JP2009303188A - Management device, registered communication terminal, unregistered communication terminal, network system, management method, communication method, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow a common key to be shared by an unregistered communication terminal and a management device while guaranteeing validity of the unregistered communication terminal which cannot be authenticated in an authentication infrastructure without constructing a new authentication system other than the authentication infrastructure. <P>SOLUTION: The management device generates a first common key which is shared by a registered communication terminal 14 authenticated in the authentication infrastructure and a local device, stores the generated first common key, and transmits the first common key to the registered communication terminal via the authentication infrastructure. Then, the management device receives second common key generating information that can be used together with the first common key to generate a second common key from the registered communication terminal via the authentication infrastructure. Furthermore, the management device stores the received second common key generation information, and uses the first common key and second common key generation information to generate the second common key. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a management device, a registered communication terminal, an unregistered communication terminal, a network system, a management method, a communication method, and a computer program for sharing a shared key between a plurality of devices connected via a network.

  In recent years, various technologies for improving convenience in networks have been proposed. One such technique is IMS (IP Multimedia Subsystem) (see Non-Patent Document 1). IMS is a technology for integrating a plurality of services using IP technology such as SIP (Session Initiation Protocol). FIG. 11 is a schematic diagram showing an outline of an IMS network structure. In IMS, for example, mobile / fixed communication services (for example, 2G cellular and IMT-2000) using conventional circuit switching technology and mobile / fixed communication services (for example, wireless LAN, optical communication, xDSL, etc.) using packet switching technology are used. Are integrated and various services are provided.

  FIG. 12 is a sequence diagram showing an authentication sequence in IMS. The outline of the authentication sequence in IMS will be described below. In IMS, a communication terminal (UE: User Equipment) has user identification information (IMPU: IP Multimedia Public Identify, IMPI: IP Multimedia Private Identify) in an ISIM (IMS Subscriber Identity Module) inserted in its own device, and long-term sharing. The key (K) is used to communicate with an authentication server (HSS: Home Subscriber Server) in the carrier network included in the IMS to perform mutual authentication, key exchange, and location registration. At this time, the communication terminal includes a Proxy-Call Session Control Function (P-CSCF), an Interrogating-Call Session Control Function (I-CSCF), and a Serving-Call Session Control (S-CSCF) in the carrier network included in the IMS. Communication with HSS via Function). Thereby, the communication terminal shares a shared key CK (Confidential Key) and IK (Integrity Key) with the P-CSCF. The communication terminal can securely access the operator network by performing secret communication by IPsec with the P-CSCF using CK and IK. Further, the carrier network shares a key with the P-CSCF in advance by the method described above, and does not permit access other than the communication terminal that has performed location registration. Therefore, strong security is maintained in the carrier network by IMS.

  Here, the user identification information IMPU and IMPI will be described. The user identification information IMPU and IMPI are assigned from the operator of the operator network. IMPI is identification information assigned to each user one by one, and is information that uniquely identifies the user in the IMS. IMPU is identification information used by a user in each service, and a plurality of IMPUs are assigned to one IMPI. IMPI and IMPU are stored in HSS in IMS. When the HSS performs user authentication and registration of the location information of the communication terminal, the HSS identifies the user by checking the user identification information. Then, the HSS performs mutual authentication using permission of connection to the IMS service and authentication information (authentication vector) associated with the user identification information.

  IMS provides IMS Service Control (ISC) to an application server (AS) for service providers. The ISC is an interface that enables each application server to perform user authentication using user identification information in the IMS independently. The ISC enables the service provider application server to provide a unique service to the user of the communication terminal connected to the IMS without having an authentication server.

  As in IMS, between a plurality of devices that are located apart via a network (for example, a user communication terminal and HSS, a user communication terminal and an application server, a user communication terminal and another user communication terminal, etc.) In order to realize highly secure communication, it is necessary to share a shared key between devices. Therefore, development of a technique for sharing and communicating a shared key between communication terminals is desired.

  As an example of such a technique, Non-Patent Document 2 discloses a protocol (Diffie-Hellman key sharing method) for securely sharing a secret key between two communication terminals (between two parties). In this protocol, even if a communication content between two parties is intercepted by a third party (an attacker), the attacker cannot decrypt a secret key shared between the two parties. However, an attacker can intervene between two communicating parties, allowing one user to impersonate the other (Man-In-The-Middle attack). Therefore, in the technique disclosed in Non-Patent Document 2, it is necessary to provide a mechanism for allowing communication terminals to authenticate each other.

  For such a problem, Patent Document 1 discloses a key sharing technique for solving a vulnerability to a Man-In-The-Middle attack. In the technique disclosed in Patent Document 1, a reliable public key server is installed in the system, and the public key server transmits key generation information to one of the two parties. This process makes it impossible for an attacker to replace the key generation information, and it is possible to prevent spoofing due to a Man-In-The-Middle attack.

  However, in the technique disclosed in Patent Document 1, it is necessary to authenticate a message transmitted from a public key server at the time of key exchange at each communication terminal. Therefore, it is necessary to install a certificate for authenticating the public key server in all communication terminals that perform key exchange. In the technique disclosed in Patent Document 1, all users need to securely transmit their own key generation information to a public key server in advance. Therefore, it is necessary to install the secret information corresponding to the key generation information in all communication terminals owned by the user. In order to construct and operate such a system as a single service provider, a lot of costs are required, and the processing performed by the user becomes complicated.

Therefore, these problems can be solved by connecting to the operator network using authentication in IMS. However, in that case, there is a problem that a communication terminal that does not have an ISIM registered in the HSS cannot receive authentication in the IMS and cannot connect to the carrier network. For such a problem, Non-Patent Document 3 discloses a technique for enabling a service provided from IMS to be received even by a communication terminal that does not have an ISIM owned by a user.
In the technique of Non-Patent Document 3, a mobile phone having ISIM and a communication terminal not having ISIM are connected by a short-range wireless communication technique. The mobile phone transmits authentication information for authenticating with the IMS to the communication terminal. Further, the mobile phone makes an inquiry to the IMS HSS, and adds information of the communication terminal to the HSS. Thereby, the communication terminal can be authenticated by IMS. Thereafter, by registering a communication terminal with a PAN (Personal Area Network) management server connected to the IMS, service reception via the IMS is realized using a communication terminal having no ISIM.
JP 2006-140743 A 3GPP TS 23.228 V8.1.0, "IP Multimedia Subsystem (IMS) Stage 2 (Release 8)" W. Diffie and ME Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol.IT-22, No.6, pp.644-654 Hirofumi Denho et al., "Personal Area Network Support in All-IP Network", 2005 IEICE Society Conference, BS-2-10, 2005

  However, in the technique disclosed in Non-Patent Document 3, when a user uses a new communication terminal, the user accesses the IMS using a mobile phone having ISIM, and adds information on the new communication terminal to the HSS each time. Must. Generally, when authenticating and registering a communication terminal using a mobile phone, it is necessary to take measures so that the security of authentication information in the ISIM of the mobile phone is not threatened. For this reason, frequently accessing the HSS and registering information on new communication terminals is not very realistic from the viewpoint of security. Furthermore, in this technology, the communication terminal needs to access the IMS after registering with the HSS, and a communication terminal that cannot access the IMS in the first place is not supported.

  The present invention has been made in view of such problems of the prior art, and relates to an unregistered communication terminal that cannot receive authentication in the authentication infrastructure without constructing a new authentication system other than the authentication infrastructure. An object of the present invention is to provide a device that allows a non-registered communication terminal and a management device to share a shared key while ensuring legitimacy.

  A first aspect of the present invention is a management device, which includes a first shared key management unit, a second shared key generation information management unit, and a second shared key management unit. The first shared key management unit generates a first shared key shared between the registered communication terminal that has been authenticated by the authentication infrastructure and the own device, and stores the generated first shared key. Further, the first shared key management unit transmits the generated first shared key to the registered communication terminal via the authentication infrastructure. The second shared key generation information management unit receives the second shared key generation information from the unregistered communication terminal that stores the second shared key and the second shared key generation information without going through the authentication infrastructure. The second shared key generation information is data that can be used together with the first shared key to generate the second shared key. The second shared key management unit generates a second shared key using the first shared key and the second shared key generation information. For example, the second shared key may be acquired by data-linking the first shared key and the second shared key generation information and then processing using a one-way function.

  In the first aspect of the present invention, the first shared key management unit transmits the first shared key to the registered communication terminal authenticated by the authentication infrastructure via the authentication infrastructure. The legitimacy of the transmission partner of one shared key is guaranteed. In the first aspect of the present invention, the second shared key is not information used for authentication in the authentication infrastructure. Therefore, even if the second shared key is acquired by the non-registered communication terminal, the security between the registered communication terminal and the authentication infrastructure is not affected. Then, when the registered communication terminal passes the second shared key to the unregistered communication terminal, the second shared key can be shared between the unregistered communication terminal and the management device. At this time, the registered communication terminal that passes the second shared key to the unregistered communication terminal is authenticated by the authentication infrastructure as described above. Sex is guaranteed.

  The first aspect of the present invention shares the third shared key with the non-registered communication terminal by performing encrypted communication using the second shared key with the non-registered communication terminal without going through the authentication infrastructure, The third shared key is configured to further include a third shared key management unit that encrypts and transmits the third shared key to another non-registered communication terminal using a second shared key corresponding to the other non-registered communication terminal. Also good.

A second aspect of the present invention is a registered communication terminal, and includes an authentication management unit, a first shared key management unit, a second shared key generation information management unit, and a management device communication unit. The authentication management unit receives authentication in the authentication infrastructure. The first shared key management unit shares the first shared key with the management device by communication via the authentication infrastructure. The second shared key generation information management unit generates second shared key generation information that can be used together with the first shared key to generate a second shared key, and the generated second shared key generation information Remember. The management device communication unit transmits the second shared key generation information to the management device by communication via the authentication infrastructure.
The management device communication unit may be configured to add the second shared key generation information to a session establishment request message transmitted to the management device.
The management device communication unit may be configured to exchange a series of information including the second shared key generation information with respect to the management device within one session established with the management device. .
The second shared key generation information management unit may be configured to generate the second shared key generation information as information including user identification information of the self-registered communication terminal and identification information of the unregistered communication terminal.
The second shared key generation information may be a GRUU identifier of the unregistered communication terminal, and the registered communication terminal may be configured to register the second shared key generation information with the authentication infrastructure.

  A third aspect of the present invention is an unregistered communication terminal, which includes a second shared key storage unit and a third shared key management unit. The second shared key storage unit stores a second shared key shared with the management apparatus and second shared key generation information for generating the second shared key. The third shared key management unit transmits the second shared key generation information to the management device without going through an authentication infrastructure, and the second shared key and the second shared key storage unit generated by the management device The third shared key is shared with the management apparatus by performing encrypted communication using the second shared key stored by the management apparatus. The unregistered communication terminal shares the third shared key with the other communication terminal by transferring the third shared key to the other communication terminal in the management device.

  A fourth aspect of the present invention includes a registered communication terminal, a non-registered communication terminal, an authentication infrastructure, and a management device, and confidentiality in communication between the registered communication terminal and the authentication infrastructure and communication between the authentication infrastructure and the management device. And a network system whose integrity is guaranteed. The management device generates a first shared key that is shared between the registered communication terminal that has been authenticated by the authentication infrastructure and the self-device, stores the generated first shared key, and registers it via the authentication infrastructure. Send to communication terminal. The registered communication terminal device receives the first shared key from the management device, generates second shared key generation information that can be used together with the first shared key to generate a second shared key, and is generated The second shared key generation information is transmitted to the management apparatus via the authentication infrastructure. The management device receives the second shared key generation information and generates a second shared key using the first shared key and the second shared key generation information. The registered communication terminal generates the second shared key using the second shared key generation information and the second shared key generation information. The unregistered communication terminal receives and stores the input of the second shared key generated by the registered communication terminal.

In the network system according to the fourth aspect of the present invention, the unregistered communication terminal generates a third shared key, encrypts the generated third shared key using the second shared key, and transmits the encrypted third shared key to the management apparatus. Also good. In this case, the management device receives the encrypted third shared key, generates the third shared key by decrypting using the second shared key, and generates another third shared key related to the other unregistered communication terminal. The second shared key is used to encrypt the third shared key and transmit it to other unregistered communication terminals.
Further, in this case, the other unregistered communication terminal receives the encrypted third shared key and generates and stores the third shared key by decrypting with the other second shared key. Composed.

  The present invention may be specified as a method executed by each device according to the first to fourth aspects of the present invention. Further, the present invention may be specified as a computer program for causing a computer to operate as each device described above.

  According to the present invention, the non-registered communication terminal and the management device can ensure the validity of the non-registered communication terminal that cannot receive authentication in the authentication infrastructure without constructing a new authentication system other than the authentication infrastructure. The shared key can be shared.

  FIG. 1 is a system configuration diagram showing a system configuration of the key sharing system 1. The key sharing system 1 includes an operator authentication infrastructure (IMS) 11, an authentication mediating device (AuPF: management device) 12, an unregistered communication terminal 13, and a registered communication terminal (TE) 14. The operator authentication infrastructure 11 and the registered communication terminal 14 communicate via the operator access network, and the confidentiality of this communication (data cannot be intercepted by a third party) and completeness (data must not be altered in the middle). ) Is guaranteed. The operator authentication infrastructure 11 and the authentication mediating device 12 communicate via the S-CSCF, and the confidentiality and integrity of this communication are guaranteed. The registered communication terminal 14 has an operator authentication required module card (ISIM) in which the IMPI and the long-term storage key K are recorded, and is registered in the operator authentication infrastructure 11. On the other hand, the unregistered communication terminal 13 can connect to the Internet through a general access network, but does not have an ISIM and cannot connect to the provider access network and the provider authentication infrastructure 11.

As described above, the provider authentication infrastructure 11 is a network in which a plurality of services are integrated using an IP technology such as SIP (Session Initiation Protocol), and is a network as shown in FIG. Further, the provider authentication infrastructure 11 authenticates the registered communication terminal 14 as shown in FIG. In addition, since the structure of the provider authentication infrastructure 11 has been described with reference to FIGS. 11 and 12, detailed description thereof will be omitted.
FIG. 2 is a functional block diagram illustrating a configuration example of the authentication mediating apparatus 12. The authentication mediating apparatus 12 includes a first shared key management unit 121, a second shared key generation information management unit 122, a second shared key management unit 123, and a third shared key management unit 124.
FIG. 3 is a functional block diagram illustrating a configuration example of the unregistered communication terminal 13. The registered communication terminal 13 includes a second shared key storage unit 131 and a third shared key management unit 132.
FIG. 4 is a functional block diagram illustrating a configuration example of the registered communication terminal 14. The unregistered communication terminal 14 includes an authentication management unit 141, a first shared key management unit 142, a second shared key generation information management unit 143, and a management device communication unit 144. In addition, operation | movement of each function part with which each of the authentication mediation apparatus 12, the unregistered communication terminal 13, and the registered communication terminal 14 is provided is mentioned later.

  The symbols used in the following description are defined. TEx indicates the registered communication terminal 14 owned by the user X. nTEx indicates the unregistered communication terminal 13 owned by the user X. ID_ {nTEx} indicates identification information of nTEx. IMPU_ {TEx} indicates the IMPU of TEx. IMPI_ {TEx} indicates the IMPI of TEx. K_ {TEx} indicates a long-term storage key of TEx. K_ {x, y} indicates a shared key shared between x and y. MKPF indicates a master key of the authentication mediating apparatus 12. (PKx, SKx) indicates a public / private key pair used by the user X. E (k, m) indicates data obtained by encrypting the data m using the key K. D (k, c) indicates data obtained by decrypting the data c using the key K. h (x) represents a one-way function. a || b shows the data obtained by the connection process of the data a and the data b. a · b represents an exclusive OR for each bit of a and b. In the drawings, a character string described after the underbar in this specification is described as a subscript.

<Preparatory processing>
FIG. 5 is a sequence diagram illustrating a specific example of the procedure of the preliminary preparation process. In FIG. 5, the registered communication terminal 14 (TEa) is the registered communication terminal 14 owned by the user A. Hereinafter, the advance preparation process will be described with reference to FIG. For convenience of explanation, the registered communication terminal 14 owned by the user A is referred to as TEa.

  First, the authentication management unit 131 of the TEa requests the authentication service by the authentication mediating apparatus 12 by transmitting service request data including identification information indicating the authentication service by the authentication mediating apparatus 12 to the provider authentication infrastructure 11. (P1-1). Next, the provider authentication infrastructure 11 generates IMPU_ {TEa} for TEa, and adds the generated IMPU_ {TEa} information to the HSS. Then, the provider authentication infrastructure 11 transmits the generated IMPU_ {TEa} to TEa (P1-2).

  Next, the provider authentication infrastructure 11 transmits a registration request indicating that the service request has been transmitted from the TEa to the authentication mediating apparatus 12 (P1-3). The first shared key management unit 121 of the authentication mediating apparatus 12 generates a shared key K_ {PF}, a (first shared key) for TEa as follows. K_ {PF, a} = h (MKPF · IMPU_ {TEa}). Then, the first shared key management unit 121 of the authentication mediating apparatus 12 transmits the public key PKPF and the shared key K_ {PF, a} to the TEa via the provider authentication infrastructure 11 (P1-4). .

  The first shared key management unit 132 of TEa receives the public key PKPF and the shared key K_ {PF, a} from the authentication mediating apparatus 12 and stores them. Next, the first shared key management unit 132 of TEa prompts the user A to input a password used for key concealment (P1-5). When an arbitrary password PWa is input to TEa by the user A (P1-6), the first shared key management unit 132 of TEa generates and stores key part information sa as follows. sa = h (PWa) · K_ {PF}, a. Then, TEa deletes K_ {PF, a} (P1-7). Note that TEa can generate K_ {PF, a} based on the input of the password PWa from the user by storing sa. Therefore, by storing sa, the relationship with the authentication mediating apparatus 12 is substantially synonymous with storing the first shared key.

<Proxy registration process>
FIG. 6 is a sequence diagram illustrating a specific example of the processing procedure of the proxy registration process. In FIG. 6, the registered communication terminal 14 (TEa) is the registered communication terminal 14 owned by the user A. The unregistered communication terminal 13 (nTEa) is the unregistered communication terminal 13 owned by the user A. Hereinafter, the proxy registration process will be described with reference to FIG. For convenience of explanation, the registered communication terminal 14 and the unregistered communication terminal 13 owned by the user A are referred to as TEa and nTEa, respectively.

  First, identification information ID_ {nTEa} is input to TEa (PR1-1). At this time, nTEa may display ID_ {nTEa} as a barcode such as a QR code on the screen, and TEa may capture and decode this to input. Further, nTEa may transmit ID_ {nTEa} to TEa using short-range wireless communication such as FeliCa or Bluetooth, and TEa may receive this to input. Further, nTEa may send an ID_ {nTEa} included in an e-mail message, and TEa may receive the input to input. Further, the user A may directly input ID_ {nTEa} into TEa.

  Next, the second shared key generation information management unit 143 of TEa transmits a session establishment request message (INVITE) for key sharing to the authentication mediating apparatus 12. At that time, the second shared key generation information management unit 143 of TEa adds IMPU_ {TEa} and ID_ {nTEa} to the session establishment request message. The session establishment request message is transferred to the authentication mediating apparatus 12 via the P-CSCF and S-CSCF in the operator authentication infrastructure 11 (PR1-2). When the second shared key generation information management unit 122 of the authentication mediating apparatus 12 receives the session establishment request message via the operator authentication infrastructure 11, the TEa is an authorized communication terminal registered in the operator authentication infrastructure 11. It is determined that there is (PR1-3).

  Next, the first shared key management unit 121 of the authentication mediating apparatus 12 generates K_ {PF, a} as follows. K_ {PF, a} = h (MKPF · IMPU_ {TEa}). Next, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 generates a random number r0 and generates r1, H1, and c1 as follows (PR1-4). r1 = E (MKPF, r0 || h (IMPU_ {TEa} · ID_ {nTEa})). H1 = h (r1 || K_ {PF, a}). c1 = E (K_ {PF, a}, r1 || H1). The second shared key generation information management unit 122 of the authentication mediating apparatus 12 transmits an authentication request message (Proxy Authentication Required: Proxy-Auth-Req) to TEa. At that time, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 adds the character strings “aupf-auth” and c1 indicating the authentication method in the authentication request message. The authentication request message is transferred to the TEa via the S-CSCF and P-CSCF in the operator authentication infrastructure 11. At that time, the S-CSCF determines a P-CSCF as a transfer destination of the authentication request message from among the plurality of P-CSCFs based on the TEa information stored in the S-CSCF (PR1-5).

  When receiving the authentication request message, the second shared key generation information management unit 143 of TEa prompts the user A to input a password. When the password PWa is input by the user A, the second shared key generation information management unit 143 of TEa generates K_PF, a using the obtained passwords PWa and sa as follows (PR1-6). . K_ {PF, a} = h (PWa) · sa. The second shared key generation information management unit 143 of TEa generates r1 and H1 using K_ {PF, a} and c1. Then, the second shared key generation information management unit 143 of TEa calculates H′1 as follows using K_ {PF, a} and r1, and confirms that H1 and H′1 match. . H′1 = h (r1 || K_ {PF, a}). When H1 and H′1 match, the second shared key generation information management unit 143 of TEa determines the validity of the authentication mediating apparatus 12 (PR1-7).

  Next, the second shared key generation information management unit 143 of TEa generates a random number r2, and uses r1, r2, PKPF, IMPU_ {TEa}, ID_ {nTEa}, and IMPU_ that is IMS identification information of nTEa. {NTEa} (second shared key generation information) is calculated as follows. IMPU_ {nTEa} = E (PKPF, r1 || r2 || IMPU_ {TEa} || ID_ {nTEa}). Further, the second shared key generation information management unit 143 of TEa further generates Kn (second shared key) and Hn as follows (PR1-8). Kn = h (r1 || r2 || IMPU_ {TEa} || ID_ {nTEa} || K_ {PF, a}), Hn = h (r1 || r2 || Kn). The management device communication unit 144 of TEa transmits a session establishment request message (INVITE) to the authentication mediating device 12 again. At that time, the management device communication unit 144 of TEa adds c1, IMPU_ {nTEa}, and Hn to the session establishment request message (PR1-9).

  When the second shared key generation information management unit 122 of the authentication mediating apparatus 12 receives the session establishment request message from the TEa, the IMPU_ {nTEa} and SKPF added to the session establishment request message are used to r1, r2, IMPU_ {TEa} and ID_ {nTEa} are generated. Then, it is confirmed whether or not r1 matches r1 generated in PR1-4. Further, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 uses the r1, r2, K_ {PF, a}, IMPU_ {TEa}, ID_ {nTEa} to set K′n and H′n. Generate as follows. K'n = h (r1 || r2 || IMPU_ {TEa} || ID_ {nTEa} || K_ {PF, a}), H'n = h (r1 || r2 || K'n). Then, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 checks whether Hn and H′n match. When Hn and H′n match, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 generates a random number r3 and generates H′n2 as follows (PR1-10). H'n2 = h (r1 || r2 || r3 || K'n). When the second shared key generation information management unit 122 of the authentication mediating apparatus 12 generates H'n2, it transmits a session establishment permission message (200 OK) to TEa. At that time, the authentication mediating apparatus 12 adds r3 and H′n2 in the session establishment permission message (PR1-11).

  When receiving the session establishment permission message, the second shared key generation information management unit 143 of TEa generates Hn2 using r1, r2, r3, and Kn as follows. Hn2 = h (r1 || r2 || r3 || Kn). Next, the second shared key generation information management unit 143 of TEa checks whether Hn2 and H′n2 match (PR1-12). Next, the management device communication unit 144 of the TEa transmits a session end message (BYE) to the authentication mediating device 12 (PR1-13). In response to the session end message (BYE), the authentication mediating apparatus 12 transmits a session end permission message (200 OK) to TEa (PR1-14). Thereby, the session between TEa and the authentication mediating apparatus 12 is completed. The second shared key generation information management unit 143 of TEa prompts the user A to input a password when Hn2 and H′n2 match. Then, the second shared key generation information management unit 143 of TEa generates and stores the key part information sna as follows using the input password PWna (PR1-15). sna = h (PWna) · Kn.

  When sna is generated by TEa, IMPU_ {nTEa} and sna are input to nTEa. Similar to the process (PR1-1) when the identification information ID_ {nTEa} is input to TEa, this process can be performed by any method such as barcode, short-range wireless communication, mail transmission, and direct input by user A. May be used (PR1-16).

  Through such proxy registration processing, the unregistered communication terminal nTEa owned by the user A is registered in the authentication mediating apparatus 12. At that time, TEa performs registration processing via the operator authentication infrastructure 11 in place of nTEa. Therefore, the authentication mediating apparatus 12 ensures the legitimacy of the registration process without providing a unique authentication apparatus in the authentication mediating apparatus 12 in order to respond to the registration process by the TEa whose legitimacy is ensured by the provider authentication infrastructure 11. It becomes possible.

  In addition, by such proxy registration processing, the registration processing is performed for the authentication mediating apparatus 12 whose legitimacy is ensured by the operator authentication infrastructure 11 even in TEa. Is possible.

  In addition, by such proxy registration processing, the unregistered communication terminal 13 that cannot be connected to the provider authentication infrastructure 11 exchanges IMPU_nTEa and sna with the authentication mediation apparatus 12 connected to the provider authentication infrastructure 11. It becomes possible to share.

<Communication terminal information registration process>
FIG. 7 is a sequence diagram showing a specific example of the processing procedure of the communication terminal information registration process. In FIG. 7, the unregistered communication terminal 13 (nTEa) is the unregistered communication terminal 13 owned by the user A. Hereinafter, the communication terminal information registration process will be described with reference to FIG. For convenience of explanation, the unregistered communication terminal 13 owned by the user A is described as nTEa.

  First, the second shared key storage unit 131 of nTEa prompts the user A to input a password. When the password PWna is input by the user A, the second shared key storage unit 131 of nTEa generates Kn (second shared key) as follows using the input passwords PWna and sna (DR1 -1). Kn = h (PWna) · sna. Further, the second shared key storage unit 131 of nTEa generates a MAC (Message Authentication Code) using the generated common key Kn. When the second shared key storage unit 131 of nTEa generates Kn and MAC, the authentication mediating apparatus 12 adds IMPU_ {nTEa}, related information of the location information ADDR_ {nTEa}, and location information registration to which the MAC is added. A message is transmitted (DR1-2). The location information registration message is guaranteed to be complete by adding a MAC.

  When receiving the location information registration message, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 authenticates nTEa using the MAC. When authentication using the MAC is performed, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 stores IMPU_ {nTEa} and ADDR_ {nTEa} in association with each other, and transmits an ack message to nTEa. (DR1-3).

<Key sharing process>
Next, the key sharing process will be described. The key sharing process is performed using a PSK (Pre Shared Key) mode of MIKEY (Multimedia Internet KEYing (RFC3830)). The key sharing process is performed between the non-registered communication terminal 13 or the registered communication terminal 14 and the other non-registered communication terminal 13 or the registered communication terminal 14. ). The key sharing process differs depending on whether both parties sharing the key are non-registered communication terminals or one of which is a registered communication terminal.

  First, key sharing processing when both are unregistered communication terminals will be described. FIG. 8 is a schematic diagram showing an overview of key sharing processing when both are unregistered communication terminals. In this case, the authentication mediating apparatus 12 shares the shared keys K_ {n, a} and K_ {n, b} with nTEa and nTEb, respectively, and mediates the key exchange message. In FIG. 8, the non-registered communication terminal (nTEa) owned by the user A and the non-registered communication terminal (nTEb) owned by the user B execute the key sharing process. First, nTEa generates a shared key K_ {a, b} shared with nTEb. Next, nTEa encrypts shared key K_ {a, b} using K_ {n, a} to generate a MAC. Then, the nTEa transmits a key exchange message including the generated encrypted shared key and MAC to the authentication mediating apparatus 12.

  Upon receiving the key exchange message, the authentication mediating apparatus 12 authenticates nTEa using the MAC included in the received key exchange message. When authentication is performed, the authentication mediating apparatus 12 decrypts the encrypted shared key included in the received key exchange message using K_ {n, a}, and generates a shared key K_ {a, b}. To do. Then, the authentication mediating apparatus 12 encrypts the shared key K_ {a, b} using K_ {n, b}, generates a MAC, and transmits a key exchange message including these two data to nTEb. .

  When the nTEb receives the key exchange message, the nTEb authenticates the authentication mediating apparatus 12 using the MAC included in the received key exchange message. When authentication is performed, nTEb decrypts the encrypted shared key included in the received key exchange message using K_ {n, b}, and stores the shared key K_ {a, b}. The shared key K_ {a, b} is shared between nTEa and nTEb. Note that the shared key K_ {a, b} shared by nTEa and nTEb is not generated by nTEa, but may be generated by the authentication mediating apparatus 12 in response to a key generation request message from nTEa. In this case, the shared key K_ {a, b} is encrypted by the authentication mediating apparatus 12 using both the keys K_ {n, a} and K_ {n, b} for both nTEa and nTEb. Sent.

  FIG. 9 is a sequence diagram showing the flow of the key sharing process when both are unregistered communication terminals. Hereinafter, the flow of the key sharing process will be described in detail. First, nTEa prompts user A to input a password. nTEa generates K_ {n, a} using the passwords PWna and sna as follows (KE1-1). K_ {n, a} = h (PWna) · sna. Next, nTEa generates an encryption key encrkey_a and an authentication key authkey_a from K_ {n, a} as follows (KE1-2). encrkey_a = PRF (K_ {n, a}, LABELenc), LABELenc = CONSTenc || 0xFF || csb_id || RAND. authkey_a = PRF (K_ {n, a}, LABELauth), LABELauth = CONSTauth || 0xFF || csb_id || RAND. Csb_id is a 32-bit identifier randomly generated by nTEa.

  nTEa generates MIKEY initiator message (I_MESSAGEa) using MIKEY message header HDR, time stamp T, random number RAND, nTEa IMS identification information IMPU_ {nTEa}, nTEb IMS identification information IMPU_ {nTEb} Then, a message authenticator MAC of the message is generated using authkeya (KE1-3). nTEa randomly generates a shared key K_ {a, b} with nTEb. Also, nTEa generates key information KEYMAC as follows using K_ {a, b}, encrkeya, and MAC, and adds the key information KEYMAC to I_MESSAGEa (KE1-4). KEYMAC = E (encrkeya, K_ {a, b}) || MAC. The nTEa transmits I_MESSAGEa to the authentication mediating apparatus 12 (KE1-5). The authentication mediating apparatus 12 generates r1, r2, IMPU_ {TEa}, and ID_ {nTEa} based on the following relationship using IMPU_ {nTEa} and SKPF. IMPU_ {nTEa} = E (PKPF, r1 || r2 || IMPU_ {TEa} || ID_ {nTEa}), D (MKPF, r1) = r0 || H0, K_ {PF, a} = h (MKPF · IMPU_ {TEa}), K_ {n, a} = h (r1 || r2 || IMPU_ {TEa} || ID_ {nTEa} || K_ {PF, a}). Further, the authentication mediating apparatus 12 generates r0 and H0 using r1, and verifies whether or not H0 = h (IMPU_ {TEa} · ID_ {nTEa}). Furthermore, the authentication mediating apparatus 12 generates K_ {n, a} using r1, r2, MKPF, IMPU_ {TEa}, and ID_ {nTEa} (KE1-6). Then, the authentication mediating apparatus 12 generates encrkeya and authkeya from K_ {n, a}, verifies the MAC in the KEYMAC, and authenticates the nTEa that is the transmission source of this KEYMAC. And the authentication mediating apparatus 12 produces | generates K_ {a, b}, when authentication is made (KE1-7).

  Next, the authentication mediating apparatus 12 generates r1, r2, IMPU_ {TEb}, and ID_ {nTEb} using IMPU_ {nTEb} and SKPF. r0 and H0 are generated from r1, and it is verified whether or not H0 = h (IMPU_ {TEb} · ID_ {nTEb}). Further, the authentication mediating apparatus 12 generates K_ {n, b} based on the following relationship using r1, r2, MKPF, IMPU_ {TEb}, and ID_ {nTEb} (KE1-8). IMPU_ {nTEb} = E (PKPF, r1 || r2 || IMPU_ {TEb} || ID_ {nTEb}), D (MKPF, r1) = r0 || H0, K_ {PF, b} = h (MKPF · IMPU_ {TEb}), K_ {n, b} = h (r1 || r2 || IMPU_ {TEb} || ID_ {nTEb} || K_ {PF, b}).

  Next, the authentication mediating apparatus 12 generates encrkeyb and authkeyb using K_ {n, b} as follows (KE1-9). encrkeyb = PRF (K_ {n, b}, LABELenc), LABELenc = CONSTenc || 0xFF || csb_id || RAND. authkeyb = PRF (K_ {n, b}, LABELauth), LABELauth = CONSTauth || 0xFF || csb_id || RAND.

  Next, the authentication mediating apparatus 12 uses the MIKEY message header HDR, the time stamp T, the random number RAND, the IMS identification information IMPU_ {nTEa} of nTEa, and the IMS identification information IMPU_ {nTEb} of nTEb to initiate the MIKEY initiator. A message (I_MESSAGEb) is generated, and a message authenticator MAC of the message is generated using authkeyb (KE1-10). Next, the authentication mediating apparatus 12 generates KEYMAC using K_ {a, b}, encrkeyb, and MAC as follows. Next, the authentication mediating apparatus 12 adds to I_MESSAGEb as follows (KE1-11). KEYMAC = E (encrkeyb, K_ {a, b}) || MAC. Then, the authentication mediation apparatus 12 transmits I_MESSAGEb to nTEb (KE1-12).

  When nTEb receives I_MESSAGEb from authentication mediating apparatus 12, nTEb prompts user B to enter a password. nTEb generates K_ {n, b} using the obtained passwords PWb and snb as follows (KE1-13). K_ {n, b} = h (PWnb) · snb. Next, nTEb generates an encryption key encrkeyb and an authentication key authkeyb using K_ {n, b} (KE1-14). Next, the nTEb verifies the MAC in the KEYMAC and performs an authentication process on the authentication mediating apparatus 12 that is the transmission source. When nTEb is authenticated, it generates K_ {a, b} (KE1-15). The nTEb generates the MIKEY message header HDR, generates the MIKEY responder message (R_MESSAGEb) using the time stamp T in the I_MESSAGEb and the nTEb IMS identification information IMPU_ {nTEb}, and the message authentication of the message A child MAC is generated using authkeyb (KE1-16). The nTEb adds the MAC to the R_MESSAGEb and transmits the R_MESSAGEb to the authentication mediating apparatus 12 (KE1-17).

  The authentication mediating apparatus 12 verifies the MAC using authkeyb (KE1-18). Next, the authentication mediating apparatus 12 generates a MIKEY responder message (R_MESSAGEa) from the MIKEY message header HDR, the time stamp T, and the nTEa IMS identification information IMPU_ {nTEa}, and sets the message authenticator MAC of the message to It is generated using authkeya (KE1-19). Next, the authentication mediating apparatus 12 adds the MAC to R_MESSAGEa and transmits R_MESSAGEa to nTEa (KE1-20). And nTEa verifies MAC in R_MESSAGEa in authkeya (KE1-21).

  Next, a key sharing process when either one is a registered communication terminal will be described. FIGS. 10A and 10B are schematic diagrams illustrating an overview of key sharing processing when either one is a registered communication terminal. In this case, key sharing by MIKEY is performed via IMS using SIP (Session Initiation Protocol).

  In FIG. 10A, when an SIP message is transmitted from the IMS non-registered communication terminal A to the registered communication terminal B, the IMS identification information IMPU_ {nTEa} of the non-registered communication terminal A is used by the AuPF. The user A of the terminal A converts to the registered communication terminal identification information IMPU_ {TEa} and exchanges the SIP message including the MIKEY message with the partner registered communication terminal B via the IMS. At that time, tag = ID_ {nTEa} and identification information IMPU_ {TEa} for the registered communication terminal of user A are described in the From field.

  In FIG. 10B, when a SIP message is transmitted from the registered communication terminal B to the unregistered communication terminal A, a realm (for example, pncp.net) indicating the authentication mediating apparatus 12 is added to the To field of the message. Send. Further, when the realm is included in the To field in the S-CSCF in the IMS, it is set in the IMS in advance so as to be transferred to the authentication mediating apparatus 12. As a result, all messages addressed to the unregistered communication terminal A are transferred to the authentication mediating apparatus 12. Therefore, the authentication mediating apparatus 12 can convert the IMS identification information IMPU_ {nTEa} of the unregistered communication terminal A in the SIP message into the user A's registered communication terminal identification information IMPU_ {TEa}.

  In the key sharing process, key sharing is performed between the communication terminal and the portable terminal of the communication partner via the authentication mediating apparatus 12. At that time, the authentication mediating apparatus 12 converts the identification information for the communication terminal into the identification information for the operator network, thereby enabling key sharing via the operator network.

  Through the above-described processing, when the unregistered communication terminal 13 uses the provider network, it is possible to access the provider network via the authentication intermediary device 12. Therefore, by sharing a common key in advance between the unregistered communication terminal 13 and the authentication intermediary device 12, the safety of communication between the two is ensured and secure access to the operator network is ensured. . In the actual key sharing process, the registered communication terminal 14 owned by the user of the unregistered communication terminal 13 acts as a proxy to realize secure key sharing.

In addition, you may make it implement | achieve the function of the authentication mediation apparatus 12, the unregistered communication terminal 13, and the registration communication terminal 14 in embodiment mentioned above with a computer. In that case, a program for realizing these functions may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. The “computer system” here includes an OS and hardware such as peripheral devices. The “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a storage device such as a hard disk built in the computer system. Further, the “computer-readable recording medium” dynamically holds a program for a short time, like a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. It is also possible to include those that hold a program for a certain time, such as a volatile memory inside a computer system serving as a server or client in that case.
The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.
The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes designs and the like that do not depart from the gist of the present invention.

[Other Examples 1]
FIG. 13 is a sequence diagram illustrating another example 1 of the processing procedure of the proxy registration process. In FIG. 13, portions corresponding to the respective steps in FIG. 6 are denoted by the same reference numerals. In the embodiment of FIG. 13, the TEa establishes a session with the authentication mediating apparatus 12 via the provider authentication infrastructure 11. At that time, the authentication mediating apparatus 12 distributes challenge information c1 to TEa. In the established session, the TEa shares the common key Kn, a for nTEa with the authentication mediating apparatus 12 and generates the identifier IMPU_ {nTEa}. After the proxy registration means ends, TEa ends the session with the authentication mediating apparatus 12. The difference from FIG. 6 will be described below with reference to FIG.

  In FIG. 13, steps PR1-1 to PR4 are the same as those in FIG. However, TEa specifies the type of data exchanged in the session and the protocol for transmitting / receiving the data in the session establishment request message (INVITE). In this example, an XML (eXtensible Markup Language) file is designated as the data type, and HTTP (Hyper Text Transfer Protocol) is designated as the protocol. The second shared key generation information management unit 122 of the authentication mediating apparatus 12 transmits a session establishment permission message (200 OK) to TEa. At that time, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 adds c1 to the session establishment permission message. The session establishment permission message is transferred to the TEa via the S-CSCF and the P-CSCF in the carrier authentication infrastructure 11 (PR2-5).

  Next, steps PR1-6 to 8 are the same as those in FIG. The management device communication unit 144 of the TEa transmits a proxy registration request message to the authentication mediation device 12 within the established session. At that time, the management device communication unit 144 of TEa adds c1, IMPU_ {nTEa}, and Hn to the proxy registration request message (PR2-9). In this example, an XML file including c1, IMPU_ {nTEa}, and Hn is sent using an HTTP POST method.

  Next, Step PR1-10 is the same as FIG. The second shared key generation information management unit 122 of the authentication mediating apparatus 12 transmits a proxy registration response message to the TEa within the established session. At that time, the authentication mediating apparatus 12 adds r3 and H′n2 to the proxy registration response message (PR2-11). In this example, an XML file including r3 and H'n2 is sent using the HTTP GET method. Next, steps PR1-12 to 16 are the same as those in FIG.

  According to the proxy registration processing procedure of FIG. 13, the proxy registration processing is performed within one session established between the TEa and the authentication mediating apparatus 12, so that the SIP procedure is simplified.

[Other embodiment 2]
FIG. 14 is a sequence diagram showing another example 2 of the processing procedure of the proxy registration process. In FIG. 14, portions corresponding to the steps in FIGS. 6 and 13 are denoted by the same reference numerals. In the embodiment of FIG. 14, GRUU (Globally Routable User Agent URIs) technology is used for nTEa registration. The GRUU technique is a technique for assigning a URI (Universal Resource Identifier) not to a user unit but to a device unit. TEa generates a GRUU identifier instead of IMPU_ {nTEa} when registering nTEa. And TEa registers this GRUU identifier with respect to the provider authentication infrastructure 11 by a communication terminal information registration process. Hereinafter, the difference from FIGS. 6 and 13 will be described with reference to FIG.

  In FIG. 14, steps PR1-1 to PR4, PR2-5 and PR1-6 to 7 are the same as those in FIGS. The second shared key generation information management unit 143 of TEa generates a random number r2, and uses r1, r2, K_ {PF, a}, IMPU_ {TEa}, ID_ {nTEa}, and GID_ which is the GTEU identifier of nTEa. {NTEa} (second shared key generation information) is calculated as follows. GID_ {nTEa} = E (K_ {PF, a}, r1 || r2 || IMPU_ {TEa} || ID_ {nTEa}). Further, the second shared key generation information management unit 143 of TEa further generates Kn (second shared key) and Hn as follows (PR3-8). Kn = h (r1 || r2 || IMPU_ {TEa} || ID_ {nTEa} || K_ {PF, a}), Hn = h (r1 || r2 || Kn).

  Next, the management device communication unit 144 of the TEa transmits a proxy registration request message to the authentication mediation device 12 within the established session. At that time, the management device communication unit 144 of TEa adds c1, GID_ {nTEa}, and Hn to the proxy registration request message (PR3-9). In this example, an XML file including c1, GID_ {nTEa}, and Hn is sent using the HTTP POST method.

  When receiving the proxy registration request message from TEa, second shared key generation information management unit 122 of authentication mediating apparatus 12 uses GID_ {nTEa} and K_ {PF, a} added to this proxy registration request message. , R1, r2, IMPU_ {TEa} and ID_ {nTEa}. Then, it is confirmed whether or not r1 matches r1 generated in PR1-4. Furthermore, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 uses the r1, r2, K_ {PF, a}, IMPU_ {TEa}, ID_ {nTEa} to set K′n and H′n. Generate as follows. K'n = h (r1 || r2 || IMPU_ {TEa} || ID_ {nTEa} || K_ {PF, a}), H'n = h (r1 || r2 || K'n). Then, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 checks whether Hn and H′n match. If Hn and H′n match, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 generates a random number r3 and generates H′n2 as follows (PR3-10). H'n2 = h (r1 || r2 || r3 || K'n).

  Next, steps PR2-11 and PR1-12 to 15 are the same as those in FIGS. When sna is generated by TEa, GID_ {nTEa} and sna are input to nTEa. Similar to the process (PR1-1) when the identification information ID_ {nTEa} is input to TEa, this process can be performed by any method such as barcode, short-range wireless communication, mail transmission, and direct input by user A. May be used (PR3-16).

  Next, with reference to FIG. 15, a procedure in which the TEa registers a GRUU identifier in the operator authentication infrastructure 11 in the communication terminal information registration process will be described. FIG. 15 is a sequence diagram showing another example 2 of the processing procedure of the communication terminal information registration process. In FIG. 15, the same reference numerals are given to the portions corresponding to the steps in FIG. The difference from FIG. 7 will be described below with reference to FIG.

  In FIG. 15, step DR1-1 is the same as FIG. The second shared key storage unit 131 of nTEa generates a MAC using the generated common key Kn. When the second shared key storage unit 131 of nTEa generates Kn and MAC, the authentication mediating apparatus 12 registers GID_ {nTEa}, location information ADDR_ {nTEa} related information, and location information registration with MAC added. A message is transmitted (DR3-2). The location information registration message is guaranteed to be complete by adding a MAC.

  When receiving the location information registration message, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 authenticates nTEa using the MAC. When authentication using the MAC is performed, the second shared key generation information management unit 122 of the authentication mediating apparatus 12 stores GID_ {nTEa} and ADDR_ {nTEa} in association with each other, and transmits an ack message to nTEa. (DR3-3).

  The TEa requests the registration of GID_ {nTEa} by transmitting a SIP REGISTER message to the carrier authentication infrastructure 11. At that time, TEa includes GDDR_ {nTEa} and ADDR_ {PF} that is the address of authentication mediating apparatus 12 as the Contact address in the REGISTER message (DR3-4).

  Upon receipt of the REGISTER message, the carrier authentication infrastructure 11 confirms the validity of TEa using IMPU_ {TEa}. When the legitimacy of TEa is confirmed, the operator authentication infrastructure 11 transmits a GRUU identifier registration permission message (200 OK) to TEa. As a result, the GRUU identifier GID_ {nTEa} of nTEa is registered in the operator authentication infrastructure 11.

  Next, a key sharing process using a GRUU identifier will be described with reference to FIG. FIGS. 16A and 16B are schematic diagrams showing an overview of key sharing processing when either one is a registered communication terminal. In this case, key sharing by MIKEY is performed via IMS using SIP.

  In FIG. 16A, when an SIP message is transmitted from the IMS non-registered communication terminal A to the registered communication terminal B, the GRUU identifier GID_ {nTEa} of the non-registered communication terminal A is assigned by AuPF to the unregistered communication terminal A. Is added to the registered communication terminal identification information IMPU_ {TEa} of the user A and exchanges a SIP message including the MIKEY message with the other registered communication terminal B via IMS. At that time, gr = GID_ {nTEa} and the GRUU identifier GID_ {nTEa} of the unregistered communication terminal A are described in the From field.

  In FIG. 16B, when a SIP message is transmitted from the registered communication terminal B to the unregistered communication terminal A, it is transmitted by adding gr = GID_ {nTEa} indicating the unregistered communication terminal A to the To field of the message. To do. As a result, all messages addressed to the unregistered communication terminal A are transferred to the authentication mediating apparatus 12. The authentication mediating apparatus 12 refers to the address corresponding to the GRUU identifier GID_ {nTEa} of the unregistered communication terminal A in the SIP message, and transfers the message to the unregistered communication terminal A. Further, the authentication intermediary device 12 simultaneously obtains the key Kn, a for the unregistered communication terminal A and re-encrypts the key exchange message addressed to the unregistered communication terminal A.

  According to the other embodiment part 2, by using the GRUU technology for nTEa registration, it is not necessary to set in the IMS in advance so that the S-CSCF in the IMS is transferred to the authentication mediating apparatus 12, The key sharing process can be performed by a normal SIP procedure.

It is a system configuration figure showing the system configuration of a key sharing system. 3 is a functional block diagram illustrating a configuration example of an authentication mediating apparatus 12. FIG. 3 is a functional block diagram illustrating a configuration example of an unregistered communication terminal 13. FIG. 3 is a functional block diagram illustrating a configuration example of a registered communication terminal 14. FIG. It is a sequence diagram which shows the specific example of the process sequence of a prior preparation process. It is a sequence diagram which shows the specific example of the process sequence of a proxy registration process. It is a sequence diagram which shows the specific example of the process sequence of a communication terminal information registration process. It is a schematic diagram which shows the outline | summary of the key sharing process in case both are unregistered communication terminals. It is a sequence diagram which shows the flow of the key sharing process in case both are unregistered communication terminals. It is a schematic diagram which shows the outline | summary of the key sharing process in case either one is a registration communication terminal. It is a schematic diagram which shows the outline | summary of the network structure of IMS. It is a sequence diagram which shows the authentication sequence in IMS. It is a sequence diagram which shows the other Example 1 of the process sequence of a proxy registration process. It is a sequence diagram which shows the other Example 2 of the process sequence of a proxy registration process. It is a sequence diagram which shows the other Example 2 of the process sequence of a communication terminal information registration process. It is a schematic diagram which shows the outline | summary of the key sharing process in case either one is a registration communication terminal in the other Example 2.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 11 ... Provider authentication infrastructure (authentication infrastructure), 12 ... Authentication mediation device (management device), 121 ... First shared key management unit, 122 ... Second shared key generation information management unit, 123 ... Second shared key management unit , 124 ... third shared key management unit, 13 ... unregistered communication terminal, 131 ... second shared key storage unit, 132 ... third shared key management unit, 14 ... registered communication terminal, 141 ... authentication management unit, 142 ... first One shared key management unit, 143 ... second shared key generation information management unit, 144 ... management device communication unit

Claims (26)

A first shared key that is shared between the registered communication terminal that has been authenticated in the authentication infrastructure and the device itself is generated, the generated first shared key is stored, and the registered communication is performed via the authentication infrastructure. A first shared key management unit to be transmitted to the terminal;
Second shared key generation information that can be used together with the first shared key to generate a second shared key, from the unregistered communication terminal that stores the second shared key and the second shared key generation information, A second shared key generation information management unit for receiving without going through the authentication infrastructure;
And a second shared key management unit that generates the second shared key using the first shared key and the second shared key generation information.   By performing encrypted communication using the second shared key with the non-registered communication terminal without going through the authentication infrastructure, the third shared key is shared with the non-registered communication terminal, and the third shared key is The management apparatus according to claim 1, further comprising a third shared key management unit that encrypts and transmits to another non-registered communication terminal using the second shared key corresponding to the other non-registered communication terminal. An authentication management unit that receives authentication in the authentication infrastructure;
A first shared key management unit that shares a first shared key with a management device by communication via the authentication infrastructure;
Second shared key generation information that generates second shared key generation information that can be used together with the first shared key to generate a second shared key and stores the generated second shared key generation information The management department,
A registered communication terminal comprising: a management device communication unit that transmits the second shared key generation information to the management device by communication via the authentication infrastructure. A second shared key storage unit that stores a second shared key shared with the management apparatus and second shared key generation information for generating the second shared key;
Transmitting the second shared key generation information to the management device without going through an authentication infrastructure, and the second shared key generated by the management device and the second shared key storage unit storing the second shared key A third shared key management unit that shares the third shared key with the management device by performing encrypted communication using the management device,
With
An unregistered communication terminal that shares the third shared key with the other communication terminal by transferring the third shared key to the other communication terminal in the management device. Includes a registered communication terminal, an unregistered communication terminal, an authentication infrastructure, and a management device, and guarantees confidentiality and integrity in communication between the registered communication terminal and the authentication infrastructure and communication between the authentication infrastructure and the management device. A network system,
The management device generates a first shared key that is shared between the registered communication terminal that has been authenticated by the authentication infrastructure and the device itself, stores the generated first shared key, and stores the authentication infrastructure To the registered communication terminal via
The registered communication terminal device receives the first shared key from the management device and generates second shared key generation information that can be used together with the first shared key to generate a second shared key. , Transmitting the generated second shared key generation information to the management device via the authentication infrastructure,
The management device receives the second shared key generation information, generates the second shared key using the first shared key and the second shared key generation information,
The registered communication terminal generates the second shared key using the partial second shared key and the second shared key generation information,
The network system, wherein the unregistered communication terminal receives and stores the input of the second shared key generated by the registered communication terminal. The unregistered communication terminal generates a third shared key, encrypts the generated third shared key using the second shared key, and transmits the encrypted third shared key to the management device.
The management device receives the encrypted third shared key, generates the third shared key by decrypting using the second shared key, and other related to the other unregistered communication terminal Encrypting the third shared key using the second shared key and sending it to the other unregistered communication terminal,
The other non-registered communication terminal receives the encrypted third shared key, and generates and stores the third shared key by decrypting using the other second shared key. The network system according to claim 5, wherein the network system is characterized. The management device generates a first shared key shared between the registered communication terminal and the own device that have been authenticated in the authentication infrastructure; and
The management device storing the generated first shared key;
The management device transmitting the first shared key to the registered communication terminal via the authentication infrastructure;
The management apparatus stores second shared key and second shared key generation information as second shared key generation information that can be used together with the first shared key to generate a second shared key. Receiving from the registered communication terminal without going through the authentication infrastructure;
The management device storing the received second shared key generation information;
The management device includes the step of generating the second shared key using the first shared key and the second shared key generation information. The management device sharing the third shared key with the non-registered communication terminal by performing encrypted communication using the second shared key with the non-registered communication terminal without going through the authentication infrastructure; ,
The management device includes a step of encrypting and transmitting the third shared key to another non-registered communication terminal using the second shared key corresponding to the other non-registered communication terminal. The management method described. The registered communication terminal is authenticated in the authentication infrastructure;
The registered communication terminal sharing a first shared key with a management device by communication via the authentication infrastructure;
The registered communication terminal generating second shared key generation information that can be used together with the first shared key to generate a second shared key;
The registered communication terminal storing the generated second shared key generation information;
A method in which the registered communication terminal transmits the second shared key generation information to the management device by communication via the authentication infrastructure. A non-registered communication terminal including a second shared key storage unit that stores a second shared key shared with the management apparatus and second shared key generation information for generating the second shared key does not pass through the authentication infrastructure. The second shared key generation information is transmitted to the management device, and the second shared key generated by the management device and the encrypted communication using the second shared key stored in the second shared key storage unit Sharing the third shared key with the management device by performing
The non-registered communication terminal includes a step of sharing the third shared key with the other communication terminal by transferring the third shared key to the other communication terminal in the management device. Against the computer
Generating a first shared key to be shared between the registered communication terminal and the own device that have been authenticated in the authentication infrastructure;
Storing the generated first shared key;
Transmitting the first shared key to the registered communication terminal via the authentication infrastructure;
Second shared key generation information that can be used together with the first shared key to generate a second shared key, from the unregistered communication terminal that stores the second shared key and the second shared key generation information, Receiving without going through the authentication infrastructure;
Storing the received second shared key generation information;
And generating the second shared key using the first shared key and the second shared key generation information. For the computer
Sharing the third shared key with the non-registered communication terminal by performing encrypted communication using the second shared key with the non-registered communication terminal without going through the authentication infrastructure;
The step of encrypting and transmitting the third shared key to another non-registered communication terminal using the second shared key corresponding to the other non-registered communication terminal. Computer program. Against the computer
Receiving authentication in the authentication infrastructure;
Sharing the first shared key with the management device by communication via the authentication infrastructure;
Generating second shared key generation information that can be used together with the first shared key to generate a second shared key;
Storing the generated second shared key generation information;
And a step of transmitting the second shared key generation information to the management device by communication via the authentication infrastructure. Against the computer
A non-registered communication terminal including a second shared key storage unit that stores a second shared key shared with the management apparatus and second shared key generation information for generating the second shared key does not pass through the authentication infrastructure. The second shared key generation information is transmitted to the management device, and the second shared key generated by the management device and the encrypted communication using the second shared key stored in the second shared key storage unit Sharing the third shared key with the management device by performing
A computer program for executing the step of sharing the third shared key with the other communication terminal by transferring the third shared key to the other communication terminal in the management device.   The registered communication terminal according to claim 3, wherein the management device communication unit adds the second shared key generation information to a session establishment request message to be transmitted to the management device.   The management device communication unit performs a series of exchanges of information including the second shared key generation information with respect to the management device within one session established with the management device. 3. The registered communication terminal according to 3.   The second shared key generation information management unit generates the second shared key generation information as information including user identification information of a self-registered communication terminal and identification information of an unregistered communication terminal. The registered communication terminal described. The second shared key generation information is a GRUU identifier of the unregistered communication terminal,
The registered communication terminal according to claim 17, wherein the registered communication terminal registers the second shared key generation information with the authentication infrastructure.   The communication method according to claim 9, wherein the registered communication terminal adds the second shared key generation information to a session establishment request message transmitted to the management device.   The registered communication terminal performs a series of exchanges of information including the second shared key generation information with respect to the management apparatus within one session established with the management apparatus. The communication method described in 1.   The communication method according to claim 9, wherein the registered communication terminal generates the second shared key generation information as information including user identification information of the self-registered communication terminal and identification information of the unregistered communication terminal. The second shared key generation information is a GRUU identifier of the unregistered communication terminal,
The communication method according to claim 21, wherein the registered communication terminal registers the second shared key generation information in the authentication infrastructure.   The computer program according to claim 13, wherein the second shared key generation information is added to a session establishment request message transmitted to the management apparatus.   14. The computer program according to claim 13, wherein a series of information including the second shared key generation information is exchanged with the management apparatus within one session established with the management apparatus.   14. The computer program according to claim 13, wherein the second shared key generation information is generated as information including user identification information of a self-registered communication terminal and identification information of an unregistered communication terminal. The second shared key generation information is a GRUU identifier of the unregistered communication terminal,
The computer program according to claim 25, further causing the computer to execute a step of registering the second shared key generation information with respect to the authentication infrastructure.

Images