JP2010057049A - Relay service apparatus and service providing device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a relay service apparatus and service providing device in which even if particular data such as a private key, that a data protection committee has, are leaked, account numbers like category numbers that all users have for each of services, are not known. <P>SOLUTION: The relay service apparatus includes: a means for acquiring, when an encrypted sentence of an account number in an apparatus and an identifier of another service institute are sent to the apparatus, the account number in the apparatus by decrypting the encrypted sentence, and redirecting an encrypted sentence of an account number in the other service institute; and a means for confirming that all encrypted sentences using a public key of each of service institutes corresponding to an account number of a user for each service institute correspond to the account number for the same user, and then storing the encrypted sentence on a table corresponding to the account number. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention stores an account number for each service of a user, and provides a relay service apparatus and service for returning information on the account number that the user has for each service in response to an inquiry from a user other than the user himself / herself Relates to the device.

  As a conventional account number management service, there is a method listed in Non-Patent Document 1. The method of Non-Patent Document 1 will be described with reference to FIG.

  A number called CRR number <101> is assigned to the user, the data protection committee, and the user shown in FIG. It is assumed that this is recorded in a database called the central resident register <100>.

  Also, it is assumed that personal information <102> such as name is also recorded in this register <100>.

  The data protection committee <104> holds the secret key <105>. A field code <109> is assigned to each service provider <111> that provides a service to the user.

  Further, these service providers <111> have a pair of encryption public key and secret key, and disclose the public key.

  The data protection committee <104> converts the CRR number <101> of each user with the secret key <105> possessed by the data protection committee to generate a number called a source pin <106>, which corresponds to this. Store in the card <107> issued to the user.

  When a user uses a service <111>, a hash value of data including a user source pin <106> and a field code <109> of the service provider is generated <108> and used The field-specific number <110> (count number) in this service of the user. The service provider <111> manages users with this field number <110>.

  On the other hand, it is assumed that a certain service provider S <111> wants to refer to data existing in a service provider S ′ <117> of a specific user who is common to different service providers S ′ <117>. At this time, the service provider extracts the user's field number N <110> in the service provider S <111> and sends it to the data protection committee <104>. In addition, personal information <112> of the user such as the name of the user is also sent.

  The data protection committee <104> sends the information received from the service provider S <111> to the central resident registry <100>, and the corresponding user's CRR number <101> is received from the personal information <112, 102>. figure out. The data protection committee <104> generates the source pin <106> of the user from the CRR number <101> and the private key <105> held by the data protection committee <104>, and the source pin and service Using the field code <113> of the provider S ′ <117>, a field-specific number <119> in the service provider S ′ <117> of the user is generated. The data protection committee encrypts <115> the field-specific number <119> with the public key for encryption disclosed by the provider of the service provider S ′ and sends it to the service provider S <111>. To do.

The service provider S <111> sends the ciphertext <116> of the field number of the service provider S ′ <117> to the service provider S ′ <117>, and requests the reference of the data of the corresponding user. To do. The service provider S ′ <117> decrypts the ciphertext with its own private key <118> to identify the field-specific number <119> of the user's service provider S ′, and data about the user Is returned to the service provider S <111>.
Materials on the Internet Yusuke Koizumi, Erika Yoshida "E-Government Using Resident Databases-Austria, Estonia, Germany" http://www.candc.or.jp/cyosa_kenkyu/pdf/2007/080306_soken.pdf Introduction of NEC, C & C Foundation, Austrian e-Government System

  As a feature of Non-Patent Document 1, even if a field-specific number in one service is leaked, a field-specific number in another service is not known. Therefore, when one service provider leaks information, information leaks in another service This has the effect of limiting the impact on

  Conventionally, however, there is a problem that an unauthorized person who has obtained another person's card can obtain a source pin by analyzing the card and obtain a field-specific number for all services. In addition, since the loss or theft of the card is an ordinary event that frequently occurs as a whole, such misuse of the card by an unauthorized person is a practical problem.

  As another feature of Non-Patent Document 1, when the service provider S refers to data regarding the same user as the other service provider S ′, it is necessary to inform each other of the user's field number in the partner service. There may be no.

  However, in the past, when referring to data with other service providers, it is necessary to contact the Data Protection Committee every time, which increases the amount of processing by the Data Protection Committee and the service provider, and is a burden on both. There is.

  In addition, there is a problem that if the secret key of the data protection committee is leaked, there is a risk that all field numbers of all users will be revealed.

  Therefore, the present invention provides a relay service apparatus in which account numbers such as the field-specific numbers of all services are not known even if special data such as a secret key of the data protection committee is leaked and An object is to provide a service providing apparatus.

  In order to achieve the above object, a first relay service apparatus according to the present invention is a relay service apparatus that provides an account number management service to a plurality of users, and communicates with a service organization that provides the service. Means, a means for verifying the signature of the card issuer, an account number in the apparatus is allocated to each user, a table corresponding to the account number is stored, and for each service organization used by the corresponding user, Means for storing the ciphertext of the service number of the user at the service organization using the public key of the service organization, and the service organization stores the ciphertext of the account number in the device and the identifier of another service organization in the device. If it has been sent, the ciphertext is decrypted to obtain an account number in the device, and the account at the other service organization is obtained. After confirming that all the ciphertexts by means of the public key of the service institution of the user account number of each service institution and the public key of the service institution for each service institution are account numbers for the same user And a means for storing in a table corresponding to.

  A first service providing apparatus according to the present invention is a service providing apparatus that provides a service to a plurality of users, and includes a relay service, a card issuer, means for communicating with other service organizations, a card issuer Means for verifying the signature, and means for allocating an account number in the apparatus to each user and storing a table corresponding to the account number, wherein the table includes an account of the corresponding user in the relay service The ciphertext by the public key of the relay service of the number is stored, and the ciphertext by the public key of the service institution of the user account number at the service institution is stored for each other service institution used by the corresponding user. It is characterized by storing.

  According to the present invention, even if special data such as a secret key held by the data protection committee is leaked, an account number such as an account number such as a field-specific number that all users have for each service, and It is possible to provide a service providing apparatus.

  In the present invention, when a certain user is registered in a plurality of services, the account number of each service of the user is stored, and this user can be assigned to each service even for inquiries from other than the user himself / herself. This is a service that returns the information of the account number that it has, and the inquirer does not know the account number from the response of the account number information, and only the corresponding service can know this.

Embodiments for carrying out the present invention will be described below.
The embodiments described below are suitable or best configurations and processes for solving the problems of the present invention. However, the present invention is not limited to this, and the configuration and processing can be modified and changed within a range that can be easily conceived by those skilled in the art.

  Card issuer, card issued with a unique card number assigned by the card issuer (hereinafter referred to as “card”), card user (hereinafter referred to as “user”), terminal that can be used by the user and connected to the network, network Suppose that there are a plurality of relay services connected to the network and a plurality of service organizations connected to the network and providing various services.

  The user <203>, the user card <202>, the relay service <204>, each service organization <205>, and the card issuer <200> shown in FIG. Is stored. In addition, when each user registers or a service organization uses this system, the data stored in each user also increases or changes.

  The following data is stored in the card <202> of the user U <203>.

  enc (ssn) <201>: The ciphertext of the card number ssn that can be decrypted by the card issuer <200>.

  Each user <203> holds the following information.

  The N (U, B) ciphertext enc (B, U) <207> with the public key <206> of the relay service <204> and each service institution <205> are authenticated by the service institution <205>. It is assumed that the authentication information <208> and the relay service <204> necessary for this hold the following information.

  For each user <203>, a corresponding table <210> is prepared for the account number N (U, B) <209> of each user and each N (U, B) <209>, and is used in the initial state. The ciphertext enc (ssn) <211> of the card number held by the user is stored.

  The public key of the public key and private key <206> of public key cryptography that can be re-encrypted, such as ElGamal cryptography, is made public.

  Assume that each service organization <205> holds the following information. For each user <203>, the information <212> necessary for authenticating the user, the public key of the public key and private key <213> that can be re-encrypted such as ElGamal encryption Will be published.

  The public key of the public key / private key pair <214> for public key cryptography for signature is made public. It is assumed that the information <217> for verifying the user and the card issuer <200> hold the following information.

  The public key of the public key and private key <215> of public key cryptography that can be re-encrypted such as ElGamal cipher is made public.

  The public key of the public key / private key pair <216> for public key cryptography for signature is made public. In the information <218> for collating users, the present system has two operation modes. These are registration and use, and will be described in order.

[Registration of user service organization]
User <203> connects to service organization <205>. Each of them uses the necessary information <208, 212>, and the service organization <205> authenticates the user <203><219>.

  The user <203> sends the ciphertext enc (ssn) <201> of the card number and the ciphertext enc (B, U) <207> of the account of the relay service <204> to the service organization <205>. If the previous authentication <219> for the user of the service organization is performed by a non-interactive method such as a signature, this sending process can be performed simultaneously with the previous authentication.

  The service organization <205> generates an account number N (U, S) of a user who can pass only by this service organization <220>. Further, N (U, S) ciphertext enc (S, U) is generated with the public key <213> of this service organization <221>.

  The service organization <205> sends enc (ssn), enc (B, U), the ciphertext enc (S, U) of the account number, and verification information <217> sufficient to verify the card issuer to the sending information < 222> to the card issuer <200>. The card issuer <200> receives it as reception information <223>.

  The card issuer <200> decrypts <224> the enc (ssn) received from the service organization <205> to obtain the card number ssn <225>.

  The ssn issuer information <218> in its own database is compared with the collation information <217> sent from the service organization to confirm that the information relates to the same person <226>.

  If they are the same, a signature sig (ssn, I) for (enc (ssn), enc {S, U}) is generated, and <227>, (enc (B, U), enc (ssn), enc (S , U), sig (ssn, I)) to the relay service <228>.

  When the relay service <204> receives (enc (B, U), enc (ssn), enc (S, U), sig (ssn, I)) <229>, it decrypts enc (B, U) < 230> to obtain N (U, B) <209>.

  It is confirmed that the same enc (ssn) <211> is stored in the corresponding table <210>. Furthermore, it is confirmed that sig (ssn, I) is a valid signature by the card issuer <200> for (enc (ssn), enc (S, U)) <231>.

  The relay service adds (enc (S, U), sig (ssn, I) <232,233> to this table, and the service organization <205> re-encrypts <234> enc (B, U). Enc (B, U) ′ <235> is stored in association with N (U, S).

[Use between service organizations]
Next, utilization between service organizations will be described with reference to FIG.
A user U exists and has an account number N (U, S) <302> at a service organization S <301> and an account N (U, T) <304> at a service organization T <303>. To do.

  At this time, the service institution S <301> connects to the service institution T <303> and refers to data regarding the user U.

  It is assumed that this user U has a card whose card number is ssn and has already registered the service organization S <301> and the service organization T <303>.

That is, the relay service B <300> has a table <305> relating to the account number N (U, B) of the user U at B, and this table contains enc (ssn) <306>, N (U, S), the ciphertext enc (S, U) <307> with the public key <309> of the service organization S <301> and the signature sig of the card issuer for the pair (enc (ssn), enc (S, U)) (Ssn, i, S) <308>, ciphertext enc (T, U) <311> by public key <310> of service organization T <303> of N (U, T) and pair (enc (ssn)) , Enc (T, U)), the card issuer signature sig (ssn, I, T) <312> is stored.

  The service organization S <301> has <302> related to the account number N (U, S) and the ciphertext enc (B, U, B) of the public key <313> of B <300> of N (U, B). S) <314> is stored.

  The service organization T <303> has a ciphertext enc (B, U, T) associated with the account number N (U, T) <304> and the public key <313> of B <300> of N (U, B). T) <315> is stored.

  The service organization S <301> extracts enc (B, U, S) <314> from the table <302> relating to N (U, S).

  The identifier of service institution T and enc (B, U, S) are sent to relay service B <316>. The relay service B <300> decrypts <317> enc (B, U, S) to obtain N (U, B).

  Next, (enc (ssn), enc (T, U), sig (ssn, I, T)) is obtained from the table <305> relating to N (U, B).

In accordance with a given rule, the relay server sends (enc (ssn), enc (S, U), sig (ssn, I, S), enc (T, U), sig (ssn,
I, T)) is returned <318>, enc (T, U) is returned <318>, or nothing is returned.

The service organization S is (enc (ssn), enc (S, U), sig (ssn, I, S
), Enc (T, U), sig (ssn, I, T))
n, I, S) is confirmed to be a valid signature of I for (enc (ssn), enc (S, U)), and sig (ssn, I, T) is (enc (ssn), enc ( Confirm that it is a legitimate signature of I for T, U)) <319>.

  The service organization S <301> sends a request to the service organization T for data related to enc (T, U) <320>, its identifier, and the account number N (U, S) to the service organization T <321>, The service organization T decrypts <322> enc (T, U) to obtain N (U, T). The request from the service organization S is answered <323>.

  The service organization S re-encrypts <324> enc (T, U) to be enc (T, U) ′ <325>, and stores <302> in relation to N (U, S). From the next time onward, a request is made to the service organization T using the re-encrypted data of enc (T, U) without making an inquiry to the relay service B.

  According to the present embodiment, since the account numbers of the same user in each service organization are generated independently, leakage of account numbers in one service organization may cause account numbers in other service organizations to leak. Does not lead to leakage.

  In addition, since the account number is encrypted and stored in the relay service or other service organization, the user's card for using the service is obtained by an unauthorized person, and the account number is analyzed by the unauthorized person. Since the numbers stored in the relay service and service organization are also encrypted, the relay service and service organization do not get the account number illegally.

  In addition, according to the present embodiment, when a certain service institution refers to data related to a user in another service institution, it is light data that only uses the result of the inquiry to the relay service for the ciphertext of the account number or the previous inquiry. There is an advantage to be processed.

  Furthermore, according to the present embodiment, even if a plurality of users collide, it is not possible for one service organization to refer to different user data with respect to other service organizations. This is because there is a registration process in which the correspondence between the account number at each service organization and the ciphertext of the card number is confirmed by the card issuer and the service organization.

  As described above, according to the present invention, when a user exchanges information regarding a specific user among a plurality of service organizations in a system that uses a service organization with a single IC built-in card. Since it is not necessary to tell the account number of the corresponding user at each service organization to other service organizations, it is possible to construct a system in consideration of the privacy of the user.

  In particular, since there is no special institution or special data that can be used to derive all account numbers, it is possible to construct a system that strongly protects user privacy.

It is a figure which shows the one aspect | mode of the user's service organization registration in this invention. It is a figure which shows the one aspect | mode of the utilization between the service organizations in this invention. It is a figure which shows the one aspect | mode of the conventional account number management service.

Explanation of symbols

100 Central Resident Register 104 Data Protection Committee 104, 107 Card 111 Service Provider 117 Service Provider S '
200 Card Issuer 202 User Card 203 User 204 Relay Service 205 Service Institution 300 Card Issuer 300 Relay Service 301 Service Institution S
303 Service organization T

Claims (8)

A relay service device that provides an account number management service to a plurality of users,
Means for communicating with a service organization providing the service;
A means of verifying the card issuer's signature;
An account number in this apparatus is allocated to each user, a table corresponding to the account number is stored, and for each service organization used by the corresponding user, the account number of the user at the service organization Means for storing a ciphertext with a public key;
When the service organization sends the ciphertext of the account number in the device and the identifier of another service organization to the device, the ciphertext is decrypted to obtain the account number in the device, and the other A means of returning the ciphertext of the account number at the service organization;
After confirming that all the ciphertexts of the user account number of each service institution by the public key of the service institution are account numbers for the same user, means for storing in a table corresponding to the account number; A relay service device comprising: In the table, in addition to storing the ciphertext of the card number of the card held by the corresponding user, for each service institution used by the corresponding user, the account number of the user at the service institution Ciphertext with the public key of the service organization,
2. The relay service device according to claim 1, wherein a ciphertext of the account number and a card issuer signature for a set of ciphertext of the card number are stored. If the service organization has sent the ciphertext of the account number in this device and the identifier of another service organization to this device, if the ciphertext is decrypted and the account number in this device is obtained, In addition to returning account number ciphertext at other service agencies,
In accordance with the determined rules, the ciphertext of the card number stored in the table corresponding to the obtained account number, the ciphertext of the account number at the service organization that sent the data, the ciphertext of the card number and the data were sent The card issuer's signature for the ciphertext of the account number at the service organization,
The ciphertext of the account number at the other service organization, the ciphertext of the card number, and the signature of the card issuer for the set of ciphertext of the account number at the other service organization are returned. 3. The relay service device according to 2. Regarding the service organization, the ciphertext of the account number of a certain user at the service organization, the ciphertext of the card number of the user's card, the ciphertext of the account number of the user at the service organization and the user's If the card issuer's signature is received for the card number ciphertext pair,
The validity of the signature is verified, and the ciphertext of the user's account number at the service institution, the ciphertext of the user's account number at the service institution and the cipher of the card number of the user's card 4. The relay service device according to claim 3, wherein the relay service device is newly stored in a table relating to the user based on the signature of the card issuer for the pair with the sentence. A service providing apparatus that provides services to a plurality of users,
Means for communicating with relay services, card issuers and other service organizations;
A means of verifying the card issuer's signature;
Means for allocating an account number in the apparatus to each user and storing a table corresponding to the account number;
The table stores the ciphertext of the account number of the corresponding user's relay service using the public key of the relay service, and uses the service number for each other service organization used by the corresponding user. A service providing apparatus for storing a ciphertext of a public key of the service institution of an account number of a user. With respect to the user, the relay service has means for sending the account number of the user relay service stored in the table and the identifier of one service organization,
From the relay service, the card issuer's signature for the ciphertext of the card number, the ciphertext of the user's account number on the device, the ciphertext of the card number, and the ciphertext of the user's account number on the device ,
Whether the ciphertext of the account number at the one service institution, the ciphertext of the card number, and the signature of the card issuer for the pair with the ciphertext of the account number at the one service institution are returned and received. ,
Alternatively, the service providing apparatus according to claim 5, wherein the ciphertext of the account number at the first service organization is returned and received. The card issuer's signature for the ciphertext of the card number, the ciphertext of the user's account number on the device, the ciphertext of the card number, and the ciphertext of the user's account number on the device;
When the ciphertext of the account number at the one service organization, the ciphertext of the card number, and the signature of the card issuer for the ciphertext of the account number at the one service organization are received,
Confirm that the card issuer's signature is valid for the ciphertext of the card number and the ciphertext of the account number of the user in this device,
Confirm that the card issuer's signature is valid for the ciphertext of the card number and the ciphertext of the account number at the one service institution,
A ciphertext of an account number at the one service organization, and means for sending a request regarding the user to the one service organization;
7. The service providing apparatus according to claim 6, further comprising means for re-encrypting the ciphertext of the account number at the one service institution and storing a table corresponding to the account number in a storage. If you receive a registration request with a ciphertext for the card number of your card,
Generate a ciphertext of the user's account number on this device,
8. The service providing apparatus according to claim 7, further comprising means for sending the ciphertext of the card number, the ciphertext of the account number, and information about the user to the card issuer.

Images