JP2005301577A - Authentication system, authentication program for server, and authentication program for client - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system where a client and an authentication server which authenticates a user who uses the client are connected through a network for automating authentication, and for preventing the theft of information for automating authentication. <P>SOLUTION: When any secret information for specifying a user is not stored in a client 20, an authentication server part 14 acquires the principal authentication information of the user from the client 20, and transfers the secret information to an authentication module part 23 when user authentication based on the principal authentication information is successful. An authentication module part 23 stores the secret information. When the secret information is stored in the client 20, the authentication server part 14 transmits challenge to the authentication module part 23. The authentication module part 23 combines the challenge with the secret information to generate a response, and returns it to the authentication server part 14. The authentication server part 14 authenticates the user by verifying the response. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an authentication system in which a client and an authentication server that authenticates a user who uses the client are connected via a network, a server authentication program executed by the authentication server in the authentication system, and a client. Related to the client authentication program.

  In a current corporate network environment, a plurality of systems are usually operating. Of these systems, in a system that requires access control for each user, it is first necessary to identify who is the user who has made the processing request. Therefore, each system generally registers users who can use the system in advance, and performs an authentication process using a login name and password input during a so-called “login” operation at the time of connection.

  However, in the case of a Web application, because of the protocol characteristic of HTTP (HyperText Transfer Protocol), the exchange between the client and the server is completed with a single request and response, so in preparation for the second and subsequent requests, It is necessary to keep information about the authenticated user by the method.

  In order to solve this problem, cookies have been widely used in the past. In this technique, the server transmits a cookie to an authenticated client, and performs user authentication by reading the cookie from the client for the second and subsequent accesses.

  Patent Document 1 discloses an automatic authentication system that automatically performs authentication when accessing a server. In this system, the user terminal stores terminal identification information in advance. When the user terminal accesses the server, the server transmits terminal identification information, and performs authentication using the received terminal identification information.

JP 2002-222173 A

  However, the above technique has the following problems.

  There are types of cookies that are stored in memory and deleted when the Web browser is closed, and those that are stored in a file and remain even when the Web browser is closed. In the former case, since the authenticated state is lost when the Web browser is closed, the next time the Web browser is opened and the application is accessed, a login operation is required again. In the latter case, there is a problem that a cookie stored as a file may be stolen by a malicious third party and impersonated. Furthermore, in any case, there is a risk that the cookie is stolen by a third party on the communication path and spoofed.

  Also in the system described in Patent Document 1, there is a risk that the terminal identification information stored in the user terminal or the terminal identification information on the communication path is stolen by a third party.

  Therefore, the present invention is capable of automating authentication and reducing the risk of information being stolen for theft, and an authentication program for a server and a client in the authentication system. Providing an authentication program.

  An authentication program for a server according to the present invention is a program for authenticating a user who uses a client by an authentication server via a network, the authentication server acquires the user authentication information from the client, An authentication unit that authenticates the user based on the personal authentication information, a secret information generation unit that generates secret information for identifying the user and passes it to the client when authentication by the authentication unit is successful, and a challenge / A challenge generation unit that generates a challenge in the response method and sends it to the client, and receives a response to the challenge from the client, and whether the response is a correct response generated by combining the challenge and the secret information By verifying the above Characterized in that to function over THE as a response verification unit, to authenticate.

  In the present invention, it is preferable that the authentication unit obtains the user authentication information from the client when authentication by the challenge / response method fails.

  In the present invention, the secret information generation unit generates the secret information according to a preset rule based on user identification information for identifying the user, and the response verification unit includes the user identification information It is preferable that the response is verified according to a preset rule based on the information and the challenge.

  Here, it is preferable that the preset rule in the secret information generation unit or the response verification unit is calculation of a keyed hash.

  Moreover, in this invention, it is preferable to make the said authentication server implement | achieve the function which sets an expiration date to the said secret information.

  Moreover, in this invention, it is preferable to make the said authentication server implement | achieve the function which invalidates the said secret information as needed.

  In the present invention, it is preferable that the authentication server realize a function of transmitting and receiving the personal authentication information and the secret information to and from the client by encrypted communication.

  An authentication program for a client according to the present invention is a program for authenticating a user who uses a client by an authentication server via a network, wherein the client is sent to the user authentication information sent from the client. A secret information storage unit that receives secret information for identifying the user generated by the authentication server from the authentication server and stores it in a predetermined storage area when the authentication of the user in the authentication server based is successful And receiving a challenge in the challenge / response method from the authentication server, generating a response by combining the challenge and the stored secret information, and functioning as a response generation unit that returns the response to the authentication server It is characterized by.

  In the present invention, the secret information storage unit encrypts and stores the secret information using information unique to the client, and the response generation unit uses the unique information for the encrypted secret information. It is preferable that the response is generated using the decrypted secret information.

  Further, in the present invention, when the client acquires personal authentication information for local authentication from the user prior to use of the client, authenticates the user with the personal authentication information, and the authentication is successful. It is preferable to realize a function of allowing the user to use the client.

  In the present invention, it is preferable that the response generation unit generates the response by calculating a keyed hash.

  In the present invention, it is preferable that the client realize a function of transmitting and receiving the personal authentication information and the secret information to and from the authentication server by encrypted communication.

  An authentication program for a client according to the present invention is a program in an authentication system in which a client and an authentication server that performs authentication by a challenge / response method between the client and the client are connected via a network. The secret information for generating the response is encrypted using information unique to the client and stored in a predetermined storage area, and the stored secret information is converted into the unique information at the time of authentication. The response is generated by combining the decrypted secret information with the challenge received from the authentication server, and functions as a response generation unit that returns the response to the authentication server.

  An authentication system according to the present invention is an authentication system in which a client and an authentication server for authenticating a user who uses the client are connected via a network, and secret information for specifying the user to the client Is not stored, the authentication server acquires the user authentication information of the user from the client, authenticates the user based on the user authentication information, and if the authentication is successful, the secret information Is generated and passed to the client, and the client stores the secret information received from the authentication server in a predetermined storage area. When the secret information is stored in the client, the authentication server / Create a challenge in the response method and send it to the client. The client generates a response by combining the challenge and the secret information, returns the response to the authentication server, and the authentication server authenticates the user by verifying the response received from the client. Features.

  In the present invention, regardless of whether or not the secret information is stored in the client, the authentication server attempts authentication with the client by the challenge / response method, and when the authentication fails, The authentication server obtains the user authentication information from the client, authenticates the user based on the user authentication information, and generates the secret information to the client when the authentication is successful. It is preferable to pass.

  An authentication system according to the present invention is an authentication system in which a client and an authentication server that performs authentication by a challenge / response method are connected between the client via a network. The secret information is encrypted using information unique to the client and stored in a predetermined storage area, and at the time of authentication, the stored secret information is decrypted using the unique information. A response generating unit that generates a response by combining the decrypted secret information and the challenge received from the authentication server, and returns the response to the authentication server.

  An authentication server according to the present invention is an authentication server that authenticates a user who uses a client via a network, acquires the user authentication information of the user from the client, and based on the user authentication information, An authentication unit that performs authentication, a secret information generation unit that generates secret information for identifying the user and passes it to the client when authentication by the authentication unit is successful, and a challenge / response method challenge And authenticating the user by receiving a response to the challenge from the client and verifying whether the response is a correct response generated by combining the challenge and the secret information. A response verification unit And butterflies.

  The client according to the present invention is a client in which a user is authenticated via a network by an authentication server, and the authentication of the user in the authentication server based on the user authentication information sent from the client is successful A secret information storage unit that receives the secret information for identifying the user generated by the authentication server from the authentication server and stores the secret information in a predetermined storage area; and a challenge / response method challenge from the authentication server. A response generation unit that receives the challenge and combines the stored secret information to generate a response, and returns the response to the authentication server.

  In the present invention, prior to the use of the client, personal authentication information for local authentication is acquired from the user, the user is authenticated by the personal authentication information, and when the authentication is successful, the user is notified of the client It is preferable to allow the use of.

  An authentication method according to the present invention is an authentication method in an authentication system in which a client and an authentication server for authenticating a user who uses the client are connected via a network, in order to identify the user to the client If the secret information is not stored, the authentication server acquires the user authentication information of the user from the client, authenticates the user based on the user authentication information, and if the authentication is successful, The secret information is generated and passed to the client, and the client stores the secret information received from the authentication server in a predetermined storage area. When the secret information is stored in the client, the authentication server Creates a challenge / response challenge to the client The client generates a response by combining the challenge and the secret information, returns the response to the authentication server, and the authentication server authenticates the user by verifying the response received from the client. It is characterized by doing.

  The authentication method according to the present invention is an authentication method in an authentication system in which a client and an authentication server that performs authentication by a challenge / response method are connected to the client via a network. The secret information for generating the response is encrypted using information unique to the client and stored in a predetermined storage area, and when the client authenticates, the stored secret information is A response generation step of decrypting using the unique information, generating a response by combining the decrypted secret information and the challenge received from the authentication server, and returning the response to the authentication server. And

  ADVANTAGE OF THE INVENTION According to this invention, while being able to achieve automation, the authentication system which can reduce the risk that the information for automating authentication is stolen, and the server authentication program and client in the said authentication system An authentication program can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing the overall configuration of the authentication system 1 according to the present embodiment. As shown in FIG. 1, the authentication system 1 includes one or more servers 10 and one or more clients 20 connected to each other via a network N such as a LAN or the Internet. In this authentication system 1, the user of the client 20 accesses the server 10 using a Web browser and receives a service provided by the Web application from the server 10. Here, prior to providing the service, the server 10 performs authentication processing with the client 20 by a challenge and response method (referred to as “challenge / response method” in this specification), Authenticate the user you are using. Note that examples of services using Web applications include a document management service, a document search service, and a bulletin board service.

  FIG. 2 is a block diagram illustrating functional configurations of the server 10 and the client 20. Hereinafter, the functional configurations of the server 10 and the client 20 will be described with reference to FIG.

  The server 10 is a server machine on which a Web server, a Web application, and an authentication server operate. The server 10 includes a Web server unit 11, a server control unit 12, an application unit 13, an authentication server unit 14, and an authentication information holding unit 15. In the present embodiment, the functional blocks 11 to 14 are realized by executing a program stored in a recording medium such as a hard disk or a CD-ROM with computer hardware resources such as a CPU and a RAM. However, each functional block may be realized by other configurations such as a hardware circuit.

  The Web server unit 11 executes processing such as transmission of HTML (HyperText Markup Language) data in response to a request from the Web browser. The web server unit 11 is realized by web server software.

  The server control unit 12 is a functional block that performs processing such as control of the entire server 10.

  The application unit 13 is realized by Web application software, and provides a predetermined Web application function to the client 20.

  The authentication server unit 14 authenticates the user of the client 20 prior to providing the Web application function by the application unit 13. Specifically, the authentication module unit 23 on the client 20 side performs authentication processing by a challenge / response method to authenticate a user who uses the client 20. The authentication server unit 14 is realized by the server authentication program according to the present embodiment. The authentication server unit 14 includes an authentication unit 14a, a secret information generation unit 14b, a challenge generation unit 14c, and a response verification unit 14d.

  The authentication unit 14a acquires the authentication information of the user who uses the client 20 from the client 20, and authenticates the user using the acquired authentication information. Specifically, the authentication unit 14a performs user authentication by checking the personal authentication information registered in advance on the server 10 side with the personal authentication information acquired from the client 20. Here, the identity authentication information may be any information as long as the identity of the user can be confirmed, for example, a combination of a user ID and a password, biometric information such as fingerprint information, Examples include an electronic certificate and a private key stored in an IC card.

  When the authentication of the user by the authentication unit 14a is successful, the secret information generation unit 14b generates secret information for specifying the user, and transmits the generated secret information to the client 20 for storage. This secret information is used by the client 20 to generate a challenge / response response.

  The challenge generation unit 14c generates a challenge in the challenge / response method, and sends the generated challenge to the client 20 used by the authentication target user.

  The response verification unit 14d receives a response to the challenge from the client 20, and authenticates the user of the client 20 by verifying whether this response is correct. Specifically, the response verification unit 14d confirms whether the received response is a correct response generated by combining the challenge and the secret information.

  If it says easily, the challenge production | generation part 14c and the response verification part 14d can confirm whether the confidential information for specifying a user is stored in the client 20 by a challenge / response system.

  The authentication information holding unit 15 holds information used for response verification in the response verification unit 14d. The authentication information holding unit 15 is realized by a recording medium such as a hard disk. The information held will be described later.

  The client 20 is a client machine on which a web browser operates. The client 20 includes a Web browser unit 21, a client control unit 22, an authentication module unit 23, and a secret information holding unit 24. In the present embodiment, the functional blocks 21 to 23 are realized by executing a program stored in a recording medium such as a hard disk or a CD-ROM with computer hardware resources such as a CPU and a RAM. However, each functional block may be realized by other modes such as a hardware circuit.

  The web browser unit 21 performs processing such as sending a request or data to the web server, receiving HTML data from the web server, and displaying the received data. The web browser unit 21 is realized by web browser software.

  The client control unit 22 is a functional block that performs processing such as control of the entire client 20. In the present embodiment, the client 20 has a multi-user function, and the client control unit 22 performs user authentication in the client local area. That is, prior to the use of the client 20, the client control unit 22 acquires personal authentication information for local authentication from the user, authenticates the user with this personal authentication information, and when this authentication is successful, The user is permitted to use the client 20. Note that the personal authentication information for local authentication may be any information as long as the user's identity can be confirmed. Examples thereof include a combination of a user ID and a password and biometric information. Further, the personal authentication information for local authentication may be the same as or different from the personal authentication information used in the authentication server 14.

  The authentication module unit 23 performs authentication processing by the challenge / response method with the authentication server unit 14 on the server 10 side. The authentication module unit 23 is realized by the client authentication program according to the present embodiment. As the client authentication program, for example, there is a client authentication program that is downloaded in advance from the server 10 to the client 20 side and is implemented as a Microsoft ActiveX control. The authentication module unit 23 includes a secret information storage unit 23a and a response generation unit 23b.

  The secret information storage unit 23 a receives the secret information generated by the secret information generation unit 14 b of the authentication server unit 14 from the authentication server unit 14 and stores it in the secret information holding unit 24. At this time, from the viewpoint of preventing theft of secret information, the secret information storage unit 23a preferably encrypts and stores the secret information using information unique to the client 20. Here, as information unique to the client 20, for example, hardware-specific ID (system disk serial ID, etc.), software-specific ID (OS software product ID, etc.), network ID (IP address, MAC address, etc.) ), User ID, and the like. In addition, the mode of encryption using unique information includes a wide range of modes in which unique information acts on encryption of secret information. For example, the secret information storage unit 23a may generate an encryption parameter based on the unique information and perform encryption using the encryption parameter, or may perform encryption using an encryption algorithm corresponding to the unique information. May be performed, or encryption may be performed by combining these. Here, examples of the encryption parameter include an encryption key and an initial vector (IV) used in a CBC (Cipher Block Chaining) mode.

  The response generation unit 23b receives the challenge from the challenge generation unit 14c of the authentication server unit 14, generates a response by combining the received challenge and the secret information stored in the secret information holding unit 24, and generates the generated response. Return to the authentication server unit 14. At this time, if the secret information is encrypted, the response generation unit 23b decrypts the encrypted secret information using information unique to the client 20, and uses the decrypted secret information to respond. Is generated. Here, from the viewpoint of preventing theft of secret information, the decrypted secret information is preferably erased immediately after use. Note that if the secret information of the user is not stored in the client 20, the fact is returned to the authentication server unit 14.

  The secret information holding unit 24 is realized by a recording medium such as a hard disk and holds secret information. In the present embodiment, secret information of a plurality of users can be stored. At this time, the secret information of each user is stored in a manner that is not used for authentication of other users. For example, confidential information of a certain user is stored in a storage area accessible only by the user. Alternatively, the secret information of a certain user is stored in association with the user ID for local authentication of the user.

  Hereinafter, the operation of the authentication system 1 having the above-described configuration will be described in detail for the first access from the client 20 to the server 10 and the second and subsequent accesses. The server 10 is preset with a master key Km for keyed hash, a secret key Ks of the server 10, a public key Kp of the server 10, and an application identifier IDa for identifying the application unit 13. And Here, the master key Km for the keyed hash is securely stored in the authentication information holding unit 15.

  FIG. 3 is a sequence diagram showing a flow of processing of the authentication system 1 at the time of first access.

  When the client 20 is activated by a certain user A, the client control unit 22 displays a screen that prompts the user ID and password for local authentication on the display screen. On this screen, the client control unit 22 obtains a user ID and password for local authentication from the user A, and authenticates the user A using these (S11). When the authentication is successful, the user A is permitted to use the client 20. On the other hand, if authentication fails, use is not permitted. In the following description, it is assumed that this authentication is successful.

  When a URL (Uniform Resource Locator) of the application unit 13 of the server 10 is input by the user A on the browser screen of the client 20, the client 20 accesses the URL (S12).

  In the server 10, the challenge generation unit 14c generates a random number as the challenge value C in response to the access from the client 20 (S13). Then, the generated challenge value C is sent to the client 20 together with the application identifier IDa (S14). The application identifier IDa is for identifying each of a plurality of applications. For example, the application identifier IDa may be omitted when there is one application or when common secret information is used by a plurality of applications. is there.

  In the client 20, the response generating unit 23b refers to the secret information holding unit 24 and searches for the secret information of the user A associated with the application identifier IDa received from the server 10 (S15). At the time of the first access, since the secret information of the user A does not exist in the secret information holding unit 24, the response generation unit 23b returns to the server 10 as a response that there is no secret information (S16).

  In the server 10, the authentication unit 14a sends a login form to the client 20 in response to a response indicating that there is no secret information from the client 20 (S17).

  In the client 20, the Web browser unit 21 displays a login form on the browser screen, and accepts input of the user identifier IDc and the password P as user authentication information from the user A on the login form (S18). Then, the user identifier IDc and the password P received from the user A are sent to the server 10 (S19). At this time, the password P is preferably encrypted on the client 20 side and decrypted on the server 10 side.

  In the server 10, the authentication unit 14a performs user authentication processing based on the user identifier IDc and password P of the user A received from the client 20 (S20). If the authentication unit 14a confirms that the user is a valid user, the authentication unit 14a sends the application identifier IDa and the public key Kp to the client 20 (S21). On the other hand, if the authentication fails, the login form is sent to the client 20 again. FIG. 3 shows a case where the authentication is successful.

  In the client 20, the secret information storage unit 23 a generates a common key used for encryption / decryption of the secret information in order to securely transfer the secret information. Here, as a common key, a session key K is generated from machine-specific information of the client 20 (for example, the serial number of the system disk) (S22). Next, the secret information storage unit 23a encrypts the generated session key K with the public key Kp received from the server 10 (S23). Then, the encrypted session key EK is sent to the server 10 (S24).

  In the server 10, the secret information generation unit 14b calculates a hash with a key using the master key Km as a key from the user identifier IDc and the time stamp t indicating the current time, and secret information Kc for specifying the user A Is generated (S25). Also, the secret information generation unit 14b associates the user identifier IDa with the time stamp t and stores them in the authentication information holding unit 15 (S26). The time stamp t is used for managing the expiration date of the secret information. In addition, the secret information generation unit 14b decrypts the encrypted session key EK received from the client 20 with the secret key Ks of the server 10 to obtain the session key K (S27). Then, the secret information Kc generated in step S25 is encrypted with the session key K (S28), and the encrypted secret information EKc is sent to the client 20 together with the application identifier IDa, the user identifier IDc, and the time stamp t (S29). .

  In the client 20, the secret information storage unit 23a decrypts the encrypted secret information EKc received from the server 10 with the session key K (S30). Then, the obtained secret information Kc is stored in the secret information holding unit 24 in association with the application identifier IDa, the user identifier IDc, and the time stamp t received from the server 10 (S31).

  Next, the client 20 accesses again the URL accessed in step S12 (S32). Thereafter, processing similar to that shown in FIG. 4 described later is performed, and finally, HTML data corresponding to the designated URL is acquired.

  Note that the authentication server unit 14 invalidates the secret information when any security threat occurs. Here, the value of the time stamp t corresponding to the secret information to be invalidated is changed to “0” representing invalidity. However, the processing for invalidation is not particularly limited, and for example, a set of the user identifier IDc and the time stamp t corresponding to the secret information may be deleted. Further, the process of invalidating the secret information may be performed according to an instruction input from the administrator of the server 10 or may be automatically performed based on the determination of the server 10.

  FIG. 4 is a sequence diagram showing a processing flow of the authentication system 1 at the second and subsequent accesses.

  In FIG. 4, the processing from the authentication of the user A locally in the client 20 (S41) to the transmission of the challenge value C and the application identifier IDa to the client 20 (S44) is the process from step S11 to step S14 in FIG. It is the same as the processing.

  In the client 20, the response generation unit 23b refers to the secret information holding unit 24, and searches for the secret information of the user A associated with the application identifier IDa received from the server 10 (S45). Here, since it is the second and subsequent accesses, the secret information Kc of the user A is stored in the secret information holding unit 24 of the client 20 in association with the application identifier IDa, the user identifier IDc, and the time stamp t. . Therefore, the response generation unit 23b searches and extracts the secret information Kc of the user A and the user identifier IDc of the user A, which are associated with the application identifier IDa, from the secret information holding unit 24.

  Next, the response generator 23b calculates a keyed hash from the challenge value C received from the server 10 using the secret information Kc of the user A as a key, and sets the result as a response value R (S46). Then, the response value R is sent to the server 10 together with the user identifier IDc (S47).

  In the server 10, the response verification unit 14d refers to the authentication information holding unit 15 and checks whether or not the secret information corresponding to the user identifier IDc passed from the client 20 is valid (S48). Specifically, it is determined whether or not the value of the time stamp t corresponding to the user identifier IDc is “0”. Further, it is determined whether or not the expiration date of the secret information has expired based on the preset validity period of the secret information and the time stamp t.

  When it is determined that the secret information is valid, the response verification unit 14d determines the user identifier IDa passed from the client 20, the time stamp t associated therewith, the master key Km, and the challenge value C. Then, the theoretical value R ′ of the response is obtained (S49). Specifically, the response verification unit 14d calculates a keyed hash from the user identifier IDa and the time stamp t using the master key Km as a key, and generates the secret information Kc of the user A again. Next, a keyed hash is calculated from the challenge value C using the secret information Kc generated again as a key, and a theoretical value R ′ of the response is calculated. Then, the response verification unit 14d checks whether or not the response value R passed from the client 20 matches the theoretical value R ′ of the response (S50).

  If it is determined in step S48 that the secret information is invalid, a login form is transmitted to the client 20, and thereafter, the processing after step S18 in FIG. 3 is performed.

  If the two response values do not match as a result of the confirmation in step S50, the response verification unit 14d performs predetermined processing on the assumption that the user authentication has failed. For example, a login form is transmitted to the client 20, and the processing after step S18 in FIG. 3 is performed thereafter.

  On the other hand, if the two response values match, the response verification unit 14d notifies the server control unit 12 that the user has been successfully authenticated. In response to this notification, the server control unit 12 sends HTML data corresponding to the URL specified by the client 20 in step S42 (S51). Thereafter, the user A of the client 20 receives a service provided by the application unit 13 of the server 10. At this time, the server 10 may provide different services for each authenticated user. For example, a use authority may be set for each user in advance, and a service may be provided to each user within the range of the user's use authority. FIG. 4 shows a case where both response values match.

  According to the present embodiment described above, the following effects can be obtained.

  (1) Since the authentication process of the user who uses the client is performed between the authentication server and the client module, the authentication can be automated. More specifically, when accessing a Web application, login processing is performed by communication between a program downloaded in advance on the client side and the authentication server, so that a login operation by the user such as inputting a user name and password Is no longer necessary. Thereby, the operation burden of the user at the time of login can be reduced, and the operability can be improved.

  (2) Since whether or not secret information exists in the client is confirmed by a challenge / response method, it is possible to avoid a risk that the secret information is stolen on the communication path. That is, compared to a method using Cookie in which information for automating authentication is transmitted as it is or a method described in Patent Document 1, it is possible to reduce the risk of information for automating authentication being stolen. . It can also handle replay attacks.

  (3) The authentication server acquires the user authentication information from the client, authenticates the user using the user authentication information, and provides the client with confidential information for identifying the user when the authentication is successful. Issue. For this reason, it becomes possible to issue secret information only to legitimate users. In addition, since it is only necessary for the user to present personal authentication information such as a password, secret information can be obtained by a simple procedure.

  Compared with the technique described in Patent Document 1, in the technique, information for automating authentication is fixedly set in the terminal, and thus the user can access the server only from a specific terminal. On the other hand, in the present embodiment, the user can access the server from any client.

  Further, in the technique described in Patent Document 1, no authentication for a user is entered, and authentication is based only on information set in the terminal. Therefore, anyone who can access the terminal can access the server. On the other hand, in this embodiment, since user authentication is entered at the first access, it is safer.

  (4) The client encrypts and stores the secret information using information unique to the client. Therefore, even if the encrypted secret information is stolen, other clients cannot decrypt the encrypted secret information. Thereby, it is possible to avoid a risk that secret information stored in a certain client is stolen by another client. That is, the risk of theft of information for automating authentication can be reduced as compared with a method using Cookie that stores information itself for automating authentication and a method described in Patent Document 1. .

  (5) At the time of authentication, the authentication server first attempts authentication by a challenge / response method regardless of whether valid secret information is stored in the client. Then, when authentication fails, it is assumed that valid secret information is not stored, and processing for issuing secret information to the client is started. For this reason, it can be confirmed by a simple method whether valid secret information is stored in the client, and the entire processing can be simplified.

  (6) The client performs user authentication locally on the client prior to use of the client. Thereby, the client can identify the user who is using the client, and can avoid the secret information of a certain user being used by another user. Here, user authentication at the client local is generally performed and does not impose a special operation on the user. Further, since it is usually realized by a multi-user function of an OS (Operating System), no special software or the like is required. However, user authentication at the client local may be performed by the authentication module unit 23.

  Compared with the technique described in Patent Document 1, the technique is a mechanism for terminal identification, and different users cannot be identified on the same terminal. On the other hand, in the present embodiment, different users on the same terminal can be identified.

  (7) The authentication server generates secret information according to a preset rule based on the user identifier, and verifies the response according to the preset rule based on the user identifier and the challenge. Therefore, it is not necessary to store the secret information of each user on the authentication server side. For this reason, the danger that secret information is stolen from an authentication server can be avoided. Moreover, the cost of information management can be reduced.

  (8) Since secret information generation, response generation, or response verification is performed using calculation of a hash with a key that is realized by a relatively high-speed algorithm, it is possible to increase the speed of each process. it can.

  (9) In the technique described in Patent Document 1, since there is no expiration date for information for automating authentication, when the information is stolen, it remains permanently stolen. On the other hand, in the present embodiment, the expiration date is set for the secret information, or the secret information is invalidated as necessary, so that damage when the secret information is stolen can be reduced.

  (10) Since the user authentication information and the secret information are transmitted and received between the authentication server and the client by encrypted communication, it is possible to prevent the information from being stolen on the communication path.

  (11) Since the secret information is generated based on the time stamp indicating the time when the secret information is generated, when the same user acquires the secret information by a plurality of clients, each secret information can be identified. it can. The same effect can be obtained by using information for identifying the client instead of the time stamp. However, the same secret information may be issued to the same user regardless of the access from any client. In this case, the time stamp can be omitted.

  FIG. 5 is a block diagram showing the overall configuration of the authentication system 2 according to another embodiment. As shown in FIG. 5, the authentication system 2 includes a service providing server 30 that provides a service using an application function, an authentication server 40, and a client 20 connected to each other via a network N such as a LAN. This authentication system 2 is different from the authentication system 1 described above in that a server machine that provides services and a server machine that performs user authentication are provided separately. Since the rest is almost the same as the authentication system 1 described above, the description of the common parts is omitted.

  The service providing server 30 includes a Web server unit 11, a server control unit 12, and an application unit 13 as functional blocks. The authentication server 40 includes a Web server unit 11, a server control unit 12, an authentication server unit 14, and an authentication information holding unit 15 as functional blocks.

  Hereinafter, the operation of the authentication system 2 will be briefly described for the first access from the client 20 to the service providing server 30 and for the second and subsequent accesses.

  First, the processing procedure of the authentication system 2 at the time of the first access will be described.

  When the URL of the application of the service providing server 30 is input by the user A on the browser screen of the client 20, the client 20 accesses the URL.

  In response to this access, the service providing server 30 returns a redirect request for the authentication server 40 to the browser of the client 20 in order to request authentication. At this time, the service providing server 30 issues a temporary ID for authentication for inquiring the authentication server 40 later about the authentication result, and sends this to the client 20 as a parameter when redirecting to the authentication server 40 together with the URL of the application. .

  The browser of the client 20 accesses the authentication server 40 according to the redirect instruction. At this time, the URL of the application and the temporary ID for authentication are sent to the authentication server 40 according to an instruction from the service providing server 30.

  Thereafter, processing similar to that from step S13 to step S32 in FIG. 3 is performed. That is, the secret information Kc of the user A is issued from the authentication server 40 to the client 20.

  Next, processing of the authentication system 2 at the second and subsequent accesses will be described.

  When the URL of the application of the service providing server 30 is input by the user A on the browser screen of the client 20, the client 20 accesses the URL.

  In response to this access, the service providing server 30 returns a redirect request for the authentication server 40 to the browser of the client 20 in order to request authentication. At this time, the service providing server 30 issues a temporary ID for authentication for inquiring the authentication server 40 later about the authentication result, and sends this to the client 20 as a parameter when redirecting to the authentication server 40 together with the URL of the application. .

  The browser of the client 20 accesses the authentication server 40 according to the redirect instruction. At this time, the URL of the application and the temporary ID for authentication are sent to the authentication server 40 according to an instruction from the service providing server 30.

  Thereafter, processing similar to that from step S43 to step S50 in FIG. 4 is performed. That is, authentication processing by the challenge / response method is performed between the authentication server 40 and the client 20.

  In the present embodiment, when the authentication by the challenge / response method is successful, the authentication server 40 stores the authentication result indicating that the authentication is successful in association with the temporary ID for authentication passed from the client 20. Then, a redirect instruction for the application URL passed from the client 20 is returned to the client 20.

  The client 20 accesses the URL of the application again according to the redirect instruction.

  In response to this access, the service providing server 30 inquires of the authentication server 40 about the authentication result using the authentication temporary ID as a key. If the authentication result indicates that the authentication has succeeded, the HTML data corresponding to the URL designated by the client 20 is sent to the client 20.

  As described above, the authentication server may be installed separately from the server that provides the application function. Similarly, each functional block of the server 10 in the authentication system 1 may be physically realized by any configuration.

  As mentioned above, although embodiment of this invention was described, it cannot be overemphasized that this invention is not limited to said embodiment.

  For example, in the above embodiment, data transmission / reception between the server 10 and the client 20 is performed between the Web server 11 and the Web browser 21 according to HTTP. It doesn't matter.

  Further, the application of the server 10 is not limited to the Web application, and may be another application such as a command line application. Conventionally, in the authentication in the command line application, the user ID and the password are described in the batch file and there is a security problem. However, if the present invention is applied, such a problem can be solved. In the case of the command line application, the client user accesses the command line application using the command line interface.

  Further, in step S20 of FIG. 3, the server 10 holds registered user data, and the authentication process is performed by collating the data and the value input by the user. (Protocol) If an operating environment where user management is performed by a directory service such as a server is assumed, authentication processing may be performed using the directory service. In this case, since user information can be shared among a plurality of applications, single sign-on can be easily realized.

  In addition, a single sign-on environment can be provided by permitting access to a plurality of applications when authentication by the authentication system according to the present embodiment is successful.

  Further, the authentication system according to the present invention is not limited to authentication at the time of accessing an application, and can be widely applied to authentication of a user who uses a client.

  In the above embodiment, the server 10 holds the user identifier IDc and the time stamp t in association with each other, but it is not always necessary to hold these pieces of information on the server 10 side. For example, if the user identifier IDc and the time stamp t are transmitted from the client 20 to the server 10, the server 10 can verify the response based on the information received from the client 20.

  In the above-described embodiment, regardless of whether or not the secret information is stored in the client 20, first, authentication by the challenge / response method is attempted. For example, first, the client 20 It may be determined whether or not secret information is stored in itself, and if it is determined that the secret information is not stored, the server 10 may be requested to issue secret information.

  Also, user authentication at the client local is not essential. However, it is preferable to authenticate the user locally on the client from the viewpoint of preventing the confidential information of a certain user from being used by another user.

  Further, the security technique such as encryption applied to data transmission / reception between the server 10 and the client 20 is not particularly limited, and can be added, changed, or deleted as appropriate. For example, SSL (Secure Sockets Layer) can be adopted.

  The method for generating secret information is not particularly limited. For example, a generation method other than the calculation of the keyed hash can be employed. Further, it is not always necessary to generate secret information based on the time stamp t. Further, when no expiration date is set for the secret information, the time stamp t may be omitted.

  Moreover, the following aspect is contained in the aspect in which the authentication program for servers implement | achieves the function of the authentication server part 14. FIG. That is, the server authentication program includes a mode in which the function of the authentication server unit 14 is realized by using processing executed by another program (for example, OS software or application software). Similarly, the mode in which the client authentication program realizes the function of the authentication module unit 23 includes the following modes. That is, a mode in which the client authentication program realizes the function of the authentication module unit 23 using processing executed by another program (for example, OS software or application software) is included.

It is a block diagram which shows the whole structure of the authentication system which concerns on embodiment. It is a block diagram which shows the function structure of a server and a client. It is a sequence diagram which shows the flow of a process of the authentication system at the time of the first access. It is a sequence diagram which shows the flow of a process of the authentication system at the time of the access after the 2nd time. It is a block diagram which shows the whole structure of the authentication system which concerns on other embodiment.

Explanation of symbols

  1, 2 authentication system, 10 server, 11 Web server unit, 12 server control unit, 13 application unit, 14 authentication server unit, 14a authentication unit, 14b secret information generation unit, 14c challenge generation unit, 14d response verification unit, 15 authentication Information holding unit, 20 client, 21 Web browser unit, 22 client control unit, 23 authentication module unit, 23a secret information storage unit, 23b response generation unit, 24 secret information holding unit, 30 service providing server, 40 authentication server.

Claims (21)

An authentication program for a server for authenticating a user who uses a client by an authentication server via a network,
An authentication unit that acquires the user authentication information from the client and authenticates the user based on the user authentication information;
A secret information generation unit that generates secret information for identifying the user and passes it to the client when authentication by the authentication unit is successful;
A challenge generation unit that generates a challenge in a challenge / response scheme and sends the challenge to the client; and
A response verification unit that receives a response to the challenge from the client and authenticates the user by verifying whether the response is a correct response generated by combining the challenge and the secret information;
An authentication program for a server characterized in that it functions as a server. The server authentication program according to claim 1,
The authentication program for a server, wherein the authentication unit acquires the user authentication information of the user from the client when authentication by the challenge / response method fails. The server authentication program according to claim 1 or 2,
The secret information generation unit generates the secret information according to a preset rule based on user identification information for identifying the user,
The response verification unit verifies the response according to a preset rule based on the user identification information and the challenge. The server authentication program according to claim 3,
The server authentication program, wherein the preset rule in the secret information generation unit or the response verification unit is calculation of a keyed hash. The server authentication program according to any one of claims 1 to 4,
A server authentication program that causes the authentication server to realize a function of setting an expiration date for the secret information. The server authentication program according to any one of claims 1 to 5,
An authentication program for a server, which causes the authentication server to realize a function of invalidating the secret information as necessary. The server authentication program according to any one of claims 1 to 6,
An authentication program for a server, characterized in that the authentication server realizes a function of transmitting and receiving the personal authentication information and the secret information by encrypted communication with the client. An authentication program for a client for authenticating a user who uses a client by an authentication server via a network, wherein the client is
When authentication of the user in the authentication server based on the user authentication information sent from the client is successful, secret information for identifying the user generated by the authentication server is sent from the authentication server. A secret information storage unit that receives and stores it in a predetermined storage area; and
A response generation unit that receives a challenge in the challenge / response method from the authentication server, generates a response by combining the challenge and the stored secret information, and returns the response to the authentication server;
An authentication program for clients characterized in that it functions as a client. An authentication program for a client according to claim 8,
The secret information storage unit encrypts and stores the secret information using information unique to the client,
The response generating unit decrypts the encrypted secret information using the unique information, and generates the response using the decrypted secret information. An authentication program for a client according to claim 8 or 9,
Prior to use of the client, the client acquires personal authentication information for local authentication from the user, authenticates the user with the personal authentication information, and if the authentication is successful, An authentication program for a client that realizes a function that permits the use of a client. It is an authentication program for clients given in any 1 paragraph of Claims 8-10,
The client authentication program, wherein the response generation unit generates the response by calculating a keyed hash. A client authentication program according to any one of claims 8 to 11,
An authentication program for a client, characterized in that the client realizes a function of transmitting and receiving the personal authentication information and the secret information by encrypted communication with the authentication server. An authentication program for a client in an authentication system in which a client and an authentication server that performs authentication by a challenge / response method between the client and the client are connected via a network.
A secret information storage unit that encrypts secret information for generating a response using information unique to the client and stores the encrypted information in a predetermined storage area; and
During authentication, the stored secret information is decrypted using the unique information, a response is generated by combining the decrypted secret information and the challenge received from the authentication server, and the response is sent to the authentication server. Response generator to return,
An authentication program for clients characterized in that it functions as a client. An authentication system in which a client and an authentication server that authenticates a user who uses the client are connected via a network,
When secret information for specifying the user is not stored in the client,
The authentication server acquires the user authentication information of the user from the client, authenticates the user based on the user authentication information, and generates the secret information to the client when the authentication is successful. Hand over,
The client stores the secret information received from the authentication server in a predetermined storage area,
When the secret information is stored in the client,
The authentication server generates a challenge / response challenge and sends it to the client;
The client generates a response by combining the challenge and the secret information, and returns the response to the authentication server,
The authentication server authenticates the user by verifying a response received from the client;
An authentication system characterized by that. 15. The authentication system according to claim 14, wherein
Regardless of whether or not the secret information is stored in the client, the authentication server attempts authentication with the client by the challenge / response method,
When the authentication fails, the authentication server acquires the user authentication information of the user from the client, authenticates the user based on the user authentication information, and when the authentication is successful, the secret server Generate information and pass it to the client,
An authentication system characterized by that. An authentication system in which a client and an authentication server that performs authentication by a challenge / response method between the client and the client are connected via a network,
The client
A secret information storage unit that encrypts secret information for generating a response using information unique to the client and stores the encrypted information in a predetermined storage area;
During authentication, the stored secret information is decrypted using the unique information, a response is generated by combining the decrypted secret information and the challenge received from the authentication server, and the response is sent to the authentication server. A response generator to return;
An authentication system comprising: An authentication server for authenticating a user using a client via a network,
An authentication unit for acquiring the user authentication information from the client and authenticating the user based on the user authentication information;
A secret information generating unit that generates secret information for identifying the user and passes it to the client when authentication by the authenticating unit is successful;
A challenge generation unit that generates a challenge in a challenge / response method and sends the challenge to the client;
A response verification unit that receives a response to the challenge from the client and authenticates the user by verifying whether the response is a correct response generated by combining the challenge and the secret information;
An authentication server characterized by comprising: A client that authenticates a user via a network by an authentication server,
When the authentication of the user in the authentication server based on the user authentication information sent from the client is successful, secret information for identifying the user generated by the authentication server is sent from the authentication server. A secret information storage unit that receives and stores in a predetermined storage area;
A response generation unit that receives a challenge in the challenge / response method from the authentication server, generates a response by combining the challenge and the stored secret information, and returns the response to the authentication server;
A client characterized by comprising: The client of claim 18, comprising:
Prior to the use of the client, personal authentication information for local authentication is acquired from the user, the user is authenticated using the personal authentication information, and if the authentication is successful, the user is permitted to use the client. A client characterized by An authentication method in an authentication system in which a client and an authentication server that authenticates a user who uses the client are connected via a network,
When secret information for specifying the user is not stored in the client,
The authentication server obtains the user authentication information from the client, authenticates the user based on the user authentication information, and generates the secret information to the client when the authentication is successful. Hand over,
The client stores the secret information received from the authentication server in a predetermined storage area,
When the secret information is stored in the client,
The authentication server generates a challenge / response challenge and sends it to the client;
The client generates a response by combining the challenge and the secret information, and returns the response to the authentication server,
The authentication server authenticates the user by verifying a response received from the client;
An authentication method characterized by that. An authentication method in an authentication system in which a client and an authentication server that performs authentication by a challenge / response method between the client and the client are connected via a network,
A secret information storing step in which the client encrypts secret information for generating a response using information unique to the client and stores the encrypted information in a predetermined storage area;
At the time of authentication, the client decrypts the stored secret information using the unique information, generates a response by combining the decrypted secret information and the challenge received from the authentication server, A response generating step to be returned to the authentication server;
An authentication method characterized by comprising:

Images