JP2014081887A - Secure single sign-on system and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technology capable of achieving single sign-on while securing security without carrying a password around or taking authentication information around with a cookie.SOLUTION: A secure single sign-on system includes: means for receiving a request for the generation of a pair of asymmetrical keys from a user terminal; means for generating a pair of a secret key and a public key; means for transmitting the generated public key to the user terminal; means for receiving an encrypted ticket encrypted by using the public key from the user terminal; means for decrypting the encrypted ticket by the secret key; means for creating a unique access ticket made unique such that the decrypted access ticket can be unique; and means for transmitting the unique access ticket to the user terminal.

Description

  The present invention relates to a method for securely performing single sign-on between a plurality of Web application services provided across the same domain or domains having shared user entities.

A service in which a login is permitted only to a predetermined user who has signed a contract in advance and permitted access is employed in many situations.
With the spread of ASP (Application Service Provider) and the like, these scenes are greatly increasing.

Now, in order for a predetermined user permitted to access to log in, it is common to input an ID and a password from a terminal related to the user. In principle, when receiving a plurality of services in parallel, an ID and a password are required for each service.
A technique called “single sign-on” has been devised in order to reduce the trouble of inputting the ID and password to the user.

As a technique for realizing single sign-on, for example, there is a technique disclosed in Patent Document 1.
This technology authenticates the identity of authentication requesting users between different sites using cookies and personal customer codes.

Japanese Patent No. 4390429

In the technique disclosed in Patent Document 1, there is a vulnerability that makes it possible to log in to a site targeted for attack when a malicious attacker makes a replay attack using a personal customer code obtained in advance. Exists.
The technique of restricting external access by constructing an intranet is generally widely used. However, the use of ASP is limited.

A first object of the present invention is to provide a technology capable of realizing single sign-on without carrying a password on a user terminal (terminal associated with a user) or routing authentication information with a cookie.
The second purpose is to realize authentication information exchange that can ensure a certain level of resistance against replay attacks and brute force attacks not only on intranets and extranets but also on unencrypted public lines including the Internet. Is to provide technology.

The present invention solves secure authentication information exchange in a non-encrypted public line including the Internet by a plurality of security protection mechanisms described below.
A first invention relates to a server of a service provider that provides a service to a user terminal.
The second invention relates to a computer program installed on a server of a service provider.
A third invention relates to a computer program installed in a user terminal that receives a service from a service provider.

(First invention)
A first invention relates to an access restriction device that simplifies a log-in operation for the second and subsequent services when a plurality of types of services are provided to a user terminal via a network.
That is, a key pair generation request receiving means for receiving an asymmetric key pair generation request from a user terminal;
A key pair generating means for generating a private key and public key pair when the key pair generation request receiving means receives a key pair generation request;
Public key transmitting means for transmitting the public key generated by the key pair generating means to the user terminal;
An access ticket registration request receiving means for receiving an encrypted ticket encrypted using the public key in order to request an access ticket for simplifying login at the user terminal that has received the public key;
Access ticket decrypting means for decrypting the encrypted ticket received by the access ticket registration request receiving means with the secret key;
An access ticket unique means for creating a unique access ticket that is unique so that the access ticket is unique with respect to the access ticket decrypted by the access ticket decryption means;
A unique ticket sending means for sending the unique access ticket created by the access ticket unique means to the user terminal;
Is an access restriction device.

  The “access ticket unique means” is means for, for example, using an identifier indicating a file type as a special character string.

(Function)
A request for generating an asymmetric key pair is transmitted from a user terminal desiring single sign-on. The asymmetric key pair generation request is received by the key pair generation request receiving means. When the key pair generation request is received, the key pair generation unit generates a private key / public key pair. The public key of the generated asymmetric key pair is transmitted to the user terminal by the public key transmitting means.
In order to request an access ticket for simplifying login, the user terminal that has received the public key generates an encrypted ticket by encrypting the public key. When the encrypted ticket is transmitted to the access restriction device, the access ticket registration request receiving means in the access restriction device receives it.
The encrypted ticket received by the access ticket registration request receiving means of the access restriction device is decrypted by the access ticket decrypting means with the secret key. Then, for the decrypted access ticket, the access ticket unique means makes the access ticket unique so that it becomes a unique access ticket. The created unique access ticket is sent to the user terminal by the unique ticket sending means.

In the user terminal, using the received unique access ticket, single sign-on can be realized when receiving a plurality of types of services via the network. Since no password is carried around, even if there is a third party who obtains the password illegally, it cannot be accessed with the password, and security can be maintained at a high level.
Further, not only intranets and extranets but also unencrypted public lines including the Internet can ensure a certain level of resistance against replay attacks and brute force attacks.

(Variation 1 of the first invention)
The first invention may comprise an authentication data storage means for storing the unique access ticket, and the authentication data storage means may be provided on a server different from the server having the access ticket unique means. .

(Function)
If the authentication data storage means for storing the unique access ticket is provided on a server different from the server provided with the access ticket unique means, it is difficult for a third party to obtain the unique access ticket. Therefore, the security level can be increased.

(Variation 2 of the first invention)
Variation 1 in the first invention may be formed as follows.
That is, a unique ticket receiving unit that receives the unique access ticket from a user terminal, and an access ticket verification that collates the unique access ticket received by the unique ticket receiving unit by accessing the authentication data storage unit And an access restriction device.

(Function)
When providing a plurality of types of services to user terminals, access procedures and access appear to be realized on the same server as viewed from the user, which contributes to service improvement.

(Variation 3 of the first invention)
Variation 2 in the first invention may be formed as follows.
That is, when the unique access ticket verified by the access ticket verification unit can be verified, access for accessing the authentication data storage unit and erasing the unique access ticket stored in the authentication data storage unit An access restriction device having a ticket erasing unit may be used.

(Function)
When the user terminal performs single sign-on and the unique access ticket verified by the access ticket verification means can be verified, the unique data stored in the authentication data storage means by accessing the authentication data storage means The access ticket erasing unit erases the access ticket.
Even if there is a third party who illegally obtained the unique access ticket, the unique access ticket once used is deleted, which contributes to improving the security performance.

(Variation 4 of the first invention)
The first invention may be formed as follows.
In other words, the access ticket unique means may set an access time limit for using the unique access ticket.

(Function)
A user who desires single sign-on rarely accesses multiple types of services after a long time. On the other hand, if the unique access ticket is valid for a long time, the security performance is lowered. Therefore, the access ticket unique means sets an access time limit that can be used by the unique access ticket, and contributes to improving the security performance.

(Second invention)
A second invention relates to a computer program that simplifies a log-in operation for the second and subsequent services when a plurality of types of services are provided to a user terminal via a network.
The program includes a key pair generation request reception procedure for receiving an asymmetric key pair generation request from a user terminal, and a secret key and public key when a key pair generation request is received in the key pair generation request reception procedure. A key pair generation procedure for generating a pair of keys, a public key transmission procedure for transmitting the public key generated by the key pair generation procedure to the user terminal, and a login process at the user terminal that has received the public key. Access ticket registration request reception procedure for receiving an encrypted ticket obtained by encrypting the access ticket using the public key, and decrypting the encrypted ticket received by the access ticket registration request reception procedure with the secret key Access ticket decryption procedure and the access ticket decrypted by the access ticket decryption procedure. An access ticket unique procedure for creating a unique access ticket that is unique so as to be unique, and a unique ticket for sending the unique access ticket created by the access ticket unique procedure to the user terminal This is a computer program that causes a computer to realize the transmission procedure.

(Variation 1 of the second invention)
The second invention may further cause the computer to realize a unique access ticket storage procedure for storing the unique access ticket in the authentication data storage means.

(Variation 2 of the second invention)
The variation 1 in the second invention may be formed as follows.
That is, a unique ticket receiving procedure for receiving the unique access ticket from a user terminal, and an access ticket for accessing and verifying the unique access ticket received in the unique ticket receiving procedure to the authentication data storage means The verification procedure may be further realized by a computer.

(Variation 3 of the second invention)
The variation 2 in the second invention may be formed as follows.
That is, when the unique access ticket verified in the access ticket verification procedure can be verified, the authentication data storage unit is accessed and the unique access ticket stored in the authentication data storage unit is deleted. The access ticket erasing procedure may be further realized by a computer.

(Third invention)
A third invention relates to a computer program for a user terminal that simplifies a log-in operation for the second and subsequent services when a plurality of types of services are received from a service server via a network.
The program includes a key pair generation request transmission procedure for transmitting an asymmetric key pair generation request to the service server, and a public key when the service server generates a key pair and transmits a public key. A public key receiving procedure for receiving a key; an access ticket generating procedure for generating an access ticket to be used for logging in to a second and subsequent services; and an access ticket generated by the access ticket generating procedure. The access ticket encryption procedure for encrypting using the public key received in the step, and the access ticket registration request procedure for requesting the registration by transmitting the access ticket encrypted by the access ticket encryption procedure to the service server And decrypting the access ticket encrypted in the service server, Uniquing a ticket receiving procedure for receiving a unique reduction access ticket Uniquing so that unique, a computer program was decided to realize the computer.

(Variation 1 of the third invention)
The third invention may be formed as follows.
That is, a unique ticket sending procedure for sending the unique access ticket received in the time-limited ticket receiving procedure when logging into the second and subsequent services;
A response reception procedure for receiving a response from a service server that provides the second and subsequent services that have received the unique access ticket may be further implemented in a computer.

(Provision form of the second and third inventions)
The second and third inventions can be provided by being stored in a recording medium such as a CD-R or DVD-R, or can be provided by being installed via a communication line.

According to the first invention, it is possible to provide an access restriction device capable of realizing single sign-on without carrying a password on a user terminal (terminal associated with a user) or routing authentication information with a cookie. It was.
According to the second aspect of the present invention, it is possible to provide a computer program that can realize single sign-on without carrying a password on a user terminal (terminal associated with a user) or routing authentication information with a cookie. .
According to the third aspect of the present invention, it is possible to provide a computer program for a user terminal that can realize single sign-on without carrying around a password or routing authentication information with a cookie.

It is a whole block diagram for demonstrating a secure single sign-on system. It is a partial block diagram for demonstrating a secure single sign-on system. It is a partial block diagram for demonstrating a secure single sign-on system. It is an example of the data table currently hold | maintained at the authentication data storage means.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. The figures used here are FIGS. 1 to 4.

FIG. 1 is a block diagram showing the hardware configuration of a service provider X and the relationship between the service provider X and a user who has contracted in advance to receive services via the web provided by the service provider X. .
FIG. 1 shows a main outline, and FIG. 2 and FIG. 3 illustrate it in more detail.

  The user accesses the server A related to the service provider X via the Internet from the user terminal related to the user. The service provider X uses the server B to provide different services for the user. In addition to the server A and the server B, a server C is provided. The server C is accessed and used by the server A and the server B, but cannot be accessed from the user terminal.

This will be briefly described with reference to FIG.
The user terminal logs in to the server A after accessing the web browser.
In addition, the user operates the user terminal to request “single sign-on” to the server A for omitting input of an ID and password that are originally required when logging in to the server B.
First, the user terminal requests the server A to generate an asymmetric key pair. When the server A generates a key pair, the user terminal transmits a public key to the user terminal. In the user terminal, when the access ticket is generated, the access ticket is encrypted using the received public key and transmitted to the server A.

In the server A, the received access ticket is decrypted using the secret key generated as an asymmetric key pair. Then, the decrypted access ticket is processed into a unique access ticket that is unique and transmitted to the user terminal.
If this unique access ticket is used, it is possible to omit the input of the ID and password when logging in to the server B.
The access ticket unique in the server A is accumulated in the authentication database set in the server C.

  On the other hand, when the login request to the server B is made by the access ticket that is unique from the user terminal, the server B inquires of the authentication database of the server C and confirms whether the unique access ticket related to the login request exists. . Allow login if confirmed. Here, single sign-on is realized.

  If access from the user terminal is permitted, the unique access ticket used for the access is deleted from the authentication database. This prevents double login and unauthorized login.

  When the unique access ticket related to the login request does not exist in the authentication database, a normal login screen is provided from the server B to the user terminal. In this case, instead of single sign-on, the user logs in to the server B by inputting an ID or password.

A more detailed description will be given based on FIGS. 2 and 3.
In the user terminal, a computer program for executing “secure single sign-on” separately provided by the service provider X can be downloaded in advance and executed.
The computer program includes a key pair generation request transmission procedure for transmitting an asymmetric key pair generation request to the service server, and a public key when the service server generates a key pair and transmits a public key. A public key receiving procedure for receiving a key; an access ticket generating procedure for generating an access ticket to be used for logging in to a second and subsequent services; and an access ticket generated by the access ticket generating procedure. The access ticket encryption procedure for encrypting using the public key received in the step, and the access ticket registration request procedure for requesting the registration by transmitting the access ticket encrypted by the access ticket encryption procedure to the service server And decrypting the access ticket encrypted in the service server Moni, a computer program but it was decided to realize unification and ticket receiving procedure for receiving a unique reduction access ticket Uniquing so that unique, to the computer.

  As described above, the user terminal in which the computer program is installed includes a key pair request unit, an access ticket generation unit, and the like, and the generated access ticket is stored in the access ticket database, or the access ticket encryption together with the received public key. An access ticket registration request is made after encryption by the digitizing means, and the unique access ticket is received by the ticket receiving means.

The user terminal transmits the received unique access ticket to access the server B that provides other site services.
Here, the unique access ticket flows on the network when it is transmitted from the server A to the user terminal. At this time, even if a malicious third party steals the unique access ticket, a replay attack by packet theft at the time of transmission is impossible in principle.

The server A installs a computer program that simplifies the login operation to the second and subsequent services when providing a plurality of types of services to the user terminal via the network.
The program includes a key pair generation request reception procedure for receiving an asymmetric key pair generation request from a user terminal, and a secret key and public key when a key pair generation request is received in the key pair generation request reception procedure. A key pair generation procedure for generating a pair of keys, a public key transmission procedure for transmitting the public key generated by the key pair generation procedure to the user terminal, and a login process at the user terminal that has received the public key. Access ticket registration request reception procedure for receiving an encrypted ticket obtained by encrypting the access ticket using the public key, and decrypting the encrypted ticket received by the access ticket registration request reception procedure with the secret key Access ticket decryption procedure and the access ticket decrypted by the access ticket decryption procedure. An access ticket unique procedure for creating a unique access ticket that is unique so as to be unique, and a unique ticket for sending the unique access ticket created by the access ticket unique procedure to the user terminal This is a computer program that causes the server A to realize the transmission procedure.

As described above, the server A generates a key pair of a public key and a secret key, accumulates it in the key pair database, transmits the public key to the user terminal, and the secret key is obtained by encrypting the access ticket by the user. Used to decrypt the sent access ticket.
Then, the decrypted access ticket is made unique, transmitted to the user, and transmitted to the server C provided with authentication data storage means.

As shown in FIG. 3, the server B receives a request for “single sign-on” from the user terminal and requests permission or normal login.
A unique ticket receiving unit that receives the unique access ticket; and an access ticket collating unit that accesses the authentication data storage unit in the server C in order to collate the received unique access ticket. If the access ticket verification unit can verify, a response transmission unit that returns a response indicating that the user can log in as it is to the user terminal, and a login screen transmission unit that transmits a login screen if the verification cannot be performed.

Further, when the response transmission means returns a response to the effect that the user can log in as it is, the authentication data storage means in the server C is accessed and the ticket is deleted. This is done by the access ticket erasing means.
For this reason, when a unique access ticket is transmitted from the user terminal to the server B, even if a malicious third party makes a replay attack against the server B, the access ticket is erased, so that an unauthorized login is made. There is hardly anything.

The access ticket unique means in the server A described above not only makes it unique, but also sets an expiration date. This expiration date is not a long term for the performance of today's computers.
For this reason, even if a malicious third party attacks using the brute force method, it will be extremely difficult to allocate the authentication information stored in the authentication data storage means within the expiration date.

The server A described above reproduces the secret key using the public key transmitted to the user terminal via the network in the generated key pair, and makes a single sign-on request before the user terminal. Possible illegal login methods.
Attacks by this method can be countered by adopting a technique of exchanging key pairs in a short cycle. Alternatively, sufficient tolerance can be ensured by generating different key pairs for a single sign-on request trip.

According to the present embodiment, it is possible to provide a technology capable of realizing single sign-on without carrying a password on a user terminal (terminal associated with a user) or routing authentication information with a cookie.
In addition to intranets and extranets, we provide technology that can implement authentication information exchange that can ensure a certain level of resistance against replay attacks and brute force attacks not only on unencrypted public lines including the Internet. be able to.
This embodiment does not depend on passwords or cookies as a means for associating authentication states between sites. Therefore, single sign-on can be easily applied even if different domains (IDs) are installed for different site services.

In this embodiment, since a cookie used in a general single sign-on system is not used, single sign-on across different domains can be realized.
In addition, since the authenticated first site (server A) and the unauthenticated second site (server B) are associated with access tickets transmitted in different binary representations, a single is provided via the public line (Internet). Even when signing on, the user ID and password do not flow on the network. Therefore, there is no need to worry about a malicious eavesdropper and the safety is high.

Since the access ticket itself is a random value generated at the user terminal at every single sign-on, even if the access ticket is wiretapped, the leakage does not pose any threat to the user.
This is because, as described above, expressions when transmitting an access ticket to the first site and the second site are different.
In other words, the former is encrypted with the public key, and the latter is transmitted in an unencrypted representation, so a replay attack is not possible in principle (from the former public key encrypted access ticket to the unencrypted access ticket). It is very difficult to carry out the determination in a realistic time).
In addition, if the access ticket is used even once regardless of whether the single sign-on authentication is successful, it is promptly discarded from the authentication data storage means. For this reason, it can be said that tolerance to replay attacks is secured.

  Hereinafter, each function in the embodiment described above will be supplemented.

(Key pair generation)
The key pair generation means receives a key pair generation request from the user terminal, and newly generates an asymmetric key pair (consisting of a secret key and a public key). As the key algorithm to be generated, an asymmetric key cryptosystem and a widely used RSA are adopted in this embodiment, but the present invention is not limited to this. By generating a key pair for each single sign-on session, it is possible to prevent a key from being transferred to a malicious attacker due to leakage or eavesdropping, and to become a clue to cracking.

(Storing key pairs in the key pair database)
Of the RSA public key / secret key generated by the key pair generation means, the secret key is stored in the session area of server A. The secret key stored here is used to decrypt the access ticket transmitted through the network after being encrypted with the public key at the user terminal in the access ticket registration process.

(Send public key to user terminal)
Of the RSA public key / secret key generated by the key pair generation means, the public key is transmitted to the user terminal without being particularly encrypted. The reason for not encrypting is that there is no security inconvenience even if it is eavesdropped (cannot be used for attack).

(Generation and encryption of access ticket)
At the user terminal, before and after receiving the public key returned from the server A, the access ticket is generated by the access ticket generation means according to the following rules.
Access ticket = current time (milliseconds) + 15 digits behind the generated random integer Furthermore, the access ticket encryption means encrypts the access ticket using the above public key with RSA encryption, encrypted access Generate a ticket.

(Registering an access ticket)
The user terminal transmits the encrypted access ticket to the server A. The server A passes the received encrypted access ticket to the access ticket decrypting means.
The access ticket decrypting means extracts the secret key from the key pair database storing the secret key, decrypts the encrypted access ticket, and registers it in the authentication database provided in the server C.

Before registering in the authentication database, the access ticket unique means provides the following suffix to ensure the uniqueness of the access ticket.
Unique access ticket = access ticket + suffix In this embodiment, the “suffix” is a character string that is a random value of a 5-digit integer and is shaped by zero padding.
The suffix is generated until the access ticket to be unique becomes unique in the authentication database.

(Authentication database)
The generated unique access ticket is registered in the authentication database.
The authentication database needs to be shared between the first site provided by the server A to the user terminal, the second site provided by the server B, and the nth site. For this reason, it is desirable to configure as a table on a relational database that can be referred to by users installed at all these sites.

As shown in FIG. 4, a definition example when configured as a table on a relational database is shown below.
The “registration date / time” is the system time at the time of registering the access ticket, the “user ID” is the ID of the user requesting authentication, and the “access ticket” is received from the user terminal and given a suffix. Each unique access ticket is set.
Also, a “ticket expiration date” is set. For example, when the validity period of the access ticket is 5 minutes, the time after 5 minutes from the “registration date” is set as above. In particular, a value for which an expiration date is set in advance is set as the ticket expiration date from the viewpoint of preventing unauthorized use.

(Access ticket / suffix return)
The access ticket suffix generated by the access ticket registration (unique identifier added by the server to make the access ticket truly unique) is returned to the user terminal.

(Single sign-on request)
When a login request is transmitted from the user terminal to the server B providing the second site, an access ticket and an access ticket suffix are added as parameters. The access ticket transmitted at this time and flowing on the network is expressed in plain text.
The access ticket is also transmitted to the server A. At this time, the access ticket is an encrypted access ticket encrypted by public key encryption. For this reason, it is a binary string different from this process, and it is impossible for a malicious attacker to conceive the plaintext access ticket until it actually flows on the network.

(Single sign-on processing at server B)
The authentication agent unit configured in the server B of the second site receives the authentication request requested from the user terminal and accesses the authentication data storage unit of the server C to check whether the user terminal has already been authenticated. To do. When authenticated, the request is originally transferred to the request destination. When not authenticated, it is checked whether an access ticket indicating a single sign-on request is added as a parameter, and when added, a single sign-on process is performed. When the single sign-on request parameter is not added, since the authentication procedure is not yet performed, a login screen that prompts the user terminal for a login request is displayed.

(Authentication process)
When the server B of the second site receives the single sign-on request from the user terminal, the server B of the second site searches for the corresponding entry from the authentication information holding unit using the access ticket received from the user terminal.
Specifically, the corresponding entry is acquired from the authentication data storage means using the access ticket as a key, and when the entry exists, the “ticket expiration date” stored in the authentication information holding unit entry and the current time of the system are obtained. Compare.
If it is within the usage period, the authentication information holding entry is validated and login is permitted. When the login is possible, the “user ID” of the authentication information holding entry is extracted, and the authentication process of the user is executed in the server B using the user information. When the authentication is successful, the authentication agent transfers the process to the request URL of the user terminal. When the authentication is unsuccessful, the authentication procedure is not yet performed, and the login screen is returned to the user terminal.

(Delete authentication information entry)
When the authentication process is performed at the second site (server B) that has not yet been authenticated, the entry in the authentication information holding unit is retrieved and acquired using the access ticket transmitted from the user terminal. When the entry exists and is acquired, the entry is deleted from the authentication data storage unit regardless of whether or not the subsequent process is successful. There should be only one entry held in the authentication data storage means for each single sign-on request. If the entry is left unsuccessful when authentication fails, a malicious attack will occur. This is because there is a possibility that a person may illegally log in using the entry.

  The present invention has applicability in the Internet connection service industry, the information service industry via the Internet, the ASP business, the software development industry, the manufacturing industry of information devices such as servers, and the like.

Claims (12)

When providing a plurality of types of services to a user terminal via a network, a device that simplifies the login operation to the second and subsequent services,
A key pair generation request receiving means for receiving an asymmetric key pair generation request from a user terminal;
A key pair generating means for generating a private key and public key pair when the key pair generation request receiving means receives a key pair generation request;
Public key transmitting means for transmitting the public key generated by the key pair generating means to the user terminal;
An access ticket registration request receiving means for receiving an encrypted ticket encrypted using the public key in order to request an access ticket for simplifying login at the user terminal that has received the public key;
Access ticket decrypting means for decrypting the encrypted ticket received by the access ticket registration request receiving means with the secret key;
An access ticket unique means for creating a unique access ticket that is unique so that the access ticket is unique with respect to the access ticket decrypted by the access ticket decryption means;
A unique ticket sending means for sending the unique access ticket created by the access ticket unique means to the user terminal;
An access restriction device comprising: An authentication data storage means for storing the unique access ticket;
The access restriction apparatus according to claim 1, wherein the authentication data storage means is provided in a server different from the server provided with the access ticket unique means. Unique ticket receiving means for receiving the unique access ticket from a user terminal;
An access ticket verification unit that accesses the verification data storage unit to verify the unique access ticket received by the unique ticket reception unit;
The access restriction device according to claim 2, further comprising: Access ticket erasure for accessing the authentication data storage means and erasing the unique access ticket stored in the authentication data storage means when the unique access ticket verified by the access ticket verification means can be verified 4. The access restriction device according to claim 3, further comprising means.   The access restriction device according to any one of claims 1 to 4, wherein the access ticket unique means sets an access time limit for using the unique access ticket. When providing a plurality of types of services to a user terminal via a network, a computer program that simplifies the login operation to the second and subsequent services,
The program is
A key pair generation request reception procedure for receiving an asymmetric key pair generation request from a user terminal;
A key pair generation procedure for generating a private key / public key pair when a key pair generation request is received in the key pair generation request reception procedure;
A public key transmission procedure for transmitting the public key generated in the key pair generation procedure to the user terminal;
An access ticket registration request reception procedure for receiving an encrypted ticket obtained by encrypting an access ticket for simplifying login at the user terminal that has received the public key using the public key;
An access ticket decrypting procedure for decrypting the encrypted ticket received in the access ticket registration request receiving procedure with the secret key;
An access ticket unique procedure for creating a unique access ticket that is unique so that the access ticket is unique with respect to the access ticket decrypted in the access ticket decryption procedure;
A unique ticket transmission procedure for transmitting the unique access ticket created by the access ticket unique procedure to the user terminal;
A computer program that causes a computer to realize the above. The computer program according to claim 6, wherein the computer realizes a unique access ticket storage procedure for storing the unique access ticket in the authentication data storage unit. A unique ticket receiving procedure for receiving the unique access ticket from the user terminal;
An access ticket verification procedure for accessing and verifying the unique access ticket received in the unique ticket reception procedure to the authentication data storage means;
8. The computer program according to claim 7, wherein said computer is realized by a computer. An access ticket that accesses the authentication data storage means and erases the unique access ticket stored in the authentication data storage means when the unique access ticket verified in the access ticket verification procedure can be verified The computer program according to claim 7, wherein the erasing procedure is realized by a computer.   The computer program according to any one of claims 6 to 9, wherein the access ticket uniqueizing procedure sets an access time limit for using the unique access ticket. When receiving a plurality of types of services from a service server via a network, a computer program for a user terminal that simplifies a login operation to the second and subsequent services,
The program includes a key pair generation request transmission procedure for transmitting an asymmetric key pair generation request to the service server;
A public key receiving procedure for receiving the public key when the service server generates a key pair and transmits the public key;
An access ticket generation procedure for generating an access ticket used to log in to the second and subsequent services;
An access ticket encryption procedure for encrypting the access ticket generated in the access ticket generation procedure using the public key received in the public key reception procedure;
An access ticket registration request procedure for requesting registration by transmitting the access ticket encrypted by the access ticket encryption procedure to the service server;
A unique ticket receiving procedure for decrypting the encrypted access ticket in the service server and receiving a unique access ticket unique so that the decrypted access ticket is unique;
A computer program that causes a computer to realize the above. A unique ticket sending procedure for sending the unique access ticket received in the unique ticket receiving procedure when logging into the second and subsequent services;
A response reception procedure for receiving a response from a service server that provides the second and subsequent services that have received the unique access ticket;
12. The computer program according to claim 11, wherein the computer is realized by a computer.

Images