JP2021168079A - Communication system, repeating device, communication method, and program - Google Patents

Abstract

To provide a communication system, a repeating device, a communication method, and a program capable of reducing load on an authentication station without reducing security.SOLUTION: A communication system 1 comprises: a server (cloud 10); a plurality of repeating devices 40 communicably connected to the server; a plurality of client devices 70 communicably connected to the repeating devices; and an authentication device (authentication station 20) for authenticating the repeating devices. The repeating device is a device authenticated with the authentication device to allow secret information to be issued to secure communication, and has: an authentication part for determining whether or not the client device is a valid device; and an issuing part for issuing the secret information to the client device when the client device is determined to be the valid device with the authentication part.SELECTED DRAWING: Figure 1

Description

The present invention relates to communication systems, relay devices, communication methods, and programs.

In the field of IoT (Internet of Things), there is a system that aggregates data from IoT devices connected via a network to a server device. In order to strengthen the security of data transmitted from the IoT device to the server device, there is a technology for performing authentication and encrypted communication between the server device and the IoT device using an electronic certificate (hereinafter, simply referred to as a certificate). .. Patent Document 1 describes a technique in which processing related to certificate storage and encryption is performed by a communication control device connected to a server device or a client device which is an IoT device, and secure communication is performed between the server device and the IoT device. It is disclosed.

JP-A-2019-50485

By the way, in order to suppress the deterioration of security, the expiration date may be set for the certificate. It prevents the IoT device having the expired certificate from being authenticated by the server device and suppresses the deterioration of security. In this case, it is required to properly manage the expiration date of the certificate and renew it with a new certificate if necessary. Patent Document 1 describes a technique for requesting a new certificate from a certificate authority according to the expiration date of the digital certificate. By issuing a new certificate to the IoT device from the certificate authority, it becomes possible to securely transmit data between the server device and the IoT device. In this case, every time the expiration date of the certificate stored in the IoT device approaches, communication with the certificate authority will occur. In most of the systems that aggregate data as described above, a large number of IoT devices are connected. Therefore, there is a problem that the burden on the certificate authority increases when trying to suppress the deterioration of security.

The present invention has been made in view of such a situation. An object of the present invention is to provide a communication system, a relay device, a communication method, and a program capable of reducing the burden on a certificate authority without deteriorating security.

The communication system of the present invention authenticates a server device, a plurality of relay devices communicably connected to the server device, a plurality of client devices communicably connected to the relay device, and the relay device. The relay device includes an authentication device, and the relay device is a device that has been authenticated by the authentication device to issue confidential information for securing communication, and determines whether or not the client device is a legitimate device. It has an authentication unit and an issuing unit that issues the confidential information to the client device when the authentication unit determines that the client device is a legitimate device.

The relay device of the present invention is a relay device that is communicably connected to a client device and a server device, and is determined by an authentication unit that determines whether or not the client device is a legitimate device, and the authentication unit. When it is determined that the client device is a legitimate device, the client device is provided with a issuing unit that issues confidential information for securing communication.

The communication method of the present invention is a communication method of a relay device connected to a client device and a server device, and an authentication unit determines whether or not the client device is a legitimate device, and a issuing unit determines whether or not the client device is a legitimate device. When the authentication unit determines that the client device is a legitimate device, it issues confidential information to the client device to secure communication.

The program of the present invention is a computer of a relay device connected to a client device and a server device, an authentication processing means for determining whether or not the client device is a legitimate device, and the client device is a legitimate device. In this case, it is a program for causing the client device to function as an issuing processing means for issuing confidential information for securing communication.

According to the present invention, the burden on the certificate authority can be reduced without lowering the security.

It is a block diagram which shows the structural example of the communication system 1 by embodiment of this invention. It is a block diagram which shows the structural example of the certificate authority 20 by embodiment of this invention. It is a block diagram which shows the structural example of GW50 by embodiment of this invention. It is a block diagram which shows the structural example of the relay side SE60 by embodiment of this invention. It is a block diagram which shows the structural example of the IoT device 80 by embodiment of this invention. It is a block diagram which shows the structural example of the terminal side SE90 by embodiment of this invention. It is a figure which shows the structural example of the key information 220 by embodiment of this invention. It is a figure which shows the structural example of the certificate information 221 according to the embodiment of this invention. It is a figure which shows the structural example of the key information 620 by embodiment of this invention. It is a figure which shows the structural example of the certificate information 621 according to the embodiment of this invention. It is a figure which shows the structural example of the key information 920 by embodiment of this invention. It is a figure which shows the structural example of the certificate information 921 by embodiment of this invention. It is a sequence diagram which shows the flow of the process performed by the communication system 1 by embodiment of this invention. It is a sequence diagram which shows the flow of the process performed by the communication system 1 by embodiment of this invention. It is a sequence diagram which shows the flow of the process performed by the communication system 1 by embodiment of this invention.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram showing a configuration example of a communication system 1 according to an embodiment of the present invention. The communication system 1 includes, for example, a cloud 10, a certificate authority 20, a communication network 30, a relay device 40, and a terminal device 70. The cloud 10 is an example of a “server device”. The certificate authority 20 is an example of the "authentication device". The terminal device 70 is an example of a “client device”.

The cloud 10, the certificate authority 20, and the relay device 40 are connected to each other so as to be able to communicate with each other via the communication network 30. The relay device 40 and the terminal device 70 are communicably connected via a communication network different from that of the communication network 30. Although omitted in FIG. 1, in the communication system 1, a plurality of terminal devices 70 are connected to one relay device 40, and a plurality of relay devices 40 are connected to one cloud 10, so-called tree type. Network is formed.

The cloud 10 is a computer such as a server device. The cloud 10 receives the data sensed by the terminal device 70 via the relay device 40. The data sensed by the terminal device 70 may be arbitrary data, and may be, for example, imaging data by a surveillance camera or the like, temperature data measured by a temperature sensor or the like, or the like.

The relay device 40 includes, for example, a GW (gateway) 50 and a relay side SE60. The GW 50 is a computer device such as a PC (Personal Computer). The GW 50 has a so-called relay function that mediates communication between the cloud 10 and the terminal device 70. The relay side SE60 is a semiconductor device in which an integrated circuit is mounted on a semiconductor substrate, which is called, for example, an IC chip, SE (secure element), a secure IC chip, a secure chip, a secure IC, a secure microcomputer, or the like. The relay side SE60 may be an IC card or a SIM card (Subscriber Identity Module Card) in which the functions of the relay side SE60 are mounted on a card device such as plastic. In this case, the relay side SE60 is detachably attached via the contact portion (not shown) of the IC card or SIM card provided in the GW 50.

The relay side SE60 is connected to the relay device 40 and performs security-related processing that secures the exchange of data when the GW 50 communicates with the external device. The external devices here are the cloud 10, the certificate authority 20, and the terminal device 70. The processing performed by the GW 50 and the relay side SE 60 will be described in detail later.

The terminal device 70 includes, for example, an IoT device 80 and a terminal-side SE90. The IoT device 80 is, for example, a sensor terminal with a communication function. The IoT device 80 transmits the sensed data to the GW 50. Similar to the relay side SE60, the terminal side SE90 is a semiconductor device that performs security-related processing that secures communication between the GW 50 and the IoT device 80 of the terminal device 70. The terminal side SE90 may be detachably attached to the IoT device 80. The details of the processing performed by the IoT device 80 and the terminal side SE90 will be described in detail later.

The certificate authority 20 is a computer such as a server device. The certificate authority 20 issues a digital certificate. The digital certificate is electronic information indicating that the device has been certified by the certificate authority 20. In the digital certificate, bibliographic items such as information about the device are signed by the certificate authority 20. The signature indicates that the bibliographic matter has been certified by the Certificate Authority 20.

The certificate authority 20 in the present embodiment is different from the so-called general certificate authority in that it has a function of communicating with the GW 50 and certifying the GW 50 as an intermediate certificate authority. The general certificate authority here is a device having a function of issuing an electronic certificate to a terminal device (GW50 and IoT device 80).

First, the certificate authority 20 performs prior mutual authentication (hereinafter referred to as initial authentication) with the device of the communication destination. When the authentication authority 20 can authenticate that the communication destination device is a legitimate device as a result of the initial authentication, the certificate authority 20 issues an electronic certificate in response to a request from the communication destination device.

The certificate authority 20 is, for example, a Secure Channel Protocol (encrypted communication protocol using a common key between the IC card and the outside of the IC card) defined by the Global Platform (an international standardization organization for IC cards; hereinafter referred to as “GP”). Hereinafter, authentication is performed according to the specifications of "SCP").

For example, the certificate authority 20 performs the initial authentication by a challenge and response method using encryption using a common key for authentication. In this case, a common encryption key (common key) used for authentication is written and stored in advance in the certificate authority 20 and the authentication destination device. The challenge side (for example, the certificate authority 20) transmits a challenge (host random number) to the response side (for example, the relay device 40). The response side encrypts the host random number. Encryption is performed using a common key for authentication shared in advance between the challenge side and the response side. The response side notifies the challenge side of the encrypted host random number. The challenge side decrypts the encrypted host random number. Decryption is performed using a common key for authentication shared in advance between the challenge side and the response side. When the decrypted host random number and the transmitted host random number match, the challenge side authenticates that the response side is a legitimate device as a communication destination. When mutual authentication is performed, authentication is performed by exchanging the challenge side and the response side and performing the same exchange.

When the certificate authority 20 can authenticate that the device to be authenticated is a legitimate device by the first authentication, the certificate authority 20 issues a certificate in response to the request of the device to be authenticated. The authentication destination device generates a public key / private key pair, and requests the certificate authority 20 to issue a certificate using the generated public key and private key. The certificate authority 20 issues a certificate to the authentication destination device upon request. The certificate contains a signature generated by the public key and the private key that is paired with the public key.

The initial authentication performed by the certificate authority 20 is not limited to the authentication by the challenge & response method described above. The certificate authority 20 may be able to authenticate that the device to be authenticated is a legitimate device in some way. The certificate authority 20 may mutually authenticate with the device to be authenticated, or may authenticate only one side. Further, the certificate authority 20 may perform authentication using a certificate issued in advance to the device to be authenticated, or authentication using a password or the like registered in advance.

For example, if the terminal device 70 has an electronic certificate (client certificate) indicating that it is a legitimate device, the cloud 10 authenticates that the terminal device 70 is a legitimate device. It becomes possible. By aggregating data after authentication using an electronic certificate, falsification of data and spoofing of a device can be suppressed, and data can be aggregated safely.

Generally, as an authentication system, a hierarchical structure may be configured by a plurality of certificate authorities. In this case, the certificate authority existing at the top of the hierarchical structure is called the root certificate authority, and the certificate authority existing in the middle is called the intermediate certificate authority. At the lowest level, a terminal device such as a terminal device 70 that transmits / receives data is positioned. In addition, there are cases where a plurality of layers are configured by the intermediate certificate authority. In this case, the upper intermediate certificate authority issues a certificate to the lower intermediate certificate authority.

The root certificate authority issues a certificate (intermediate certificate) in response to a request from the intermediate certificate authority under its control. An intermediate certificate is electronic information that recognizes that the intermediate certificate authority is a legitimate device and that it has the function of issuing a certificate to the intermediate certificate authority. The root certificate authority issues an intermediate certificate to the intermediate certificate authority after the initial authentication, as in the case where the certificate authority 20 issues a certificate to the communication destination device.

The intermediate certificate authority issues a certificate (client certificate) in response to a request from the device of the terminal under its control. The client certificate is electronic information that recognizes that the device of the terminal is a legitimate device. The intermediate certificate authority issues a client certificate to the terminal device after the initial authentication, as in the case where the certificate authority 20 issues a certificate to the communication destination device. For example, at the time of initial authentication, the intermediate certificate authority and the terminal device use a common encryption key shared in advance to allow each other to recognize that they are legitimate devices. The initial certification performed by the intermediate certificate authority is not limited to the method described above. The intermediate certificate authority only needs to be able to authenticate that the device of the terminal is a legitimate device in some way. In this way, the intermediate certificate authority mutually authenticates with the device of the terminal of the communication destination at the time of the first authentication, and after mutual recognition that the device of the communication destination is a legitimate device, the device of the terminal is used. Issue a client certificate.

In this embodiment, the certificate authority 20 functions as a root certificate authority. The certificate authority 20 issues an intermediate certificate to the relay device 40. As a result, the relay device 40 functions as an intermediate certificate authority and issues a client certificate to the terminal device 70. This makes it possible to reduce the burden on the certificate authority 20 as compared with the case where the certificate authority 20 authenticates all the terminal devices 70 included in the communication system 1.

As described above, in the communication system 1, a plurality of relay devices 40 are connected to the cloud 10, and a tree-type network is formed in which a plurality of terminal devices 70 are connected to each of the relay devices 40. .. Therefore, when the relay device 40 is made to function as an intermediate certificate authority, the terminal device 70 existing under the relay device 40 is limited to the terminal device 70 that communicates with the relay device 40. That is, even when the relay device 40 is made to function as an intermediate certificate authority, one relay device 40 does not authenticate all the terminal devices 70, but a plurality of relay devices 40 share one or more. The terminal device 70 will be authenticated. Therefore, the burden required for authentication in the relay device 40 is reduced as compared with the case where one relay device 40 authenticates all the terminal devices 70.

In the present embodiment, the data acquired by the terminal device 70 is aggregated in the cloud 10. In order to securely aggregate data, it is necessary to perform mutual authentication between the cloud 10 and the terminal device 70 in advance. In the following description, a case where data aggregation is performed according to the following procedures 1) to 6) will be described as an example.
1) The certificate authority 20 authenticates the relay device 40.
2) The certificate authority 20 issues a certified relay device 40 intermediate certificate.
3) The relay device 40 to which the intermediate certificate is issued authenticates the terminal device 70.
4) The relay device 40 to which the intermediate certificate is issued issues the client certificate to the authenticated terminal device 70.
5) The cloud 10 authenticates the terminal device 70 with the client certificate possessed by the terminal device 70.
6) Data acquired by the terminal device 70 is aggregated in the cloud 10 by performing encrypted data communication between the cloud 10 and the terminal device 70.
However, it is not limited to this. The information required for authentication between the cloud 10 and the terminal device 70 (for example, a client certificate) may be transmitted to the terminal device 70 via at least the certificate authority 20 and the relay device 40.

The communication network 30 includes, for example, networks 31 and 32. The networks 31 and 32 are, for example, a communication network including a part or all of the Internet, WAN (Wide Area Network), LAN (Local Area Network), provider equipment, wireless base station, dedicated line, and the like.

FIG. 2 is a block diagram showing a configuration example of the certificate authority 20 according to the embodiment of the present invention. The certificate authority 20 includes, for example, a communication unit 21, a storage unit 22, and a control unit 23. The communication unit 21 communicates with the cloud 10 and the relay device 40 via the communication network 30.

The storage unit 22 is a storage medium, for example, an HDD (Hard Disk Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a RAM (Random Access read / write Memory), a ROM (Read Only Memory), or a storage medium thereof. It is composed of any combination of storage media.

The storage unit 22 stores, for example, the key information 220 and the certificate information 221. The key information 220 is information about a key (for example, a common key, a public key, and a private key) used for authentication, encrypted communication, and signature generation. The certificate information 221 is information related to a root certificate issued by the certificate authority 20 itself, an intermediate certificate issued to the relay side SE60, and the like.

The control unit 23 is realized, for example, by causing a CPU (Central Processing Unit) provided as hardware in the certificate authority 20 to execute a program stored in the storage unit 22. The control unit 23 includes, for example, a root authentication unit 230, an encryption / decryption unit 231 and a device control unit 232.

The route authentication unit 230 performs processing related to authentication of the relay device 40 as an intermediate certificate authority. For example, the route authentication unit 230 performs authentication according to SCP specifications. In this case, data (common key, etc.) derived from the secret information owned by the certificate authority 20 (root certificate authority) is written and stored in the relay side SE60 in advance. The route authentication unit 230 performs authentication according to the SCP by transmitting and receiving information related to this data to and from the relay side SE60.

When the root authentication unit 230 authenticates that the relay side SE60 is a legitimate device, the encryption / decryption unit 231 encrypts and decrypts the subsequent communication. Specifically, the encryption / decryption unit 231 encrypts the data notified from the authentication authority 20 to the relay side SE60, and transmits the encrypted data to the relay side SE60 via the communication unit 21. The encryption / decryption unit 231 decrypts the data received by the certificate authority 20 from the relay side SE60.

The device control unit 232 controls the certificate authority 20 in an integrated manner. The device control unit 232 outputs, for example, the data received from the relay side SE60 to the route authentication unit 230 at the time of authentication. The device control unit 232 outputs the data received from the relay side SE60 after the authentication to the encryption / decryption unit 231.

When the relay device 40 is authenticated by the route authentication unit 230, the device control unit 232 issues a certificate (intermediate certificate) in response to a request from the relay device 40. For example, the device control unit 232 attaches an electronic signature (hereinafter, simply referred to as a signature) to an electronic document showing bibliographic matters related to the relay device 40 by using a secret key stored in the storage unit 22 or the like. .. The device control unit 232 transmits the signed electronic document as a certificate (intermediate certificate) to the relay device 40 via the communication unit 21.

FIG. 3 is a block diagram showing a configuration example of the GW 50 according to the embodiment of the present invention. The GW 50 includes, for example, a communication unit 51, a storage unit 52, and a control unit 53. The communication unit 51 includes a server communication unit 510, a client communication unit 511, and a relay side SE communication unit 512.

The server communication unit 510 communicates with the cloud 10 and the certificate authority 20. The communication protocol between the GW 50 and the cloud 10 and the authentication station 20 applied to the server communication unit 510 is a communication method via the communication network 30, and is composed of, for example, a general-purpose network such as the Internet. The communication method etc. is applied.

The client communication unit 511 communicates with the terminal device 70. The communication protocol between the GW 50 and the relay device 40 applied to the client communication unit 511 may be arbitrary, and for example, ZETA (registered trademark) of the LPWA (Low Power Wide Area) standard is applied. ..

The relay-side SE communication unit 512 communicates with the relay-side SE60. As the communication protocol between the GW 50 and the relay side SE 60 applied to the relay side SE communication unit 512, for example, serial data communication such as UART (Universal Asynchronous Receiver / Transmitter) is applied.

The storage unit 52 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 52 stores, for example, the relay information 520. The relay information 520 is information related to the data to be relayed, and is, for example, information related to data received from the relay source, data to be transmitted to the relay destination, a data protocol conversion method related to the relay, and the like.

The control unit 53 is realized, for example, by causing a CPU provided as hardware in the GW 50 to execute a program stored in the storage unit 52. The control unit 53 includes, for example, a relay unit 530 and a device control unit 531. The relay unit 530 performs processing related to data relay. The relay unit 530 converts the data received from the conversion source device into a communication protocol applied to the conversion destination communication, and transmits the converted data to the conversion destination device. Specifically, the relay unit 530 converts the data received from the terminal device 70 into a communication protocol applied to the communication network 30, and transmits the converted data to the cloud 10. The relay unit 530 converts the data received from the cloud 10 into a communication protocol applied to communication with the terminal device 70, and transmits the converted data to the terminal device 70.

In this case, the data received by the relay unit 530 from the relay source device is encrypted. The relay unit 530 performs a process related to the relay by the following method regarding the handling of the encrypted data.

How to send encrypted (converted communication protocol) without decryption

In the above case, the relay unit 530 converts the data received from the conversion source into the communication protocol of the conversion destination, and transmits the converted data to the conversion destination device. In this case, it is assumed that the encryption key is shared between the relay source device and the relay destination device. By transmitting and receiving data to and from the relay side SE60, the relay unit 530 causes the relay side SE60 to perform processing related to encryption, decryption, and signing of the client certificate (issuance of the client certificate).

The device control unit 531 controls the GW 50 in an integrated manner. The device control unit 531 outputs, for example, the data received from the device of the relay source to the relay unit 530. The device control unit 531 transmits the data whose communication protocol has been converted by the relay unit 530 to the relay destination device via the communication unit 51. The device control unit 531 transmits data to be encrypted, decrypted, or signed to the relay side SE60 via the relay side SE communication unit 512. The device control unit 531 outputs the data encrypted, decrypted, or signed by the relay side SE60 to the relay unit 530.

FIG. 4 is a block diagram showing a configuration example of the relay side SE60 according to the embodiment of the present invention. The relay side SE60 includes, for example, a communication unit 61, a storage unit 62, and a control unit 63. The communication unit 61 communicates with the GW 50.

The storage unit 62 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 62 stores, for example, the key information 620 and the certificate information 621. The key information 620 is information about a key (for example, a common key, a public key, a private key) used for authentication, encrypted communication, and a process of generating a signature. The certificate information 621 is information related to an intermediate certificate issued by the certificate authority 20 and a client certificate issued to the terminal SE90.

The control unit 63 is realized, for example, by causing a CPU provided as hardware in the relay side SE60 to execute a program stored in the storage unit 62. The control unit 63 includes, for example, an intermediate authentication unit 630, an encryption / decryption unit 631, and a device control unit 632. Here, the intermediate authentication unit 630 is an example of the "authentication unit". The encryption / decryption unit 631 is an example of the “issuing unit”.

The intermediate certification unit 630 performs processing related to certification. The intermediate authentication unit 630 performs, for example, a process related to mutual authentication between the certificate authority 20 and the relay side SE60, and a process related to mutual authentication between the relay side SE60 and the terminal side SE90. Since the processing related to authentication is the same as the processing performed by the root authentication unit 230, the description thereof will be omitted. The encryption / decryption unit 631 performs processing related to encryption and decryption after authentication. Since the processing related to encryption and decryption is the same as that of the encryption / decryption unit 231, the description thereof will be omitted. The device control unit 632 comprehensively controls the relay side SE60.

When the terminal device 70 is authenticated by the intermediate authentication unit 630, the device control unit 632 issues a certificate (client certificate) in response to a request from the terminal device 70. The device control unit 632 signs, for example, an electronic document showing bibliographic matters related to the terminal device 70 by using a private key stored in the storage unit 62 or the like. The device control unit 232 transmits the signed electronic document as a certificate (client certificate) to the terminal device 70 via the communication unit 61 and the relay device 40.

FIG. 5 is a block diagram showing a configuration example of the IoT device 80 according to the embodiment of the present invention. The IoT device 80 includes, for example, a communication unit 81, a storage unit 82, and a control unit 83. The communication unit 81 includes a GW communication unit 810 and a terminal-side SE communication unit 811. The GW communication unit 810 communicates with the GW 50. The terminal-side SE communication unit 811 communicates with the terminal-side SE90.

The storage unit 82 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 82 stores, for example, the sensor information 820. The sensor information 820 is data measured by the sensor unit (not shown) of the IoT device 80 or various sensors connected to the IoT device 80.

The control unit 83 is realized by causing a CPU provided as hardware in the IoT device 80 to execute a program stored in the storage unit 82. The control unit 83 includes, for example, a sensor information acquisition unit 830 and a device control unit 831. The sensor information acquisition unit 830 acquires the data measured by the sensor unit or the like of the IoT device 80. The device control unit 831 comprehensively controls the IoT device 80. The sensor information acquisition unit 830 encrypts, for example, the data acquired by the sensor information acquisition unit 830 or the sensor information 820 stored in the storage unit 82 by the terminal side SE90, and then at a predetermined transmission timing. Send to GW50.

FIG. 6 is a block diagram showing a configuration example of the terminal-side SE90 according to the embodiment of the present invention. The terminal-side SE90 includes, for example, a communication unit 91, a storage unit 92, and a control unit 93. The communication unit 91 communicates with the IoT device 80.

The storage unit 92 is composed of a storage medium, for example, an HDD, a flash memory, an EEPROM, a RAM, a ROM, or any combination of these storage media. The storage unit 92 includes, for example, key information 920 and certificate information 921. The key information 920 is information about a key (for example, a common key, a public key, a private key) used for authentication or encrypted communication. The certificate information 921 is information regarding a client certificate or the like issued by the relay side SE60.

The control unit 93 is realized by causing a CPU provided as hardware in the terminal-side SE90 to execute a program stored in the storage unit 92. The control unit 93 includes, for example, a client authentication unit 930, an encryption / decryption unit 931 and a device control unit 932. The client authentication unit 930 performs processing related to mutual authentication between the relay side SE60 and the terminal side SE90, for example. Since the processing related to authentication is the same as the processing performed by the root authentication unit 230, the description thereof will be omitted. The encryption / decryption unit 931 performs processing related to encryption and decryption after authentication. Since the processing related to encryption and decryption is the same as that of the encryption / decryption unit 231, the description thereof will be omitted. The device control unit 932 comprehensively controls the terminal side SE90.

FIG. 7 is a diagram showing a configuration example of the key information 220 according to the embodiment of the present invention. The key information 220 includes items such as a device ID, a common key, a public key, and a private key for each relay device 40 (described as GW in FIG. 7), which is a device of the authentication destination (communication destination) by the certificate authority 20. Be prepared. The device ID is identification information that uniquely identifies the relay device 40. The common key is information on the common key used for authentication with the relay device 40 specified by the device ID. The public key is the information of the public key associated with the root certificate. The private key is the information of the private key associated with the root certificate. When the common key for communication is shared by using the certificate issued after the authentication, the key information 220 may include the information of the common key for communication.

FIG. 8 is a diagram showing a configuration example of certificate information 221 according to the embodiment of the present invention. The certificate information 221 includes items such as a device ID and a certificate for each device for which the certificate authority 20 has issued a certificate, for example. The device ID is identification information that uniquely identifies the device. The certificate is the information of the certificate issued to the device specified by the device ID. In the example of FIG. 8, it is shown that the root certificate has been issued to the certificate authority 20 and that the certificate authority 20 has issued the intermediate certificate to the relay device 40 (described as GW-1).

FIG. 9 is a diagram showing a configuration example of the key information 620 according to the embodiment of the present invention. The key information 620 includes items such as a device ID, a common key, a public key, and a private key for each of the certificate authority 20 and the terminal device 70, which are the devices of the authentication source and the authentication destination (communication destination) by the relay side SE60. The device ID is identification information that uniquely identifies the certificate authority 20 and the terminal device 70. The common key is information of the common key used for authentication with the certificate authority 20 and the terminal device 70 specified by the device ID. The public key is the information of the public key associated with the intermediate certificate. The private key is the information of the private key associated with the intermediate certificate. When the common key for communication is shared by using the certificate issued after the authentication, the key information 620 may include the information of the common key for communication.

FIG. 10 is a diagram showing a configuration example of certificate information 621 according to the embodiment of the present invention. The certificate information 621 is information on a certificate issued by the relay side SE60 from a higher-level certificate authority (certificate authority 20) and a certificate issued by the relay-side SE60 to a lower-level device (terminal device 70). In the example of FIG. 10, it is shown that the certificate authority 20 has issued an intermediate certificate to the relay side SE60, and that the relay device 40 has issued a client certificate to the terminal device 70.

FIG. 11 is a diagram showing a configuration example of the key information 920 according to the embodiment of the present invention. The key information 920 includes items such as a device ID, a common key, a public key, and a private key of the relay device 40 (described as GW-1), which is the device of the authentication source (communication destination) by the terminal side SE90. Since these items are the same as the items having the same name in the key information 220, the description thereof will be omitted. The device ID is identification information that uniquely identifies the relay device 40. The common key is information on the common key used for authentication with the relay device 40 specified by the device ID. The public key is the public key information associated with the client certificate. The private key is the private key information associated with the client certificate. When the common key for communication is shared by using the certificate issued after the authentication, the key information 920 may include the information of the common key for communication.

FIG. 12 is a diagram showing a configuration example of certificate information 921 according to the embodiment of the present invention. The certificate information 921 is the information of the certificate issued by the terminal side SE90 from the higher-level certificate authority (relay side SE60 of the relay device 40). In the example of FIG. 12, it is shown that the client certificate is issued from the relay side SE60 to the terminal side SE90.

13 to 16 are sequence diagrams showing a flow of processing performed by the communication system 1 according to the embodiment of the present invention. 13 and 14 show the flow from the initial authentication to the issuance of the certificate, and FIGS. 15 and 16 show the flow of the process of performing encrypted communication after the certificate is issued.

The processes of steps S1 to S3 shown in step S10 of FIG. 13 are processes performed at an arbitrary stage before the authentication process.

In step S1, the common key used for authentication by the certificate authority 20 is shared between the certificate authority 20 and the issuing machine 100. The issuing machine 100 is a device including a writer that writes a common key for authentication to the relay side SE60 and the terminal side SE90. The location and method of generating the common key for authentication may be arbitrary. For example, the certificate authority 20 generates a common key for authentication, stores the generated common key for authentication in the storage unit 22, and transmits the generated common key to the issuing machine 100.

In step S2, the issuing machine 100 writes and stores the common key for authentication with the certificate authority 20 and the common key for authentication with the terminal SE90 in the relay side SE60, respectively. The location and method of generating the common key for authentication may be arbitrary.

In step S3, the issuing machine 100 writes and stores the common key for authentication with the relay side SE60 in the terminal side SE90. The location and method of generating the common key for authentication may be arbitrary.

The processes from steps S11 to S18 shown in step S20 of FIG. 13 are processes until the intermediate certificate is issued to the relay side SE60 by the certificate authority 20.

In step S11, the certificate authority 20 and the relay side SE60 mutually authenticate. For example, the certificate authority 20 authenticates the relay side SE60, and the relay side SE60 authenticates the authentication authority 20 by the challenge & response method using the common key for authentication written in advance in step S10.

In step S12, the relay side SE60 generates a public key and a private key. The relay side SE60 may create a public key / private key pair inside the relay side SE60, or may acquire and store the GW50 or the key generated by the operation input from the outside. .. In step S13, the relay side SE60 uses the public key and the private key to notify the certificate authority 20 via the GW 50 to request the issuance of the intermediate certificate.

In step S14, the certificate authority 20 generates an intermediate certificate in response to a request from the relay side SE60, and in step S15, transmits the generated intermediate certificate to the relay side SE60. As a result, an intermediate certificate is issued to the relay side SE60. The device that issues the intermediate certificate is not limited to the root certificate authority (certificate authority 20). The device that issues the intermediate certificate may have at least a function of issuing the intermediate certificate to the relay side SE60, and may be, for example, an intermediate certificate authority higher than the relay side SE60.

In step S16, the relay side SE60 stores the intermediate certificate notified from the certificate authority 20 in the storage unit 62. If authentication by SCP is performed between the certificate authority 20 and the relay side SE60, the intermediate certificate encrypted by the certificate authority 20 is sent to the relay side SE60 according to the specifications of the SCP. The relay side SE60 decrypts the encrypted intermediate certificate. Therefore, it is possible to safely deliver the intermediate certificate to the relay side SE60 without leaking or falsifying the intermediate certificate to the outside.

In step S17, the certificate authority 20 transmits the intermediate certificate generated in step S14 to the cloud 10. In step S18, the cloud 10 registers (stores) the intermediate certificate of the relay side SE60 notified by the certificate authority 20. As a result, when the cloud 10 performs mutual authentication with the terminal device 70, when the cloud 10 receives an authentication request by the client certificate issued from the intermediate certificate authority from the terminal device 70, the cloud 10 determines that the request is from a legitimate device. 10 can be authenticated. The method of registering the intermediate certificate in the cloud 10 is not limited. That is, the certificate authority 20 is not limited to the configuration in which the intermediate certificate is transmitted to the cloud 10. For example, the intermediate certificate issued to the relay device 40 by the certificate authority 20 may be manually registered (stored) in the cloud 10 by an administrator or the like.

FIG. 14 shows the flow of processing in which the relay side SE60 issues the client certificate to the terminal side SE90.

In step S21, the relay side SE60 and the terminal side SE90 mutually authenticate. For example, the terminal side SE90 authenticates the relay side SE60, and the relay side SE60 authenticates the terminal side SE90 by the challenge & response method using the common key for authentication written in advance in step S10.

In step S22, the terminal SE90 generates a public key and a private key. The terminal side SE90 may create a public key / private key pair inside the terminal side SE90, or acquire and store the key generated by the IoT device 80 or an operation input from the outside. May be good. In step S23, the terminal-side SE90 uses the public key and the private key to notify the relay-side SE60 via the IoT device 80 to request the issuance of the intermediate certificate.

In step S24, the relay side SE60 generates a client certificate in response to the request from the terminal side SE90, and in step S25, the relay side SE60 transmits the generated client certificate to the terminal side SE90. As a result, the client certificate is issued to the SE90 on the terminal side.

In step S26, the terminal-side SE90 stores the client certificate notified from the relay-side SE60 in the storage unit 92. If authentication by SCP is performed between the relay side SE60 and the terminal side SE90, the client certificate encrypted by the relay side SE60 is sent to the terminal side SE90 according to the SCP specifications. The terminal SE90 decrypts the encrypted client certificate. Therefore, the client certificate can be safely delivered to the terminal SE90 without being leaked or tampered with. The communication method between the terminal SE90 and the relay SE60 after the client certificate is issued to the terminal SE90 may be arbitrary. Encrypted communication may be performed according to the specifications of the SCP, or encrypted communication using a client certificate (common key for communication) may be performed. In the following, a case where encrypted communication using a client certificate (common key for communication) is performed will be described as an example.

By the above steps, the authentication authority 20 authenticates the relay side SE60 and the relay side SE60 authenticated by the certificate authority 20 authenticates the terminal side SE90, and a client certificate is issued to the terminal side SE90. As a result, as long as the certificate authority 20 authenticates the relay side SE60 under the control and issues an intermediate certificate, the client certificate is issued to the terminal side SE90 under the relay side SE60. Therefore, it is possible to reduce the burden on the certificate authority 20 as compared with the case where the certificate authority 20 authenticates all the terminal side SE90s and issues the client certificate. Further, there are a plurality of relay side SE60s under the control of the certificate authority 20, and each relay side SE60 authenticates to the subordinate terminal side SE90. Therefore, the processing related to the authentication to the terminal side SE90 can be shared by the relay side SE60s of the plurality of relay devices 40. Therefore, it is possible to reduce the burden on the certificate authority 20 and suppress the increase in the respective burdens on the relay side SE60 without lowering the safety.

FIG. 15 shows a flow of processing in which the relay device 40 relays data after the certificate is issued. In the sequence diagram of FIG. 15, it is assumed that the certificate authority 20 issues the intermediate certificate to the relay side SE60 and the relay side SE60 issues the client certificate to the terminal side SE90. Further, it is assumed that mutual authentication using a certificate is performed between the cloud 10 and the terminal side SE90, and a common key for communication is shared.

Mutual authentication is, for example, authentication using the TLS (Transport Layer Security) protocol. In the mutual authentication by TLS, the cloud 10 acquires the client certificate A from the terminal side SE90, and authenticates the terminal side SE90 by verifying the acquired client certificate A. Further, the terminal-side SE90 acquires a server certificate from the cloud 10 and authenticates the cloud 10 by verifying the acquired server certificate. The server certificate is, for example, a certificate issued to the cloud 10 by the certificate authority 20.

In step S45, the terminal-side SE90 encrypts the sensed data with a common key for communication. In step S46, the terminal side SE90 transmits the encrypted data to the relay device 40.
In step S47, the relay device 40 transmits the data received from the terminal side SE90 to the cloud 10 in the encrypted state without decrypting the data. Here, the relay device 40 converts the communication protocol of the data received from the terminal side SE90 into the communication protocol used between the relay device 40 and the cloud 10.

In step S48, the cloud 10 decodes the data received from the relay device 40 with the common key. The cloud 10 generates a response to the reception of data from the relay device 40. In step S49, the cloud 10 encrypts the response with a common key. In step S50, the cloud 10 transmits the encrypted response to the relay device 40.

In step S51, the relay device 40 transmits the encrypted data as it is to the terminal side SE90 without decrypting the response received from the cloud 10. Here, the relay device 40 converts the communication protocol of the data received from the cloud 10 into the communication protocol used between the relay device 40 and the terminal side SE90. In step S52, the terminal SE90 decodes the response received from the relay device 40 with the common key.

As described above, the communication system 1 of the embodiment includes a cloud 10 (an example of a "server device"), a plurality of relay devices 40 connected to the cloud 10, and a plurality of terminal devices connected to the relay device 40. 70 (an example of a “client device”). The relay device 40 is a device certified by the certificate authority 20. The relay device 40 includes a relay unit 530, an intermediate authentication unit 630 (an example of the “authentication unit”), and a device control unit 632 (an example of the “issuing unit”). The intermediate authentication unit 630 determines whether or not the terminal device 70 is a legitimate device. The device control unit 632 issues a client certificate to the terminal device 70 when the intermediate authentication unit 630 determines that the terminal device 70 is a legitimate device. The relay unit 530 relays the data transmitted from the terminal device 70 to the cloud 10 when the intermediate authentication unit 630 determines that the terminal device 70 is a legitimate device.

Here, as a comparative example, consider a case where a certificate authority authenticates all terminal-side SEs in a communication system. In this case, the certificate authority must communicate with each of the terminal-side SEs individually, authenticate each terminal-side SE, and then issue a client certificate to the authenticated terminal-side SE.

On the other hand, in the communication system 1 of the embodiment, the certificate authority 20 authenticates only the relay side SE60 of the subordinate relay device 40. The relay device 40 authenticated by the certificate authority 20 authenticates the subordinate terminal side SE90, and then relays the communication between the cloud 10 and the terminal device 70. Therefore, in the communication system 1 of the embodiment, the burden on the certificate authority 20 can be reduced without lowering the security as compared with the case where the certificate authority 20 authenticates all the terminal-side SE90s in the communication system 1. can. Moreover, in the communication system 1 of the embodiment, the processing related to the authentication of all the terminal-side SE90s in the communication system 1 is shared and processed by the plurality of relay devices 40. Therefore, it is possible to suppress an increase in the load per relay side SE60 as compared with the case where one relay side SE60 authenticates all the terminal side SE90s in the communication system 1.

Further, in the communication system 1 of the embodiment, the intermediate authentication unit 630 issues a client certificate to the terminal device 70 when the intermediate certificate is issued to the relay device 40 by the certificate authority 20. Thereby, in the communication system 1 of the embodiment, when the relay device 40 is approved as a legitimate device, the terminal device 70 can be approved. Therefore, it is possible to suppress spoofing of the terminal device 70 and collect data safely.

Further, in the communication system 1 of the embodiment, the intermediate authentication unit 630 communicates with the terminal device 70 by using the common key for authentication shared in advance with the terminal device 70, so that the terminal device 70 is a legitimate device. Determine if it exists. As a result, the terminal device 70 can be authenticated using the common key, and the burden related to the authentication can be reduced as compared with the case where the authentication using the pair of the public key and the private key is performed.

Further, the relay device 40 of the embodiment includes a relay unit 530, an intermediate authentication unit 630 (an example of the "authentication unit"), and a device control unit 632 (an example of the "issuing unit"). The intermediate authentication unit 630 determines whether or not the terminal device 70 is a legitimate device. The device control unit 632 issues a client certificate to the terminal device 70 when the intermediate authentication unit 630 determines that the terminal device 70 is a legitimate device. The relay unit 530 relays the data transmitted from the terminal device 70 to the cloud 10 when the intermediate authentication unit 630 determines that the terminal device 70 is a legitimate device. Thereby, the same effect as the above-mentioned effect can be obtained.

The certificate authority 20 in the above-described embodiment may be a public certificate authority or a private certificate authority. That is, it is possible to apply to the above-described embodiment regardless of whether or not the certificate authority 20 has been certified by an audit corporation. When the certificate authority 20 is a public certificate authority, the certificate authority 20 certifies the relay side SE60 according to the specifications of the certified certification. When the certificate authority 20 is a private certificate authority, the certificate authority 20 authenticates the relay side SE60 by an arbitrary authentication method determined according to the strength of security required for the communication system 1.

Further, the expiration date may be set for the certificate issued in the above-described embodiment. In this case, for example, the device that issued the certificate renews the certificate at an appropriate timing according to the expiration date of the certificate. Specifically, in the above-described embodiment, the certificate authority 20 transmits the renewed intermediate certificate to the relay side SE60 at a timing corresponding to the expiration date of the intermediate certificate issued to the relay side SE60. The relay side SE60 transmits the updated client certificate to the terminal side SE90 at a timing corresponding to the expiration date of the client certificate issued to the terminal side SE90. As a result, in the communication system 1 of the embodiment, the certificate issued by the relay device 40 to the subordinate terminal side SE90 can be renewed. Therefore, as compared with the case where the certificate authority 20 renews the certificates issued to all the terminal side SE90s in the communication system 1, the burden on the certificate authority 20 can be reduced without lowering the security.

The functions described in each of the above-described embodiments are not limited to being configured by using hardware, and can be realized by loading a program describing each function into a computer by using software. Further, each function may be configured by appropriately selecting either software or hardware.

Further, in the above-described embodiment, the case where the initial authentication is performed by the challenge & response method using the common key for authentication has been illustrated and described. However, it is not limited to this. When the certificate authority 20 authenticates the GW 50 for the first time, or when the relay side SE 60 authenticates the terminal device 70 for the first time, the communication destination device may be authenticated using a pair of a private key and a public key. In this case, for example, the terminal device 70 creates a pair of a public key and a private key in advance, and transmits the public key among them to the relay side SE60. The public key and the private key here have the property that the information encrypted by the public key can be decrypted by the private key, and the information encrypted by the private key can be decrypted by the public key.

At the time of initial authentication, the intermediate authentication unit 630 transmits arbitrary information (for example, a random number) to the terminal device 70. The terminal device 70 encrypts the received information with the private key and transmits it to the relay side SE60. The intermediate authentication unit 630 decodes the information received from the terminal device 70 with the public key, and determines that the terminal device 70 is a legitimate device when the decoded information matches the original information (for example, a random number). .. The same applies when the terminal device 70 authenticates the relay side SE60.

Alternatively, the relay side SE60 may perform the initial authentication using the encryption key generated from the master key. The relay side SE60 and the terminal device 70 share the master key and the key generation program in advance, such as by being written at the time of shipment from the factory. The key generation program is a program that generates an encryption key from a master key and an arbitrary random number.

First, the terminal device 70 generates an encryption key by generating arbitrary information (here, an ID) and executing a key generation program using the generated ID and the master key. Then, the terminal device 70 transmits the generated ID to the relay side SE60. On the other hand, the relay side SE60 receives the ID received from the terminal device 70, and generates an individual key by executing a key generation program using the received ID and the master key.

The relay side SE60 transmits an arbitrary random number to the terminal device 70. The terminal device 70 encrypts the random number received from the relay side SE60 with the encryption key generated by the key generation program, and transmits the encrypted random number to the relay side SE60. The relay side SE60 decrypts the random number received from the relay side SE60 with the encryption key generated by using the key generation program. The relay side SE60 determines that the terminal device 70 is a legitimate device when the decoded random number and the original random number match. The same applies when the terminal device 70 authenticates the relay side SE60. In this case, the relay side SE 60 and the terminal device 70 generate the same individual key by executing the key generation program shared in advance using the same ID and the master key shared in advance. That is, the relay device 40 and the terminal device 70 share the same individual key. That is, the individual key generated by the GW side SE60 in this case is an example of "a common key for authentication shared in advance with the client device".

Further, in the above-described embodiment, the case where the relay device 40 issues the client certificate has been illustrated and described. However, it is not limited to this. The relay device 40 may issue at least information for securing communication (an example of "secret information") to reduce the load on the certificate authority 20. For example, the relay device 40 may issue a common key, a password, or the like used when communicating with the terminal device 70 (instead of the certificate authority 20).

The communication system 1 and the relay device 40 in the above-described embodiment may be realized by a computer in whole or in part. In that case, the program for realizing this function may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read by the computer system and executed. The term "computer system" as used herein includes hardware such as an OS and peripheral devices. Further, the "computer-readable recording medium" refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, or a CD-ROM, or a storage device such as a hard disk built in a computer system. Further, a "computer-readable recording medium" is a communication line for transmitting a program via a network such as the Internet or a communication line such as a telephone line, and dynamically holds the program for a short period of time. It may also include a program that holds a program for a certain period of time, such as a volatile memory inside a computer system that serves as a server or a client in that case. Further, the above program may be for realizing a part of the above-mentioned functions, and may be further realized for realizing the above-mentioned functions in combination with a program already recorded in the computer system. It may be realized by using a programmable logic device such as FPGA.

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to this embodiment, and includes designs and the like within a range that does not deviate from the gist of the present invention.

1 ... Communication system 10 ... Cloud (server device)
20 ... Certificate authority 40 ... Relay device 50 ... GW
60 ... Relay side SE
630 ... Intermediate certification department (certification department)
631 ... Encryption / decryption unit 632 ... Device control unit (issuing unit)
70 ... Terminal device (client device)
80 ... IoT device 90 ... Terminal side SE

Claims (11)

With the server device
A plurality of relay devices that are communicably connected to the server device,
A plurality of client devices communicatively connected to the relay device,
An authentication device that authenticates the relay device and
With
The relay device is a device that has been authenticated by the authentication device to issue confidential information for securing communication.
An authentication unit that determines whether the client device is a legitimate device,
When the authentication unit determines that the client device is a legitimate device, the issuing unit that issues the confidential information to the client device and the issuing unit.
Have,
Communications system. The issuing unit issues the secret information to the client device when the authentication device issues an intermediate certificate indicating that the relay device has been granted the authority to issue the secret information.
The communication system according to claim 1. The authentication unit determines whether or not the client device is a legitimate device by communicating with the client device using an encryption key.
The communication system according to claim 1 or 2. The authentication unit uses a pair of a private key and a public key corresponding to the private key shared in advance with the client device to communicate with the client device, whereby the client device is a legitimate device. Judge whether or not
The communication system according to claim 3. The authentication unit shares the private key with the client device in advance, and communicates with the client device using the private key or an encryption key generated from the private key, so that the client device is a legitimate device. Determine if there is,
The communication system according to claim 3. The authentication unit determines whether or not the client device is a legitimate device by communicating with the client device using a common key for authentication shared in advance with the client device.
The communication system according to claim 3. The relay device is
A gateway having a relay unit that relays data transmitted from the client device to the server device, and
A secure element that is communicably connected to the gateway and has the authentication unit and the issuing unit.
The communication system according to any one of claims 1 to 6, wherein the communication system has. After being authenticated by the authentication device, the relay device receives information necessary for issuing the confidential information from the authentication device.
The communication system according to any one of claims 1 to 7. A relay device that is communicably connected to a client device and a server device.
An authentication unit that determines whether the client device is a legitimate device,
When the authentication unit determines that the client device is a legitimate device, the issuing unit issues secret information for securing communication to the client device.
A relay device equipped with. It is a communication method of the relay device that connects the client device and the server device.
The authentication unit determines whether or not the client device is a legitimate device, and determines whether or not the client device is a legitimate device.
When the issuing unit determines that the client device is a legitimate device by the authentication unit, it issues confidential information for securing communication to the client device.
Communication method. To the computer of the relay device connected to the client device and the server device,
An authentication means for determining whether or not the client device is a legitimate device,
An issuing means that issues confidential information for securing communication to the client device when the client device is determined to be a legitimate device by the authentication means.
A program to function as.

Images