit 103 receives an authentication request from the device management unit 101 together with the device public key certificate
- the authentication processing unit 103 acquires the CRL recorded in the authentication information holding unit 104 and obtains the certificate of the device public key certificate. It is verified whether the ID is described in the CRL. Further, the authentication processing unit 103 verifies the signature of the public key certificate using the public key (not shown) of the portal server that is the certificate authority. Also, the authentication processing unit 103 generates a random number and transmits the random number to the device. The authentication processing unit 103 verifies the signature of the random number received from the device. If any verification fails, the authentication processing unit 103 determines that the device is an unauthorized device.
- the authentication information holding unit 104 has a private key / public key certificate key pair and CRL.
- the private key, public key certificate, and CRL are embedded in the authentication information holding unit 104 at the time of shipment.
- FIG. 4 is a diagram illustrating an example of the configuration of a public key certificate.
- a public key certificate includes a version, an issuer, start and end of a validity period, a certificate ID, and a signature of a portal server that is a certificate authority.
- FIG. 5 is a diagram illustrating an example of the configuration of the CRL.
- the CRL includes a CRL version, an issuer, an issue date, a next issue date, a revoked certificate ID, and a signature of a portal server that is a certificate authority.
- the certificate ID is not limited to one, and there may be a plurality of certificate IDs.
- the communication unit 105 communicates with the device 200, the manufacturer server 300a, and the service server 300b.
- the communication unit 105 performs SSL (Secure Socket Layer) communication in communication with the server.
- SSL Secure Socket Layer
- a certificate necessary for SSL communication is recorded by the communication unit 105.
- FIG. 6 is a configuration diagram of the device 200.
- the device 200 includes a device management unit 201, a device history holding unit 202, a device information holding unit 203, an authentication processing unit 204, an authentication information holding unit 205, and a communication unit 206.
- the device management unit 201 transmits a connection request to the controller 100 at the time of activation.
- the communication unit 206 executes SSL communication with the content server 300c.
- the device management unit 201 Upon receiving the public key certificate from the controller, the device management unit 201 transmits an authentication request to the authentication processing unit 204.
- the device management unit 201 receives the authentication result from the authentication processing unit 204.
- the device management unit 201 registers the controller ID and the certificate ID in the connection controller management table held by the device information holding unit 203.
- the device management unit 201 transmits the device history recorded by the device history holding unit 202 to the server via the controller periodically or irregularly. When directly connected to the content server, it is transmitted to the server without going through the controller.
- the device history holding unit 202 acquires and records the device operation history.
- the device information holding unit 203 manages information on the controller 100 connected to the device.
- FIG. 7 is a diagram showing an example of a connection controller management table that the device information holding unit 203 has.
- the connected controller management table records the controller ID and the certificate ID of the public key certificate possessed by the controller.
- the authentication processing unit 204 performs authentication processing with the controller.
- the authentication processing unit 204 receives an authentication request together with the public key certificate from the device management unit 201
- the authentication processing unit 204 acquires the CRL recorded in the authentication information holding unit 205, and the certificate ID of the controller public key certificate is obtained. It is verified whether it is described in the CRL.
- the authentication processing unit 204 verifies the signature of the public key certificate using the public key (not shown) of the portal server that is the certificate authority.
- the authentication processing unit 204 generates a random number and transmits the random number to the controller.
- the authentication processing unit 204 verifies the signature of the random number received from the controller. If any verification fails, the authentication processing unit 204 determines that the controller is an unauthorized device.
- the authentication information holding unit 205 has a private key / public key certificate key pair and CRL.
- the key pair and CRL of the private key and public key certificate are embedded in the authentication information holding unit 205 when the device is shipped. Since the public key certificate and CRL have the same configuration as the public key certificate and CRL possessed by the controller, description thereof is omitted here.
- the communication unit 206 communicates with the controller 100 and the content server 300c.
- the communication unit 206 performs SSL (Secure Socket Layer) communication in communication with the content server.
- SSL Secure Socket Layer
- a certificate necessary for SSL communication is recorded by the communication unit 206.
- FIG. 8 is a configuration diagram of the manufacturer server 300a.
- the manufacturer server 300a includes a device information management unit 301, a device information holding unit 302, a CRL management unit 303, a CRL holding unit 304, and a communication unit 305.
- the service server 300b has the same configuration.
- the device information management unit 301 controls the device information holding unit 302 to manage the association between the controller and the device, the controller to be connected, the device ID, the certificate ID of the public key certificate, and the device history. In addition, when the device information management unit 301 detects a device or controller fraud, the device information management unit 301 notifies the portal server of the certificate ID of the public key certificate of the device or controller, and issues a CRL issuance request. The device information management unit 301 transmits the CRL to the CRL management unit 303 when the CRL is updated.
- the device information holding unit 302 records the controller ID, device ID, certificate ID, and device history.
- FIG. 9 is a diagram illustrating an example of a device information management table that the device information holding unit 302 has.
- the controller ID1 which is the controller ID, indicates that devices ID1 to ID3 are connected.
- the controller certificate ID and device certificate ID are also recorded.
- the history information of the device ID 1 indicates that it is recorded in the history information 1.
- the CRL management unit 303 controls the CRL holding unit 304 and updates the CRL of the CRL holding unit 304 when receiving the CRL from the device information management unit 301.
- the CRL holding unit 304 records the CRL.
- the communication unit 305 communicates with the controller 100a and the portal server 400. SSL communication is performed in communication with the controller 100a and the portal server 400. A certificate necessary for SSL communication is recorded by the communication unit 305.
- the configuration of the content server 300c is different from that of the manufacturer server 300a.
- SSL authentication is performed between the content server 300c and the device.
- the device information management table of the device information holding unit 302 is a device information management table without controller information.
- FIG. 10 is a configuration diagram of the portal server 400.
- the portal server 400 includes a CRL management unit 401, a CRL holding unit 402, an encryption processing unit 403, an encryption key holding unit 404, and a communication unit 405.
- the CRL management unit 401 controls the CRL holding unit 402 and manages the CRL.
- the CRL management unit 401 receives a CRL issuance request from the manufacturer server 300a or the service server 300b, the CRL management unit 401 sets data other than the CRL signature and requests the cryptographic processing unit 403 to generate a CRL signature.
- the CRL management unit 401 receives the CRL generated by the signature from the encryption processing unit 403 and records it in the CRL holding unit 402.
- the CRL holding unit 402 records the issued CRL.
- the cryptographic processing unit 403 When the cryptographic processing unit 403 receives a signature generation request from the CRL management unit 401, the cryptographic processing unit 403 generates a CRL signature using the private key held in the encryption key holding unit 404. When the cryptographic processing unit 403 generates a CRL signature, the cryptographic processing unit 403 transmits the CRL signature to the CRL management unit 401.
- the encryption key holding unit 404 holds a secret key for CRL issuance of the portal server 400 serving as a certificate authority.
- the communication unit 405 communicates with each of the servers 300a to 300c. In communication with each of the servers 300a to 300c, SSL communication is performed. A certificate necessary for SSL communication is recorded by the communication unit 405.
- the operation of the authentication system 10 includes the following.
- FIGS. 11 to 12 show a sequence of processing in which the device 200c connects to the controller 100a and registers with the manufacturer server 300a. The same applies to the processing in which the devices 200a and 200b are connected to the controller 100a and registered in the manufacturer server 300a, and the processing in which the device 200c is connected to the controller 100b and registered in the service server 300a.
- the controller 100a verifies whether the certificate ID of the public key certificate of the device 200c that received the connection request is described in the CRL held in the authentication information holding unit. If it is described in the CRL, an error is notified to the device 200c and the process is terminated.
- the controller 100a verifies the signature of the public key certificate received from the device 200c. If the verification is not successful, an error is notified to the device 200c and the process is terminated.
- the signature at this time may be ECDSA (Elliptic Curve Digital Signature Algorithm). Since ECDSA is described in Non-Patent Document 3, it is not described here.
- the controller 100a generates a random number and transmits it to the device 200c together with the controller ID and the public key certificate.
- the device 200c verifies whether the certificate ID of the public key certificate of the controller 100a that transmitted the connection request is described in the CRL that is held. If it is described in the CRL, an error is notified to the controller 100a and the process is terminated.
- the device 200c verifies the signature of the public key certificate received from the controller 100a. If the verification fails, an error is notified to the controller 100a and the process is terminated.
- the device 200c generates a signature from the random number received from the controller 100a and the private key of the device 200c.
- the device 200c generates a random number and transmits it to the controller 100a together with the signature generated in S107.
- the controller 100a receives the signature and the random number, and verifies the signature using the public key certificate received in S101. If the signature verification is not successful, an error is notified to the device 200c and the process is terminated.
- the controller 100a generates a signature from the random number received in S109 and the private key of the controller 100a, and transmits the signature to the device 200a.
- the device 200c receives the signature, and verifies the signature using the public key certificate received in S104. If the signature verification is not successful, an error is notified to the controller 100a and the process is terminated.
- the controller 100a transmits the controller ID and the certificate ID of the public key certificate, the device ID of the device that has been successfully verified in S109, and the certificate ID of the public key certificate to the manufacturer server, and discloses the device ID and the device. Register the certificate ID of the key certificate in the connected device management table.
- FIG. 13 shows a sequence for updating the CRL of the manufacturer server 300a.
- the manufacturer server 300a detects an unauthorized device.
- an unauthorized device As a specific example, when it is detected that a plurality of controllers with the same certificate ID are connected to the maker server 300a, it is detected that a plurality of devices with the same certificate ID are registered in the maker server 300a. Such as the case. Even when it is detected that the private key has been leaked, the device or controller that holds the corresponding public key certificate is determined to be an unauthorized device.
- the manufacturer server 300a adds the certificate ID of the unauthorized device or unauthorized controller detected in S121 to the certificate ID described in the CRL.
- the manufacturer server 300a transmits a CRL issuance request together with all certificate IDs of unauthorized devices and unauthorized controllers to the portal server 400 which is a certificate authority.
- the portal server 400 issues a CRL from the received certificate ID.
- the portal server 400 transmits the CRL to the manufacturer server 300a.
- the manufacturer server 300a records the received CRL in the CRL holding unit and updates it to the latest CRL.
- the manufacturer server 300a updates the CRL before the next issue date without detecting an unauthorized device in S121.
- FIG. 14 to FIG. 15 show a sequence for updating the CRL of the device 200c from the controller 100b.
- the process of updating the CRL of the device 200c from the controller 100b will be described as an example, but the process of updating the CRL of the device 200c from the controller 100a is the same process.
- the service server 300b After updating the CRL, the service server 300b requests the controller 100b to perform CRL update processing together with the CRL.
- the controller 100b updates the CRL received from the service server 300b.
- the controller 100b verifies whether the connected device is described in the CRL. If it is described, the service server 300b is notified and the registration of the described device is deleted.
- the controller 100b requests CRL update processing together with the CRL to all the devices 200 to be connected.
- CRL update processing together with the CRL to all the devices 200 to be connected.
- a description will be given based on an example in which the update process is requested to the device 200c.
- the device 200c verifies whether all the controllers to be connected are described in the CRL. When at least one controller to be connected is described, the detection of the unauthorized controller is notified to other devices and controllers. Also, the registration of the unauthorized controller in the connected controller management table is deleted.
- the device 200c compares the CRL received from the controller 100b with the CRL of the authentication information holding unit, and verifies whether there is a contradiction. Specifically, when the CRL received from the controller 100a is recorded, the CRL issue date received from the controller 100b is compared with the next CRL issue date received from the controller 100a. If the next issue date of the CRL received from the controller 100a is earlier than the issue date of the CRL received from the controller 100b, the controller 100a determines that the next issue date of the CRL received from the controller 100a has passed. If the CRL is not updated, it is detected as an unauthorized controller.
- the CRL versions received from the controller 100a and the controller 100b are compared, and if the CRL versions do not match, it is detected that the controller that transmitted the CRL with the old CRL version did not update the CRL as an unauthorized controller. .
- the device 200c notifies other devices and controllers of detection of the unauthorized controller. Also, the registration of the unauthorized controller in the connected controller management table is deleted. Further, the connection with the controller 100a is cut off.
- the device 200c records the received CRL in the authentication information holding unit.
- FIG. 16 shows a sequence for updating the CRL of the device 200c from the content server 300c.
- the content server 300c After updating the CRL, the content server 300c requests the device 200a to perform CRL update processing together with the CRL.
- the device 200c verifies whether all connected controllers are described in the CRL. When at least one controller to be connected is described, the detection of an unauthorized controller is notified to other devices, controllers, and content server 300c. Also, the registration of the unauthorized controller in the connected controller management table is deleted.
- the CRL could not be updated.
- the device receives CRLs from a plurality of controllers.
- the CRL can be acquired and updated via a plurality of networks.
- the encryption key for communication is shared, and the history information of the device is transmitted to the server by encrypted communication.
- the operation of the authentication system 11 includes the following.
- FIGS. 17 to 19 show a sequence of processing in which the device 200c connects to the controller 100a and registers with the manufacturer server. The same applies to the processing in which the devices 200a and 200b are connected to the controller 100a and registered in the manufacturer server, and the processing in which the device 200c is connected to the controller 100b and registered in the service server.
- the processing from (S201) to (S203) is the same as the processing from S101 to S103 in the first embodiment, and thus description thereof is omitted here.
- the controller 100a transmits the controller ID and the public key certificate to the device 200c.
- ECDH Elliptic Curve Diffie-Hellman
- ECDH is a key exchange method of elliptic curve cryptography. Since ECDH is described in Non-Patent Document 4, it will not be described here.
- the controller 100a generates a random number and transmits it to the device 200c.
- the device 200c receives a random number from the controller 100a and encrypts it with the shared key.
- the device 200c generates a random number and transmits it to the controller 100a together with the encrypted random number generated in S210.
- the controller 100a receives the encrypted random number and the random number, decrypts the encrypted random number with the shared key, and verifies whether it matches the random number generated in S209. If the verification is not successful, an error is notified to the device 200c and the process is terminated.
- the controller 100a encrypts the random number received in S212 with the shared key, and transmits the encrypted random number to the device 200c.
- the device 200c receives the encrypted random number, decrypts the encrypted random number with the shared key, and verifies whether it matches the random number generated in S211. If the verification is not successful, an error is notified to the controller 100a and the process is terminated.
- FIG. 20 is a connection controller management table in the second embodiment. In addition to the connection controller management table of the first embodiment, it is composed of a shared key shared with the controller.
- FIG. 21 is a connected device management table in the second embodiment. In addition to the connected device management table of the first embodiment, it is composed of a shared key shared with the device.
- FIG. 22 shows a sequence for transmitting device history information from the device to manufacturer server 300a. This upload is performed regularly or irregularly.
- the device encrypts the accumulated device history information with the shared key, and transmits it to the controller together with the device ID.
- the controller receives the device ID and the encrypted device history information, searches for the shared key from the device ID, and decrypts the device history information with the shared key.
- the controller transmits the controller ID, the device ID received from the device, and the device history information to the manufacturer server 300a.
- the manufacturer server 300a registers the received controller ID, device ID, and device history information.
- Second Embodiment key exchange is performed during device authentication, and challenge-response authentication is performed using a shared key. Since the shared key can be generated only from the public key corresponding to the private key, if the private key corresponding to the public key of the public key certificate is not provided, the shared key cannot be generated and challenge response authentication is not successful. This makes it possible to reduce authentication processing compared to authentication processing that performs signature generation using a private key and signature verification using a public key. In addition, encrypted communication of device history information using a shared key is possible, and leakage of device history information can be prevented.
- FIG. 23 is a diagram illustrating an overall configuration of the authentication system 20 according to the present disclosure.
- the authentication system 20 includes a controller 100, a device 2200, a server 2300, and an operation terminal 2500. Note that components having functions similar to those of the first embodiment are denoted by the same reference numerals and description thereof is omitted.
- the devices 2200a to 2200c are home appliances and housing equipment that collect device history information, such as televisions, recorders, air conditioners, refrigerators, and storage batteries.
- the server 2300 is a manufacturer server that manufactures home appliances or a service server of a service provider that provides services.
- a command for controlling a device in the home is transmitted from the service of the manufacturer server to the controller, and the controller controls the device based on the control command.
- Specific examples of control commands include turning on / off the power of the device and setting a timer.
- the operation terminal 2500 is a device having a function of operating home electric appliances and house facilities, such as a smartphone and a mobile phone, and a communication function with a server.
- Controller 100 is the same as that according to the first embodiment, and is omitted here.
- FIG. 24 is a configuration diagram of the device 2200.
- the device 2200 includes a device management unit 201, a device information holding unit 203, an authentication processing unit 2204, an authentication information holding unit 205, a communication unit 206, and a control processing unit 2207. Note that components having functions similar to those of the first embodiment are denoted by the same reference numerals and description thereof is omitted.
- the authentication processing unit 2204 performs authentication processing with the controller 100.
- the authentication processing unit 2204 receives an authentication request together with the public key certificate from the device management unit 201
- the authentication processing unit 2204 acquires the CRL recorded in the authentication information holding unit 205 and acquires the certificate ID of the public key certificate of the controller 100. Is verified in the CRL.
- the authentication processing unit 2204 verifies the signature of the public key certificate using the public key (not shown) of the server 2300 that is the certificate authority.
- the authentication processing unit 2204 generates a random number and transmits the random number to the controller 100.
- the authentication processing unit 2204 verifies the signature of the random number received from the controller 100. If any verification fails, the authentication processing unit 2204 determines that the controller 100 is an unauthorized device.
- the control processing unit 2207 receives a control command message from the control processing unit 2207
- the authentication processing unit 2204 performs CRL signature verification after verifying the signature of the entire message to confirm that it is a legitimate CRL.
- control processing unit 2207 When receiving the control command message from the controller 100, the control processing unit 2207 requests the authentication processing unit 2204 to verify the signature of the entire received message and the signature of the CRL. When the signature verification result is received from the authentication processing unit 2204 and the verification is successful, the control contents are executed according to the contents of the control command.
- FIG. 28 shows an example of a control command message.
- the control command message includes a device ID indicating each device, a control command indicating the control content performed by the device, a CRL illustrated in FIG. 5, and a signature for the entire message using the server secret key.
- FIG. 25 is a configuration diagram of the server 2300.
- the server 2300 includes a device management unit 2301, a device information holding unit 2302, a CRL management unit 2303, a CRL holding unit 2304, an encryption processing unit 2305, an encryption key holding unit 2306, and a communication unit 2307.
- the device management unit 2301 controls the device information holding unit 2302 to manage the association between the controller and the device, the controller to be connected, the device ID and certificate ID, and the device history. In addition, when an unauthorized device or controller is detected, the CRL management unit 2303 is notified of the certificate ID of the device or controller, and a CRL update request is made.
- the device information holding unit 2302 records the controller ID, device ID, certificate ID, and device history.
- An example of the device information management table held by the device information holding unit 2302 is the same as that in the first embodiment, and a description thereof will be omitted.
- the CRL management unit 2303 controls the CRL holding unit 2304 and receives a certificate ID of an unauthorized device or an unauthorized controller from the device management unit 2301, the CRL management unit 2303 sets data other than the CRL signature, and stores the CRL in the encryption processing unit 2305. Request signature generation. The CRL management unit 2303 receives the CRL generated by the signature from the encryption processing unit 2305 and records it in the CRL holding unit 2304.
- the cryptographic processing unit 2305 When the cryptographic processing unit 2305 receives the signature generation request from the CRL management unit 2303, it generates a CRL signature using the private key held in the cryptographic key holding unit 2306. When the CRL signature is generated, it is transmitted to the CRL management unit 2303.
- the encryption key holding unit 2306 holds a secret key for CRL issuance of the server 2300 serving as a certificate authority.
- the CRL holding unit 2304 records the CRL.
- the communication unit 2307 communicates with the controller 100 and the operation terminal 2500. In communication with the controller 100 and the operation terminal 2500, SSL communication is performed. A certificate necessary for SSL communication is recorded by the communication unit 2307.
- FIG. 26 is a configuration diagram of the operation terminal 2500.
- the operation terminal 2500 includes a device management unit 2501, a device information holding unit 2502, an operation receiving unit 2503, a control issuing unit 2504, and a communication unit 2505.
- the device management unit 2501 controls the device information holding unit 2502 and manages the control command indicating the ID of the device to be controlled and the control content that can be issued for each device ID.
- the device management unit 2501 selects a device ID based on the received content notified from the operation receiving unit 2503.
- the device information holding unit 2502 records an ID of a device to be controlled and a control command.
- FIG. 27 is a diagram showing an example of a control device management table which the device information holding unit 2502 has.
- the control device management table records a device ID and a corresponding control command. Control commands that can be issued for each device ID are managed. As an example of using this device ID and a table of control commands, it is used as information constituting a GUI (Graphic User Interface) for presenting the user with possible control for each device ID.
- GUI Graphic User Interface
- the operation receiving unit 2503 receives an operation from a user who handles the operation terminal, and notifies the device management unit 2501 and the control issuing unit 2504 of the received content.
- operations from the user include gestures and automatic operations using a preset timer, as well as methods using the GUI.
- the control issuing unit 2504 reads and issues a control command from the control device management table based on the received content notified from the operation receiving unit 2503.
- the server may have a control device management table, not the operation terminal, and may issue a control command on the server side by calling an API corresponding to each control command from the operation terminal.
- the communication unit 2505 communicates with the server 2300. In communication with the server 2300, SSL communication is performed. A certificate necessary for SSL communication is recorded by the communication unit 2505.
- the operation of the authentication system 20 includes the following.
- the operation terminal 2500 transmits a device ID and a control command to the server 2300.
- the server 2300 adds the CRL to the device ID and the control command.
- the server 2300 generates a signature using a secret key and adds it to the entire message obtained by concatenating the device ID, the control command, and the CRL. This is called a control command message.
- the server 2300 transmits a control command message to the controller 100.
- the controller 100 acquires the device ID from the received control command message, compares it with the device ID described in the device information management table, and determines the destination to send the control command message.
- the controller 100 transmits a control command message to the device 2200a.
- the device 2200a verifies the signature attached to the control command message in order to verify the validity of the received control command message. If the verification is not successful, the device 2200a ends without executing the device control process and the CRL update process.
- the device 2200a compares the CRL received from the operation terminal 2500 with the CRL of the authentication information holding unit 205, and verifies whether there is a contradiction. Specifically, when the CRL is recorded in the control command message received from the operation terminal 2500, the CRL issue date received from the operation terminal 2500 is compared with the next CRL issue date received from the controller 100. . When the next CRL issue date received from the controller 100 is earlier than the CRL issue date received from the operation terminal 2500, it is determined that the next CRL issue date received from the controller 100 has passed, and the controller 100 Is detected as an unauthorized controller because CRL has not been updated.
- the controller 100 that sent the CRL with the old CRL version did not update the CRL. To detect. At this time, the device 2200a notifies other devices and controllers of detection of the unauthorized controller. Also, the registration of the unauthorized controller in the connected controller management table is deleted. Further, the connection with the controller 100 is cut off.
- the device 2200a executes control of the device according to the control command.
- a device receives a CRL together with a control command.
- the device connected to the unauthorized controller has not been able to update the CRL so far, but the latest CRL can be acquired and updated together with the control command.
- connection with an unauthorized controller can be prevented, and a safe connection can be established between a legitimate controller and a device.
- FIG. 31 is a diagram illustrating an overall configuration of the authentication system 30 according to the present disclosure.
- the authentication system 30 includes a controller 100, a device 2200, a server 3300, and an operation terminal 3500. Note that components having the same functions as those in the first and third embodiments are denoted by the same reference numerals and description thereof is omitted.
- the operation terminal 3500 is a device having a function of operating home electric appliances and housing facilities such as a smartphone and a mobile phone, and a communication function with the server 3300.
- controller 100 of the fourth embodiment is the same as that of the first embodiment, and is omitted here.
- the device 2200 of the fourth embodiment is the same as that of the third embodiment, and is omitted here.
- the server 3300 of the fourth embodiment is the same as that of the third embodiment, and is omitted here.
- FIG. 32 is a configuration diagram of the operation terminal 3500.
- the operation terminal 3500 includes a device management unit 2501, a device information holding unit 2502, an operation receiving unit 2503, a control issuing unit 2504, a communication unit 2505, a CRL management unit 3506, and a CRL holding unit 3507. Note that components having the same functions as those in the first and third embodiments are denoted by the same reference numerals and description thereof is omitted.
- the CRL management unit 3506 controls the CRL holding unit 3507 and updates the CRL in the CRL holding unit 3507 when receiving the CRL from the device information management unit.
- the CRL holding unit 3507 records the issued CRL.
- the operation of the authentication system 30 includes the following.
- the operation sequence at the device registration processing in the fourth embodiment is the same as that in the first embodiment, and is therefore omitted here.
- the manufacturer server 300a appearing in FIGS. 11 and 12 corresponds to the server 3300 in the present embodiment.
- FIG. 33 shows a sequence for updating the CRL of the operation terminal.
- the operation terminal transmits a CRL transmission request to a server which is a certificate authority.
- the server transmits the CRL to be managed to the operation terminal.
- the operating terminal records the received CRL in the CRL holding unit and updates it to the latest CRL.
- the timing at which the operation terminal transmits the CRL transmission request may be periodically performed according to a predetermined timing. Further, it may be performed simultaneously with a specific event in which communication with a predetermined server occurs, or in advance or after the event. As an example of the specific event determined in advance, it may be performed in advance of the timing of executing the device control.
- the device terminal 2002 performs device control from the operation terminal to the device 2200a, and at the same time, the CRL of the device 2200a. Shows a sequence for updating. The same applies to the processing for the devices 2200b and 2200c from the operation terminal.
- the sequence which performs the process similar to Embodiment 1 and Embodiment 3 attaches
- the operation terminal transmits the device ID, control command, and CRL to the server.
- the server generates a signature using the secret key and adds it to the entire message obtained by concatenating the device ID, the control command, and the CRL. This is called a control command message.
- a device receives a CRL together with a control command.
- the device connected to the unauthorized controller has not been able to update the CRL so far, but the latest CRL can be acquired and updated together with the control command.
- connection with an unauthorized controller can be prevented, and a safe connection can be established between a legitimate controller and a device.
- FIG. 36 is a diagram illustrating an overall configuration of the authentication system 40 according to the present disclosure.
- the authentication system 40 includes a controller 100, a device 4200, a server 2300, and an operation terminal 2500. Note that components having the same functions as those in the first and third embodiments are denoted by the same reference numerals and description thereof is omitted.
- the devices 4200a to 4200c are home appliances and housing equipment that collect device history information such as televisions, recorders, air conditioners, refrigerators, and storage batteries.
- Controller 100 is the same as that according to the first embodiment, and is omitted here.
- FIG. 37 is a configuration diagram of the device 4200.
- the device 4200 includes a device management unit 201, a device information holding unit 203, an authentication processing unit 4204, an authentication information holding unit 205, a communication unit 206, a control processing unit 4207, and a control content determination unit 4208. Note that components having functions similar to those of the first embodiment are denoted by the same reference numerals and description thereof is omitted.
- Authentication processing unit 4204 performs authentication processing with controller 100.
- the authentication processing unit 4204 receives an authentication request from the device management unit 201 together with the public key certificate, the authentication processing unit 4204 acquires the CRL recorded in the authentication information holding unit 204 and obtains the certificate of the public key certificate of the controller 100. It is verified whether the ID is described in the CRL. Also, the authentication processing unit 4204 verifies the signature of the public key certificate using the public key (not shown) of the server that is the certificate authority. Further, the authentication processing unit 4204 generates a random number and transmits the random number to the controller 100. The authentication processing unit 4204 verifies the signature of the random number received from the controller 100. If any verification fails, the authentication processing unit 4204 determines that the controller 100 is an unauthorized device. In addition, when the control content determination unit 4208 is notified of the control command message, the authentication processing unit 4204 performs CRL signature verification after verifying the signature of the entire message and confirms that it is a legitimate CRL.
- the control processing unit 4207 Upon receiving the control command message from the control content determination unit 4208, the control processing unit 4207 requests the authentication processing unit 4204 to verify the signature included in the received message.
- the control processing unit 4207 receives the signature verification result from the authentication processing unit 4204, and when the verification is successful, executes the control content according to the content of the control command.
- FIG. 28 shows an example of the control command message.
- the control command message includes a device ID indicating each device, a control command indicating the control content performed by the device, a CRL illustrated in FIG. 5, and a signature for the entire message using the server secret key.
- the control content determination unit 4208 determines the order of whether to execute the control command first, or to perform processing related to CRL verification and comparison first, according to the content of the control command.
- the control content determination unit 4208 notifies the control processing unit 4207 of the control command message.
- the control content determination unit 4208 notifies the authentication processing unit 4204 of a control command message. For example, in the case of a control command for changing the wind direction with respect to an air conditioner as a device, the control processing unit 4207 first executes the contents of the control command before the CRL verification process. If it is determined that the CRL is invalid as a result of the CRL verification process executed later, the control processing unit 4207 performs a response such as canceling the contents of the previously executed control command.
- the CRL verification process is performed when the power is turned on next time and may be skipped.
- the server 2300 according to the fifth embodiment is the same as that according to the third embodiment, and is omitted here.
- the operation of the authentication system 40 includes the following.
- the device 4200a determines whether to execute the control command first according to the content of the control command included in the control command message.
- the device 4200a executes S2130, S4122 to S4124, and S138.
- the device 4200a verifies the received CRL signature. If the verification is not successful, the CRL update process is terminated after canceling the control execution contents.
- the device 4200a verifies whether the controller to be connected is described in the CRL. When the controller to be connected is described, the control execution content is canceled, and the detection of the unauthorized controller is notified to other devices and controllers. Also, the registration of the unauthorized controller in the connected controller management table is deleted.
- the device 4200a compares the CRL received from the operation terminal with the CRL of the authentication information holding unit, and verifies whether there is a contradiction. Specifically, when the CRL is recorded in the control command message received from the operation terminal, the CRL issue date received from the operation terminal is compared with the next CRL issue date received from the controller. If the next issue date of the CRL received from the controller is earlier than the issue date of the CRL received from the operation terminal, it is determined that the next issue date of the CRL received from the controller has passed, and the controller updates the CRL. If not, it is detected as an unauthorized controller.
- the CRL versions received from the controller and the operation terminal are compared, and if the CRL versions do not match, it is detected that the controller that transmitted the CRL with the old CRL version did not update the CRL as an unauthorized controller.
- the device after canceling the control execution contents, the device notifies other devices and controllers of detection of the unauthorized controller. Also, the registration of the unauthorized controller in the connected controller management table is deleted. Also, the connection with the controller is cut off.
- control execution is not performed first, that is, processing related to CRL verification and comparison is performed first, the device 4200a executes S135 to S138 and S2130. Since these processes are the same as those in the first and third embodiments, description thereof will be omitted.
- a device receives a CRL together with a control command. Also, the order of implementation from CRL authentication and the presence / absence of implementation are switched according to the contents of the justice fish command. As a result, the device connected to the unauthorized controller has not been able to update the CRL so far, but the latest CRL can be acquired and updated together with the control command. Furthermore, by speeding up the processing according to the contents of the control command and making the CRL updateable, connection with an unauthorized controller can be prevented, and a safe connection between a legitimate controller and a device can be achieved.
- the controller may acquire the CRL from the server during the device registration process. Further, it may be periodically acquired even during the device registration process. Further, it may be acquired in the server before the next CRL issuance date.
- the device communicates with the server via the controller and acquires the CRL.
- the CRL may be acquired via an operation terminal connected to the server. Communication between the operation terminal and the device may be NFC (Near Field Communication) communication or Bluetooth (registered trademark) communication.
- the device when the device determines that the controller is unauthorized, the device notifies the other device or controller. However, if the device or controller that received the notification has a display function, the device is unauthorized. A display screen indicating that a correct controller has been detected may be output. If there is no display screen, an error code may be displayed or a lamp may be blinked. Further, the contents of the control command may be ignored without being executed.
- the key for encryption communication may be exchanged during the device registration process.
- DH Denssion-Hellman
- ECDH ECDH
- the controller may display the power consumption of the connected device, the power of the storage battery, and the amount of power generated by photovoltaic power generation.
- the controller may be a distribution board installed at home.
- the communication between the controller and the device may be Wi-Fi, specific low-power radio, power line communication, or Bluetooth (registered trademark).
- the server serves both as a function as a certificate authority that issues a CRL and a function as a service server that provides a control command.
- the present invention is not limited to this. You may divide into.
- the CRL including all certificate IDs of the unauthorized controller public key certificate is issued.
- the present invention is not limited to this, and a connection is made to a server that issues a control command.
- a CRL for only the device may be issued. Further, a CRL may be issued for each type of device or manufacturing year.
- the device ID and control command included in the control command message may be in a format compliant with a communication protocol such as ECHONET (registered trademark) Lite.
- the CRL included in the control command message may be included in a control command issued in a format compliant with a communication protocol such as ECHONET (registered trademark) Lite.
- ECHONET registered trademark
- Lite protocol a new property may be defined in the EPC area, and actual CRL data may be arranged in the EDT area.
- Each of the above devices is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is recorded in the RAM or hard disk unit.
- Each device achieves its functions by the microprocessor operating according to the computer program.
- the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.
- a part or all of the constituent elements constituting each of the above devices may be constituted by one system LSI (Large Scale Integration).
- the system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, a computer system including a microprocessor, ROM, RAM, and the like. .
- a computer program is recorded in the RAM.
- the system LSI achieves its functions by the microprocessor operating according to the computer program.
- each part of the constituent elements constituting each of the above devices may be individually made into one chip, or may be made into one chip so as to include a part or all of them.
- the system LSI is used here, it may be called IC, LSI, super LSI, or ultra LSI depending on the degree of integration. Further, the method of circuit integration is not limited to LSI's, and implementation using dedicated circuitry or general purpose processors is also possible.
- An FPGA Field Programmable Gate Array
- a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.
- a part or all of the constituent elements constituting each of the above devices may be constituted by an IC card or a single module that can be attached to and detached from each device.
- the IC card or module is a computer system that includes a microprocessor, ROM, RAM, and the like.
- the IC card or the module may include the super multifunctional LSI described above.
- the IC card or the module achieves its functions by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.
- the present disclosure may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of a computer program.
- the present disclosure also relates to a computer program or a recording medium that can read a digital signal, such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray (registered trademark)). ) Disc), or recorded in a semiconductor memory or the like. Further, it may be a digital signal recorded on these recording media.
- a digital signal such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray (registered trademark)).
- the present disclosure may transmit a computer program or a digital signal via an electric communication line, a wireless or wired communication line, a network represented by the Internet, data broadcasting, or the like.
- the present disclosure may be a computer system including a microprocessor and a memory.
- the memory may record the computer program, and the microprocessor may operate according to the computer program.
- program or digital signal may be recorded on a recording medium and transferred, or the program or digital signal may be transferred via a network or the like, and may be implemented by another independent computer system.
- This disclosure can detect an unauthorized controller by acquiring a CRL added to a message for controlling the device even if the device is connected to an unauthorized controller in a system in which the device and the controller are connected.
- Authentication system 100a 100b Controller 101 Device management unit 102 Device information holding unit 103 Authentication processing unit 104 Authentication information holding unit 105 Communication unit 200a, 200b, 200c Device 201 Device management unit 202 Device history holding unit 203 Device information holding unit 203 204 Authentication processing unit 205 Authentication information holding unit 206 Communication unit 300a Manufacturer server 300b Service server 300c Content server 301 Device management unit 302 Device information holding unit 303 CRL management unit 304 CRL holding unit 305 Communication unit 400 Portal server 401 CRL management unit 402 CRL Holding unit 403 Cryptographic processing unit 404 Encryption key holding unit 20, 30, 40 Authentication system 100 Controller 2200a, 2200b, 2200c, 4200a, 4200b, 4200c 2204, 4204 Authentication processing unit 2207, 4207 Control processing unit 4208 Control content determination unit 2300 Server 2301, 3301 Device management unit 2302, 3302 Device information storage unit 2303 CRL management unit 2304 CRL storage unit 2305 Cryptographic processing unit 2306 En
Abstract
Description
しかしながら、家電機器が一つのコントローラとのみ接続する場合、家電機器はCRLをコントローラ経由で取得する。このとき、コントローラが不正機器であった場合、公開鍵証明書がCRLに記載されていても、コントローラがコントローラの公開鍵証明書が記載されているCRLを家電機器に配布しない限り、家電機器はコントローラを正当な機器として認証してしまう。
1.システムの構成
ここでは、本開示の実施の形態として、本開示に関わる認証システム10について図面を参照しながら説明する。
図1は、本開示に係る認証システム10の全体構成を示す図である。認証システム10は、コントローラ100、機器200、サーバ300、ポータルサーバ400から構成される。コントローラ100a~bは、機器を制御する機能を持った機器である。また、コントローラ100a~bは、サーバと接続し、サーバへ家電履歴の情報の送信や、サーバから制御依頼を受信し、家電機器を制御するなどの機能を持つ。機器200a~cは、テレビやレコーダー、エアコン、冷蔵庫、蓄電池など、機器履歴情報を収集する家電機器や住宅設備機器である。サーバ300a~cはコンテンツを配信するコンテンツサーバや家電機器を製造するメーカサーバ、サービスを提供するサービスプロバイダのサービスサーバである。具体的な一例として、家庭内の機器の履歴情報がコントローラに送信され、コントローラは機器の履歴情報をメーカサーバに送信する。また、サービスサーバが電力会社としたとき、電力会社から家庭のスマートメータ(図示しない)を経由してコントローラに接続する。コントローラは電力会社からの電力情報を基に、家庭内の機器を制御し、家庭内の電力消費を抑える。
図2は、コントローラ100aの構成図である。コントローラ100aは、機器管理部101、機器情報保持部102、認証処理部103、認証情報保持部104、通信部105から構成される。コントローラ100bも同様の構成である。
図6は、機器200の構成図である。機器200は、機器管理部201、機器履歴保持部202、機器情報保持部203、認証処理部204、認証情報保持部205、通信部206から構成される。
図8は、メーカサーバ300aの構成図である。メーカサーバ300aは、機器情報管理部301、機器情報保持部302、CRL管理部303、CRL保持部304、通信部305から構成される。サービスサーバ300bも同様の構成である。
図10は、ポータルサーバ400の構成図である。ポータルサーバ400は、CRL管理部401、CRL保持部402、暗号処理部403、暗号鍵保持部404、通信部405から構成される。
認証システム10の動作には、以下のものがある。
(2)メーカサーバ300aのCRLを更新する処理
(3)機器のCRLを更新する処理
以下、それぞれについて図を用いて説明する。
図11から図12は機器200cがコントローラ100aに接続し、メーカサーバ300aへ登録する処理のシーケンスを示す。機器200aや機器200bがコントローラ100aに接続し、メーカサーバ300aへ登録する処理や、機器200cがコントローラ100bに接続し、サービスサーバ300aに登録する処理も同様である。
図13に、メーカサーバ300aのCRLを更新するシーケンスを示す。
図14から図15に、機器200cのCRLをコントローラ100bから更新するシーケンスを示す。コントローラ100bから機器200cのCRLを更新する処理を一例として説明するが、コントローラ100aから機器200cのCRLを更新する処理も同様の処理である。
1つのコントローラと接続する機器は、当該コントローラが不正コントローラの場合、CRLが更新できなかった。実施の形態1では、機器が複数のコントローラからCRLを受信している。これにより、複数のネットワークを経由してCRLを取得し、更新ができる。CRLを更新可能とすることで、不正なコントローラとの接続を防止でき、正規のコントローラと機器間で安全に接続することができる。
2.システムの構成
ここでは、本開示の実施の形態として、本開示に関わる認証システム11について図面を参照しながら説明する。
実施の形態2の認証システム11の全体構成は実施の形態1と同様であるため、ここでは省略する。実施の形態1と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
認証システム11の動作には、以下のものがある。
(2)メーカサーバ300aのCRLを更新する処理
(3)機器のCRLを更新する処理
(4)機器からサーバへ機器履歴情報を送信する処理
(2)、(3)の処理は実施の形態1と同様のため、ここでの説明を省略する。
図17から図19は機器200cがコントローラ100aに接続し、メーカサーバへ登録する処理のシーケンスを示す。機器200aや機器200bがコントローラ100aに接続し、メーカサーバへ登録する処理や、機器200cがコントローラ100bに接続し、サービスサーバに登録する処理も同様である。
図22に、機器からのメーカサーバ300aへ機器履歴情報を送信するシーケンスを示す。なお、このアップロードは、定期的、あるいは不定期に行われる。
実施の形態1では、機器の認証時に鍵交換を行い、共有した鍵を用いてチャレンジレスポンス認証を行っている。共有した鍵は秘密鍵と対応する公開鍵のみから生成できるため、公開鍵証明書の公開鍵に対応する秘密鍵を持っていない場合、共有鍵が生成できず、チャレンジレスポンス認証が成功しない。これにより、秘密鍵を用いた署名生成および公開鍵を用いた署名検証を行う認証処理に比べ、認証処理を軽減することが可能となる。また機器の履歴情報を共有鍵によって暗号通信が可能になり、機器の履歴情報の漏洩を防止することができる。
3.システムの構成
ここでは、本開示の実施の形態として、本開示に係る認証システム20について図面を参照しながら説明する。
図23は、本開示に係る認証システム20の全体構成を示す図である。認証システム20は、コントローラ100、機器2200、サーバ2300、操作端末2500から構成される。なお、実施の形態1と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
実施の形態3のコントローラ100は実施の形態1と同様であるため、ここでは省略する。
図24は、機器2200の構成図である。機器2200は、機器管理部201、機器情報保持部203、認証処理部2204、認証情報保持部205、通信部206、制御処理部2207から構成される。なお、実施の形態1と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
図25は、サーバ2300の構成図である。サーバ2300は、機器管理部2301、機器情報保持部2302、CRL管理部2303、CRL保持部2304、暗号処理部2305、暗号鍵保持部2306、通信部2307から構成される。
図26は、操作端末2500の構成図である。操作端末2500は、機器管理部2501、機器情報保持部2502、操作受信部2503、制御発行部2504、通信部2505から構成される。
認証システム20の動作には、以下のものがある。
(2)機器制御を実行する処理(機器のCRLを更新する処理)
以下、それぞれについて図を用いて説明する。
実施の形態3の機器登録処理時の動作シーケンスは実施の形態1と同様であるため、ここでは省略する。なお、図11、図12に登場するメーカサーバが、本実施の形態ではサーバ2300に該当する。
図29から図30に、操作端末2500から機器2200aに対して機器制御を実行し、同時に、機器2200aのCRLを更新するシーケンスを示す。操作端末2500から、機器2200bや機器2200cに対する処理も同様である。なお、実施の形態1と同様の処理を行うシーケンスは、同じ符号を付して説明を省略する。
実施の形態3では、機器が制御コマンドとともにCRLを受信している。これにより、これまで不正なコントローラと接続する機器はCRLが更新できなかったが、制御コマンドとともに最新のCRLを取得し、更新することができる。CRLを更新可能とすることで、不正なコントローラとの接続を防止でき、正規のコントローラと機器間で安全に接続することができる。
4.システムの構成
ここでは、本開示の実施の形態として、本開示に係る認証システム30について図面を参照しながら説明する。
図31は、本開示に係る認証システム30の全体構成を示す図である。認証システム30は、コントローラ100、機器2200、サーバ3300、操作端末3500から構成される。なお、実施の形態1、実施の形態3と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
実施の形態4のコントローラ100は実施の形態1と同様であるため、ここでは省略する。
実施の形態4の機器2200は実施の形態3と同様であるため、ここでは省略する。
実施の形態4のサーバ3300は実施の形態3と同様であるため、ここでは省略する。
図32は、操作端末3500の構成図である。操作端末3500は、機器管理部2501、機器情報保持部2502、操作受信部2503、制御発行部2504、通信部2505、CRL管理部3506、CRL保持部3507から構成される。なお、実施の形態1、実施の形態3と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
認証システム30の動作には、以下のものがある。
(2)操作端末のCRLを更新する処理
(3)機器制御を実行する処理(機器のCRLを更新する処理)
以下、それぞれについて図を用いて説明する。
実施の形態4の機器登録処理時の動作シーケンスは実施の形態1と同様であるため、ここでは省略する。なお、図11、図12に登場するメーカサーバ300aが、本実施の形態ではサーバ3300に該当する。
図33に、操作端末のCRLを更新するシーケンスを示す。
図34から図35に、操作端末から機器2200aに対して機器制御を実行し、同時に、機器2200aのCRLを更新するシーケンスを示す。操作端末から、機器2200bや機器2200cに対する処理も同様である。なお、実施の形態1、実施の形態3と同様の処理を行うシーケンスは、同じ符号を付して説明を省略する。
実施の形態4では、機器が制御コマンドとともにCRLを受信している。これにより、これまで不正なコントローラと接続する機器はCRLが更新できなかったが、制御コマンドとともに最新のCRLを取得し、更新することができる。CRLを更新可能とすることで、不正なコントローラとの接続を防止でき、正規のコントローラと機器間で安全に接続することができる。
5.システムの構成
ここでは、本開示の実施の形態として、本開示に係る認証システム40について図面を参照しながら説明する。
図36は、本開示に係る認証システム40の全体構成を示す図である。認証システム40は、コントローラ100、機器4200、サーバ2300、操作端末2500から構成される。なお、実施の形態1、実施の形態3と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
実施の形態5のコントローラ100は実施の形態1と同様であるため、ここでは省略する。
図37は、機器4200の構成図である。機器4200は、機器管理部201、機器情報保持部203、認証処理部4204、認証情報保持部205、通信部206、制御処理部4207、制御内容判断部4208から構成される。なお、実施の形態1と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
実施の形態5のサーバ2300は実施の形態3と同様であるため、ここでは省略する。
実施の形態5の操作端末2500は実施の形態3と同様であるため、ここでは省略する。
認証システム40の動作には、以下のものがある。
(2)機器制御を実行する処理(機器のCRLを更新する処理)
以下、それぞれについて図を用いて説明する。
実施の形態5の機器登録処理時の動作シーケンスは実施の形態1と同様であるため、ここでは省略する。なお、図11、図12に登場するメーカサーバ300aが、本実施の形態ではサーバ2300に該当する。
図38から図39に、操作端末から機器4200aに対して機器制御を実行し、同時に、機器4200aのCRLを更新するシーケンスを示す。操作端末から、機器4200bや機器4200cに対する処理も同様である。なお、実施の形態1、実施の形態3と同様の処理を行うシーケンスは、同じ符号を付して説明を省略する。
実施の形態5は、機器が制御コマンドとともにCRLを受信している。また、正義魚コマンドの内容に応じてCRLの認証よりの実施の順番、及び、実施の有無を切り替えている。これにより、これまで不正なコントローラと接続する機器はCRLが更新できなかったが、制御コマンドとともに最新のCRLを取得し、更新することができる。さらに、制御コマンド内容に応じて、処理を高速化し、CRLを更新可能とすることで、不正なコントローラとの接続を防止でき、正規のコントローラと機器間で安全に接続することができる。
なお、本開示を上記各実施の形態に基づいて説明してきたが、本開示は、上記各実施の形態に限定されないのはもちろんである。以下のような場合も本開示に含まれる。
100a,100b コントローラ
101 機器管理部
102 機器情報保持部
103 認証処理部
104 認証情報保持部
105 通信部
200a,200b,200c 機器
201 機器管理部
202 機器履歴保持部
203 機器情報保持部
204 認証処理部
205 認証情報保持部
206 通信部
300a メーカサーバ
300b サービスサーバ
300c コンテンツサーバ
301 機器管理部
302 機器情報保持部
303 CRL管理部
304 CRL保持部
305 通信部
400 ポータルサーバ
401 CRL管理部
402 CRL保持部
403 暗号処理部
404 暗号鍵保持部
20,30,40 認証システム
100 コントローラ
2200a,2200b,2200c,4200a,4200b,4200c 機器
2204,4204 認証処理部
2207,4207 制御処理部
4208 制御内容判断部
2300 サーバ
2301,3301 機器管理部
2302,3302 機器情報保持部
2303 CRL管理部
2304 CRL保持部
2305 暗号処理部
2306 暗号鍵保持部
2307 通信部
2500,3500 操作端末
2501 機器管理部
2502 機器情報保持部
2503 操作受信部
2504 制御発行部
2505 通信部
3506 CRL管理部
3507 CRL保持部
Claims (7)
- 機器と、前記機器を操作する操作端末と、コントローラとを含み、前記コントローラと前記機器との間の認証を行う認証システムにおける認証方法であって、
前記機器は、
前記コントローラから第1の証明書失効リストを取得し、
前記操作端末からの前記機器に対する制御指示とともに、第2の証明書失効リストを取得し、
前記第1の証明書失効リストと前記第2の証明書失効リストは、前記コントローラおよび前記機器の証明書に関する失効リストであり、
前記第1の証明書失効リスト、または、前記第2の証明書失効リストに基づいて前記コントローラの正当性を判断する、
ことを特徴とする認証方法。 - 前記機器が、
前記コントローラが不正であると判断した場合、
前記コントローラとの接続を停止する
ことを特徴とする請求項1に記載の認証方法。 - 前記第1の証明書失効リストの次回発行日と、前記第2の証明書失効リストの発行日と、を比較することで、前記コントローラの正当性を判断する
ことを特徴とする請求項1または2に記載の認証方法。 - 前記認証システムは、さらにサーバを備えており、
前記サーバが、前記制御指示に前記第2の証明書失効リストを付与する
ことを特徴とする請求項1、2または3に記載の認証方法。 - 前記機器は、
前記制御指示の内容に応じて、
前記コントローラの正当性を認証する処理と、
前記制御指示の内容に基づいた制御処理の実行順番および/または実行有無を判断する
ことを特徴とする請求項1~4の何れかに記載の認証方法。 - 機器と、前記機器を操作する操作端末と、コントローラとを含み、前記コントローラと前記機器との間の認証を行う認証システムであって、
前記機器は、
前記コントローラから第1の証明書失効リストを取得し、
前記操作端末からの前記機器に対する制御指示とともに、第2の証明書失効リストを取得し、
前記第1の証明書失効リストと前記第2の証明書失効リストは、前記コントローラおよび前記機器の証明書に関する失効リストであり、
前記第1の証明書失効リスト、または、前記第2の証明書失効リストに基づいて前記コントローラの正当性を判断する判断部
を備えることを特徴とする認証システム。 - 請求項6記載の認証システムに接続される機器。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015553342A JP6268616B2 (ja) | 2013-12-16 | 2014-10-01 | 認証システムおよび認証方法 |
EP14871374.6A EP3086253B1 (en) | 2013-12-16 | 2014-10-01 | Authentication system, and authentication method |
US14/930,086 US10615986B2 (en) | 2013-12-16 | 2015-11-02 | Authentication system and authentication method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361916582P | 2013-12-16 | 2013-12-16 | |
US61/916,582 | 2013-12-16 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/930,086 Continuation US10615986B2 (en) | 2013-12-16 | 2015-11-02 | Authentication system and authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015092953A1 true WO2015092953A1 (ja) | 2015-06-25 |
Family
ID=53402343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/005014 WO2015092953A1 (ja) | 2013-12-16 | 2014-10-01 | 認証システムおよび認証方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10615986B2 (ja) |
EP (1) | EP3086253B1 (ja) |
JP (1) | JP6268616B2 (ja) |
WO (1) | WO2015092953A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018501742A (ja) * | 2015-09-29 | 2018-01-18 | 小米科技有限責任公司Xiaomi Inc. | 機器制御方法、装置、プログラム及び記録媒体 |
JP2022528359A (ja) * | 2019-03-25 | 2022-06-10 | マイクロン テクノロジー,インク. | ブロックチェーン及びDICE-RIoTを使用したデバイスのリモート管理 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6241764B2 (ja) * | 2013-12-09 | 2017-12-06 | パナソニックIpマネジメント株式会社 | 認証方法および認証システム |
EP3086505B1 (en) * | 2013-12-16 | 2020-12-30 | Panasonic Intellectual Property Corporation of America | Authentication system, authentication method and authentication device |
CN111147239B (zh) * | 2019-12-27 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | 一种离线远程授权认证方法和系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004046430A (ja) * | 2002-07-10 | 2004-02-12 | Sony Corp | リモートアクセスシステム、リモートアクセス方法、リモートアクセスプログラム及びリモートアクセスプログラムが記録された記録媒体 |
JP2004096637A (ja) * | 2002-09-03 | 2004-03-25 | Sony Corp | 情報更新方法およびインターフェイス装置 |
JP2013514587A (ja) * | 2009-12-17 | 2013-04-25 | サンディスク テクノロジーズ インコーポレイテッド | 証明書失効リストを用いたコンテンツ管理方法 |
WO2013179534A1 (ja) * | 2012-05-29 | 2013-12-05 | パナソニック株式会社 | 不正接続検知装置、不正接続検知システム及び不正接続検知方法 |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6351812B1 (en) * | 1998-09-04 | 2002-02-26 | At&T Corp | Method and apparatus for authenticating participants in electronic commerce |
HUP0401720A2 (hu) * | 2001-09-27 | 2005-07-28 | Matsushita Electric Industrial Co., Ltd. | Kódoló, dekódoló, és titkos kulcsot képző eszközé és eljárás, valamint eszközkészlet szerzői jog védelmére és távközlési eszköz titkosított összeköttetés létesítésére |
US8132024B2 (en) * | 2003-03-11 | 2012-03-06 | Panasonic Corporation | Digital work protection system, recording apparatus, reproduction apparatus, and recording medium |
US7590840B2 (en) * | 2003-09-26 | 2009-09-15 | Randy Langer | Method and system for authorizing client devices to receive secured data streams |
US7430606B1 (en) * | 2003-10-17 | 2008-09-30 | Arraycomm, Llc | Reducing certificate revocation lists at access points in a wireless access network |
AU2005255327B2 (en) * | 2004-03-22 | 2008-05-01 | Samsung Electronics Co., Ltd. | Method and apparatus for digital rights management using certificate revocation list |
US9054879B2 (en) * | 2005-10-04 | 2015-06-09 | Google Technology Holdings LLC | Method and apparatus for delivering certificate revocation lists |
KR100703811B1 (ko) * | 2006-02-28 | 2007-04-09 | 삼성전자주식회사 | 휴대용 저장장치 및 휴대용 저장장치의 데이터 관리 방법 |
KR101346734B1 (ko) * | 2006-05-12 | 2014-01-03 | 삼성전자주식회사 | 디지털 저작권 관리를 위한 다중 인증서 철회 목록 지원방법 및 장치 |
US8245031B2 (en) * | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
US8392702B2 (en) * | 2007-07-27 | 2013-03-05 | General Instrument Corporation | Token-based management system for PKI personalization process |
US8307414B2 (en) * | 2007-09-07 | 2012-11-06 | Deutsche Telekom Ag | Method and system for distributed, localized authentication in the framework of 802.11 |
EP2053531B1 (en) * | 2007-10-25 | 2014-07-30 | BlackBerry Limited | Authentication certificate management for access to a wireless communication device |
US8438388B2 (en) * | 2008-03-31 | 2013-05-07 | Motorola Solutions, Inc. | Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network |
GB2469287B (en) * | 2009-04-07 | 2013-08-21 | F Secure Oyj | Authenticating a node in a communication network |
US8635442B2 (en) * | 2009-04-28 | 2014-01-21 | Adobe Systems Incorporated | System and method for long-term digital signature verification utilizing light weight digital signatures |
US8452958B2 (en) * | 2010-08-31 | 2013-05-28 | Cisco Technology, Inc. | Determining certificate revocation status |
WO2014001890A1 (en) * | 2012-06-28 | 2014-01-03 | Ologn Technologies Ag | Secure key storage systems, methods and apparatuses |
EP3017580B1 (en) * | 2013-07-01 | 2020-06-24 | Assa Abloy AB | Signatures for near field communications |
-
2014
- 2014-10-01 JP JP2015553342A patent/JP6268616B2/ja active Active
- 2014-10-01 EP EP14871374.6A patent/EP3086253B1/en active Active
- 2014-10-01 WO PCT/JP2014/005014 patent/WO2015092953A1/ja active Application Filing
-
2015
- 2015-11-02 US US14/930,086 patent/US10615986B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004046430A (ja) * | 2002-07-10 | 2004-02-12 | Sony Corp | リモートアクセスシステム、リモートアクセス方法、リモートアクセスプログラム及びリモートアクセスプログラムが記録された記録媒体 |
JP2004096637A (ja) * | 2002-09-03 | 2004-03-25 | Sony Corp | 情報更新方法およびインターフェイス装置 |
JP2013514587A (ja) * | 2009-12-17 | 2013-04-25 | サンディスク テクノロジーズ インコーポレイテッド | 証明書失効リストを用いたコンテンツ管理方法 |
WO2013179534A1 (ja) * | 2012-05-29 | 2013-12-05 | パナソニック株式会社 | 不正接続検知装置、不正接続検知システム及び不正接続検知方法 |
Non-Patent Citations (5)
Title |
---|
ATSUKO MIYAJI; HIROAKI KIKUCHI: "IT Text Information Security", October 2003, OHMSHA |
D. FORSBERG: "RFC5191", May 2008, INTERNET ENGINEERING TASK FORCE, article "Protocol for Carrying Authentication for Network Access (PANA" |
ELAINE BARKER: "NIST Special Publication 800-56A Revision 2", 13 May 2013, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY, article "Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography" |
SUITE B IMPLEMENTER'S GUIDE TO FIPS 186-3 (ECDSA, 3 February 2010 (2010-02-03), Retrieved from the Internet <URL:http://www.nsa.govfia/-files/ecdsa.pdf> |
WI-FI CERTIFIED WI-FI PROTECTED SETUP: EASING THE USER EXPERIENCE FOR HOME AND SMALL OFFICE WI-FIR NETWORKS (2010, December 2010 (2010-12-01), Retrieved from the Internet <URL:http://www.wi-fi.org/ja/file/wi-fi-certified-wi-fi-protected-setup%E2%84%A2-easing-the-user-experience-fo r -home-and-small-office-wi> |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018501742A (ja) * | 2015-09-29 | 2018-01-18 | 小米科技有限責任公司Xiaomi Inc. | 機器制御方法、装置、プログラム及び記録媒体 |
JP2022528359A (ja) * | 2019-03-25 | 2022-06-10 | マイクロン テクノロジー,インク. | ブロックチェーン及びDICE-RIoTを使用したデバイスのリモート管理 |
Also Published As
Publication number | Publication date |
---|---|
US10615986B2 (en) | 2020-04-07 |
JP6268616B2 (ja) | 2018-01-31 |
US20160072630A1 (en) | 2016-03-10 |
JPWO2015092953A1 (ja) | 2017-03-16 |
EP3086253A1 (en) | 2016-10-26 |
EP3086253A4 (en) | 2016-12-14 |
EP3086253B1 (en) | 2017-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6372809B2 (ja) | 認証システム、認証方法および認証装置 | |
US9973487B2 (en) | Authentication method | |
JP6410189B2 (ja) | 認証システムおよび認証方法 | |
JP6146725B2 (ja) | 暗号通信装置、暗号通信方法およびそのコンピュータプログラム | |
JP6464511B2 (ja) | 認証システムおよび認証方法 | |
KR102520088B1 (ko) | 사물 인터넷 플랫폼, 장치, 및 방법 | |
JP6268616B2 (ja) | 認証システムおよび認証方法 | |
CN110688648B (zh) | 安全芯片固件更新方法及装置 | |
JPWO2014108993A1 (ja) | 認証処理装置、認証処理システム、認証処理方法および認証処理プログラム | |
JP6241764B2 (ja) | 認証方法および認証システム | |
JP2014042095A (ja) | 認証システム及び方法 | |
CN113711566A (zh) | 在设备上提供数据 | |
JP2005130444A (ja) | 通信装置、通信システム、証明書送信方法及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14871374 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015553342 Country of ref document: JP Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2014871374 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014871374 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |