JP2008228004A - Network device, control method of network device, and network device control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a network device capable of ensuring security even in a case where the network device is shared by a plurality of users. <P>SOLUTION: A network device includes: a generation means for generating a certificate (certificate management section 126); a signing means for performing signing in accordance with a predetermined private key (certificate management section 126); a storage means for storing the certificate signed by the signing means (certificate storage section 121); a write means for writing at least a public key corresponding to the predetermined private key on a storage medium removable from the present device (write control section 128); and a transmission means for transmitting the signed certificate stored in the storage means to another network device in a case where the present device is accessed from the other network device via a network (communication section 104). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a network device, a network device control method, and a network device control program.

  In Patent Document 1, a medium such as a blank CD stored in a blank media stocker is supplied to a built-in CD drive, and predetermined data is written therein, and then a built-in label printer is used to place the CD label surface. A technology relating to a media processing apparatus that performs printing and stores the resulting created media in a media stocker or issues from a discharge port is disclosed.

JP 2006-331534 A

  By the way, when such a media processing device is connected to a network such as a LAN and shared by a plurality of user terminal devices, information in the organization can be recorded on the media and taken out. There is a problem.

  It is also assumed that information transmitted from the user terminal device to the media processing device is stolen or tampered with. Further, there is a problem that the media processing device may be spoofed by another device and the information intended to be transmitted to the media processing device may be stolen.

  The present invention has been made based on the above circumstances, and its object is to provide a network device and a network device control method capable of ensuring security even when shared by a plurality of users And a network device control program.

  In order to achieve the above object, a network device of the present invention includes a generating unit that generates a certificate, a signing unit that signs a certificate generated by the generating unit with a predetermined private key, and a signing unit Storage means for storing a certificate signed by the above, a writing means for writing a public key corresponding to at least a predetermined secret key to a storage medium removable from the apparatus, and a network for the apparatus. And a transmission unit that transmits the certificate with the signature stored in the storage unit to the other network device when accessed from the other network device. Therefore, it is possible to provide a network device that can ensure security even when shared by a plurality of users.

  In addition to the above-mentioned invention, the network device of another invention further includes a generating means for generating a secret key and a public key that is paired with the secret key, and the signing means is a secret generated by the generating means. The certificate is signed with the key, and the writing unit writes the public key generated by the generating unit into at least a removable storage medium. Thus, by self-signing the certificate, it is possible to prevent a security warning from being displayed on the browser when the user accesses using the browser.

  In addition to the above-described invention, the network device according to another invention further includes encrypted communication means for performing encrypted communication with another network device based on the certificate, and the writing means includes the encryption device. The information received via the communication means is written to a removable storage medium. As a result, the user can safely write information to the storage medium via the network.

  In addition to the above-described invention, in the network device according to another invention, the writing unit stores the signed certificate along with the public key in a removable storage medium. For this reason, for example, it is possible to support not only a public key but also a browser that requires a certificate.

  In addition to the above-described invention, in the network device of another invention, the generation unit generates a certificate when a predetermined operation is performed on the input unit. For this reason, it is possible to prevent the certificate from being illegally acquired by a third party by generating the certificate only when a predetermined operation is performed by the administrator.

  In addition to the above-described invention, the network device according to another invention is such that the removable storage medium is an optical disk, and a storage means for storing a plurality of optical disks and an optical disk stored in the storage means are taken out one by one. Transport means for transporting and placing on the writing means, and the writing means writes at least the public key to the optical disc. For this reason, it is possible to increase the security of a network device having a potential danger of copying a large amount of information to a plurality of optical disks and taking it out.

  In addition to the above-described invention, the network device according to another invention further includes a discharge unit that discharges the optical disc written by the writing unit, and an authentication unit that performs user authentication. When there is an instruction from a predetermined user who has been successfully authenticated by the means, the written optical disk is ejected. Thereby, it is possible to prevent a public key from being illegally acquired by a third party.

  In addition to the above-mentioned invention, the network device of another invention includes an encryption communication means for performing encrypted communication with another network device based on a certificate, and encrypted communication from the other network device. When a new certificate is transmitted through the means, the information processing apparatus further includes a replacement unit that replaces the certificate stored in the storage unit with the new certificate. Thereby, by using the certificate signed by the certificate authority in the organization as a new certificate, it is possible to save the time and effort for each user to import the certificate or public key into their network device.

  In addition to the above-described invention, the network device control method according to the present invention generates a certificate, signs the generated certificate with a predetermined private key, and the signed certificate. When a public key corresponding to at least a predetermined secret key is written in a storage medium that can be attached to and detached from the device, and the device is accessed from another network device via the network The stored certificate with the signature is transmitted to the other network device. Therefore, it is possible to provide a network device control method capable of ensuring security even when shared by a plurality of users.

  The network device control program of the present invention includes a generating unit that generates a certificate, a signing unit that signs a certificate generated by the generating unit with a predetermined private key, and a signature that is signed by the signing unit. Storage means for storing a certificate, writing means for writing a public key corresponding to at least a predetermined secret key to a storage medium removable from the apparatus, and access to the apparatus from other network devices via a network In the case of the above, the computer is caused to function as a transmission unit that transmits the certificate with the signature stored in the storage unit to the other network device. Therefore, it is possible to provide a network device control program capable of ensuring security even when shared by a plurality of users.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings. In the following, (A) a configuration example of the first embodiment, (B) an outline of the operation of the first embodiment, (C) details of the operation of the first embodiment, (D) the first A configuration example of the second embodiment, (E) an outline of the operation of the second embodiment, (F) details of the operation of the second embodiment, and (G) a modified embodiment will be described in this order.

(A) Configuration example of the first embodiment

  FIG. 1 is a diagram showing a configuration example of a network system including a CD / DVD publisher according to the first embodiment of the present invention. As shown in this figure, the network system includes a CD / DVD (Compact Disk / Digital Versatile Disk) publisher 10, an administrator terminal device 20, user terminal devices 30 to 50, and a network 60 as main components. Yes.

  Here, the CD / DVD publisher 10 takes out a CD or DVD blank medium as an optical disk stored in the stocker one by one and records information, and prints and discharges a predetermined image on the label surface. .

  The administrator terminal device 20 is a terminal device used by a network administrator, and is composed of, for example, a personal computer. The user terminal devices 30 to 50 are terminal devices used by general users, and are configured by, for example, a personal computer.

  The network device of the present invention will be described using the CD / DVD publisher 10 as an example. The network device control method and the network device control program of the present invention will be described by taking the operation of the CD / DVD publisher 10 as an example.

  FIG. 2 is an external perspective view of the CD / DVD publisher 10 shown in FIG. The CD / DVD publisher 10 includes a substantially rectangular parallelepiped casing 11, and open / close doors 12 and 13 that can be opened and closed on the left and right are attached to the front surface of the casing 11. An operation surface 14 on which display lamps, operation buttons, and the like are arranged is formed at the lower left end of the open / close doors 12 and 13, and a medium M such as a CD or a DVD is ejected next to the operation surface 14. A media discharge port 15 is opened.

  FIG. 3 is a block diagram showing an electrical configuration of the CD / DVD publisher 10. As shown in this figure, the CD / DVD publisher 10 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory) 102, a display unit 103, a communication unit 104, a printing unit 105, and a discharge mechanism. 106, a CD / DVD writing unit 107, a transport mechanism 108, an input unit 110, and a bus 111 are main components. A stocker 109 capable of storing a plurality of blank media M is disposed in the vicinity of the transport mechanism 108.

  Here, the CPU 100 is a central control device that controls each unit of the device based on a program (not shown) stored in the ROM 101.

  The ROM 101 is, for example, an EEPROM (Electrically Erasable Programmable Read-Only Memory), and is a semiconductor memory that stores a basic program executed by the CPU 100 and various data. The RAM 102 is a semiconductor memory that temporarily stores programs executed by the CPU 100 and data being calculated.

  The display unit 103 is configured by an LED (Light Emitting Diode), an LCD (Liquid Crystal Display), or the like disposed on the operation surface 14 illustrated in FIG. Or display information.

  The communication unit 104 serving as a transmission unit and an encryption communication unit is configured by a so-called network card or the like, and performs control when transmitting / receiving data to / from other devices based on, for example, the IEEE 802.3 standard.

  The printing unit 105 is an inkjet printing unit that discharges ink droplets by piezoelectric electrostriction and prints an image on the label surface of the medium M, for example.

  A discharge mechanism 106 serving as a discharge unit is a mechanism unit that discharges the medium M, on which information writing and image printing have been completed, from the medium discharge port 15 to the outside based on the control of the CPU 100.

  The CD / DVD writing unit 107 writes the information supplied from the CPU 100 on the information recording surface of the medium M as digital data.

  A transport mechanism 108 serving as a transport unit takes out the media M stored in the stocker 109 one by one and carries them out and mounts them on the spindle of the CD / DVD writing unit 107.

  A stocker 109 serving as a storage unit stores a plurality of blank media M. The stocker 109 can replenish the medium M by opening the doors 12 and 13 shown in FIG.

  The input unit 110 includes operation buttons and the like disposed on the operation surface 14 illustrated in FIG. 2, and generates and outputs various types of information according to user operations.

  The bus 111 electrically connects the CPU 100, the ROM 101, the RAM 102, the display unit 103, the communication unit 104, the printing unit 105, the ejection mechanism 106, the CD / DVD writing unit 107, the transport mechanism 108, and the input unit 110 to each other. , A signal line group that enables exchange of information between them.

  FIG. 4 is a block diagram showing an electrical configuration of the manager terminal device 20 shown in FIG. Since the user terminal devices 30 to 50 have the same configuration as the administrator terminal device 20, the administrator terminal device 20 will be described as an example, and the description of the user terminal devices 30 to 50 will be omitted. .

  As shown in FIG. 4, the manager terminal device 20 includes a CPU 140, a ROM 141, a RAM 142, an HDD (Hard Disk Drive) 143, a graphic processing unit 144, an input unit 145, a communication unit 146, a CD / DVD playback unit 147, a display. The device 148 and the bus 149 are main components.

  Here, the CPU 140 is a central control device that controls each unit of the device based on a program (not shown) stored in the HDD 143 and the ROM 141.

  The ROM 141 is a semiconductor memory that stores basic programs executed by the CPU 140 and various data. The RAM 142 is a semiconductor memory that temporarily stores programs executed by the CPU 140 and data being calculated.

  The HDD 143 is a device that writes information to and reads information from a hard disk that is a magnetic storage medium, and stores programs executed by the CPU 140 and various data.

  The graphic processing unit 144 executes a drawing process based on the drawing command supplied from the CPU 140, converts the obtained image into a video signal, supplies it to the display device 148, and displays it.

  The input unit 145 is configured by an input device such as a keyboard or a mouse, for example, and generates and outputs information based on the operation of the administrator.

  The communication unit 146 is configured by a so-called network card or the like, and performs control when transmitting / receiving data to / from other devices based on, for example, the IEEE 802.3 standard.

  The CD / DVD playback unit 147 is a device that reads information written on a medium such as a CD / DVD.

  The display device 148 includes an LCD or a CRT (Cathode Ray Tube) monitor, and displays the video signal supplied from the graphic processing unit 144 on a display unit (not shown).

  The bus 149 connects the CPU 140, the ROM 141, the RAM 142, the HDD 143, the graphic processing unit 144, the input unit 145, the communication unit 146, and the CD / DVD playback unit 147 to each other and enables signal transmission / reception among them. A group.

  FIG. 5 shows that when a program (not shown) stored in the ROM 101 of the CD / DVD publisher 10 shown in FIG. 3 is executed, hardware resources such as the CPU 100 and software resources as programs cooperate. It is a functional block realized by doing. The function block 120 to be realized mainly includes a certificate storage unit 121, a certificate management unit 126, a communication setting unit 127, a write control unit 128, and a control unit 129.

  Here, the certificate storage unit 121 as a storage means stores a certificate 122 with a signature 123, a public key 124, and a private key 125. The certificate 122 is generated by the certificate management unit 126. The signature 123 is obtained by encrypting the message digest of the certificate 122 with the private key 125 as will be described later. The public key 124 is an encryption key corresponding to the secret key 125, and information encrypted by the secret key 125 can be decrypted. The secret key 125 is an encryption key corresponding to the public key 124. The public key 124 and the private key 125 are generated based on information or random numbers input by the administrator operating the input unit 110 when the CD / DVD publisher 10 is connected to the network 60. It is.

  The certificate management unit 126 as a generation unit, a signature unit, and a generation unit is a management unit that generates and manages information stored in the certificate storage unit 121, and includes a certificate 122, a public key 124, and A private key 125 is generated, and a message digest generated from the certificate 122 is encrypted with the private key 125 to generate a signature 123. In addition, the information is taken out or rewritten as necessary.

  The communication setting unit 127 is a setting unit that sets communication parameters and the like of the communication unit 104 based on the control of the control unit 129.

  A writing control unit 128 serving as a writing unit controls the CD / DVD writing unit 107 based on the control of the control unit 129 and performs control for writing various information to the medium M.

  Based on the information input from the input unit 110, the control unit 129 as an authentication unit and a replacement unit is based on the transport mechanism 108, the discharge mechanism 106, the certificate management unit 126, the communication setting unit 127, the writing control unit 128, and the like. It is a control part which controls.

  FIG. 6 shows that when a program (not shown) stored in the HDD 143 of the administrator terminal device 20 shown in FIG. 4 is executed, hardware resources including the CPU 140 and software resources as a program cooperate. It is a functional block realized by working. As functional blocks 150 to be realized, a storage unit 151, a UI (User Interface) unit 154, and a control unit 155 mainly exist.

  Here, the storage unit 151 mainly stores the browser program 152 and the public key group 153. The browser program 152 is a program that downloads and displays an HTML (Hyper Text Markup Language) document and the like stored in resources on the network 60. The public key group 153 stores a plurality of public keys corresponding to network devices authenticated by the certificate authority. As will be described later, in the embodiment of the present invention, a public key corresponding to a certificate issued by the CD / DVD publisher 10 is stored as one of the public key group 153.

  The UI unit 154 performs predetermined processing on the HTML document acquired by the browser program 152, and supplies the graphic document to the graphic processing unit 144 for display on the display device 148.

  The control unit 155 controls the CD / DVD playback unit 147, the UI unit 154, the communication unit 146, the storage unit 151, and the like based on the information input from the input unit 145.

(B) Outline of operation of the first embodiment

  An outline of the operation of the first embodiment will be described with reference to FIG.

  FIG. 7 is a diagram for explaining the outline of the operation of the first exemplary embodiment of the present invention. In this figure, the columns shown on the left side show the processes or procedures executed in the CD / DVD publisher 10, and the columns shown on the right side show the processes or procedures executed in the manager terminal device 20.

  As shown in FIG. 7, in the first embodiment, after the CD / DVD publisher 10 is connected to the network 60 and, for example, an IP (Internet Protocol) address is set, a predetermined operation is performed by the input unit 110. The CD / DVD publisher 10 issues a certificate (ST1). Here, the certificate is electronic data for guaranteeing its own validity on the network.

  Next, the CD / DVD publisher 10 that has issued the certificate performs a process using a hash function on the certificate to create a message digest (ST2). Here, the hash function is a function that outputs fixed-length data from an indefinite-length input, cannot infer input data from the output, cannot easily create input data with the same output, and has the same output data It is a function characterized by a very low possibility.

  The CD / DVD publisher 10 that created the message digest then generates a public key / private key pair. These keys have the relationship that what is encrypted with one key can only be decrypted with the other key. Then, the CD / DVD publisher 10 encrypts the previously generated message digest with a secret key, creates an electronic signature (ST3), and synthesizes it with the previously generated certificate (ST4). Note that a signature encrypted in this way with a private key can be decrypted only with a paired public key.

  The CD / DVD publisher 10 writes the certificate with the signature generated as described above and the public key as data in the blank medium M (ST5). The medium on which the signed certificate and the public key are written in this way is loaded into the CD / DVD playback unit 147 of the administrator terminal device 20 by the administrator, and the written public key is read out. It is stored as one of the public key groups (ST6).

  Next, when the input unit 145 of the administrator terminal device 20 is operated to access the CD / DVD publisher 10 via the network 60, the CD / DVD publisher 10 receives the signature generated in ST4. The certificate is transmitted to the manager terminal device 20. The administrator terminal device 20 extracts the signature from the received certificate with the signature, and decrypts the signature using the public key read in ST6. In addition, the manager terminal device 20 performs processing using a hash function on the received certificate to generate a message digest, and compares the message with the decrypted signature. If they match, it can be proved that the data is encrypted with the private key corresponding to the public key whose validity is guaranteed, so it is determined that the authentication of the CD / DVD publisher 10 is successful (ST7). ).

  Thereafter, communication based on SSL (Secure Socket Layer) is established between the CD / DVD publisher 10 and the administrator terminal device 20, and information can be safely exchanged between them. become. In such a state, the administrator operates the administrator terminal device 20 to create an account for each user with respect to the CD / DVD publisher 10, and to the CD / DVD publisher 10 with respect to other users. Enable access to.

  Next, the administrator distributes the medium M in which the public key is written to other users, and causes the user terminal devices 30 to 50 to read the public key. As a result, similarly to the case of the administrator terminal device 20, the user terminal devices 30 to 50 can establish SSL communication and can safely exchange information.

  Thus, in the first embodiment of the present invention, the CD / DVD publisher 10 issues a certificate and signs it, and writes the public key related to the signature in the medium M. The public key written in the medium M is read into the manager terminal device 20 and the user terminal devices 30 to 50. As a result, the CD / DVD publisher 10 can establish communication by SSL and can perform communication safely. That is, the CD / DVD publisher 10 can ensure validity on the network 60 by issuing a certificate and self-signing it.

(C) Details of the operation of the first embodiment

  Next, a detailed operation of the first embodiment will be described with reference to FIG.

  First, the administrator connects the CD / DVD publisher 10 to the network 60. That is, for example, the communication unit 104 and the network 60 are connected by a LAN cable or the like.

  Subsequently, the administrator operates the input unit 110 to perform settings related to the network (S10). For example, the administrator sets an IP address, a subnet mask, and the like by operating a numeric keypad (not shown) provided in the input unit 110. As a result, information input from the input unit 110 is supplied to the communication setting unit 127 via the control unit 129, and the IP address and subnet mask of the communication unit 104 are set. These pieces of information may be automatically set by DHCP (Dynamic Host Configuration Protocol).

  When the administrator operates the input unit 110 to perform a predetermined operation, the CD / DVD publisher 10 issues a certificate (S11). For example, when the administrator inputs a password for the administrator, the certificate management unit 126 of the CD / DVD publisher 10 is, for example, the X.X defined by ITU-T (International Telecommunication Union-Telecommunication Standardization Department). A certificate based on the 509 standard is issued. More specifically, the certificate management unit 126 issues a certificate having version information, serial number, signature algorithm information, issuing certificate authority name, expiration date, issuer name, and public key information. The certificate issued in this way is stored as a certificate 122 in the certificate storage unit 121. Further, the certificate management unit 126 generates a set of public key and private key based on, for example, information (for example, a password) or a random number input from the administrator. An RSA (Rivest Shamir Adleman) can be used as an algorithm for generating a public key and a secret key. The public key and private key generated in this way are stored in the certificate storage unit 121 as a public key 124 and a private key 125.

  Subsequently, the certificate management unit 126 performs processing by a hash function on the certificate 122 to generate a message digest, encrypts the obtained message digest with the private key 125, and obtains a signature. The signature obtained in this way is stored in the certificate storage unit 121 together with the certificate 122 as a signature 123.

  When the certificate issuance is completed, the CD / DVD publisher 10 stores the certificate 122, the signature 123, and the public key 124 in the medium M (S12). That is, the certificate management unit 126 of the CD / DVD publisher 10 reads the issued certificate 122, signature 123, and public key 124 from the certificate storage unit 121 and passes them to the control unit 129. The control unit 129 passes these data to the writing control unit 128 and controls the transport mechanism 108 to take out one blank medium M from the stocker 109 and mount it on the CD / DVD writing unit 107. As a result, the CD / DVD writing unit 107 writes these data supplied from the control unit 129 to the blank medium M.

  As described above, the medium M in which the certificate 122, the signature 123, and the public key 124 are stored is stored in the CD / DVD publisher 10 when the administrator performs a predetermined operation on the input unit 110, for example. Can be taken out from the media outlet 15. That is, when a predetermined operation is performed on the input unit 110, the control unit 129 sends a predetermined control signal to the discharge mechanism 106. The discharge mechanism 106 removes the medium M attached to the CD / DVD writing unit 107 based on the control signal sent from the control unit 129 and discharges the medium M from the medium discharge port 15 to the outside. Thereby, the administrator can obtain the medium M in which the above-described information is written. Note that when removing the medium M, for example, an administrator password may be required. As a result, it is possible to prevent the medium M storing information such as a certificate from being obtained by anyone other than the administrator.

  Next, the administrator attaches the medium M storing the certificate 122, the signature 123, and the public key 124 to the CD / DVD playback unit 147 of the administrator terminal device 20 and operates the input unit 145. Thus, the public key 124 is read (S13). The public key 124 read in this way is stored in the storage unit 151 as one of the public key group 153. Depending on the type of the browser program 152, not only the public key 124 but also the certificate 122 and the signature 123 may be read together.

  When the reading of the public key 124 is completed, the administrator operates the input unit 145 of the administrator terminal device 20 to start the browser program 152, and the IP address of the CD / DVD publisher 10 for the started browser. (IP address set in S10) is input to access the CD / DVD publisher 10 (S14). As a result, the communication unit 146 accesses the communication unit 104 of the CD / DVD publisher 10 via the network 60.

  The control unit 129 of the CD / DVD publisher 10 that has received access from the administrator terminal device 20 requests the certificate management unit 126 to obtain the certificate 122 with the signature 123, and the obtained signature. The certificate 122 with 123 is sent to the manager terminal device 20 via the communication unit 104 (S15). As a result, the manager terminal device 20 acquires the certificate 122 with the signature 123.

  The administrator terminal device 20 that has received the certificate 122 with the signature 123 executes an authentication process (S16). That is, the control unit 155 extracts the signature 123 and decrypts it with the public key 124 read in S13. In addition, the manager terminal device 20 performs processing using a hash function on the received certificate 122 to generate a message digest, and compares it with the decrypted signature. If they match, it can be proved that the data is encrypted with the private key 125 corresponding to the public key 124 stored in the medium M and guaranteed to be valid, so that the CD / DVD publisher 10 It is determined that the authentication is successful.

  Next, the browser program 152 of the administrator terminal device 20 generates a secret key for common key encryption (hereinafter referred to as “session secret key”) used for communication in this session, and encrypts it with the public key 124. To send. The CD / DVD publisher 10 decrypts the received session secret key (encrypted) with the public key 124 to obtain a session secret key. As a result, both the CD / DVD publisher 10 and the administrator terminal device 20 have a secret key, and thereafter, both encrypt and transmit information using the secret key (SSL communication). Thus, secure communication is possible (S17).

  When a secure communication path can be secured, the communication unit 104 of the CD / DVD publisher 10 transmits information for displaying an authentication screen to the manager terminal device 20. As a result, an authentication screen is displayed on the display unit of the display device 148 of the manager terminal device 20. The administrator inputs the administrator password and ID on the authentication screen. As a result, an authentication process is executed (S18), and if the authentication is successful, access is formally accepted. At this time, since the communication by SSL is executed between the CD / DVD publisher 10 and the administrator terminal device 20, the password and ID for the administrator are not stolen or falsified.

  If the authentication is successful, the administrator operates the input unit 145 of the administrator terminal device 20 to create an account for each user who is permitted to use the CD / DVD publisher 10 for the CD / DVD publisher 10. Instruct (S19). Specifically, the ID (Identification) and password of each user who is permitted to use the CD / DVD publisher 10 are set (S20). The ID and password set in this way are stored in the ROM 101. As described above, since the ROM 101 is composed of an EEPROM, the stored information can be retained even after the power is turned off. At this time, since the communication by SSL is executed between the CD / DVD publisher 10 and the administrator terminal device 20, the user's password and ID are not stolen or falsified.

  When the account setting is completed, the administrator circulates the medium M in which the certificate 122 and the like are stored to the user who is permitted to use the CD / DVD publisher 10, and uses the public key 124 for each user terminal device. (S21). For example, when the use of the CD / DVD publisher 10 is permitted only to the user who uses the user terminal devices 30 and 40, the medium M is provided to the user who uses the user terminal devices 30 and 40. Circulate, and the public key 124 is taken into the user terminal devices 30 and 40, respectively, by the same procedure as in S13. As a result, the public key 124 is included in the public key group of the storage unit (not shown) of the user terminal devices 30 and 40. Hereinafter, the user terminal device 30 will be described as an example.

  The user who has taken in the public key 124 operates the input unit of the user terminal device 30 to access the CD / DVD publisher 10 (S22). The control unit 129 of the CD / DVD publisher 10 that has received access from the user terminal device 30 acquires the certificate 122 and the signature 123 from the certificate storage unit 121 via the certificate management unit 126, and the user terminal device 30 (S23).

  The user terminal device 30 that has received the certificate 122 with the signature 123 executes an authentication process (S24). That is, the user terminal device 30 extracts the signature 123 and decrypts it with the public key 124 read in S21. In addition, the user terminal device 30 performs processing by a hash function on the received certificate 122 to generate a message digest, and compares the message with the decrypted signature. If they match, it can be proved that the data is encrypted with the private key 125 corresponding to the public key 124 stored in the medium M and guaranteed to be valid, so that the CD / DVD publisher 10 It is determined that the authentication is successful.

  Next, the browser program of the user terminal device 30 generates a secret key for common key encryption (hereinafter referred to as “session secret key”) used for communication in this session, and encrypts and transmits it with the public key 124. To do. The CD / DVD publisher 10 decrypts the received session secret key (encrypted) with the secret key 125 to obtain a session secret key. As a result, both the CD / DVD publisher 10 and the user terminal device 30 have a secret key, and thereafter, both parties encrypt and transmit information (SSL communication) using the secret key. Safe communication becomes possible (S25).

  When the secure communication path is established, the CD / DVD publisher 10 transmits information for displaying the authentication screen to the user terminal device 30 and displays the authentication screen on the display unit (not shown) of the display device. Let The user inputs the ID and password set in the processes of S19 and S20 on the authentication screen. As a result, an authentication process is executed (S26), and if the authentication is successful, access is formally permitted. At this time, since the communication path by SSL is established, the input ID and password are not stolen.

  When access is permitted in this way, the user terminal device 30 uses, for example, information stored in an HDD (not shown) of the user terminal device 30 to transmit the information to the CD / DVD via the secure communication path. It can be sent to the publisher 10 and recorded on a blank medium M. The recorded medium M may be ejected only when the user's own ID and password are input from the input unit 110 of the CD / DVD publisher 10. According to such a configuration, it is possible to prevent the medium M on which information is written from being obtained by a third party.

  As described above, according to the first embodiment of the present invention, the CD / DVD publisher 10 issues a certificate and performs SSL communication based on the certificate. It is possible to prevent the data transmitted to the DVD publisher 10 from being stolen and falsified, and to prevent other network devices from impersonating the CD / DVD publisher 10 and data being stolen or tampered with.

  In the first embodiment of the present invention, the public key 124 (and the certificate 122 with the signature 123) generated by the CD / DVD publisher 10 is written to the medium M, and the medium M is distributed (or circulated). Thus, the public key 124 or the like is read into a terminal device that permits use. As a result, it is possible to prevent the certificate 122 with the public key 124 and the signature 123 from being stolen in the middle of the route as in the case of distribution via the network 60.

  In the first embodiment of the present invention, the CD / DVD publisher 10 generates a public key 124 and a private key 125, and signs the certificate 122 based on the public key 124 and the private key 125. Read to the terminal device. In general, when a public key corresponding to a network device to be accessed is stored in the terminal device, the browser program does not display a warning regarding security because the validity can be guaranteed. Therefore, the user can use the CD / DVD publisher 10 with peace of mind without seeing a warning display regarding security. Further, in many cases, a certificate is signed by a certificate authority that is a third-party organization, but since these certificate authorities are private organizations, it is generally necessary to pay for the signature. However, in the embodiment of the present invention, since the CD / DVD publisher 10 signs by itself, these costs can be reduced and the cost can be reduced.

(D) Configuration example of the second embodiment

  Next, a second embodiment will be described. The configuration of the second embodiment is substantially the same as that of FIG. 1, but the type of certificate and signature stored in the CD / DVD publisher 10 is different from that of the first embodiment, and management is performed. The difference is that a public key (public key B, which will be described later) corresponding to the certificate authority in the organization is stored in the public key groups of the storage units of the user terminal device 20 and the user terminal devices 30 to 50. Other than that, it is substantially the same as the case of the first embodiment.

(E) Outline of operation of the second embodiment

  In the first embodiment, the CD / DVD publisher 10 issues a certificate and signs it, and the signed public key is recorded on the medium M and circulated to each user. However, in the case of such an embodiment, when the number of users is large, public key fetching operations are generated by the number of users, which is not efficient.

  Generally, in an organization having a plurality of users, a private certificate authority is arranged and a certificate is often issued by the certificate authority. The public key of the certificate authority is installed in advance on the user terminal in such an organization. Therefore, in the second embodiment, the certificate issued by the CD / DVD publisher 10 is signed with the public key of the certificate authority. When SSL communication is performed, authentication processing is executed using the public key of the certificate authority. Thereby, the trouble of taking the public key into the terminal device of each user can be omitted.

  9 and 10 are diagrams for explaining the outline of the operation of the second embodiment. In the following, description will be given with an emphasis on parts different from the first embodiment shown in FIG.

  In the second embodiment, when the CD / DVD publisher 10 is connected to the network 60 and, for example, an IP address is set, the CD / DVD publisher 10 issues a certificate (ST20). This certificate is the same as that in the first embodiment. Note that a certificate may be issued when a predetermined instruction is given from the administrator to the input unit 110.

  Next, the CD / DVD publisher 10 that has issued the certificate performs a process using a hash function on the certificate to create a message digest (ST21). The message digest is the same as that in the first embodiment.

  The CD / DVD publisher 10 that created the message digest then generates a public key A and private key A pair. Then, the CD / DVD publisher 10 encrypts the previously generated message digest with the private key A, creates a signature A (ST22), and attaches it to the previously generated certificate (ST23).

  The CD / DVD publisher 10 writes the certificate with the signature A generated as described above and the public key A as data on the blank medium M (ST24). The medium M in which the certificate with the signature A and the public key A are written in this way is attached to the CD / DVD playback unit 147 of the administrator terminal device 20 by the administrator, and the written public key A and The certificate with signature A is read and stored (ST25).

  Next, the administrator generates a message digest by applying a hash function to the certificate imported to the administrator terminal device 20 in ST25 (ST26 in FIG. 10). Subsequently, the administrator encrypts the message digest with the secret key B managed by the certificate authority in the organization with respect to the message digest generated in ST26, and generates a signature B (ST27). Then, the administrator attaches the generated signature B to the certificate, and generates a certificate with the signature B (ST28). Note that a part of the certificate may be rewritten as necessary, or a new certificate may be issued and the certificate may be signed with the private key B.

  Subsequently, the administrator operates the input unit 145 of the administrator terminal device 20 to activate the browser program 152 and access the CD / DVD publisher 10. The CD / DVD publisher 10 that has received access from the administrator terminal device 20 transmits the certificate with signature A generated in ST23 to the administrator terminal device 20. The administrator terminal device 20 generates a message digest by applying a hash function to the received certificate, and decrypts the signature A using the public key A captured in ST25. Then, an authentication process is executed by determining whether or not they match (ST29). If the authentication is successful, SSL communication is established between the CD / DVD publisher 10 and the administrator terminal device 20 (ST30).

  When the SSL communication is established, the administrator operates the input unit 145 to transmit the certificate with the signature B generated in ST28 to the CD / DVD publisher 10 and store it in the CD / DVD publisher 10. Replaced with the certificate with signature A that has been made (ST31). Since this operation is executed after the SSL communication is established, the operation can be performed safely.

  After the certificate with the signature B is placed in the CD / DVD publisher 10 in this way, for example, when the administrator terminal device 20 accesses the CD / DVD publisher 10, the CD / DVD publisher 10 The certificate with the signature B stored in the certificate storage unit 121 (the certificate with the signature replaced in ST31) is transmitted to the administrator terminal device 20. Since the public key B corresponding to the secret key B is stored in advance in the administrator terminal device 20 as a public key in the organization, these devices can execute an authentication process using the public key B (ST32). ). If the authentication is successful, SSL communication is established between these devices and the CD / DVD publisher 10 (ST33).

  Subsequently, the administrator creates a user account with respect to the CD / DVD publisher 10 and notifies each user of the created account. When each user accesses the CD / DVD publisher 10 by operating his / her user terminal device, a certificate with a signature B is transmitted from the CD / DVD publisher 10, but the public key B is preliminarily stored in the user terminal. Since it is stored in the apparatus, when the authentication process is executed and the authentication process is successful, SSL communication can be established and secure communication can be performed.

  According to the above process, each user is signed by signing with a secret key (secret key B) issued by a certificate authority in the organization and authenticating with a public key (public key B) distributed in advance to the user. Need not install a public key from the media M.

(F) Details of the operation of the second embodiment

  Next, detailed operation of the second exemplary embodiment of the present invention will be described with reference to FIG. In the following, description will be given with emphasis on the parts different from the first embodiment.

  The procedure for the administrator to connect the CD / DVD publisher 10 to the network 60 and make settings related to the network (S40) is the same as in the case of the first embodiment.

  Next, when the administrator operates the input unit 110 to perform a predetermined operation, the CD / DVD publisher 10 issues a certificate. The details of the certificate are the same as those in the first embodiment. The certificate issued in this way is stored as a certificate 122 in the certificate storage unit 121. Further, the certificate management unit 126 generates a set of public key A and private key A based on, for example, information (for example, a password) or a random number input from the administrator. Subsequently, the certificate management unit 126 performs processing by a hash function on the certificate 122 to generate a message digest, encrypts the obtained message digest with the private key A, and obtains a signature A. . The signature A obtained in this way is combined with a certificate to become a certificate with a signature A (hereinafter simply referred to as “certificate A”) (S41).

  When the issue of the certificate A is completed, the CD / DVD publisher 10 stores the certificate A and the public key A in the medium M (S42). Note that the writing procedure is the same as that in the first embodiment.

  As described above, the medium M in which the certificate A and the public key A are stored is stored in the medium outlet 15 of the CD / DVD publisher 10 by the administrator performing a predetermined operation on the input unit 110, for example. Can be taken out from. The procedure for taking out is the same as that in the first embodiment. Further, when the medium M is taken out, it is necessary to input the administrator password as in the case of the first embodiment.

  Next, the administrator loads the medium M storing the certificate A and the public key A into the CD / DVD playback unit 147 and operates the input unit 145 to capture the public key A and the certificate A ( S43).

  When the reading of the public key A and the certificate A is completed, the administrator signs the certificate part of the certificate A with a certificate authority (CA). That is, the administrator generates a message digest by applying a hash function to the certificate imported to the administrator terminal device 20 in S43. Next, the administrator encrypts the message digest with the secret key B managed by the intra-organization certificate authority for the generated message digest, and generates the signature B. Then, the administrator attaches the generated signature B to the certificate, and generates a certificate with the signature B (hereinafter simply referred to as “certificate B”). As described above, a part of the certificate may be rewritten as necessary, or a new certificate may be issued and the certificate may be signed with the private key B. Good.

  Next, the administrator operates the input unit 145 of the administrator terminal device 20 to activate the browser program 152, and the IP address of the CD / DVD publisher 10 (the IP set in S40) with respect to the activated browser. Address) is entered to access the CD / DVD publisher 10 (S45).

  The CD / DVD publisher 10 that has received access from the administrator terminal device 20 transmits the certificate A to the administrator terminal device 20 (S46). Since the public key A is captured in S43, the administrator terminal device 20 performs the authentication process by decrypting the signature A using the public key A and comparing it with the message digest (S47). If the authentication process is successful, SSL communication is established between the administrator terminal device 20 and the CD / DVD publisher 10 (S48).

  When the SSL communication is established, the CD / DVD publisher 10 transmits information for displaying the authentication screen to the manager terminal device 20 to display the authentication screen on the display device. When the administrator inputs the ID and password to the authentication screen, the authentication process is executed (S49), and when the authentication process is successful, the access is formally accepted.

  Subsequently, the administrator operates the input unit 145 of the administrator terminal device 20 to change the certificate A stored in the CD / DVD publisher 10 to the certificate B generated in S44 (the certificate with the signature B). (S50). At this time, since a secure communication path is secured between the CD / DVD publisher 10 and the manager terminal device 20, this process can be performed safely. When the certificate replacement is completed, the administrator cuts off the connection with the CD / DVD publisher 10.

  Next, when the administrator operates the input unit 145 of the administrator terminal device 20 to access the CD / DVD publisher 10 again (S51), the CD / DVD publisher 10 sends the certificate B (S52). . The administrator terminal device 20 that has received the certificate B executes authentication processing using the public key B of the organization's certificate authority that is stored in advance (S53). In other words, the signature B is decrypted with the public key B, and a message digest is generated by applying a hash function to the certificate part of the certificate B. If these match, it is determined that the authentication is successful. Then, SSL communication is established (S54).

  When the SSL communication is established, the CD / DVD publisher 10 transmits information for displaying the authentication screen to the manager terminal device 20 and displays the authentication screen on the display unit of the display device. When an administrator ID and password are entered on the authentication screen, an authentication process is executed (S55). If the authentication is successful, access from the administrator terminal device 20 is formally permitted. .

  Next, the administrator operates the input unit 145 of the administrator terminal device 20 to instruct the creation of a user account that permits the use of the CD / DVD publisher 10 (S56). As a result, a user account is created in the CD / DVD publisher 10 (S57).

  Subsequently, the administrator notifies each user of the account created in S57 (S58). Specifically, the ID and password of each user are notified using, for example, an encrypted mail. It is also possible to notify by writing or the like instead of e-mail.

  The user who has received the account notification (for example, the user of the user terminal device 30) operates the input unit of the user terminal device 30 to access the CD / DVD publisher 10 (S59). Then, the CD / DVD publisher 10 transmits the certificate B to the user terminal device 30 (S60). The user terminal device 30 authenticates the received certificate B using the public key B (installed in the user terminal device 30 in advance) used in the organization (S61). As a result, if the authentication is successful, SSL communication is established (S62). Subsequently, the CD / DVD publisher 10 transmits information for displaying the authentication screen to the user terminal device 30 to display the authentication screen on the display unit of the display device. When the user inputs the ID and password created in S56 and S57 on the authentication screen, authentication processing is executed (S63). If the authentication is successful, access to the CD / DVD publisher 10 is formally permitted, so that the user transmits information to the CD / DVD publisher 10 and information to the blank medium M. Can be written. For the medium M on which information is written, the security is improved by operating the input unit 110 of the CD / DVD publisher 10 and ejecting it only when the user's ID and password are input. it can.

  As described above, according to the second embodiment of the present invention, similarly to the first embodiment, the CD / DVD publisher 10 issues a certificate and SSL communication is performed based on the certificate. Therefore, the data transmitted to the CD / DVD publisher 10 is prevented from being stolen and altered, and other network devices are pretending to be the CD / DVD publisher 10 and the data is stolen or altered. Can be prevented.

  Further, in the second embodiment of the present invention, the public key A generated by the CD / DVD publisher 10 is written into the medium M and read into the manager terminal device 20. As a result, it is possible to prevent the public key and the certificate from being stolen in the middle of the route as compared with the case of acquiring via the network 60.

  In the second embodiment of the present invention, the certificate B signed by the certificate authority in the organization is created and replaced with the certificate A, so that each user uses the public key. The trouble of taking in can be saved. In addition, since the work is performed under the SSL communication established by the certificate A, the work can be performed safely.

  In the second embodiment of the present invention, since the certificate B signed by the certificate authority in the organization is used, as in the case of the first embodiment, the user is concerned with security. The CD / DVD publisher 10 can be used with peace of mind without seeing a warning display.

(G) Modified embodiment

  Each of the above embodiments is an example, and there are various other modified embodiments. For example, in the above embodiment, the CD / DVD publisher 10 has been described as an example of the network device. However, the present invention can connect information to a removable storage medium that can be connected to the network. Any device capable of recording can be applied. Examples of the detachable recording medium include a flash memory, a flexible disk, and an MO (magneto-optic) disk. Other than these may be used.

  In each of the above embodiments, it is assumed that devices connected to the network 60 communicate peer-to-peer. For example, a domain controller is provided in the network 60, and resources on the network are centralized by the domain controller. You may make it manage to. In such a case, the domain controller can centrally manage the access right (account) to the CD / DVD publisher 10, so the burden on the administrator can be reduced. It is also possible to give not only access rights but also different rights for each user. For example, a certain user is authorized to write information on the blank medium M, and another user writes information on the blank medium M and ejects the medium M on which the information is written. It is possible to give authority that can.

  Further, an access log for the CD / DVD publisher 10 may be generated for each user. According to such an embodiment, it is possible to know when, where, and what information has been written on the medium M by each user. Thereby, it is possible to prevent important information from being taken out of the organization carelessly. Further, if such an access log is generated and aggregated, for example, in units of individuals or in units of departments, it is possible to know the amount of media M used for each individual or for each department. Thereby, cost management can be performed.

  Further, in each of the above embodiments, the administrator terminal device 20 and the user terminal devices 30 to 50 receive only the public key of the certificate. However, not only the public key but also the certificate is included. You may make it take in. Specifically, depending on the type of browser program, a certificate is required, so it is possible to cope with such a case.

  Further, in each of the above embodiments, after the CD / DVD publisher 10 is connected to the network 60, a certificate is issued, recorded on the medium M, and taken into the manager terminal device 20. The CD / DVD publisher 10 may be connected to the network 60 when the public key has been taken into the manager terminal device 20. According to such a method, it is possible to shorten the time of connection to the network 60 when no account is created in the CD / DVD publisher 10 and to prevent unauthorized access to the CD / DVD publisher 10 by a third party. .

  Also, the number of certificate issuances (S11, S41) and certificate replacement (S50) in the first and second embodiments is set to a predetermined number (for example, once). You may make it restrict | limit. According to such a method, it is possible to prevent a certificate from being illegally generated or replaced by a third party after the processing of FIG. 8 or FIG. 11 is normally performed.

  The above processing functions can be realized by a computer. In that case, a program describing the processing contents of the functions that the network device should have is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Examples of the optical disk include a DVD (Digital Versatile Disk), a DVD-RAM (Random Access Memory), a CD-ROM (Compact Disk Read Only Memory), and a CD-R (Recordable) / RW (ReWritable). Magneto-optical recording media include MO (Magneto-Optical disk).

  When distributing the program, for example, portable recording media such as a DVD and a CD-ROM on which the program is recorded are sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. In addition, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

1 is a system configuration example including a network device according to an embodiment of the present invention. FIG. 2 is an external view of the CD / DVD publisher shown in FIG. 1. It is an example of an electrical configuration of the CD / DVD publisher shown in FIG. It is an electrical structural example of the terminal device for managers shown in FIG. It is a functional block of the CD / DVD publisher shown in FIG. It is a functional block of the terminal device for managers shown in FIG. It is a figure explaining the outline of operation | movement of the 1st Embodiment of this invention. It is a figure explaining the detail of operation | movement of the 1st Embodiment of this invention. It is a figure explaining the outline of operation | movement of the 2nd Embodiment of this invention. It is a figure explaining the outline of operation | movement of the 2nd Embodiment of this invention. It is a figure explaining the detail of operation | movement of the 2nd Embodiment of this invention.

Explanation of symbols

  M media (optical disc), 104 communication unit (transmission unit, encrypted communication unit), 106 discharge mechanism (discharge unit), 108 transfer mechanism (transfer unit), 109 stocker (storage unit), 110 input unit, 121 certificate storage Part (storage means), 126 certificate management part (generation means, signature means, generation means), 128 write control part (write means), 129 control part (authentication means, replacement means)

Claims (10)

Generating means for generating a certificate;
A signing means for signing the certificate generated by the generating means with a predetermined private key;
Storage means for storing the certificate signed by the signing means;
Writing means for writing at least a public key corresponding to the predetermined secret key to a storage medium removable from the apparatus;
When the network device is accessed from another network device via a network, a transmission for transmitting the certificate with the signature stored in the storage means to the other network device. Means,
A network device characterized by comprising: Further comprising generating means for generating the secret key and a public key paired therewith,
The signing means signs the certificate with the private key generated by the generating means,
The writing means writes the public key generated by the generating means to at least the removable storage medium;
The network device according to claim 1, wherein: Encrypted communication means for performing encrypted communication with the other network device based on the certificate,
The network device according to claim 1, wherein the writing unit writes the information received via the encrypted communication unit to the removable storage medium.   The network device according to claim 1, wherein the writing unit stores the certificate with the signature on the removable storage medium together with the public key.   The network device according to claim 1, wherein the generation unit generates the certificate when a predetermined operation is performed on the input unit. The removable storage medium is an optical disk,
Storage means for storing a plurality of the optical discs;
A transport unit that takes out and transports the optical disks stored in the storage unit one by one, and places the optical discs on the writing unit;
The writing means writes at least the public key to the optical disc;
The network device according to claim 1, wherein: Ejecting means for ejecting the optical disc written by the writing means;
An authentication means for performing user authentication,
7. The network device according to claim 6, wherein the ejecting unit ejects the written optical disc when there is an instruction from a predetermined user who has been successfully authenticated by the authenticating unit. Encrypted communication means for performing encrypted communication with the other network device based on the certificate;
When a new certificate is transmitted from the other network device via the encrypted communication unit, a replacement unit that replaces the certificate stored in the storage unit with the new certificate When,
The network device according to claim 1, further comprising: Generate a certificate,
Sign the generated certificate with the specified private key,
Store the signed certificate,
Write at least a public key corresponding to the predetermined secret key to a storage medium detachable from the apparatus,
When the network device is accessed from another network device via a network, the stored certificate with the signature is transmitted to the other network device.
A control method for a network device. Generating means for generating a certificate;
Signing means for signing a certificate generated by the generating means with a predetermined private key;
Storage means for storing the certificate signed by the signing means;
Writing means for writing a public key corresponding to at least the predetermined secret key to a storage medium detachable from the apparatus;
When the network device is accessed from another network device via a network, a transmission for transmitting the certificate with the signature stored in the storage means to the other network device. means,
A computer-readable network device control program for causing a computer to function as a computer program.

Images