JP2009217722A - Authentication processing system, authentication device, management device, authentication processing method, authentication processing program and management processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To more efficiently and economically prevent a network from being illegally used. <P>SOLUTION: A primary authentication device uses a public key certificate included in information for subscriber authentication received from a terminal device to verify digital signature data (response data) included in the information for subscriber authentication and transmits a connection permission request to a permission-state management device. When the permission-state management device receives the connection permission request from the primary authentication device, the permission-state management device confirms whether a subscriber ID included in a primary authentication result received together with the connection permission request is included in managed subscriber IDs, updates the connection state corresponding to a confirmed subscriber ID to "ON" and updates connection destination information corresponding to the subscriber ID with connection destination information received together with the connection permission request corresponding to the subscriber ID. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention includes an authentication device that authenticates a service subscriber using a service requesting terminal device and provides a service, and a management device that manages a service usage state of the service subscriber. It relates to a processing system.

  Network connection service that provides the terminal with connectivity to the communication network, and various services such as electronic commerce or VoIP (Voice over Internet Protocol) provided to the terminal through the communication network (hereinafter referred to as “higher level service” as appropriate) In other words, unauthorized use of these services by a person who does not have usage rights is a great threat.

  In view of these threats, when a terminal is connected to a network or when accessing a higher-level service, the terminal user is identified and strongly authenticated to determine whether it is a legitimate subscriber or which subscriber. It is necessary to check strictly.

  For example, an EAP (Extensible Authentication Protocol) method is conventionally known as a terminal user authentication method at the time of network connection, and a TLS (Transport Layer Security) method is conventionally known as an authentication method at the time of access to a higher level service.

  In the EAP method (for example, Non-Patent Document 1), an authentication server is arranged after the terminal connection device, and authentication such as RADIUS (Remote Authentication Dial-in User Service) is used in communication between the terminal connection device and the authentication server. A protocol is used. Hereinafter, an authentication method using the EAP method will be briefly described.

  When receiving the connection request from the terminal, the terminal connection device requests authentication of the terminal from the authentication server. Thereafter, the terminal is authenticated according to an authentication procedure called an EAP method executed between the authentication server and the terminal. The terminal connection device relays an authentication procedure exchanged between the authentication server and the terminal. The terminal connection device provides or rejects network connectivity to the terminal according to the authentication result of the terminal notified from the authentication server.

  The EAP method is adopted in various network connection methods as a general-purpose authentication method. For example, in the wireless connection system defined in “IEEE 802.11”, “IEEE.802.11i” (for example, Non-Patent Document 3, “5.4.3.1 Authentication”, “5.9 IEEE 802.11”, which is a specification for strengthening security, is used. and IEEE 802.1X ”), and its usage is specified.

  As an EAP method, EAP-TLS (see, for example, Non-Patent Document 2) that realizes TLS described later on the EAP protocol is widely used as a method for realizing strong authentication of terminal users.

  The TLS method (see, for example, Non-Patent Document 4) is an upper layer in the transport layer in order to provide security such as confidentiality for protocols used for providing higher services such as HTTP (Hyper Text Transfer Protocol). Widely used as a protocol.

  This TLS system employs a strong challenge-and-response mechanism based on public key cryptography in server authentication and client authentication. Furthermore, since the public key certificate of the terminal user is used to verify the response (including the procedure for sending the public key certificate from the terminal), other public key bases or public keys that do not use public key certificates Unlike the base authentication method, there is an advantage that information for response verification need not be managed by the authentication side device for each terminal user to be authenticated.

  By the way, not only unauthorized use of network connection services and higher-level services but also unauthorized multiple use of services (using multiple services in parallel with the same subscriber account) Is a big threat. For example, this threat is an urgent problem in a network connection service having a large number of terminal connection devices (for example, a connection service to a wide area communication network having a large number of access points) and a host service having a large number of servers.

  In view of such threats, the service usage status of service subscribers, in other words, the presence or absence of connection to a communication network or a higher level service, or a connection destination (for example, a terminal connection device such as a wireless access point or IPsec-GW, a higher level service) It is necessary to centrally manage the connection state indicated by the server device that provides the service, and to prevent the simultaneous use of multiple services in parallel by the same subscriber (same subscriber account).

  For example, as a method of realizing strong authentication of terminal users and centralized management of connection status using the above-described conventional technology for the network connection service, the following can be considered.

  In other words, user authentication of connection request terminals in a plurality of terminal connection devices is configured to be authenticated by a common authentication server, and information and authentication results related to the terminal connection devices connected to the terminals are recorded and managed by the authentication server. To do.

  By doing in this way, while authenticating a terminal user strongly by EAP-TLS etc., it is possible to grasp | ascertain the connection state of each terminal immediately from the authentication result, and to manage it centrally.

  Further, by applying the above-described method for access to the host service, it is possible to realize strong authentication of terminal users and unified management of connection status. That is, for example, connection requests to a plurality of higher-level service servers may be authenticated by a common authentication server, and the results recorded and managed.

RFC 3748: “Extensible Authentication Protocol (EAP)”, 2004 RFC 2716: “Extensible Authentication Protocol (EAP)”, 2004 IEEE 802 11i: “Local and metropolitan area networks, Specific requirements Part11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, Amendment 6: Medium Access Control (MAC) Security Enhancements”, IEEE Computer Society, 2004 RFC 4336: “The Transport Layer Security (TLS) Protocol Version 1.1”, 2006

  However, when strong authentication of terminal users and unified management of connection states are realized by the above-described conventional technology, there are the following problems.

  For example, when the authentication procedure using the above-described conventional technique is performed, it is necessary to exchange messages between the authentication target (for example, the terminal) and the authentication subject (for example, the authentication server) several times. Become. When the EAP method is adopted, message exchange is required at least twice. When the EAP-TLS using the TLS method is adopted, as described above, the public key certificate necessary for response verification is provided. Since the authentication object and the authentication subject are exchanged, more messages need to be exchanged and the data size is larger than when the EAP method is adopted.

  As described above, when the strong authentication of the terminal user and the unified management of the connection state are realized by the above-described conventional technology, the terminal connection device and the authentication server exchange the authentication for the terminal user. Since the number of round-trips of the received message and its data size increase, the processing time required for authentication of the terminal user increases, and the convenience of the terminal user is impaired.

  In addition, in an apparatus that relays an authentication procedure, such as the terminal connection apparatus described above, it is necessary to improve the apparatus performance in order to realize the status management of the authentication procedure, which increases the amount of investment in network equipment. There was a problem.

  In particular, in a wide area network connection service in which terminal connection devices are distributed over a wide range, the network delay between the terminal connection device and the authentication server is reasonably large, but between the terminal connection device and the authentication server. If the number of message round-trips increases, it will directly affect the increase in processing time required for terminal user authentication and the increase in investment required to improve the performance of terminal connection devices. It becomes a problem.

  Similarly, in the case of a so-called roaming connection that allows a subscriber to receive services from a provider different from the operator with whom the subscriber has a direct contract, based on an agreement concluded between the network operators. Because the network delay between the terminal connection device and the authentication server is reasonably large due to the communication between the terminal connection device and the authentication server going through the operator, the connection between the terminal connection device and the authentication server The increase in the number of message round trips becomes a fatal problem.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an authentication processing system, authentication device, and management device that can prevent unauthorized use of a network more efficiently and economically An object of the present invention is to provide an authentication processing method, an authentication processing program, and a management processing program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 is directed to an authentication device that provides a service by performing authentication related to service use in response to a service request from a terminal device, and a service of a service subscriber And an authentication processing system configured to include a management device for managing a usage state, wherein the authentication device is signed with a secret key held by the service subscriber as information for certifying the identity of the service subscriber. Authentication response data receiving means for receiving the authentication response data including the signature data and the public key certificate corresponding to the private key from the terminal device of the service request source, and the authentication response data received by the authentication response data receiving means Signature data verification means for verifying signature data also included in the authentication response data using the public key certificate included in the authentication response data, and the signature data If the signature data is successfully verified by the data verification means, a subscriber identifier for identifying the service subscriber that is the service request source, and a connection for which connection is requested by the service subscriber to receive provision of the service Along with the connection destination information indicating the destination, a permission inquiry transmission unit that transmits an inquiry about the availability of service to the management device, and a response to the inquiry transmitted by the availability inquiry transmission unit, from the management device And a service providing means for providing a service to the terminal device when receiving a permission notification to permit service provision, wherein the management device is a service subscriber capable of receiving the service provision. In association with a subscriber identifier for uniquely identifying the service subscriber, it is specified whether or not the service subscriber is using the service. A subscriber information management means for managing connection destination information indicating a connection destination to which a service subscriber requests connection in order to receive service provision; and an authentication device for inquiring about availability of service provision. Identifier confirmation means for confirming whether or not the subscriber identifier received together with the inquiry about whether or not to provide the service exists in the subscriber identifier managed by the subscriber information management means, If it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, the presence is present. Updating the connection state managed by the subscriber information management means in association with the confirmed subscriber identifier; Subscriber information update means for updating connection destination information managed by the subscriber information management means in association with a subscriber identifier whose existence has been confirmed in the connection destination information received together with the inquiry about the availability of service provision; When it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service exists in the subscriber identifier managed by the subscriber information management means, And a service provision permission notification transmitting means for transmitting a notification to permit the provision of the service to the authentication device.

  The invention according to claim 2 is an authentication device that provides a service by performing authentication related to service use in response to a service request from a terminal device, and includes a service as information for proving the identity of the service subscriber. Authentication response data receiving means for receiving, from the terminal device of the service request source, signature response data signed with a secret key held by the subscriber and a public key certificate corresponding to the secret key; and the authentication response Using the public key certificate included in the authentication response data received by the data receiving means, signature data verification means for verifying the signature data also included in the authentication response data, and for verifying the signature data by the signature data verification means If successful, the subscriber identifier for identifying the service subscriber that is the service request source and the provision of the service are received. Inquiries about whether or not to send a query about availability of service to a management device that manages the service usage status of the service subscriber, together with connection destination information indicating a connection destination to which a connection is requested by the service subscriber. A service provision for providing a service to a terminal device when a permission notification indicating that a service provision is permitted is received from the management device as a response to the inquiry transmitted by the transmission unit and the availability inquiry transmission unit Means.

  The invention according to claim 3 is a management device for managing the service usage status of a service subscriber, and corresponds to a subscriber identifier for uniquely identifying a service subscriber who can receive service provision. In addition, connection destination information indicating a service usage state for specifying whether or not the service subscriber is using the service and a connection destination to which the service subscriber requests connection in order to receive the service provision is provided. Whether or not to provide a service when an inquiry about whether or not to provide a service is received from a subscriber information management means to be managed and an authentication apparatus that authenticates a service subscriber who uses the terminal device of the service request source and provides the service It is confirmed whether the subscriber identifier received together with the inquiry about the presence exists in the subscriber identifier managed by the subscriber information management means. And the identifier confirmation means confirming that the subscriber identifier received together with the inquiry about whether or not to provide the service is present in the subscriber identifier managed by the subscriber information management means. In the case, the connection status managed by the subscriber information management means is updated in association with the subscriber identifier whose existence is confirmed, and the connection destination information received together with the inquiry about availability of service provision is present. Subscriber information updating means for updating connection destination information managed by the subscriber information management means in association with the confirmed subscriber identifier, and the subscription received by the identifier confirmation means together with an inquiry regarding the availability of service provision. The subscriber identifier is present in the subscriber identifier managed by the subscriber information management means. If it is confirmed, it characterized in that and a service providing permission notice transmitting unit that transmits to the authentication device a notice that permits the provision of services.

  The invention according to claim 4 includes not only the subscriber identifier but also the signature data signed with the private key held by the service subscriber and the signature used to generate the signature data, as well as the inquiry about whether or not the service can be provided. Target data is further received from the authentication device, and the subscriber information management means stores not only the service usage status and the connection destination information but also the service subscriber in association with the subscriber identifier. The public key certificate corresponding to the private key to be managed is further managed, and the subscriber identifier received together with the inquiry about whether or not the service can be provided by the identifier confirmation unit is the subscriber identifier managed by the subscriber information management unit. In the public key certificate corresponding to the subscriber identifier received from the authentication device. Signature data received from the authentication device using the public key certificate acquired from the public key certificate managed by the entrance information management means and the signature target data received from the authentication device Signature data verification means for verifying, and when the subscriber data update means succeeds in verifying the signature data by the signature data verification means, update the connection status and the connection destination information, and The provision permission notification transmission unit transmits a notification to the effect that service provision is permitted to the authentication device when the signature data verification unit succeeds in verifying the signature data.

  Further, the invention according to claim 5 includes not only the subscriber identifier but also the signature data signed with the private key held by the service subscriber, the signature used for generating the signature data, together with the inquiry about whether or not the service can be provided. The target data and the public key certificate corresponding to the secret key are further received from the authentication device, and the subscriber identifier received from the authentication device together with the inquiry about whether or not the service can be provided by the identifier confirmation unit, When it is confirmed that it exists in the subscriber identifier managed by the subscriber information management means, the authentication device uses the public key certificate and the signature target data received from the authentication device. Signature data verification means for verifying the received signature data, and the subscriber information update means includes the signature data verification means. If the verification of the signature data is successful, the connection status and the connection destination information are updated, and the service provision permission notification transmission unit is successful in verifying the signature data by the signature data verification unit. A notification that the service provision is permitted is transmitted to the authentication device.

  Further, in the invention according to claim 6, the subscriber identifier received by the identifier confirmation unit together with the inquiry about the availability of service provision is present in the subscriber identifier managed by the subscriber information management unit. Is confirmed, a connection state confirmation unit for confirming a connection state managed by the subscriber information management unit in association with a subscriber identifier whose existence is confirmed, and a connection state by the connection state confirmation unit Is confirmed to be connected, the service is provided based on the connection destination information managed by the subscriber information management means in association with the subscriber identifier whose existence has been confirmed by the identifier confirmation means. Connection destination information verification means for verifying the connection destination information received together with the inquiry about whether or not the connection is possible, and the subscriber information update means If the connection destination information received together with the inquiry about whether or not the service can be provided by the destination information verification means has been successfully verified, the connection status and the connection destination information are updated, and the service provision permission notification transmission means When it is verified by the information verification means that the connection destination information matches each other, a notification that the provision of the service is permitted is transmitted to the authentication apparatus.

  The invention according to claim 7 further includes connection disconnection detecting means for detecting a terminal device whose connection has been changed to a disconnected state, wherein the subscriber information update means is connected to the disconnected state by the connection disconnection detecting means. The connection state managed by the subscriber information management means is updated during disconnection in association with the subscriber identifier of the service subscriber who uses the terminal device.

  The invention according to claim 8 includes an authentication device that provides a service by performing authentication related to service use in response to a service request from a terminal device, and a management device that manages a service usage state of a service subscriber. An authentication processing method executed by the configured authentication processing system, wherein the authentication device uses signature data signed with a secret key held by the service subscriber as information for proving the identity of the service subscriber; And an authentication response data reception step for receiving authentication response data including a public key certificate corresponding to the secret key from the terminal device that is the service request source, and an openness included in the authentication response data received by the authentication response data reception step A signature data verification step for verifying signature data included in the authentication response data using the key certificate, and the signature data When the signature data is successfully verified by the data verification step, the subscriber identifier for identifying the service subscriber that is the service request source, and the connection for which connection is requested by the service subscriber to receive the service provision As a response to the inquiry transmitted by the availability inquiry transmission step, the availability inquiry transmission step for transmitting the inquiry about availability of service to the management device together with the connection destination information indicating the destination, from the management device A service providing step of providing a service to the terminal device when receiving a permission notification to permit service provision, wherein the management device is capable of receiving the service provision The service subscriber is using the service in association with the subscriber identifier for uniquely identifying A service information state for identifying whether or not the service is available, a subscriber information management step for managing connection destination information indicating a connection destination to which the service subscriber requests connection in order to receive the service, and whether or not the service can be provided When the inquiry is received from the authentication device, it is confirmed whether or not the subscriber identifier received together with the inquiry about the availability of service exists in the subscriber identifier managed by the subscriber information management step. When the identifier confirmation step and the identifier confirmation step confirm that the subscriber identifier received together with the inquiry about whether or not to provide the service exists in the subscriber identifier managed by the subscriber information management step In the subscriber information management step in association with the subscriber identifier whose existence has been confirmed. The connection destination managed by the subscriber information management step in association with the subscriber identifier confirmed to exist in the connection destination information received together with the inquiry about availability of service provision while updating the managed connection state The subscriber identifier received together with the inquiry about whether or not the service can be provided by the subscriber information update step for updating information and the identifier confirmation step exists in the subscriber identifier managed by the subscriber information management step. A service provision permission notification transmitting step of transmitting to the authentication device a notification that the service provision is permitted.

  An invention according to claim 9 is an authentication processing program for causing a computer to execute a process of providing a service by performing authentication related to service use in response to a service request from a terminal device, and verifying the identity of the service subscriber Authentication response data for receiving, from the terminal device of the service request source, signature data signed with a private key held by the service subscriber and authentication response data including a public key certificate corresponding to the private key A signature data verification procedure for verifying signature data also included in the authentication response data, using a reception procedure, a public key certificate included in the authentication response data received by the authentication response data reception procedure, and the signature data verification To identify the service subscriber that is the service requester if the signature data is successfully verified by the procedure Management that manages the service usage status of service subscribers, as well as subscriber identifiers and connection destination information that indicates the connection destinations that are required to be connected by service subscribers in order to receive service provision In a case where a permission notification indicating that service provision is permitted is received from the management device as a response to the inquiry transmitted by the availability inquiry transmission procedure and the inquiry transmitted by the availability inquiry transmission procedure, the terminal device And a service providing procedure for providing a service to the computer.

  According to a tenth aspect of the present invention, there is provided a management processing program for causing a computer to execute a process for managing a service usage state of a service subscriber, and uniquely identifying a service subscriber who can receive a service provision. A service usage state for specifying whether or not the service subscriber is using the service, and a connection destination from which the service subscriber requests connection in order to receive the service. The subscriber information management procedure for storing and managing the connection destination information indicating the service information from the storage unit, and the authentication device that provides the service by authenticating the service subscriber using the terminal device of the service request source. When the inquiry about availability is received, the subscriber identifier received together with the inquiry about availability of service is the subscriber information manager. An identifier confirmation procedure for confirming whether or not the subscriber identifier is managed by the identifier confirmation procedure, and a subscriber identifier received together with an inquiry regarding availability of service provision by the identifier confirmation procedure. When it is confirmed that it exists in the subscriber identifier managed by the above, the connection state managed by the subscriber information management procedure is updated in association with the subscriber identifier whose existence is confirmed. And a subscriber information update procedure for updating the connection destination information managed by the subscriber information management procedure in association with the subscriber identifier whose existence is confirmed in the connection destination information received together with the inquiry about whether or not the service can be provided. And the subscriber identifier received together with the inquiry about the availability of service by the identifier confirmation procedure is the subscriber information. A service provision permission notification sending procedure for sending a notice to permit service provision to the authentication device when it is confirmed that the subscriber identifier is managed by the management procedure. It is made to perform.

  According to the present invention, it is possible to greatly reduce the number of times of communication between devices, compared to the case where service subscriber authentication and connection status recording and management are executed by a common server, which is more efficient and economical. In particular, unauthorized use of the network can be prevented.

  Further, according to the present invention, the authentication device is cracked and modified so that an incorrect connection permission request is transmitted to the management device, or the primary authentication device sends a connection permission request to the management device for a terminal device that is not actually connected. It is possible to prevent the situation of transmission.

  Furthermore, according to the present invention, it is possible to firmly eliminate unauthorized use of multiple services.

  Exemplary embodiments of an authentication processing system, an authentication device, a management device, an authentication processing method, an authentication processing program, and a management processing program according to the present invention will be described below in detail with reference to the accompanying drawings. In the following, after describing the first embodiment of the authentication processing system according to the present invention, other embodiments included in the present invention will be described.

  The primary authentication device appearing in the embodiment described below corresponds to the “authentication device” described in the claims, and the authorization / state management device is the “management device” described in the claims. Corresponding to

  The authentication processing system according to the first embodiment provides a service by performing authentication according to a service request from a terminal device, and manages a service usage state of the terminal device. The main feature is that unauthorized use of the network can be prevented more efficiently and economically by distributing the authentication function for authentication and the function for managing the service state of the terminal device. First, a basic concept for realizing the features of the authentication processing system according to the present invention will be described.

[Basic Concept of Authentication Processing System (Example 1)]
The basic concept of the authentication processing system according to the first embodiment will be described with reference to FIGS. 1 and 2. 1 and 2 are diagrams for explaining a basic concept of the authentication processing system according to the first embodiment.

  The authentication processing system according to the first embodiment is configured to include a terminal device, a primary authentication device, and an authorization / state management device, and the terminal device and the primary authentication device are connected to each other via a network so that they can communicate with each other. The primary authentication device and the authorization / state management device are connected to each other via a network so that they can communicate with each other.

  When the primary authentication device receives a connection request to the network or service from the terminal device, the primary authentication device confirms whether the user of the terminal device is an authorized service subscriber capable of connecting to the network or service. It is the apparatus which performs the subscriber authentication for.

  The primary authentication device succeeded in the subscriber authentication in the communication means for communicating with the terminal device and the authorization / state management device, the primary authentication means for performing subscriber authentication for the user of the terminal device, and the primary authentication means. In this case, it is provided with a connection permission / non-permission confirmation means for requesting the authorization / state management device to update the connection state when the connection is permitted and the connection is permitted.

  The authorization / state management device is a device that manages a service subscriber's service connection state and connection destination information (for example, attribute information of a terminal connection device that mutually connects the terminal device and the network) for the service subscriber.

  The authorization / state management device includes a communication means for communicating with the primary authentication device, an authorization means for determining whether connection is possible in response to a connection permission judgment request from the primary authentication device, and a service connection status of the service subscriber. Subscriber status management means for managing

  The terminal device includes a communication unit for communicating with the primary authentication device, and an authenticated unit that holds a secret key and a public key certificate used to prove the identity of the service user.

  And the authentication processing system which concerns on Example 1 implement | achieves operation | movement as demonstrated below by the terminal device mentioned above, a primary authentication apparatus, and an authorization and status management apparatus.

  That is, as shown in FIG. 2, when the primary authentication device receives a connection request from the terminal device (step S201), the primary authentication device sends an authentication request to the connection request source terminal device, that is, digital signature data (response data). Request transmission (step S202).

  When receiving the authentication request from the primary authentication device, the terminal device returns an authentication response to the primary authentication device (step S203). More specifically, the terminal device is for subscriber authentication including a digital signature data generated using a held private key and a public key certificate corresponding to the private key used to generate the digital signature data. Information is returned to the primary authentication device as an authentication response.

  When receiving the authentication response from the terminal device, the primary authentication device uses the public key certificate included in the subscriber authentication information received as the authentication response, and also uses the digital signature data (response data) included in the subscriber authentication information. ) Is verified (step S204). More specifically, the primary authentication device verifies the digital signature data (response data) using the public key certificate, and confirms whether or not the authentication response is received by the subscriber to which the public key certificate is given. To do.

  As a result of the verification, if it can be confirmed that the authentication response by the subscriber to whom the public key certificate has been given is confirmed, the primary authentication device is assumed to have succeeded in the primary authentication related to the subscriber of the terminal device, and is made public. Based on the holder information included in the key certificate, the subscriber ID for identifying the subscriber who uses the terminal device is specified (step S205).

  Then, the primary authentication apparatus transmits a connection permission request to the authorization / state management apparatus together with the primary authentication result (successful primary authentication) including the subscriber ID and connection destination information on the connection destination from which the terminal device requests connection. (Step S206).

  When the authorization / state management device receives the connection permission request from the primary authentication device, whether or not the subscriber ID included in the primary authentication result received together with the connection permission request exists in the managed subscriber ID. Is confirmed (step S207).

  As a result of confirmation, if the subscriber ID included in the primary authentication result is present in the managed subscriber ID, the authorization / state management device corresponds to the confirmed subscriber ID. The connection state to be updated is updated to “ON”, and the connection destination information corresponding to the subscriber ID is updated with the connection destination information received together with the connection permission request (step S208). Then, the authorization / state management device returns a connection permission notification to the primary authentication device (step S209).

  When receiving the connection permission notification from the authorization / state management device, the primary authentication device returns authentication success and the connection permission notification to the terminal device (step S210).

  In step S204 described above, if the primary authentication apparatus cannot confirm that the authentication response is certainly given by the subscriber to whom the public key certificate has been assigned, Assuming that the primary authentication has failed, an authentication failure and a connection rejection notification are returned to the terminal device.

  Further, in step S207 described above, the authorization / state management device, as a result of the confirmation, if the subscriber ID included in the primary authentication result does not exist in the managed subscriber ID, the connection rejection notification Is returned to the primary authentication device. When the primary authentication device receives a connection rejection notification from the authorization / state management device, the primary authentication device returns an authentication failure and a connection rejection notification to the terminal device.

  So far, the basic concept of the authentication processing system according to the first embodiment has been described. Therefore, following the description of the basic concept, authentication processing according to the first embodiment is performed for a network connection service in which communication with a terminal device is performed by wireless communication complying with the IEEE 802.11 specification and the terminal device is accommodated in a wide area IP network. A specific example when the basic concept of the system is applied will be described.

  In the following, as a specific example in which the basic concept of the authentication processing system according to the first embodiment is applied to a network connection service, the configuration and processing of the authentication processing system will be described in order, and finally the effects of the first embodiment will be described. To do.

[Configuration of Authentication Processing System (Example 1)]
Next, the configuration of the authentication processing system according to the first embodiment will be described with reference to FIGS. FIG. 3 is a system configuration diagram of the authentication processing system according to the first embodiment. FIG. 4 is a diagram illustrating a configuration example of the terminal device 100 according to the first embodiment. FIG. 5 is a diagram illustrating a configuration example of the communication control apparatus 300 according to the first embodiment. FIG. 6 is a diagram illustrating a configuration example of the communication control apparatus 400 according to the first embodiment.

  As shown in FIG. 3, the authentication processing system according to the first embodiment includes a terminal device 100, a terminal connection device 200, a communication control device 300 corresponding to the primary authentication device described in the basic concept, and the basic The communication control apparatus 400 corresponding to the authorization / state management apparatus described in the concept, the service providing apparatus 500, the first network, and the second network are configured.

  The first network is a so-called access network in which the terminal connection device 200 is arranged at the edge (extended portion), and is a communication network that is installed in each area (for example, in units of prefectures) that provides a network connection service. Yes, communication required for subscriber authentication of the terminal device 100 is enabled between the terminal connection device 200 and the communication control device 300.

  In addition, the first network is interconnected with the second network, and communication necessary for confirming whether or not the terminal device 100 can be connected between the communication control device 300 and the communication control device 400, The terminal device 100 and the service providing device 500 can perform communication necessary for service exchange.

  The second network is a so-called core network that is connected to a plurality of first networks and spans a wide area, and relays IP communication between terminal devices 100 accommodated in different first networks. In addition, the communication control device 400 and the service providing device 500 are accommodated, and the communication between the terminal device 100 and the service providing device 500 is enabled together with the interconnected first network.

  The above-described network configuration is an example, and is not limited to the case where the first network and the second network are configured, and the same number of the first network and the second network are configured. In such a case, the first network and the second network can be appropriately changed within a range that does not hinder the processing of the authentication processing system according to the first embodiment, for example, when the first network and the second network are substantially a single network.

  Subsequently, as illustrated in FIG. 4, the terminal device 100 is an information device having a function of performing wireless communication conforming to the IEEE 802.11 specification and IP communication in the higher order, and the first device 100 is connected via the terminal connection device 200. It is used for connecting to a network to acquire IP communication with the service providing apparatus 500 and for service subscribers to use various information services. As illustrated in FIG. 4, the terminal device 100 includes a communication unit 110 and an authenticated unit 120.

  The communication unit 110 has a function of performing wireless communication conforming to the IEEE 802.11 specification and IP communication at a higher level, and controls communication related to various information exchanged with the terminal connection device 200 and the service providing device 500. The wireless communication security function in the communication unit 110 is compliant with IEEE 802.11i, and supports EAP-TLS as an EAP method (authentication method), for example.

  The authenticated unit 120 is necessary for the user of the terminal device 100 to prove the identity as a subscriber of the network connection service in the subscriber authentication performed in accordance with EAP-TLS with the communication control device 300 described later. The public key certificate 122 and the private key 121 corresponding to the public key certificate are held. Also, digital signature data (response data) that responds to the communication control device 300 in subscriber authentication is generated using the secret key 121. The authenticated unit 120 and some of its functions may be mounted on another device (for example, an IC card, UICC, etc.) connected to the terminal device 100.

  The terminal connection device 200 is a device called a so-called wireless access point, and communicates with the terminal device 100 by wireless communication conforming to the IEEE 802.11 specification, and accommodates the terminal device 100 in the first network.

  The security function for wireless communication in the terminal connection device 200 conforms to IEEE 802.11i, and is set to use a communication control device 300 described later as a back-end authentication server that performs primary authentication of the terminal device 100.

  Note that the communication related to the primary authentication of the terminal device 100 executed between the terminal connection device 200 and the communication control device 300 described later is performed based on the RADIUS (Remote Authentication Dial-In User Service) protocol.

  The communication control device 300 is a general-purpose server device that operates as a back-end authentication server of the terminal connection device 200, and corresponds to the primary authentication device described in the above basic concept. As illustrated in FIG. 5, the communication control device 300 includes a communication unit 310, a primary authentication unit 320, and a connection availability confirmation unit 330.

  The communication unit 310 has a function of performing IP communication, and controls communication related to various information exchanged with the terminal connection device 200.

  The primary authentication unit 320 authenticates a service subscriber who uses the terminal device 100 and supports EAP-TLS.

  Specifically, when receiving a connection request from the terminal device 100, the primary authentication unit 320 requests the connection request source terminal device to transmit an authentication request, that is, digital signature data (response data).

  When the primary authentication unit 320 receives the authentication response from the terminal device 100, the primary authentication unit 320 uses the public key certificate included in the subscriber authentication information received as the authentication response, and similarly uses the digital signature included in the subscriber authentication information. Data (response data) is verified.

  That is, the primary authentication unit 320 verifies the digital signature data (response data) using the public key certificate, and confirms whether or not the authentication response is issued by the subscriber to which the public key certificate is given.

  As a result of the verification, if it can be confirmed that the authentication response by the subscriber to whom the public key certificate has been given is confirmed, the primary authentication unit 320 has succeeded in the primary authentication for the subscriber of the terminal device 100. Based on the holder information included in the public key certificate, the subscriber ID for identifying the subscriber who uses the terminal device 100 is specified. Then, the primary authentication unit 320 sends a connection permission request transmission instruction to the connection permission confirmation unit 330 together with the identified subscriber ID.

  In addition, if the primary authentication unit 320 cannot confirm that the authentication response by the subscriber to which the public key certificate has been granted is confirmed as a result of the verification, the primary authentication unit 320 fails in the primary authentication related to the subscriber of the terminal device 100. As a result, an authentication failure and a connection disapproval notification are returned to the terminal device 100 via the terminal connection device 200.

  The connection permission confirmation unit 330 receives a connection permission request instruction from the primary authentication unit 320 and transmits a connection permission request to the communication control device 400 described later to confirm the connection permission of the terminal device 100.

  Specifically, when accepting the connection permission request instruction from the primary authentication unit 320 together with the subscriber ID, the connection availability confirmation unit 330 connects the primary authentication result (primary authentication success) including the subscriber ID, and the terminal device 100 is connected. A connection permission request is transmitted to the communication control apparatus 400, which will be described later, together with connection destination information about the connection destination requesting the connection. Then, when accepting a connection permission notification from the communication control device 400, which will be described later, the connection availability confirmation unit 330 returns an authentication success and a connection permission notification to the terminal device 100.

  Note that, as a connection permission request between the connection permission confirmation unit 330 and the communication control apparatus 400 described later, and a response procedure thereof, a method of exchanging messages by socket communication on TCP (Transmission Control Protocol), a RADIUS protocol, or the like. For example, a method of encapsulating and exchanging in AVP determined by the above can be adopted.

  The communication control device 400 is a general-purpose server device that performs authorization and status management related to the network connection of the terminal device 100, and corresponds to the basic concept authorization / status management device described above. As illustrated in FIG. 6, the communication control apparatus 400 includes a communication unit 410, an authorization unit 420, and a subscriber state management unit 430.

  The communication unit 410 has a function of performing IP communication, and controls communication related to various types of information exchanged with the communication control device 300.

  The subscriber state management unit 430 manages information about the subscribers of the network connection service. For example, as shown in FIG. 6, for each subscriber, a subscriber ID uniquely assigned to the subscriber, Connection status (for example, “ON” if connected, “OFF” if not connected) and connection destination information (for example, the terminal device 100 of the subscriber is connected) for the connection destination that the subscriber requests to connect to For example, the attribute information of the terminal connection device 200 that is trying to perform the management.

  Upon receiving a connection permission request from the communication control device 300, the authorization unit 420 performs processing related to authorization of network connection of the terminal device 100.

  Specifically, when the authorization unit 420 receives a connection permission request from the communication control device 300, the subscriber ID included in the primary authentication result received together with the connection permission request is managed by the subscriber state management unit 430. Check whether it exists in the subscriber ID.

  As a result of the confirmation, if the subscriber ID included in the primary authentication result is present in the subscriber ID managed by the subscriber status management unit 430, the authorization unit 420 uses the subscriber status management unit 430. In the managed subscriber ID, the connection state corresponding to the subscriber ID whose existence is confirmed is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated together with the connection permission request. Update with accepted connection destination information. Then, the authorization unit 420 returns a connection permission notification to the communication control device 300.

  Note that, as a result of the confirmation, if the subscriber ID included in the primary authentication result does not exist among the subscriber IDs managed by the subscriber state management unit 430, the authorization unit 420 notifies the connection non-permission notification. It returns to the communication control device 300.

  The service providing device 500 is a general-purpose server device having an IP communication function, and provides various services to the terminal device 100.

  The terminal device 100, the communication control device 300, and the communication control device 400 described above can also be realized by mounting the above-described functions on an information processing device such as a known personal computer or workstation.

[Processing by Authentication System (Example 1)]
Subsequently, a processing flow of the authentication system according to the first embodiment will be described with reference to FIG. FIG. 7 is a diagram illustrating a processing flow of the authentication system according to the first embodiment.

  As shown in the figure, when a wireless connection request is transmitted from the terminal device 100 to the terminal connection device 200, a wireless link is established between the terminal device 100 and the terminal connection device 200 using this as a trigger. (Step S701). Note that this wireless link is established between the terminal device 100 and the terminal connection device 200 by transmitting and receiving messages in accordance with procedures defined in IEEE 802.11i.

  When the wireless link is established, the terminal connection device 200 transmits / receives a message defined in the EAP protocol to / from the terminal device 100, and acquires the subscriber identifier acquired from the terminal device 100, its own identifier information, and the like. Is transmitted to the communication control apparatus 300 (step S702).

  Specifically, the terminal connection device 200 requests the terminal device 100 for a subscriber identifier of the user of the terminal device 100. The terminal device 100 returns a response including the subscriber identifier to the terminal connection device 200 in accordance with the request from the terminal connection device 200. Note that the terminal device 100 may hold and return the subscriber identifier itself, or may read and return the subscriber identifier from the holder information of the public key certificate.

  The terminal connection device 200 transfers the message including the subscriber identifier received from the terminal device 100 and its own identifier information separately attached as “RADIUS AVP” to the communication control device 300. Note that the identifier information of the terminal connection device 200 itself transferred from the terminal connection device 200 to the communication control device 300 is used as connection destination information of the terminal device 100 in the communication control device 300.

  When receiving the message transferred from the terminal connection device 200, the communication control device 300 executes a subscriber authentication procedure for the terminal device 100 by EAP-TLS (step S703). In this subscriber authentication procedure, a message for authentication defined by TLS is encapsulated between terminal apparatus 100 and communication control apparatus 300, and a message inserted in a message defined by EAP protocol is transmitted and received. This is realized.

  It should be noted that the signature object data used for transmitting the subscriber authentication request from the communication control device 300 to the terminal device 100 by the transmission / reception of the message in the subscriber authentication procedure, and for generating the response data (digital signature data) by the terminal device 100. Exchange of original data and transmission of subscriber authentication information (response data generated using the subscriber's private key and public key certificate corresponding to the private key) from the terminal device 100 to the communication control device 300. Done.

  Specifically, “certificate request” illustrated in FIG. 7 corresponds to a subscriber authentication request transmitted from the communication control apparatus 300 to the terminal apparatus 100, and “certificate, certificate verify” illustrated in FIG. To the public key certificate and response data (digital signature data) presented to the communication control device 300 respectively. In addition, the original data of the signature target data used for generating the response data is the TLS message transmitted / received between the two apparatuses until “certificate verify” is presented from the terminal apparatus 100 to the communication control apparatus 300. Generated from the whole.

  In this way, when the communication control device 300 requests the connection request source terminal device to transmit an authentication request, that is, digital signature data (response data), and receives an authentication response from the terminal device 100, the authentication control response The digital signature data (response data) also included in the subscriber authentication information is verified using the public key certificate included in the subscriber authentication information received as

  Specifically, the communication control apparatus 300 verifies the digital signature data (response data) using the public key certificate, and confirms whether the authentication response is received by the subscriber to whom the public key certificate is given. To do. As a result of the verification, if it can be confirmed that the authentication response by the subscriber to whom the public key certificate has been given is confirmed, the communication control device 300 is assumed to have succeeded in the primary authentication for the subscriber of the terminal device 100. Based on the holder information included in the public key certificate, the subscriber ID for identifying the subscriber who uses the terminal device is specified.

  Then, the communication control device 300 receives the primary authentication result (successful primary authentication) including the subscriber ID and the connection destination information about the connection destination to which the terminal device 100 requests connection (the one previously acquired from the terminal connection device 200). In addition, a connection permission request is transmitted to the communication control device 400 (step S704).

  Note that the communication control apparatus 300 fails in the primary authentication related to the subscriber of the terminal apparatus 100 when the verification result shows that the authentication response by the subscriber to which the public key certificate has been granted has not been confirmed. As a result, an authentication failure and a connection disapproval notification are returned to the terminal device 100 via the terminal connection device 200.

  When the communication control device 400 receives the connection permission request from the communication control device 300, the subscriber ID included in the primary authentication result received together with the connection permission request is the subscriber ID managed by the subscriber state management unit 430. It is confirmed whether or not it exists inside (step S705).

  As a result of the confirmation, the communication control device 400 confirms that the subscriber ID included in the primary authentication result exists when the subscriber ID is included in the subscriber ID managed by the subscriber state management unit 430. The connection state corresponding to the subscriber ID is updated to “ON”, and the connection destination information corresponding to the subscriber ID is updated with the connection destination information received together with the connection permission request (step S706). Then, a connection permission notification is returned to the communication control device 300 (step S707).

  Note that, as a result of the confirmation, the communication control apparatus 400, when the subscriber ID included in the primary authentication result does not exist among the subscriber IDs managed by the subscriber state management unit 430, notifies the connection non-permission. Is returned to the communication control device 300.

  Upon receiving the connection permission notification from the communication control device 400, the communication control device 300 returns an authentication success and connection permission notification to the terminal device 100 via the terminal connection device 200 (steps S708 and S709).

[Effects of Example 1]
As described above, according to the first embodiment, it is possible to greatly reduce the number of times of communication between the apparatuses as compared with the case where the service subscriber authentication and the connection state recording and management are executed by the common server. It is possible to prevent unauthorized use of the network more efficiently and economically.

  In the first embodiment, the configuration in which the terminal device is connected to the network by wireless communication has been described. However, the present invention is not limited to this, and the case where the terminal device is connected to the network by wired communication is also described. It is possible to apply similarly. In this case, the method of the first embodiment can be applied to an arbitrary tunneling communication method such as PPP (Point to Point Protocol) or IPsec (Security Architecture for Internet Protocol).

  As shown in FIG. 8, the terminal connection device 200 and the communication control device 300 that are distributed in the authentication processing system according to the first embodiment may be integrated. Therefore, in the following second embodiment, the configuration and processing of the authentication processing system according to the second embodiment will be described in order.

[Configuration of Authentication Processing System (Example 2)]
The authentication processing system according to the second embodiment has the same configuration as the authentication processing system according to the first embodiment. However, as illustrated in FIG. 9, the terminal connection device 200 includes a communication unit 210, a primary authentication unit 220, The difference is that a connection availability confirmation unit 230 is further provided.

  That is, the terminal connection device 200 has the same function as the communication control device 300 described in the first embodiment, and the authentication processing system according to the first embodiment includes the communication control device 300 as a back-end authentication server. Instead, the terminal connection device 200 authenticates the terminal device 100.

[Processing of Authentication Processing System (Example 2)]
The processing of the authentication processing system according to the second embodiment is different from the first embodiment in that the terminal connection device 200 authenticates the terminal device 100 as shown in FIG. It should be noted that the processing of the authentication system according to the first embodiment (except for performing the subscriber authentication procedure by directly exchanging EAP-TLS messages between the terminal device 100 and the terminal connection device 200 (see step S1003)). Since this is the same as that shown in FIG.

  The authentication processing system described in the first embodiment can be similarly applied to a network in which different operators are connected to each other, that is, a so-called inter-provider roaming network configuration.

  For example, as shown in FIG. 11, the management entity of the first network and the communication control apparatus 300 is different from the management entity of the second network and the communication control apparatus 400, but the authentication process described in the first embodiment is performed. Processing similar to system processing (see FIG. 7) can be realized.

  When the network form of inter-operator roaming is adopted as in the third embodiment, it is risky to completely believe the result of the subscriber authentication of the communication control device 300 managed by another business operator. Therefore, a mechanism for detecting and rejecting an unauthorized connection permission request from the communication control device 300 managed by another business operator is required. In the following fourth embodiment, an authentication processing system capable of realizing this mechanism will be described.

[Basic Concept of Authentication Processing System (Example 4)]
The basic concept of the authentication processing system according to the fourth embodiment will be described with reference to FIGS. 12 to 14 are diagrams for explaining the basic concept of the authentication processing system according to the fourth embodiment.

  The authentication processing system according to the fourth embodiment is different from the above-described embodiment in that the authentication processing system according to the above-described embodiment is described below.

  That is, as shown in FIG. 12, when the connection permission confirmation means of the primary authentication device transmits a connection permission request to the authorization / state management device, the primary authentication result including the subscriber ID and the terminal device request connection. Not only the connection destination information but also the response data (digital signature data) used for subscriber authentication and the signature target data (or the original data of the signature target data) used to generate the response data are transmitted.

  The authorization / state management apparatus further includes secondary authentication means, and the subscriber state management means further manages a public key certificate corresponding to the subscriber's private key for each subscriber. When the authorization unit receives the connection permission request from the temporary authentication device, the subscriber ID included in the primary authentication result received together with the connection permission request exists in the subscriber ID managed by the subscriber state management unit. Check whether or not.

  Then, as a result of the confirmation, if the subscriber ID included in the primary authentication result is present among the subscriber IDs managed by the subscriber state management unit, the authorization unit, together with the connection permission request, sends a temporary authentication device Requests the secondary authentication means to verify the response data received from.

  Upon receiving the response data verification request from the authorization unit, the secondary authentication unit is managed by the response data and the signature target data (or the original data of the signature target data) received together with the connection permission request, and the subscriber status management unit. Is used to verify whether the response data is truly generated by the terminal device requesting the connection (that is, the connection corresponding to the connection permission request is true by the terminal device). To verify whether or not it has been tried), and return the verification result to the authorization means.

  When the authorization unit receives a verification result indicating that the verification of the response data has failed from the secondary authentication unit, the authorization unit returns a connection non-permission notification to the primary authentication device. On the other hand, when the authorization unit receives a verification result indicating that the response data has been successfully verified from the secondary authentication unit, the authorization unit starts processing related to network connection authorization as described in the above embodiment.

  As described above, in FIG. 12, the subscriber status management means of the authorization / status management apparatus manages the public key certificate corresponding to the subscriber's private key for each subscriber in advance. Although the case where the response data is verified by the next authentication means has been described, the present invention is not limited to this.

  That is, as shown in FIG. 13, when the connection permission confirmation means of the primary authentication device transmits a connection permission request to the authorization / state management device, response data (digital signature data) and signature target data (or signature target data) are transmitted. And a public key certificate corresponding to the subscriber's private key is also transmitted.

  When the secondary authentication unit of the authorization / state management device receives the response data verification request from the authorization unit, the response data received with the connection permission request, the signature target data (or the original data of the signature target data), and the public key Using the certificate, it is verified whether or not the response data is truly generated by the terminal device that requests connection, and the verification result is returned to the authorization unit.

  As in the case shown in FIG. 12, the authorization unit performs processing according to the verification result of the response data received from the secondary authentication unit.

  In the exchange between the terminal device, the primary authentication device, and the authorization / state management device shown in FIG. 13, step S1406 and step S1408 shown in FIG. 14 are different from the above-described embodiment (for example, see FIG. 2).

  That is, as shown in FIG. 14, when the primary authentication device receives an authentication response from the terminal device, the primary authentication device also uses the public key certificate included in the subscriber authentication information received as the authentication response, and similarly uses the subscriber authentication information. The digital signature data (response data) included in is verified (step S1405).

  As a result of the verification, the primary authentication device, if it can be confirmed that the authentication response by the subscriber to which the public key certificate is given is confirmed, as in the above embodiment, the primary authentication device related to the subscriber of the terminal device. As a result of successful authentication, a subscriber ID for identifying a subscriber who uses the terminal device is specified based on the holder information included in the public key certificate.

  In addition to the primary authentication result and connection destination information including the subscriber ID, the primary authentication device further includes response data (digital signature data), signature target data (or original data of signature target data), and subscribers. The public key certificate corresponding to the private key is sent to the authorization / state management apparatus (step S1406).

  When the authorization / state management device receives the connection permission request from the primary authentication device, whether or not the subscriber ID included in the primary authentication result received together with the connection permission request exists in the managed subscriber ID. Is confirmed (step S1407).

  As a result of the confirmation, when the subscriber ID included in the primary authentication result is present in the managed subscriber ID, the authorization / state management device further receives the response data, signature received together with the connection permission request Using the target data (or the original data of the signature target data) and the public key certificate, it is verified whether the response data is truly generated by the terminal device that requests connection.

  As a result of the verification, if the authorization / state management device succeeds in verifying the response data, the subscriber ID confirmed to exist in the managed subscriber ID as in the above embodiment. The connection state corresponding to is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated with the connection destination information received together with the connection permission request (step S1408).

  Hereinafter, as a specific example in which the basic concept of the authentication processing system according to the fourth embodiment is applied to a network connection service, the configuration and processing of the authentication processing system will be described in order, and finally the effects of the fourth embodiment will be described.

[Configuration of Authentication Processing System (Example 4)]
First, the configuration of an authentication processing system according to the fourth embodiment will be described with reference to FIG. FIG. 15 is a diagram illustrating a configuration example of the communication control apparatus 400 according to the fourth embodiment.

  In the authentication processing system according to the fourth embodiment, the communication control device 300 and the communication control device 400 are different from the above-described embodiments. The communication control device 300 corresponds to the primary authentication device in the basic concept described above (Example 4), and the communication control device 400 corresponds to the authorization / state management device in the basic concept described above (Example 4). To do.

  In other words, the connection permission confirmation unit 320 of the communication control device 300 succeeds in the primary authentication related to the subscriber of the terminal device 100, and when transmitting a connection permission request to the communication control device 400, the primary authentication result including the subscriber ID. In addition to the connection destination information, response data (digital signature data), signature target data (or original data of signature target data), and a public key certificate corresponding to the subscriber's private key are also transmitted.

  Moreover, the communication control apparatus 400 is further provided with the secondary authentication part 440 as shown in FIG. When the authorization unit 420 receives a connection permission request from the communication control device 300 as in the above embodiment, the subscriber ID included in the primary authentication result received together with the connection permission request is the subscriber state management unit 430. It is confirmed whether or not it exists in the subscriber ID managed.

  As a result of confirmation, if the subscriber ID included in the primary authentication result is present in the subscriber IDs managed by the subscriber state management unit 430, the authorization unit 420 determines whether the communication control device includes a connection permission request. The secondary authentication unit 440 is requested to verify the response data received from 300.

  Upon receiving a response data verification request from the authorization unit 420, the secondary authentication unit 440 responds to the response data received together with the connection permission request, the signature target data (or the original data of the signature target data), and the subscriber's private key. Is used to verify whether or not the response data is truly generated by the terminal device 100 requesting connection (that is, the connection corresponding to the connection permission request is made by the terminal device). It is verified whether or not it is truly being tried), and the verification result is returned to the authorization unit 420.

  When the authorization unit 420 receives a verification result indicating that the verification of the response data has failed from the secondary authentication unit 440, the authorization unit 420 returns a connection non-permission notification to the communication control device 300 as in the above-described embodiment. To do. On the other hand, when the authorization unit 420 receives a verification result indicating that the response data has been successfully verified from the secondary authentication unit 440, the authorization unit 420 includes the subscriber ID managed by the subscriber status management unit 430 in the subscriber ID. The connection state corresponding to the confirmed subscriber ID is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated with the connection destination information received together with the connection permission request. Then, the authorization unit 420 transmits a connection permission notification to the communication control device 300.

[Processing by Authentication System (Example 4)]
Subsequently, a processing flow of the authentication system according to the fourth embodiment will be described with reference to FIG. FIG. 16 is a diagram illustrating a processing flow of the authentication system according to the fourth embodiment. The processing of the authentication system according to the fourth embodiment is different from the above-described embodiment in the points described below.

  That is, when the communication control device 300 succeeds in the primary authentication related to the subscriber of the terminal device 100 (see step S1603) and transmits a connection permission request to the communication control device 400, the communication control device 300 and the primary authentication result including the subscriber ID and In addition to the connection destination information, response data (digital signature data), signature target data (or original data of signature target data), and a public key certificate corresponding to the subscriber's private key are also transmitted (step) S1604).

  When the communication control device 400 receives the connection permission request from the communication control device 300 as in the above embodiment (see step S705 in FIG. 7), the subscriber ID included in the primary authentication result received together with the connection permission request is Then, it is confirmed whether or not it exists in the subscriber ID managed by the subscriber state management unit 430 (step S1605).

  As a result of the confirmation, if the subscriber ID included in the primary authentication result is present in the subscriber ID managed by the subscriber state management unit 430, the communication control device 400 has received the connection permission request. Using the response data, the signature target data (or the original data of the signature target data), and the public key certificate corresponding to the subscriber's private key, the response data is truly generated by the terminal device 100 requesting connection. It is verified whether or not it is a new one (step S1606).

  When the communication control device 400 succeeds in verifying the response data, it is confirmed that the communication control device 400 exists in the managed subscriber ID as in the above-described embodiment (see step S706 in FIG. 7). The connection state corresponding to the subscriber ID is updated to “ON”, and the connection destination information corresponding to the subscriber ID is updated with the connection destination information received together with the connection permission request (step S1607).

[Effects of Example 4]
As described above, according to the fourth embodiment, the communication control device 400 re-verifies the response data used in the subscriber authentication in the communication control device 300, so that the communication control device 300 is cracked and an incorrect connection is made. It is possible to prevent a situation in which the communication control device 300 transmits a connection permission request for the terminal device 100 that is modified to transmit a permission request or is not actually connected.

  In addition, when the subscriber is charged based on the connection state managed by the communication control device 400 (the service usage time is calculated from the time in the connection state, and the usage fee is charged to the service subscriber. Even if the terminal device 100 user who has transitioned to a connection state based on a connection permission request from the communication control device 300 based on impersonated or incorrect information is erroneously Can be prevented from being charged.

  Note that the communication control apparatus 300 is cracked and transmits an incorrect connection permission request, as in the case where the management entity of the communication control apparatus 300 and the management entity of the communication control apparatus 400 take a network form of inter-operator roaming. This is particularly effective in the case where it is assumed that the communication control device 300 transmits a connection permission request for the terminal device 100 that has been modified so as to be actually not connected.

  In the above-described embodiment, when the terminal device 100 that requests connection is already connected and the connection destination that is currently connected is different from the connection destination that requests connection, a mechanism for rejecting the connection is provided. It may be. In the following fifth embodiment, an authentication processing system capable of realizing this mechanism will be described.

[Basic Concept of Authentication Processing System (Embodiment 5)]
The basic concept of the authentication processing system according to the fifth embodiment will be described with reference to FIGS. 17 and 18. 17 and 18 are diagrams for explaining the basic concept of the authentication processing system according to the fifth embodiment.

  The authentication processing system according to the fifth embodiment is different from the authentication processing system according to the above-described embodiment from the above-described embodiment in the points described below.

  That is, as shown in FIG. 17, when the authorization unit of the authorization / state management apparatus accepts a connection permission request from the primary authentication apparatus, it is included in the primary authentication result received together with the connection permission request, as in the above embodiment. It is confirmed whether the subscriber ID exists in the subscriber ID managed by the subscriber state management means.

  Then, as a result of the confirmation, if the subscriber ID included in the primary authentication result is present in the subscriber ID managed by the subscriber status management unit, the authorization unit further adds the subscriber ID to the subscriber ID. Corresponding connection status and connection destination information are acquired from information managed by the subscriber status management means.

  The authorization means is also managed by the subscriber status management means when the connection status acquired from the information managed by the subscriber status management means is being connected (for example, “ON”). It is verified whether or not the connection destination information acquired from the stored information matches the connection destination information of the terminal device received together with the connection permission request from the primary authentication device.

  As connection destination information verification methods, the connection destination device identifier is managed as connection destination information, the group identifier of the group to which the connection destination device belongs as connection destination information, and the physical or logical location information of the connection destination device. In addition, a method for verifying whether or not these pieces of information match the connection destination information of the terminal device received together with the connection permission request from the primary authentication device can be considered.

  If the connection destination information matches each other as a result of the verification, the authorization unit transmits a connection permission notification to the primary authentication device as it is. Alternatively, in the same manner as in the above embodiment, the authorization unit renews the connection state corresponding to the subscriber ID whose existence is confirmed among the subscriber IDs managed by the subscriber state management unit. In addition, the connection destination information corresponding to the subscriber ID is updated again with the connection destination information received together with the connection permission request, and then a connection permission notification is transmitted to the primary authentication unit.

  If the connection state acquired from the information managed by the subscriber state management unit is disconnected (for example, “OFF”), the authorization unit is the same as in the above embodiment. In the subscriber ID managed by the status management means, the connection status corresponding to the subscriber ID whose existence has been confirmed is updated to “ON”, and the connection destination information corresponding to this subscriber ID is further updated. Update the connection destination information received with the connection permission request. Then, the authorization unit transmits a connection permission notification to the primary authentication device.

  On the other hand, if the connection destination information does not match each other as a result of the verification, the authorization unit transmits a connection non-permission notification to the primary authentication device.

  The authorization / state management device monitors the connection state of the terminal device, and if it detects that the connection of the terminal device has transitioned to the disconnected state, the connection state managed by the subscriber state management means Is updated during disconnection (for example, “OFF”).

  In the exchange between the terminal device, the primary authentication device, and the authorization / state management device, step S1808 shown in FIG. 18 is different from the above-described embodiment (for example, see FIG. 2).

  That is, as in the above-described embodiment (see step S207 in FIG. 2), when the authorization / state management device receives a connection permission request from the primary authentication device, the subscriber is included in the primary authentication result received together with the connection permission request. It is confirmed whether the ID exists in the managed subscriber ID (step S1807).

  As a result of confirmation, if the subscriber ID included in the primary authentication result is present in the managed subscriber ID, the authorization / state management device further includes a connection state and a response corresponding to the subscriber ID. If the connection status is acquired from the information that manages the connection destination information and the acquired connection status is connected (for example, “ON”), the connection permission request is also received from the acquired connection destination information and the primary authentication device. It is verified whether or not the connection destination information of the terminal device received together with the terminal device matches (step S1808).

  As a result of the verification, if the connection destination information matches each other, the authorization / state management device, in the managed subscriber ID, similarly to the above-described embodiment (see step S208 in FIG. 2) The connection state corresponding to the confirmed subscriber ID is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated with the connection destination information received together with the connection permission request (step S1809). . Then, a connection permission notification is transmitted to the primary authentication device (step S1810).

  Hereinafter, as a specific example of applying the basic concept of the authentication processing system according to the fifth embodiment to the network connection service, the effects of the fifth embodiment will be described after the processing of the authentication processing system is described.

[Processing by Authentication System (Example 5)]
First, the processing flow of the authentication system according to the fifth embodiment will be described with reference to FIG. FIG. 19 is a diagram illustrating a processing flow of the authentication system according to the fifth embodiment. The processing of the authentication system according to the fifth embodiment is different from the above-described embodiment (for example, see FIG. 7) in the points described below.

  That is, when the communication control device 400 receives a connection permission request from the communication control device 300 as in the above embodiment (see step S705 in FIG. 7), the subscriber included in the primary authentication result received together with the connection permission request. It is confirmed whether or not the ID exists in the subscriber ID managed by the subscriber state management unit 430 (step S1905).

  As a result of the confirmation, the communication control device 400 further determines that the subscriber ID included in the primary authentication result is among the subscriber IDs managed by the subscriber state management unit 430. If the connection status and connection destination information corresponding to is acquired from the information managed by the subscriber status management unit 430, and the acquired connection status is being connected (for example, “ON”), the same subscription is performed. It is verified whether or not the connection destination information acquired from the information managed by the person status management unit 430 matches the connection destination information of the terminal device received together with the connection permission request from the primary authentication device (step S1906). ).

  As a result of the verification, when the connection destination information matches each other, the communication control device 400, as in the above-described embodiment (see step S706 in FIG. 7), manages the subscriber managed by the subscriber state management unit 430. In the ID, the connection state corresponding to the subscriber ID whose existence is confirmed is updated to “ON”, and the connection destination information corresponding to the subscriber ID is received with the connection permission request. Update (step S1907). Then, a connection permission notification is transmitted to the communication control device 300 (step S1908).

[Effects of Example 5]
As described above, according to the fifth embodiment, since a connection request regarding another connection destination received from the terminal device 100 that is already in a connected state is rejected, it is possible to firmly eliminate unauthorized use of multiple services. Is possible.

  By the way, the authentication processing system described in the above embodiment can be similarly applied to a system that provides a host service. Accordingly, in the following sixth embodiment, the configuration and processing of the authentication processing system according to the sixth embodiment will be described in order. The upper service to be applied performs communication with the terminal device by an HTTP procedure (so-called HTTPS procedure) protected by SSL (Secure Socket Layer), and provides a so-called web service.

[Configuration of Authentication Processing System (Example 6)]
First, the configuration of an authentication processing system according to the sixth embodiment will be described with reference to FIGS. FIG. 20 is a system configuration diagram of an authentication processing system according to the sixth embodiment. FIG. 21 is a diagram illustrating a configuration example of the service providing server 500 according to the sixth embodiment. FIG. 22 is a diagram illustrating a configuration example of the subscriber management server 600 according to the sixth embodiment.

  As shown in FIG. 20, the authentication processing system according to the sixth embodiment is configured by connecting the terminal device 100, the service providing server 500, and the subscriber management server 600 to a communicable state via a network. The

  The terminal device 100 differs from the terminal device 100 described in the above embodiment in the points described below. That is, it is an information device (for example, an information processing apparatus such as a known personal computer or PDA) having a TCP / IP communication function, an SSL communication function, and an HTTP communication function, and accesses the service providing server 500 according to an HTTP procedure on SSL. And receive a higher level service.

  The service providing server 500 is different from the service providing server 500 described in the above embodiment in the following points. In other words, the service providing server 500 is a so-called web server, and provides a higher level service (for example, electronic commerce) to the terminal device 100 according to the HTTP procedure on SSL. The service providing server 500 has a function corresponding to the primary authentication device of the basic concept described in the first embodiment.

  As illustrated in FIG. 21, the service providing server 500 includes a communication unit 510, a primary authentication unit 520, and a connection availability confirmation unit 530. The communication unit 510 has a TCP / IP communication function, an SSL communication function, and an HTTP communication function, and controls communication related to various information exchanged between the terminal device 100 and the subscriber management server 600.

  Further, the primary authentication unit 520 supports a client authentication procedure defined in the SSL procedure as a service subscriber authentication method. When an access request is received from the terminal device 100, the primary authentication unit 520 is a subscriber of the terminal device 100 according to the authentication procedure. Authentication (verification of response data accepted as an authentication response) is executed. When the primary authentication unit 520 succeeds in verifying the response data (digital signature data) received as an authentication response from the terminal device 100, the primary authentication unit 520 sends a connection permission request transmission instruction to the connection permission confirmation unit 530.

  When accepting a connection permission request transmission instruction from primary authentication unit 520, connection permission confirmation unit 530 receives the subscriber identifier specified when the subscriber authentication is successful, and connection destination information about the connection destination for which terminal device 100 requests connection ( For example, a connection permission request is transmitted to the subscriber management server 600 together with the address, name or identifier of the service providing server of the connection destination.

  When the service providing server 500 receives a connection permission notification from the subscriber management server 600, the service providing server 500 provides a service to the terminal device 100.

  The subscriber management server 600 is a general-purpose server device, and performs authorization and status management regarding connection to the service providing server 500. The subscriber management server 600 has a function corresponding to the basic concept authorization / state management apparatus described in the first embodiment.

  As illustrated in FIG. 22, the subscriber management server 600 includes a communication unit 610, an authorization unit 620, and a subscriber state management unit 630. The communication unit 610 has a function of performing IP communication, and controls communication related to various types of information exchanged with the service providing server 500.

  The subscriber status management unit 630 performs basically the same processing as the subscriber status management unit 430 described in the above embodiment, and is uniquely assigned to each subscriber for each subscriber. Subscriber ID, connection status to the network (for example, “ON” when connected, “OFF” when not connected), and connection destination information (for example, connection destination information for which the subscriber requests connection) Managing the address, name or identifier of the service provider server to which to connect.

  The authorization unit 620 performs basically the same processing as the authorization unit 420 described in the above-described embodiment. When the authorization unit 620 receives a connection permission request from the service providing server 500, the authorization unit 620 performs network connection of the terminal device 100. Process related to authorization.

  Specifically, when the authorization unit 620 receives the connection permission request from the service providing server 500, the subscriber ID received together with the connection permission request is included in the subscriber IDs managed by the subscriber state management unit 630. Check if it exists.

  As a result of the confirmation, if the subscriber ID received together with the connection permission request exists in the subscriber ID managed by the subscriber state management unit 630, the authorization unit 620 uses the subscriber state management unit 630 to In the managed subscriber ID, the connection state corresponding to the subscriber ID whose existence is confirmed is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated together with the connection permission request. Update with accepted connection destination information. Then, the authorization unit 620 returns a connection permission notification to the service providing server 500.

  As a result of the confirmation, the authorization unit 620 sends a connection disapproval notification when the subscriber ID managed together with the connection permission request does not exist in the subscriber IDs managed by the subscriber state management unit 630. It returns to the service providing server 500.

[Processing by Authentication System (Example 6)]
Subsequently, a processing flow of the authentication system according to the sixth embodiment will be described with reference to FIG. FIG. 23 is a diagram illustrating a process flow of the authentication system according to the sixth embodiment.

  First, a service subscriber who uses a service using the terminal device 100 accesses the service providing server 500 to the terminal device 100 by specifying a URL for connecting to or logging in to the service providing server 500. Instruct.

  Then, as shown in FIG. 23, when receiving an instruction from the service subscriber, the terminal device 100 tries to access the service providing server 500 (step S2301).

  The terminal device 100 first attempts to establish an SSL session with the service providing server 500, and then performs server authentication, client authentication, and key sharing between the service providing server 500 and the terminal device 100 according to the SSL procedure. Message exchange for is done.

  In FIG. 23, it is described that a plurality of messages in the same direction are transmitted continuously. However, these messages are transmitted together in the same packet, not in separate packets. You can also.

  By transmitting and receiving the above-described message, transmission of a subscriber authentication request from the service providing server 500 to the terminal device 100, and exchange of original data of signature target data used by the terminal device 100 to generate response data (digital signature data) Then, the subscriber authentication information (response data generated using the subscriber's private key and public key certificate corresponding to the private key) is transmitted from the terminal device 100 to the service providing server 500.

  Specifically, “certificate request” illustrated in FIG. 23 corresponds to a subscriber authentication request transmitted from the service providing server 500 to the terminal device 100, and “certificate, certificate verify” illustrated in FIG. Corresponds to the public key certificate and response data (digital signature data) presented to the service providing server 500. In addition, the original data of the signature target data used for generating the response data is the TLS message transmitted / received between the two apparatuses until “certificate verify” is presented from the terminal apparatus 100 to the service providing server 500. Generated from the whole.

  The service providing server 500 that has received each handshake message in accordance with the SSL procedure from the terminal device 100 uses the subscriber's public key certificate obtained by exchanging the message, and also uses the digital signature data (response Data) and verify whether the authentication response is received by the subscriber to whom the public key certificate is given.

  As a result of the verification, if it can be confirmed that the authentication response by the subscriber to whom the public key certificate has been given is confirmed, the service providing server 500 determines that the subscriber authentication of the terminal device 100 has been successful, A subscriber ID for identifying a subscriber who uses the terminal device is specified based on the holder information included in the key certificate.

  Then, the service providing server 500 transmits a connection permission request to the subscriber management server 600 together with the subscriber ID specified when the subscriber authentication is successful and the address of the terminal device 100 to which the terminal device 100 requests connection (for example). Step S2302).

  As a result of the verification, if it cannot be confirmed that the authentication response by the subscriber to whom the public key certificate has been given is confirmed, the service providing server 500 assumes that the subscriber authentication of the terminal device 100 has failed, An authentication failure and connection rejection notification are returned to the terminal device 100.

  When the subscriber management server 600 receives the connection permission request from the service providing server 500, does the subscriber ID received together with the connection permission request exist in the subscriber ID managed by the subscriber state management unit 630? It is confirmed whether or not (step S2303).

  As a result of the confirmation, if the subscriber ID received together with the connection permission request exists in the subscriber ID managed by the subscriber state management unit 630, the authorization unit 620 uses the subscriber state management unit 630 to In the managed subscriber ID, the connection state corresponding to the subscriber ID whose existence is confirmed is updated to “ON”, and the connection destination information corresponding to this subscriber ID is updated together with the connection permission request. Update with the received connection destination information (step S2304).

  Then, the subscriber management server 600 returns a connection permission notification to the service providing server 500 (step S2305).

  As a result of the confirmation, the subscriber management server 600 rejects the connection when the subscriber ID received together with the connection permission request does not exist among the subscriber IDs managed by the subscriber state management unit 630. A notification is returned to the service providing server 500.

  Upon receiving the connection permission notification from the subscriber management server 600, the service providing server 500 continues the SSL procedure with the terminal device 100 and establishes an SSL session (step S2306).

  When the SSL session is established with the service providing server 500, the terminal device 100 requests the service providing server 500 for the URL previously received from the service subscriber based on the HTTP procedure. Confirms that the request received from the terminal device 100 is an HTTP request from an authorized regular SSL session, and provides the terminal device 100 with a higher-level service corresponding to the requested URL (step S2307). ).

  As described above, the case where the service providing server 500 provides the upper level service to the terminal device 100 has been described as the authentication system according to the sixth embodiment, but the present invention is not limited to this. For example, the service providing server 500 serves as a gateway for controlling access to an application server on which a function for providing a higher-level application service is installed, and only service requests from subscribers who are permitted to access are applied to the application. The present invention can be similarly applied to a system configuration of proxying to a server.

  In the sixth embodiment, the method for detecting fraud in connection permission requests from other providers described in the above embodiments (see the fourth embodiment) and the method for preventing multiple use can be employed.

  Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the embodiments described above. Therefore, another embodiment included in the present invention will be described below.

(1) Device Configuration, etc. Each component of each device illustrated in the above embodiment is functionally conceptual and does not necessarily need to be physically configured as illustrated. That is, the specific form of distribution / integration of each device is not limited to the one shown in the figure. For example, the primary authentication unit 320 and the connection possibility confirmation unit 330 shown in FIG. All or a part of the authorization unit 420 and the subscriber status management unit 430 are integrated and functionally or physically distributed and integrated in arbitrary units according to various loads and usage conditions. can do. Further, all or any part of each processing function (for example, see FIG. 7, FIG. 16, FIG. 19, etc.) performed in each device illustrated in the above embodiment is analyzed by the CPU and the CPU. It can be realized by a program to be executed or as hardware by wired logic.

(2) Authentication processing program The processing of each device constituting the authentication processing system described in the above embodiment (for example, see FIG. 7, FIG. 16, FIG. 19, etc.) It can be realized by being executed by a computer system such as a workstation.

  Therefore, in the following, an example of a computer that executes a program having the same function as that of the primary authentication apparatus described as the basic concept in the above embodiment and a basic concept in the above embodiment will be described with reference to FIGS. An example of a computer that executes a program having the same function as that of the described authorization / state management apparatus will be described. FIG. 24 is a diagram illustrating a computer that executes a program having the same function as the primary authentication device. FIG. 25 is a diagram illustrating a computer that executes a program having the same function as that of the authorization / state management apparatus.

  First, an example of a computer that executes a program having the same function as the primary authentication device will be described with reference to FIG.

  As shown in the figure, a computer 700 as a primary authentication device is configured by connecting a communication control unit 710, an HDD 720, a RAM 730, and a CPU 740 via a bus 800.

  Here, the communication control unit 710 controls communication regarding various information exchanged between the terminal device and the authorization / state management device. The HDD 720 stores information necessary for the CPU 740 to execute various processes. The RAM 730 temporarily stores various information. The CPU 740 executes various arithmetic processes.

  As shown in FIG. 24, the HDD 720 has a primary authentication processing program 721 that exhibits the same function as each processing unit of the primary authentication apparatus shown in the above embodiment and primary authentication processing data 722 in advance. It is remembered. The primary authentication processing program 721 can be appropriately distributed and stored in a storage unit of another computer that is communicably connected via a network.

  Then, the CPU 740 reads this primary authentication processing program 721 from the HDD 720 and expands it in the RAM 730, whereby the primary authentication processing program 721 functions as an authentication processing process 731 as shown in FIG. The authentication processing process 731 reads the primary authentication processing data 722 and the like from the HDD 720, expands the data in the area allocated to itself in the RAM 730, and executes various processes based on the expanded data and the like. Note that the authentication processing process 731 corresponds to the processing executed in the communication means, primary authentication means, and connection availability confirmation means of the primary authentication apparatus shown in FIG.

  Note that the above-described primary authentication processing program 721 is not necessarily stored in the HDD 720 from the beginning. For example, a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk inserted into the computer 700, Each program is stored in a “portable physical medium” such as an IC card, and “another computer (or server)” connected to the computer 700 via a public line, the Internet, a LAN, a WAN, or the like. Alternatively, the computer 700 may read out and execute each program from these.

  Next, an example of a computer that executes a program having the same function as that of the authorization / state management apparatus will be described with reference to FIG.

  As shown in the figure, a computer 900 as an authorization / state management device is configured by connecting a communication control unit 910, an HDD 920, a RAM 930, and a CPU 940 via a bus 1000.

  Here, the communication control unit 910 controls communication related to various information exchanged between the terminal device and the temporary authentication device. Accepts input of various data from the user. The HDD 920 stores information necessary for the CPU 940 to execute various processes. The RAM 930 temporarily stores various information. The CPU 940 executes various arithmetic processes.

  As shown in FIG. 25, the HDD 920 has a management processing program 921 that exhibits the same function as each processing unit of the authorization / status management apparatus shown in the above embodiment and management processing data 922 in advance. It is remembered. The management processing program 921 can be appropriately distributed and stored in a storage unit of another computer that is communicably connected via a network.

  Then, the CPU 940 reads this management processing program 921 from the HDD 920 and develops it in the RAM 930, whereby the management processing program 921 functions as a management processing process 931 as shown in FIG. Then, the management processing process 931 reads the management processing data 922 and the like from the HDD 920, expands them in the area allocated to itself in the RAM 930, and executes various processes based on the expanded data and the like. The management processing process 931 corresponds to processing executed in the communication means, authorization means, and subscriber status management means of the authorization / status management apparatus shown in FIG.

  Note that the above-described management processing program 921 does not necessarily need to be stored in the HDD 920 from the beginning. For example, a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk, an IC inserted into the computer 900, for example. Each program is stored in a “portable physical medium” such as a card, and “another computer (or server)” connected to the computer 900 via a public line, the Internet, a LAN, a WAN, or the like. The computer 900 may read and execute each program from these.

(3) Authentication processing method The following authentication processing method is realized by the authentication processing system described in the above embodiment.

  That is, the primary authentication device (for example, the communication control device 300) corresponds to the signature data signed with the secret key held by the service subscriber and the secret key as information for certifying the identity of the service subscriber. A response data receiving step of receiving response data including the public key certificate from the terminal device that is a service request source (see, for example, step S702 in FIG. 7), and a public key included in the response data received by the response data receiving step When the signature data is verified by the signature data verification step (see, for example, step S703 in FIG. 7), which verifies the signature data included in the response data, using the certificate, Subscriber identification to identify the service subscriber that is the service requester , And connection destination information indicating a connection destination that is requested to be connected by a service subscriber in order to receive service provision, and an inquiry about whether or not the service can be provided to an authorization / state management device (for example, the communication control device 400) Transmission / rejection inquiry transmission step (see, for example, step S704 in FIG. 7), as a response to the inquiry transmitted by the availability inquiry transmission step, from the authorization / state management device (eg, communication control device 400). A service providing step of providing a service to the terminal device (see, for example, steps S708 and S709 in FIG. 7), when the permission notification to permit service provision is received, the authorization / state management A device (for example, the communication control device 400) can receive a service subscription. Service usage status for specifying whether or not the service subscriber is using the service, and the service subscriber is connected to receive the service. The subscriber information management step for managing the connection destination information indicating the connection destination requesting the service, and whether or not the service can be provided when the inquiry about the service provision is received from the primary authentication device (for example, the communication control device 300). An identifier confirmation step for confirming whether or not the subscriber identifier received together with the inquiry about the subscriber identifier exists in the subscriber identifier managed by the subscriber information management step (see, for example, step S705 in FIG. 7); In the identifier confirmation step, the subscriber identifier received together with the inquiry regarding the availability of service is the subscriber When it is confirmed that it exists in the subscriber identifier managed by the information management step, the connection state managed by the subscriber information management step in association with the subscriber identifier confirmed to exist And updating the connection destination information managed by the subscriber information management step in association with the subscriber identifier confirmed to be present in the connection destination information received together with the inquiry about whether or not the service can be provided. In the information updating step (see, for example, step S706 in FIG. 7), the subscriber identifier received together with the inquiry about whether or not the service can be provided by the identifier confirmation step is the subscriber identifier managed by the subscriber information management step. If it is confirmed that the service is present, a notification that the provision of the service is permitted Authentication device (e.g., the communication control unit 300) serving permission notice transmitting step of transmitting to the (e.g., see step S707 in FIG. 7), to realize the inclusive authentication method.

  As described above, the authentication processing system, the authentication device, the management device, the authentication processing method, the authentication processing program, and the management processing program according to the present invention authenticate the terminal device that is the service request source and provide the service. This is useful when managing the service usage status of the network, and is particularly suitable for preventing unauthorized use of the network more efficiently and economically.

1 is a diagram for explaining a basic concept of an authentication processing system according to a first embodiment. 1 is a diagram for explaining a basic concept of an authentication processing system according to a first embodiment. 1 is a system configuration diagram of an authentication processing system according to Embodiment 1. FIG. 1 is a diagram illustrating a configuration example of a terminal device 100 according to a first embodiment. 1 is a diagram illustrating a configuration example of a communication control apparatus 300 according to a first embodiment. 1 is a diagram illustrating a configuration example of a communication control apparatus 400 according to a first embodiment. It is a figure which shows the flow of a process of the authentication system which concerns on Example 1. FIG. FIG. 6 is a system configuration diagram of an authentication processing system according to a second embodiment. It is a figure which shows the structural example of the terminal connection apparatus which concerns on Example 2. FIG. It is a figure which shows the flow of a process of the authentication system which concerns on Example 2. FIG. FIG. 10 is a system configuration diagram of an authentication processing system according to a third embodiment. FIG. 10 is a diagram for explaining a basic concept of an authentication processing system according to a fourth embodiment. FIG. 10 is a diagram for explaining a basic concept of an authentication processing system according to a fourth embodiment. FIG. 10 is a diagram for explaining a basic concept of an authentication processing system according to a fourth embodiment. FIG. 10 is a diagram illustrating a configuration example of a communication control apparatus 400 according to a fourth embodiment. It is a figure which shows the flow of a process of the authentication system which concerns on Example 4. FIG. It is a figure for demonstrating the basic concept of the authentication processing system which concerns on Example 5. FIG. It is a figure for demonstrating the basic concept of the authentication processing system which concerns on Example 5. FIG. It is a figure which shows the flow of a process of the authentication system which concerns on Example 5. FIG. FIG. 10 is a system configuration diagram of an authentication processing system according to a sixth embodiment. FIG. 10 is a diagram illustrating a configuration example of a service providing server 500 according to a sixth embodiment. It is a figure which shows the structural example of the subscriber management server 600 which concerns on Example 6. FIG. It is a figure which shows the flow of a process of the authentication system which concerns on Example 6. FIG. It is a figure which shows the computer which performs the program which has the function similar to a primary authentication apparatus. It is a figure which shows the computer which performs the program which has the function similar to an authorization and state management apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Terminal device 110 Communication part 120 Authentication part 121 Private key 122 Public key certificate 200 Terminal connection apparatus 210 Communication part 220 Primary authentication part 230 Connection availability confirmation part 300 Communication control device 310 Communication part 320 Primary authentication part 330 Connection availability confirmation part 400 communication control device 410 communication unit 420 authorization unit 430 subscriber status management unit 440 secondary authentication unit 500 service providing server 510 communication unit 520 primary authentication unit 530 connectability confirmation unit 600 subscriber management server 610 communication unit 620 authorization unit 630 subscription Person status management unit 700 Computer (primary authentication device)
710 Communication control unit 720 HDD (Hard Disk Drive)
721 Primary authentication processing program 722 Data for primary authentication processing 730 RAM (Random Access Memory)
731 Authentication processing process 740 CPU (Central Processing Unit)
800 Bus 900 Computer (authorization / status management device)
910 Communication control unit 920 HDD (Hard Disk Drive)
921 Management processing program 922 Management processing data 930 RAM (Random Access Memory)
931 Management process 940 CPU (Central Processing Unit)
1000 buses

Claims (10)

An authentication processing system configured to include an authentication device that performs service-related authentication in response to a service request from a terminal device and provides a service, and a management device that manages a service usage state of a service subscriber,
The authentication device
As the information for certifying the identity of the service subscriber, the signature data signed with the private key held by the service subscriber and the authentication response data including the public key certificate corresponding to the private key are used as the service request source terminal. Authentication response data receiving means for receiving from the device;
Signature data verification means for verifying signature data also included in the authentication response data using a public key certificate included in the authentication response data received by the authentication response data receiving means;
If the signature data verification means succeeds in verifying the signature data, a subscriber identifier for identifying the service subscriber that is the service request source, and a connection is requested by the service subscriber to receive the service. Together with connection destination information indicating the connection destination to be transmitted, an inquiry about whether or not to provide a service is transmitted to the management device.
As a response to the inquiry transmitted by the availability inquiry transmission unit, when receiving a permission notification to permit service provision from the management device, a service providing unit that provides a service to the terminal device;
With
The management device
A service usage state for specifying whether or not the service subscriber is using the service in association with a subscriber identifier for uniquely identifying a service subscriber capable of receiving the service; and Subscriber information management means for managing connection destination information indicating a connection destination to which a service subscriber requests connection in order to receive provision of service;
Whether a subscriber identifier received together with an inquiry about whether or not to provide a service exists in the subscriber identifier managed by the subscriber information management means when an inquiry about whether or not to provide a service is received from the authentication device An identifier confirmation means for confirming whether or not,
If it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, the presence is present. The connection identifier managed by the subscriber information management means in association with the confirmed subscriber identifier is updated, and the subscriber identifier whose existence is confirmed by the connection destination information received together with the inquiry about the availability of service provision Subscriber information update means for updating connection destination information managed by the subscriber information management means in association with
When it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, A service provision permission notification transmitting means for transmitting a notification of permission of provision to the authentication device;
An authentication processing system characterized by comprising: An authentication device that provides a service by performing authentication related to service use in response to a service request from a terminal device,
As the information for certifying the identity of the service subscriber, the signature data signed with the private key held by the service subscriber and the authentication response data including the public key certificate corresponding to the private key are used as the service request source terminal. Authentication response data receiving means for receiving from the device;
Signature data verification means for verifying signature data also included in the authentication response data using a public key certificate included in the authentication response data received by the authentication response data receiving means;
If the signature data verification means succeeds in verifying the signature data, a subscriber identifier for identifying the service subscriber that is the service request source, and a connection is requested by the service subscriber to receive the service. Together with connection destination information indicating the connection destination to be transmitted, a query as to whether or not the service can be provided is transmitted to a management device that manages the service usage status of the service subscriber;
As a response to the inquiry transmitted by the availability inquiry transmission unit, when receiving a permission notification to permit service provision from the management device, a service providing unit that provides a service to the terminal device;
An authentication apparatus comprising: A management device for managing the service usage status of a service subscriber,
A service usage state for specifying whether or not the service subscriber is using the service in association with a subscriber identifier for uniquely identifying a service subscriber capable of receiving the service; and Subscriber information management means for managing connection destination information indicating a connection destination to which a service subscriber requests connection in order to receive provision of service;
When an inquiry about service availability is received from an authentication device that authenticates a service subscriber using the service request source terminal device and provides the service, the subscriber identifier received together with the inquiry about service availability is Identifier confirmation means for confirming whether or not the subscriber identifier is managed by the subscriber information management means;
If it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, the presence is present. The connection identifier managed by the subscriber information management means in association with the confirmed subscriber identifier is updated, and the subscriber identifier whose existence is confirmed by the connection destination information received together with the inquiry about the availability of service provision Subscriber information update means for updating connection destination information managed by the subscriber information management means in association with
When it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, A service provision permission notification transmitting means for transmitting a notification of permission of provision to the authentication device;
A management apparatus comprising: Along with the inquiry about whether or not the service can be provided, not only the subscriber identifier but also signature data signed with a private key held by the service subscriber and signature target data used to generate the signature data are received from the authentication device. And
The subscriber information management means further manages a public key certificate corresponding to a secret key held by a service subscriber as well as the service usage state and the connection destination information in association with the subscriber identifier,
If it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, the authentication A public key certificate corresponding to the subscriber identifier received from the device is acquired from the public key certificate managed by the subscriber information management means, and received from the acquired public key certificate and the authentication device. Signature data verification means for verifying the signature data received from the authentication device using the signature target data,
The subscriber information update unit updates the connection state and the connection destination information when the signature data verification unit succeeds in verifying the signature data,
4. The service provision permission notification transmission unit transmits a notification to the effect that service provision is permitted to the authentication device when the signature data verification unit succeeds in verifying the signature data. The management apparatus as described in. Along with inquiries regarding whether or not to provide services, not only the subscriber identifier but also signature data signed with a private key held by the service subscriber, signature target data used to generate the signature data, and disclosure corresponding to the private key Further receiving a key certificate from the authentication device,
When it is confirmed by the identifier confirmation means that the subscriber identifier received from the authentication apparatus together with an inquiry about whether or not to provide a service is present in the subscriber identifier managed by the subscriber information management means Further comprises signature data verification means for verifying the signature data received from the authentication device using the public key certificate and signature target data received from the authentication device,
The subscriber information update unit updates the connection state and the connection destination information when the signature data verification unit succeeds in verifying the signature data,
4. The service provision permission notification transmission unit transmits a notification to the effect that service provision is permitted to the authentication device when the signature data verification unit succeeds in verifying the signature data. The management apparatus as described in. If it is confirmed by the identifier confirmation means that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management means, the presence is present. A connection state confirmation unit for confirming a connection state managed by the subscriber information management unit in association with the confirmed subscriber identifier;
A connection managed by the subscriber information management means in association with the subscriber identifier whose existence has been confirmed by the identifier confirmation means when the connection state is confirmed by the connection status confirmation means; Based on the destination information, a connection destination information verification means for verifying the connection destination information received together with the inquiry about availability of service provision;
Further comprising
The subscriber information update unit, when the connection destination information received together with the inquiry about whether or not the service can be provided by the connection destination information verification unit has been successfully verified, updates the connection state and the connection destination information,
The service provision permission notification transmitting unit transmits a notification to permit service provision to the authentication device when the connection destination information verifying unit verifies that the connection destination information matches each other. The management device according to claim 3, wherein It further comprises connection disconnection detection means for detecting a terminal device whose connection has transitioned to a disconnected state,
The subscriber information update means is connected to the subscriber identifier of a service subscriber who uses the terminal device whose connection has been changed to a disconnected state by the connection disconnection detection means and is managed by the subscriber information management means The management apparatus according to claim 6, wherein the state is updated during disconnection. Executed by an authentication processing system configured to include an authentication device that provides service by performing authentication related to service usage in response to a service request from a terminal device, and a management device that manages the service usage status of the service subscriber. An authentication processing method,
The authentication device
As the information for certifying the identity of the service subscriber, the signature data signed with the private key held by the service subscriber and the authentication response data including the public key certificate corresponding to the private key are used as the service request source terminal. An authentication response data receiving step received from the device;
Signature data verification step for verifying signature data also included in the authentication response data using the public key certificate included in the authentication response data received by the authentication response data reception step;
When the signature data is successfully verified in the signature data verification step, a connection identifier is requested by the service subscriber to receive the service and the subscriber identifier for identifying the service subscriber that is the service request source. Together with connection destination information indicating the connection destination to be transmitted, an inquiry about whether to provide a service is sent to the management device.
As a response to the inquiry transmitted by the availability inquiry transmission step, when receiving a permission notification to permit service provision from the management device, a service providing step of providing a service to the terminal device;
Including
The management device
A service usage state for specifying whether or not the service subscriber is using the service in association with a subscriber identifier for uniquely identifying a service subscriber capable of receiving the service; and A subscriber information management step for managing connection destination information indicating a connection destination from which a service subscriber requests connection in order to receive service provision;
When the inquiry about service availability is received from the authentication device, whether the subscriber identifier received together with the service availability inquiry exists in the subscriber identifier managed by the subscriber information management step An identifier confirmation step for confirming whether or not,
If it is confirmed in the identifier confirmation step that the subscriber identifier received together with the inquiry about availability of service is present in the subscriber identifier managed by the subscriber information management step, the presence is present. The subscriber identifier whose presence is confirmed by the connection destination information received together with the inquiry about whether or not to provide the service, while updating the connection state managed by the subscriber information management step in association with the confirmed subscriber identifier A subscriber information update step for updating connection destination information managed by the subscriber information management step in association with
When it is confirmed by the identifier confirmation step that the subscriber identifier received together with the inquiry about the availability of service is present in the subscriber identifier managed by the subscriber information management step, A service provision permission notification transmission step of transmitting a notification to the effect of permission to the authentication device;
The authentication processing method characterized by including. An authentication processing program for causing a computer to execute processing for providing service by performing authentication related to service use in response to a service request from a terminal device,
As the information for certifying the identity of the service subscriber, the signature data signed with the private key held by the service subscriber and the authentication response data including the public key certificate corresponding to the private key are used as the service request source terminal. An authentication response data reception procedure received from the device;
Signature data verification procedure for verifying signature data also included in the authentication response data using a public key certificate included in the authentication response data received by the authentication response data reception procedure;
If the signature data is successfully verified by the signature data verification procedure, a connection identifier is requested by the service subscriber in order to receive a service identifier and a subscriber identifier for identifying the service subscriber. Together with connection destination information indicating the connection destination to be transmitted, an inquiry about whether or not to provide a service is sent to a management device that manages the service usage status of the service subscriber;
As a response to the inquiry transmitted by the availability inquiry transmission procedure, when receiving a permission notification to permit service provision from the management device, a service provision procedure for providing a service to the terminal device;
An authentication processing program for causing a computer to execute. A management processing program for causing a computer to execute processing for managing the service usage status of a service subscriber,
A service usage state for specifying whether or not the service subscriber is using the service in association with a subscriber identifier for uniquely identifying a service subscriber capable of receiving the service; and A subscriber information management procedure for storing and managing connection destination information indicating a connection destination from which a service subscriber requests connection in order to receive provision of a service;
When an inquiry about service availability is received from an authentication device that authenticates a service subscriber using the service request source terminal device and provides the service, the subscriber identifier received together with the inquiry about service availability is An identifier confirmation procedure for confirming whether or not the subscriber identifier is managed by the subscriber information management procedure;
If it is confirmed by the identifier confirmation procedure that the subscriber identifier received together with the inquiry about availability of service exists in the subscriber identifier managed by the subscriber information management procedure, the presence is present. The connection identifier managed by the subscriber information management procedure in association with the confirmed subscriber identifier is updated, and the subscriber identifier whose existence is confirmed by the connection destination information received together with the inquiry about whether or not the service can be provided A subscriber information update procedure for updating connection destination information managed by the subscriber information management procedure in association with
When it is confirmed by the identifier confirmation procedure that the subscriber identifier received together with the inquiry about the availability of service exists in the subscriber identifier managed by the subscriber information management procedure, A service provision permission notification transmission procedure for transmitting a notification of permission of provision to the authentication device;
A management processing program characterized by causing a computer to execute.

Images