JP2011045016A - Communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication system which can securely and simply make a communication between a device and a server by authenticating a service providing destination and a device to be used for service provision by utilizing a digital certificate when providing a service through the Internet. <P>SOLUTION: The communication system includes a server apparatus and a plurality of terminal apparatuses. The server apparatus stores beforehand contract information which makes corresponding a terminal certificate issued in common for a plurality of terminal apparatuses, a service certificate for enabling provision of a predetermined service, and a contract identification code from which a provision contract of the predetermined service can be individually identified. The server apparatus transmits a service certificate corresponding to a contract identification code received from a terminal apparatus authenticated with a terminal certificate to the terminal apparatus. Each of the plurality of terminal apparatuses stores a terminal certificate beforehand and obtains an established contract identification code after a provision contract of a predetermined service is established. When the terminal apparatus is authenticated from the server apparatus using the terminal certificate, the terminal apparatus receives a service certificate corresponding to the contract identification code form the server apparatus. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention, when providing a service using an IP network such as the Internet, uses a digital certificate to authenticate a service providing destination and a device used for service provision, thereby enabling safe and simple communication with a center server. The present invention relates to a communication system.

  Conventionally, in systems that provide services to the target person using an open network such as the Internet, there is a risk of “spoofing” or “sniffing” by unauthorized terminals on the communication path, so the communication path is safe. As one method for ensuring reliability, a method using an electronic certificate in a standard protocol such as SSL (Secure Sockets Layer) is used.

  In such a system, the electronic certificate (and its private key) is issued by a certificate authority trusted by a service provider (server or the like) and a service provider (client or the like). The electronic certificate (and its private key) issued from the certificate authority is distributed to the authentication subject by various methods after the identity of the subject of authentication is confirmed. For example, in order to prevent leakage of the private key of an electronic certificate, it may be distributed by means such as identity verification mail after being stored in a tamper-resistant chip such as an IC card.

  Similarly, when the person to be authenticated is not a “person” but a “terminal (device)”, the electronic certificate (and its private key) must be securely issued and distributed and stored in the terminal. For example, at the time of manufacturing the device, means such as incorporating a different electronic certificate (and its secret key) for each terminal into a storage device such as a tamper resistant chip may be used. Also, there is a method of incorporating a temporary electronic certificate at the time of manufacturing the device and replacing it with a formal electronic certificate generated using information unique to the device at the first use of the device (for example, Patent Document 1). .

JP 2008-54290 A

  However, when separate electronic certificates are incorporated into individual terminals when manufacturing the terminals, there are the following problems. The first is to understand in the distribution process the cost of the installation process that requires separate electronic certificates to be installed in each terminal at the time of manufacture, and “which certificate is in which terminal”. This is a problem that a terminal article management cost that must be kept occurs.

  Second, if it is assumed that the terminal used for the service is a rental product, the terminal will be reused for other service contracts even after the termination of a certain service contract. The problem is that electronic certificates to be used must be replaced safely and easily.

  The third problem is that a private key of an electronic certificate for accessing a server that provides a service may be leaked from a terminal that is in the distribution process after shipment, and may be impersonated as a specific service provider. is there.

  An object of the present invention is to provide a communication system that can safely and easily use an electronic certificate in a terminal associated as a specific service providing destination with respect to the various problems described above.

  In order to solve this problem, the present invention provides a communication system including a server device connected to a network and a plurality of terminal devices to provide a predetermined service, wherein the server device includes the plurality of terminals. A terminal certificate issued in common to the device, a service certificate that enables provision of the predetermined service, and contract information that associates a contract identification code that can individually identify a contract for provision of the predetermined service are stored in advance. And receiving the service certificate request signal including the contract identification code and the terminal certificate from the terminal device, authenticating the terminal certificate, and if the authentication is successful, the contract identification code from the contract information A service certificate management unit that transmits a service certificate including a private key corresponding to the terminal device to the terminal device. A storage unit that stores the contract, a contract identification code acquisition unit that acquires a contract identification code given by the establishment after the provision contract for the predetermined service is established, and the acquired contract identification code and the storage unit A service certificate request signal including a terminal certificate is transmitted to the server device, a service certificate including a private key transmitted from the server device is received in response to the service certificate request signal, and stored in the storage unit There is provided a communication system, comprising: a service certificate acquisition unit to be provided; and a service execution unit that receives provision of a predetermined service using the service certificate.

  Accordingly, the terminal device can store a common terminal certificate in advance before the service provision contract is established. Further, when a contract for a predetermined service is established, a service certificate for each contract can be stored in a specific terminal device. That is, since the terminal certificate can be used in common for a plurality of terminal devices, the terminals can be uniformly manufactured at the time of manufacturing, and the management of the terminal certificate and the terminal becomes easy. Further, since the terminal certificate can be used in common for a plurality of terminal devices, the cost of the terminal certificate can be reduced. Furthermore, even in the process of distributing terminal devices and terminal certificates, since the service certificate is not contained in the terminal device, it also serves as a countermeasure against leakage of the private key of the service certificate, and it is necessary to individually manage the items of the terminal Disappears.

  In such a communication system, the validity period of the terminal certificate is preferably longer than the validity period of the service certificate. As a result, even if a terminal device is rented based on a service provision contract for a certain period and the service provision contract is changed, a new one can be used using the same terminal device while the terminal certificate is valid. Service can be provided. That is, the terminal device can be reused.

  In such a communication system, the terminal device preferably obfuscates and stores a password for using the terminal certificate. Thereby, even if the secret key of the terminal certificate stored in the terminal device is leaked, misuse can be prevented.

  ADVANTAGE OF THE INVENTION According to this invention, the communication system which can use the electronic certificate safely and easily in the terminal which can reduce the cost (manufacturing cost, article management cost in the distribution process) of the terminal and can cope with the reuse of the rental product. Can be provided.

It is a block diagram of the communication system by this invention. It is a figure for demonstrating the structure of a server apparatus. It is a figure for demonstrating the structure of a terminal device. It is a figure for demonstrating the contract information table of a server apparatus. 3 is a flowchart of a communication system according to the present invention. It is a flowchart of the initial setting process of a server apparatus. It is a flowchart of the initial setting process of a terminal device.

  Hereinafter, embodiments of a communication system according to the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram of a communication system according to the present invention. The communication system shown in FIG. 1 includes a server device 1 that provides a service and a plurality of terminal devices 2 that are installed at a user's home and receive the service provided via a network 3.

  FIG. 2 is a configuration diagram of the server device 1. The server device 1 provides a predetermined service to the terminal device 2 through the network 3. For this purpose, a communication interface (I / F) unit 13 that performs communication with the terminal device 2 through the network 3, a control unit 12 that performs various controls of the server device 1, and a storage unit 11 are provided.

  The storage unit 11 is a storage device such as a ROM, a RAM, or a magnetic hard disk, stores various programs and various data, and provides a terminal certificate issued in common to the plurality of terminal devices 2 and a predetermined service. A contract information table 111 is stored in which a service certificate distributed individually for each service contract is associated with a contract identification code that can individually identify a provision contract for a predetermined service. Here, the contract information table indicates that when a service provision contract is established with the user, the person in charge on the service providing side provides a service contract from the person-in-charge terminal (not shown) via the network 3 for each service contract. A unique contract identification code is assigned, and a service certificate issued from a certificate authority (not shown) and distributed individually for each service contract is linked to this contract identification code in a one-to-one relationship and stored in the storage unit 11. ing. When the person in charge on the service providing side designates the terminal device 2 to be installed at the user's home when providing the service from the person in charge terminal (not shown) via the network 3, the terminal device 2 and a plurality of terminals are collected. The corresponding terminal certificate is read out from a terminal information table (not shown) for managing the correspondence relationship between the common terminal certificates, linked with the above-described contract identification code and service certificate, and stored in the storage unit 11.

  The terminal certificate is a certificate that proves that the terminal is permitted to access the server device 1 that provides the service, is issued by a certificate authority (not shown), and is stored in the terminal device 2 at the time of manufacture. When the terminal device 2 acquires the service certificate, the server device 1 is used for online authentication that the terminal device 2 is permitted to access the server device 1 that provides the service.

  The service certificate is a certificate that certifies that the terminal is installed at the user's home that has signed a service contract, is issued by a certificate authority (not shown), and after the service contract is signed, the terminal device 2 performs a predetermined service. Is used for the server device 1 to authenticate online that the terminal is authorized to use a predetermined service.

  The contract identification code is a unique number assigned to each service contract, and various contract information such as personal information (address, telephone number, etc.) of the service contractor is associated with the contract identification code.

  FIG. 4 is an example of the contract information table 111. The contract identification code, service certificate, and terminal certificate are registered in association with each other. For example, a record in which the contract identification code is 000001, the service certificate is AAAA, and the terminal certificate is XXX is registered. In FIG. 4, there are two types of terminal certificates, XXXX and YYYY, the contracting party with the contract identification code 000001 to 000003 is the terminal device storing the terminal certificate XXXX, and the contract identification code is 000004 to 000006 is the terminal A terminal device storing the certificate YYYY is installed. In the correspondence between the contract identification code and the service certificate, the service contract AAAA for the contract identification code 000001, the service certificate BBBB for the contract identification code 000002, the service certificate CCCC for the contract identification code 000003, and so on. Assigned to each. The terminal certificate and service certificate registered in the contract information table 111 may be a certificate identifier that can identify each certificate or a certificate itself.

  The control unit 12 includes a service certificate management unit 121. The service certificate management unit 121 authenticates the terminal device 2 by authenticating the terminal certificate received from the terminal device 2, establishes an SSL connection, and then requests a service certificate including a contract identification code from the terminal device 2. When the signal is received, a service certificate corresponding to the designated contract identification code is read from the contract information table 111 of the storage unit 11 and transmitted to the terminal device 2 via the communication I / F unit 13. Further, the control unit 12 authenticates the terminal device 2 by authenticating the service certificate received from the terminal device 2 that has already acquired the service certificate, establishes an SSL connection, and provides a predetermined service. .

  The communication I / F unit 13 is an interface that communicates with the terminal device 2 through the network 3.

  FIG. 3 is a configuration diagram of the terminal device 2. The terminal device 2 receives provision of a predetermined service from the server device 1 through the network 3. Therefore, a communication interface (I / F) unit 25 that performs communication with the server device 1 through the network 3, a control unit 22 that performs various controls of the terminal device 2, a storage unit 21, an input unit 23, and a display unit 24.

  The storage unit 21 is a memory device such as a ROM or a RAM, stores various programs and various data, stores a terminal certificate (and its private key) in advance, and obtains a contract identification code from the control unit 22 The contract identification code acquired from the unit 221 and the service certificate (and its private key) acquired from the service certificate acquisition unit 222 of the control unit 22 are stored. Here, the terminal certificate is a manufacturing apparatus (not shown) that manufactures the terminal apparatus 2 by storing a common terminal certificate collectively from a plurality of certificates issued from a certificate authority (not shown) when the terminal apparatus 2 is manufactured. Is stored in the storage unit 21.

  The control unit 22 includes a contract identification code acquisition unit 221, a service certificate acquisition unit 222, and a service execution unit 223.

  The contract identification code acquisition unit 221 acquires the contract identification code from the input unit 23 and stores it in the storage unit 21 prior to the start of service use.

  The service certificate acquisition unit 222 reads the contract identification code and the terminal certificate in the storage unit 21, transmits a service certificate request signal including the terminal certificate to the server device 1 via the communication I / F unit 25, and The service certificate transmitted from the server apparatus 1 in response to the certificate request signal is received, and the received service certificate is stored in the storage unit 21.

  The service execution unit 223 reads the service certificate in the storage unit 21, transmits it to the server device 1 that provides the service via the communication I / F unit 25, and receives authentication that the terminal can use the service. Get service at.

  The input unit 23 includes a keyboard, a numeric keypad, an external input terminal, and the like. For example, at the time of initial setting, it is used to acquire a contract identification code from the outside, and is directly input by a keyboard or a numeric keypad, or is input from a mobile terminal connected to an external input terminal.

  The display unit 24 includes a liquid crystal display (LCD), an LED, an external output terminal, and the like. For example, it can be used to check the settings and progress at the time of initial setting, display various information at the time of service provision, etc., and display directly on a liquid crystal display (LCD) or LED, or output to a mobile terminal connected to an external output terminal. Or

  The communication I / F unit 25 is an interface that communicates with the server device 1 through the network 3.

  The network 3 is connected to the server device 1 and the terminal device 2 and is an IP network such as a wide area communication network such as the Internet or a closed area communication network.

  Next, the processing flow of the communication system of FIG. 1 will be described with reference to FIG. The processing flow described below is controlled by a program executed by the control units 12 and 22.

  FIG. 5A is a flowchart when the terminal device 2 is initially set in the communication system of FIG. As shown in FIG. 5A, the processing flow of the communication system starts when a contract identification code is input to the terminal device 2 (step S1). When the contract identification code acquisition unit 221 acquires the contract identification code via the input unit 23, the service certificate acquisition unit 222 transmits an SSL connection request to the server device 1 (step S2). At this time, the terminal device 2 transmits the terminal certificate (excluding the secret key) read from the storage unit 21 in order to receive authentication by the server device 1.

  The server device 1 that has received the SSL connection request authenticates the terminal certificate transmitted from the terminal device 2 (step S3), and can authenticate that the terminal is permitted to access the server device 1. The SSL connection is established (step S4).

  When the SSL connection is established, the service certificate acquisition unit 222 of the terminal device 2 transmits a service certificate request signal via the communication session encrypted by the established SSL connection (step S5). At this time, the service certificate acquisition unit 222 reads the contract identification code stored in the storage unit 21 and transmits the contract identification code to the server device 1.

  The server apparatus 1 that has received the service certificate request signal confirms the contract identification code transmitted from the terminal apparatus 2 (step S6), and refers to the contract information table 111 in the storage unit 11. The service certificate management unit 121 reads the service certificate corresponding to the contract identification code in the contract information table 111 from the storage unit 11 and transmits it to the terminal device 2 (step S7).

  The service certificate acquisition unit 222 of the terminal device 2 stores the received service certificate in the storage unit 21 (step S8), and displays the result on the display unit 24, whereby the initial setting flow of the terminal device 2 is performed. Complete.

  FIG.5 (b) is a flowchart when the terminal device 2 receives service provision in the communication system of FIG. As shown in FIG. 5B, the processing flow starts when the service execution unit 223 of the terminal device 2 reads the service certificate from the storage unit 21 and transmits an SSL connection request to the server device 1 (step S9). ). At this time, the terminal device 2 transmits a service certificate (excluding the secret key) in order to receive authentication by the server device 1. The transmission of the SSL connection request by the terminal device 2 is at an arbitrary timing of the terminal device 2 itself that needs to receive service provision.

  The server device 1 that has received the SSL connection request authenticates the service certificate (step S10), and can authenticate that it is a terminal that can provide a predetermined service, that is, a terminal in a user's home that has concluded a service contract. When it can authenticate that it is the apparatus 2, SSL connection is established (step S11).

  When the SSL connection is established, the service execution unit 223 transmits / receives data for receiving provision of a predetermined service to / from the server device 1 via the communication session encrypted by the established SSL connection ( Step S12).

  Details of the initial setting process of the server device 1 and the terminal device 2 will be described with reference to FIGS. 6 and 7.

  FIG. 6 is a flowchart of the initial setting process of the server apparatus 1 in FIG. As illustrated in FIG. 6, the processing flow of the server device 1 in FIG. 5 is started by receiving an SSL connection request from the terminal device 2 (step S <b> 21).

  Upon receiving the SSL connection request from the terminal device 2, the service certificate management unit 121 transmits its own server certificate stored in the storage unit 11 to the terminal device 2 (not shown), and thereafter the terminal device. The electronic certificate received from 2 is authenticated, and it is determined whether or not it is a valid terminal certificate (step S22). When the service certificate management unit 121 determines that the received electronic certificate is a valid terminal certificate, that is, the terminal device 2 that has transmitted the SSL connection request is permitted to access the server device 1 in advance. If the terminal can be authenticated (step S22—Yes), an SSL connection is established (step S23).

  When the SSL connection is established by the terminal certificate, the service certificate management unit 121 waits for processing until a service certificate request signal is received (step S24). When the service certificate request signal is received (step S24-Yes), the service certificate management unit 121 determines whether or not the contract identification code included in the service certificate request signal is registered in the contract information table 111 in advance. If it is determined (step S25) and it is not registered (step S25-No), this routine is terminated. When the contract identification code transmitted from the terminal device 2 is registered in the contract information table 111 (Yes in step S25), the service certificate management unit 121 reads the corresponding service certificate from the storage unit 11 and reads the terminal device. 2 (step S26), and this routine is terminated.

  If the service certificate management unit 121 determines in step 22 that the received electronic certificate is not a valid terminal certificate (step S22—No), this routine is terminated.

  FIG. 7 is a flowchart of the initial setting process of the terminal device 2 in FIG. As shown in FIG. 7, the processing flow of the terminal device 2 of FIG. 5 starts when a contract identification code is input to the terminal device 2 (step S31). At this time, when the contract identification code acquisition unit 221 acquires the contract identification code via the input unit 23, the contract identification code acquisition unit 221 stores the acquired contract identification code in the storage unit 21.

  Next, the service certificate acquisition unit 222 reads the terminal certificate from the storage unit 21, and transmits an SSL connection request to the service certificate management unit 121 of the server device 1 via the communication I / F unit 25 (step). S32). When the terminal device 2 transmits an SSL connection request, the terminal device 2 transmits a terminal certificate (excluding the secret key) and receives client authentication by the server device 1 to determine that an SSL connection is established ( Step S33). At this time, the terminal device 2 also performs server authentication by checking the validity of the server certificate transmitted from the server device 1 (not shown). This routine is performed when the authentication (client authentication) of the terminal certificate by the server device 1 fails or the authentication (server authentication) of the server certificate by the terminal device 2 fails and the SSL connection is not established (No in step S33). Exit.

  When the terminal certificate authentication (client authentication) by the server device 1 and the server certificate authentication (server authentication) by the terminal device 2 are successful and the SSL connection is established (step S33—Yes), the service certificate acquisition unit 222 transmits a service certificate request signal via the communication I / F unit 25 by a communication session encrypted by the established SSL connection (step S34). At this time, the service certificate acquisition unit 222 reads the contract identification code stored in the storage unit 21 and transmits the contract identification code to the server device 1.

  The service certificate acquisition unit 222 of the terminal device 2 waits until reception of the service certificate transmitted from the server device 1, that is, download is completed (step 35). When the download is completed (Yes in Step 35), the service certificate acquisition unit 222 of the terminal device 2 stores the received service certificate in the storage unit 21 (Step S36), and displays the result on the display unit 24. This routine is terminated.

  The present invention is not limited to the above-described embodiment, and many changes and modifications can be made. For example, although the case where the server apparatus 1 performs the service providing apparatus according to the present invention has been described, the server that provides the service may be other various servers connected to the network instead of the server apparatus 1.

  Although the case of using the SSL connection has been described, other standard secure channel protocols such as TLS (Transport Layer Security), DTLS (Datagram Transport Layer Security), IPSec, and the like may be used.

  The validity period of the terminal certificate stored in advance in the terminal device 2 can be set to a period longer than the validity period of the service certificate. In particular, considering the life cycle from when the terminal device is manufactured until it is discarded, the validity period of the terminal certificate should be set to a period equivalent to the life cycle. After the service contract ends, if the terminal device is still in the life cycle and can be reused, a service certificate corresponding to the new service contract is installed at the installation site that provides the new service contract. The terminal device can be reused by downloading it using a certificate and storing it again.

  When storing the terminal certificate stored in the terminal device 2 in advance, a password for activating and using the private key of the terminal certificate is set as a protective measure so that the terminal certificate is not read and misused. Can do. Furthermore, the password is not stored as it is, but can be stored and obfuscated by changing it into a form that cannot be used as it is even if it is read after some processing.

DESCRIPTION OF SYMBOLS 1 ... Server apparatus 2 ... Terminal device 3 ... Network 11 ... Memory | storage part 111 ... Contract information table 12 ... Control part 121 ... Service certificate management part 13 ... Communication I / F unit 21 ... storage unit 22 ... control unit 221 ... contract identification code acquisition unit 222 ... service certificate acquisition unit 223 ... service execution unit 23 ... input unit 24 ...・ Display unit 25 ... Communication I / F unit

Claims (3)

A communication system composed of a server device and a plurality of terminal devices connected to a network to provide a predetermined service,
The server device
Contract information in which a terminal certificate issued in common to the plurality of terminal devices, a service certificate that enables provision of the predetermined service, and a contract identification code that can individually identify a provision contract for the predetermined service are associated with each other And a storage unit for storing in advance,
When the service certificate request signal including the contract identification code and the terminal certificate is received from the terminal device, the terminal certificate is authenticated, and when the authentication is successful, the secret information corresponding to the contract identification code is included from the contract information. A service certificate management unit that transmits a service certificate to the terminal device;
The terminal device
A storage unit that stores a terminal certificate in advance;
A contract identification code acquisition unit for acquiring a contract identification code given by the establishment after the provision contract of the predetermined service is established;
A service key request signal including the acquired contract identification code and the terminal certificate stored in the storage unit is transmitted to the server device, and the secret key transmitted from the server device in response to the service certificate request signal A service certificate acquisition unit that receives the service certificate including the information and stores the service certificate in the storage unit;
A service execution unit that receives the provision of the predetermined service using the service certificate;
A communication system characterized by that.   The communication system according to claim 1, wherein a validity period of the terminal certificate is longer than a validity period of the service certificate.   The communication system according to claim 1, wherein the terminal device obfuscates and stores a password for using the terminal certificate.