JP2011113157A - Authentication system, authentication method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform authentication processing only by arithmetic processing in which an authentication side device and an authenticated side device are light in weight. <P>SOLUTION: A first device receives an authentication request from a second device, and when receiving the authentication request, the first device performs access to an authentication station server. Then, when the first device performs access to the authentication station server, the authentication station server issues a disposable one-time certification with signature, and encrypts the one-time certificate by using a common key shared between itself and the first device, and transmits at least the encrypted one-time certificate to the first device. The first device transmits at least the encrypted one-time certificate to the second device, and the second device verifies the signature of the received one-time certificate, and verifies the issue time of the one-time certificate. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an authentication system, an authentication method, and a program, and more particularly, to an authentication system, an authentication method, and a program that reduce the load of authentication processing.

  In recent years, various services have been provided electronically through the Internet. When providing such a service, it is essential to authenticate the user. However, since the conventional authentication process requires a large processing load, the authentication process takes a long time.

  In particular, in a system connected to a plurality of terminals (end entities) and certificate authorities via a network, a public key issued by a certificate authority different from the certificate authority trusted by the terminal in response to a request from a certain terminal When confirming the validity of a certificate, much time is required for the authentication process.

  For such a problem, a system as shown in FIG. 7 is configured, an arbitrary certificate authority is set as the origin certificate authority, the issuer of the public key certificate issued by the origin certificate authority is examined, and the certificate authority is sent to the issuer. If the certificate authority is included, the process of further examining the issuer of the public key certificate issued by the certificate authority is continued until all the issuers of the public key certificate are terminals, so that any terminal from the origin certificate authority A path search step for searching a path to a terminal accommodation certificate authority that issued a public key certificate to the terminal, and a path detected by the path search step, with the origin certificate authority upstream, and the terminal accommodation on the path The signature of the public key certificate issued by the certificate authority is verified with one public key certificate issued by the upstream certificate authority. If the verification is successful, the public key certificate issued by the one upstream certificate authority is verified. The signature of the letter A path verification step for verifying the path by continuing the process of verifying with the public key certificate issued by the one upstream certificate authority until the one upstream certificate authority becomes the origin certificate authority; The path registration step of registering the path that has been verified in the path verification step in the database is performed, for example, periodically regardless of the public key certificate validity confirmation request from the terminal.

  When there is a request for checking the validity of a public key certificate issued by a terminal accommodation certificate authority different from the certificate authority trusted by the terminal from a certain terminal, the certificate authority trusted by the terminal and the origin certificate authority And the validity of the public key certificate is checked by checking whether the path between the different terminal accommodation certificate authority and the origin certificate authority is registered in the database. The technique of doing is disclosed (for example, refer patent document 1).

JP 2002-72876 A

  However, it is necessary to introduce an authentication mechanism even in a small device such as a UIM (USIM) card or RFID. However, since these devices have low processing capability, authentication processing is performed using the conventional technology as described above. Can not do.

  In addition, in these cases, it is difficult to share a key in advance with an infinite number of devices. If the same key is used, if one device is analyzed, the entire system will be compromised. There is a point.

  Therefore, application of an authentication method using public key cryptography has been studied. However, in an authentication method using public key cryptography, it is necessary to exchange and verify public key certificates. As part of the verification process, it is necessary to confirm that the public key certificate has not been revoked. However, there is a problem that it is costly to check the revocation of the public key certificate.

  Therefore, the present invention has been made in view of the above-described problems, and in the authentication process, the authentication system can authenticate both the authenticating device and the authenticated device with only a light-weight arithmetic process. An object of the present invention is to provide an authentication method and program.

  The present invention proposes the following items in order to solve the above problems. In addition, in order to make an understanding easy, although the code | symbol corresponding to embodiment of this invention is attached | subjected and demonstrated, it is not limited to this.

  (1) The present invention includes two devices (for example, equivalent to the first device 100 and the second device 200 in FIG. 1) and a certificate authority server (for example, equivalent to the certificate authority server 300 in FIG. 1). An authentication system for performing authentication between devices, wherein the first device receives an authentication request from the second device (for example, corresponding to the receiving unit 101 in FIG. 2); When one device receives an authentication request, an access means (for example, corresponding to the access unit 102 in FIG. 2) that accesses the certificate authority server, and the first device accesses the certificate authority server. Sometimes, a one-time certificate issuing means (for example, equivalent to the one-time certificate issuing unit 310 in FIG. 4) for issuing a disposable one-time certificate signed by the certificate authority server; An encryption means for encrypting the one-time certificate using a common key shared with the first device (e.g., corresponding to the encryption unit 311 in FIG. 4); The certificate authority server transmits at least an encrypted one-time certificate to the first device (for example, corresponding to the transmission unit 313 in FIG. 4), and the first device includes the first device 2nd transmission means for transmitting at least the encrypted one-time certificate to the second device (for example, corresponding to the transmission unit 103 in FIG. 2) and the signature of the one-time certificate received by the second device In addition, there is proposed an authentication system including a certificate verification means (for example, equivalent to the verification unit 207 in FIG. 3) for verifying the issue time of a one-time certificate.

  According to the present invention, the first receiving means of the first device receives the authentication request from the second device. The access means accesses the certificate authority server when receiving the authentication request. When the one-time certificate issuing means of the certificate authority server accesses the certificate authority server from the first device, it issues a signed disposable one-time certificate. The encryption unit of the certificate authority server encrypts the one-time certificate using the common key shared with the first device. The first transmission means of the certificate authority server transmits at least the encrypted one-time certificate to the first device. The second transmission means of the first device transmits at least the encrypted one-time certificate to the second device. The certificate verification unit of the second device verifies the signature of the one-time certificate received and verifies the issue time of the one-time certificate. Therefore, by using a disposable one-time certificate, it is possible to omit a revocation process that has conventionally had a large processing load, so that it is possible to greatly reduce the load of authentication processing in each device.

  (2) In the authentication system according to (1), the one-time certificate issuing unit generates a random number R as a secret key corresponding to the one-time certificate, and the current time information T and the first time An authentication system characterized by issuing a one-time certificate by signing the certificate authority server to data obtained by performing an exclusive OR operation on an ID of one device and a random number R is suggesting.

  According to the present invention, the one-time certificate issuing means generates a random number R as a secret key corresponding to the one-time certificate, and is exclusive to the current time information T, the first device ID, and the random number R. The certificate authority server is signed on the data obtained by performing the logical sum operation, and a one-time certificate is issued. Therefore, a one-time certificate that covers information necessary for authentication can be issued by processing with a small calculation load such as exclusive OR operation.

  (3) The present invention proposes an authentication system characterized in that, in the authentication system of (2), a check code for verifying the validity is included in the ID of the first device.

  According to the present invention, the check code for verifying the validity is included in the ID of the first device. As a result, an unauthorized ID can be detected.

  (4) The present invention proposes an authentication system in which the ID of the first device is not a simple increment or a predictable ID in the authentication system of (2).

  According to the present invention, the ID of the first device is not a simple increment or predictable ID. Thereby, even if it does not know original ID, the act which acquires ID by several trials can be prevented.

  (5) In the authentication system according to (2), the certificate authority server transmits to the first device together with the one-time certificate in which the first transmission unit encrypts the random number R as a secret key. Then, after the second transmission means in the first device sends the encrypted one-time certificate, the random number R as the secret key is transmitted to the second device. A system is proposed.

  According to the present invention, the certificate authority server transmits to the first device together with the one-time certificate in which the first transmission means encrypts the random number R as the secret key, and the second transmission means in the first device. Sends the encrypted one-time certificate, and then sends a random number R as a secret key to the second device. That is, the first device can indicate to the second device that the first device is a legitimate device by transmitting the random number R as a secret key to the second device.

  (6) The present invention proposes an authentication system in which the signature performed by the certificate authority server is a restoration-type signature for the authentication system of (1).

  According to the present invention, the signature performed by the certificate authority server is a restoration type signature. Thereby, the data size of the signature can be reduced.

  (7) In the authentication system according to (1), when the second device is a specific device determined in advance, the one-time certificate issued by the one-time certificate issuing unit 2 proposes an authentication system characterized by including ID information of two devices.

  According to the present invention, when the second device is a predetermined specific device, the ID information of the second device is included in the one-time certificate issued by the one-time certificate issuing means. Thereby, it is possible to prevent the one-time certificate from being diverted to others.

  (8) In the authentication system according to (1), the certificate verification unit compares the issue time of the certificate with the current time, and a time difference between the issue time and the issue of the one-time certificate An authentication system has been proposed in which the validity of the one-time certificate is recognized when the processing time until the second device is substantially matched.

  According to the present invention, the certificate verification means compares the certificate issuance time with the current time, and the time difference is substantially the same as the processing time from the issuance of the one-time certificate to the reception of the second device. When you do, accept the validity of the one-time certificate. In other words, since the one-time certificate is a disposable certificate, it is possible to verify its validity simply by comparing the time information.

  (9) In the authentication system according to (1), the certificate authority server and the first device share a shared key in advance, and the certificate authority server discards the shared key, An authentication system characterized in that one device is treated as a revocation is proposed.

  According to the present invention, the certificate authority server and the first device share the shared key in advance, and the certificate authority server discards the shared key, whereby the first device is treated as revoked. Therefore, the revocation process can be executed by a simple method.

  (10) The present invention proposes an authentication system according to (1), wherein the first device and the second device are UIM cards.

  According to the present invention, the first device and the second device are UIM cards. That is, since the authentication method of the present invention has a small processing load, it can be applied to a small device such as a UIM card.

  (11) The present invention proposes an authentication system according to (1), wherein the first device and the second device are RFIDs.

  According to the invention, the first device and the second device are RFID. That is, the authentication method of the present invention can be applied to a small device such as an RFID because the processing load is small.

  (12) The present invention is an authentication method in an authentication system that includes two devices and a certificate authority server, and performs authentication between the devices, in which the first device receives an authentication request from the second device. 1 step (for example, corresponding to step S101 in FIG. 5) and a second step for accessing the certificate authority server when the first device receives an authentication request (for example, step S102 in FIG. 5). And when the first device accesses the certificate authority server, a third step of issuing a disposable one-time certificate signed by the certificate authority server (for example, step S103 in FIG. 5). And the certificate authority server encrypts the one-time certificate using a common key shared with the first device (fourth step) For example, this corresponds to step S104 in FIG. 5) and a fifth step in which the certificate authority server transmits at least an encrypted one-time certificate to the first device (for example, corresponding to step S105 in FIG. 5). A first step in which the first device transmits at least an encrypted one-time certificate to the second device (for example, corresponding to step S106 in FIG. 5), and a reception by the second device. And a seventh step (for example, equivalent to step S107 in FIG. 5) for verifying the signature of the one-time certificate and verifying the issue time of the one-time certificate. is suggesting.

  According to the present invention, the first device receives an authentication request from the second device, and the first device accesses the certificate authority server when receiving the authentication request. Then, when the first device accesses the certificate authority server, it issues a disposable one-time certificate signed by the certificate authority server, and the certificate authority server shares it with the first device. The one-time certificate is encrypted using the common key, and the certificate authority server transmits at least the encrypted one-time certificate to the first device. The first device transmits at least the encrypted one-time certificate to the second device, and the second device verifies the signature of the received one-time certificate and sets the issuance time of the one-time certificate. Validate. Therefore, by using a disposable one-time certificate, it is possible to omit a revocation process that has conventionally had a large processing load, so that it is possible to greatly reduce the load of authentication processing in each device.

  (13) The present invention is a program that includes two devices and a certificate authority server, and causes a computer to execute an authentication method in an authentication system that performs authentication between devices. A first step of receiving an authentication request from a device (for example, corresponding to step S101 in FIG. 5), and a second step of accessing the certificate authority server when the first device receives an authentication request (E.g., corresponding to step S102 in FIG. 5) and a third step of issuing a disposable one-time certificate signed by the certificate authority server when the first device accesses the certificate authority server. (For example, corresponding to step S103 in FIG. 5) and the certificate authority server uses the common key shared with the first device to A fourth step of encrypting the time certificate (for example, corresponding to step S104 of FIG. 5), and a fifth step in which the certificate authority server transmits at least the encrypted one-time certificate to the first device. A step (for example, corresponding to step S105 in FIG. 5) and a sixth step in which the first device transmits at least an encrypted one-time certificate to the second device (for example, step S106 in FIG. 5). And a seventh step (for example, equivalent to step S107 in FIG. 5) for verifying the signature of the one-time certificate received by the second device and verifying the issuance time of the one-time certificate. , A program for causing a computer to execute is proposed.

  According to the present invention, the first device receives an authentication request from the second device, and the first device accesses the certificate authority server when receiving the authentication request. Then, when the first device accesses the certificate authority server, it issues a disposable one-time certificate signed by the certificate authority server, and the certificate authority server shares it with the first device. The one-time certificate is encrypted using the common key, and the certificate authority server transmits at least the encrypted one-time certificate to the first device. The first device transmits at least the encrypted one-time certificate to the second device, and the second device verifies the signature of the received one-time certificate and sets the issuance time of the one-time certificate. Validate. Therefore, by using a disposable one-time certificate, it is possible to omit a revocation process that has conventionally had a large processing load, so that it is possible to greatly reduce the load of authentication processing in each device.

  According to the present invention, it is possible to significantly reduce the load of authentication processing by omitting the revocation processing by using a disposable one-time certificate. For this reason, both the authenticating device and the authenticating device can achieve the authentication process only with a light computation. In addition, since the method of the present invention does not require a high level of security, the authentication protocol can be reduced in weight.

It is a block diagram of the authentication system which concerns on this embodiment. It is a functional block diagram of the 1st device concerning this embodiment. It is a functional block diagram of the 2nd device concerning this embodiment. It is a functional block diagram of the certificate authority server which concerns on this embodiment. It is a processing flow of the authentication system which concerns on this embodiment. It is a block diagram of the mutual authentication system which concerns on the modification of this embodiment. It is a system configuration figure concerning a conventional example.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

  Hereinafter, embodiments of the present invention will be described with reference to FIGS. 1 to 5.

<Configuration of authentication system>
As shown in FIG. 1, the authentication system according to the present embodiment includes a first device 100, a second device 200, and a certificate authority server 300. In the present embodiment, a case where the second device 200 authenticates the first device 100 will be described as an example.

  In this case, the first device 100 receives a certificate issued from the certificate authority server 300 and transmits it to the second device 200, and the second device 200 receives the certificate received from the first device 100. An authentication process is performed by confirming the validity. In the present embodiment, the certificate used is a disposable one-time certificate. By using this one-time certificate, the revocation checking process that has been performed in the conventional authentication process becomes unnecessary, and the load in the authentication process can be greatly reduced. The first device and the second device may be small devices such as UIM cards and RFIDs. That is, the authentication method of this embodiment can be applied to a small device such as a UIM card because the processing load is small.

<Configuration of first device>
As illustrated in FIG. 2, the first device according to the present embodiment includes a reception unit 101, an access unit 102, and a transmission unit 103.

  The receiving unit 101 receives an authentication request from the second device 200. In addition, the encrypted one-time certificate is received from the certificate authority server 300. The access unit 102 accesses the certificate authority server 300 when the receiving unit 101 receives an authentication request from the second device 200. The transmission unit 103 transmits the encrypted one-time certificate received by the reception unit 101 from the certificate authority server 300 to the second device 200.

<Configuration of second device>
As shown in FIG. 3, the second device according to the present embodiment includes a transmission unit 201, a reception unit 202, a decryption unit 203, an issue time extraction unit 204, a time measurement unit 205, and a storage unit 206. , And a verification unit 207.

  The transmission unit 201 transmits an authentication request for authenticating the first device 100 to the first device 100. The receiving unit 202 receives the encrypted one-time certificate from the first device 100. The decryption unit 203 decrypts the encrypted one-time certificate received by the reception unit 202 using a shared key shared with the first device 100.

  The issue time extraction unit 204 extracts the issue time of the one-time certificate from the decrypted one-time certificate. The timer unit 205 measures the current time. The storage unit 206 stores and manages the processing time from when the certificate authority server 300 issues a one-time certificate until the second device 200 receives it.

  The verification unit 207 is configured such that the certificate authority server 300 in which the time difference between the issue time of the one-time certificate extracted by the issue time extraction unit 204 and the current time measured by the time measuring unit 205 is stored in the storage unit 206 Whether or not the processing time from when the second device 200 is received to the time when the second device 200 receives them is verified. If they match, it is determined that the one-time certificate is valid. In other words, since the one-time certificate is a disposable certificate, it is possible to verify its validity simply by comparing the time information.

<Configuration of certificate authority server>
As shown in FIG. 4, the certificate authority server according to the present embodiment includes an access receiving unit 301, a random number generating unit 302 that forms a one-time certificate issuing unit 310, a time measuring unit 303, an ID storage unit 304, A logical OR operation unit 305, a signature unit 306, an encryption unit 311, a key storage unit 312, a transmission unit 313, and a revocation processing unit 314.

  The access reception unit 301 receives access from the first device 100.

  A random number generation unit 302 that is a component of the one-time certificate issuing unit 310 generates a random number as a secret key. A clock unit 303 that is a component of the one-time certificate issuing unit 310 counts the current time. An ID storage unit 304 that is a constituent element of the one-time certificate issuing unit 310 stores the ID of the first device 100 exchanged in advance. If the second device 200 is specified in advance, the ID of the second device 200 is also stored. In this case, by including the ID of the second device 200 in the one-time certificate, it is possible to prevent the one-time certificate from being diverted to others.

  The exclusive OR operation unit 305, which is a component of the one-time certificate issuing unit 310, includes a random number generated by the random number generating unit 302, an issue time measured by the time measuring unit 303, and a first device stored in the ID storage unit 304. Perform an exclusive OR operation with 100 IDs. As a result, a one-time certificate that covers information necessary for authentication can be issued by processing with a small calculation load such as exclusive OR operation. The signature unit 306, which is a component of the one-time certificate issuing unit 310, signs the certificate authority server 300 on the data calculated by the exclusive OR calculation unit 305, and generates a one-time certificate. Note that the signature method performed by the certificate authority server 300 is a restoration-type signature. Data can be reduced by performing this type of signature.

  The encryption unit 311 exchanges the one-time certificate issued by the one-time certificate issuance unit 310 and a random number as a secret key generated by the random number generation unit 302 with the first device 100 and the second device 200 in advance. Encryption is performed using the common key stored in the storage unit 312. The transmission unit 313 transmits the encrypted one-time certificate to the second device 200, and then transmits the encrypted random number to the second device 200. In this way, by transmitting the encrypted random number to the second device 200 later, it is possible to indicate to the second device that the first device 100 is a legitimate device. The revocation processing unit 314 performs revocation processing by discarding the shared key that the certificate authority server 300 shares with the first device 100 in advance.

<Processing of authentication system>
Processing of the authentication system according to the present embodiment will be described with reference to FIG.
First, the first device 100 receives an authentication request from the second device 200 (step 101). When the first device 100 receives the authentication request, the first device 100 accesses the certificate authority server 300 (step 102).

Upon receiving an access request from the first device 100, the certificate authority server 300 issues a signed disposable one-time certificate (step S103). Specifically, a random number R is generated as a secret key, and the certificate authority server 300's own signature is added to the data obtained by exclusive ORing the current time information T, the ID of the first device 100 that has requested access and the random number R. And issue a one-time certificate. That is, the content of the one-time certificate is Sig (T | ID (+) R). Here, the signature method is a restoration type signature. In the above, “|” represents data combination, and (+) represents exclusive OR. If the device of the other party to be authenticated is specified, the ID of the communication partner is also included in the ID. In addition, in the case of exclusive ORing the random number R which is a secret key, the following rules must be satisfied for the ID.
1) ID is not a simple increment or a predictable value.
2) The ID includes a check code for verifying validity.
Thereby, even if it does not know original ID, the act which acquires ID by several trials can be prevented. In addition, an illegal ID can be detected by including a check code for verifying validity.

  The certificate authority server 300 encrypts the one-time certificate using the common key shared between the first device 100 and the second device 200 (step S104). Then, the certificate authority server 300 transmits the encrypted one-time certificate and the encrypted random number to the first device 100 (step S105).

  The first device 100 transmits the encrypted one-time certificate received from the certificate authority server 300 to the second device 200, and then transmits the encrypted random number to the second device 200 (step). S106).

  The second device 200 decrypts the one-time certificate using the shared common key, verifies the signature of the one-time certificate, and then performs an exclusive OR operation on the random number R. Thus, T | ID is taken out and the issue time of the one-time certificate is verified (step S107).

  Therefore, according to the present embodiment, by using a disposable one-time certificate, it is possible to omit a revocation process that has conventionally had a large processing load. Therefore, it is possible to greatly reduce the load of authentication processing in each device.

<Modification>
A modification of the present embodiment will be described with reference to FIG. This modification has illustrated the case where mutual authentication is performed using the authentication technique in the said embodiment. In the above-described embodiment, only the first device 100 accesses the certificate authority server 300 to obtain a one-time certificate, and the second device 200 verifies the one-time certificate. However, in the case of mutual authentication, the second device 200 performs the same processing operation as that of the first device 100 to verify the second device 200. Good.

  Thus, even in the case of mutual authentication, the technique in the above embodiment can be applied. That is, even in the case of mutual authentication, by using a disposable one-time certificate, it is possible to omit a revocation process that has conventionally had a large processing load, so the load of authentication processing in each device can be greatly reduced.

  The processing of the authentication system is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by the first device, the second device, and the certificate authority server that form the authentication system and executed. Thus, the authentication system of the present invention can be realized. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

100; first device 101; reception unit 102; access unit 103; transmission unit 200; second device 201; transmission unit 202; reception unit 203; decryption unit 204; issue time extraction unit 205; timing unit 206; Unit 207; verification unit 300; certificate authority server 301; access reception unit 302; random number generation unit 303; timing unit 304; ID storage unit 305; exclusive OR operation unit 306; signature unit 310; Encryption unit 312; key storage unit 313; transmission unit 314; revocation processing unit

Claims (13)

An authentication system consisting of two devices and a certificate authority server, which performs authentication between devices,
A first receiving means for receiving an authentication request from the second device;
Access means for accessing the certificate authority server when the first device receives an authentication request;
One-time certificate issuing means for issuing a disposable one-time certificate signed by the certificate authority server when the first device accesses the certificate authority server;
Encryption means for encrypting the one-time certificate using a common key shared by the certificate authority server with the first device;
First transmitting means for transmitting at least the encrypted one-time certificate to the first device by the certificate authority server;
Second transmission means for the first device to transmit at least an encrypted one-time certificate to the second device;
Certificate verification means for verifying the signature of the one-time certificate received by the second device and verifying the issue time of the one-time certificate;
An authentication system characterized by comprising:   The one-time certificate issuing means generates a random number R as a secret key corresponding to the one-time certificate, and performs an exclusive OR operation on the current time information T, the ID of the first device, and the random number R. The authentication system according to claim 1, wherein the certificate authority server is signed to the data obtained by performing the process of step 1 and a one-time certificate is issued.   3. The authentication system according to claim 2, wherein a check code for verifying the validity is included in the ID of the first device.   The authentication system according to claim 2, wherein the ID of the first device is not a simple increment or a predictable ID. The certificate authority server sends the first transmission means to the first device together with a one-time certificate in which the random number R as a secret key is encrypted,
3. The random number R as the secret key is transmitted to the second device after the second transmission means in the first device sends the encrypted one-time certificate. The authentication system described in.   The authentication system according to claim 1, wherein the signature performed by the certificate authority server is a restoration-type signature.   The ID information of the second device is included in a one-time certificate issued by the one-time certificate issuing unit when the second device is a predetermined specific device. The authentication system according to 1.   When the certificate verification means compares the issue time of the certificate with the current time, and the time difference substantially matches the processing time from the issue of the one-time certificate to the reception of the second device The authentication system according to claim 1, wherein validity of the one-time certificate is recognized.   The certificate authority server and the first device share a shared key in advance, and the certificate authority server discards the shared key, whereby the first device is treated as revoked. The authentication system according to 1.   The authentication system according to claim 1, wherein the first device and the second device are UIM cards.   The authentication system according to claim 1, wherein the first device and the second device are RFIDs. An authentication method in an authentication system that includes two devices and a certificate authority server and performs authentication between devices,
A first step in which a first device receives an authentication request from a second device;
A second step of accessing the certificate authority server when the first device receives an authentication request;
A third step of issuing a disposable one-time certificate signed by the certificate authority server when the first device accesses the certificate authority server;
A fourth step in which the certificate authority server encrypts the one-time certificate using a common key shared with the first device;
A fifth step in which the certificate authority server transmits at least an encrypted one-time certificate to the first device;
A sixth step in which the first device transmits at least an encrypted one-time certificate to the second device;
A seventh step of verifying the signature of the one-time certificate received by the second device and verifying the issue time of the one-time certificate;
An authentication method characterized by comprising: A program comprising two devices and a certificate authority server for causing a computer to execute an authentication method in an authentication system for performing authentication between devices,
A first step in which a first device receives an authentication request from a second device;
A second step of accessing the certificate authority server when the first device receives an authentication request;
A third step of issuing a disposable one-time certificate signed by the certificate authority server when the first device accesses the certificate authority server;
A fourth step in which the certificate authority server encrypts the one-time certificate using a common key shared with the first device;
A fifth step in which the certificate authority server transmits at least an encrypted one-time certificate to the first device;
A sixth step in which the first device transmits at least an encrypted one-time certificate to the second device;
A seventh step of verifying the signature of the one-time certificate received by the second device and verifying the issue time of the one-time certificate;
A program that causes a computer to execute.

Images