JP2010015285A - Execution determination device, execution determination system, execution determination method and execution determination program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent execution of processing by a server not based on a request from a client. <P>SOLUTION: The security server 40 receives a random number and a generation command of information necessary to issue a certificate from a CA (Certification Authority) 10 having received the random number and a certificate issuance request transmitted by an RA (Registration Authority) 20. The security server 40 confirms that the RA 20 has transmitted the certificate issuance request to the CA 10 based on the received random number, and decides whether to execute the received generation command or not. The security server 40 transmits an execution result generated by the execution of the generation command to the CA 10 when determining that the generation command is executed, and makes the CA 10 issue the certificate based on the execution result. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a technique for controlling execution of processing by a server, such as issuance of an electronic certificate (hereinafter referred to as a certificate) by a certificate issuing server.

  In a conventional certificate issuance system, an RA (Registration Authority, an example of a client) sends a certificate issuance request to a CA (Certification Authority, an example of a certificate issuance server, a processing server) in response to a user request (operation). . When the CA receives the certificate issuance request from the RA, it passes the user's previously stored PIN (Personal Identification Number) and command to the security module, and if authentication by the PIN is received, the CA issues a command from the security module. The execution result of is received. Then, the CA issues a certificate based on the execution result of the received command and transmits it to the RA.

Japanese Patent Application Laid-Open No. 2004-228561 describes a technique for controlling the execution of processing in the security module by the security module performing access control based on the access control list.
JP 2006-107323 A

In the conventional certificate issuing system, the CA has a security module and a PIN necessary for executing the security module. Therefore, the CA substantially has the authority to issue certificates. In other words, an RA or a user who requests RA to issue a certificate cannot control the certificate issuance process by the CA. Therefore, the user who requests the certificate issuance is forced to trust the validity of the CA.
The same applies to processing other than certificate issuance, and prevents execution of processing in the security module by a server that is not based on a request from a client or a user who uses the client (hereinafter simply referred to as “client”). I can't. Therefore, there is a possibility that the processing in the security module may be abused by the server.
An object of the present invention is to prevent execution of processing by a server that is not based on a request from a client.

The execution determination apparatus according to the present invention includes, for example, an instruction to generate information necessary for executing the process indicated by the process request information from the process server that has received the process request information transmitted by the client together with the authentication information of the client. A generation instruction receiving unit that receives the authentication information via a communication device;
Based on the authentication information received by the generation instruction receiving unit, the client confirms that the processing request has been transmitted, and executes the generation process indicated by the generation instruction received by the generation instruction receiving unit based on the confirmation result. An execution determination unit for determining whether or not by the processing device;
When the execution determination unit determines that the generation process is executed, the process result information generated by executing the generation process is transmitted to the processing server via a communication device, and the processing result information is transmitted to the processing server. And a result information transmitting unit for executing the requested process based on the above.

  The execution determination apparatus according to the present invention confirms that the client has transmitted the processing request, and transmits information necessary for executing the processing requested by the client to the processing server. For this reason, the processing server cannot execute the requested processing unless it receives a processing request from a client. That is, according to the execution determination apparatus according to the present invention, the server process can be controlled by the client.

  In the following description, an execution determination system that prevents execution of processing by a server that is not based on a request from a client will be described using certificate issuing processing in the certificate issuing system 100 as an example.

  Embodiment 1 FIG.

The certificate issuing system 101, which is the basic configuration of the certificate issuing system 100 according to this embodiment, will be described.
FIG. 1 is a functional block diagram showing functions of the certificate issuing system 101.
The certificate issuing system 101 includes CA10 and RA20. The CA 10 is a device that issues a certificate, and is an example of a processing server. The CA 10 includes a certificate issuance receiving unit 11 (an example of a request receiving unit), a PIN input unit 12, a certificate issuance unit 13 (an example of a processing execution unit), and a security module 60. The security module 60 includes a command execution unit 61. The RA 20 is a device that requests certificate issuance and is an example of a client, such as a mobile phone. The RA 20 includes a certificate issuance request unit 21 (an example of a request transmission unit) and a certificate verification unit 22.

The operation of the certificate issuing system 101 will be described.
FIG. 2 is a flowchart showing the operation of the certificate issuing system 101.
First, as advance preparation for the processing shown in FIG. 2, the PIN input unit 12 of the CA 10 acquires the PIN secretly held by the terminal of the administrator 2 and stores it in the storage device.
<S101>: The RA 20 starts processing in response to a request from the user 1. First, the certificate issuance request unit 21 transmits a certificate issuance request (an example of processing request information) including issuance information to the CA 10 via the communication device.
<S102>: Next, the CA starts processing. The certificate issuance receiving unit 11 receives a certificate issuance request from the RA 20 via the communication device. The certificate issuance accepting unit 11 extracts issuance information from the certificate issuance request and transmits it to the certificate issuance unit 13.
<S103>: The certificate issuing unit 13 receives the issuance information from the certificate issuance receiving unit 11, and receives the PIN from the PIN input unit 12. The certificate issuing unit 13 generates a command for generating a certificate (an example of a generation instruction) by using the issuing information by using the processing device. Then, the certificate issuing unit 13 transmits the generated command and PIN to the command execution unit 61 of the security module 60.
<S104>: The command execution unit 61 receives the command and the PIN from the certificate issuing unit 13. The command execution unit 61 verifies whether the PIN is correct. For example, the command execution unit 61 compares the PIN stored in advance with the received PIN to verify whether the PIN is correct. If the PIN is correct, the command execution unit 61 generates an execution result (an example of processing result information) based on the received command and the protection information held in the security module 60 by the processing device. The protection information is, for example, a secret key in a public key cryptosystem. The command execution unit 61 creates an electronic signature based on the secret key, for example, in accordance with an instruction of the received command. The command execution unit 61 transmits the generated execution result to the certificate issuing unit 13.
<S105>: The certificate issuing unit 13 receives the execution result from the command execution unit 61. The certificate issuing unit 13 issues a certificate by the processing device based on the received execution result. The certificate issuing unit 13 transmits the issued certificate to the certificate issuance receiving unit 11.
<S106>: The certificate issuance receiving unit 11 receives the certificate issued from the certificate issuing unit 13. The certificate issue acceptance unit 11 transmits the received certificate to the RA 20 via the communication device.
<S107>: Next, the RA 20 starts processing. The certificate issuance request unit 21 receives a certificate from the CA 10 via a communication device. The certificate issuance request unit 21 transmits the received certificate to the certificate verification unit 22.
<S108>: The certificate verification unit 22 receives the certificate from the certificate issuance request unit 21, and acquires issuance information. The certificate verification unit 22 verifies the certificate by the processing device based on the issuance information. The certificate verification unit 22 passes the certificate to the user when the verification result is valid.

  However, in the certificate issuing system 101, the CA 10 has a security module and a PIN necessary for executing the security module. That is, the CA substantially has the authority to issue certificates. In other words, the RA 20 that requests the certificate issuance and the user who requests the RA 20 to issue the certificate (hereinafter simply referred to as “RA 20”) cannot control the certificate issuance process by the CA 10. For this reason, the RA 20 that requests the certificate issuance is forced to trust the validity of the CA 10.

In the certificate issuing system 100 according to this embodiment, the RA 20 can control certificate issuing processing by the CA 10.
The certificate issuing system 100 will be described.
FIG. 3 is a functional block diagram showing functions of the certificate issuing system 100 according to this embodiment.
The certificate issuing system 100 according to this embodiment includes a security server 40 (an example of an execution determination device) in addition to the certificate issuing system 101.
Unlike the CA 10 of the certificate issuing system 101, the CA 10 does not include the PIN input unit 12 and the security module 60, but includes a security proxy 70 instead. The security proxy 70 includes a command execution request unit 71 (an example of a generation instruction transmission unit).
The RA 20 includes a random number generation unit 23 (an example of a client authentication information generation unit) and a random number transmission unit 24 (an example of a client authentication information transmission unit) in addition to the RA 20 of the certificate issuing system 101.
The security server 40 includes a command execution receiving unit 41 (an example of a generation instruction receiving unit and a result information transmitting unit), a random number receiving unit 42 (an example of an authentication information receiving unit of the execution determining device), and a random number comparing unit 43 (of the execution determining device). An example of an authentication information comparison unit), a PIN input unit 44 (an example of a user information input unit of the execution determination device, an example of a user information storage unit), an execution determination unit 45, and a security module 60 are provided. Similar to the certificate issuing system 101, the security module 60 includes a command execution unit 61.

The operation of the certificate issuing system 100 shown in FIG. 3 will be described.
FIG. 4 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
First, as advance preparation for the processing shown in FIG. 4, the PIN input unit 44 of the security server 40 acquires the PIN that the user 1 keeps secretly and stores it in the storage device. That is, the PIN necessary for executing the command by the security module is acquired from the user 1 instead of from the administrator 2. The PIN is passed to the security server 40 instead of the CA 10.
<S201>: The RA 20 starts processing in response to a request from the user 1. The random number generation unit 23 generates a random number (an example of authentication information) by the processing device.
<S202>: The random number transmission unit 24 transmits the random number generated by the random number generation unit 23 to the security server 40 via the communication device.
<S203>: The certificate issuance request unit 21 transmits a certificate issuance request including the random number generated by the random number generation unit 23 and the issuance information to the CA 10 via the communication device.
<S204>: The CA 10 starts processing. The certificate issuance receiving unit 11 receives a certificate issuance request from the RA 20 via the communication device. The certificate issuance accepting unit 11 extracts a random number and issuance information from the certificate issuance request and transmits them to the certificate issuance unit 13.
<S205>: The certificate issuing unit 13 receives the random number and the issuing information from the certificate issuance receiving unit 11. The certificate issuing unit 13 uses the issuing information to generate a certificate creation command by the processing device. The certificate issuing unit 13 transmits the generated command and random number to the command execution requesting unit 71 of the security proxy 70. Here, the security proxy 70 has a common interface with the security module 60. Therefore, the certificate issuing unit 13 transmits the generated command and random number to the command execution requesting unit 71 of the security proxy 70 in the same manner as transmitting the generated command and random number to the command executing unit 61 of the security module 60. it can.
<S206>: The command execution requesting unit 71 receives a command and a random number from the certificate issuing unit 13. The command execution requesting unit 71 transmits the received command and random number to the security server 40 via the communication device.
<S207>: The security server 40 starts processing. The command execution receiving unit 41 receives a command and a random number from the CA 10 via a communication device. The command execution reception unit 41 transmits a command to the execution determination unit 45 and transmits a random number to the random number comparison unit 43 as a received random number.
<S208>: The random number receiving unit 42 receives a random number from the RA 20 via the communication device. The random number receiving unit 42 transmits the received random number to the random number comparing unit 43.
<S209>: The random number comparison unit 43 receives the received random number from the command execution reception unit 41 and receives the random number from the random number reception unit 42. The random number comparison unit 43 compares the received accepted random number with the random number, and determines whether or not they match with each other. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45.
<S210>: The execution determination unit 45 receives a PIN from the PIN input unit 44, receives a command from the command execution reception unit 41, and receives a comparison result from the random number comparison unit 43. The execution determination unit 45 transmits the received command and PIN to the command execution unit 61 of the security module 60 when it indicates that the received comparison results match. That is, the execution determination unit 45 confirms that the RA 20 has transmitted a certificate issuance request to the CA 10 based on the random number comparison result. If the RA 20 has confirmed that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 requests the command execution unit 61 to execute the command. If the RA 20 cannot confirm that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 does not request the command execution unit 61 to execute the command. For example, when it is not possible to confirm that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 may return information indicating an authentication failure (error) via the command execution reception unit 41.
<S211>: The command execution unit 61 receives a command and a PIN from the execution determination unit 45. The command execution unit 61 verifies whether the PIN is correct. When the PIN is correct, the command execution unit 61 generates an execution result based on the received command and the protection information held in the security module 60 by the processing device. The command execution unit 61 transmits the generated execution result (an example of processing result information) to the command execution reception unit 41.
<S212>: The command execution reception unit 41 receives the execution result from the command execution unit 61. The command execution receiving unit 41 transmits the received execution result to the CA 10 via the communication device.
<S213>: The CA 10 starts processing. The command execution request unit 71 of the security proxy 70 receives the execution result from the security server 40 via the communication device. The command execution request unit 71 transmits the received execution result to the certificate issuing unit 13.
<S214> to <S217> are the same as <S105> to <S108>.

As described above, in the certificate issuing system 100 according to this embodiment, the security server 40 confirms that the RA 20 has made a certificate issuance request to the CA 10, and the certificate is executed by the command execution unit 61 when the confirmation is obtained. Generate the information necessary for issuing Therefore, the RA 20 can control certificate issuance processing by the CA 10. Therefore, it becomes impossible to issue a certificate without authorization by the CA 10 or issue a replay by reusing a past processing request.
That is, the user side has the merit that the user has the authority to issue a certificate because the PIN used for signing the certificate is owned only by the user and not the CA 10.
In particular, since the security server 40 uses a random number as authentication information for confirming that the RA 20 has issued a certificate issuance request to the CA 10, reuse of the authentication information is also prevented.

  On the other hand, on the CA 10 side, since the security module 60 is provided in the security server 40, there is an advantage that strict management of the security module becomes unnecessary. That is, the equipment cost of CA10 can be reduced.

In the certificate issuing system 100 shown in FIG. 3, random numbers are generated by the RA 20. However, the random number may be generated by the security server 40 as shown in FIG.
In the certificate issuing system 100 shown in FIG. 5, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 illustrated in FIG. 3, the RA 20 does not include the random number generation unit 23 and the random number transmission unit 24, but includes a random number reception unit 25 (an example of a client authentication information reception unit) instead.
Unlike the security server 40 of the certificate issuing system 100 illustrated in FIG. 3, the security server 40 does not include the random number receiving unit 42, includes a random number generation unit 46 (an example of an authentication information generation unit of the execution determination device), and a random number transmission unit 47. (An example of an authentication information transmission unit of the execution determination device).

The operation of the certificate issuing system 100 shown in FIG. 5 will be described.
FIG. 6 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
First, as a preliminary preparation for the processing shown in FIG. 6, as in the certificate issuing system 100 according to the first embodiment, the PIN input unit 44 of the security server 40 acquires and stores the PIN secretly held by the user 1. Store it in the device.
<S301>: The security server 40 starts processing in response to a request from the user 1. The random number generation unit 46 generates a random number by the processing device. The random number generation unit 46 transmits the generated random number to the random number transmission unit 47.
<S302>: The random number transmission unit 47 receives a random number from the random number generation unit 46. The random number transmission unit 47 transmits a random number to the RA 20 via the communication device.
<S303>: The RA 20 starts processing. The random number receiving unit 25 receives a random number from the security server 40 via the communication device. The random number receiving unit 25 transmits the received random number to the certificate issuance request unit 21.
<S304>: The certificate issuance request unit 21 receives a random number from the random number receiving unit 25. The certificate issuance request unit 21 transmits a certificate issuance request including the received random number and issuance information to the CA 10 via the communication device.
<S305> to <S308> are the same as <S204> to <S207>.
<S309>: The random number comparison unit 43 receives the received random number from the command execution reception unit 41. The random number comparison unit 43 compares the received received random number and the random number generated by the random number generation unit 46 and determines whether or not they match. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45.
<S310> to <S317> are the same as <S210> to <S217>.

That is, in the certificate issuing system 100 shown in FIG. 3, the RA 20 generates a random number, whereas in the certificate issuing system 100 shown in FIG. 5, the security server 40 generates a random number.
The certificate issuing system 100 shown in FIG. 5 can obtain the same effects as the certificate issuing system 100 shown in FIG.

In the certificate issuing system 100 shown in FIG. 3, the security server 40 compares random numbers. However, as shown in FIG. 7, the random number comparison may be performed by the RA 20.
In the certificate issuing system 100 shown in FIG. 7, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 3, the RA 20 does not include the random number transmission unit 24 but includes a comparison reception unit 26 and a random number comparison unit 27 instead.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 3, the security server 40 does not include the random number reception unit 42 but includes a comparison request unit 48.

The operation of the certificate issuing system 100 shown in FIG. 7 will be described.
FIG. 8 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
First, as a preliminary preparation for the processing shown in FIG. 8, as in the certificate issuing system 100 according to the first embodiment, the PIN input unit 44 of the security server 40 acquires and stores the PIN that the user 1 keeps secretly. Store it in the device.
<S401> is the same as <S201>.
<S402> to <S405> are the same as <S203> to <S206>.
<S406>: The security server 40 starts processing. The command execution receiving unit 41 receives a command and a random number from the CA 10 via a communication device. The command execution reception unit 41 transmits a command to the execution determination unit 45 and transmits a random number to the comparison request unit 48 as a received random number.
<S407>: The comparison request unit 48 receives the received random number from the command execution receiving unit 41. The comparison request unit 48 transmits the received acceptance random number to the comparison acceptance unit 26 of the RA 20 via the communication device.
<S408>: The RA 20 starts processing. The comparison reception unit 26 receives the received random number from the random number generation unit 46 of the security server 40 via the communication device. The comparison reception unit 26 transmits the received reception random number to the random number comparison unit 27.
<S409>: The random number comparison unit 27 receives the received random number from the comparison reception unit 26. The random number comparison unit 27 compares the received received random number with the random number generated by the random number generation unit 23, and determines whether or not they match. The random number comparison unit 27 transmits the determined result to the comparison reception unit 26 as a comparison result (comparison result information).
<S410>: The comparison receiving unit 26 receives the comparison result from the random number comparing unit 27. The comparison receiving unit 26 transmits the received comparison result to the comparison request unit 48 of the security server 40 via the communication device.
<S411>: The security server 40 starts processing. The comparison request unit 48 receives the comparison result from the comparison reception unit 26 of the RA 20. The comparison request unit 48 transmits the received comparison result to the execution determination unit 45.
<S412>: The execution determination unit 45 receives a PIN from the PIN input unit 44, receives a command from the command execution reception unit 41, and receives a comparison result from the comparison request unit 48. The execution determination unit 45 transmits the received command and PIN to the command execution unit 61 of the security module 60 when it indicates that the received comparison results match.
<S413> to <S419> are the same as <S211> to <S217>.

That is, in the certificate issuing system 100 shown in FIG. 3, the security server 40 compares random numbers, whereas in the certificate issuing system 100 shown in FIG. 7, the RA 20 compares random numbers.
The certificate issuing system 100 shown in FIG. 7 can obtain the same effects as the certificate issuing system 100 shown in FIG.

In the certificate issuing system 100 shown in FIG. 3, random numbers are generated by the RA 20, and random numbers are compared by the security server 40. However, as shown in FIG. 9, random number generation may be performed by the security server 40 and random number comparison may be performed by the RA 20.
In the certificate issuing system 100 shown in FIG. 9, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 3, the RA 20 does not include the random number transmission unit 24 but instead includes a random number reception unit 25, a comparison reception unit 26, and a random number comparison unit 27.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 3, the security server 40 does not include the random number reception unit 42 but includes a random number generation unit 46, a random number transmission unit 47, and a comparison request unit 48.

The operation of the certificate issuing system 100 shown in FIG. 9 will be described.
FIG. 10 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
First, as advance preparation for the processing shown in FIG. 10, as in the certificate issuing system 100 according to the first embodiment, the PIN input unit 44 of the security server 40 acquires and stores the PIN secretly held by the user 1. Store it in the device.
<S501>: In response to a request from the user 1, the security server 40 starts processing. The random number generation unit 46 generates a random number by the processing device. The random number generation unit 46 transmits the generated random number to the random number transmission unit 47.
<S502>: The random number transmission unit 47 receives a random number from the random number generation unit 46. The random number transmission unit 47 transmits a random number to the RA 20 via the communication device.
<S503>: The RA 20 starts processing. The random number receiving unit 25 receives a random number from the security server 40 via the communication device. The random number receiving unit 25 transmits the received random number to the certificate issuance request unit 21.
<S504>: The certificate issuance request unit 21 receives a random number from the random number receiving unit 25. The certificate issuance request unit 21 transmits a certificate issuance request including the received random number and issuance information to the CA 10 via the communication device.
<S505> to <S507> are the same as <S204> to <S206>.
<S508>: The security server 40 starts processing. The command execution receiving unit 41 receives a command and a random number from the CA 10 via a communication device. The command execution reception unit 41 transmits a command to the execution determination unit 45 and transmits a random number to the comparison request unit 48 as a received random number.
<S509>: The comparison request unit 48 receives the received random number from the command execution receiving unit 41. The comparison request unit 48 transmits the received acceptance random number to the comparison acceptance unit 26 of the RA 20 via the communication device.
<S510>: The RA 20 starts processing. The comparison reception unit 26 receives the received random number from the random number generation unit 46 of the security server 40 via the communication device. The comparison reception unit 26 transmits the received reception random number to the random number comparison unit 27.
<S511>: The random number comparison unit 27 receives the received random number from the comparison reception unit 26. The random number comparison unit 27 compares the received received random number with the random number generated by the random number generation unit 23, and determines whether or not they match. The random number comparison unit 27 transmits the determined result to the comparison reception unit 26 as a comparison result.
<S512>: The comparison receiving unit 26 receives the comparison result from the random number comparison unit 27. The comparison receiving unit 26 transmits the received comparison result to the comparison request unit 48 of the security server 40.
<S513>: The security server starts processing. The comparison request unit 48 receives the comparison result from the comparison reception unit 26 of the RA 20. The comparison request unit 48 transmits the received comparison result to the execution determination unit 45.
<S514>: The execution determination unit 45 receives the PIN from the PIN input unit 44, receives the command from the command execution reception unit 41, and receives the comparison result from the comparison request unit 48. The execution determination unit 45 transmits the received command and PIN to the command execution unit 61 of the security module 60 when it indicates that the received comparison results match.
<S515> to <S521> are the same as <S211> to <S217>.

That is, in the certificate issuing system 100 shown in FIG. 3, the RA 20 generates random numbers, whereas in the certificate issuing system 100 shown in FIG. 9, the security server 40 generates random numbers. In the certificate issuing system 100 shown in FIG. 3, the security server 40 compares random numbers, whereas in the certificate issuing system 100 shown in FIG. 9, the RA 20 compares random numbers.
The certificate issuing system 100 shown in FIG. 9 can obtain the same effects as the certificate issuing system 100 shown in FIG.

  In summary, the main difference between the certificate issuing systems 100 shown in FIG. 3, FIG. 5, FIG. 7, and FIG. 9 is the difference between devices that generate random numbers and compare random numbers. That is, in the certificate issuing system 100 shown in FIG. 3, random number generation is performed by the RA 20 and random number comparison is performed by the security server 40. In the certificate issuing system 100 shown in FIG. 5, random numbers are generated by the security server 40 and random numbers are compared by the security server 40. In the certificate issuing system 100 shown in FIG. 7, random number generation is performed by RA 20, and random number comparison is performed by RA 20. In the certificate issuing system 100 shown in FIG. 9, random numbers are generated by the security server 40 and random numbers are compared by RA 20.

  In the certificate issuing system 100 shown in each of FIGS. 3, 5, 7, and 9, the CA 10 may impersonate the RA 20. For this reason, it is desirable that the security server 40 and the RA 20 operate in an environment isolated from a third party (server) including the CA 10.

Embodiment 2. FIG.
In the certificate issuing system 100 according to the first embodiment, the security server 40 stores a PIN. Therefore, if the security server 40 is stolen together with the security module 60, it may be misused. In this embodiment, a certificate issuing system 100 that solves the above-described problem by a user inputting a PIN as necessary will be described.

FIG. 11 is a functional block diagram showing functions of the certificate issuing system 100 according to this embodiment.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
The RA 20 further includes a PIN input unit 28 (an example of a client user information input unit and a user information storage unit) and a PIN receiving unit 29 in addition to the RA 20 of the certificate issuing system 100 shown in FIG.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 3, the security server 40 does not include the PIN input unit 44 but includes a PIN request unit 49 (an example of a user information reception unit and a user information request unit).

The operation of the certificate issuing system 100 shown in FIG. 11 will be described.
FIG. 12 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S601> to <S608> are the same as <S201> to <S208>.
<S609>: The random number comparing unit 43 receives the received random number from the command execution receiving unit 41 and receives the random number from the random number receiving unit. The random number comparison unit 43 compares the received accepted random number with the random number, and determines whether or not they match with each other. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45 and further transmits the comparison result to the PIN request unit 49.
<S610>: The PIN request unit 49 receives the comparison result from the random number comparison unit 43. When the PIN request unit 49 indicates that the received comparison results match, the PIN request unit 49 transmits a PIN transmission request to the PIN reception unit 29 of the RA 20 via the communication device.
<S611>: The RA 20 starts processing. The PIN receiving unit 29 receives a PIN transmission request from the PIN request unit 49 via the communication device. The PIN receiving unit 29 transmits a PIN input instruction to the PIN input unit 28.
<S612>: The PIN input unit 28 receives a PIN input instruction from the PIN receiving unit 29. The PIN input unit 28 allows the user to input a PIN necessary for executing the security module secretly held by the user using the input device. The PIN input unit 28 transmits the input PIN to the PIN receiving unit 29.
<S613>: The PIN receiving unit 29 receives the PIN from the PIN input unit 28. The PIN receiving unit 29 transmits the received PIN to the PIN requesting unit 49 via the communication device.
<S614>: The PIN request unit 49 receives the PIN from the PIN reception unit 29 via the communication device. The PIN request unit 49 transmits the PIN to the execution determination unit 45.
<S615>: The execution determination unit 45 receives the PIN from the PIN request unit 49, the execution determination unit 45 receives the command from the command execution reception unit 41, and receives the comparison result from the random number comparison unit 43. The execution determination unit 45 transmits the received command and PIN to the command execution unit 61 of the security module 60 when it indicates that the received comparison results match.
<S616>: The PIN request unit 49 and the execution determination unit 45 delete the PIN temporarily stored in the memory or the like. That is, the PIN is deleted from the security server 40.
<S617> to <S623> are the same as <S211> to <S217>.

  As described above, in the certificate issuing system 100 according to this embodiment, it is not necessary to store the PIN in the security server 40 in advance, and the user inputs the PIN as necessary. In particular, the entered PIN is deleted so that it does not remain in the security server 40. In other words, PIN security is ensured. Therefore, even if the security server 40 is stolen together with the security module 60, there is no possibility of being misused.

  In the certificate issuing system 100 shown in FIG. 11, there is a possibility that the CA 10 enters between the RA 20 and the security server 40 to obtain the PIN, and the CA 10 impersonates the RA 20 to transmit the random number and the PIN. Therefore, it is desirable that the security server 40 and the RA 20 operate in an environment isolated from third parties including the CA 10.

In the certificate issuing system 100 shown in FIG. 11, random numbers are generated by the RA 20. However, as shown in FIG. 13, random numbers may be generated by the security server 40.
In the certificate issuing system 100 shown in FIG. 13, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 3, the RA 20 does not include the random number transmission unit 24 but includes a random number reception unit 25 instead.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 3, the security server 40 does not include the random number reception unit 42 but includes a random number generation unit 46 and a random number transmission unit 47.

The operation of the certificate issuing system 100 shown in FIG. 13 will be described.
FIG. 14 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
<S701>: The security server 40 starts processing in response to a request from the user 1. The random number generation unit 46 generates a random number by the processing device. The random number generation unit 46 transmits the generated random number to the random number transmission unit 47.
<S702>: The random number transmission unit 47 receives the random number from the random number generation unit 46. The random number transmission unit 47 transmits a random number to the RA 20 via the communication device.
<S703>: The RA 20 starts processing. The random number receiving unit 25 receives a random number from the security server 40 via the communication device. The random number receiving unit 25 transmits the received random number to the certificate issuance request unit 21.
<S704>: The certificate issuance request unit 21 receives a random number from the random number receiving unit 25. The certificate issuance request unit 21 transmits a certificate issuance request including the received random number and issuance information to the CA 10 via the communication device.
<S705> to <S708> are the same as <S604> to <S607>.
<S709> to <S723> are the same as <S609> to <S623>.

That is, in the certificate issuing system 100 shown in FIG. 11, the RA 20 generates a random number, whereas in the certificate issuing system 100 shown in FIG. 13, the security server 40 generates a random number.
The certificate issuing system 100 shown in FIG. 13 can obtain the same effects as the certificate issuing system 100 shown in FIG.

  In the certificate issuing system 100 shown in FIG. 13, there is a possibility that a third party including the CA 10 impersonates a security server and requests a PIN. Therefore, it is desirable that the security server 40 and the RA 20 operate in an environment isolated from third parties including the CA 10.

  In addition, the certificate issuing system 100 according to this embodiment may perform random number comparison by the RA 20 in the same manner as the certificate issuing system 100 described with reference to FIGS.

Note that the PIN input unit 28 and the PIN reception unit 29 do not need to be provided in the RA 20, and a device including the PIN input unit 28 and the PIN reception unit 29 may be separately prepared. That is, in this case, the PIN request unit 49 of the security server 40 communicates with a device including the PIN input unit 28 and the PIN reception unit 29.
Further, the security server 40 and the RA 20 may be a single device.

Embodiment 3 FIG.
In the certificate issuing system 100 according to the second embodiment, the user needs to wait until the PIN is input after starting the processing. In this embodiment, as in the second embodiment, a certificate issuing system 100 in which the security of the PIN is ensured and the convenience for the user is improved will be described.

FIG. 15 is a functional block diagram showing functions of the certificate issuing system 100 according to this embodiment.
The CA 10 is the same as the CA 10 of the certificate issuing system 100 shown in FIG. 11 except that it transmits and receives an encrypted PIN instead of a random number.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 11, the RA 20 further includes a key generation unit 31 and a key transmission unit 32 without the random number generation unit 23, the random number transmission unit 24, and the PIN reception unit 29.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 11, the security server 40 does not include the random number reception unit 42, the random number comparison unit 43, and the PIN request unit 49 but includes the key reception unit 50 and the decryption unit 51.

The operation of the certificate issuing system 100 shown in FIG. 15 will be described.
FIG. 16 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S801>: The RA 20 starts processing in response to a request from the user 1. The key generation unit 31 generates an encryption key and a decryption key corresponding to the encryption key by the processing device. At this time, the encryption key and the decryption key may be generated based on either the common key encryption method or the public key encryption method. The key generation unit 31 transmits the encryption key to the encryption unit 30 and transmits the decryption key to the key transmission unit 32.
<S802>: The key transmission unit 32 receives the decryption key from the key generation unit 31. The key transmission unit 32 transmits the decryption key to the key reception unit 50 of the security server 40 via the communication device. The key transmission unit 32 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from RA20.
<S803>: The PIN input unit 28 allows the user to input the PIN necessary for executing the security module held in the secret of the user via the input device. The PIN input unit 28 transmits the input PIN to the encryption unit 30.
<S804>: The encryption unit 30 receives the PIN from the PIN input unit 28, and receives the encryption key from the key generation unit 31. The encryption unit 30 encrypts the received PIN with the encryption key by the processing device to generate an encrypted PIN. The encryption unit 30 deletes the PIN and the encryption key from the memory. That is, the PIN and the encryption key are deleted from the RA 20. The encryption unit 30 transmits the encrypted PIN to the certificate issuance request unit 21.
<S805>: The certificate issuance request unit 21 transmits a certificate issuance request including the encrypted PIN generated by the encryption unit 30 and the issuance information to the CA 10 via the communication device.
<S806>: The CA 10 starts processing. The certificate issuance receiving unit 11 receives a certificate issuance request from the RA 20 via the communication device. The certificate issuance accepting unit 11 extracts the encrypted PIN and the issuance information from the certificate issuance request and transmits them to the certificate issuing unit 13.
<S807>: The certificate issuing unit 13 receives the encrypted PIN and the issuing information from the certificate issuance receiving unit 11. The certificate issuing unit 13 uses the issuing information to generate a certificate creation command by the processing device. The certificate issuing unit 13 transmits the generated command and the encrypted PIN to the command execution requesting unit 71 of the security proxy 70.
<S808>: The command execution requesting unit 71 receives the command and the encrypted PIN from the certificate issuing unit 13. The command execution requesting unit 71 transmits the received command and the encrypted PIN to the security server 40 via the communication device.
<S809>: The security server 40 starts processing. The command execution receiving unit 41 receives the command and the encrypted PIN from the CA 10 via the communication device. The command execution reception unit 41 transmits the command to the execution determination unit 45 and transmits the encrypted PIN to the decryption unit 51.
<S810>: The key reception unit 50 receives the decryption key from the key transmission unit 32 of the RA 20 via the communication device. The key receiving unit 50 transmits the received decryption key to the decryption unit 51.
<S811>: The decryption unit 51 receives the encrypted PIN from the command execution reception unit 41 and receives the decryption key from the key reception unit 50. The decryption unit 51 decrypts the encrypted PIN with the decryption key by the processing device to generate the PIN. The decryption unit 51 transmits the generated PIN to the execution determination unit 45. The decryption unit 51 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from the security server 40.
<S812>: The execution determination unit 45 receives the PIN from the decryption unit 51 and receives the command from the command execution reception unit 41. The execution determination unit 45 determines whether the PIN is correctly decoded by the processing device. For example, it is assumed that predetermined information is included in the PIN, and whether or not the PIN is correctly decoded can be determined based on whether or not the predetermined information is included in the decrypted PIN. If the execution determination unit 45 determines that the PIN has been correctly decoded, the execution determination unit 45 transmits the command and the PIN to the command execution unit 61. That is, the execution determination unit 45 confirms that the RA 20 has transmitted a certificate issuance request to the CA 10 by confirming the decryption state of the PIN. If the RA 20 has confirmed that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 requests the command execution unit 61 to execute the command. If the RA 20 cannot confirm that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 does not request the command execution unit 61 to execute the command.
<S813> to <S819> are the same as <S211> to <S217>.

As described above, the certificate issuing system 100 according to this embodiment inputs a PIN immediately after a user requests certificate issuance. Therefore, the time for which the user waits is very short. Also, the certificate issuing system 100 according to the present embodiment ensures the PIN safety because the security server 40 or the like does not store the PIN, similarly to the certificate issuing system 100 according to the second embodiment. be able to. In other words, the certificate issuing system 100 according to this embodiment immediately encrypts the input PIN and allows only the security server 40 having a decryption key to decrypt it, thereby ensuring the security of the PIN and ensuring the security of the PIN. No need to wait.
In the certificate issuing system 100 according to this embodiment, encryption processing is used for authentication. However, since the key used for encryption processing is deleted after use, it is not misused.

  In the certificate issuing system 100 shown in FIG. 15, the CA 10 may impersonate the security server 40 to obtain a decryption key, decrypt an encrypted PIN, and obtain a PIN. Therefore, it is desirable that the security server 40 and the RA 20 operate in an environment isolated from third parties including the CA 10.

  In the above description, the generation of the encryption key and the decryption key and the transmission process of the decryption key to the security server 40 are preceded by the PIN input process. That is, S801 and S802 are executed before S803. However, if the waiting time of the user is to be shortened, the PIN input process may be preceded by the generation of the encryption key and the decryption key and the process of transmitting the decryption key to the security server 40. That is, S803 may be executed before S801 and S802.

In the certificate issuing system 100 shown in FIG. 15, the encryption key and the decryption key are generated by the RA 20. However, the security server 40 may generate the encryption key and the decryption key as shown in FIG.
In the certificate issuing system 100 shown in FIG. 17, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 15, the RA 20 does not include the key generation unit 31 and the key transmission unit 32 but includes a key reception unit 33 instead.
Unlike the security server 40 of the certificate issuing system 100 illustrated in FIG. 15, the security server 40 does not include the key receiving unit 50 but includes a key generation unit 52 and a key transmission unit 53.

The operation of the certificate issuing system 100 shown in FIG. 17 will be described.
FIG. 18 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S901>: The security server 40 starts processing in response to a request from the user 1. The key generation unit 52 generates an encryption key and a decryption key corresponding to the encryption key by the processing device. At this time, the encryption key and the decryption key may be generated based on either the common key encryption method or the public key encryption method. The key generation unit 52 transmits the encryption key to the key transmission unit 53 and transmits the decryption key to the decryption unit 51.
<S902>: The key transmission unit 53 receives the encryption key from the key generation unit 52. The key transmission unit 53 transmits the encryption key to the key reception unit 33 of the RA 20 via the communication device. The key transmission unit 53 deletes the encryption key temporarily stored in the memory or the like. That is, the encryption key is deleted from the security server 40.
<S903>: The RA 20 starts processing. The key reception unit 33 receives the encryption key from the key transmission unit 53 of the security server 40 via the communication device. The key receiving unit 33 transmits the received encryption key to the encryption unit 30.
<S904> to <S910> are the same as <S803> to <S809>.
<S911>: The decryption unit 51 receives the encrypted PIN from the command execution reception unit 41 and receives the decryption key from the key generation unit 52. The decryption unit 51 decrypts the encrypted PIN with the decryption key by the processing device to generate the PIN. The decryption unit 51 transmits the generated PIN to the execution determination unit 45.
<S912> to <S919> are the same as <S812> to <S819>.

That is, in the certificate issuing system 100 shown in FIG. 15, the RA 20 generates the encryption key and the decryption key, whereas in the certificate issuing system 100 shown in FIG. Generating a decryption key.
The certificate issuing system 100 shown in FIG. 17 can obtain the same effects as the certificate issuing system 100 shown in FIG.

  In the certificate issuing system 100 shown in FIG. 17, the CA 10 may impersonate the security server 40 and send the encryption key to the RA 20 to decrypt the encrypted PIN and obtain the PIN. It is desirable that the security server 40 and the RA 20 operate in an environment isolated from third parties including the CA 10.

  Similar to the certificate issuing system 100 according to the second embodiment, the certificate issuing system 100 according to this embodiment does not require the PIN input unit 28 and the PIN receiving unit 29 to be provided in the RA 20. You may prepare separately the apparatus provided with the input part 28 and the PIN reception part 29. FIG. That is, in this case, the PIN request unit 49 of the security server 40 communicates with a device including the PIN input unit 28 and the PIN reception unit 29.

  Further, the security server 40 and the RA 20 may be a single device.

  In the above description, the PIN input unit 28 allows the user to input a PIN. However, the RA 20 may store the PIN and use the stored PIN by user authentication. In other words, the PIN input unit 28 may receive authentication about the use of the PIN from the user instead of allowing the user to input the PIN.

Embodiment 4 FIG.
In the certificate issuing system 100 according to the third embodiment, since the encryption target is a fixed PIN, the encrypted PIN may be reused by the CA 10. In this embodiment, a certificate issuing system 100 that prevents the encrypted PIN from being reused by the CA 10 will be described.

FIG. 19 is a functional block diagram showing functions of the certificate issuing system 100 according to this embodiment.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
The RA 20 further includes a random number generation unit 23 and a random number transmission unit 24 in addition to the RA 20 of the certificate issuing system 100 shown in FIG.
The security server 40 includes a random number receiving unit 42 and a random number comparing unit 43 in addition to the security server 40 of the certificate issuing system 100 shown in FIG.

The operation of the certificate issuing system 100 shown in FIG. 19 will be described.
FIG. 20 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S1001> and <S1002> are the same as <S801> and <S802>.
<S1003>: The random number generation unit 23 generates a random number by the processing device. The random number generation unit 23 transmits the generated random number to the random number transmission unit 24 and also to the encryption unit 30.
<S1004>: The random number transmission unit 24 receives a random number from the random number generation unit 23. The random number transmission unit 24 transmits the received random number to the security server 40 via the communication device.
<S1005>: The PIN input unit 28 allows the user to input the PIN necessary for executing the security module held in the secret of the user via the input device. The PIN input unit 28 transmits the input PIN to the encryption unit 30.
<S1006>: The encryption unit 30 receives the PIN from the PIN input unit 28, receives the random number from the random number generation unit 23, and receives the encryption key from the key generation unit 31. The encryption unit 30 encrypts the received PIN and random number with the encryption key by the processing device, and generates an encrypted PIN. The encryption unit 30 erases the PIN, random number, and encryption key from the memory. That is, the PIN, the random number, and the encryption key are deleted from the RA 20. The encryption unit 30 transmits the encrypted PIN to the certificate issuance request unit 21.
<S1007> to <S1012> are the same as <S805> to <S810>.
<S1013>: The decryption unit 51 receives the encrypted PIN from the command execution reception unit 41 and receives the decryption key from the key reception unit 50. The decryption unit 51 decrypts the encrypted PIN by the processing device using the decryption key, and generates a PIN and a random number. The decryption unit 51 transmits the generated random number as an accepted random number to the random number comparison unit 43 and transmits the PIN to the execution determination unit 45. The decryption unit 51 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from the security server 40.
<S1014>: The random number reception unit 42 receives a random number from the random number transmission unit 24 of the RA 20 via the communication device. The random number receiving unit 42 transmits the received random number to the random number comparing unit 43.
<S1015>: The random number comparing unit 43 receives the received random number from the command execution receiving unit 41 and receives the random number from the random number receiving unit 42. The random number comparison unit 43 compares the received accepted random number with the random number, and determines whether or not they match with each other. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45.
<S1016>: The execution determination unit 45 receives the PIN from the decryption unit 51, receives the command from the command execution reception unit 41, and receives the comparison result from the random number comparison unit 43. The execution determination unit 45 transmits the received command and PIN to the command execution unit 61 of the security module 60 when it indicates that the received comparison results match. That is, the execution determination unit 45 confirms that the RA 20 has transmitted a certificate issuance request to the CA 10 based on the random number comparison result. Further, the execution determination unit 45 may further confirm the decryption state of the PIN. If the RA 20 has confirmed that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 requests the command execution unit 61 to execute the command. If the RA 20 cannot confirm that the RA 20 has transmitted a certificate issuance request to the CA 10, the execution determination unit 45 does not request the command execution unit 61 to execute the command.
<S1017> to <S1023> are the same as <S813> to <S819>.

  As described above, the certificate issuing system 100 according to this embodiment encrypts a random number together with a PIN and transmits it as an encrypted PIN. Therefore, the certificate issuing system 100 according to this embodiment can prevent the encrypted PIN from being reused by the CA 10.

In the certificate issuing system 100 shown in FIG. 19, random numbers are generated by the RA 20. However, as shown in FIG. 21, random number generation may be performed by the security server 40.
In the certificate issuing system 100 shown in FIG. 21, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 19, the RA 20 does not include the random number generation unit 23 and the random number transmission unit 24 but includes a random number reception unit 25 instead.
Unlike the security server 40 of the certificate issuing system 100 illustrated in FIG. 19, the security server 40 does not include the random number reception unit 42 but includes a random number generation unit 46 and a random number transmission unit 47.

The operation of the certificate issuing system 100 shown in FIG. 21 will be described.
FIG. 22 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
<S1101>: The security server 40 starts processing in response to a request from the user 1. The random number generation unit 46 generates a random number by the processing device. The random number generation unit 46 transmits the generated random number to the random number comparison unit 43 and transmits it to the random number transmission unit 47.
<S1102>: The random number transmission unit 47 receives a random number from the random number generation unit 46. The random number transmission unit 47 transmits the received random number to the RA 20 via the communication device.
<S1103>: The RA 20 starts processing. The random number receiving unit 25 receives a random number from the security server 40 via the communication device. The random number receiving unit 25 transmits the received random number to the encryption unit 30.
<S1104>: The key generation unit 31 generates an encryption key and a decryption key corresponding to the encryption key by the processing device. At this time, the encryption key and the decryption key may be generated based on either the common key encryption method or the public key encryption method. The key generation unit 31 transmits the encryption key to the encryption unit 30 and transmits the decryption key to the key transmission unit 32.
<S1105>: The key transmission unit 32 receives the decryption key from the key generation unit 31. The key transmission unit 32 transmits the decryption key to the key reception unit 50 of the security server 40 via the communication device. The key transmission unit 32 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from RA20.
<S1106> to <S1114> are the same as <S1005> to <S1013>.
<S1115>: The random number comparison unit 43 receives the received random number from the command execution reception unit 41 and also receives the random number from the random number generation unit 46. The random number comparison unit 43 compares the received accepted random number with the random number, and determines whether or not they match with each other. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45.
<S1116> to <S1123> are the same as <S1016> to <S1023>.

That is, in the certificate issuing system 100 shown in FIG. 19, the RA 20 generates random numbers, whereas in the certificate issuing system 100 shown in FIG. 21, the security server 40 generates random numbers.
The certificate issuing system 100 shown in FIG. 21 can obtain the same effects as the certificate issuing system 100 shown in FIG.

In the certificate issuing system 100 shown in FIG. 19, the encryption key and the decryption key are generated by the RA 20. However, the security server 40 may generate the encryption key and the decryption key, as shown in FIG.
In the certificate issuing system 100 shown in FIG. 23, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 illustrated in FIG. 19, the RA 20 does not include the key generation unit 31 and the key transmission unit 32 but includes a key reception unit 33 instead.
Unlike the security server 40 of the certificate issuing system 100 illustrated in FIG. 19, the security server 40 does not include the key receiving unit 50 but includes a key generation unit 52 and a key transmission unit 53.

The operation of the certificate issuing system 100 shown in FIG. 23 will be described.
FIG. 24 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S1201>: The security server 40 starts processing in response to a request from the user 1. The key generation unit 52 generates an encryption key and a decryption key corresponding to the encryption key by the processing device. At this time, the encryption key and the decryption key may be generated based on either the common key encryption method or the public key encryption method. The key generation unit 52 transmits the encryption key to the key transmission unit 53 and transmits the decryption key to the decryption unit 51.
<S1202>: The key transmission unit 53 receives the encryption key from the key generation unit 52. The key transmission unit 53 transmits the encryption key to the key reception unit 33 of the RA 20 via the communication device. The key transmission unit 53 deletes the encryption key temporarily stored in the memory or the like. That is, the encryption key is deleted from the security server.
<S1203>: The RA 20 starts processing. The key receiving unit 33 receives the encryption key from the key transmitting unit 53 via the communication device. The key receiving unit 33 transmits the received encryption key to the encryption unit 30.
<S1204> to <S1212> are the same as <S1003> to <S1011>.
<S1213>: The decryption unit 51 receives the encrypted PIN from the command execution reception unit 41 and receives the decryption key from the key generation unit 52. The decryption unit 51 decrypts the encrypted PIN by the processing device using the decryption key, and generates a PIN and a random number. The decryption unit 51 transmits the generated random number as an accepted random number to the random number comparison unit 43 and transmits the PIN to the execution determination unit 45. The decryption unit 51 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from the security server 40.
<S1214> to <S1223> are the same as <S1014> to <S1023>.

In the certificate issuing system 100 shown in FIG. 19, the RA 20 generates a random number, an encryption key, and a decryption key. However, as shown in FIG. 25, the security server 40 may generate a random number, an encryption key, and a decryption key.
In the certificate issuing system 100 shown in FIG. 25, the CA 10, RA 20, and security server 40 are as follows.
CA10 is the same as CA10 of certificate issuing system 100 shown in FIG.
Unlike the RA 20 of the certificate issuing system 100 shown in FIG. 19, the RA 20 does not include the random number generation unit 23, the random number transmission unit 24, the key generation unit 31, and the key transmission unit 32. Instead, the random number reception unit 25, key reception The unit 33 is provided.
Unlike the security server 40 of the certificate issuing system 100 shown in FIG. 19, the security server 40 does not include the random number reception unit 42 and the key reception unit 50, but includes a random number generation unit 46, a random number transmission unit 47, a key generation unit 52, a key A transmission unit 53 is provided.

The operation of the certificate issuing system 100 shown in FIG. 25 will be described.
FIG. 26 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG.
Here, no advance preparation is required.
<S1301>: The security server 40 starts processing in response to a request from the user 1. The key generation unit 52 generates an encryption key and a decryption key corresponding to the encryption key by the processing device. At this time, the encryption key and the decryption key may be generated based on either the common key encryption method or the public key encryption method. The key generation unit 52 transmits the encryption key to the key transmission unit 53 and transmits the decryption key to the decryption unit 51.
<S1302>: The key transmission unit 53 receives the encryption key from the key generation unit 52. The key transmission unit 53 transmits the encryption key to the key reception unit 33 of the RA 20 via the communication device. The key transmission unit 53 deletes the encryption key temporarily stored in the memory or the like. That is, the encryption key is deleted from the security server.
<S1303>: The random number generation unit 46 generates a random number by the processing device. The random number generation unit 46 transmits the generated random number to the random number comparison unit 43 and transmits it to the random number transmission unit 47.
<S1304>: The random number transmission unit 47 receives a random number from the random number generation unit 46. The random number transmission unit 47 transmits the received random number to the RA 20 via the communication device.
<S1305>: The RA 20 starts processing. The key receiving unit 33 receives the encryption key from the key transmitting unit 53 via the communication device. The key receiving unit 33 transmits the received encryption key to the encryption unit 30.
<S1306>: The random number receiving unit 25 receives a random number from the security server 40 via the communication device. The random number receiving unit 25 transmits the received random number to the encryption unit 30.
<S1307> to <S1313> are the same as <S1005> to <S1011>.
<S1314>: The decryption unit 51 receives the encrypted PIN from the command execution reception unit 41 and receives the decryption key from the key generation unit 52. The decryption unit 51 decrypts the encrypted PIN by the processing device using the decryption key, and generates a PIN and a random number. The decryption unit 51 transmits the generated random number as an accepted random number to the random number comparison unit 43 and transmits the PIN to the execution determination unit 45. The decryption unit 51 erases the decryption key temporarily stored in the memory or the like. That is, the decryption key is deleted from the security server 40.
<S1315>: The random number comparison unit 43 receives the received random number from the command execution reception unit 41 and also receives the random number from the random number generation unit 46. The random number comparison unit 43 compares the received accepted random number with the random number, and determines whether or not they match with each other. The random number comparison unit 43 transmits the comparison result to the execution determination unit 45.
<S1316> to <S1323> are the same as <S1016> to <S1023>.

In the certificate issuing system 100 according to this embodiment, when communication information between the RA 20 and the security server 40 is acquired by the CA 10, there is a possibility that the CA 10 may retransmit or the CA 10 may become the RA 20. Therefore, the corresponding problem is solved by preparing the corresponding encryption key and decryption key between the RA 20 and the security server 40 in advance.
That is, in the certificate issuing system 100 shown in FIG. 19, S1001, S1002, and S1012 shown in FIG. 20 are executed in advance. In the case of the certificate issuing system 100 shown in FIG. 21, S1104, S1105, and S1113 shown in FIG. 22 are executed in advance. In the case of the certificate issuing system 100 shown in FIG. 23, S1201, S1202, and S1203 shown in FIG. 24 are executed in advance. In the case of the certificate issuing system 100 shown in FIG. 25, S1301, S1302, and S1303 shown in FIG. 26 are executed in advance.
By doing in this way, even if the communication information between RA20 and the security server 40 is acquired by CA10, the said bad effect can be prevented. Therefore, it is not necessary to operate the security server 40 and the RA 20 in an environment isolated from third parties including the CA 10.

Further, in the certificate issuing system 100 according to the present embodiment, the PIN input unit 28 and the PIN receiving unit 29 do not have to be provided in the RA 20 in the same manner as the certificate issuing system 100 according to the second embodiment. A device including the PIN input unit 28 and the PIN receiving unit 29 may be prepared separately. That is, in this case, the PIN request unit 49 of the security server 40 communicates with a device including the PIN input unit 28 and the PIN reception unit 29.
Further, the security server 40 and the RA 20 may be a single device.

  In the above description, the PIN input unit 28 allows the user to input a PIN. However, the RA 20 may store the PIN and use the stored PIN by user authentication. In other words, the PIN input unit 28 may receive authentication about the use of the PIN from the user instead of allowing the user to input the PIN.

  In addition, the certificate issuing system 100 according to this embodiment may perform random number comparison by the RA 20 in the same manner as the certificate issuing system 100 described with reference to FIGS.

  In the above embodiment, communication between the CA 10, the RA 20, and the security server 40 is protected (hidden) by a technology such as SSL (Secure Socket Layer).

The certificate issuance process in the above embodiment is an example. That is, the CA 10 is a processing server that executes processing, the RA 20 is a client that requests processing to the processing server, and the security server 40 is an execution determination device that controls execution of processing by the processing server. That is, the process executed by the processing server is not limited to the certificate issuing process, and may be any process.
In particular, the execution determination device may be considered to control that the processing server executes the encryption process in the security module 60 that executes the encryption process. That is, when the processing server issues an instruction for the encryption process to the security module 60 that executes some encryption process, the execution determination device determines whether or not the security module 60 executes the encryption process. It may be a thing.

Next, the hardware configuration of the CA 10, RA 20, and security server 40 in the above embodiment will be described.
FIG. 27 is a diagram illustrating an example of a hardware configuration of the CA 10, the RA 20, and the security server 40.
As shown in FIG. 27, the CA 10, RA 20, and security server 40 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program. ing. The CPU 911 is connected to the ROM 913, the RAM 914, the LCD 901 (Liquid Crystal Display), the keyboard 902 (K / B), the communication board 915, and the magnetic disk device 920 via the bus 912, and controls these hardware devices. Instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.

  The ROM 913 and the magnetic disk device 920 are examples of a nonvolatile memory. The RAM 914 is an example of a volatile memory. The ROM 913, the RAM 914, and the magnetic disk device 920 are examples of a storage device (memory). The keyboard 902 and the communication board 915 are examples of input devices. The communication board 915 is an example of a communication device. Furthermore, the LCD 901 is an example of a display device.

  An operating system 921 (OS), a window system 922, a program group 923, and a file group 924 are stored in the magnetic disk device 920 or the ROM 913. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The program group 923 includes “certificate issue acceptance unit 11”, “PIN input unit 12”, “certificate issue unit 13”, “certificate issue request unit 21”, and “certificate verification unit 22” in the above description. , “Random number generation unit 23”, “random number transmission unit 24”, “random number reception unit 25”, “comparison reception unit 26”, “random number comparison unit 27”, “PIN input unit 28”, “PIN reception unit 29”, “Encryption unit 30”, “key generation unit 31”, “key transmission unit 32”, “key reception unit 33”, “command execution reception unit 41”, “random number reception unit 42”, “random number comparison unit 43”, “ “PIN input unit 44”, “execution determination unit 45”, “random number generation unit 46”, “random number transmission unit 47”, “comparison request unit 48”, “PIN request unit 49”, “key reception unit 50”, “decryption” Unit 51 ”,“ key generation unit 52 ”,“ key transmission unit 53 ”,“ command execution unit 61 ”,“ frame ” Software or programs and other programs to perform the functions described as de execution request unit 71 "and the like are stored. The program is read and executed by the CPU 911.
The file group 924 includes “issue information”, “certificate issuance request”, “command”, “PIN”, “encryption PIN”, “execution result”, “certificate”, and “random number” in the above description. , “Accepted random number”, “encryption key”, “decryption key”, “protection information” and other information, data, signal values, variable values, and parameters are stored as “file” and “database” items. . The “file” and “database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for the operation of the CPU 911 such as calculation / processing / output / printing / display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the operation of the CPU 911 for extraction, search, reference, comparison, calculation, calculation, processing, output, printing, and display. Is remembered.
In addition, the arrows in the flowcharts in the above description mainly indicate input / output of data and signals, and the data and signal values are recorded in a memory of the RAM 914 and other recording media such as an optical disk. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “to part” in the above description may be “to circuit”, “to device”, “to device”, “to means”, and “to function”. It may be “step”, “˜procedure”, “˜processing”. In addition, what is described as “˜device” may be “˜circuit”, “˜device”, “˜equipment”, “˜means”, “˜function”, and “˜step”, “ ~ Procedure "," ~ process ". Furthermore, what is described as “to process” may be “to step”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored in a recording medium such as ROM 913 as a program. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes a computer or the like to function as the “˜unit” described above. Alternatively, the computer or the like is caused to execute the procedures and methods of “to part” described above.

FIG. 2 is a functional block diagram showing functions of a certificate issuing system 101. 6 is a flowchart showing the operation of the certificate issuing system 101. FIG. 3 is a functional block diagram (1) showing functions of the certificate issuing system 100 according to the first embodiment. 4 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 3 is a functional block diagram (2) showing functions of the certificate issuing system 100 according to the first embodiment. 6 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 3 is a functional block diagram (3) showing functions of the certificate issuing system 100 according to the first embodiment. 8 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 4 is a functional block diagram (4) showing functions of the certificate issuing system 100 according to the first embodiment. 10 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 3 is a functional block diagram (1) showing functions of a certificate issuing system 100 according to a second embodiment. 12 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 6 is a functional block diagram (2) showing functions of the certificate issuing system 100 according to the second embodiment. 14 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 9 is a functional block diagram (1) showing functions of a certificate issuing system 100 according to a third embodiment. 16 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 9 is a functional block diagram (2) showing functions of the certificate issuing system 100 according to the third embodiment. 18 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 9 is a functional block diagram (1) showing functions of a certificate issuing system 100 according to a fourth embodiment. 20 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 10 is a functional block diagram (2) showing functions of the certificate issuing system 100 according to the fourth embodiment. The flowchart which shows operation | movement of the certificate issuing system 100 shown in FIG. FIG. 10 is a functional block diagram (3) showing functions of the certificate issuing system 100 according to the fourth embodiment. 24 is a flowchart showing the operation of the certificate issuing system 100 shown in FIG. FIG. 14 is a functional block diagram (4) showing functions of the certificate issuing system 100 according to the fourth embodiment. The flowchart which shows operation | movement of the certificate issuing system 100 shown in FIG. The figure which shows an example of the hardware constitutions of CA10, RA20, and the security server 40.

Explanation of symbols

  1 user, 2 administrator, 10 CA, 11 certificate issue acceptance unit, 12 PIN input unit, 13 certificate issue unit, 20 RA, 21 certificate issue request unit, 22 certificate verification unit, 23 random number generation unit, 24 Random number transmission unit, 25 random number reception unit, 26 comparison reception unit, 27 random number comparison unit, 28 PIN input unit, 29 PIN reception unit, 30 encryption unit, 31 key generation unit, 32 key transmission unit, 33 key reception unit, 40 security Server, 41 Command execution acceptance unit, 42 Random number reception unit, 43 Random number comparison unit, 44 PIN input unit, 45 Execution determination unit, 46 Random number generation unit, 47 Random number transmission unit, 48 Comparison request unit, 49 PIN request unit, 50 key Receiving unit, 51 decrypting unit, 52 key generating unit, 53 key transmitting unit, 60 security module, 61 command executing unit, 70 security proxy, 1 command execution requesting unit, 100 and 101 certificate issuing system.

Claims (15)

From the processing server that has received the processing request information transmitted by the client together with the authentication information of the client, a generation instruction of information necessary for executing the processing indicated by the processing request information and the authentication information are received via the communication device. A generation instruction receiving unit to perform,
Based on the authentication information received by the generation instruction receiving unit, the client confirms that the processing request has been transmitted, and executes the generation process indicated by the generation instruction received by the generation instruction receiving unit based on the confirmation result. An execution determination unit for determining whether or not by the processing device;
When the execution determination unit determines that the generation process is executed, the process result information generated by executing the generation process is transmitted to the processing server via a communication device, and the processing result information is transmitted to the processing server. And a result information transmitting unit that executes the requested process based on the above. The execution determination device further includes:
An authentication information receiving unit configured to receive authentication information from the client via a communication device when the client transmits processing request information to the processing server;
The execution determination unit confirms that the client has transmitted the processing request based on a result of comparing the authentication information received by the generation instruction reception unit and the authentication information received by the authentication information reception unit, The execution determination apparatus according to claim 1, wherein it is determined whether or not to execute the generation process. The execution determination device further includes:
An authentication information generating unit for generating authentication information by the processing device;
When the client transmits processing request information to the processing server, the authentication information generated by the authentication information generation unit is transmitted to the client via a communication device, and the client requests the authentication information together with the processing request information. An authentication information transmitting unit for transmitting to the processing server,
The execution determination unit confirms that the client has transmitted the processing request based on a result of comparing the authentication information received by the generation instruction reception unit and the authentication information generated by the authentication information generation unit, The execution determination apparatus according to claim 1, wherein it is determined whether or not to execute the generation process. The execution determination device further includes:
The authentication information received by the generation instruction receiving unit is transmitted to the client via a communication device, and a comparison process between the transmitted authentication information and the authentication information transmitted from the client to the processing server is requested. A comparison request unit for receiving the comparison result information via the communication device,
The execution determination unit confirms that the client has transmitted a processing request based on the comparison result information received by the comparison request unit, and determines whether to execute the generation process. The execution determination apparatus according to claim 1. The execution determination device further includes:
An authentication information generating unit for generating authentication information by the processing device;
When the client transmits processing request information to the processing server, the authentication information generated by the authentication information generation unit is transmitted to the client via a communication device, and the client requests the authentication information together with the processing request information. An authentication information transmitting unit to be transmitted to the processing server;
The authentication information received by the generation instruction receiving unit is transmitted to the client via the communication device, and the comparison process between the transmitted authentication information and the authentication information previously transmitted by the authentication information transmitting unit is requested and compared. A comparison requesting unit that receives processing comparison result information via a communication device;
The execution determination unit confirms that the client has transmitted a processing request based on the comparison result information received by the comparison request unit, and determines whether to execute the generation process. The execution determination apparatus according to claim 1. The execution determination device further includes:
A user information storage unit that stores in advance a user information necessary for executing the generation process in a storage device,
The said execution determination part inputs the user information which the said user information storage part memorize | stored when it determines with performing the said generation process, The said generation process is performed, The said any one of Claim 1-5 characterized by the above-mentioned. The execution determination device described in 1. The execution determination device further includes:
When the client transmits processing request information to the processing server, the client includes a user information receiving unit that receives user information necessary for executing generation processing from the client via a communication device,
The said execution determination part, when it determines with performing the said production | generation process, inputs the user information which the said user information receiving part received, and performs the said production | generation process, The one of Claim 1-5 characterized by the above-mentioned The execution determination device described in 1. The generation instruction receiving unit receives user information necessary for executing generation processing, which is user information encrypted with a predetermined encryption key by the client as authentication information,
The execution determination device further includes:
A key receiving unit that receives a decryption key corresponding to the encryption key via a communication device when the client transmits processing request information to the processing server;
A decryption unit that decrypts the encrypted user information received by the generation instruction reception unit with a decryption key received by the key reception unit by a processing device;
The execution determination unit confirms that the client has transmitted a processing request based on whether or not the decoding unit has decoded user information, and determines whether or not to execute the generation process. The execution determination device according to claim 1. The execution determination device further includes:
A key generation unit that generates an encryption key and a decryption key corresponding to the encryption key from a processing device;
A key transmission unit that transmits the encryption key generated by the key generation unit to the client via a communication device when the client transmits processing request information to the processing server;
The generation instruction receiving unit is user information necessary for executing the generation process, and receives user information encrypted by the encryption key transmitted by the key transmission unit by the client as authentication information,
The execution determination device further includes:
A decryption unit that decrypts the encrypted user information received by the generation instruction reception unit with a decryption key generated by the key generation unit by a processing device;
The execution determination unit confirms that the client has transmitted a processing request based on whether or not the decoding unit has decoded user information, and determines whether or not to execute the generation process. The execution determination device according to claim 1. The execution determination device further includes:
A random number receiving unit configured to receive a random number from the client via a communication device when the client transmits processing request information to the processing server;
The generation instruction receiving unit receives, as authentication information, a random number encrypted with the predetermined encryption key by the client, together with user information encrypted with a predetermined encryption key,
The decrypting unit decrypts the encrypted user information, decrypts the encrypted random number received by the generation instruction receiving unit,
The execution determination unit determines whether the decryption unit has successfully decrypted the user information, and the client performs processing based on the result of comparing the random number decrypted by the decryption unit and the random number received by the authentication information reception unit. The execution determination apparatus according to claim 8 or 9, wherein it is confirmed whether or not the generation process is executed after confirming that the request has been transmitted. The execution determination device further includes:
A random number generator for generating random numbers by the processing device;
When the client transmits processing request information to the processing server, the random number generated by the random number generation unit is transmitted to the client via a communication device, and the random number is encrypted with the predetermined encryption key. And an authentication information transmitter that transmits the processing request information to the processing server.
The generation instruction receiving unit receives the encrypted random number as authentication information by the client together with user information encrypted with a predetermined encryption key,
The decrypting unit decrypts the encrypted user information, decrypts the encrypted random number received by the generation instruction receiving unit,
The execution determination unit determines whether the decryption unit has successfully decrypted the user information, and based on the result of comparing the random number decrypted by the decryption unit and the random number generated by the random number generation unit, the client requests the processing The execution determination apparatus according to claim 8, wherein it is determined whether or not the generation process is to be executed. A certificate issuance request sent by the client is received together with the authentication information of the client, and a command for generating information necessary for issuing the certificate and the authentication information are received via the communication device. A generation instruction receiving unit;
Based on the authentication information received by the generation instruction receiving unit, the client confirms that the client has transmitted a certificate issuance request, and determines whether or not to execute the command received by the generation instruction receiving unit. An execution determination unit;
When the execution determination unit determines that the command is executed, processing result information generated by executing the command is transmitted to the certificate issuing server via a communication device, and the processing is transmitted to the certificate issuing server. An execution determination apparatus comprising: a result information transmission unit that issues a certificate based on the result information. An execution determination system in which a client, a processing server, and an execution determination device are connected via a network.
The above client
A request transmission unit that transmits processing request information for requesting execution of a predetermined process together with authentication information to the processing server via a communication device;
The processing server
A request receiving unit that receives the processing request information and the authentication information transmitted by the request transmitting unit via a communication device;
A generation instruction transmission unit that transmits a generation instruction of information necessary for executing the predetermined process indicated by the processing request information received by the request reception unit and the authentication information via a communication device;
The execution determination device is
A generation instruction receiving unit that receives the generation instruction and the authentication information transmitted by the generation instruction transmission unit via a communication device;
Based on the authentication information received by the generation instruction receiving unit, confirms that the client has transmitted a processing request, and determines whether or not to execute the generation process indicated by the generation instruction received by the generation instruction receiving unit An execution determination unit for determining by
When the execution determination unit determines to execute the generation process, a result information transmission unit that transmits the process result information generated by executing the generation process to the processing server via a communication device,
The processing server further includes:
An execution determination system comprising a process execution unit that executes the predetermined process based on the process result information transmitted by the result information transmission unit. The communication device receives an instruction to generate information necessary for executing the processing indicated by the processing request information and the authentication information from the processing server that has received the processing request information transmitted by the client together with the authentication information of the client. A generation instruction receiving step;
The processing apparatus confirms that the client has transmitted a processing request based on the authentication information received in the generation instruction reception step, and the generation indicated by the generation instruction received in the generation instruction reception step based on the confirmation result An execution determination step for determining whether or not to execute the process;
When the communication apparatus executes the generation process, when the determination is made in the execution determination step, the generation result is generated and the processing result information generated by the generation process is transmitted to the processing server, and the processing result information is transmitted to the processing server. A result information transmitting step for executing a requested process based on the execution determination method. A generation instruction reception process for receiving a generation instruction of information necessary for executing the process indicated by the processing request information and the authentication information from a processing server that has received the processing request information transmitted by the client together with the authentication information of the client. When,
Based on the authentication information received in the generation instruction reception process, the client confirms that the processing request has been transmitted, and executes the generation process indicated by the generation instruction received in the generation instruction reception process based on the confirmation result. Execution determination processing for determining whether or not,
If it is determined in the execution determination process that the generation process is executed, the process result information generated and generated in the generation process is transmitted to the process server, and requested to the process server based on the process result information. An execution determination program for causing a computer to execute a result information transmission process for executing a process.

Images