JP3278612B2 - User mutual authentication device, client device and server device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication technique using a cryptographic technique, and more particularly to a mutual user authentication technique in a client / server system in which a client and a server are connected via the Internet or an intranet.

[0002]

2. Description of the Related Art Generally, encryption systems include a common key system in which an encryption key and a decryption key are the same, and a public key system in which both keys are different, and each has advantages and disadvantages. The public key method is suitable for communication with unspecified majority, but the processing speed is slow,
Conversely, the common key method has a high processing speed but is not suitable for communication with an unspecified number of people. For this reason, a common key method is often used when a large amount of data is transmitted and received between a specific sender and receiver, and when a large number of senders and receivers are unspecified or the data volume is not so large, a public key method is used. The method is used. Further, as disclosed in Japanese Patent Application Laid-Open No. 9-312642, for example, after a common key is encrypted with a public key and transmitted and received, data is encrypted with the common key and communication is performed. It is also used in combination with the method. Note that a typical public key method is RS
A, and DES is a typical common key system.
Also, ciphers and information security are described in "Encryption and Information Security" (Shigeo Tsujii, Masao Kasahara, 1990).
Issued on March 29, 2003).

[0003] By the way, the cryptographic method is used not only for encrypting communication data but also for mutual authentication of users. Here, user mutual authentication means that when A and B communicate,
B is to confirm that the communication partner is exactly A with sufficient certainty, and A is to confirm that the communication partner is exactly B with sufficient certainty. Conventionally, such user mutual authentication is performed between an unspecified number of communication partners and the amount of communication data is small. For this reason, a public key method has conventionally been used in a procedure as shown in FIG.

[0004] First, the client generates a random number Ra for client-side authentication, encrypts its own user ID and the generated random number Ra with the public key of the partner server, and transmits an authentication start token including the same to the server.

[0005] The server decrypts the received authentication start token with its own secret key and extracts a random number Ra. Subsequently, the server generates a random number Rb for server-side authentication, encrypts the extracted random number Ra and the generated random number Rb with the public key of the partner client, and transmits an authentication response token including the encrypted key to the client.

The client decrypts the received authentication response token with its own secret key and extracts random numbers Ra and Rb. Then, it checks whether the extracted random number Ra matches the random number Ra generated by itself, and if they match, authenticates that the partner server is a true server. Subsequently, the client transmits an authentication response completion token including the extracted random number Rb to the server.

The server checks whether the random number Rb extracted from the authentication response completion token matches the random number Rb generated by itself, and if they match, authenticates that the partner client is a true client.

[0008]

As described above, in the prior art, since mutual authentication is performed by encryption and decryption using a common key method, decryption processing using a secret key is always performed on both the client and the server. I was running. As described above, the decryption process of the public key method is complicated and takes a long time. Therefore, the conventional technology that always requires the decryption process using the secret key has a problem that the authentication process takes a long time.

In particular, when connection requests from a large number of clients to the same server are concentrated, the CPU load due to the authentication process is applied to the server, which may lead to a performance problem in a large-scale system.

An object of the present invention is to speed up mutual authentication between a client and a server in a client / server system via the Internet or an intranet.

[0011]

SUMMARY OF THE INVENTION A mutual authentication of a user according to the present invention.
Apparatus, the user mutual authentication device in a client / server system and a client and a server are connected via a network, the client-side, phase
For storing the authentication information cache table for each hand server
Client-side storage means and client-side storage
Means to check the authentication information cache table of the partner server.
A client-side authentication information cache search means for searching;
If the search for the client-side storage means fails
If this is the case, the newly generated client-side authentication random number
And the first generation information of the common key with the public key of the partner server.
Send the encrypted type 1 authentication start token to the other server
And the search for the client side storage means is successful.
If you do, the searched authentication information cache table
Stored client-side authentication random numbers and new
The generated random number for the next client-side authentication
Password with the common key stored in the
The authentication start token of type 2 including the encrypted one
Means for generating and transmitting an authentication start token to be transmitted to the server;
Type 1 or Type 2 authentication start talk sent
Receives the authentication response token that is the response of the
In the case of an authentication response token, it was decrypted and extracted with its own private key
This time, the client-side authentication random number and the type 1 authentication
This time the client-side authentication random number
Determines the success or failure of authentication based on whether
First generated information notified by type 1 authentication start token
And the first extracted from the type 1 authentication response token
A common key is generated from the generated information of Type 2 and an authentication response of Type 2 is generated.
In the case of a token, the retrieved authentication information cache
This time extracted by extracting with the common key stored in the table
Server-side authentication random number and the retrieved authentication information cache
Of the server-side authentication random number stored in the
Authentication response token that determines the success or failure of authentication based on whether it matches
Receiving means for processing the type 1 authentication response token
In the case where more and authentication establishment, authentication response toe of the type 1
This time the server-side authentication random number extracted from the token and newly generated
Common random number for the next client-side authentication
Sends the authentication response completion token encrypted with the key to the other server
Means for generating and transmitting an authentication response completion token to be transmitted,
If authentication is successful by processing the authentication response token of Ip1
In the case of the following, notified by the type 1 authentication response token
Times the server-side authentication random number and the authentication response completion token
The notified random number for next client-side authentication and the generated
Authentication information cache for the partner server, including the
A queue table in the client side storage means,
Authentication is established by processing the type 2 authentication response token.
Was notified with the type 2 authentication start token
Next client-side authentication random number, type 2 authentication
The next server-side authentication random number notified by the answer token
Clients in the retrieved authentication information cache table
Authentication that updates the client-side authentication random number and server-side authentication random number
An information cache generating / updating means, wherein the server side
The authentication information cache table for each client
Server-side storage means for storing
Authentication start token received from the client
Communication means and the authentication start token whose received token is type 2
The authentication information cache corresponding to the client
A server for retrieving a stable from the server side storage means.
Server-side authentication information cache search means and the received token
In the case of type 1 authentication start token, the authentication start token
This time, the client side, which decrypts and extracts Kun with its own secret key
The authentication random number and the newly generated server-side authentication random number this time,
Second server-side authentication random number and second generation information of common key
Is encrypted with the public key of the partner client.
Send the authentication response token to the other client and
The first raw extracted from the type 1 authentication start token
Key from the generated information and the generated second generated information
Generated and received token is the type 2 authentication start token
In the case, the authentication information retrieved from the server-side storage means
Decrypt with the common key stored in the cache table
The extracted client-side authentication random number and its authentication information
Client-side authentication stored in the cache table
The success or failure of authentication is determined based on whether or not the
When the certificate is established, the certificate retrieved from the server
Server-side authentication stored in the authentication information cache table
Between the certificate random number and the newly generated random number for the next server-side authentication.
The authentication information cache retrieved from the server side storage means.
Type encrypted with the common key stored in the queue table
To send the authentication response token 2 to the client
Certificate response token generation / transmission means and whether it is the partner client
Received the authentication response completion token from the
The server-side authentication random number extracted and extracted with the key
This time server side authentication notified with the authentication response token of Ip1
Authentication that determines the success or failure of authentication based on whether the random number matches
Response completion token receiving means, and the authentication response completion token
Authentication is completed by the processing of the authentication response completion token in the receiving unit.
When it is set up, it is notified by the type 1 authentication response token
The next server-side authentication random number, the authentication response completion talk
Next client-side authentication random number and previous
Authentication for the partner client including the generated common key
Generates an information cache table in the server-side storage unit
The authentication response token generation / transmission means
When authentication is successful in the processing of the type 2 authentication start token
Is the next time notified by the type 2 authentication start token
Client-side authentication random number and the type 2 authentication response
With the random number for the next server-side authentication notified by the
Stored in the searched authentication information cache table
Update the client-side authentication random number and server-side authentication random number.
New authentication information cache generation / update means
You.

[0012]

[0013]

In the thus configured user mutual authentication apparatus of the present invention , when the client first connects to the server, the random numbers for authentication are mutually exchanged by encryption using the public key method, so that the processing speed is increased. Is the same as before, but at the second and subsequent connection between the same client and server, the authentication random number that was also secretly exchanged with the common key secretly exchanged using the public key method at the first connection Since the mutual authentication is performed by encrypting and exchanging, the decryption processing of the secret key does not run, and therefore, the mutual authentication can be performed at high speed. Also, to change the random number for authentication every time,
If the previously used random numbers were stolen, they would not be misused,
The reliability of authentication increases.

[0015]

Next, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1A is a block diagram showing an example of a client / server system to which the present invention is applied. A plurality of clients 1 and a plurality of servers 2 are connected via a network 3 such as the Internet or an intranet. ing. In this client / server system, when an arbitrary client 1 and an arbitrary server 2 authenticate each other and transmit / receive data to / from the authenticated partner, the procedure shown in FIG. 1B is performed. .

First, a connection connection phase is performed, and a network 3 is connected between the client 1 and the server 2.
Connect the connection via. Next, a mutual authentication phase is carried out, and the client 1 side confirms that the server 2 of the connection partner is a server that truly wants to connect, and confirms that the client 1 of the connection partner is a client who truly wants the connection. The server 2 confirms. Then, the data transfer phase is performed only when mutual authentication is successful, data is transmitted and received between the client 1 and the server 2, and after a series of data transfer phases, the connection disconnection phase is performed to establish a connection. Disconnect. If mutual authentication is not obtained in the mutual authentication phase, the process does not proceed to the data transfer phase but immediately executes the connection disconnection phase. When the client 1 connects to the server 2 again, the phases of connection connection, mutual authentication, data transfer, and connection disconnection are repeated.

The user mutual authentication technique according to the present embodiment is applied to the mutual authentication phase in the communication sequence described above.

FIG. 2 shows a main part of a client and a server to which the present invention is applied. As shown in FIG. 2, the client 1 and the server 2 have an authentication unit 10 and an authentication unit 20, respectively, and as described with reference to FIG.
In the mutual authentication phase after the connection is established, the authentication unit 10 and the authentication unit 20 perform a mutual authentication process,
The subsequent data transfer phase is performed only when mutual authentication is successful.

The authentication unit 10 of the client 1 includes a storage unit 17 for storing an authentication information cache table 11, an authentication information cache search unit 12, an authentication start token generation / transmission unit 13, and an authentication response token reception unit 14.
And an authentication response completion token generation / transmission unit 15 and an authentication information cache generation / update unit 16. Such an authentication unit 10 can be realized by a computer having a processor (CPU) and a memory and a machine-readable recording medium such as a CD-ROM, a magnetic disk device, and a semiconductor memory. In this case, a program for client-side mutual authentication is recorded on the recording medium,
The program is read by the CPU and the operation of the CPU is controlled to realize the authentication unit 10 on the client 1.

On the other hand, the authentication unit 20 of the server 2 includes a storage unit 27 for storing an authentication information cache table 21, an authentication start token receiving unit 22, an authentication information cache search unit 23, and an authentication response token generation / transmission unit 24.
, An authentication response completion token receiving unit 25, and an authentication information cache generating / updating unit 26. Such an authentication unit 20 includes a computer having a processor (CPU) and a memory, a CD-ROM, a magnetic disk device,
It can be realized with a machine-readable recording medium such as a semiconductor memory. In this case, a program for server-side mutual authentication is recorded on a recording medium, and the program is read by the CPU and controls the operation of the CPU, thereby realizing the authentication unit 20 on the server 2.

Hereinafter, each component of the authentication unit 10 of the client 1 will be described.

The authentication information cache table 11 in the storage means 17 is a table for holding the authentication information of the server of the connection partner, and is dynamically generated for each server 2 at the time of the first connection. You. FIG. 3 shows a configuration example of the authentication information cache table 11. The authentication information cache table 11 includes an index portion and a content portion. The user ID of the partner server is set in the index portion, and the user ID of the own client, the server-side random number for authentication, and the client-side random number for authentication are set in the content portion. , Other authentication information (public key of partner server, user I of partner server
D, the secret key of the own client, the common key, the initial authentication start token encrypted with the secret key of the partner server, the client-side authentication random number in the initial authentication start token, and the first generation information of the common key) Is set.

Authentication Information Cache Searching Unit The authentication information cache searching unit 12 searches the storage unit 17 for the authentication information cache table 11 having the user ID of the partner server as an index at the start of the authentication phase.

Authentication Authentication Token Generation / Transmission Means 13 The authentication start token generation / transmission means 13 generates a type 1 or type 2 authentication start token according to the search result of the authentication information cache search means 12 and sends it to the server 2. It is a means for transmitting. The type 1 authentication start token is generated and transmitted when the search fails, and the type 2 authentication start token is generated and transmitted when the search succeeds.

FIGS. 4A and 4B show examples of the configuration of the type 1 and type 2 authentication start tokens. As shown in FIG. 4A, the type 1 authentication start token includes a header including the fact that the token is a type 1 authentication start token, and the user of the own client 1 encrypted with the public key of the partner server 2. ID, the current client-side authentication random number, and first generation information of the common key. The public key of the partner server 2 is obtained in advance on the client 1 side and separately managed. Note that, for example, RSA can be used as the public key method. The first generation information of the client-side authentication random number and the common key is generated independently by the random number generator in the authentication start token generation / transmission unit 13. The first generation information of the common key is:
This information can uniquely generate one common key by combining with second generation information described later generated on the server 2 side. That is, when the information A and the information B are determined, a specific common key is generated from them, and when other common keys cannot be generated, such information A and B are used as the first generation information of the common key. , Second generation information.
As a simple example, when the information A and B are partial random numbers of the common key, that is, the bit length of the common key is n bits, the information A is upper n / 2 bits and the information B is lower n / 2 bits. There is. As the common key method, for example, DES can be used.

The type 2 authentication start token is shown in FIG.
As shown in, the header including the fact that the token is a type 2 authentication start token, the initial authentication start token encrypted with the public key of the partner server, and the current client side authentication encrypted with the common key And the next client-side authentication random number. The initial authentication start token is the retrieved authentication information cache table 11
This is the initial authentication start token obtained from. The client-side authentication random number this time is a client-side authentication random number acquired from the searched authentication information cache table 11. The random number for the next client-side authentication is newly generated by the authentication start token generation / transmission unit 13 by the random number generator. The common key for encrypting the client-side authentication random number and the next client-side authentication random number this time is the common key acquired from the searched authentication information cache table 11.

Authentication Response Token Receiving Means 14 The authentication response token receiving means 14 transmits the authentication response token to the authentication start token transmitted by the authentication initiation token generation / transmission means 13 when the partner server 2 transmits the authentication response token.
It is a means to receive and process it. There are two types of received authentication response tokens, Type 1 and Type 2. FIGS. 5A and 5B show logical configuration examples of the type 1 and type 2 authentication response tokens.

The type 1 authentication response token is shown in FIG.
As shown in (a), a header including the fact that the token is a type 1 authentication response token, a client-side authentication random number encrypted with the client 1 public key,
This time includes the server-side authentication random number, the second generation information of the common key, and the next server-side authentication random number. On the other hand, as shown in FIG. 5B, the type 2 authentication response token
The header includes a header indicating that the token is a type 2 authentication response token, and the current server-side authentication random number and the next server-side authentication random number encrypted with the common key.
When the type 2 authentication response token is returned as a response to the type 2 authentication start token, but the type 1 authentication response token is returned as a response to the type 2 authentication start token other than the response to the type 1 authentication start token There is. The method for generating the type 1 and type 2 authentication response tokens will be described in detail in the description of the authentication response token generation / transmission unit 24 of the server 2.

○ Authentication response completion token generation / transmission means 1
5. The authentication response completion token generation / transmission means 15 is a means for, when the authentication response token receiving means 14 receives an authentication response token of type 1, generating an authentication response completion token as a response and transmitting it to the partner server 2. is there. When the authentication response token receiving means 14 receives the type 2 authentication response token, the authentication response completion token generation / transmission means 1
5 does not work. FIG. 6 shows a logical configuration example of the authentication response completion token. As shown in the figure, the authentication response completion token includes a header indicating that the token is an authentication response completion token, and a current server-side authentication random number and a next client-side authentication random number encrypted with a common key. In. The server-side authentication random number is extracted from the type 1 authentication response token received by the authentication response token receiving unit 14, and the next client-side authentication random number is generated by the authentication response completion token generation / transmission unit 15 It was originally generated by a container. The common key for encrypting them is the first generation information of the common key included in the type 1 authentication start token transmitted by the authentication start token generation / transmission unit 13 and the authentication response token reception unit 14 performs the type 1 authentication This is a common key uniquely generated from the common key second generation information extracted from the response token.

Authentication Information Cache Generating / Updating Unit 16 The authentication information cache generating / updating unit 16
7 is a means for newly generating the authentication information cache table 11 as shown in FIG. 3 or updating or deleting the already generated authentication information cache table 11.

Next, each component of the authentication unit 20 of the server 2 will be described.

The authentication information cache table 21 in the storage means 27 The authentication information cache table 21 is a table for holding the authentication information of the client of the connection partner, and is dynamically generated for each client 1 at the time of the first connection. You. FIG. 7 shows a configuration example of the authentication information cache table 21.
The authentication information cache table 21 includes an index part and a content part. An initial authentication start token is set in the index part, and the user ID of the own server,
Server-side authentication random number, client-side authentication random number, and other authentication information (public key of partner client, user ID of partner client, secret key of own server, common key, etc.)
Is set.

Authentication Start Token Receiving Unit 22 This unit receives an authentication start token from the partner client 1 at the start of the authentication phase. There are two types of authentication start tokens to be received, a type 1 authentication start token shown in FIG. 4A and a type 2 authentication start token shown in FIG. 4B.

Authentication information cache search means 23 The authentication information cache search means 23 receives the initial authentication start token included in the type 2 authentication start token when the authentication start token receiving means 22 receives the type 2 authentication start token. This is a means for searching the storage means 27 for the authentication information cache table 21 having "." When the authentication start token receiving unit 22 receives the type 1 authentication start token, the authentication information cache search unit 23 does not operate.

Authentication Authentication Token Generation / Transmission Unit 24 The authentication response token generation / transmission unit 24 generates an authentication response token as a response to the authentication start token received by the authentication start token receiving unit 22, and transmits it to the partner client 1. It is a means to do. There are two types of authentication response tokens that are generated and transmitted: a type 1 authentication response token shown in FIG. 5A and a type 2 authentication response token shown in FIG. 5B. As for the type 2 authentication response token, the type 2 authentication start token is received by the authentication start token receiving unit 22, the authentication information cache search unit 23 succeeds in the search of the authentication information cache table 21, and the server is authenticated. Generated and sent in case. In the other cases, that is, when the authentication start token of type 1 is received by the authentication start token receiving means 22, the authentication start token of type 2 is received. If the search fails, if the search is successful but the authentication is not successful,
Sent.

Here, in the type 1 authentication response token of FIG. 5A, the current client-side authentication random number is extracted from the type 1 authentication start token received by the authentication start token receiving means 22. This is the client-side authentication random number in the initial authentication start token extracted from the authentication information cache table 21 or the authentication random number. The server-side authentication random number, the second generation information of the common key, and the next-time server-side authentication random number are independently generated by the authentication response token generation / transmission unit 24 by the random number generator. Further, the public key of the partner client 1 for encrypting them is the server 2
Is a public key acquired in advance and separately managed. On the other hand, the current server-side authentication random number in the type 2 authentication response token of FIG. 5B is the server-side authentication random number extracted from the searched authentication information cache table 21, and the next server-side authentication random number. Is an authentication response token
The transmission means 24 is uniquely generated by the random number generator, and the common key for encrypting them is the common key obtained from the searched authentication information cache table 21.

Authentication Response Completion Token Receiving Unit 25 The authentication response completion token receiving unit 25 is a response to the type 1 authentication response token when the authentication response token generation / transmission unit 24 transmits a type 1 authentication response token, as shown in FIG. This is a means for receiving and processing such an authentication response completion token from the partner client 1. Generate authentication response token
When the transmitting unit 24 transmits the type 2 authentication response token, the authentication response completion token receiving unit 25 does not operate.

Authentication information cache generation / update means 26 The authentication information cache generation / update means 26 comprises the storage means 2
7 is a means for newly generating the authentication information cache table 21 as shown in FIG. 7 or updating or deleting the already generated authentication information cache table 21.

FIG. 8 is a flowchart showing a processing example of the authentication unit 10 of the client 1. Hereafter, Client 1
The operation of the authentication unit 10 will be described.

At the start of the authentication phase in the client 1, first, the authentication information cache search means 12 searches the storage information 17 for the authentication information cache table 11 having the user ID of the partner server in the index section (step S1201).

(1) When the search fails If the corresponding authentication information cache table 11 does not exist, the authentication start token generation / transmission means 13 generates the client-side authentication random number and the first generation information of the common key this time. And these and the user ID of the own client,
FIG. 4 including the one encrypted with the public key of the partner server 2
Generate the type 1 authentication start token shown in (a),
The data is transmitted to the partner server 2 via the network 3 (step S1301).

When the authentication response token of the type 1 in FIG. 5A is sent from the partner server 2 as a response to the transmitted authentication start token, the authentication response token receiving means 14 receives it, and To extract the current client-side authentication random number, the current server-side authentication random number, the second generation information of the common key, and the next server-side authentication random number (step S1401). And
It is checked whether or not the extracted current client-side authentication random number matches the current client-side authentication random number transmitted in step S1301 (step S1402). If they match, authentication on the client side is established, and if they do not match, authentication is not established.

If the authentication response token receiving means 14 determines that the authentication has been established, an authentication response completion token is generated.
The transmitting unit 15 generates the next client-side authentication random number, and transmits this and the current server-side authentication random number extracted from the type 1 authentication response token to the first generation information and the type of the common key transmitted in step S1301. The authentication response completion token shown in FIG. 6 including the one encrypted with the common key generated from the second generation information of the common key extracted from the first authentication response token is transmitted to the partner server 2 (step S).
1501).

Thereafter, when the connection from the partner server is not disconnected and the mutual authentication phase ends normally, the authentication information cache generating / updating unit 16 secures a new area for the authentication information cache table 11 in the storage unit 17. , Authentication information cache table 1 as shown in FIG.
1 is newly generated (S1601). Here, the user ID of the partner server 2 is set in the index portion. The random number for server-side authentication extracted from the type 1 authentication response token is set as the random number for server-side authentication in the content section, and the random number for client-side authentication for the next client-side authentication notified with the authentication response completion token is set as the random number for client-side authentication. A random number is set, and the generated common key is set as the common key. Further, as the initial authentication start token, step S13
The authentication start token transmitted in 01 is set. In addition,
If there is no free space in the storage unit 17 and an area for a new authentication information cache table cannot be secured, the LRU
An authentication information cache table that has not been used recently is deleted by a method or the like, and an area is secured.

(2) When the search is successful When the corresponding authentication information cache table 11 exists, the authentication start token generation / transmission means 13 transmits the client-side authentication random number in the authentication information cache table 11 to the current client side. Next, a new client-side authentication random number is newly generated as an authentication random number, and these are encrypted with the common key stored in the searched authentication information cache table 11. Is added to generate the authentication start token of type 2 shown in FIG. 4B, and transmits it to the partner server 2 via the network 3 (step S1302).

When an authentication response token is sent from the partner server 2 as a response to the transmitted type 2 authentication start token, the authentication response token receiving means 14 receives the authentication response token, and determines whether the authentication response token is a type 1 authentication response token. It is determined whether the token is a type 2 authentication response token (step S1403).

(2-1) When a Type 2 Authentication Response Token is Received The authentication response token receiving means 14 uses the retrieved common key stored in the authentication information cache table 11 to retrieve the received type 2 authentication response token. The token is decrypted to extract the current server-side authentication random number and the next server-side authentication random number. The extracted current server-side authentication random number and the server-side authentication random number stored in the retrieved authentication information cache table 11. Are compared (step S1404).
If the two match, authentication is established on the client side, and if they do not match, authentication is not established.

If the authentication response token receiving means 14 determines that the authentication has been established and the mutual authentication phase ends normally, the authentication information cache generating / updating means 16 converts the server-side authentication random number in the searched authentication information cache table 11 into The next server-side authentication random number extracted from the type 2 authentication response token is replaced with the client-side authentication random number, and the next client-side authentication random number notified with the type 2 authentication start token is replaced (step S160).
2).

On the other hand, if the authentication is not established, the authentication information cache generating / updating unit 16 deletes the searched authentication information cache table 11 and releases its area (step S1603).

(2-2) When a Type 1 Authentication Response Token is Received When a type 1 authentication response token shown in FIG. The response token receiving means 14 decrypts it with the secret key of its own client, and extracts the current client-side authentication random number, the current server-side authentication random number, the second generation information of the common key, and the next server-side authentication random number. (Step S1
403) It is checked whether or not the extracted client-side authentication random number this time matches the client-side authentication random number in the initial start token stored in the searched authentication information cache table 11 (step S140).
5). If they match, authentication on the client side is established, and if they do not match, authentication is not established.

If the authentication response token receiving means 14 determines that the authentication has been established, an authentication response completion token is generated.
The transmitting unit 15 generates a random number for client-side authentication next time, and stores the random number for server-side authentication extracted from the type 1 authentication response token in the initial start stored in the searched authentication information cache table 11. The authentication response completion token of FIG. 6 including the one encrypted with the common key generated from the first generation information of the common key in the token and the second generation information of the common key extracted from the type 1 authentication response token. Is generated and transmitted to the partner server 2 (step S
1502)

If the connection from the partner server is not disconnected and the mutual authentication phase ends normally, the authentication information cache generating / updating means 16 determines the server-side authentication random number stored in the searched authentication information cache table 11. Is replaced with the next server-side authentication random number extracted from the type 1 authentication response token, the client-side authentication random number is replaced with the next client-side authentication random number notified by the authentication response completion token, and a common key is generated. Replace with a key (step S1604).

On the other hand, if the authentication is not established, the authentication information cache generating / updating unit 16 deletes the searched authentication information cache table 11 and releases the area (step S1605).

FIG. 9 is a flowchart showing a processing example of the authentication unit 20 of the server 2. Hereinafter, the authentication unit 20 of the server 2
Will be described.

When the authentication start token is sent from the connected client 1, the authentication start token receiving means 22 receives it and determines whether it is a type 1 authentication start token or a type 2 authentication start token. (Step S2201).

(1) In the case of the type 1 authentication start token When the type 1 authentication start token is received from the partner client 1, the authentication response token generation / transmission means 24
Extracts the client ID, the current client-side authentication random number, and the first generation information of the common key, and extracts the extracted client-side authentication random number and the self-generated current server-side authentication key. Random number, common key second
FIG. 5 (a) including the information generated by encrypting the generation information and the next server-side authentication random number with the public key of the partner client 1.
A type 1 authentication response token is generated and transmitted to the partner client 1 (step S2401).

As a response to the transmitted authentication response token, the authentication response completion token shown in FIG.
, The authentication response completion token receiving means 25
Receives the first generation information of the common key extracted from the type 1 authentication start token received in step S2201, and the second generation of the common key notified by the type 1 authentication response token transmitted in step 2401. Decryption is performed with the common key generated from the information and the server-side authentication random number and the client-side authentication random number are extracted this time (S250
1). Then, the extracted server-side authentication random number, which has been notified with the type 1 authentication response token transmitted in step 2401, is compared with the extracted server-side authentication random number (step 2502). If the two match, authentication is established on the server side. If they do not match, authentication is not established.

When the authentication on the server side is established and the mutual authentication phase ends normally, the authentication information cache generation /
The updating unit 26 checks whether or not the authentication information cache table 21 corresponding to the client 1 already exists in the storage unit 27, and if it exists, deletes it once. 27, an area for a new authentication information cache table 21 is secured, and an authentication information cache table 21 as shown in FIG. 7 is newly generated (step S2601). Here, the type 1 authentication start token received in step S2201 is set as the initial authentication start token in the index portion. In addition, the random number for server-side authentication in the content part is type 1
The next server-side authentication random number notified with the authentication response token is set, the client-side authentication random number is set with the next client-side authentication random number notified with the authentication response completion token, and the common key is the generated random number. A common key is set. If there is no space in the storage unit 27 and an area for a new authentication information cache table cannot be secured, an authentication information cache table that has not been used recently is deleted by the LRU method or the like, and an area is secured.

(2) In the case of a type 2 authentication start token When a type 2 authentication start token is received from the partner client 1, the authentication information cache search unit 23 sets the initial authentication included in the received type 2 authentication start token. The authentication information cache table 21 having the start token in the index portion is searched from the storage unit 27 (step S2301).

(2-1) When the search is successful When the corresponding authentication information cache table 21 exists, the authentication response token generation / transmission means 24 transmits the received type 2 authentication start token to the authentication information cache table. The client-side authentication random number and the next-time client-side authentication random number are extracted by decrypting with the common key stored in 21, and the extracted client-side authentication random number and the extracted client-side authentication random number are stored in the authentication information cache table 21. The client-side authentication random number is compared (step S2402). If the two match, authentication is established on the server side. If they do not match, authentication is not yet established.

(2-1-1) When Authentication is Successful The authentication response token generation / transmission means 24 replaces the server-side authentication random number stored in the searched authentication information cache table 21 with the server-side authentication random number this time. A type-2 authentication response token shown in FIG. 5 (b) is generated, which includes the result of this and the newly generated random number for the next server-side authentication encrypted with the common key stored in the authentication information cache table 21. And sends it to the partner client 1 (S2
403). Then, when the mutual authentication phase is completed normally, the authentication information cache generation / update unit 26 notifies the server-side authentication random number in the searched authentication information cache table 21 with a type 2 authentication response token. The client-side authentication random number is replaced with the random number for the next client-side authentication notified by the type 2 authentication start token (step S260).
2).

(2-1-2) In the case where the authentication has not been established The authentication response token generation / transmission means 24 decrypts the initial authentication start token included in the received type 2 authentication start token with its own secret key, and The client-side authentication random number and the first generation information of the common key are extracted, and the extracted client-side authentication random number and the newly generated current server-side authentication random number, the second generation information of the common key, and the next server are extracted. A type-1 authentication response token of FIG. 5A including a side authentication random number encrypted with the public key of the partner client 1 is generated and transmitted to the partner client 1 (step S2404).

When the authentication response completion token shown in FIG. 6 is transmitted from the partner client 1 as a response to the transmitted type 1 authentication response token, the authentication response completion token receiving means 25 receives the token and receives the type 2 authentication response token. A common key generated from the first generation information of the common key extracted from the initial authentication start token included in the authentication start token and the second generation information of the common key notified by the type 1 authentication response token transmitted in step S2404 To extract the server-side authentication random number and the next-time client-side authentication random number (step S2503). Then, the extracted server-side random number for authentication this time is compared with the random number for server-side authentication notified with the type 1 authentication response token transmitted in step S2404 (step S2504). If the two match, authentication is established on the server side. If they do not match, authentication is not established.

If the authentication is established in step S2504 and the mutual authentication phase ends normally, the authentication information cache generating / updating means 26 replaces the retrieved authentication random number stored in the authentication information cache table 21 with the server-side authentication random number. Replacing the next server-side authentication random number notified by the type 1 authentication response token, replacing the client-side authentication random number with the next client-side authentication random number notified by the authentication response completion token, and further replacing the common key with the generated common key (Step S2603).

On the other hand, if the authentication fails in step S2504, the authentication information cache generation / update means 16
Deletes the searched authentication information cache table 21 and releases the area (step S2604).

(2-2) When the Search Fails When the corresponding authentication information cache table 21 does not exist, the authentication response token generation / transmission unit 24 sets the initial authentication start token included in the received type 2 authentication start token. Is decrypted with its own secret key to extract the current client-side authentication random number and the first generation information of the common key. The extracted client-side authentication random number and the newly generated current server-side authentication random number and common key are extracted. A type 1 authentication response token including the second generation information and the next server-side authentication random number encrypted with the public key of the partner client 1 is generated and transmitted to the partner client 1. (Step S2405).

When the authentication response completion token shown in FIG. 6 is transmitted from the partner client 1 as a response to the transmitted type 1 authentication response token, the authentication response completion token receiving means 25 receives it, and A common key generated from the first generation information of the common key extracted from the initial authentication start token included in the authentication start token and the second generation information of the common key notified by the type 1 authentication response token transmitted in step S2405 To extract the server-side authentication random number and the next-time client-side authentication random number (step S2505). Then, the extracted server-side random number for authentication is compared with the random number for server-side authentication notified with the type 1 authentication response token transmitted in step S2405 (step S2506). If the two match, authentication is established on the server side. If they do not match, authentication is not established.

If the authentication is established in step S2506, and the mutual authentication phase ends normally, the authentication information cache generation / update means 26 secures a new area for the authentication information cache table 21 in the storage means 27, The authentication information cache table 21 as shown in FIG. 7 is newly generated (S2605 in FIG. 9). Here, the initial authentication start token included in the type 1 authentication start token received in step S2201 is set in the index portion. Further, the random number for server-side authentication notified in the type 1 authentication response token is set as the random number for server-side authentication in the content part, and the next client-side authentication random number notified in the authentication response completion token is set for the client-side random number for authentication. A random number for use is set, and the generated common key is set as the common key.

Next, focusing on one client 1 and one server, the operation of mutual authentication from the first connection to the second and subsequent connections will be described.

If a client 1 has never connected to a server 2, the storage means 1 of the client 1
7, the authentication information cache table 11 of the server 2
Does not exist, and the authentication information cache table 21 of the client 1 does not exist in the storage unit 27 of the server 2. Under these circumstances, client 1
An authentication flow as shown in FIG. 10 flows between the server and the server 2, and mutual authentication is performed.

First, since the authentication information cache table of the partner server 2 does not exist in the client 1, the authentication start token generation / transmission means 13 uses the client-side authentication random number Ra and the common key seed Ka (first generation). Information), and generates the own user ID, the random number Ra, and the common key.
The seed Ka is encrypted with the public key of the partner server 2, and a type 1 authentication start token including the encrypted key is transmitted to the server 2 (step S1301 in FIG. 8).

The server 2 decrypts the received type 1 authentication start token with its own secret key by the authentication response token generation / transmission means 24, and uses the random number Ra and the seed K of the common key.
a, and generates a random number Rb for server-side authentication, a random number R1 for next-time server-side authentication, and a seed Kb (second generation information) of a common key, and generates random numbers Ra, Rb, R1 and a common key.
The seed Kb is encrypted with the public key of the partner client 1, and a type 1 authentication response token including the encrypted key is transmitted to the client 1.
(Step S2401 in FIG. 9). Further, a common key is generated from seed Ka and Kb of the common key.

The client 1 decrypts the received type 1 authentication response token with its own secret key by the authentication response token receiving means 14 and extracts the random numbers Ra, Rb, R1 and the seed Kb of the common key (FIG. 8). Step S140
1). Next, the extracted client-side authentication random number R
a is determined based on whether or not the “a” matches the transmitted client-side authentication random number Ra (step S).
1402). When authentication is established, a common key is generated from seed Ka and Kb. Then, the authentication response completion token generation / transmission unit 15 outputs the next client-side authentication random number R2.
Is generated, the random numbers Rb and R2 are encrypted with the generated common key, and an authentication response completion token including the encrypted common key is transmitted to the server 2 (step S1501).

The server 2 decrypts the authentication response completion token with the common key and extracts the random numbers Rb and R2 by the authentication response completion token receiving means 25 (step S in FIG. 9).
2501). The success or failure of the authentication is determined based on whether or not the extracted current server-side authentication random number Rb matches the transmitted current server-side authentication random number Rb (step S).
2502).

When the authentication is established in the server 2 and the mutual authentication phase is completed normally, the authentication information cache generating / updating means 26 sets the authentication information including the random numbers R1, R2, the common key, etc. of the partner client 1 in the authentication information. The cache table 21 is generated in the storage unit 27 (step S2).
601). At this time, if the authentication information cache table 21 of the partner client 1 already exists, it is temporarily deleted, and the authentication information cache table 21 is registered again. Similarly, when the authentication is established in the client 1 and the mutual authentication phase ends normally, the authentication information cache generation / update means 16 sets the authentication information of the partner server 2 including the random numbers R1, R2, the common key, the initial authentication start token, and the like. The generated authentication information cache table 11 is generated in the storage unit 27. Note that the authentication information cache table in FIG. 10 is a combination of tables on the server side and the client side. The same applies to FIGS. 11 to 13 described later.

After the above-described mutual authentication is performed between the client 1 and the server 2, a data transfer phase is performed between the two, and data is transferred from the client 1 to the server 2 and vice versa. Is done. At this time, the data is encrypted by the authentication information cache table 11,
21 using a common key stored in the common key system. When a series of data transfer ends, a connection disconnection phase is performed, and the connection between the client 1 and the server 2 is disconnected.

Next, the same client 1 is connected to the same server 2
Next, the mutual authentication operation in the case where the connection is made again will be described.
In this case, since the authentication information cache table of the partner server exists in the client 1 and the authentication information cache table of the partner client also exists in the server 2, as shown in FIG. The authentication flow flows, and mutual authentication is performed.

First, since the client 1 has the authentication information cache table 11 of the partner server, the client-side authentication random number R2 in the existing authentication information cache table 11 and the new The generated next client-side authentication random number R3 is encrypted with the common key in the authentication information cache table 11, and a type 2 authentication start token including the initial key and the initial start token in the authentication information cache table 11 is transmitted to the server 2. (Step S13 in FIG. 8)
02).

The server 2 has the authentication information cache table 21 having the initial authentication start token in the received type 2 authentication start token in the index part.
It is determined whether or not the client-side authentication random number R2 in the authentication information cache table 21 matches the client-side authentication random number R2 in the type-2 authentication start token decrypted and extracted with the common key. The success or failure is determined (step S2402 in FIG. 9).

When the authentication is established, the server 2 next generates the next server-side authentication random number R4, and the server-side authentication random number R4 in the authentication information cache table 21.
1 is encrypted with the common key, and an authentication response token of type 2 including the same is transmitted to the client 1 (step S2).
403).

The client 1 decrypts the received type-2 authentication response token with the common key by the authentication response token receiving means 14 (step S1403 in FIG. 8), and outputs the client-side authentication random number R1 in the authentication information cache table 11. Whether the authentication is successful or not is determined based on whether or not the current client-side authentication random number R1 extracted from the type 2 authentication response token matches (step S1404).

When the authentication is established in both the client 1 and the server 2 and the mutual authentication phase ends normally, the client 1 sends the authentication information cache table 11 in the storage unit 17 to the authentication information cache generation / update unit 16.
The random number R1 in the table is updated to the random number R4, and the random number R2 to the random number R3 (step S1602 in FIG. 8). Similarly, the server 2 uses the authentication information cache generating / updating unit 26 to update the authentication information cache table 21 in the storage unit 27. Is updated to the random number R4 and the random number R2 to the random number R3 (step S2602 in FIG. 9).

As described above, at the time of the second or subsequent connection, mutual authentication can be performed not by the public key method but by the common key method.

The random number R in the authentication information cache tables 11 and 21 stored in the storage units 17 and 27
If 1,1 is changed to another value for some reason, mutual authentication using the random numbers R1, R2 fails.
However, in the present embodiment, when the server side detects the mismatch of the random number R2, the mutual authentication is enabled by dynamically changing to the public key method again. Also,
If the client detects a mismatch of the random number R1, the authentication information cache table on the client is automatically deleted, and mutual authentication can be performed by reconnecting. Hereinafter, these cases will be described.

When the server detects the mismatch of the random number R2, the mutual authentication is performed according to the authentication flow shown in FIG.

The client 1 sends a type 2 authentication start token to the server 2, and the server 2 receives the type 2 authentication start token.
The authentication information cache table 21 having the initial authentication start token in the index part of the authentication start token of the authentication information cache index is searched, and the client-side authentication random number R2 in the authentication information cache table 21 is decrypted and extracted with the common key. Until it is checked whether or not the current client-side authentication random number R2 in the authentication start token of FIG.
It is the same as the authentication flow of FIG.

When a mismatch is detected in the comparison of the random number R2,
The server 2 uses the authentication response token generation / transmission means 24 to decrypt the initial authentication start token with its own secret key,
a and seed Ka are extracted, and a new server-side authentication random number Rb, a next-time server-side authentication random number Rn and seed Kb are newly extracted.
Is generated, the random numbers Ra, Rb, Rn, and seed Kb are encrypted with the public key of the partner client 1, and a type 1 authentication response token including the encrypted key is transmitted from the server 2 to the client 1 (step S2404 in FIG. 9). Furthermore, seed
Generate a common key from Ka and Kb.

The client 1 decrypts the received type 1 authentication response token with its own secret key, and generates random numbers Ra, Rb,
Rn and seed Kb are extracted (step S14 in FIG. 8).
03). Then, it is confirmed that the extracted random number Ra matches the client-side authentication random number Ra in the initial authentication start token stored in the authentication information cache table 11 (step S1405 in FIG. 8). Further, a common key is generated from the extracted seed Kb and the seed Ka in the initial start token stored in the authentication information cache table 11. Further, the client 1 generates the next client-side authentication random number Rn + 1 by the authentication response completion token generation / transmission unit 15, and outputs the random number Rb and the random number Rn +
1 is encrypted with the common key, and an authentication response completion token including the encrypted key is transmitted to the server 2 (step S150 in FIG. 8).
2).

The server 2 extracts the random number Rb and the random number Rn + 1 by decoding the authentication response completion token with the common key by the authentication response completion token receiving means 25, and the extracted random number Rb matches the transmitted random number Rb. (Step S2504 in FIG. 9).

When mutual authentication is established between the client 1 and the server 2, the authentication information cache tables 11 and 21 on the storage units 17 and 27 are updated by the authentication information cache generation / update units 16 and 26. That is, the random number R1 is updated to the random number Rn, and the random number R2 is updated to the random number Rn + 1. Also, the common key is updated.

If the client detects a mismatch of the random number R1, the authentication flow as shown in FIG. 13 flows.

The client 1 transmits a type 2 authentication start token to the server 2 and the server 2 receives the type 2 authentication start token.
Of the authentication information cache table 21 having the initial authentication start token in the index part of the authentication start token of the authentication information in the index part, and the client-side authentication random number R2 in the authentication information cache table 21 and the extracted and extracted with the common key. 2 confirms that the client-side authentication random number R2 in the authentication start token 2 matches this time, transmits a type 2 authentication response token to the client 1, and uses the type 2 authentication response token received by the client 1 as a common key. Until it is checked whether the server-side authentication random number R1 in the authentication information cache table 11 matches the current server-side authentication random number R1 extracted from the type-2 authentication response token, the authentication shown in FIG. Same as flow.

If the client detects the mismatch of the random number R1, the authentication is not established, and the connection disconnection process starts. Further, since the authentication of the client 1 has failed, the authentication information cache generating / updating unit 16 deletes the corresponding authentication information cache table 11 (step S1603 in FIG. 8). On the other hand, since the mutual authentication is not established and the mutual authentication phase does not end normally, the server 2 does not execute the process of step S2602, and the corresponding authentication information cache table 21 is maintained.

Thereafter, when the client 1 tries to connect to the partner server 2 again from the connection connection phase, the authentication flow of FIG. 10 flows because the authentication information cache table 11 of the partner server 2 does not exist. Done. At this time, the server-side authentication information cache table 21 that has been maintained is replaced with the newly generated authentication information cache table 21 (step S2601 in FIG. 9).

It is assumed that the client 1 has the authentication information cache table 11 of the partner server 2, but the storage means 27 of the partner server 2 does not have the authentication information cache table 21 of the client 1.
In this case, the server 2 side executes step S230 in FIG.
1 → S2405 → S2505 → S2506 → S2605
Is executed, and the client 1 side executes step S1 in FIG.
403 → S1405 → S1502 → S1604 are executed, and mutual authentication is performed.

Although the embodiments of the present invention have been described above, the present invention is not limited to the above embodiments, and various other additions and changes are possible. For example, if at least one of the client and the server has reached the predetermined number T of times of connection with the partner, or / and the elapsed time from the first connection with the partner exceeds the predetermined time, In such a case, a deletion unit for automatically deleting the authentication information cache table of the other party from the self-storage units 17 and 27 may be provided.

[0098]

As described above, according to the present invention, in the mutual authentication at the time of the first connection, both the client and the server perform decryption with their own secret keys. Encryption and decryption are performed using a common key determined at the time of mutual authentication. The decryption processing time by the common key method is about 1,1 of the decryption processing time by the public key method.
Since it is said to be 1/1000, the same client /
The mutual authentication process between servers is significantly faster,
In a large-scale system in which connection requests from clients to the server are concentrated, the CPU load is reduced by the authentication processing on the server, and the system performance is significantly improved.

In the configuration in which the random number for authentication is changed every time, even if the previously used random number is stolen, there is no danger of misuse and the reliability of authentication is increased.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an example of a client / server system to which the present invention is applied, and an explanatory diagram of a communication sequence at the time of connection.

FIG. 2 is a block diagram showing main parts of a client and a server to which the present invention is applied.

FIG. 3 is a diagram illustrating a configuration example of an authentication information cache table stored on a client side.

FIG. 4 is a diagram illustrating a configuration example of a type 1 and type 2 authentication start token.

FIG. 5 is a diagram showing a configuration example of a type 1 and type 2 authentication response token.

FIG. 6 is a diagram illustrating a configuration example of an authentication response completion token.

FIG. 7 is a diagram illustrating a configuration example of an authentication information cache table stored on a server side.

FIG. 8 is a flowchart illustrating a processing example of an authentication unit of a client.

FIG. 9 is a flowchart illustrating a processing example of an authentication unit of the server.

FIG. 10 is a diagram showing an authentication flow at the time of the first connection between a client and a server.

FIG. 11 is a diagram showing an authentication flow at the time of the second or subsequent connection between a client and a server.

FIG. 12 is a diagram showing an authentication flow in a case where a mismatch between the authentication random numbers is detected on the server side during the second and subsequent connection between the client and the server.

FIG. 13 is a diagram showing an authentication flow when a mismatch between the authentication random numbers is detected on the client side during the second and subsequent connection between the client and the server.

FIG. 14 is a diagram showing a conventional authentication flow.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Client 10 ... Authentication part 11 ... Authentication information cache table 12 ... Authentication information cache search means 13 ... Authentication start token generation / transmission means 14 ... Authentication response token reception means 15 ... Authentication response completion token generation / transmission means 16 ... Authentication information Cache generation / update means 17 ... Storage means 2 ... Server 20 ... Authentication unit 21 ... Authentication information cache table 22 ... Authentication start token receiving means 23 ... Authentication information cache search means 24 ... Authentication response token generation / transmission means 25 ... Authentication response completion Token receiving means 26 ... Authentication information cache generation / update means 27 ... Storage means 3 ... Network

────────────────────────────────────────────────── ─── Continuation of the front page (56) References JP-A-10-79733 (JP, A) JP-A-5-2899993 (JP, A) (58) Fields investigated (Int. Cl. ⁷ , DB name) H04L 9/32 G06F 15/00 330 JICST file (JOIS)

Claims (3)

(57) [Claims] 1. A user mutual authentication device in a client / server system in which a client and a server are connected via a network, wherein a client side storage means for storing an authentication information cache table for each partner server on the client side Client-side authentication information cache search means for searching the authentication information cache table of the partner server from the client-side storage means; and if the search for the client-side storage means fails, a newly generated random number for the current client-side authentication. And transmitting a type 1 authentication start token obtained by encrypting the first generation information of the common key with the public key of the partner server to the partner server, and if the search in the client side storage means is successful, the retrieved authentication information Stored in the cache table The authentication start token of type 2 including the client-side authentication random number and the newly generated next-generation client-side authentication random number encrypted with the common key stored in the searched authentication information cache table is transmitted to the partner server. Means for generating and transmitting an authentication start token, and receiving the transmitted authentication response token as a response to the transmitted type 1 or type 2 authentication start token. The success / failure of the authentication is determined based on whether or not the current client-side authentication random number matches the current client-side authentication random number notified with the type 1 authentication start token, and the notification of the type 1 authentication start token is performed. A common key from the first generation information and the second generation information extracted from the type 1 authentication response token. In the case of a type 2 authentication response token, the server-side authentication random number extracted and decrypted with the common key stored in the searched authentication information cache table and stored in the searched authentication information cache table. An authentication response token receiving means for determining whether authentication is successful or not based on whether the random number for server-side authentication matches the authentication random number. If the authentication is successful by processing the type 1 authentication response token, the type 1 authentication is performed. An authentication response completion token generating / transmitting means for transmitting an authentication response completion token obtained by encrypting the server-side authentication random number extracted from the response token and the newly generated client-side authentication random number with the generated common key to the partner server; When the authentication is established by the processing of the type 1 authentication response token, the authentication is performed by the type 1 authentication response token. An authentication information cache table corresponding to the other server including the generated next server-side authentication random number, the next client-side authentication random number notified by the authentication response completion token, and the generated common key is stored in the client-side storage unit. When the authentication is established by the processing of the type 2 authentication response token, the next client-side authentication random number notified by the type 2 authentication start token, the next server side notified by the type 2 authentication response token An authentication information cache generating / updating means for updating the client-side authentication random number and the server-side authentication random number in the searched authentication information cache table with the authentication random number; Server-side storage means for storing the information cache table, and from the partner client An authentication start token receiving means for receiving the authentication start token, and when the received token is a type 2 authentication start token,
A server-side authentication information cache search unit that searches the server-side storage unit for an authentication information cache table corresponding to the partner client; and if the received token is a type 1 authentication start token,
This authentication start token is decrypted with its own secret key and extracted, and the client-side authentication random number newly generated and the newly generated server-side authentication random number, the next server-side authentication random number, and the second generation information of the common key are exchanged with each other. A type-1 authentication response token encrypted with the client's public key is transmitted to the client, and a common key is generated from the first generated information extracted from the type-1 authentication start token and the generated second generated information. If the received token is a type 2 authentication start token, the client-side authentication random number decrypted and extracted with the common key stored in the authentication information cache table retrieved from the server-side storage means and its authentication Authentication success or failure is determined based on whether or not the client-side authentication random number stored in the information cache table matches. At the time of establishment, the server-side authentication random number stored in the authentication information cache table retrieved from the server-side storage unit and the newly generated next-time server-side authentication random number are stored in the authentication information retrieved from the server-side storage unit. An authentication response token generation / transmission means for transmitting an authentication response token of type 2 encrypted with the common key stored in the cache table to the partner client, and receiving an authentication response completion token from the partner client;
Authentication that determines the success or failure of authentication based on whether the current server-side authentication random number decrypted and extracted with the generated common key matches the current server-side authentication random number notified with the type 1 authentication response token. A response completion token receiving means, and when the authentication is completed by the processing of the authentication response completion token in the authentication response completion token receiving means, a random number for the next server-side authentication notified by the type 1 authentication response token;
Generating an authentication information cache table corresponding to the partner client including the random number for the next client-side authentication notified by the authentication response completion token and the generated common key in the server-side storage unit, and generating and transmitting the authentication response token If the authentication is successful in the processing of the type 2 authentication start token in the above, the random number for the next client side authentication notified by the type 2 authentication start token and the next server side authentication notified by the type 2 authentication response token User mutual authentication, comprising: an authentication information cache generating / updating means for updating a client-side authentication random number and a server-side authentication random number stored in the searched authentication information cache table with a random number. apparatus. 2. A client device for mutually authenticating a user with a server connected via a network, comprising : a client-side storage unit for storing an authentication information cache table for each partner server; A client-side authentication information cache search unit that searches the authentication information cache table of the partner server from the client server; and if the search to the client-side storage unit fails, the first newly generated client-side authentication random number and common key A type 1 authentication start token obtained by encrypting the generated information with the public key of the partner server is transmitted to the partner server, and if the search on the client side storage unit is successful, the search information is stored in the searched authentication information cache table. Client-side authentication random number and newly generated next An authentication start token generation / transmission unit that transmits a type 2 authentication start token including a client-side authentication random number encrypted with a common key stored in the searched authentication information cache table to the partner server; An authentication response token that is a response of the type 1 or type 2 authentication start token received is received, and the received authentication response token is extracted by the partner server decrypting the type 1 authentication start token with the secret key of the own server. A type 1 authentication response token in which the client-side authentication random number and the newly generated server-side authentication random number, the next server-side authentication random number, and the second generation information of the common key are encrypted with the public key of the client. In this case, the client-side authentication random number extracted and decrypted with the own secret key and the type 1 authentication start token The success or failure of the authentication is determined based on whether the known random number for client-side authentication matches or not, and the first generation information notified by the type 1 authentication start token and the second information extracted from the type 1 authentication response token A common key is generated from the generated information in step 2, and the received authentication response token decrypts the type 2 authentication start token with the common key stored in the authentication information cache table retrieved from the server side storage unit by the partner server. The client-side authentication random number extracted this time and the client-side authentication random number stored in the authentication information cache table match or not to determine whether or not the authentication is successful. The server-side authentication random number stored in the authentication information cache table retrieved by the means and the newly generated next generation server. In the case of a type 2 authentication response token obtained by encrypting the server-side authentication random number with a common key stored in the authentication information cache table retrieved from the server-side storage means, the retrieved authentication information cache table The success or failure of authentication is determined based on whether or not the current server-side authentication random number decrypted and extracted with the stored common key matches the server-side authentication random number stored in the searched authentication information cache table. An authentication response token receiving means for performing, when the authentication is successful by processing the type 1 authentication response token, a server-side authentication random number extracted from the type 1 authentication response token and a newly generated next-time client-side authentication Authentication response completion token generation for transmitting an authentication response completion token obtained by encrypting a random number with the generated common key to the partner server. And if the authentication is successful by processing the type 1 authentication response token, the next server-side authentication random number notified by the type 1 authentication response token and the next client side notified by the authentication response completion token An authentication information cache table corresponding to the partner server including an authentication random number and the generated common key is generated in the client side storage unit, and when the authentication is established by the processing of the type 2 authentication response token, the type The next client-side authentication random number notified by the authentication start token of No. 2, the next server-side authentication random number notified by the type 2 authentication response token, and the client-side authentication random number in the searched authentication information cache table; Authentication information cache generation / update means for updating the server-side authentication random number Client device. 3. A server device for performing mutual user authentication with a client connected via a network, a server-side storage means for storing an authentication information cache table for each partner client, and starting authentication from the partner client. An authentication start token receiving means for receiving the token, and a client-side authentication random number included in the authentication information cache table of the own server due to the fact that the received token has successfully searched the authentication information cache table of the own server in the partner client, and a new token. Type 2 in which the generated next client-side authentication random number is encrypted with the common key stored in the searched authentication information cache table.
In the case of the authentication start token, the server-side authentication information cache search means for searching the server-side storage means for the authentication information cache table corresponding to the partner client; In the case of a type 1 authentication start token in which the newly generated client-side authentication random number and first generation information of the common key are encrypted with the public key of the own server when the search fails, the authentication start token is This client-side authentication random number decrypted and extracted with its own secret key and newly generated server-side authentication random number newly generated,
Next, a type 1 authentication response token obtained by encrypting the server-side authentication random number and the second generation information of the common key with the public key of the other client is transmitted to the other client, and the second authentication information is extracted from the type 1 authentication start token. A common key is generated from the generated information of No. 1 and the generated second generated information. If the received token is a type 2 authentication start token, the common key is stored in the authentication information cache table retrieved from the server side storage means. The authentication success / failure is determined based on whether or not the client-side authentication random number extracted and extracted with the common key and the client-side authentication random number stored in the authentication information cache table match. The server-side authentication random number stored in the authentication information cache table retrieved from the server-side storage unit is newly added. Generating an authentication response token for transmitting a type 2 authentication response token obtained by encrypting the generated next-generation server-side authentication random number with a common key stored in the authentication information cache table retrieved from the server-side storage means to the partner client・ Sending means and receiving the authentication response completion token from the partner client,
Authentication that determines the success or failure of authentication based on whether the current server-side authentication random number decrypted and extracted with the generated common key matches the current server-side authentication random number notified with the type 1 authentication response token. A response completion token receiving means, and when the authentication is completed by the processing of the authentication response completion token in the authentication response completion token receiving means, a random number for the next server-side authentication notified by the type 1 authentication response token;
Generating an authentication information cache table corresponding to the partner client including the random number for the next client-side authentication notified by the authentication response completion token and the generated common key in the server-side storage unit, and generating and transmitting the authentication response token If the authentication is successful in the processing of the type 2 authentication start token in the above, the random number for the next client side authentication notified by the type 2 authentication start token and the next server side authentication notified by the type 2 authentication response token A server device comprising: an authentication information cache generating / updating unit that updates a client-side authentication random number and a server-side authentication random number stored in the searched authentication information cache table with a random number.