JP2005333596A - Electronic application system, and electronic application apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable an organization, other than public institutions, to certify an individual for an electronic application without using a seal impression through electronic certification utilizing the public institutions. <P>SOLUTION: An electronic application terminal 2 of an electronic application system comprises: an HSM 3 as a key pair generating means for generating a pair of keys Key-S comprised of a public key PuKey-S and a private key PriKey-S required for obtaining an electronic certificate for identifying an applicant required for an electronic application to an electronic application acceptance server 6; and a control section 21 which generates a short-validity public key certificate issue request CSR for a specific CA using the public key PuKey-S, requests an electronic signature for the generated short-validity public key certificate issue request CSR to a JPKI card 1 issued from a public institution, acquires the short-validity public key certificate issue request CSR to which an electronic signature Sign-J is given, and a public key electronic certificate Cert-J via an IC card reader 26 in response to the request, and transmits the short-validity public key certificate issue request CSR to which the electronic signature Sign-J is given, and the public key electronic certificate Cert-J to an authentication server 5 of the specific CA. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  In the present invention, for example, an organization other than a public organization electronically issues a certificate that proves an individual to the public organization, and a desired application is made to the organization other than the public organization using the electronic certificate. The present invention relates to an electronic application system and an electronic application terminal.

  Recently, for example, in financial institutions, there are cases in which deposits and savings are paid for false applications from persons other than the principal who uses counterfeit seals, and it is an urgent task to construct a technique for personal identification that replaces seals.

  At financial institutions, stamps of seals stamped on application forms at the time of opening a new account, etc. are photographed on image data or microfilm, stored on electronic media, and stamps of seals brought by customers seeking payment The person in charge confirms the seal and the seal imprinted on the electronic medium and confirms that they agree, so he proves himself and accepts the payment. However, when a counterfeit seal made in the same way as the real thing was used, there was no way to see it.

On the other hand, in recent years, the Basic Resident Register Act has been enforced and the operation of the Basic Resident Register system has started. When this basic resident register system is used by a public institution, a user can be authenticated and can receive public services such as taking a resident's card.
As this type of prior art, for example, a certificate authentication server possessed by an authentication code issuing organization, a client possessed by a certificate issuing organization via a network, and a client possessed by a certificate user Has been proposed (see Patent Document 1, for example).
Using this prior art, if a client installed in a financial institution, for example, accesses a basic resident register system (certificate authentication server) and obtains proof, personal authentication can be performed without using the seal.
JP 2003-263520 A

  However, the above prior art is a technology that is established when the certification code issuing institution and the certificate issuing institution are the same public institution, and groups other than the public institution, such as private financial institutions, are included in the Basic Resident Register system. There was a problem that it was not possible to obtain proof by connecting directly.

  The present invention has been made to solve such problems, and an electronic certificate that allows an organization other than the public organization to certify an individual and make an electronic application without using a seal by electronic certification using a public organization. The purpose is to provide an application system and an electronic application device.

  In order to solve the above-described problems, the electronic application device of the present invention can obtain an electronic certificate for verifying the identity of an applicant, which is necessary for applying an electronic procedure to a non-public organization. Key pair generating means for generating a set of key pairs composed of necessary public keys and secret keys, holding means for holding a set of key pairs generated by the key pair generating means, and the key pair generating means A short-lived public key certificate issuance request generation means for generating a short-lived public key certificate issuance request to a certificate authority of a non-public organization using a public key from the key pair generated by Request an electronic signature for the short-lived public key certificate issuance request generated by the request generation means to the IC card issued from the public institution to the applicant, and the short-lived with the electronic signature attached to this request Public key certificate issuance request and public key electronic A public institution provides list information of an IC card access means for obtaining a certificate, a short-lived public key certificate issuance request with an electronic signature obtained by the IC card access means, and a public key electronic certificate Means for acquiring from the specific certificate authority a short-lived public key certificate that is transmitted to the specified certificate authority and is valid only for one application procedure issued in response to the request for issuing the short-lived public key certificate; The short-lived public key certificate signing means for electronically signing the short-lived public key certificate obtained from the bureau, and the short-lived public key certificate and the application information to which the electronic signature has been given by the short-lived public key certificate signing means An application means to be transmitted to an electronic application accepting means provided by a public institution, and an application for deleting a set of key pairs held in the holding means when the application information is transmitted by the application means. Characterized in that and means.

  An electronic application system of the present invention includes a first computer for accepting an electronic application for which an unofficial organization provides an electronic application service, an electronic application device for making an electronic application to the first computer, and the non-public organization In an electronic application system in which a second computer for authentication installed in a specific certificate authority that provides an authentication service is connected via a communication network, the electronic application device performs an electronic procedure on the first computer. Key pair generating means for generating a set of key pairs consisting of a public key and a private key necessary for obtaining an electronic certificate for verifying the identity of the applicant necessary for making an application from the second computer; A holding means for holding a pair of key pairs generated by the key pair generating means, and a public key of the key pairs generated by the key pair generating means, A short-lived public key certificate issuance request generating means for generating a short-lived public key certificate issuance request, and an electronic signature for the short-lived public key certificate issuance request generating means generated by the short-lived public key certificate issuance request generating means An IC card access means for making a request to an IC card issued to an applicant from a general institution and obtaining a short-lived public key certificate issuance request and a public key electronic certificate to which an electronic signature is attached to the request , Sending a short-lived public key certificate issuance request and a public key electronic certificate to which the electronic signature obtained by the IC card access means is attached, to the second computer, and short-lived publication for the short-lived public key certificate issuance request Means for obtaining a key certificate from the second computer; short-lived public key certificate signing means for digitally signing the obtained short-lived public key certificate; and the short-lived public key certificate When the application information is transmitted by the application means, the application means for transmitting the short-lived public key certificate to which the electronic signature is given by the name means and the application information to the first computer provided by the non-public organization, An erasure unit for erasing one set of key pairs held in the holding unit, and the second computer transmits a short-lived public key certificate issued with an electronic signature transmitted from the electronic application device Receiving means, authentication means for authenticating the person based on the list information obtained from a public organization in response to the request for issuing the short-lived public key certificate, and when the person is authenticated by the authentication means, Means for issuing a short-lived public key certificate valid only for the procedure and returning it to the requester, wherein the first computer receives the application information transmitted from the electronic application device; and the application A verification unit that verifies the validity of a short-lived electronic signature included in the information; and a unit that returns permission information for the application information to the request source when the verification by the verification unit is successful. .

In the present invention, in the electronic application device, a public key and a private key necessary for obtaining an electronic certificate for verifying the identity of an applicant necessary for applying to an unofficial organization by electronic procedures. A set of key pairs is generated, and the set of key pairs is held in the holding means.
Then, a public key is used to generate a short-lived public key certificate issuance request for the certificate authority of the non-public organization, and an electronic signature is generated for the generated short-lived public key certificate issuance request. A request is made to the IC card issued to the applicant from the target organization, and a short-lived public key certificate issuance request and a public key electronic certificate to which an electronic signature is attached is obtained from the IC card.
A short-lived public key certificate issuance request and a public key electronic certificate issued from an IC card are sent to a specific certificate authority that can provide list information. Acquire a short-lived public key certificate for a specific certificate authority.
A short-lived electronic signature is attached to the applicant's application information for which a short-lived public key certificate has been obtained, and it is held by the holding means after being sent to an electronic application acceptance means that provides an electronic application service by a non-public organization. Delete one set of key pairs.

  As described above, according to the present invention, it is possible for an organization other than a public organization to certify an individual and make an electronic application without using a seal by electronic certification using a public organization.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing a schematic configuration of an electronic application system according to one embodiment of the present invention, and FIG. 2 is a diagram showing a configuration of an electronic application terminal of the electronic application system.
As shown in the figure, this electronic application system uses a Basic Resident Register Card issued by a public institution: Juki Card 1 (hereinafter referred to as JPKI Card 1) and reads the information on JPKI Card 1 to authenticate the person. An electronic application terminal 2 as an electronic application device for performing electronic application processing, a hardware security module 3 (hereinafter referred to as HMS3) connected to the electronic application terminal 2 by a connection cable such as a SCSI cable, and an electronic application Electronic application service provider side equipment (authentication server 5 of a specific certificate authority (hereinafter referred to as a specific CA), electronic application reception server 6, database 7) connected to the terminal 2 via a network such as the Internet 4 and authentication Consists of a personal authentication server 8 belonging to a public personal authentication infrastructure such as a Basic Resident Register system connected to the server 5 via a communication network . The communication network is, for example, a dedicated line. The electronic application acceptance server 6 is called a first computer, and the authentication server 5 is called a second computer.

  The JPKI card 1 is an IC card for public personal authentication, and includes a CPU, a memory, and a communication interface (hereinafter referred to as a communication I / F) inside the card. The memory contains a card ID, which is card identification information for uniquely identifying this IC card, basic information such as address, name, date of birth, blood type, etc. in the Basic Resident Register, public key PuKey and secret A key PriKey pair, an electronic certificate that certifies the public key PuKey (hereinafter referred to as public key certificate Cert_J), a password for accessing this card, and the like are stored. A key pair of a public key certificate Cert_J, public key PuKey, and private key PriKey is used by a user who applied for issuance of an electronic certificate at a public institution's window. Information that is generated and written. The validity period of the public key certificate Cert_J is normally about 1 to 3 years.

The CPU has four basic information stored in the memory, a verification processing function using an electronic certificate that certifies the public key (hereinafter referred to as public key certificate Cert_J), an authentication function at the time of card access, an electronic signature function, etc. Have. The CPU receives a signature request (CSR signature request) including the short-lived public key certificate issuance request information CSR according to PKCS # 10 from the control unit 21 of the electronic application terminal 2, and an encryption algorithm (RSA) conforming to the standard PKCS # 1 Etc.) and a JPKI private key PriKey with a key length of 1024 bits, and an electronic signature Sign_J is generated and assigned to the short-lived public key certificate issuance request information CSR, that is, an electronic signature is created.
The communication I / F communicates with the IC card reader 26. Usually, using this JPKI card 1 at a window terminal set up at the application window of a public institution (prefectural city office, etc.) proves that it is an individual user, for example, obtains a resident card Various public services such as can be received.

The authentication server 5 installed in the specific CA accepts the short-lived public key certificate issuance request information CSR, which is a pre-authentication request from the electronic application terminal 2 before electronic application, and receives the certificate and signature of the public organization JPKI. If the validity is confirmed, a short-lived public key certificate Cert_S is generated and returned to the request source.
The database 7 stores information for validating JPKI certificates, signatures, etc. (eg, a negative list that is a list of expired JPKI issued certificates).

The electronic application acceptance server 6 accepts an electronic application from the electronic application terminal 2, verifies the validity of the short-lived electronic signature Sign_S, and if the validity is confirmed, creates a permit for the application, and creates an electronic signature and certificate After generating the form, return them.
The personal authentication server 8 includes a database. The database stores information on revocation lists (hereinafter referred to as public CRLs) of certificates issued by public authorities. The personal authentication server 8 reads and distributes the public CRL stored in the database in response to a request from the specific CA. Note that public CRL distribution does not have to be made every time a request is made, and may be sent in batch processing at predetermined intervals.

  The electronic application acceptance server 6 and the personal authentication server 8 are general server computers having a CPU, a memory, a hard disk device, and the like. The hard disk device executes an operating system (hereinafter referred to as OS) and other control operations. Application software is installed, and these software and hardware such as a CPU cooperate to realize each server operation. The database is constructed in the hard disk device.

  HSM3 is composed of hardware (CPU, memory, hard disk device, etc.) having tamper resistance (physical attack resistance), and realizes high security performance by physical security having tamper resistance. . The CPU has a key pair generation function, a short-lived electronic signature function, an encryption function, and a key discard function. The CPU receives the electronic signature request (application signature request) including the application information, and uses the private key PriKey stored in the memory to hash the application information with the hash function described in the public key certificate Cert_J. Encrypt and generate an electronic signature Sign_S, and return the generated electronic signature Sign_S and application information to the request source. The hard disk device stores a common key having a key length of 168 bits distributed only to the HSM 3 and the specific certificate authority CA. Further, the short-lived electronic signature Sign_S generated by electronic authentication is temporarily stored in the hard disk device, and is deleted (deleted) by a discard command after the application process. That is, the hard disk device functions as a holding unit that holds a set of key pairs Sign_S generated by the CPU until they are deleted by a discard command.

The key pair generation function receives a key pair generation request from the control unit 21 of the electronic application terminal 2 and generates a public key pair Key_S having a key length of 1024 bits according to an encryption key generation algorithm (such as RSA) that matches standard PKCS # 1 To do. This public key pair Key_S is a key that is necessary to obtain an electronic certificate that verifies the identity of the applicant, which is necessary for applying to electronic organizations such as financial institutions by electronic procedures. It is.
The encryption function encrypts the public key PuKey_S using an encryption algorithm Triple DES conforming to the standard FIPS PUB 46-3 and the common key, and obtains an encrypted public key PuKey_S ′.

  The short-lived electronic signature function is a function for receiving an electronic signature request from the control unit 21 of the electronic application terminal 2 for making a short-lived certificate issuance request and performing an electronic signature on the application form.

  Specifically, in response to an application signing request, the application information hashed with the hash function described in the public key certificate Cert_J is used and the private key PriKey_S of the public key pair Key_S stored in the memory is used. Encrypt and generate a short-lived electronic signature Sign_S, add it to the application information, and return it to the requester. Short-lived is a period valid only for one application (one session).

  That is, the CPU of the HSM 3 is composed of a public key PuKey_S and a private key PriKey_S necessary for obtaining an electronic certificate for verifying the identity of the applicant necessary for electronic application to the electronic application acceptance server 6. It functions as key pair generation means for generating a pair of key pairs Key_S.

  As shown in FIG. 2, the electronic application terminal 2 is connected to the control unit 21, the memory 22, the display operation unit 23, the SCSI interface 24 (hereinafter referred to as SCSI I / F 24), and the control unit 21 via the communication I / F 25. IC card reader 26 and printer 27, and communication unit 28 connected to the Internet.

The IC card reader 26 functions as an IC card access unit that is controlled by the control unit 21 and accesses the JPKI card 1.
The control unit 21 executes arithmetic processing, control operation, and the like in cooperation with hardware such as a CPU and software such as a control program stored in a memory.
The control unit 21 controls the IC card reader 26 to obtain a JPKI public key certificate Cert_J stored in the memory of the JPKI card 1.
The control unit 21 functions as a short-lived public key certificate issuance request generation unit that generates a short-lived public key certificate issuance request CSR for a specific CA using the public key PuKey_S.

  In addition, the control unit 21 requests the JPKI card 1 issued from a public institution through the IC card reader 26 to give the electronic signature Sign_J to the generated short-lived public key certificate issuance request CSR. The short-lived public key certificate issuance request CSR with the electronic signature Sign_J and the public key electronic certificate Cert_J are acquired through the IC card reader 26, and the short-lived public key certificate issuance request CSR with the electronic signature Sign_J and the public key It functions as means for transmitting the electronic certificate Cert_J to the authentication server 5 of the specific CA and acquiring the short-lived public key certificate Sert_S for the transmitted short-lived public key certificate issuance request CSR from the authentication server 5 of the specific CA.

Further, the control unit 21 functions as an application unit that transmits the application information provided with the electronic signature Sert_S by the HSM 3 to the electronic application reception server 6 as an electronic application reception unit that provides an electronic application service by a non-public organization.
Further, when the application information is transmitted, the control unit 21 functions as an erasing unit that erases one set of key pairs Sign_S held in the hard disk device (holding unit) of the HSM3.

Hereinafter, the operation of the electronic application system will be described with reference to FIG.
When a user with a JPKI card 1 applies for opening a new account, for example, at a financial institution that is a non-public organization, an operation for opening a new account is performed from the screen of the display operation unit 23 of the electronic application terminal 2. Then, the control unit 21 displays a message such as “Please insert a personal identification card into the card slot” on the screen.

According to this display, when the user inserts the JPKI card 1 into the card slot of the terminal, the IC card reader 26 accesses the JPKI card 1 and acquires the card ID from the memory of the JPKI card 1 and stores it in the memory 22. The card type is specified with reference to the card type determination table.
If the card is not JPKI card 1 as a result of the card identification process, the IC card reader 26 ejects the card from the card insertion slot and returns it to the applicant, and the control unit 21 displays the message on the screen or correct JPKI by voice. Prompt insertion of card 1.

  On the other hand, the control unit 21 displays a screen for creating an application form on the display operation unit 23, prompts the user to input necessary items, and uses the information entered on the screen by the person in charge of the window (or the user) for application. Generate data and display it in the form of an application form on the screen. In addition, the control unit 21 displays a message that prompts confirmation of the application form displayed on the screen and a message that prompts the user to perform an application operation if the confirmation result is correct.

  In addition, when the person in charge receives an application form in which the user has previously filled in the necessary items by hand, it should be set in an OCR device (not shown) connected to the electronic application terminal 2 and read the form. Since the application data (character code) read and recognized by the OCR device is input to the electronic application terminal 2 and stored in the memory, the control unit 21 displays the data in the application on the screen. Display in form. In this way, an application form is created (S101 in FIG. 3). By performing a printing operation on this screen, the application form displayed on the screen can be printed by the printer 27 and a paper application form can be output.

  When the user confirms the content of the application form displayed on the screen and confirms that there is no mistake, and the user performs an application operation, the control unit 21 requests the application operation to send the application form. The short-lived key pair generation request is issued (S102), and is transmitted to the HSM 3 through the SCSI I / F 24.

In HSM3, the CPU that has received the request for generating a short-lived key pair generates a short-lived key pair Key_S according to an algorithm standardized as PKCS # 1 (S103). And an encrypted public key PuKey_S ′ is generated using the common key distributed only to the specific CA, and returned to the control unit 21 of the electronic application terminal 2 that is the request source (S104).
The control unit 21 of the electronic application terminal 2 acquires the encrypted public key PuKey_S ′ returned from the HSM 3 (S105) and stores it in the memory.

Thereafter, the control unit 21 generates short-lived public key certificate issuance request information CSR for the authentication server 5 of the specific certificate authority (specific CA) on the electronic application service provider side (S106), and uses this as a CSR signature request. It is sent to the JPKI card 1 (S107), and the electronic signature Sign_J to the short-lived public key certificate issuance request information CSR is requested. The short-lived public key certificate issuance request information CSR includes information specifying the applicant's name (identifier), public key, and public key algorithm.
In the JPKI card 1, the CPU that receives the CSR signature request generates the electronic signature Sign_J from the information included in the short-lived public key certificate issuance request information CSR (S108), and issues the generated electronic signature Sign_J to the short-lived public key certificate. The request information CSR is given, that is, electronically signed, and the electronic signature Sign_J and the short-lived public key certificate issuance request information CSR are returned to the control unit 21 of the requesting electronic application terminal 2.
In the electronic application terminal 2, the control unit 21 acquires the electronic signature Sign_J and the short-lived public key certificate issuance request information CSR signed with the electronic signature Sign_J (S109), and stores them in the memory.

Further, the CPU of JPKI card 1 transmits the public key certificate Cert_J stored in the memory in the card in advance to the control unit 21 of the electronic application terminal 2 (S110), and this public key certificate Cert_J is transmitted to the electronic application terminal. 2 is acquired (S111) and stored in the memory 22.
Then, the control unit 21 adds the public key certificate Cert_J received from the JPKI card 1 and stored in the memory 22 to the short-lived public key certificate issuance request information CSR to which the electronic signature Sign_J stored in the memory 22 is added, and the Internet 4 to the authentication server 5 of the specific CA (S112). The short-lived public key certificate issuance request information CSR includes terminal identification information such as a terminal number for identifying (specifying) the window terminal 2.

In the authentication server 5 of the specific CA, when the CPU receives the short-lived public key certificate issuance request information CSR (S113), the CPU stores the memory using the terminal number included in the short-lived public key certificate issuance request information CSR as a key. Alternatively, with reference to a certificate issuance table stored in advance in the hard disk device, it is determined whether to issue a short-lived electronic certificate or an electronic certificate with a normal expiration date. In the certificate issuance table, information (flag or the like) indicating whether to issue a short-lived electronic certificate or a normal expiration electronic certificate is set for each window terminal or financial institution. .
After determining the type of electronic certificate, the CPU verifies the electronic signature Sign_J assigned to the short-lived public key certificate issuance request information CSR (S114).

Here, using the cryptographic algorithm RSA conforming to the standard PKCS # 1 and the JPKI public key PuKey_S with a key length of 1024 bits, verify that the electronic signature Sign_J given to the short-lived public key certificate issuance request information CSR is correct . The electronic signature mechanism and verification (verification) technology itself are general, and are disclosed, for example, at http://www.pref.saitama.jp/A01/B300/jpki/introduction/pki-sikumi.html. ing.
In other words, the electronic signature is a process in which the information transmission side compresses the original information (plain text) with a hash function and creates a single piece of code data (electronic signature) as a result of encryption using a secret key and a predetermined encryption method. is there.
Verification of digitally signed information (plain text) means that information to be verified (plain text) and electronic signature (code data) are sent to the verification side (information receiving side). Data obtained by compressing plaintext) with a hash function (message digest) and the above electronic signature (code data) using the public key distributed in advance from the sender and decrypted in the same method Data (message digest) is collated to determine whether or not they match.

  At the same time, the CPU transmits a request for issuing CRL information (public CRL) to the personal authentication server 8 of the public personal authentication base, which is a public institution, and the personal authentication server 8 responds to this request by itself. Send public CRLs stored in the database.

Then, the CPU of the authentication server 5 of the specific CA receives the public CRL transmitted from the personal authentication server 8, and verifies the public key certificate Cert_J based on the received public CRL, that is, confirms the validity (S115). . The verification of the public key certificate Cert_J using the public CRL is whether or not the serial number of the public key certificate Cert_J exists in the public CRL.
At the same time, the CPU decrypts the encrypted public key PuKey_S ′ (S116). In this decryption process, the encryption public key PuKey_S ′ is decrypted using the encryption algorithm Triple DES that conforms to the standard FIPS PUB 46-3 and the common key with a key length of 168 bits distributed only to the HSM3 and the specific CA. To obtain the public key PuKey_S.

  As a result of the verification of the electronic signature Sign_J and the public key certificate Cert_J, only when the validity is confirmed and the decryption of the encrypted public key PuKey_S 'is successful, the CPU is a short-lived public key that is a certificate of the public key Pukey_S. A certificate Cert_S is generated (S117), and the generated short-lived public key certificate Cert_S is transmitted to the control unit 21 of the electronic application terminal 2 (S118). Since this transmission is communication via the Internet 4, it is performed by secret communication such as SSL. Note that the case where the decryption is successful is a case where two message digests obtained by decrypting the electronic signature and encrypting the received information match each other as a result of matching.

  In the generation process of the short-lived public key certificate Cert_S in S117, an electronic signature is generated using a cryptographic algorithm RSA that conforms to the standard PKCS # 1 and a root key of a specific CA having a key length of 2048 bits, and the short-lived public key certificate Cert_S is generated. Give.

  In the electronic application terminal 2, when the control unit 21 receives and acquires the short-lived public key certificate Cert_S transmitted from the authentication server 5 (S119), the control unit 21 issues an application signature request to the HSM 3 (S120). , The request is sent to the HSM 3 through the SCSI I / F 24, and the application form created by the applicant is requested to be digitally signed with the private key PriKey_S.

  In HSM3, the CPU that has received the application signature request generates an electronic signature Sign_S for the application using the private key PriKey_S stored in its own memory (S121), and assigns it to the application, that is, electronically signs it. The application form with the electronic signature Sign_S is returned to the control unit 21 of the requesting electronic application terminal 2.

  In the electronic application terminal 2, when the control unit 21 receives and obtains the application form to which the electronic signature Sign_S is assigned through the SCSI I / F 24 (S122), the control unit 21 shortens the application form to which the obtained electronic signature Sign_S is assigned. The public key certificate Cert_S is assigned, and the application information (electronic signature Sign_S, application data, short-lived public key certificate Cert_S, etc.) is transmitted to the electronic application reception server 6 through the Internet 4 (S123).

After transmitting the application information, the control unit 21 issues a public key pair Key_S discard command to the HSM 3 (S124), transmits it to the HSM 3 through the SCSI I / F 24, and stores the public key stored in the HSM 3 hard disk device. Request to discard the pair Key_S.
In HSM3, the CPU that has received the public key pair Key_S discard command deletes (deletes) the public key pair Key_S stored in its own hard disk device and discards it (S125).
In this encryption key discarding method, the public key pair Key_S is discarded by, for example, deleting the file of the public key pair Key_S after overwriting the corresponding area of the hard disk device with dummy data.

On the other hand, when the CPU of the electronic application receiving server 6 receives the application information transmitted from the electronic application terminal 2 through the Internet 4, the CPU extracts the electronic signature Sign_S from the received application information and extracts the extracted electronic signature Sign_S. Perform verification.
In this verification process, it is verified that the electronic signature Sign_S given to the application information is correct by using the encryption algorithm RSA conforming to the standard PKCS # 1 and the public key of the specific CA having a key length of 1024 bits.
At this time, the validity of the short-lived public key certificate Cert_S in the application information is not verified because it is replaced by the validity of the JPKI public key certificate Cert_J.

  The application information for which the CPU has successfully completed (successfully) verified the electronic signature Sign_S is displayed on the screen of the electronic application reception server 6, so the person in charge of the service provider reviews the application content displayed on the screen. If the application is permitted / not permitted, for example, when the application is permitted, the operation unit of the electronic application receiving server 6 is operated to create a permit or the like (S128), and then the issuing operation is performed. This issuing operation becomes a license signature request to the CPU (S129).

Then, the CPU of the electronic application acceptance server 6 reads out and acquires the electronic signature Sign_P and public key certificate Cert_P of the service provider from the memory (S130, S131), and assigns (attaches) to the notified information, and then applies. Is sent to the electronic application terminal 2 through the Internet 4 (S132).
In the acquisition process of the electronic signature Sign_P, an electronic signature is attached to the permit or the like using the cryptographic algorithm RSA that conforms to the standard PKCS # 1 and the private key of the service provider with a key length of 2048 bits.

  In the electronic application terminal 2, when the control unit 21 receives and acquires a permission notification from the Internet 4 (S133), the control unit 21 performs a permit issuance process. That is, the control unit 21 generates a permit from the received permission notification, and controls (prints) the printer 27.

On the other hand, in the electronic application terminal 2, the control unit 21 issues a public key pair Key_S discard command to the HSM 3 immediately after transmitting the application information (S124), so that the public key pair held in the HSM 3 hard disk device is issued. Key_S should have been erased, but it may remain unerased from the HSM3 hard disk drive for some reason.
Therefore, the control unit 21 checks whether or not the public key pair Key_S exists in the hard disk device of the HSM 3 every predetermined time after issuing the public key pair Key_S discard instruction (S134). Yes), the public key pair Key_S discard command is issued again to the HSM 3 (S135).

In HSM3, the CPU that has received the public key pair Key_S discard command deletes (deletes) the public key pair Key_S in its own hard disk device and discards it (S136).
In the electronic application terminal 2, when the user makes a new electronic application, the next JPKI card 1 is inserted into the card insertion slot, and the IC card reader 26 acquires the card information. Is detected (Yes in S137), the work area of its own memory 22 is cleared for initialization to start card processing, and a public key pair Key_S discard instruction is issued to the HSM3. Issue (S138).

  In HSM3, the CPU that has received the public key pair Key_S discard instruction clears the predetermined work area and memory in its own hard disk device, and should, in the unlikely event, use the public key pair Key_S that has not been erased by the multiple discard processes. Erasing (deleting) is performed (S139).

  As described above, according to the electronic application system of this embodiment, when performing an electronic application service using the Internet provided by a non-public institution, that is, a financial institution other than the public institution, Using the JPKI card 1, which is a card, the identity is confirmed by the HSM 3 connected to or built in the electronic application terminal 2, and a specific CA (private certification) contracted by a financial institution when making a specific application such as a new account application, for example. The authentication server 5 of the bureau) publicly issues a short-lived public key certificate Cert_S with a validity period shortened only for the application (one session) at that time to the electronic application terminal 2. You can make an electronic application that has been authenticated. The format of the electronic certificate has an extended area, and flag information indicating whether it is short-lived or normal is inserted into the extended area so that the electronic certificate issued by the specific CA is specified. May be.

  In other words, an organization other than the public organization electronically issues a certificate that certifies the individual to the public organization, and the organization other than the public organization uses the electronic certificate via a network provided by itself. Since a desired application is made, an organization other than the public organization can certify an individual and make an electronic application without using a seal by electronic certification using a public organization.

In the electronic application system of this embodiment, each of the service provider and the applicant can obtain a profit.
For example, a financial institution that is a service provider can reduce the cost of identity verification work by verifying the identity using a public key certificate (public personal certificate) in a JPKI card. Further, by using a short-lived key pair and public key certificate, it is possible to reduce the cost of maintaining and managing the issued public key certificate in a specific CA. Furthermore, there is no need to issue an IC card dedicated to personal authentication separately from the JPKI card 1, and an increase in service users can be expected in terms of cost and convenience for applicants.

The applicant does not need to have a plurality of IC cards, and can secure the same convenience and price as applying with the JPKI card 1 alone. Even when an unspecified number of applicants apply using the electronic application terminal 2 at the window, their private key PriKey_J or the key pair Key_S generated by the HSM3 remains in the electronic application terminal 2 and the HSM3. Because there is no, there is no “anxiety” about the use, and you can apply with confidence.
As a result, the JPKI card 1 which is a public personal identification card is used by an organization other than a public institution, and a short-lived public key certificate Cert_S for specific applications is issued. And will be able to receive electronic application services.

1 is a diagram showing a schematic configuration of an electronic application system according to one embodiment of the present invention. The figure which shows the structure of the electronic application terminal of the electronic application system of FIG. The figure which shows operation | movement of the electronic application system of FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... JPKI card, 2 ... Electronic application terminal, 3 ... Hardware security module (HSM), 4 ... Internet, 5 ... Authentication server, 6 ... Electronic application reception server, 7 ... Database, 8 ... Personal authentication server, 21 Control unit, 22 Memory, 23 Display operation unit, 24 SCSI interface (SCSI I / F), 26 IC card reader, 27 Printer, 28 Communication unit, Cert_J Public key certificate, Sign_J Electronic Signature, Cert_S ... Short-lived public key certificate, Sign_S ... Short-lived electronic signature, CRL ... Public certificate revocation list, CSR ... Short-lived public key certificate issuance request information, Key_S ... Public key pair, PriKey_S ... Private key, PuKey_S ... Public Key, PuKey_S '... encrypted public key, Sign_P ... service provider's electronic signature, Cert_P ... public key certificate.

Claims (2)

Generates a key pair consisting of a public key and a private key necessary to obtain an electronic certificate that verifies the identity of the applicant, which is necessary for applying to electronic organizations by electronic procedures. A key pair generating means for
Holding means for holding one set of key pairs generated by the key pair generating means;
Among the key pairs generated by the key pair generating means, a short-lived public key certificate issuance request generating means for generating a short-lived public key certificate issuance request for a certificate authority of a non-public organization using a public key;
Request an electronic signature for the short-lived public key certificate issuance request generated by the short-lived public key certificate issuance request generating means to the IC card issued from the public institution to the applicant, and in response to this request An IC card access means for obtaining a short-lived public key certificate issuance request and a public key electronic certificate to which an electronic signature is attached;
The short-lived public key certificate issuance request and public key electronic certificate to which the electronic signature obtained by the IC card access means is attached is transmitted to a specific certificate authority that can provide list information by the public institution, Means for obtaining from the specific certificate authority a short-lived public key certificate that is valid for only one application procedure issued in response to a public key certificate issuance request;
A short-lived public key certificate signing means for electronically signing a short-lived public key certificate obtained from the specific certificate authority;
An application means for transmitting the short-lived public key certificate to which the electronic signature is given by the short-lived public key certificate signing means and the application information to an electronic application receiving means for providing a service by a non-public organization;
An electronic application apparatus comprising: an erasure unit that erases a set of key pairs held in the holding unit when application information is transmitted by the application unit. A first computer for accepting electronic applications for which an unofficial organization provides an electronic application service, an electronic application device for making electronic applications to the first computer, and a specific authentication by which the public organization can provide list information In an electronic application system in which a second computer for authentication installed in a station is connected via a communication network,
The electronic application device is:
A set of a public key and a private key necessary for obtaining an electronic certificate for verifying the identity of the applicant necessary for applying to the first computer by an electronic procedure from the second computer A key pair generating means for generating a key pair of
Holding means for holding one set of key pairs generated by the key pair generating means;
Among the key pairs generated by the key pair generating means, a short-lived public key certificate issuance request generating means for generating a short-lived public key certificate issuance request for a certificate authority of a non-public organization using a public key;
Request an electronic signature for the short-lived public key certificate issuance request generated by the short-lived public key certificate issuance request generating means to the IC card issued from the public institution to the applicant, and in response to this request An IC card access means for obtaining a short-lived public key certificate issuance request and a public key electronic certificate to which an electronic signature is attached;
A short-lived public key certificate issuance request to which the electronic signature obtained by the IC card access means is attached and a public key electronic certificate are transmitted to the second computer, and a short-lived public key corresponding to the short-lived public key certificate issuance request Means for obtaining a certificate from the second computer;
A short-lived public key certificate signing means for electronically signing a short-lived public key certificate obtained from the second computer;
Application means for transmitting the short-lived public key certificate to which the electronic signature has been given by the short-lived public key certificate signing means and the application information to the first computer provided by a non-public organization,
When electronic application information is transmitted by the application unit, the electronic application information includes an erasing unit that erases one set of key pairs held in the holding unit,
The second computer is
Means for receiving a short-lived public key certificate issuance request with an electronic signature sent from the electronic application device;
An authentication means for performing identity authentication based on list information obtained from a public organization in response to the short-lived public key certificate issuance request;
A means for issuing a short-lived public key certificate that is valid only for one application procedure and returning it to the requester when the user is authenticated by the authentication means;
The first computer is
Means for receiving application information transmitted from the electronic application device;
Verification means for verifying the validity of a short-lived electronic signature included in the application information;
An electronic application system comprising: means for returning permission information for the application information to a request source when verification by the verification means is successful.

Images