JP2012191270A - Authentication system, terminal apparatus, authentication server and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the occurrence of spoofing attacks without adding hardware for storing authentication information to a terminal apparatus.SOLUTION: A client 1 sends a first authentication request including authentication information and device ID, and receives an authentication token. The client 1 then encrypts the device ID with a common key A to generate device identification information, and sends a second authentication request including the authentication token and device identification information. A server 2 encrypts the authentication information and device ID included in the received first authentication request with a common key B to generate the authentication token. The server 2 also decrypts the authentication token included in the received second authentication request with the common key B to acquire the authentication information and device ID, decrypts the device identification information included in the second authentication request with the common key A to acquire the device ID, and performs an authentication process including a comparison of these device IDs.

Description

  The present invention relates to a terminal device that receives authentication, an authentication server that performs authentication for the terminal device, and an authentication system that includes these terminal device and authentication server. The present invention also relates to a program for causing a computer to function as the terminal device and the authentication server.

  In a general server-client type communication system, as a method of authenticating a terminal device that is a client, the terminal device sends authentication information (ID and password) input to the terminal device by the user to the authentication server for authentication. A method in which the server performs authentication based on the authentication information can be considered. However, it is very troublesome for the user to input authentication information every time authentication is performed. Therefore, once authentication information is input to the terminal device and authentication is performed by the authentication server, the authentication server issues an authentication token to the terminal device, and the terminal device transmits the authentication token to the authentication server in the next and subsequent authentications. The method of omitting the input of authentication information can be considered.

  Note that Patent Document 1 describes a technique for continuing an authentication state using an authentication token without performing re-authentication when a failure such as a power failure occurs.

JP 2009-59065 A

  However, on a terminal device such as a smartphone or a PC (Personal Computer), if authentication information is held in a nonvolatile memory, the authentication information may be stolen by a virus or the like. If the authentication information is stolen, there is a risk of a so-called impersonation attack in which a malicious user acts as a legitimate user using the authentication information. Also, when authentication information is held in volatile memory, the authentication information is stored for a shorter time than when authentication information is held in non-volatile memory. However, when the software or OS (Operating System) is restarted, the authentication token is lost from the volatile memory, and the user needs to input the authentication information again.

  In order to solve the above problem, there is a method in which a secure secure module is prepared in a terminal device, and authentication information is safely stored in the secure module. However, when using a secure module, it may be difficult to provide a secure module in a terminal device such as a smartphone or a PC configured with general-purpose hardware from the viewpoint of cost or the like.

  The present invention has been made in view of the above-described problems, and is an authentication system capable of reducing the occurrence of an attack due to impersonation without adding hardware for storing authentication information to a terminal device, An object is to provide a terminal device, an authentication server, and a program.

  The present invention has been made to solve the above-described problem. In an authentication system including a terminal device and an authentication server, the terminal device uses a first common device identification information for identifying the terminal device. Transmitting a first authentication request including a first encryption unit that generates encrypted information encrypted with a key, authentication information used for authentication processing, and the device identification information to the authentication server; As a response to the first authentication request, an authentication token obtained by encrypting the authentication information and the device identification information with a second common key is received from the authentication server, and a second including the authentication token and the encrypted information. A first communication unit that transmits the authentication request to the authentication server, and the authentication server includes a storage unit that stores the authentication information registered in advance, and the first authentication request includes Authentication information and device identification A second encryption unit that generates the authentication token by encrypting information with the second common key, and receiving the first authentication request from the terminal device. A second communication unit that transmits the authentication token based on the terminal device and receives the second authentication request from the terminal device; and the authentication token included in the second authentication request is the second common token. A decrypting unit that decrypts with a key to obtain the authentication information and the device identification information, and decrypts the encrypted information included in the second authentication request with the first common key to obtain the device identification information And the device identification information obtained by decrypting the authentication token and the device identification information obtained by decrypting the encrypted information, and obtained by decrypting the authentication token. The Serial and authentication information, an authentication system characterized by comprising an authentication unit which performs authentication processing by comparing the authentication information stored in the storage unit.

  In the authentication system of the present invention, the first encryption unit adds the time information to the device identification information, generates the encrypted information encrypted with the first common key, and generates the first information. The communication unit transmits the second authentication request including the authentication token, the encryption information, and the time information to the authentication server, and the decryption unit transmits the encryption information to the first common key. To acquire the device identification information and the time information, and the authentication unit further includes the time information acquired by decrypting the encrypted information and the time included in the second authentication request. The authentication process is performed by comparing with information.

  In the authentication system of the present invention, the terminal device further holds a non-volatile storage for holding the authentication token until the second authentication request is transmitted to the authentication server after the authentication token is received from at least the authentication server. It has the characteristic memory.

  The present invention also provides an encryption unit that generates encrypted information obtained by encrypting device identification information for identifying a terminal device with a first common key, authentication information used for authentication processing, and the device identification information. A first authentication request including the authentication token is transmitted to the authentication server, and an authentication token obtained by encrypting the authentication information and the device identification information with a second common key is received from the authentication server as a response to the first authentication request. And a communication unit that transmits a second authentication request including the authentication token and the encryption information to the authentication server.

  In addition, the present invention is included in a first authentication request including a storage unit that stores pre-registered authentication information, the authentication information received from a terminal device, and device identification information that identifies the terminal device. An authentication unit that generates an authentication token by encrypting the authentication information and the device identification information with a second common key; receiving the first authentication request from the terminal device; and The authentication token based on the authentication request is transmitted to the terminal device, and a second authentication request including the authentication token and encrypted information obtained by encrypting the device identification information with a first common key is transmitted from the terminal device. A second communication unit to receive, and the authentication token included in the second authentication request is decrypted with the second common key to obtain the authentication information and the device identification information, and the second authentication request The encryption included in A decryption unit that decrypts the information with the first common key to obtain the device identification information, the device identification information obtained by decrypting the authentication token, and the decrypted encryption information. An authentication unit that performs authentication processing by comparing the authentication information acquired by decrypting the authentication token with the authentication information stored in the storage unit And an authentication server.

  Moreover, this invention is a program for functioning a computer as said terminal device.

  The program of the present invention includes a native code for causing a computer to function as an encryption unit.

  Moreover, this invention is a program for functioning a computer as said authentication server.

  According to the present invention, a process of comparing the device identification information acquired by decrypting the authentication token and the device identification information acquired by decrypting the encrypted information is added to the authentication process. Even if the authentication token held in the terminal device is extracted, it is impossible to impersonate unless the device identification information can be generated. Therefore, hardware for storing the authentication information is added to the terminal device. Therefore, the occurrence of attacks due to spoofing can be reduced.

It is a block diagram which shows the structure of the authentication system by one Embodiment of this invention. It is a block diagram which shows the structure of the client by one Embodiment of this invention. It is a block diagram which shows the structure of the server by one Embodiment of this invention. It is a sequence diagram which shows the procedure of operation | movement of the authentication system by one Embodiment of this invention. It is a sequence diagram which shows the procedure of operation | movement of the authentication system by one Embodiment of this invention. It is a flowchart which shows the procedure of the operation | movement of the server by one Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 shows the configuration of an authentication system according to an embodiment of the present invention. An authentication system is composed of a client 1 that is a terminal device that receives authentication and a server 2 that is an authentication server that performs authentication. A plurality of clients 1 may exist.

  FIG. 2 shows the configuration of the client 1. The client 1 includes a CPU (Central Processing Unit) 10, a communication unit 11, a display unit 12, an operation unit 13, a memory 14, and a storage unit 15. The CPU 10 reads various programs stored in the storage unit 15 and loads them into the memory 14, performs various calculations according to various instructions of the program, and controls each unit in the client 1. The communication unit 11 communicates with another external communication device (the server 2 in this embodiment). The display unit 12 displays various information. The operation unit 13 includes various operation members that are operated by the user. The memory 14 is composed of a volatile memory that temporarily stores a program read from the storage unit 15, a result of calculation performed by the CPU 10, and the like. The storage unit 15 includes a nonvolatile memory that stores various programs that define the operation of the CPU 10 and various data processed in the client 1. As an example, the client 1 of the present embodiment is assumed to employ Android (registered trademark) as the OS.

  The authentication processing unit 16 and the encryption unit 17 are programs for causing the CPU 10 to execute various processes. FIG. 2 shows a state where the programs of the authentication processing unit 16 and the encryption unit 17 are read from the storage unit 15 into the memory 14 and the authentication processing unit 16 and the encryption unit 17 are activated on the memory 14. Yes. These programs started on the memory 14 perform various processes using resources of the CPU 10 and the memory 14. The authentication processing unit 16 performs processing necessary when receiving authentication from the server 2. The encryption unit 17 encrypts a device ID (apparatus identification information) that identifies an individual client 1 with a common key (hereinafter referred to as a common key A), and performs processing to generate device encryption information (encryption information). .

  The device ID is one of IMSI (International Mobile Subscriber Identity), IMEI (International Mobile Equipment Identity), OS ID, MAC (Media Access Control address) address, or a combination thereof, which is identification information unique to each device. IMEI is information including information such as the device manufacturer, model, and serial number, and is recorded in, for example, a general-purpose flash memory provided as a standard in a mobile terminal. The IMSI is a unique identifier for each contractor, and is recorded on, for example, a general-purpose UIM (User Identity Module Card) card necessary for using a mobile terminal. The OS ID is 64-bit information randomly generated when the OS is first started in the apparatus, and is recorded in, for example, a general-purpose flash memory provided as a standard in a mobile terminal. The common key A used by the encryption unit 17 is stored in the program of the encryption unit 17. For example, the communication unit 11 holds the MAC address.

  The program of the encryption unit 17 is composed of native code (machine language) that is difficult to decompile. An OS such as Android (registered trademark) is provided with a mechanism for calling native code using JNI (Java (registered trademark) Native Interface) which is a native code interface. In order to prevent the processing of the encryption unit 17 from being deciphered by decompilation, it is more desirable not only to configure the program of the encryption unit 17 with native code but also to obfuscate the program of the encryption unit 17. By configuring the encryption unit 17 not to depend on the hardware of the client 1, high compatibility can be realized in a terminal device using general-purpose hardware.

  FIG. 3 shows the configuration of the server 2. The server 2 includes a CPU 20, a communication unit 21, a memory 22, and a storage unit 23. The CPU 20 reads various programs stored in the storage unit 23 and loads them into the memory 22, performs various calculations according to various instructions of the program, and controls each unit in the server 2. The communication unit 21 communicates with another external communication device (in this embodiment, the client 1). The memory 22 is composed of a volatile memory that temporarily stores a program read from the storage unit 23, a result of calculation performed by the CPU 20, and the like. The storage unit 23 includes a nonvolatile memory that stores various programs that define the operation of the CPU 20 and various data processed in the server 2.

  The authentication processing unit 24, the encryption unit 25, and the decryption unit 26 are programs for causing the CPU 20 to execute various processes. In FIG. 3, the programs of the authentication processing unit 24, the encryption unit 25, and the decryption unit 26 are read from the storage unit 23 into the memory 22, and the authentication processing unit 24, the encryption unit 25, and the decryption unit 26 are stored on the memory 22. Shows the state where is running. These programs started on the memory 22 perform various processes using the resources of the CPU 20 and the memory 22. The authentication processing unit 24 performs authentication processing for the client 1. The encryption unit 25 encrypts information acquired from the client 1 with a common key (hereinafter referred to as a common key B), and performs processing for generating an authentication token. The decryption unit 26 decrypts the authentication token acquired from the client 1 with the common key B, and decrypts the device encryption information acquired from the client 1 with the common key A.

  The common key A and the common key B used by the encryption unit 25 are stored in the program of the encryption unit 25. The common key A used by the encryption unit 25 is the same as the common key A used by the encryption unit 17 of the client 1.

  Next, operations of the client 1 and the server 2 at the time of authentication will be described with reference to FIG. 4 and FIG. When the client 1 performs data communication with the server 2, the client 1 requests authentication from the server 2, and the server 2 performs authentication in response to the request from the client 1. FIG. 4 shows processing relating to the first authentication in a state where the client 1 does not hold the authentication token.

  In the following description, data used for processing by the client 1 or the server 2 is stored in the memory 14 or the memory 22 as appropriate, and is deleted from the memory 14 or the memory 22 when it becomes unnecessary. Alternatively, the description of erasing data from the memory 22 is omitted. Since the time for which each information is stored in the memory 14 or the memory 22 is sufficiently short, the risk of reading the device ID or the like stored in the memory 14 for processing is small.

  In the following description, it is assumed that communication between the client 1 and the server 2 is performed by encrypted communication such as SSL (Secure Socket Layer). Further, it is assumed that an ID and a password issued to the user of the client 1 are stored in the storage unit 23 of the server 2.

  First, in the client 1, the operation unit 13 is operated by the user, and an ID is input. The authentication processing unit 16 acquires the input ID and stores it in the memory 14 (step S100). Similarly, the user operates the operation unit 13 and inputs a password. The authentication processing unit 16 acquires the input password and stores it in the memory 14 (step S105). Through the processing in steps S100 and S105, an ID and a password, which are authentication information necessary for authentication, are acquired.

  Subsequently, the authentication processing unit 16 acquires the device ID from the storage unit 15 and stores it in the memory 14 (step S110). The authentication processing unit 16 generates an authentication request (first authentication request) including the ID, password, and device ID stored in the memory 14, and outputs them to the communication unit 11 (step S115). The communication unit 11 transmits an authentication request to the server 2 (step S120).

  The communication unit 21 of the server 2 receives the authentication request. The received authentication request is stored in the memory 14. The authentication processing unit 24 collates whether or not the combination of the ID and password included in the authentication request matches the combination of the ID and password stored in the storage unit 23 (step S125). If the combination of the two does not match, a message including information indicating that the authentication has failed is returned to the client 1 and the authentication ends. If the combination of the two matches, the encryption unit 25 encrypts the ID, password, and device ID included in the authentication request with the common key B, generates an authentication token, and outputs the authentication token to the communication unit 21 (step). S130). The communication unit 21 transmits an authentication token to the client 1 that is the transmission source of the authentication request (step S135).

  The communication unit 11 of the client 1 receives the authentication token. The received authentication token is stored in the memory 14. The authentication processing unit 16 stores and stores the authentication token stored in the memory 14 in the storage unit 15 (step S140). Subsequently, the authentication processing unit 16 generates a processing completion notification for notifying the server 2 of the completion of the processing, and outputs the processing completion notification to the communication unit 11. The communication unit 11 transmits a process completion notification to the server 2 (step S145). After transmitting the process completion notification, the client 1 ends the process related to the first authentication. By receiving the authentication token, the client 1 is permitted to perform data communication with the server 2 and performs data communication. The communication unit 21 of the server 2 receives the process completion notification. After receiving the process completion notification, the server 2 ends the process related to the first authentication.

  FIG. 5 shows a process related to the second and subsequent authentications in a state where the process related to the first authentication is completed and the client 1 holds the authentication token. First, the authentication processing unit 16 of the client 1 reads the authentication token from the storage unit 15 and stores it in the memory 14 (step S200). The authentication processing unit 16 acquires the device ID from the storage unit 15 and stores it in the memory 14 (step S205). The encryption unit 17 encrypts the device ID stored in the memory 14 with the common key A, generates device encryption information, and stores the device encryption information in the memory 14 (step S210).

  Subsequently, the authentication processing unit 16 generates an authentication request (second authentication request) including the authentication token and device encryption information stored in the memory 14 and outputs the authentication request to the communication unit 11 (step S215). The communication unit 11 transmits an authentication request to the server 2 (step S220).

  The communication unit 21 of the server 2 receives the authentication request. The received authentication request is stored in the memory 14. The decryption unit 26 extracts the authentication token and the device encryption information from the authentication request stored in the memory 14 and stores them in the memory 14. Subsequently, the decryption unit 26 decrypts the authentication token stored in the memory 14 with the common key B, and stores the ID, password, and device ID obtained by the decryption in the memory 14 (step S225). The decrypting unit 26 decrypts the device encryption information stored in the memory 14 with the common key A, and stores the device ID obtained by the decryption in the memory 14 (step S230).

  Subsequently, the authentication processing unit 24 reads the device ID obtained by decrypting the authentication token and the device ID obtained by decrypting the device encryption information from the memory 14 and compares them (step S235). If they do not match, a message including information indicating that the authentication has failed is returned to the client 1 and the authentication is completed. If the two match, the authentication processing unit 24 determines whether the combination of the ID and password obtained by decrypting the authentication token matches the combination of the ID and password stored in the storage unit 23, Collation is performed (step S240).

  If the combination of the two does not match, a message including information indicating that the authentication has failed is returned to the client 1 and the authentication ends. When the combination of the two matches, the authentication processing unit 24 generates a permission notification for notifying the client 1 of permission of data communication and outputs the notification to the communication unit 21. The communication unit 21 transmits a permission notice to the client 1. After transmitting the permission notification, the server 2 ends the process related to the second and subsequent authentications. The communication unit 11 of the client 1 receives the permission notification. By receiving the permission notification, the client 1 is permitted to perform data communication with the server 2 and performs data communication.

  Next, a modification of this embodiment will be described. In order to enhance safety, the following may be performed. The encryption unit 17 of the client 1 performs encryption by adding time information to the device ID when generating the device encryption information in step S210. Further, when generating the authentication request in step S215, the authentication processing unit 16 generates an authentication request including not only the authentication token and the device encryption information but also the above time information.

  When the authentication request including the authentication token is received, the authentication processing unit 24 of the server 2 extracts the authentication token, device encryption information, and time information from the authentication request and stores them in the memory 14. Further, the decrypting unit 26 decrypts the device encryption information in step S230 of FIG. 5 to obtain the device ID and time information, and stores them in the memory 14. Thereafter, the authentication processing unit 24 verifies the validity of the authentication token using the time information.

  FIG. 6 shows the operation of the authentication processing unit 24 related to the verification of the validity of the authentication token. The authentication processing unit 24 reads the time information extracted from the authentication request and the time information obtained by decrypting the device encryption information from the memory 14 and compares them (step S300). If the two match (step S305), the authentication processing unit 24 determines that the authentication token is valid (step S310). If they are different, the authentication processing unit 24 determines that the authentication token is invalid (step S315).

  When it is determined that the authentication token is invalid, a message including information indicating that the authentication has failed is returned to the client 1 and the authentication is completed. If it is determined that the authentication token is valid, the client 1 is authenticated according to the result of the confirmation in steps S235 and S240 in FIG.

  Regarding the client 1 and the server 2 of the present embodiment, a program for realizing the operations and functions of the client 1 and the server 2 is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in the computer. The client 1 and the server 2 can be configured by reading and executing.

  Here, the “computer” includes a homepage providing environment (or display environment) if the WWW system is used. The “computer-readable recording medium” refers to a storage device such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a hard disk built in the computer. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program described above may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above-described program may be for realizing a part of the above-described function. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  As described above, according to the present embodiment, the server 2 decrypts the device ID obtained by decrypting the authentication token and the device encryption information in addition to the conventional authentication processing using the ID and password. A process of comparing the obtained device ID is performed. Even if the authentication token held in the client 1 is extracted by a malicious user, the device ID is information unique to each device, and the device ID is encrypted as device encryption information in the authentication token. Therefore, it is difficult to generate a device ID. In this embodiment, since it is impossible to impersonate unless a device ID can be generated, it is possible to reduce the occurrence of an attack due to impersonation without adding hardware for storing authentication information to the client 1. .

  Further, by verifying the validity of the authentication token using the time information, it is possible to further reduce the occurrence of attacks due to impersonation.

  Further, since the authentication token can be held in the non-volatile memory in the client 1, no dedicated hardware for storing the authentication information is required, and an increase in the cost of the client 1 can be avoided. .

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiments, and includes design changes and the like without departing from the gist of the present invention. .

  DESCRIPTION OF SYMBOLS 1 ... Client, 2 ... Server, 10, 20 ... CPU, 11, 21 ... Communication part, 12 ... Display part, 13 ... Operation part, 14, 22 ... Memory , 15, 23 ... storage unit, 16, 24 ... authentication processing unit, 17, 25 ... encryption unit, 26 ... decryption unit

Claims (8)

In an authentication system comprising a terminal device and an authentication server,
The terminal device
A first encryption unit for generating encrypted information obtained by encrypting device identification information for identifying the terminal device with a first common key;
A first authentication request including authentication information used for authentication processing and the device identification information is transmitted to the authentication server, and the authentication information and the device identification information are sent as a response to the first authentication request. A first communication unit that receives an authentication token encrypted with a common key of 2 from the authentication server, and transmits a second authentication request including the authentication token and the encrypted information to the authentication server;
Have
The authentication server is
A storage unit for storing the authentication information registered in advance;
A second encryption unit that generates the authentication token by encrypting the authentication information and the device identification information included in the first authentication request with the second common key;
Second communication for receiving the first authentication request from the terminal device, transmitting the authentication token based on the first authentication request to the terminal device, and receiving the second authentication request from the terminal device And
The authentication token included in the second authentication request is decrypted with the second common key to obtain the authentication information and the device identification information, and the encrypted information included in the second authentication request is stored in the second authentication request. A decryption unit for decrypting with the first common key to obtain the device identification information;
The device identification information obtained by decrypting the authentication token is compared with the device identification information obtained by decrypting the encryption information, and the authentication token is obtained by decrypting the authentication token. An authentication unit that performs authentication processing by comparing authentication information with the authentication information stored in the storage unit;
An authentication system comprising: The first encryption unit generates the encrypted information encrypted with the first common key by adding time information to the device identification information;
The first communication unit transmits the second authentication request including the authentication token, the encrypted information, and the time information to the authentication server,
The decryption unit decrypts the encrypted information with the first common key to obtain the device identification information and the time information;
The authentication unit further performs the authentication process by comparing the time information acquired by decrypting the encrypted information and the time information included in the second authentication request. The authentication system according to claim 1.   The terminal device further includes a non-volatile memory that holds the authentication token from when the authentication token is received from at least the authentication server until the second authentication request is transmitted to the authentication server. The authentication system according to claim 1 or 2. An encryption unit for generating encrypted information obtained by encrypting device identification information for identifying a terminal device with a first common key;
A first authentication request including authentication information used for authentication processing and the device identification information is transmitted to an authentication server, and the authentication information and the device identification information are transmitted as a second response as a response to the first authentication request. A communication unit that receives an authentication token encrypted with the common key from the authentication server and transmits a second authentication request including the authentication token and the encryption information to the authentication server;
A terminal device comprising: A storage unit for storing pre-registered authentication information;
The authentication information and the device identification information included in the first authentication request including the authentication information and the device identification information for identifying the terminal device received from the terminal device are encrypted with a second common key. An encryption unit that generates an authentication token by
The first authentication request is received from the terminal device, the authentication token based on the first authentication request is transmitted to the terminal device, and the authentication token and the device identification information are encrypted with a first common key. A second communication unit that receives a second authentication request including encrypted encryption information from the terminal device;
The authentication token included in the second authentication request is decrypted with the second common key to obtain the authentication information and the device identification information, and the encrypted information included in the second authentication request is stored in the second authentication request. A decryption unit for decrypting with the first common key to obtain the device identification information;
The device identification information obtained by decrypting the authentication token is compared with the device identification information obtained by decrypting the encryption information, and the authentication token is obtained by decrypting the authentication token. An authentication unit that performs authentication processing by comparing authentication information with the authentication information stored in the storage unit;
An authentication server comprising:   A program for causing a computer to function as the terminal device according to claim 4.   The program according to claim 6, comprising a native code for causing a computer to function as the encryption unit.   A program for causing a computer to function as the authentication server according to claim 5.

Images